Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

Decentralized Finance: A Detailed Beginner’s Guide to DeFi

March 24, 2021

Read time {time} min

Written by

Permission

Stay in the loop

Get the latest insights, product updates, and news from Permission — shaping the future of user-owned data and AI innovation.

There has been quite some hype around DeFi in the crypto space.

And it’s no surprise.

While the total value locked in decentralized finance applications was standing at $671.3 million on January 1, 2020, the industry has grown to a $14.3 billion market by December 31. This represents a yearly surge of over 2,000%, which is over six times greater than Bitcoin’s 306% growth last year.

Since then, the decentralized finance market has continued its ambitious expansion, with users pouring $39.79 billion into DeFi apps by February 10, 2021.

But what is DeFi, how does it work, what benefits does it offer to users, and how did it manage to grow so big so fast?

Let’s explore the answers to the above questions together in this comprehensive guide about decentralized finance!

What Is DeFi?

Decentralized finance or DeFi refers to a movement in the cryptocurrency space in which alternative financial solutions are created using blockchain technology and digital assets.

With DeFi, anyone on the globe with an internet connection, a desktop or mobile device, and a compatible cryptocurrency wallet can access decentralized financial solutions.

DeFi apps allow users to manage their finances, get insurance, borrow, trade, and exchange digital assets or generate a passive income via various savings products while maintaining control over their funds.

DeFi solutions offer a great level of privacy to users, and most processes are automated and transparent.

Also, since DeFi apps lack intermediaries, they feature efficient networks with rapid transactions, reduced fees, and higher potential for profits.

What Is a DeFi Protocol?

A DeFi protocol or a DApp (decentralized application) refers to the actual solution that provides decentralized finance services to users.

Built on top of blockchain networks, DeFi protocols are operated using digital currencies and smart contracts. The latter refers to a self-executing and enforcing digital agreement between two or more parties.

While they are often used interchangeably, decentralized finance protocols shouldn’t be confused with DeFi platforms, which we will introduce in the next section.

What Is a DeFi Platform?

Unlike protocols, a DeFi platform refers to the blockchain network where the actual decentralized finance solution is deployed.

As decentralized finance applications are automated, smart contract support is mandatory for a blockchain network to become a platform for DeFi.

For that reason – and due to the massive activity on the blockchain –, Ethereum leads as the top DeFi platform with the vast majority (200) of decentralized finance solutions built on top of the project’s chain.

Interestingly, Bitcoin is the second most-used DeFi platform with 26 projects despite that its network doesn’t natively support smart contracts. However, with the Lightning Network’s introduction, it’s possible to run smart contracts and DeFi apps on BTC.

Coming next, the highly scalable smart contract platform EOS secures third place with 21 DeFi projects.

DeFi vs. Traditional Finance: How Does Decentralized Finance Work?

To understand our topic, it’s crucial to know how decentralized finance solutions work compared to traditional finance approaches.

Traditional Finance

Traditional finance products – such as loans, savings accounts, wealth management, banking, and insurance – operate on a centralized basis.

The service provider has full control over the ecosystem and the authority to set its own rules and terms. For that reason, the company has the right to provide or restrict the access of customers to its products and services.

For example, let’s see how a loan application process works in traditional finance.

You make an appointment with your bank, visit the branch to answer several questions, and fill out the necessary forms.
After that, you have to submit documents to the bank.
The financial institution reviews the submitted papers along with your credit history and other data related to your financial background to determine your eligibility for the loan.
If the bank finds everything okay, it issues you the loan and transfers the requested funds into your account, which you will have to pay back along with interest.

However, if the bank finds it too risky to lend you money, it will deny your application.

Denial can be due to many reasons, including bad credit history, insufficient collateral, low income, too many pending loans, or an unstable job. In other cases, the financial institution may reject your application for a cause they won’t inform you of.

