Almost every time we sit down to write a post about a new development — whether for ourselves or future users — we begin with some variation of the same phrase: “Privacy matters,” “We care about privacy,” “Everyone deserves privacy.” And then we move on—to new features, roadmap updates, technical details. The goal of this short essay is to pause on that first, seemingly obvious statement. To look at it again. To reconstruct what it means in the context of blockchain, and then ask what follows from it—especially in terms of product thinking. What follows is not a manifesto, but something closer to a conversation starter. It includes a few shared truths, some personal interpretations, and an attempt to name the intuitions we already hold. It’s a loose, exploratory essay—meant to raise questions as much as answer them, to make room for reflection before jumping into solutions. It’s the first step toward a shared perspective. A sketch, not a blueprint.

In the pages that follow, I start by digging into the very nature of blockchain, highlighting why it matters and what makes it unique. From there, I turn to privacy—the critical challenge and unresolved question at the heart of this technology. I examine what privacy really means in the blockchain context, and why it’s both essential and difficult to achieve. Finally, I explore practical ways to stay private on blockchain, focusing on the simplest available tools.

Special thanks to Mateusz, Damian, and Adam for their valuable comments and insights throughout this process. Their input was crucial in shaping this essay.

While blockchain may appear to be a familiar concept in today’s digital discourse, its deeper significance is often overlooked. Understanding the revolutionary nature of this technology is essential not only to grasp its value but also to appreciate the kind of transformation it promises—for both users and society at large.

At its core, blockchain introduces a new form of permanence and structural stability. As noted by Josh Stark in his essay Atoms, Institutions, Blockchains, it offers a kind of hardness—a reliable, unchanging substrate that humans instinctively seek to navigate an unpredictable future. This stability does not emerge from fragile political or institutional systems but from pure mathematics encoded as information. By combining cryptography, distributed networks, and incentive mechanisms (often in the form of tokens), blockchain establishes trust not through authority, but through code.

What’s most revolutionary is that this hardness has the form of information. It’s an idea that is both incredible and deeply unintuitive: how can something that has no material form be hard? Yet this is precisely what blockchain enables—an abstract, immaterial structure with real-world permanence. It changes the nature of reality by giving information itself a new kind of power and agency.

A clear example of this can be seen in how ownership is transferred. To give someone everything held on the blockchain, one simply needs to share access to a private key. Most often, this key is remembered or stored as a seed phrase—twelve seemingly random words that unlock everything. These words are not the private key itself, but the most practical and human-readable way to represent it. This phrase becomes the primary instrument of interaction with the blockchain: the artifact of access and control. It is an information, it can take any form—written on paper, stored in cold wallet, whispered, memorized, even tattooed. With it, one holds power; without it, everything is lost.

No bank, government, or third party is required to validate the transaction. There are no support lines, no password resets, no institutions to recover what’s gone. But this is a feature, not a bug. It reflects the core principle of a self-custodial system—one that removes dependency on external actors by placing full responsibility into the hands of the user. The cost of absolute independence is absolute accountability.

This radical shift has transformative potential that is difficult to fully grasp—but grasping it is necessary. What makes blockchain so fundamentally new is its turn toward information as the primary substrate of trust, ownership, and coordination. While this may sound abstract, it demands to be taken seriously. As Chilean physicist César Hidalgo suggests, information is not just a byproduct of reality—it is a core ingredient of it, alongside energy and matter. Embracing this view opens entirely new perspectives for how we understand the world and build within it.

Blockchain cannot be properly understood using the language and mental models of the past. When we apply familiar frameworks—especially those rooted in finance and speculation—we reduce it to something we already know: a volatile market, a digital casino. But this view reflects more about our current limitations than about the technology itself. It is the easiest interpretation, not the deepest. The real potential of blockchain remains largely unrecognized, not because it is hidden, but because we lack the conceptual tools to truly see it.

And it is precisely now, in a moment marked by rapid change and instability, that such new tools are most needed. Referencing climate collapse, wars, and geopolitical shifts has become almost cliché—but these are the contours of our reality. Technologies like AI and blockchain are not just digital novelties; they are instruments through which we build tomorrow’s institutions. To ignore their deeper implications is to forfeit the possibility of shaping what comes next.

