This is a chapter from the book Token Economy (Third Edition) by Shermin Voshmgir. Paper & audio formats are available on Amazon and other bookstores. Find copyright information at the end of the page.
Early blockchain networks provided a high level of transparency, making transaction histories fully visible to anyone. This compromised privacy and reduced a token’s fungibility. Over the years, a range of privacy-preserving solutions have been developed, aiming to balance the need for institutional accountability with individual privacy.
Disclaimer: Most of the examples mentioned in this chapter are subject to frequent protocol changes. Consequently, certain details might be out of date by the time this book is read. Nonetheless, the content is structured to present a broad picture, independent of potential protocol changes or new solutions that may emerge.
Privacy, as defined by the Oxford Dictionary, is a “state in which one is not observed or disturbed by other people” or the “state of being free from public attention.” Democratically governed countries have protected individual privacy at various levels of the law—sometimes even constitutionally. The secrecy of correspondence, for example, originated in the 17th and 18th centuries in Germany, Austria, and France. It is a law that ensures letters remain unopened by government or private entities. This principle has extended to modern communication technologies like phones and the Internet. While the U.S. lacks explicit constitutional guarantees for the secrecy of correspondence, case law interpreting the Fourth Amendment protects the privacy of the home and property, potentially supporting a “right to cryptographic encryption.” However, national approaches vary, with some countries explicitly granting the right to encryption in law, while others do not.
The Internet era has amplified debates over the privacy of one’s digital footprints. Prominent figures have highlighted the commodification of personal data and the risks of mass surveillance. Evgeny Morozov warned of digital repression, Edward Snowden exposed global surveillance programs, and Shoshana Zuboff coined the term “surveillance capitalism” to critique the economic exploitation of personal information. These perspectives underline the socio-political implications of privacy in an interconnected and data-driven world.
The EU’s General Data Protection Regulation (GDPR), adopted in 2016, has become a global model for privacy laws suited to the digital age, empowering users to control their data. However, GDPR’s focus on privacy conflicts with the growing body of AML and KYC regulations, creating an unresolved tension between these objectives. The balance between individual privacy rights and broader societal goals—such as preventing money laundering or terrorism—varies across jurisdictions, sparking global debate that continues regardless of the underlying technology used.
Web3 protocols have introduced new privacy challenges that, at the time of writing, have not been sufficiently addressed by regulations like GDPR. Some countries have mandated that citizens surrender private keys upon legal demand, while others have banned privacy-preserving blockchain systems and their tokens due to concerns over illicit use. The Financial Action Task Force (FATF), through its 2019 regulations, requires “Virtual Asset Service Providers” to identify transaction participants, thereby imposing Know-Your-Customer obligations. Consequently, many crypto exchanges have delisted privacy tokens over time, although Zcash’s “public-by-default” design has allowed it to remain relatively compliant with regulations.
Legal Aspects of Encryption & Digital Human Rights
In the early 1990s, the U.S. government classified encryption software as a “munition,” placing it under national security export regulations and forcing cryptography scholars to register as arms dealers if they wished to publish their academic work. This climate led to a landmark legal challenge when a Ph.D. student at the University of California developed an encryption algorithm and sought to publish its source code in an academic paper. Allegedly, the U.S. State Department informed him that even if he applied to become an arms dealer, his export license would be denied “because his technology was too secure.” With the support of the “Electronic Frontier Foundation (EFF),” Bernstein took the case to court in 1995. The ruling was pivotal, classifying source code as a form of protected speech under the First Amendment. By confirming that software source code “does not meaningfully differ from natural language, musical language, or mathematical language,” this decision made it possible for encryption software to be published without government pre-approval. Although the ruling was based on free speech rather than the right to privacy, it indirectly laid the groundwork for online privacy rights by allowing robust encryption tools to be developed and distributed freely.
On an international level, encryption regulations also evolved. In the 1990s, European countries such as France and Russia imposed strict limits on the use and export of cryptographic tools—often requiring licenses or state-approved algorithms. For instance, France mandated that encryption keys be registered with the government until its policies were relaxed in 1999. Similarly, India enforced stringent encryption regulations, requiring service providers to use government-approved algorithms and limiting key lengths for certain communications. In contrast, countries like Germany and Switzerland have historically embraced more privacy-focused policies, encouraging secure communication practices while balancing regulatory oversight. These differing approaches highlight a global patchwork of policies that reflect varying priorities between collective security interests and individual privacy.
