Original link: Privacy trends for 2026
Compiled by: Ken, ChainCatcher
1. Privacy will be the most important moat for the cryptocurrency industry this year.
Privacy is a key element in the global shift of finance to on-chain transactions, and one that is almost entirely lacking in existing blockchains. For most blockchains, privacy has been a secondary consideration. But today, privacy itself is enough to make a blockchain stand out from the crowd.
Privacy has an even more important role: it creates a chain of lock-in; or, in other words, a privacy network effect. This is especially important in today's world where performance alone is no longer enough to win.
Thanks to bridging protocols, migrating from one chain to another is effortless as long as all information is public. However, things change drastically once information becomes private: bridging tokens are easy, but bridging keys are difficult. Moving between private and public chains always carries risks; someone monitoring the chain, mempool, or network traffic could identify you. Crossing the boundary between private and public chains—or even between two private chains—leaks various metadata, such as the correlation between transaction times and transaction sizes, making it much easier to track someone down.
Compared to numerous single-function, highly competitive emerging blockchains (whose block spaces are already largely identical), privacy-enabled blockchains have a stronger competitive advantage because transaction fees are likely to drop to zero due to competition. The reality of network effects is that if a "general-purpose" supply chain doesn't have a thriving ecosystem, killer applications, or unfair distribution advantages, almost no one will use it or develop on it—let alone remain loyal to it.
When users use public blockchains, they can easily transact with users on other chains—which chain they join is relatively unimportant. However, when users use private blockchains, their choice of chain becomes crucial, because once joined, they are less likely to easily switch chains, thus reducing the risk of information leakage. This creates a winner-takes-all situation. Because privacy is critical for most real-world applications, a few privacy chains may control the majority of cryptocurrencies.
2. This year, the challenges facing instant messaging applications are not only how to defend against quantum attacks, but also how to achieve decentralization.
The world is ready for quantum computing. Many encryption-based instant messaging applications (such as Apple, Signal, and WhatsApp) are at the forefront, and doing so exceptionally well. The problem is that all major instant messaging applications rely on our trust in private servers operated by a single entity. These servers are easily targeted by governments, which can easily shut them down, implant backdoors, or coerce users into handing over their private data.
What use is quantum encryption if a country can shut down your server; if a company has the key to a private server; or even if only one company has a private server?
Private servers require "trust in me," but the absence of private servers means "you don't need to trust me." Communication doesn't require any intermediary companies. Messaging requires open protocols, under which we don't need to trust anyone.
Our approach to achieving this goal is a decentralized network: no private servers, no single application, all open source, and top-tier encryption—including protection against quantum threats. In an open network, no individual, company, non-profit organization, or nation can deprive us of our communication capabilities. Even if a country or company shuts down an application, 500 new versions will emerge the next day. After a node is shut down, the existence of technologies like blockchain will provide economic incentives for a new node to immediately take its place.
When people control their information as they control their money—through private keys—everything will change. Applications may come and go, but people will always control their information and identity; end users can now own their information even when they no longer use the application.
This is stronger than quantum resistance and encryption; it's about ownership and decentralization. Without both, all we do is build a seemingly unbreakable encryption that can still be shut down.
3. We will provide "Secret as a Service" to make privacy a core infrastructure.
Behind every model, agent, and automated process lies a simple dependency: data. But most data pipelines today—the data that inputs to or outputs to models—are opaque, mutable, and unauditable.
This may be harmless for some consumer applications, but many industries and users (such as finance and healthcare) require companies to protect the privacy of sensitive data. This is also a major obstacle currently preventing institutions from tokenizing real-world assets.
So how can we achieve secure, compliant, autonomous, and globally interoperable innovation while protecting privacy?
There are many approaches, but I will focus on data access control: Who controls sensitive data? How is the data transmitted? Who (or what) can access it? Without data access control, anyone who wants to keep their data confidential currently has to use centralized services or build custom settings—which is not only time-consuming and labor-intensive but also prevents traditional financial institutions and other organizations from fully leveraging the capabilities and benefits of on-chain data management. For proxy systems to browse, transact, and make decisions autonomously, users and institutions across industries need cryptographic guarantees, not just “best-effort trust.”
This is why I think we need secrets as a service: new technologies that can provide programmable, native data access rules; client-side encryption; and decentralized key management that enforces who can decrypt what under what conditions, and for how long... all of which are enforced on-chain.
By combining with verifiable data systems, secrets can become part of the basic public infrastructure of the internet, rather than an application-level patch for privacy added after the fact, thus making privacy a core infrastructure.
4. In security testing, we will shift from "code is law" to "standards are law".
Last year, attacks on DeFi platforms even affected well-tested, mature protocols with strong teams, rigorous auditing mechanisms, and years of production experience. These incidents highlight a disturbing reality: current standard security practices still rely heavily on rules of thumb and case-by-case approaches.
To reach maturity this year, DeFi security needs to shift from vulnerability patterns to design-level attributes, and from a "best-effort" approach to a "principled" approach.
In the static/pre-deployment phase (testing, auditing, formal verification), this means systematically proving global invariance, rather than verifying manually selected local invariants. Currently, multiple teams are building AI-assisted proof tools that can help write specifications, propose invariants, and alleviate the costly and extensive manual proof engineering work of the past.
In the dynamic/post-deployment phase (runtime monitoring, runtime enforcement, etc.), these invariants can be translated into real-time safeguards: the last line of defense. These safeguards are directly encoded as runtime assertions that every transaction must satisfy.
Therefore, instead of assuming that every bug has been caught, we now enforce key security properties in the code itself and automatically undo any transactions that violate these properties.
This is not just theoretical. In practice, almost all exploits to date have triggered one of these checks during execution, potentially preventing hacking. Therefore, the once-popular "code is law" concept has evolved into "standards are law": even entirely new attacks must meet the same security properties to ensure system integrity, thus leaving attacks either small-scale or extremely difficult to execute.
