DeFi Privacy Exercise - ETHcc 2026 Cannes
This year's EthCC in Cannes hit differently. For someone in the Web3 space for 10 years, I can finally say I am hopeful for the blockchain as technology, despite the heavy bear aftertaste the conference left.
Monitoring the discussions and different panels brought me to a few conclusions. Regulated blockchain provides a technical architecture that centralised services struggle to match on auditability, settlement transparency, and trust reduction. The risk shifts from internal to external — financial companies can move their business logic to chain and focus on regulatory compliance and the user interface. And regulated stablecoins is where the magic of adoption will happen first. With regulated stablecoins, a DeFi company is entering the space of neobanks, while neobanks utilising blockchain to process their transactions are directly stepping into our turf. Over stablecoins, we are now competing with neobanks — on UX, branding, positioning, and providing a vast array of financial products, cashbacks, loyalty programmes, all blended into one single UI operating on chain.
The realisation that a team like Gnosis or Metamask is rebranding similar to Revolut or N26, with similar features in mind, is mindblowing.
This speaks to users who see no difference between a crypto-based implementation done right and a Web2 bank or neobank. A regulated crypto environment becomes the most secure option for serious integrations. Everything else is a compromise.
Think about the minimum. N26 right now offers non-public transactions. If I transfer 10 euros to my wife or to my other bank account, I can do that privately. Isn't it weird that this minimum is not true for DeFi? By regulating stablecoins, we are blending into neobanking turf, and users have certain minimal expectations which DeFi has to meet. Not only meet, upgrade. Full confidentiality with selective transparency.
For years, we have tried to sell the privacy aspect of web3. Yet, we did not really make it. We acted as if privacy is a product. It is not. Privacy is a value that shows up in the right conditions. You cannot install a value post festum. It has to be installed over a growing society, not a piece of ad in the commercial X-like environment and Forbes magazine bullshit articles.
Yet, it seems that privacy as a value is gaining its weight. The environment changed enough, from individual digital privacy (high pressure on governments snooping around) to institutional privacy needs coming from the fact that institutions lose strategic advantage if they trade on a public ledger. So privacy is back on the menu.
Now, let's for once unpack the privacy aspect. What is really privacy? To me, privacy of the digital kind falls into similar territory of privacy in the real life. If I am innocent, my data is not being processed by anyone. With a difference. In a regulated crypto environment where we can finally install a deterministic environment where user data is blockchain-quality stored and each access is logged — so a user knows if someone looked at their private data. So now we can build environments where the user is in control of their own data. For those paranoid ones out there, imagine getting a notification each time someone with access decrypts and views your data.
Confidentiality and selective transparency can still mix well. With programmable access control and attested TEE environments, confidentiality becomes auditable, rules become verifiable, and selective transparency can be established between specific parties for specific purposes e.g. a regulator can verify that a transaction complied with policy without seeing the counterparty. Everything else may and should remain confidential.
Issued warrants unlock programmed privileges. In the old world, a warrant unlocks data that already exists somewhere, held by someone else. In this environment, a warrant doesn't unlock data, it unlocks a programmed instruction. Access is an instruction, not a breach.
Yes, I know — old fart bullshit world. But whatever we build, we are always trusting something on some level. All solutions have a certain level of compromise or trust predisposition. To address this, I think confidential solutions should be coupled heavily with financially backed guarantees, such as staking — so risk is no longer managed only on a technical level. It becomes calculable. If an operator misbehaves, staked capital covers the exposure. Like in typical business.
Regulated confidentiality requires us to build transparent endpoints, which can get invoked in the right legal conditions. This inherently poses a risk. Once we move liquidity into regulated environments, we no longer have the leverage, regulators do. The interplay with regulators could bring us to a position where more and more information access is required. The auditable transparency rights expand, bringing us closer to existing traditional finance. And when that happens, the cycle repeats, a new generation builds the next DeFi to escape those constraints all over again.
But here's my genuine thought on where this goes. In the future, there is only Finance. DeFi remains an experimental sector where new financial products are born and tested. In the near future, most users will use chain in Finance without knowing about it. Confidential DeFi is there, but users are not aware of it.
That's the point. If they're aware of it, we haven't finished building.