As personal computers, mobile phones, and Internet services became ubiquitous, governments around the world began demanding backdoor access to information from companies such as e-commerce providers, social media networks, and device manufacturers. Law enforcement argued for mandatory “backdoor” encryption accessible under judicial authority, claiming that while they supported “strong encryption,” they needed a “trap door and key” to combat crime. Privacy advocates and computer scientists pushed back, noting that installing backdoors creates additional technical vulnerabilities and complexity. Legally, privacy advocates in the U.S. argue that forcing cryptographic backdoors infringes upon the First Amendment (code as speech), the Fourth Amendment (the sanctity of the home and personal effects), and the Fifth Amendment (protection against self-incrimination). The right to privacy—both as “the right to be left alone” and as “informational privacy”—is deeply implicated.
One notable incident occurred in 2014 when Apple announced default encryption on its mobile devices; the encryption was so robust that even Apple could not unlock the devices in response to law enforcement requests. Google soon pledged to take similar steps. As former Chief Justice John Roberts once noted when denying law enforcement’s request for broad access to citizens’ data, “Privacy comes at a cost.”
Moving to the blockchain era, networks that are more privacy-preserving than Bitcoin have come under regulatory scrutiny over the years. Monero, a privacy-focused blockchain network and cryptocurrency, has increasingly become a target of financial regulators due to its capability to facilitate anonymous transactions. Monero has been delisted from several major exchanges globally amid growing regulatory pressure surrounding AML compliance and transparency requirements, and its developers have faced legal action. For example, in 2019, Ricardo Spagni, a prominent Monero developer, was arrested in the U.S. on charges unrelated to Monero but connected to fraud allegations from his time at a South African company. These incidents, along with its delistings, have sparked debates about whether privacy-focused Web3 solutions such as Monero should be regulated and whether their use of privacy-enhancing technologies inherently conflicts with regulatory frameworks.
The controversies echo broader discussions around Tornado Cash—a privacy-enhancing application for the Ethereum ecosystem—where sanctions and arrests raised similar questions regarding the legality and ethics of privacy-preserving tools that can be used for both legitimate and illicit purposes. In August 2022, the U.S. Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Tornado Cash, alleging its use in laundering illicit funds. This action sparked debates over the legality of sanctioning open-source code and the balance between privacy and regulatory compliance. In 2024, a U.S. appeals court overturned these sanctions, ruling that the Department of the Treasury had exceeded its authority when sanctioning Tornado Cash.
Ultimately, ongoing debates about encryption—whether in traditional systems or within Web3—underscore a central tension in digital rights: privacy by default versus transparency by design for law enforcement access. The lessons of past legal battles remind us that when backdoors are mandated or encryption is restricted, the potential for abuse and the erosion of fundamental rights may prove too high a cost.
Privacy & Fungibility of Money
For money to function effectively as a medium of exchange, it must meet the criterion of fungibility—meaning each unit of a currency is equal and interchangeable. Fungibility is closely tied to the degree of privacy or anonymity that a token provides. It requires obscuring links to identifiable individuals (“non-individualization”) and protecting the privacy of transaction data. Traditional forms of money, such as cash, have the highest level of fungibility because physical coins and bills carry no transactional history that can feasibly be traced to previous owners. This makes cash the most anonymous and fungible form of money. Historical legal precedents, like Scotland’s 1749 ruling that the provenance of a coin or banknote is irrelevant, underline the importance of fungibility in state-issued currencies.
However, the shift to digital financial systems and the rise of modern anti-money laundering and terrorist financing laws have challenged this principle. While cash inherently provides high levels of privacy and fungibility, its usage has significantly declined in modern economies, often accounting for less than 10 percent of financial transactions. The rise of credit cards, electronic banking, and Web2-based financial technologies has made tracing money flows easier and cheaper. These systems scatter personal financial data across institutions, each holding partial knowledge of users’ financial footprints. Enhanced monitoring capabilities, combined with stricter anti-money laundering regulations and taxation policies, have further diminished privacy in financial transactions.
Anti-money laundering regulation in the U.S. began with the Bank Secrecy Act of 1970 and was globally reinforced in 1989 when the G-7 created the Financial Action Task Force (FATF) to combat money laundering. Post-9/11, FATF expanded its scope to include anti-terror financing measures, leading to widespread adoption of Know-Your-Customer (KYC) regulations, which increasingly require financial institutions to verify customer identities, maintain transaction records, and report suspicious activities. While these measures aim to curb illegal activities, they have also eroded the fungibility of money, arguably reducing its overall quality as a medium of exchange.