As you can see, the whole process – which can take from a few days to several weeks – is definitely not transparent or democratic. The bank is in charge of everything, focusing on maximizing its profits while taking the least amount of risks.

While we can’t judge banks for doing so – as most companies follow the same practice to run a profitable business – banks deny access to traditional finance products for many people. And, sometimes, those who get rejected are the ones who need those services the most.

Also, some traditional finance products like lending are only accessible domestically due to regulations and the inability to determine an applicant’s credit score on an international basis.

DeFi

In the last section, we described an example of how a loan application is processed in traditional finance. Now let’s see how borrowing with DeFi works:

A user connects a compatible cryptocurrency wallet to a DeFi lending platform to access the app.
Upon successfully connecting the wallet, the user selects the digital asset and the amount of coins to use as collateral and deposits it into a smart contract on the lending platform.
When the coins have arrived, the user selects the amount of stablecoins (e.g., DAI, USDT, USDC) to borrow as well as sets and agrees to the loan’s terms.
After finalizing the process by tapping or clicking a button, the platform automatically locks the customer’s collateral and distributes the borrowed amount to the user from a lending pool.
The user pays back the borrowed amount and the corresponding interest according to the terms agreed in the contract.
Upon successful repayment, the lending platform automatically releases the borrower’s collateral.
Contrary to traditional finance, the whole process in which the user applies for and gets the loan issued takes only a few seconds or minutes.

Furthermore, the process doesn’t involve any intermediaries, and everyone with the necessary digital asset collateral can receive a loan with flexible terms vis-a-vis DeFi solutions.

What Are the Benefits of DeFi?

DeFi solutions provide multiple benefits to users, including:

Decentralization: DeFi solutions function as decentralized applications (DApps) that are deployed on blockchain networks. Unlike traditional systems, where data is stored on a central server or database, blockchains are maintained by a decentralized network of computers (the miners or validators).
Transparency: Since DeFi solutions are blockchain-based, everyone maintains the same copy of the blockchain, storing all the data and recording changes to the distributed ledger in real-time. All this information is available for anyone on the public chain to verify, audit, and analyze transparently.
Immutability: In blockchain networks, validators have to reach a consensus to verify transactions or add new blocks to the chain. As a result, once a record is added to the distributed ledger, it is immutable and can’t be modified.
Open access: DeFi DApps are deployed on permissionless blockchains such as Ethereum. As a result, anyone with a compatible device, cryptocurrency wallet, and an internet connection can access DeFi solutions globally without geographical, financial, or other restrictions.
Democratic governance: Instead of a company or a financial institution, most DeFi products are governed by the community. Here, holders can use their tokens to vote on future protocol upgrades, fixes, and other governance-related decisions. However, it’s important to mention that not all DeFi projects start as community-powered solutions. Instead, they initially use a centralized governance model (e.g., a developer or an organization is in charge). But later, the creator hands control over the project to the community by issuing and distributing native tokens to users.
Interoperability: One of the most important features of DeFi is interoperability, which allows developers to build upon, integrate, or combine DApps with other decentralized finance solutions. This is the reason why DeFi protocols are often called “money legos” in the crypto space.
Programmability: Developers can deploy smart contracts for DeFi solutions to automate processes and create new products.
Non-custodial finance management: Traditional finance solutions – and even centralized exchanges – keep their customers’ funds in their custody while using their products (take savings or bank account as an example). On the other hand, most DeFi applications don’t hold user funds. Instead, they operate on a self-custodial basis where customers have to connect their wallets without depositing money to accounts managed by the service provider. For that reason, users have full control over their digital assets and personal data when they use DeFi apps.
Privacy: Since DeFi solutions have no custody over customer funds, they don’t require users to register accounts, provide personal details, or submit Know Your Customer (KYC) and Anti-Money Laundering (AML) documents. For that reason, it’s possible to use decentralized finance services privately or (pseudo)-anonymously. However, that can change soon based on the outcome of future regulations.

