I’ll probably write an article or maybe host a space on why so-called “opt-in” privacy features are largely a mirage. Leakage is inevitable when privacy is bolted on as an optional mode, especially in architectures leaning on TEEs. Without cryptographic end-to-end guarantees, TEEs merely shift trust to hardware vendors and operators, who can observe and correlate your transactions. In these setups, you’re one policy change, subpoena, or retarded operator away from being deanonymized. That’s not privacy, it’s permissioned opacity. Real privacy is default, provable, and irreversible by design.