History of Privacy Tokens
Early blockchain networks faced significant privacy challenges due to their public and permissionless system architecture, where all transactions are accessible for analysis by anyone. Although Bitcoin users are pseudonymous, sophisticated chain analysis can link transactions and potentially reveal real-world identities. As a result, users’ financial activities are exposed to surveillance and tracking, leading to concerns about data security and anonymity. As blockchain networks matured, alternative cryptographic tools were developed to counter this challenge. Over the past decade, a diverse range of projects has experimented with techniques ranging from mixing services and alternative cryptographic algorithms to transaction aggregation in second-layer solutions.
Mixing Services were initially developed within the Bitcoin ecosystem to enhance transaction privacy by mixing the inputs and outputs from various transactions off-chain. This process obscures the links between senders and recipients, making it difficult to trace individual transactions back to real-world identities. One of the earliest such services, “Bitmixer,” offered increased anonymity but was not fully decentralized. Subsequent improvements were seen in services like “CoinJoin” and “TumbleBit,” though both faced challenges in achieving widespread adoption. In the Ethereum ecosystem, “Tornado Cash” emerged as a notable mixing service. It used smart contracts to pool tokens and algorithmically shuffle them, redistributing the mixed tokens to users while charging a fee for this anonymization service. Due to regulatory pressures and the need for more controlled environments, the concept of privacy pools was introduced. Privacy pools represent an evolution of mixing services by building on the foundations of traditional mixers like Tornado Cash or CoinJoin, leveraging advanced cryptographic techniques—such as zero-knowledge proofs—to offer enhanced privacy guarantees. This approach not only obscures transaction trails more effectively but can also incorporate mechanisms that validate that funds are clean without exposing transaction details.
Consensus level privacy solutions have also been explored, for example, by “Dash,” a Bitcoin fork that was originally released as XCoin and later renamed Darkcoin. Dash went live in 2014, altering Bitcoin’s Proof-of-Work consensus mechanism and integrating a variation of the token-mixing methods of CoinJoin directly at the protocol level. It resolved the need for off-chain mixing services by incentivizing a new type of node operator, called masternodes, with network tokens to perform mixing services on-chain.
Alternative cryptographic tools are another way to enhance privacy directly at the protocol level without relying on mixing services. For instance, “Monero” uses “ring signatures” and stealth addresses to inherently obfuscate transaction details, making transactions private by default. “Zcash” employs “zero-knowledge proofs” (zk-SNARKs) to offer selective transaction transparency, allowing users to choose between fully private and partially transparent transactions. Mimblewimble, a protocol designed for the Bitcoin ecosystem, reinvents the way transactions are constructed to enhance both privacy and scalability by aggregating transactions and eliminating redundant transaction data. It uses “Confidential Transactions” and “Pedersen Commitments” to obfuscate transaction data while still allowing public verification. While the Monero protocol uses fake transactions to bloat the ledger, Mimblewimble merges old transactions. The Mimblewimble proposal inspired projects such as “Grin” in 2017 and “Beam” in 2018.
Second layer solutions were primarily designed for scaling, but they also enhance privacy by processing transactions off-chain while still relying on the underlying blockchain’s security mechanisms. They limit the amount of transaction data directly visible on Layer 1. In the Bitcoin ecosystem, the “Lightning Network” enhances transaction privacy in addition to scalability. In the Ethereum ecosystem, rollups have become a dominant second-layer solution that also bolsters privacy. “Zero-Knowledge Rollups” (aka zk-Rollups) use zero-knowledge proofs to validate the correctness of transactions within a rollup block. They bundle hundreds of transfers into a single transaction and post only a cryptographic proof back to the mainchain, ensuring that individual transaction details remain hidden. “Optimistic Rollups,” on the other hand, do not inherently enhance privacy, but they can be combined with other cryptographic techniques to obscure transaction details before recording them on-chain.
Smart contract privacy offers another avenue for protecting sensitive transaction details and business logic in decentralized applications. Cryptographic techniques like zk-SNARKs and zk-STARKs can be used in smart contracts to validate transactions without revealing underlying data. Alternatively, Secure Multi-Party Computation (SMPC) can be used to allow multiple parties to jointly compute functions over their inputs while keeping those inputs private. Projects such as Enigma have pioneered the integration of SMPC into smart contract frameworks.
