The “Cypherpunk’s Manifesto” begins, “Privacy is necessary for an open society in the electronic age.” But privacy coins — cryptocurrencies with strong privacy features — have failed to take off. Monero and zcash are both worth less today than what they were worth in 2018. In comparison, ETH is worth more than twice its 2018 high.
That’s just price, but the adoption metrics haven’t fared much better. Even on darknet markets, where you’d expect privacy coins to thrive, BTC is still the asset of choice.
Source: Rand Corporation
Fewer than 10% of zcash tokens in existence are even shielded or private. User and transaction growth has been mediocre across the board compared with smart contract platforms.
Privacy coins have been a disappointment. Why haven’t they taken off?
There are four primary reasons.
1. Nobody wants to transact in privacy coins.
While people may want their money to be private, they don’t want to pay each other in privacy coins. When most people think “private cryptocurrencies,” they imagine private BTC or ETH, or perhaps private stablecoins. Few people actually want to settle debts in a special coin whose only defining characteristic is that it can be private.
This is why Ethereum-based privacy systems like Tornado Cash have so much uptake in comparison. Tornado brings privacy to where people actually are — on smart contract chains, in currencies they actually want to use like ETH, USDC or DAI. Compare that to Monero, where the wallets, off-ramps and liquidity are so poor that most users will give up.
Credit: Dune Analytics
The other reason why Tornado has been successful is because it internalizes the costs of privacy on the users who actually care about it rather than forcing everyone to bear the costs of privacy. This brings us to the second reason why privacy coins haven’t been successful.
2. Privacy isn’t easy yet.
The history of HTTPS, the encrypted protocol used to access almost every website today, teaches us that people will only choose privacy when it’s easy.
Website connections used to be all in plaintext. Initially, HTTPS was only used on websites that handled credit cards or banking data because it was slow and cumbersome. HTTPS became the default only after the computational costs became cheap enough that websites could enforce it without users noticing.
Something similar happened for messaging services. WhatsApp, the largest end-to-end (E2E) encrypted service, quietly turned on E2E encryption in 2016 without ever consulting users.
These two changes have done more for privacy on the internet than perhaps anything else, and neither involved users making intentional decisions to be more private.
Compare that to the difficulty of using monero or zcash for conducting everyday transactions. Both require technical sophistication and impose very high friction to protect one’s privacy.
Which brings us to the third reason privacy coins have failed.
3. Most people don’t care about privacy.
This is the uncomfortable truth behind the failure of privacy coins.
Look at people’s revealed preferences. They use social media apps that openly sell data to third parties. They use Venmo and publicly broadcast their payments to the world. They use SMS, which is stored in plaintext and can be subpoenaed by law enforcement, all while WhatsApp, Signal and Telegram are free and readily at hand.
It’s tempting to blame this situation on a lack of consumer awareness, but that doesn’t fit the facts. Take social media companies: Despite a parade of massive scandals, from Cambridge Analytica to last year’s Twitter hacks, social media use has never been higher.
Source: Pew Research
Privacy is a public good. The iron rule of economics is that public goods are undersupplied by free markets. If only a small number of users use privacy-preserving technologies, the use of those technologies will become stigmatizing. Compare WhatsApp, which makes E2E encryption ubiquitous and normal, to Monero, which is similarly private but instantly flagged as suspicious.
There are two underlying types of people here. First, there are people who don’t care at all about serious privacy and just want their immediate neighbors, spouses and friends not to know what they’re doing. Blockchains like Bitcoin or Ethereum are fine for that; their unsophisticated neighbors won’t be able to track their activities.
Then there are the privacy-conscious people who want strong enough privacy controls to defend against sophisticated third parties. Technologies like Monero, when used correctly, are robust enough to deter corporations, governments and motivated attackers. But all of that comes at a steep price.
Few people are willing to pay what the privacy-conscious group is willing to pay for privacy. Until the cost of privacy decreases dramatically, we shouldn’t expect to see an HTTPS-style transformation come to crypto.
Which brings us to regulation.
4. To survive a bear attack, you don’t need to outrun a bear — you just need to outrun the person behind you.
Privacy coins have always been the first target for regulatory inquisitions. When regulators are charged to “don’t just stand there, do something,” the easiest boogeyman is shadowy privacy coins.
On the regulatory side, we’ve seen a slew of privacy coin delistings in South Korea, Japan, the U.K. and the U.S. Governments are continually trying to tighten the noose on privacy coins (see here, here, and here).
Crypto lobbies have grown larger; huge swaths of retail and many institutions now own BTC and ETH. But very few institutions are willing to come to the defense of privacy coins. Rather than allow the entire industry to be tainted, many are content to let privacy coins become the sacrificial lamb.
I’m an admirer of the bold work Coin Center and the Electronic Frontier Foundation have done to protect the civil liberties of Americans when it comes to using privacy-preserving technologies. But I worry that when it comes to private cryptocurrencies, they’re fighting a losing battle.
Until then, expect regulators to continue scapegoating privacy coins, and expect their acceptance and liquidity to suffer for it. If I were a betting man, I’d expect painless privacy solutions that integrate with decentralized finance and stablecoins to be the biggest growth area in privacy.