Privacy model for Web3

Pragmatic Adaptive Privacy

Functional access without oversharing.

PAP is a privacy model for blockchain read paths. It limits what infrastructure providers can infer from your queries — addresses, balances, contract interest, and timing — while keeping applications usable.

Why PAP

Verification fixes correctness. Reads still leak.

Cryptographic verification tells you data is authentic — but every eth_getBalance, eth_call, and eth_getLogs still reveals who you are, what you hold, and what you intend to do. In Web3, the RPC provider is an adversary by default: metadata becomes someone else's dataset.

Reads are not neutral

Balance checks, simulation previews, and log queries expose addresses, contracts, and storage slots. Even when responses are correct, the server learns user behavior and intent.

Privacy ≠ hiding everything

All-or-nothing privacy breaks UX. Applications need configurable exposure: strict for wallets, pragmatic for dashboards, broader where analytics require it.

Verification alone is not enough

Trustless state access removes correctness risk from RPC lies — but a verified answer can still be observed, delayed, or correlated. Privacy must be designed into the read path.

PAP adapts how data is requested and exposed depending on context — reducing leakage while keeping Web3 applications functional.

Read privacy

The leak layer before the chain

Privacy discussions in Web3 often focus on transactions. But decisions are formed through reads — and those reads are observable long before anything reaches the mempool.

Reads vs. writes

Transactions execute a decision; reads form it. Balances, simulations, storage queries, and historical data all flow through RPC providers by default — externalizing the decision process and making it the primary source of information leakage.

Exposure of intent

Read sequences reveal the shape of a planned action: which contracts were evaluated, which parameters tested, which simulations run. A single request can be indicative; a sequence before signing can expose target, size, and timing — with no on-chain footprint.

Attack surface

Adversaries with read-level visibility can anticipate transactions, identify high-value targets, and profile users over time. Front-running and strategy exploitation do not require mempool access when intent is visible at the read layer.

As long as reads remain externally observable, Web3 privacy is structurally incomplete. PAP addresses this layer explicitly — not only what executes on-chain, but what is revealed while deciding.

Privacy model

Transport × Content levels

PAP models read privacy along two independent axes — who can observe a request (Transport) and what can be inferred from it (Content). Each axis has three levels; a Privacy Profile combines one T with one C.

Transport (T)Content privacy (C)C0ExplicitC1AbstractedC2OpaqueT2T2/C0T2/C1T2/C2T1T1/C0T1/C1defaultT1/C2T0T0/C0T0/C1T0/C2

Transport privacy (T)

Who is acting?

  • T0Linkable

    Requests follow stable, directly linkable transport paths. Long-term correlation and attribution are straightforward.

  • T1Correlation-resistant

    Requests are distributed across paths or providers. Linkability is reduced, but attribution remains possible.

  • T2Strongly decoupled

    Routing makes persistent attribution impractical under realistic threat models — e.g. Tor or mixnets.

Content privacy (C)

What is being read or inferred?

  • C0Explicit

    Reads expose concrete state and semantics directly. Intent is immediately visible.

  • C1Abstracted

    Reads are partially aggregated or abstracted. Intent may still be inferred, but with reduced confidence — the pragmatic default for most apps.

  • C2Opaque

    Reads are structured to limit semantic interpretation. Intent inference is minimized, often at higher cost.

Privacy Profiles

Each read operation maps to one cell in the T × C matrix — for example T1/C1 for pragmatic transport and content privacy, or T2/C2 for strong protection in both dimensions. The matrix is a design space, not a ladder: stronger privacy always trades against latency, bandwidth, and complexity.

How it works

Adaptive privacy by context

PAP is not a single switch. Applications choose how strictly to limit exposure based on user risk, feature needs, and operational constraints.

1

Context-aware requests

Read patterns adapt to what the application is doing — wallet balance vs. public dashboard vs. batch indexer — so exposure matches the actual need.

2

Configurable strictness

Teams set policy per flow: maximum privacy for signing decisions, pragmatic defaults for exploration, optional relaxation where UX requires broader reads.

3

Composable mitigations

PAP works alongside multiple provers, query broadening, local provers, and network-level privacy — verification for correctness, PAP for what gets revealed.

4

Optional by design

Applications integrate PAP to the degree their product requires. It is a model and integration path, not an all-or-nothing mandate.

Colibri integration

Verification and privacy in one stack

Colibri is the reference implementation of PAP alongside full cryptographic verification. Correctness and privacy are both handled locally — without trusting RPC providers for either.

  • Consensus and execution proofs verify data before use
  • PAP limits metadata leakage from the read path
  • Transaction simulation runs on verified, policy-aware state
  • Same client for mobile, web, and embedded targets
Use cases

Where PAP matters

Wallets

  • Hide balance and intent from RPC
  • Simulate before sign on verified state
  • Reduce address–IP correlation

dApps

  • Configurable read exposure
  • Less leakage on contract reads
  • Privacy without breaking flows

SDKs & toolkits

  • Privacy-first wallet stacks
  • Composable with verification
  • Adapt policy per integration

IoT & agents

  • Constrained read policies
  • Minimal metadata footprint
  • Verified + private inputs
Documentation

PAP documentation

The conceptual model and the technical implementation — from privacy principles to per-RPC exposure analysis in colibri-stateless.

  • Formal privacy model for Web3 read paths
  • Per-RPC transport and content privacy analysis
  • Integration with Colibri's verified client stack

Threat model, adaptive read policies, integration patterns, and how PAP pairs with trustless verification.

Read the PAP whitepaper

Detailed PAP function mapping — per Ethereum RPC method privacy exposure, mitigation strategies, and colibri-stateless implementation.

Open specification

Private reads. Verified state.

PAP reduces what infrastructure learns from your application. Colibri delivers the verified foundation it runs on.