Edward O. Wilson once remarked that “the real problem of humanity is that we have Paleolithic emotions, medieval institutions, and godlike technologies.” Blockchain belongs to that last category—a godlike technology capable of reshaping the outdated institutional frameworks that no longer match the complexity of our modern world.

This vision has always been present in the roots of the technology. It echoes through the cypherpunk tradition, where early digital thinkers saw in electronic tools the promise of entirely new systems—systems capable of transcending the limits of the old world. As the cypherpunks recognized, for such systems to truly empower people, strong privacy is not optional—it is essential. Absolute independence and accountability are only possible when protected by privacy. As Eric Hughes wrote in A Cypherpunk’s Manifesto, “The technologies of the past did not allow for strong privacy, but electronic technologies do.”

And this brings us to one of the most important unresolved questions in blockchain’s evolution: the matter of privacy.

For all its promises of decentralization and individual empowerment, blockchain suffers from a fundamental flaw: it is not private. This simple fact—rarely acknowledged outside of technical communities—casts a long shadow over the technology’s ability to deliver on its vision. Traditionally, the blockchain trilemma revolves around balancing security, decentralization, and scalability, but today privacy is increasingly seen as a fourth dimension, complicating the balance even further. Every day, advances in AI and system design bring us closer to solving these challenges, yet the fundamental issue at the heart of blockchain security—privacy—remains unresolved. We can scale blockchains, optimize throughput, lower fees, and improve user experience. But as long as users do not feel safe—do not trust that their actions and data are protected—blockchain cannot become a reliable foundation for everyday life. Instead, users will remain tethered to centralized platforms that thrive on data extraction and attention-based economics.

People don’t want to replace banks and platforms just to punish them. They want to move to something better—not something more exposed, fragile, or opaque. And yet, without privacy, blockchain becomes exactly that: a system where visibility is total and protection is minimal.

The root of this problem lies in the architecture itself. On networks like Ethereum, every user is identified by a public address. Every transaction—a transfer of tokens, an interaction with a smart contract—is permanently recorded and visible to everyone. A user holds a private key that grants control, and a corresponding public key that reveals action.

There’s no time here to fully unpack the nature of a transaction—but it’s worth pausing on this: in a system based on value exchange, reality is defined by the outcome of a transaction. What is real is determined by what has happened. The ability to perform global transactions without leaving home has become second nature to us—and it forms the foundation of modern e-commerce. When you buy something online and receive a payment confirmation, the object is already yours. You may not be holding it yet, but its status has changed. Ownership has shifted. The transaction itself creates a new state.

That state is not symbolic—it’s real, especially in the context of Web3, where the primary objects of transactions are digital assets. It changes how we feel, how we plan, how we act. It alters our perception of the world because it has reconfigured our position within it. We’ve exercised control. It rewrites our relationships—to the object, to the seller, to the system that made the exchange possible.

In blockchain, this process is made explicit. Every transaction is recorded, verified, and broadcast. It is, first and foremost, public.

This demands a shift in how we think about acting in the world. Not long ago, a private conversation at home was just that—private by default. Eavesdropping, spying, surveillance were exceptions to the norm, violations of an assumed boundary. On-chain interaction flips this logic. On the blockchain, exposure is the default. What was once exceptional becomes constant. Every action is visible. Every interaction is traceable. Blockchain is not just transparent—it is an open data source.

What protects a user, if anything, is what game designers call the fog of war. In real-time strategy games, the fog of war hides parts of the map you haven’t explored or aren’t currently watching. It simulates uncertainty, requiring players to make decisions with limited information. Blockchain works similarly—but only at first. So long as you remain untouched, unlinked, unengaged, you're covered in fog. But the moment you interact—even once—you lift the veil, not just for yourself, but for anyone connected to you. One simple transaction reveals the full map to whoever you’re interacting with. The awareness of this is paralyzing.