What Are the Use-Cases for DeFi?

Empowering DeFi with numerous use cases, projects have been taking the lead to create decentralized alternatives to traditional finance solutions.

In this section, we have compiled the most important DeFi use cases along with example apps for each.

Let’s see them!

1. Lending and Borrowing

Examples: Aave, Compound.Finance, Oasis

One of the most popular DeFi activities is lending and borrowing.

And for a very good reason.

Earlier in this article, we have shown how borrowing works on DeFi platforms, and we can safely conclude that it’s a rapid, efficient, and automated process that lacks any middlemen and allows borrowers to access extra capital in stablecoins within a few minutes.

However, it’s important to mention that DeFi loans are overcollateralized, meaning that borrowers have to deposit more collateral than the amount of funds they can borrow.While this may seem counterproductive at first, over-collateralization protects lenders against non-paying borrowers (as the collateral is automatically transferred to the lenders upon non-payment).

On the other hand, crypto-backed loans in DeFi allow investors, traders, and businesses to access extra capital – which they are free to exchange for fiat currency any time (e.g., to pay rent, utility bills, business expenses) – without selling their digital assets.

DeFi platforms issue loans from lending pools in which users deposit their cryptocurrency holdings (usually stablecoins). In exchange for contributing coins to a pool, lenders can earn interest on their tokens.

Interestingly, one of the reasons why DeFi lending has become so popular is due to the fact that users have access to much higher interest rates (usually ranging between 5-15% annually) than with traditional finance products (e.g., government bonds, savings accounts).

2. Decentralized Exchanges (DEXs)

Examples: Uniswap, Bancor, Kyber Network

A decentralized exchange or DEX is a peer-to-peer (P2P) cryptocurrency service that allows buyers and sellers to connect without intermediaries and the requirement to hold user funds in custody.

Instead of relying on centralized elements, decentralized exchanges execute trades automatically using smart contracts.

While DEXs are not new, they only played a minor part in the crypto space until the recent DeFi boom, which helped them gain ground against centralized exchanges.

A reason why decentralized exchanges initially lagged in adoption in the crypto community is because of issues with liquidity.

However, since DeFi solutions introduced liquidity pools, incentivizing users to contribute their coins in exchange for an interest, DEXs now have access to significantly more liquidity than before.

Furthermore, many decentralized exchanges have started supporting atomic swaps, in which crypto users can conveniently and instantly switch a token to another coin.

3. Derivatives and Margin Trading

Examples: Kwenta, Hegic, dYdX, Fulcrum

Cryptocurrency derivatives and margin trading have become increasingly popular in the industry.

In short, a “derivative” is a financial instrument that derives its value from the performance of an underlying asset, which can be anything from stocks and bonds to Bitcoin and DeFi tokens.

“Margin trading” refers to the practice in which someone uses borrowed funds to trade an asset, allowing him to secure higher potential gains (that also comes with greater risks).

While such products were only available for the public with centralized providers in the past, DeFi creators have recently introduced decentralized derivatives and margin trading platforms where users can trade assets without KYC and custody requirements.

4. Stablecoins

Examples: USDT, DAI, USDC

Stablecoins are cryptocurrencies that have their values pegged to a single or a basket of other instruments.

Although the underlying instrument can be virtually anything (e.g., other digital assets or commodities like gold and silver), most stablecoins are based on major fiat currencies, such as USD and EUR.

As their name suggests, stablecoins provide a solution to cryptocurrencies’ volatility issues by pegging them to assets that aren’t subject to extreme price swings to stabilize their value.

While their value remains steady, stablecoins can be held, used, exchanged, and transferred via blockchain networks just like any other digital asset.

Stablecoins play a key role in DeFi as they are widely used across lending, payment, and yield farming solutions.

5. Staking

Examples: Staked, Stake Capital, P2P Validator

Staking refers to locking up a part of a user’s cryptocurrency holdings to validate blocks and get rewarded for supporting the blockchain network.

