What’s Encrypted, What Isn’t, and What You Control
When people think about decentralized storage, privacy is usually the first concern. You’re no longer trusting a single provider—you’re relying on a distributed network of independent operators. The natural question follows immediately:
What can those operators actually see?
With Walrus, that question matters even more because the protocol is intentionally designed around availability and integrity first. That design choice makes Walrus powerful—but it also requires being very clear about where encryption fits, where it doesn’t, and what responsibility falls on you as a user or developer.
Let’s walk through this carefully, without assumptions.
What Walrus Does—and Does Not—Encrypt
At the protocol level, Walrus does not automatically encrypt your data before storing it.
Instead, Walrus provides structural privacy by default, not cryptographic confidentiality.
When you upload data to Walrus:
Your file is broken into erasure-coded slivers using the Red Stuff encoding scheme
Those slivers are distributed across many independent storage nodes
No single node ever receives a complete copy of your file
This means operators never see whole files—only fragments that are mathematically meaningless in isolation.
That said, it’s important to be precise:
Erasure coding is not encryption.
If an attacker were able to collect enough slivers, the original data could be reconstructed. Walrus is explicit about this boundary. Confidentiality is not enforced automatically by the protocol. It is intentionally left to higher layers.
This is not an oversight. It’s a design decision.
Why Encryption Is Optional by Design in Walrus
Walrus is built as a neutral, verifiable storage layer, not an opinionated privacy system. Its core responsibilities are narrowly defined:
Ensuring data remains available even under node failures
Proving that data is still stored via availability proofs
Preserving integrity over long time horizons
Encryption answers a different question entirely: who is allowed to read the data?
That answer varies dramatically depending on the use case Walrus targets, including:
Data availability for rollups
Public assets and media
Websites and application frontends
NFT content
Shared datasets
In many of these cases, mandatory encryption would be counterproductive. Public data should remain publicly readable. Forcing encryption at the protocol layer would add friction, complexity, and unnecessary assumptions.
By keeping encryption optional, Walrus lets you decide:
Whether your data is public, private, or conditionally accessible
Which encryption scheme you trust
How keys are generated, stored, rotated, or revoked
This modular approach avoids locking developers into a single confidentiality model that may not fit their application.
Your Responsibility as a User or Developer
Because Walrus does not encrypt data by default, you are responsible for encrypting sensitive data before uploading it.
In practice, this is straightforward:
Encrypt files client-side using standard cryptographic libraries
Upload the encrypted blob to Walrus as usual
Walrus will store and serve encrypted data exactly the same way it does plaintext.
From a practical standpoint:
Storage nodes never see readable content
Availability proofs still work, because they operate on encoded slivers
You retain full control over keys and access policies
This follows modern security best practices: encryption at the edges, not blindly enforced at the infrastructure layer.
Walrus Sites: Why the Default Is Public
Walrus Sites are where privacy expectations most often get confused.
Walrus Sites are explicitly designed to serve public content, such as:
Websites
Application frontends
Documentation
Media assets
In this context, encryption by default would break the entire model. Users need to fetch content without keys, authentication, or special handling.
So the default for Walrus Sites is:
Unencrypted
Publicly readable
Content-addressed and verifiable
That doesn’t mean they’re unsafe. It means they’re intentionally transparent.
Walrus Sites still benefit from:
Erasure-coded distribution
No single node hosting a full site
Cryptographic integrity guarantees
Continuous availability proofs
This mirrors how the web works today—except without relying on a single server or provider.
If you want restricted access, encrypted delivery, or gated content, that logic belongs above Walrus Sites, using application-level encryption, access control, or key-managed delivery systems.
Why This Model Is More Honest
One of Walrus’s strongest qualities is that it doesn’t pretend to solve every security problem at once.
Instead of marketing vague “privacy by default” claims, Walrus draws a clear line:
Walrus guarantees availability and integrity
You decide confidentiality
That clarity matters. It prevents false assumptions about invisible encryption and lets you reason about risk correctly.
If data needs to be private, you encrypt it.
If it’s meant to be public, you don’t.
That transparency is rare—and valuable.
How Walrus Fits Into the Broader Privacy Ecosystem
This design makes Walrus an ideal foundation for higher-level privacy systems.
Because encryption is not baked into the core protocol:
Encrypted storage overlays can be built on top
Confidential data markets can use Walrus as a backend
Zero-knowledge access schemes can integrate cleanly
Walrus doesn’t compete with encryption frameworks—it enables them.
You can think of Walrus as a reliable, censorship-resistant hard drive for the decentralized world. Whether the files on that drive are readable or encrypted is entirely your choice.
Final Takeaway
If you’re evaluating Walrus through the lens of privacy, the key takeaway is simple:
Walrus does not encrypt your data for you—and it doesn’t pretend to.
What it gives you instead is a robust, verifiable storage substrate optimized for availability and integrity. Confidentiality is left where it belongs: in your hands.
For public content like Walrus Sites, this is the correct default
For sensitive data, encryption is expected—and fully compatible
That separation of concerns makes Walrus more flexible, more honest, and ultimately more useful across real-world applications.
You’re not locked into a single privacy model.
You’re given the tools to choose the one that actually fits what you’re building.
