2026 is the year that we take back lost ground in terms of self-sovereignty and trustlessness.
Some of what this practically means:
Full nodes: thanks to ZK-EVM (zero-knowledge Ethereum Virtual Machine) and BAL (Block-level Access Lists), it will once again become easier to locally run a node and verify the Ethereum chain on your own computer.
Helios: actually verify the data you’re receiving from RPCs instead of blindly trusting it.
ORAM (Oblivious RAM), PIR (Private Information Retrieval): ask for data from RPCs without revealing which data you’re asking, so you can access dapps without your access patterns being sold off to dozens of third parties all around the world.
Social recovery wallets and timelocks: wallets that don’t make you lose all your money if you misplace your seedphrase, or if an online or offline attacker extracts your seedphrase, and also don’t make all your money backdoored by Google.
Privacy UX: make private payments from your wallet, with the same user experience as making public payments.
Privacy censorship resistance: private payments with the ERC-4337 mempool, and soon native AA (Account Abstraction) + FOCIL (Fork-choice enforced Inclusion Lists), without relying on the public broadcaster ecosystem.
Application UIs: use more dapps from an onchain UI with IPFS, without relying on trusted servers that would lock you our of practical recovery of your assets if they went offline, and would give you a hijacked UI that steals your funds if they get hacked for even a millisecond.
In many of these areas, over the last ten years we have seen serious backsliding in Ethereum. Nodes went from easy to run to hard to run. Dapps went from static pages to complicated behemoths that leak all your data to a dozen servers. Wallets went from routing everything through the RPC, which could be any node of your choice including on your own computer, to leaking your data to a dozen servers of their choice. Block building became more centralized, putting Ethereum transaction inclusion guarantees under the whims of a very small number of builders.
In 2026, no longer. Every compromise of values that Ethereum has made up to this point - every moment where you might have been thinking, is it really worth diluting ourselves so much in the name of mainstream adoption - we are making that compromise no longer.
It will be a long road. We will not get everything we want in the next Kohaku release, or the next hard fork, or the hard fork after that. But it will make Ethereum into an ecosystem that deserves not only its current place in the universe, but a much greater one.
In the world computer, there is no centralized overlord.
There is no single point of failure.
There is only love.
Milady.
All credits to OP u/vbuterin on reddit. Sharing it here to try to engage some discussion. Added abbreviations meaning for those that might not be familiar with them, so it is easier to research in case you get interested.
On that same thread, u/Tricky_Troll also points out relevant points that c/Privacy folks are well aware too:
I think there’s a general lack of understanding for a lot of people who aren’t deep in the privacy space about just how many levels of protection one needs down the tech stack from on-chain to web 2 to the OS level software and then even hardware itself. Depending on your threat model, if you don’t have one of these secured, then your privacy is very likely compromised in some way.
I think a lot of people, upon realising that, just take on a defeatist attitude since it takes more than just Tornado Cash smart contracts or a privacy focused L2 like Aztec to maintain one’s full privacy. But despite being a long road, it’s absolutely possible and I think the EF and your own re-focusing on privacy, VB, is a much needed call to action to tackle it once and for all. The tech is here, we just have to build it, make it (relatively) intuitive and make sure users know it is there — if they ever need it.
I think the most important thing about privacy is not necessarily making sure it is used by all by default (would be nice), but making sure it is accessible to all if they need it. After all, most people under authoritarian governments don’t have something to hide, so much as they wake up one day and they find the government suddenly says something normally benign about them now makes them an enemy of the state. Therefore it’s important that they have secure, private alternative technologies to fall back on to keep their lives going until they can get to safety.
Personally, I think the hardware and OS level software side of things is most at risk from snooping authoritarian governments in the long run. Things like Chat Control in the EU and democratic backsliding in the US leaves us with very few places left where companies will be able to create open hardware and software which doesn’t have backdoors.
My outlook for the Ethereum side of privacy is good, but I think we’re quickly losing the battle for hardware and OS level software. Just look at the way Android is going with their sideloading restrictions. If we lose open source Android or devices with unlocked bootloaders to run custom ROMs on, then mobile is lost (Linux phones just don’t have the app support). Living a normal life without a mobile OS is almost impossible these days, so we must defend this critical infrastructure. We are fast running out of time but I appreciate your renewed efforts on the Ethereum side of things.
Does anyone know if there are any teams working on PBAC (Policy-Based Access Control) or RBAC (Role-Based Access Control) as questioned by the post from u/LogrisTheBard below?:
Social recovery wallets and timelocks: wallets that don’t make you lose all your money if you misplace your seedphrase, or if an online or offline attacker extracts your seedphrase, and also don’t make all your money backdoored by Google.
I’d really like to see a competent execution of policy based smart contract wallets. So not just timelocks but different signature thresholds for extracting larger sums of money, different roles for signers that are expected to do different things or interact with different applications, and governance extensibility through administration wallets that may not be part of the admin controls of the managed smart contracts. In addition to doing this on chain I’d like to see this implemented at the wallet level so my wallet can detect and reject malicious transactions before it has a chance of being signed.
Last year BitWise lost over $1B in ETH because they didn’t have something as simple as an ATM withdrawal limit on the cold wallet.
Privacy UX: make private payments from your wallet, with the same user experience as making public payments.
Is this using the FHE (Fully Homomorphic Encryption)/Zama route or the Aztec/Railgun route to privacy? I think we need a clearer explainer of how privacy is achieved on chain with some of the different approaches being developed and the tradeoffs of those approaches.
Application UIs: use more dapps from an onchain UI with IPFS, without relying on trusted servers that would lock you our of practical recovery of your assets if they went offline, and would give you a hijacked UI that steals your funds if they get hacked for even a millisecond.
Get this built into the Rabby wallet browser. Also get an ERC standard where a smart contract can refer to an IPFS url where users should go to interact with it.