Staking has the same purpose as mining in Proof-of-Work (PoW) networks like Bitcoin, in which miners leverage their computational power via specialized hardware to verify transactions and add new blocks to the chain.

However, validators in Proof-of-Stake (PoS) networks and their variants use their tokens instead of their computational power to validate blocks.

Unlike cryptocurrency mining, where miners have to purchase expensive equipment to get started, staking has no upfront costs for validators. For that reason, it is more accessible to users, and it has gained increased popularity in the digital asset space.

As only selected validators are rewarded, individuals and companies have created staking solutions to maximize their profit chances. As a result, users can make a similar passive income as in DeFi lending.

Although, it’s important to mention that while lending involves mostly stablecoins, staking requires locking up a project’s (non-stablecoin) token. This increases the risks of volatility but also the chance for increased returns (in case a staked coin’s value moves in a favorable way while being locked up).

6. Yield Farming

Examples: Curve, Harvest Finance, SushiSwap

Yield farming is a DeFi-exclusive activity that is widely popular in the industry, especially among those with a higher risk appetite.

Yield farming, also called liquidity mining, refers to using complex strategies to lend and stake digital assets throughout multiple DeFi protocols to maximize gains.

In its basic form, farmers deposit (lend) their funds into liquidity pools to earn rewards. However, in many cases, the platform issues a token to the user representing the coins he has lent to the pool (e.g., for lending DAI on Compound, users are issued cDAI).

Since users are free to utilize these tokens in other DApps, many yield farmers move them to other DeFi solutions to make an additional profit. And they may continue to do so with the coins they get on the second protocol.

However, as the most profitable strategies involve multiple (non-stablecoin) cryptocurrencies, they pose much higher risks to users than, for example, DeFi lending or staking.

7. Wealth Management

Examples: Argent, Trust Wallet, DeFi Saver

Cryptocurrency wallets have been around since Bitcoin’s launch in 2009, allowing users to store, receive, and send digital assets.

However, the original crypto wallets are very different from the ones we have now.

With the rise of the DeFi space, many cryptocurrency wallets have added a functionality that allows users to interact with decentralized finance applications.

Many DeFi-compatible crypto wallets now function as one-stop wealth management solutions by integrating multiple apps under one platform.

In addition to the basic features, users can now utilize their wallets to trade, swap, stake, yield farm, or lend cryptocurrencies.

Furthermore, some decentralized finance projects have created specialized wealth management apps that can be connected with DeFi-compatible wallets.

8. Payments

Examples: Lightning Network, Matic, Whisp, Request

In addition to a store of value, one of the first use cases of cryptocurrencies was for payments.

Since blockchain networks operate continuously without intermediaries, they offer global access to faster and cost-efficient payments to crypto users.

However, due to blockchain networks’ decentralized architecture, digital assets often struggle with decreased scalability and congestion.

Multiple DeFi projects are working on Layer 2 scalability solutions to fix this issue, allowing transactions to be processed on side-chains or off the main blockchain. As a result, users can have access to cheaper and more rapid transfers.

In addition to scaling solutions, other DeFi projects have created payment applications to facilitate efficient digital transactions for individuals and businesses.

9. Asset Tokenization

Examples: Neufund, Securitize, Polymath

Asset tokenization refers to the practice in which the rights for real-world or traditional finance assets are converted into cryptocurrencies.

Theoretically, there are no limits for tokenizing instruments. From artwork, in-game items, to real estate and commodities, anything can be “moved” to the blockchain to be represented by a token.

However, asset tokenization creates the most value when hardly accessible or illiquid instruments are converted into cryptocurrency.

As a result, such assets can be exposed to a larger market, making it much easier for users to buy or sell them.

For example, tokenizing private companies’ shares can be used to create a secondary market in which participants can easily exchange them. Real estate is another good example of an illiquid asset that can be improved by tokenization.

