Opinion by: Eran Barak, CEO at Midnight 

It’s been almost 16 years since blockchain emerged from its esoteric fringes to enter global discourse, evidenced most recently by continued backing from Wall Street incumbents. Despite this remarkable ascendancy, the unfortunate truth is that this technology has yet to realize its true business potential. A core challenge persists: Too much sensitive data remains publicly unshielded.

The crux of the issue is that companies must keep business data confidential, and people strive to safeguard their personal information as best they can. Once data is put on a public blockchain, however, it becomes irreversibly and indefinitely exposed.

Even if a business takes every possible precaution to conceal data, mistakes made by others or vulnerabilities in the system can expose sensitive onchain data or metadata, including participants’ identities. This can lead to privacy breaches, compliance violations or both, undermining the foundational assumption that blockchain is trusted and underscoring the importance of robust measures to protect sensitive data.

On the other side of that coin, concealing activity on a blockchain can open the door to money laundering, triggering negative government responses. Instances in which this has occurred have led to a false impression that governments oppose Web3 privacy, a criterion businesses fundamentally need for them to adopt the technology. 

From whichever angle we look at it, maintaining privacy onchain is a real and complex issue for Web3. Until we solve it, businesses will not and should not be expected to cross the chasm. 

The belief that governments oppose privacy on the blockchain is wrong

Web3 entrepreneurs have grown to fear that building decentralized applications and businesses that provide financial anonymity could land them in regulatory trouble. Just look at Samourai Wallet, whose co-founders were charged with money laundering, or Tornado Cash, whose developer was sentenced to 64 months in prison for similar reasons. 

These responses have led to a consensus that governments are opposed to privacy altogether when it comes to blockchain. 

Recent: AI agents and blockchain are redefining the digital economy

This couldn’t be further from the truth. Governments don’t oppose privacy but mandate it across industries. Data protection laws, like the General Data Protection Regulation or the Health Insurance Portability and Accountability Act, are in place to ensure businesses protect our customer data from misuse and security threats.

The real issue these high-profile cases reveal is that Web3 measures to protect data have created opportunities for misuse, enabling the facilitation of criminal activities that have understandably raised serious concerns on behalf of governments. Blockchain data protection capabilities should not undermine established cross-jurisdictional laws safeguarding the global community from terrorism, human trafficking, fraud and other criminal offenses. 

This begs the question: What does privacy, done right, look like?

Selective disclosure

When it comes to using blockchain, protecting sensitive data is typically accomplished by either keeping the data offchain, or encrypting data onchain. The latter is not durable privacy given quantum computing’s rapid advances in cracking encryption. 

The advent of zero-knowledge (ZK) technology, a complex cryptographic technique, allows users to ensure sensitive data remains offchain by sharing attestations about the validity of the data instead. In Web3, ZK has emerged as a transformative way to enhance privacy as it enables untrusted parties to validate that a transaction has occurred without sharing any information about the transaction. 

Decentralized applications can exercise selective disclosure by choosing between putting data onchain (full disclosure), putting it onchain with encryption (disclosure via viewing keys) or using ZK to only publish attestation about the data (offering utility without any disclosure). Selective data disclosure only solves half of the puzzle. It was not designed to account for metadata.

The next privacy frontier

Metadata, the information surrounding our data, is an under-discussed component of blockchain’s exposure of sensitive information; it can be used to make inferences, creating an added layer of vulnerability even when the data itself is concealed. 

For example, through transaction metadata, investment and trading strategies can be inferred in addition to other behavioral patterns. For businesses, the implications of this can be detrimental to their growth and ability to stay ahead of competitors. They can’t afford to have trade secrets and strategies, or even the identities of other parties they are transacting with, made public.

The need to protect metadata and remove the ability to make inferences is paramount to security and can be addressed using a private token. Such capability can, however, be easily misused for money laundering.

If using a private token is not the solution, and using a public token does not provide sufficient levels of confidentiality, then the way to solve this challenge is to rethink Web3’s approach to protecting metadata altogether. We need to combine the benefits of both approaches, effectively creating a dual-asset system in which a public and a private token are used. Each asset functions independently, meaning specific restrictions can be placed to prevent illicit activities such as money laundering while retaining all the benefits.

A powerful framework

The dual-asset system enables confidentiality without the ailments shielding metadata usually brings, making compliance and business policy enforcement possible. By combining this tokenomics structure with selective disclosure, privacy and regulatory compliance can coexist on the blockchain, which will have resounding effects on adoption and innovation.

Opinion by: Eran Barak, CEO at Midnight.

This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts, and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.