Privacy in Web3: The Infrastructure Layer Nobody Built
For years, Web3 wore radical transparency like a badge of honor. Every transaction visible, every wallet balance exposed, every on-chain move traceable with a block explorer and a little patience. That openness was the point. It was supposed to be a feature, not a flaw.
But in 2026, the conversation has shifted. Institutions are writing checks. Real financial infrastructure is being deployed on-chain. And the people deploying it are asking a very simple question that nobody has a great answer to: Where's the privacy?
We recently sat down with leaders from Polygon, Secret Network, Telos, QuickSwap, Dash, and LDA to discuss where privacy stands today and where it's headed. What follows are the key takeaways, and what they mean for teams building on-chain infrastructure right now.
The Default Was Always Wrong
There's a question the industry keeps asking: "What should be private?" But it's the wrong question. The better framing is what actually needs to be public?
For hundreds of years, financial transactions, personal identities, and business strategies have defaulted to private. Web3 is the outlier, not the norm. The industry spent years building public transaction rails and then wondering why institutional capital hasn't shown up at scale. The answer is straightforward. No CFO is going to let their treasury flows, acquisition strategies, or OTC trades sit on a public ledger where competitors can read them in real time.
From our own work at Protofire, we've watched this shift firsthand. Privacy has moved from a "nice-to-have" to a procurement requirement, sitting on the checklist right next to compliance and audit controls. Institutional clients aren't asking if they need privacy. They're asking why it isn't built in yet.
Consider the stablecoin card space. Programs linking Visa-enabled cards to on-chain wallets were generating fully observable settlement flows. Analysts were tracing wallets, calculating daily volumes, reverse-engineering competitive intelligence. Investment firms already use satellites to count oil tankers passing through shipping lanes. On-chain data is orders of magnitude easier to scrape. If the data is there, someone will find it.
The Use Cases Nobody Talks About
The obvious case for privacy is payments. There's a useful concept gaining traction in the space: "minimum viable privacy." No one in the traditional world uses a payment system where the counterparty can see their full bank balance. That's a baseline expectation Web3 still hasn't met.
But the real shift is happening in less obvious places.
AI and confidential computing is one of them. Companies are feeding sensitive internal data into specialized LLMs but balking at sending that data to centralized providers. Running inference inside encrypted environments allows enterprises to harness AI without handing over proprietary information. And with agentic workflows accelerating, the stakes multiply. Agents transacting on-chain, managing calendars, accessing emails, all of that becomes a liability without end-to-end encryption. An AI agent without privacy is just an automated leak. Anyone launching AI agents on open infrastructure without a privacy layer is, frankly, taking an indefensible risk with their data.
Decentralized commerce is another blindspot. Buy something from an e-commerce platform built on public rails and you need to share your shipping address? That data is exposed to the chain. Same with encrypted content feeds: subscriptions, paywalled blogs, private media. These use cases simply don't work without privacy primitives baked in.
Identity might be the most consequential. As wallets evolve from cash containers to identity hubs, storing credentials, memberships, educational records, even health data, the exposure profile changes entirely. Knowing someone's financial balance is one thing. Knowing every organization they belong to, every credential they hold, every service they subscribe to? That requires a level of privacy infrastructure that barely exists today. Selective disclosure, the ability to prove you meet a criterion without revealing anything else, isn't just a nice technical feature. It's the mechanism that makes on-chain identity viable at all.
The Hard Problems That Remain
Privacy in Web3 still has a user experience problem that borders on hostile. Viewing keys, wrapping tokens, syncing encrypted data, waiting for cryptographic proofs. Every protocol adds friction somewhere. Privacy wallets that take 10 minutes to sync a balance aren't competing with other crypto wallets. They're competing with banking apps that load in two seconds. And that's a fight they're losing.
The economic friction is just as real. Most users will choose the cheaper, faster option. Period. We live in an era where people hand over all their data to big tech platforms in exchange for a marginally better experience. Privacy tooling has to compete with that inertia, not just with other crypto products.