10. Insurance

Examples: Nexus Mutual, Etherisc, Cover

Insurance is among the most interesting applications of DeFi solutions.

It was not common to hear about insurance products other than traditional finance before the DeFi boom.

As some decentralized finance products involve increased risks, projects have created insurance products to protect investors against potential losses.

However, DeFi insurance solutions are very different from the ones in traditional finance.

Instead of a single firm providing the service – with the involvement of several sales agents and other intermediaries – decentralized insurance products are managed and offered by the community.

Interestingly, in addition to crypto-related activities and services, DeFi insurance products have been created around other, more general areas like flight delays and hurricane protection.

Is DeFi Safe for Investors?

At this point, you know what DeFi is, how it works, as well as its benefits and use cases.

Now let’s talk a little about the safety of the industry.

Whether DeFi is safe for investors is based on the strategies and the actual decentralized finance solutions used to generate potential profits.

For example, lending a stablecoin on a major, reputable DeFi protocol poses relatively low risks to investors as the loans’ over-collateralization protects them against non-paying borrowers.

Also, as stablecoins are subject to minimal volatility – especially when we compare them to DeFi tokens with small market caps – investors don’t have to worry about potential price swings that could eat up their profits.

On the other hand, using a complex yield farming strategy that involves lending, staking, or trading 3-4 different non-stablecoin tokens can come with very high risks.

For that reason, DeFi is definitely risky for investors who don’t do their own due diligence before using an app.

However, DeFi can be a safe investment for those who know how different smart contracts and DApps manage their money, refrain from utilizing overly complex strategies, understand the risks beforehand, and engage with only reputable service providers.

With that said, we have collected for review some of the potential challenges and risks of DeFi:

Smart contract bugs: As mentioned earlier, DeFi applications are powered by smart contracts, allowing both users and service providers to automate processes. However, everyone makes mistakes, including developers, especially in the case of complex smart contracts. Smart contract bugs are often hard to fix and can lead to potential exploits and investor losses.
Hacks: Unfortunately, errors in smart contracts are still common among DeFi projects. For that reason, hackers are increasingly targeting the space, aiming to exploit the vulnerabilities of projects.
Fraud: The DeFi space is yet to be regulated, and some projects are taking advantage of the current situation to scam investors with fraudulent schemes.
Future compliance issues: Currently, there is no regulation around DeFi. However, since the industry is growing rapidly, it is realistic to expect multiple governments to regulate decentralized finance in the near future. While effective regulation is definitely good for the space, DeFi users may lose some of their abilities, such as using solutions without submitting KYC and AML documents.
Impermanent loss: Impermanent loss is a unique term used in DeFi and applies to mostly yield farming activities. In short, an investor can face this risk while supplying liquidity to a pool. Impermanent loss occurs when a token in the pool grows in value and arbitrageurs step in and use the opportunity to make profits, reducing the liquidity provider’s gains. In such a case, an investor could have made a better profit by holding the tokens in the pool instead of supplying liquidity. If you want to learn more about impermanent loss, we recommend reading the following article.

How to Stay Safe in the Decentralized Finance Industry

Based on our findings in the previous section, we can conclude that the decentralized finance industry poses some risks to investors.

However, it’s definitely possible to stay safe while using DeFi services, and we have collected some handy tips to help you:

Do your own research before using an app: While this may be obvious, many people forget to do their own due diligence before utilizing a solution or investing in something. This advice is especially crucial for DeFi apps, as they often use complex mechanisms and business models to operate. For that reason, make sure you understand the strategies and the decentralized solutions used for investing to know your opportunities and risks beforehand.
Be cautious with solutions promising extraordinarily high rates: If something seems too good to be true, it probably is. For that reason, you should take DeFi projects promising excessively high returns (e.g.,1,000% gains in one week) with a grain of salt. When you find a new app, analyze how it works, do a background check on the developers, and see what others say to stay safe.
Check smart contract audits: Since smart contract bugs pose a high risk to the industry, DeFi projects often hire third-party firms to audit their code to find and fix potential issues and vulnerabilities. As a rule of thumb, you should refrain from using DeFi services without audited smart contracts. To get increased insight into a project’s safety, we recommend going through all audit-related documents.
Consider DeFi insurance products: Buying insurance for a DeFi product is a good way to protect your investment against possible cyber-attacks and smart contract failures.Stay away from projects with anonymous owners: While Bitcoin has proven itself a trustworthy project since its launch by the mysterious Satoshi Nakamoto, it doesn’t mean that you should blindly trust DeFi projects where core developers refuse to reveal their identities. On the contrary, you should be very careful as the risks of exit scams and other fraud is higher for solutions with anonymous dev teams.
Look for activity on GitHub: Since DeFi projects are open-source, their code and related developer activities are shared publicly on GitHub. For that reason, it’s possible to see the newest changes to the apps there. If a project hasn’t made any updates to the code in the past few months, it means that it has likely been abandoned by the team.

How to Get Started With DeFi

Now we have explored the industry’s essentials, let’s see how to get started with DeFi.

Step 1: Create a DeFi-Compatible Wallet

The first step to use a DeFi app is to create a compatible cryptocurrency wallet.

Argent and Trust Wallet are good examples that you can download as an app on your smartphone.

However, if you want to maximize your security, consider getting a hardware wallet from a reputable provider like Ledger or Trezor. Since hardware wallets are popular among crypto users, most DeFi applications support them.

After creating your wallet, you will be given a seed phrase. Since this crucial piece of information allows you to restore your account, it’s important never to share it with anyone.

Instead, you should write it down on a piece of paper and store it in a place you have exclusive access to. It’s also a good idea to keep it digitally on your computer’s hard drive in a secure location as well (never upload it to the cloud as it could compromise your security).

As a side note, some crypto wallets use their own security features for restoring accounts and may not offer seed phrase backups for customers. These solutions often use guardians (e.g., a hardware wallet, a trusted person, or a third-party service) to restore user wallets.

Step 2: Get Cryptocurrency

When your wallet is ready, it’s time to get some crypto to use for DeFi.

The easiest way is to purchase coins with fiat currency.

For that, we recommend using a trusted digital asset exchange (e.g., Coinbase, Kraken, Binance) where you have multiple options to purchase cryptocurrency with fiat.

The easiest and the fastest way to exchange fiat to crypto is via a credit or debit card, but this option is often more expensive than the others.

On the other hand, if you are comfortable waiting a few days until you can purchase crypto, bank transfers are a great option, especially when you can access domestic wire transactions.

It’s possible to get digital assets via other methods (even without spending a dime), such as by stacking sats.

For earning digital assets, we recommend checking out the next-generation, blockchain-based advertising platform Permission. In exchange for your data and time, you can earn native ASK cryptocurrency by engaging with advertisers’ ads.

Most importantly, you are the one in charge of whether and how advertisers can use your data on Permission.io.

You can spend your rewards for products listed in the Shop & Earn Store anytime to earn back up to 20% of your ASK purchases.

Oh, and we almost forgot: you can get 100 ASK for simply registering a new account at Permission!

Step 3: Connect to a DeFi App

When you have your coins ready in your wallet, it’s time to select a DeFi app to use.

On mobile, the connection between your wallet and the decentralized finance app is mostly established with WalletConnect, a service combining multiple wallet and DeFi solutions. Here, you have to scan a QR code with your smartphone’s camera to access the service or log into your account and authorize the DeFi app for desktop and web wallets.

The process is a bit more complex for hardware wallets as you have to plug your device into your computer and type in a security key for connecting to the DApp.

Don’t forget to confirm the connection in your wallet app to finalize the process.

Step 4: Deposit Funds

Once you have established the connection between your wallet and the DeFi service, you have to deposit funds to utilize it.