What’s ultimately revealed on-chain is not just data—it’s a digital identity. Formed through footprints, decisions, holdings, and interactions, this identity emerges over time as a detailed user profile. Kei Kreutler, in her essay Inventories, Not Identities, explores this vulnerability. Because a user’s transaction history is publicly accessible, linking a real-world identity to an address doesn’t just expose isolated actions—it reveals behavioral patterns. In this model, privacy isn’t an individual trait; it’s a function of the network. The more someone participates, the more visible they become—and the easier it is to reconstruct who they are.

Kreutler suggests that in this context, identity becomes less about a fixed persona and more about a collection of permissions or capabilities granted by the tokens one holds. But with this comes a new set of risks. Ownership requires protection. If agency derives from what we own, then guarding the privacy of that ownership becomes crucial.

Which raises a deeper question: do we need identity at all? If there is no identity, there is nothing to protect. It may seem counterintuitive, but the strongest privacy is no identity whatsoever—an approach closer to the right to be forgotten than to the right to conceal. Privacy should be the default. Its suspension—when and if it happens—should be a conscious choice, made in service of a specific goal.

When a user first begins their journey on the blockchain and creates their initial account, they enter the system with full anonymity and privacy. But every action they take—every transaction, every interaction—gradually reveals more about them. Operating on the blockchain slowly corrodes privacy. The system itself, paradoxically, punishes participation.

The only way to ensure strong privacy is to remain silent about identity. A user’s identity should never be tied—directly or indirectly—to their account, which on-chain is represented by an address. That responsibility should rest solely with the private key. Just as the private key is known only to its holder, identity too should remain entirely invisible.

This may feel counterintuitive. Blockchain systems like Ethereum are built around a transactional model of sender and recipient, where an account is treated as a user’s presence on the chain. That assumption—that identity and address are inherently linked—has shaped how blockchains are designed and how people use them. But it’s an assumption worth challenging.

It doesn’t mean starting over and tearing everything down. We don’t have to rebuild a historic city just because its streets no longer serve our needs—first, we have to rethink how people move through it. We need to redesign flow. The same applies here. Privacy doesn’t require abandoning blockchain’s foundations, but it does demand reimagining how we interact with them.

Strong privacy is possible. It begins with anonymized transactions—shielding information while preserving verifiability. And it continues with breaking the identity-account link. Embracing multi-account practices allows users to practice privacy hygiene and move without leaving a singular traceable path. Privacy becomes more resilient when account structures are fluid, fragmented, and difficult to map.

And we've already begun to prove that it can be done.

Strong privacy on the blockchain isn’t a switch—it’s a practice. It requires intention, repetition, and the right tools. Two core components make it possible: shielding, and what can be called privacy hygiene—a set of habits that reduce traceability and prevent identity from leaking into the system over time.

Each of these elements plays a different role. Shielding offers cryptographic protection by concealing the movement of funds. Privacy hygiene complements it by shaping how users behave—how they use addresses, manage accounts, and control timing. Alone, each is incomplete. But when combined, they create a solid foundation for strong privacy in an otherwise transparent system.

Shielding is the act of hiding transactional activity from the public eye. In practice, it means sending funds into a shielded pool, where all deposits become indistinguishable from one another. This generality is what provides protection—not through secrecy, but through indistinction. In case of shielded pool, it’s not about invisibility; it’s about becoming part of a mass.

The shielded pool works like a body of water. Each deposit is a drop, lost in a liquid made of many others. Only the holder of the private key knows which drop is theirs—and can later withdraw it. No observer can tell what belongs to whom. The user, and only the user, maintains control.

Thanks to zero-knowledge proofs, this privacy doesn’t come at the cost of trust. Users can prove they have the right to withdraw funds from the shielded pool without revealing anything else. Shielding becomes a mathematical act of silence: the system confirms without exposing.

Still, shielding is only half the story. Each time a user takes funds out of the shielded pool, the amount is disclosed. To maintain strong privacy, users must also learn how to wield the shield—how to apply it within a system that does not natively support it. Ethereum’s architecture is still based on public addresses and open histories. Shielding must be integrated by the user, not assumed by the system.