At the institutional level, the math gets sharper. For companies moving $100 million in a single transaction, even one basis point matters. Liquidity fragmentation across chains and privacy protocols drives costs up. Every new privacy layer, every new shielded pool, splits available liquidity further. The promise of privacy is undermined if it makes execution materially more expensive.
And then there's the elephant in the room: cross-chain privacy. From our own conversations with institutional clients at Protofire, the ask is consistent. They don't want to stay on one chain. They want assets moving across networks with privacy maintained throughout. Today, nobody has a production-ready answer. Once you bridge out of a privacy network, you're subject to the rules of the public chain you land on. Tools like SilentSwap route transactions through privacy layers to break the chain of traceability, but these are creative workarounds, not foundational solutions. Whoever cracks cross-chain privacy with real liquidity depth will own a category.
Privacy Lives at the Base Layer or It Doesn't Live at All
There's a hierarchy emerging in how the industry thinks about privacy across the stack, and it's worth being explicit about it.
On-chain privacy is the foundation. It doesn't matter what your wallet does if the underlying chain broadcasts your transaction data to the world. Wallets can protect metadata, mask IP addresses, limit data shared with node providers. App layers can reduce leakage. But none of that compensates for a transparent base layer. The chain itself has to offer at least a minimum of data protection, or everything built on top is cosmetic.
Here's the irony, though. Metadata leakage at the wallet and app level is probably the bigger real-world threat for most users. The wallet you download knows your IP, the nodes you broadcast through, the price feeds you query. In the era of AI-powered surveillance, an LLM can scrape an entire blockchain, find patterns, and correlate on-chain activity with IP traces pointing to home addresses. But on-chain privacy is still the prerequisite, because without that encrypted base, you can't build meaningful privacy experiences on top.
This has implications for anyone building infrastructure today. If you're deploying on public rails and not thinking about data leakage at every layer of your stack, you're leaving your users exposed. Wallet providers, app developers, DeFi protocols, all of them need to start treating privacy as an engineering discipline, not an afterthought.
What the Next 12 to 24 Months Will Decide
The trajectory is becoming clear, even if the timeline isn't.
Public blockchains are going to create dedicated privacy environments. Not new networks, but zones within existing chains where transactions can be shielded. The model is a toggle: public by default with the ability to step into a private execution environment when needed, then step back out. Polygon, Solana, and others are engineering toward this already.
AI agents will adopt confidential computing as a baseline requirement. On-chain agents transacting through privacy-preserving infrastructure won't be experimental. It will be the minimum standard for any enterprise-grade workflow. This is likely 12 months away from becoming table stakes.
Ethereum's roadmap, which includes shielded transfers, could be the tipping point. When a chain of that scale ships native privacy, it sets the standard. Other chains will follow, and quickly.
And there's a modular thesis gaining momentum: chains may not need to build their own privacy layers at all. They might borrow privacy from other networks, bolting on confidential execution the way they already bolt on data availability or bridging. Privacy as a composable infrastructure component, not a monolithic feature. This is the framing that matters most for L1 and L2 teams evaluating their roadmaps right now.
The adoption math is stark. Today, roughly 99.99% of crypto activity is public. If the industry can push even 1% into privacy-first interactions over the next year, that small number would represent a massive shift. And adoption curves in crypto tend to go parabolic once the tooling catches up.
Privacy Is Infrastructure Now
The cultural shift in Web3 is real. The industry started with radical transparency as an ideology and is now reckoning with the fact that transparency, applied universally, is a liability. Privacy is not a feature to be added later or a niche concern for cypherpunks. It's infrastructure, as fundamental as consensus mechanisms and execution environments.
The teams that treat it that way, that architect privacy into the protocol layer rather than papering it over at the application level, will be the ones capturing institutional capital and real-world usage. Everyone else will be left explaining to their next enterprise client why their competitors can see every trade they make.
The technology is catching up. The market is done waiting for 'eventual' privacy. It’s time to ship.
This article is based on insights from Protofire's Privacy in Web3 roundtable, featuring leaders from Polygon, Secret Network, Telos, QuickSwap, Dash, and LDA.