Vitalik Buterin's "Don't Be Evil" Roadmap: The New Place for Privacy in the Ethereum Narrative

Original author: Sanqing, Foresight News

The surge in privacy-related prices has once again brought the "privacy narrative" back into the market spotlight. Funds are searching charts for assets tagged with "privacy," and the community is discussing whether privacy will become the next major theme. However, focusing solely on the price fluctuations of a particular privacy-focused blockchain or a single cryptocurrency can easily lead to missing a more crucial turning point. At the 2025 Ethereum Developers Conference in Argentina, Ethereum founder Vitalik Buterin, in a roughly 30-minute roadmap presentation, once again placed privacy within the future technological and governance framework of Ethereum.

What exactly does "privacy" mean?

In everyday life, privacy often means "don't let others see my chat history, salary, or address." On public blockchains like Ethereum, the situation is exactly the opposite; the default setting is that once something is on the chain, it's public to everyone.

Everyday privacy and privacy in the Ethereum context are like two branches on the same tree, only the latter is broken down into finer and more technical parts. Discussing privacy in the context of blockchain mainly involves dealing with several very specific types of information.

First, there are the asset and transaction records. What addresses you have, what assets are in each address, how much money has been transferred between these addresses, and how frequently—all of this is clearly recorded on the blockchain. Anyone can see this by opening a blockchain explorer.

Secondly, there's identity and relationships. A single address may look like a random string, but by analyzing transaction relationships and time patterns, analysts can often deduce which addresses belong to the same user and which addresses have been interacting with the same group of counterparties for a long time, thus piecing together your "on-chain social circle" and fund flow.

Thirdly, there are behavioral patterns and preferences. When you typically interact, which protocols you frequently use, whether you prefer high-risk products, and which IPOs or airdrops you often participate in—all of these will be compiled into a "behavioral resume." Who can use this resume and what will they use it for is a real-world question.

Fourthly, network and device information. When wallets, browsers, and RPC services are working, they may come into contact with your IP address, rough geographical location, and device fingerprint. If these are then linked to on-chain addresses, the data is no longer just an "anonymous address," but rather identity clues that are gradually converging with the real world.

From "Do not do evil" to "Cannot do evil"

In his speech at this conference, Vitalik once again used a familiar analogy to summarize Ethereum's goals. He mentioned that centralized exchanges like FTX essentially operate on the principle of "people trusting a certain person or company," but their ledgers and risk exposure are not visible to the outside world. Early internet giants often used the slogan "Don't be evil," meaning the company promised not to act maliciously.

Blockchain, however, has a different goal. Ethereum aims to achieve "Can't be evil," using cryptography and consensus mechanisms to design the system so that even if individual participants have malicious intentions, it is very difficult for them to actually succeed.

Within this framework, "transparency" addresses the first part of the problem. A public ledger and verifiable state can prevent assets from being misappropriated without anyone's knowledge—one of the most repeatedly emphasized values of blockchain. However, if all information is pushed to extreme transparency, another type of risk emerges: in the hands of a party that possesses all behavioral data and has the ability to analyze it, this data could be transformed into an overwhelming intelligence advantage, used for profiling, segmentation, differential treatment, and even the formation of new power centers in the areas of censorship and oversight.

Therefore, true "do no evil" requires setting limits on both ends. On one hand, assets and status cannot be quietly altered; on the other hand, information and authority cannot be infinitely concentrated in the hands of a few entities. Privacy is the key tool for the latter. It is not opposed to transparency, but rather adds boundaries to transparency: disclosing what must be disclosed, and keeping the remaining information within the scope of "minimum necessary disclosure."

Vitalik: Privacy is Ethereum's weakness.

When Vitalik analyzed what blockchain is "suitable for and unsuitable for," he explicitly included privacy in the latter category.

In his view, Ethereum's advantages are very clear. These include payment and financial applications, DAOs and governance, ENS and decentralized identity, censorship-resistant content publishing, and the ability to prove that something actually happened or is scarce at a certain point in time.

At the same time, the shortcomings are equally clear: lack of privacy, inability to handle extremely high throughput and extremely low latency computing, and inability to directly perceive information from the real world. Privacy issues are not a flaw in the experience of individual DApps, but rather limitations explicitly written into the current architecture.

This means that, in the narrative of Ethereum's official roadmap, privacy is no longer a high-level feature piled on top as an added bonus, but rather one of the inherent known flaws of this architecture. The solution to this problem is not as simple as adding an extra privacy sidechain. Vitalik describes a different path: using a more diverse combination of cryptographic tools and protocols to abstract privacy into a fundamental capability.

