ETH builders develop new POAPrivacy tools ahead of 10 year anniversary

As ETH celebrates its 10th anniversary, it brings into focus everything that the project has accomplished — enabling DeFi, smart contracts, and sprouting a vibrant ecosystem of dApps built on privacy.

As Ethereum (ETH) celebrates its 10th anniversary, it brings into focus everything that the project has accomplished — enabling DeFi, smart contracts, and sprouting a vibrant ecosystem of dApps. But it also shines a spotlight on the challenges that remain. One such challenge is privacy, a cornerstone of digital freedom that remains elusive on a public blockchain.

Despite a decade of innovation, Ethereum still struggles to protect users’ personal data. On-chain transparency, once hailed as a feature, is increasingly seen as a liability, especially when applied to real-world contexts like health and identity.

This tension came into sharp focus onstage at ETHCC in Berlin earlier this summer, where privacy advocate Migle Rakitaite publicly challenged the Ethereum Foundation for failing to fund or prioritize crypto-native tools that safeguard deeply personal data like reproductive health.

That exchange not only inspired the creation of PrivyCycle — an app that ranked among ETHCC’s top 10 projects out of 334 entries and won three separate sponsor prizes — but, more importantly, highlighted how underprepared the Ethereum ecosystem remains for handling sensitive, non-financial information.

The issue of on-chain privacy

The concern of on-chain privacy has only grown more urgent in a world of escalating surveillance and shrinking personal boundaries. Ethereum co-founder Vitalik Buterin underscored the stakes at in late May, stating: “On a civilizational level, there’s quite a lot of urgency in us figuring out privacy.” He called on developers to focus on four key pillars of privacy: private money, private identity, private voting, and private messaging.

But as the POAPrivacy demo at ETHGlobal Cannes revealed, there’s another emerging frontier in the fight for on-chain privacy: private presence.

POAPs — short for Proof of Attendance Protocols — were designed as digital mementos, allowing users to collect NFTs that prove they attended specific events. From hackathons to crypto conferences, they’ve become a kind of Web3 keepsake as well as a signal of participation, community engagement, and even eligibility for rewards or governance.

However, beneath that utility lies a quiet but serious privacy risk. Each POAP minted on-chain links a user’s wallet to a specific location and time, effectively creating a public breadcrumb trail of their whereabouts.

“Anyone can basically track your footsteps,” a dev explained during the demo. “We love POAPs, but they come at a cost of privacy.”

In an environment where wallet addresses are easily traced and cross-referenced, this can compromise not only personal privacy but also safety — especially for activists, public figures, or anyone seeking to separate their digital and physical lives.

POAPrivacy: protecting presence on the blockchain

To address this overlooked vulnerability, a team at ETHGlobal Cannes unveiled POAPrivacy — a tool designed to verify presence on-chain without exposing users’ real-world locations or linking back to their primary wallet addresses.

At the heart of the system is a clever use of stealth addresses — a cryptographic technique that enables users to receive tokens at unique, one-time addresses that are unlinkable to their main wallet.

How it works:

• Users scan a QR code at an event.
• Instead of minting to their main address, they generate a random stealth address using a stealth meta-address derived from their ENS (Ethereum Name Service) identity.
• The system generates two cryptographic keys:
  • A spending key (for later claiming)
  • A viewing key (for selectively revealing POAPs to trusted parties)
• Minting is handled off the main address, meaning observers can’t trace a POAP back to the user’s wallet.

The project also demoed a private dashboard where users can log in with passkeys, view their privately stored POAPs, and retrieve them as needed. The core cryptography draws on an underutilized Ethereum standard introduced several years ago but rarely deployed at scale.

“Magic and cryptography is happening,” the team explained, “and you’ll be able to see your POAPs — but others won’t.”

While still a prototype, the project received praise for addressing a major privacy vulnerability in POAPs — one of Ethereum’s most widely used features for event attendance verification, community engagement, and access to exclusive rewards or governance.

The project was named one of the top 10 finalists out of 334 entries at ETHGlobal Cannes 2025 — alongside other privacy-focused builds like the previously mentioned PrivyCycle and PrivacyLinks — highlighting a growing push to strengthen Ethereum’s social layer with privacy-preserving infrastructure.