User-centric identity systems can further enhance privacy by design in crypto networks and their applications by enabling users to control their personal data via their wallets, from which they can easily grant access rights without relying on centralized authorities. As will be explained in more detail in the next chapter, these systems allow individuals to manage and share verifiable credentials selectively, ensuring that only the minimum necessary information is disclosed during online interactions. Users can also leverage cryptographic proofs and decentralized storage solutions, minimizing the risk of data breaches and unauthorized tracking, thereby fostering a more privacy-focused ecosystem.
Tornado Cash & Privacy Pool Controversy
Tornado Cash is a mixer protocol for Ethereum and other EVM-compatible blockchains that uses smart contracts to obfuscate the flow of digital assets without ever taking custody of user funds. The protocol is partially governed by a DAO and operates on open-source code, meaning it is designed to run autonomously with immutable core contracts and minimal human intervention. In 2022, the U.S. Treasury’s Office of Foreign Assets Control (OFAC) placed Tornado Cash on the Specially Designated Nationals list, prohibiting U.S. individuals and organizations from using or interacting with the software and its associated wallet addresses—allegedly for laundering over $7 billion. This action raised many questions about the scope of these sanctions, particularly regarding past interactions with the software.
Following the sanctions, various U.S.-based software services deplatformed Tornado Cash out of fear of regulatory repercussions. For instance, GitHub removed its code repositories—an act criticized by some as premature compliance. A cryptography professor later re-uploaded the code on First Amendment grounds. In spite of the repercussions and controversies at the time, Tornado Cash continued to operate, with its front end accessible via IPFS and the Tor network. However, legal actions against core developers soon followed: in August 2022, Dutch authorities arrested developer Alexey Pertsev on money laundering suspicions, and by August 2023, U.S. authorities charged co-founders Roman Storm and Roman Semenov with operating the platform and laundering over 1 billion U.S. Dollars. In 2024, a U.S. appeals court overturned these sanctions, ruling that the Department of the Treasury had exceeded its authority when sanctioning Tornado Cash.
Parallel to these developments, the concept of privacy pools emerged as an evolution of mixing services, addressing uncertainties linked to the usability of Tornado Cash services. Unlike traditional mixers, privacy pools are designed to allow users to selectively choose with whom to mix their transactions, aiming to filter out bad actors and enhance trust among participants. They employ cryptographic proofs—such as zero-knowledge proofs—to verify the legitimacy of transactions without revealing underlying data. In these systems, a user’s transaction is validated in a manner that demonstrates their funds originate from legitimate sources without exposing the complete transaction history. “Railgun” is one example of a privacy pool implementation.
Critics argue that requiring users to preemptively demonstrate that their funds are “clean” shifts the burden of proof onto them, effectively demanding compliance before guilt is established and inverting the principle of “innocent until proven guilty”—a cornerstone of a democratic legal system. Proponents of privacy pools counter that the cryptographic process ensures both privacy and integrity without compromising anonymity and that novel technologies require novel mechanisms that are true to their nature and the realities of the regulatory environment.
Outlook
The debate over privacy mechanisms is highly contentious. On one hand, Monero’s enforced privacy model makes all transactions private by default, offering robust protection for users but complicating regulatory oversight. On the other hand, Zcash’s public-by-default approach allows users to opt for shielded transactions, though many default to transparency to avoid regulatory scrutiny. Fully obfuscated networks, such as Monero, while enhancing anonymity, risk impeding tax enforcement, anti-money laundering efforts, and the tracking of the provenance of goods.
The trade-offs and balance between public accountability and individual privacy will shape the internet for generations. Achieving true privacy-by-design, where only selective, necessary data is revealed while complying with data protection laws, demands extensive international dialogue and consensus among internet communities, nation-states, and global institutions.
The ongoing evolution of privacy solutions in the blockchain space requires a balanced approach that considers both technological advancements and legal frameworks. The future of Web3 privacy will be determined by whether the crypto ecosystem can offer solutions that provide real privacy-by-design, serving as instruments of liberation instead of becoming tools for surveillance. A comprehensive list of publicly traded privacy tokens, including market capitalization and other data, is available on platforms such as “Cryptoslate.com.”