# The Infrastructure Is Ready. The People Can't Reach It [report] > Six signals from the State of Decentralized Privacy Report, launched at the Neocypherpunk Summit in Berlin. **Published by:** [Week in Privacy](https://paragraph.com/@web3privacy/) **Published on:** 2026-06-30 **Categories:** report, privacy, decentralized, ethereum, zcash **URL:** https://paragraph.com/@web3privacy/decentralized-privacy-report2026 ## Content We built a lot of privacy tech. Now for the hard part. That's the short version of the State of Decentralized Privacy 2026, the edition of the report we launched at the first Neocypherpunk Summit at Funkhaus Berlin on June 14. We mapped the decentralized privacy landscape with 826 projects, every major ecosystem, onchain data, wallet audits, a hands-on UX audit. We went looking for one answer: does any of this actually work for the people who need it? Distribution and Reading Booth with Limited 20 Printed Copies Drop of State of Decentralized Privacy Report (Neocypherpunk Summit Edition) @Funkhaus Berlin, Germany 2026 Here's what we found, in six signals. 1. Privacy already arrived but it’s not evenly distributed. This isn't a "someday" technology anymore. Over $5 billion has moved through RAILGUN since launch. The Ethereum Foundation stood up a 47-person privacy team and shipped its first SDK. Zero-knowledge tooling that used to require a full cryptography team now ships from two-person wallet startups. The infrastructure is here, it's real, and it's growing fast. The problem is everything around the infrastructure. 2. Privacy is switched `off` by default?! Only 24% of active privacy projects have privacy on by default. More than half don't even specify. And when we checked the wallets people actually use, like MetaMask, Rainbow, Phantom, Rabby, and Zerion the score was brutal: 0 out of 21 Ethereum wallets (tracked by Walletbeat) passed the most basic privacy test: can you conduct a private `tokenTransfer` transaction? Not one. It seems like the strongest privacy tools in existence are, with few exceptions, unusable by anyone who hasn't already decided to learn them. Source: Web3Privacy Now Explorer, May 2026 3. Change one default, triple the result. Here's the most hopeful number in the report. Between early 2024 and 2026, the share of Zcash held in shielded (private) addresses went from 8% to roughly 30%, nearly fourfold. The cryptography didn't change. One thing changed: the Zodl (fka Zashi) wallet made shielded the default. Previous price rallies left shielded supply flat. This time it climbed. That's not speculation, that's people actually using privacy because someone finally made it the easy path. Source: zkp.baby May 27 2026; CoinMetrics Nov 2025; cryptonews.net June 2026. 4. Your stablecoin is a political statement. This is our favourite finding. We looked at what stablecoins people choose inside privacy protocols, and a perfect gradient appeared. Tornado Cash, no screening: 99% DAI, 0.2% USDC. Privacy Pools with compliance screening: 81% USDC. DAI can't be frozen by anyone. USDC can be frozen by Circle on request. Nobody announced this. No governance vote, no manifesto. Users simply sorted themselves into compliance tiers with their wallets. The stablecoin you choose is your compliance statement, and the market made that choice visible without anyone intending to. Source: AMLBot Dune May 2026.; Castle Labs / DeFi Llama June 2026 5. The problem isn't the cryptography. It's the on-ramp, the cookie, and the business model. Onchain privacy protects what happens inside the blockchain. But most people get their funds from a KYC'd exchange, which means their identity is logged before their first private transaction. The on-ramp is the weakest link. Then there's offchain leakage. When your wallet hands your address to a website, that address can land in a Google Analytics dashboard and follow you across the web. This is the exact third-party-cookie problem privacy advocates spent twenty years fighting, reborn now onchain! And underneath it all: economics. Wallets earn fees from swaps, bridges, and perps. Privacy protocols don't pay wallets to turn privacy on. So wallets don't. Privacy ends up as a privilege rather than a default capability of the network. That's not a technical failure. It's an economic design choice with a technical consequence, and it won't be solved by cryptography alone. 6. A four-year-old bug, found the day before the Neocypherpunk Summit. Only 7.8% of active privacy projects have ever had an independent security audit. To see why that matters: on June 5 (one day before our summit) a soundness vulnerability was disclosed in Zcash's Orchard circuit. It had been live since 2022. Four years. In one of the most scrutinised cryptographic systems in the entire ecosystem. (Patched before disclosure, no exploit, no funds lost, but the point stands.) If a four-year flaw can hide there, what's hiding in the 92.2% with no audit at all? The takeaway The infrastructure exists. The standards do not. The defaults are wrong. These are solvable problems, if the people building the tools, the people writing the standards, and the people who need the protection are in the same room. That's exactly why we held the Neocypherpunk Summit, and exactly what this report is for. Privacy isn't a feature waiting to be shipped. It already arrived. Now we make sure it reaches everyone, not just the people who know to ask for it. Without privacy there is no democracy. Contributors: jensei - research | talia - design | mykola siuisko - facilitation The Neocypherpunk Summit edition is available now. A delivery of the fuller v2 with deeper UX testing, case studies, and expanded data is scheduled for launch at the Ethereum Cypherpunk Congress (November, 2026 in Mumbai, India). Do you have data or findings to contribute? Reach us at https://web3privacy.info/projects/state-of-decentralized-privacy-report → Feedback. ## Publication Information - [Week in Privacy](https://paragraph.com/@web3privacy/): Publication homepage - [All Posts](https://paragraph.com/@web3privacy/): More posts from this publication - [RSS Feed](https://api.paragraph.com/blogs/rss/@web3privacy): Subscribe to updates