As it has been mentioned already, Ethereum and similar chains are not private by default. Every transaction, every address, every token movement is public and persistent. Shielding activates a privacy layer on top of the blockchain without changing how it works—it just interacts with it. And how that interaction happens makes all the difference.

Used carelessly, shielding can fail. If someone sends funds from a known public address into the pool, and shortly after withdraws the same amount to the same or related address, the anonymity breaks down. The movement becomes traceable. It’s like stepping into a crowd, only to step back out on the same corner. The gesture was made, but no privacy was gained.

This is where privacy hygiene comes in.

It starts with a mindset: treat every account as a temporary container, not as a representation of user identity. Accounts should be created, used briefly, and discarded. Over time, each transaction adds informational weight. And the more an account is used, the more it reveals. Rotating addresses and avoiding reuse lowers the chances of linking behavior to a single profile.

It also includes strategy. Avoid transferring unique or identifiable amounts. Let time do its work—funds that stay longer in the shielded pool become completely indistinguishable and deeply anonymized. When withdrawing, always send to a fresh, unused address. The less history an address has, the less it can reveal.

Even without advanced tooling, these basic practices can make a significant difference. But it’s not easy. Staying private on a public blockchain is a real challenge. Shielding is a strong and sophisticated tool, but using it well takes effort. Unlocking its potential calls for a shift in thinking—and the creation of new tools.

Understanding blockchain—and especially how to stay private within it—takes time. Achieving strong privacy requires unlearning habits, rethinking assumptions, and adapting to a system that doesn’t behave like the internet we’ve come to know.

One of the biggest mental blocks is the idea that a blockchain account and its address represent the user. It feels intuitive, but this assumption quietly erodes privacy. It’s an approach inherited directly from how blockchain is fundamentally designed. Using the same account repeatedly builds up a long, public, traceable history. Every time we interact with someone, we expose our entire history to the other party. Over time, that history becomes a profile—one that anyone can examine.

This makes blockchain feel harder, more fragile, even hostile. While it promises freedom, control, and a new kind of digital autonomy, the path to those outcomes is anything but simple. Strong privacy demands effort—carefully timed transactions, multiple accounts, awareness of what leaves a trace. It’s no surprise that most people find it overwhelming.

By contrast, Web 2.0 platforms offer effortless convenience. Data-driven design anticipates your next move. Interfaces are optimized for speed and ease, not control. As Steve Krug put it: “Don’t make me think.” These platforms are built to satisfy our Paleolithic emotions—fast, frictionless, familiar. And in that contrast lies blockchain’s greatest challenge: designing privacy not just as a feature, but as an experience.

This is where product and its interface become essential—not as features, but as frameworks for meaning.

Most blockchain interfaces today reinforce the wrong mental model. They expose account-level logic, making users feel like their address is their identity. But that identity isn’t fixed—it can, and should, move. A well-designed product can guide users to rotate accounts, create temporary “stealth” addresses, and interact fluidly without ever building a persistent, traceable profile. We are moving toward what could be described as fully automated privacy hygiene—a solution that ensures seamless and effortless privacy across the transparent and public landscape of blockchain.

These aren’t just design conveniences. They are structural choices that protect the user, often without them even realizing it. As the technology matures, strong privacy shouldn’t depend on perfect awareness or technical mastery. It should emerge naturally from the way the product works.

This is the heart of user experience: shaping behavior by shaping perception. Design is what turns a system’s logic into lived behavior. All of the core concepts—private keys, shielding, multi-accounts, privacy hygiene—form a conceptual model. The product and its interface bring that model to life, guiding users toward good decisions while hiding unnecessary complexity.

We’re not there yet, but we're on our way.

We need a new story. A new mental model. One that doesn’t ask users to master complexity, but introduces privacy gradually.

We start with something simple: a shielder - the basic tool for privacy. Then we build outward—adding features, automation, and protection—always listening, always adapting to real user behavior.

And that’s how we build trust: not through persuasion, but through experience.