DeFi has not followed through on its privacy promises — yet

When it comes to personal privacy, the promises of DeFi summer have rung hollow. 

Projects flooded the scene with buzzwords like “financial privacy” and “cryptographic security” during the DeFi boom of 2021, setting user expectations sky high when the industry was still in its earliest stages.

As a result, once the dust settled, it became apparent that most of DeFi’s bold privacy declarations had fallen short of expectations. This issue has been further underscored with the rise of new on-chain analytics services like Arkham Intelligence and Chainalysis, whose data dashboards revealed how traceable DeFi users’ on-chain activity actually is. 

Now, the DeFi sector is facing increased regulatory pressure to de-anonymize certain transactions and user profiles, while simultaneously dealing with flagging user confidence in terms of their individual rights to data privacy. 

But do these challenges mark the demise of privacy in DeFi? We certainly don’t think so.

The fact is, today’s most pressing issues are not a criticism of the nature of DeFi itself, but of its current state of evolution. More specifically, the problem for developers is that much of this frenzy was built on underdeveloped technology which has not lived up to the hype. However, the underlying infrastructure is rapidly maturing, and the Web3 development paradigm is shifting away from the notion that “transparency” must invariably be linked with a “lack of privacy.”

There is a significant difference between a libertarian approach to crypto privacy (doing what you want with no regards to anti-money laundering efforts) and privacy that enables new use cases in a regulatory-friendly way (doing what you want as long as your funds come from a legitimate source). 

Read more: Privacy remains sticking point in America’s ongoing CBDC debate

Fortunately, most privacy laws allow for this delineation, which is why the vast majority of existing regulations have more to do with areas concerning customer protection rather than a blanket opposition to “privacy.”

For instance, the US government supports privacy-enhancing technologies — as long as they align with existing AML/CFT rules. However, when organizations use private blockchains without following these guidelines or use services that operate outside the current laws, they create unnecessarily risks for their users. 

The key to making this approach to privacy both practical for regulators and agreeable to users could be, for instance, a decentralized data storage of user’s credentials such as idOS — a GDPR-compliant identity system recently announced during this year’s TOKEN2049 conference. With a solution like that, no single party is in control of user’s credentials even as the system verifiably ensures that users are not on any authorized sanctions lists. 

Rapidly maturing technologies like zero-knowledge proofs and decentralized identity systems eliminate the need for (and the possibility of) divulging extraneous user data to any external party. At the same time, they enable regulators to identify and act on malicious on-chain activity with confidence and rapidity. Combining such a storage system with privacy-enhanced DeFi apps makes for a comprehensive privacy trading suite that is also aligned with AML regulations. 

All of which is to say, Web3 builders are listening to both regulators and end users and developing more nuanced solutions that cater to both ends of the spectrum. There is no doubt that the industry as a whole currently does not live up to the expectations of either side. 

Read more from our opinion section: DeFi has a reputation problem

However, one could say the same about the modern Internet, which mirrors DeFi’s evolutionary trajectory from both a developmental and regulatory perspective.

For context: The birth of the internet can be traced to an academic initiative conducted by the US Advanced Research Projects Agency — but the Internet as we know it today was largely the result of a series of informal interactions and decisions made by tinkerers and fringe enthusiasts in the following years. Small, experimental “testnets” and applications that few people imagined would ever matter gave rise to essential Internet protocols still in use today, including File Transfer and TCP/IP.

During this time, the internet was essentially unregulated. Until the expansion and commercialization of the internet in the mid-1990s, the internet’s primary governance model was decentralized and based on informal standards and protocols voluntarily adopted by builders, with a focus on making networks interoperable. 

And yet regulations eventually followed, developers adapted, and the vast majority of today’s global financial activities are conducted online — something that would have been unimaginable just a few decades ago given the internet’s discombobulated origins. Despite all its issues, the internet has unquestionably been a force for good in the world: The rapidly maturing DeFi sector has the potential to have a similar impact on the financial system and beyond.

As DeFi continues to grow and mature, regulators will develop new frameworks to govern this industry while developers will create new, responsible privacy-preserving technologies. That’s why Web3 builders should recognize that today’s privacy shortcomings are a puzzle to be solved, not an indictment on the industry. And if an industry outsider cannot imagine a Web3 protocol that addresses regulators’ privacy concerns while satisfying users’ privacy needs, that’s only because that solution hasn’t been built by an industry insider — yet.

Get the news in your inbox. Explore Blockworks newsletters:

• Blockworks Daily: Unpacking crypto and the markets.
• Empire: Crypto news and analysis to start your day.
• Forward Guidance: The intersection of crypto, macro and policy.
• 0xResearch: Alpha directly in your inbox.
• Lightspeed: All things Solana.
• The Drop: Apps, games, memes and more.
• Supply Shock: Bitcoin, bitcoin, bitcoin.