Vitalik Buterin’s privacy pool proposal is just the beginning.

By now, most of the cryptosphere has heard about Privacy Pools – a project launched this year by the famous developer and founder Amin Soleimani. As a former contributor to Tornado Cash, Soleimani was “modifying” a well-known open source solution to de-anonymize Ethereum transactions to make it more regulatory-friendly.

The main teaser shown in March was originally based on the idea of ​​2022 by Ethereum co-founder Vitalik Buterin. But somehow it failed to grab the attention of the crypto hive-mind. It was only weeks ago – after Buterin wrote an academic paper on the subject – that it started making the rounds on social media.

why? Well, nothing like mixing “blockchain privacy with regulatory compliance” to piss off some cypherpunks. And to the exclusion of the rest of society, despite regulators' desire to legalize the use of unregulated crypto-asset mixers—certainly critical, but often misunderstood—in the chain economy.

Because the future is clearly a changed world where zero-knowledge (ZK) proofs are entering the mainstream and decentralized finance (DeFi) is just around the corner, benefiting from automated compliance at the smart contract level. And while this paper has no conclusions, it has started that conversation. Meanwhile, how do we get from A to B?

Let's discuss whether privacy pools are currently compliant. As the crypto podcast Pretty Good Policy recently put it, can they satisfy society's core morality — or at least the part of society that cares about preventing illegal token use? And how do we overcome one of the paper's most critical weaknesses: its narrative?

Related: Ripple is seeing an opportunity to fix a closed system.

First, even if the proposed implementation is sound, users can only prove their integrity by showing their original deposits are either from a set of presumed legitimate sources or not from a set of known illegitimate sources. These are referred to as association clusters and their performance is still to be explained in terms of ecology. But compliance isn't just about addresses on OFAC's SDN list or staying away from known malicious actors.

Yes, if someone steals a protocol, or if alleged criminal wallets are identified and try to transfer funds to new addresses, these can be immediately added to a guild designed to keep trusted users separate. That's easy, and the paper recommends more interesting construction methods like inclusion delays or zero-knowledge Know Your Customer (zkKYC) pools.

However, bad actors can stay under the radar for a long time before being identified as such, and that worries regulators that coins linked to illicit activity may re-enter their circulation. In the traditional financial world, an ever-smaller share of payments and illicit funds held in banks can easily be captured in physical cash accounts. And regulators are accustomed to doxing, which thorough KYC procedures allow.

Secondly, while this is enough to satisfy the current regulators, it is also important to understand that the crypto community is happy with the solution – otherwise it will not be accepted. And this is not just about hardcore cypherpunks, but also users from oppressive regimes and political activists in unhealthy democracies. That situation is particularly thorny.

Related: How Bitcoin Miners Can Survive a Hostile Market – and the 2024 Halve

Because these pools can only improve transaction privacy if there is an entire ecosystem around them that users trust. Yes, association collections can be fully automated. But then it's all about the oracles and which public and private bodies come to control these details, deciding exactly who is a bad actor and who isn't – probably without a warrant.

Soleimani said the protocol “doesn't require sacrificing crypto ideas.” However, even honest actors who naturally strive to demonstrate innocence can only do so to the extent that their authority is large and important enough that the evidence is understood to work, or that the assigned∂ association set providers can be trusted.

Yes, but this has its own ultimate attack vectors. Especially the definition of “illegal sources”. One of the whole points of privacy is to be invisible to oppressive governments. Iran, for example, could require all users to have no tx history with women's rights…

— Dan McArdle (@robustus) September 7, 2023

Finally, the intentions of the proposal are good and the design is flexible and powerful. Unfortunately, a large number of builders do not believe that regulation is helpful to this industry. That is modeled by developers who are typically worried about regulations or fear of being arrested or fined in the unclear context of international DeFi legal frameworks.

Such a compliant protocol cannot be solved by magic, as it creates a separate controlled environment for users (and governments or legislators) to opt into. Otherwise, as privacy is attacked left and right, the cord will continue to rise.

After all, we can only build something for success if we agree on the deal and if it is built to meet the requirements of customers and stakeholders. The bottom line is that if we don't agree with those requirements, we need the whole community to stand on the side of change – in this case, fighting for better privacy protections and better privacy education.

Change starts with you. Have you been supporting your national crypto advocacy groups? Do you know what they stand for? Have you done solid work on the topic? (Although not as aggressive as CoinCenter, which sued the US Treasury Department last year after approving the use of Tornado Cash).

If not, now is the time to get involved. Let's lobby for a better future or it won't come.

This article is not intended for general information purposes and should not be construed as legal or investment advice. The views, ideas and opinions expressed herein are solely those of the author and do not necessarily represent the views and opinions of Cointelegraph.