The question isn’t whether privacy. It’s what sort of privacy
Blockchains were built as public networks in the best tradition of open-source technology. But their future is private. And that future is arriving faster than most people realize.
This month, Tempo — the Stripe-backed payment blockchain that raised $500 million at a $5 billion valuation, with Visa, Mastercard, Paradigm, and UBS among its backers — published a detailed architectural proposal for private enterprise stablecoin transactions. Tempo is not a scrappy privacy-native project. It is arguably the most institutionally credentialed blockchain launch in years, built by people who deeply understand what banks, payment processors, and enterprises actually need. When a network with that pedigree makes privacy a launch-week priority, it isn’t a signal. It’s a verdict.
The question of whether or not institutional chains will be private has been settled. What remains is the harder one: what kind of privacy are we actually building?
The problem with public chains
Bitcoin solved a problem that had stumped computer scientists and bankers for decades: how to transfer value between strangers without a trusted intermediary. Ethereum took blockchains further, offering programmable value alongside value transfer — smart contracts that could encode agreements, automate settlement, and eliminate entire categories of middlemen. Then came stablecoins, which married programmability to the stability of the dollar, and from there, the migration of real-world assets to onchain protocols began.
Each wave has brought added institutional interest, capital, and ambition. And now, as regulatory clarity emerges, institutions are ready to deploy resources onchain.
But there’s one thing holding them back — a fundamental flaw that becomes more consequential the larger the numbers get.
Everything is visible. Every wallet. Every balance. Every transaction, in real time, is readable by anyone with a browser. In financial markets, this is not a feature. It is an existential problem. Imagine if every hedge fund’s positions, every corporate treasury’s holdings, every pension fund’s rebalancing trade appeared on a public screen the moment it was executed. Sophisticated counterparties would front-run. Competitors would map your strategy. Criminals would identify targets. The financial system as it exists today would seize up overnight.
Blockchains have been asking institutions to accept exactly that. Tempo’s announcement on April 16 is the clearest possible signal that institutions have finally said: no.
Architecture is destiny
Here is where the conversation gets more consequential — and more nuanced.
Tempo’s solution is Zones: private parallel blockchains connected to the main network. Within a Zone, participants transact privately. The public sees only cryptographic proofs of validity, not underlying data. Compliance controls travel with the token automatically. Assets remain interoperable with Tempo Mainnet. For enterprises running payroll, treasury operations, or settlement workflows, it is a thoughtful and practical design.
But Tempo’s privacy model is operator-visible. The Zone operator — an enterprise or infrastructure provider — sees all transactions within its Zone. The public sees nothing. The operator sees everything. For many regulated institutions, this is acceptable, and may even be required. But it means privacy is contingent on trusting an intermediary. You have moved the visibility problem; you have not eliminated it.
This is not a criticism of Tempo. It is a description of a genuine architectural choice — one with real consequences for anyone thinking carefully about risk.
Zero-knowledge cryptography offers a different path. ZK proofs allow a party to prove that a transaction is valid without revealing the underlying data. A new generation of ZK-native blockchains builds this privacy-preserving functionality into the execution layer itself. Accounts execute transactions locally, with the chain storing only a cryptographic commitment. Nothing sensitive ever touches a public ledger. Transaction history is not browsable. And crucially, no operator has a god’s-eye view — privacy is enforced at the base layer, not delegated to an intermediary.
If Bitcoin gave us trustless transfer and Ethereum gave us programmable trust, ZK-native blockchains offer verifiable privacy: the ability to prove that everything happened correctly without revealing what actually happened.
Compliance without full transparency
The obvious objection is regulatory. Privacy and compliance have long been framed as incompatible — oil and water. That framing is becoming obsolete.
Regulatory compliance does not require that everyone can see your transactions. It requires that the right parties, under the right conditions, can verify that your transactions were legitimate. That is a meaningful distinction, and it is one that ZK cryptography is uniquely positioned to enforce. Selective, programmable disclosure — revealing what regulators need to see, nothing more — is not a workaround. It is a more precise implementation of what compliance actually demands.
Tempo’s model handles this at the operator level. ZK-native approaches handle it at the cryptographic level. Both satisfy the compliance requirement. But they distribute trust very differently.
The question that matters
The financial industry knows it needs to move onchain. It now knows — Tempo’s announcement makes this undeniable — that it cannot do so on fully public infrastructure. The era of public-by-default blockchains as the assumed standard for institutional finance is ending.
What comes next depends on a choice the industry is only beginning to make clearly: privacy through trusted operators, or privacy through cryptographic guarantees that require no trust at all.
Both are legitimate answers. But they are not equivalent. The privacy model you choose determines your risk surface, your compliance posture, and your exposure to the failure modes of the intermediaries you depend on. Architecture is not a technical detail to be resolved later. It is the decision that determines everything else.
The question for the industry is not whether privacy. That debate is over.
The question is what sort of privacy — and who, if anyone, you are willing to trust with the view.