The presentation mentioned components such as Swarm and Waku, which respectively serve as decentralized storage and message passing, and are further enhanced with "programmable cryptography" modules such as zero-knowledge proofs and homomorphic encryption. This puzzle is not intended for any isolated project, but rather is a toolbox for all developers. The goal is to allow for more sophisticated privacy design without sacrificing the public settlement functionality of the mainnet.

In summary, the future Ethereum will be closer to a combination of a "transparent settlement layer + programmable privacy layer" rather than simply oscillating between complete openness and complete black box.

LeanEthereum: Laying the Foundation for "Provable and Hideable"

In his longer-term plan, Vitalik proposed the concept of "Lean Ethereum," hoping to adjust the various components of Ethereum to a more compact form that is closer to the theoretical optimal form through a series of replacements and simplifications, many of which are directly related to privacy.

One key aspect is the zero-knowledge proof-friendly virtual machine and hash function. Currently, deploying a complex ZooKeeper system on Ethereum is costly and has a high barrier to entry, largely because the underlying virtual machine and state structure are not designed with "proof-friendly" in mind—somewhat like trying to run a heavy-duty truck on a regular road. Lean Ethereum attempts to make the ability to "prove something is legal without exposing all the details" a cost-effective, routine operation, rather than an expensive privilege that only a few protocols can afford, by adjusting fundamental elements such as the instruction set, state data structure, and hash algorithm.

Secondly, there's quantum-resistant cryptography and formal verification. Once a privacy system is compromised, it's often difficult to "recover" from the ground up. For example, if a widely adopted encryption scheme is broken by quantum computing in the future, historical data could collectively lose protection in a short period. Ethereum's long-term roadmap considers quantum threats in advance and promotes formal verification of key components, essentially reserving security boundaries for future privacy contracts, privacy rollups, and privacy infrastructure.

User-side privacy: Blind signing is both a security and a privacy issue.

Beyond the protocol and architecture layers, another key focus repeatedly emphasized by the Ethereum Foundation in this roadmap and related agenda is user experience and security. This aspect is also highly relevant to privacy.

In a presentation at Trillion Dollar Security, the foundation's security team and auditing firm directly referred to the prevalent phenomenon of "blind signatures" as a "plague." When a user initiates an operation in their wallet, a signature window pops up displaying a long string of incomprehensible hexadecimal data and a contract address. The user cannot determine what permissions are granted or what information is exposed by this signature, but ultimately has no choice but to press "confirm" to complete the operation. This simultaneously triggers two major security and privacy issues.

From a security perspective, a user might unknowingly grant an unknown contract permission to "withdraw all assets at any time" in a seemingly ordinary interaction. From a privacy perspective, the user is unaware of what behavioral data this signature will expose, who is collecting, storing, and analyzing this data, and whether this data will be used for profiling, risk control, or even targeted phishing. For the user, this is handing over a pass through a black box; for the party controlling the infrastructure, the relevant actions are extremely transparent.

These types of problems are difficult to completely alleviate by simply "raising security awareness." A more realistic approach is to promote reforms at the standards and product levels. For example, through unified wallet specifications and contract interfaces, the consequences of transactions can be presented in a human-readable way; more complex data exchanges should be encapsulated in proofs or encrypted channels as much as possible, rather than requiring users to directly expose details. Coupled with the evolution in areas such as lightweight clients, account abstraction, and privacy protection at the network and RPC layers, on-chain interactions may be able to maintain auditable and traceable security without being "completely exposed."

Beyond Market Trends: The Focus of the Privacy Narrative is Shifting

From a market perspective, the recent surge in privacy-related assets demonstrates that the "privacy" label still possesses sufficient narrative appeal. However, compared to the previous cycle, the focus of the privacy sector is slowly shifting from "betting on a particular privacy chain" to "betting on who is solidly building privacy infrastructure."

On one end are dedicated privacy networks and privacy assets based on technologies such as zero-knowledge proofs, continuing the path of "hiding transaction details at the chain level as much as possible"; on the other end is a complete set of infrastructure and tools built around privacy within the Ethereum ecosystem, including ZKRollup, privacy middleware, privacy-friendly wallets, and more secure contract interaction front-ends.

In Vitalik's roadmap, Ethereum does not attempt to turn everything into an "untraceable black box," but rather emphasizes "controlled transparency" and "minimum necessary disclosure." The settlement layer remains open, the verification logic is secured by cryptography and contracts, and specific business data is protected in layers according to different scenarios through zero-knowledge proofs, encrypted communication, and access control.