However, unlike with centralized exchanges, this deposit will go into a smart contract instead of the service provider’s accounts, which allows you to remain in custody and maintain control over your digital assets.

After initiating the deposit from the DeFi app, you will have to authorize it via your wallet.

Upon a successful deposit, you are ready to lend, exchange, borrow, stake, farm yield, or participate in other decentralized finance activities.

After ending your DeFi journey, don’t forget to withdraw your funds to your wallet.

DeFi Is Here to Stay

DeFi has empowered crypto with numerous new use-cases by providing a decentralized alternative to traditional finance products.

While there is significant demand for them, traditional finance services often operate inefficiently, lack transparency, need middlemen, and fail to provide access to many.

DeFi solves this issue by leveraging blockchain technology to provide a wide range of services, allowing users to manage their finances, access savings products with good rates, and borrow funds on their digital assets.

With such astonishing growth in recent months and new use cases and solutions appearing on the market every day, DeFi is definitely here to stay.

Notwithstanding their increasing popularity, DeFi solutions can come with high risks to investors. For that reason, we recommend everyone to do their own due diligence and follow the best practices to stay safe while taking advantage of decentralized finance’s benefits.

—

DeFi Frequently Asked Questions (FAQ)

1. How much money is in DeFi?

As of March 24, there is $40.82 billion of digital assets locked in DeFi apps.

2. What is decentralized technology?

Solutions using decentralized technology lack a central party (e.g., a company, institution, government body) from their networks that can exercise its authority over other users.

Instead, applications using decentralized tech are maintained by the community and governed democratically.

Blockchains and DeFi protocols are good examples of decentralized technology.

3. What is an example of a decentralized exchange?

Examples of decentralized exchanges include:

For more examples and to learn more about decentralized exchanges, we recommend reading the following article on the Permission blog.

4. Are banks centralized or decentralized?

Banks and the banking network operate on a centralized basis.

Financial institutions have full control over their governance, products, networks, services, as well as who can get access to their solutions.

While the DeFi industry is growing rapidly, decentralized banks are yet to appear on the market or gather widespread attention among users.

Get the Agent

Unlock the value of your online experience.

Light gradient background transitioning from white to pale green with a subtle grainy texture.

Recent articles

Insights

California’s SB 243 and the Future of AI Chatbot Safety for Kids

Nov 21st, 2025

{time} read time

As a mom in San Diego, and someone who works at the intersection of technology, safety, and ethics, I was encouraged to see Governor Gavin Newsom sign Senate Bill 243, California’s first-in-the-nation law regulating companion chatbots. Authored by San Diego’s own Senator Steve Padilla, SB 243 is a landmark step toward ensuring that AI systems interacting with our children are held to basic standards of transparency, responsibility, and care.

This law matters deeply for families like mine. AI is no longer an abstract technological concept; it’s becoming woven into daily life, shaping how young people learn, socialize, ask questions, and seek comfort. And while many AI tools can provide meaningful support, recent tragedies - including the heartbreaking case of a 14-year-old boy whose AI “companion” failed to recognize or respond to signs of suicidal distress - make clear that these systems are not yet equipped to handle emotional vulnerability.

SB 243 sets the first layer of guardrails for a rapidly evolving landscape. But it is only the beginning of a broader shift, one that every parent, policymaker, and technology developer needs to understand.

Why Chatbots Captured Lawmakers’ Attention

AI “companions” are not simple customer-service bots. They simulate empathy, develop personalities, and sustain ongoing conversations that can resemble friendships or even relationships. And they are widely used: nearly 72% of teens have engaged with an AI companion. Early research, including a Stanford study finding that 3% of young adults credited chatbot interactions with interrupting suicidal thoughts, shows their complexity.

But the darker side has generated national attention. Multiple high-profile cases - including lawsuits involving minors who died by suicide after chatbot interactions - prompted congressional hearings, FTC investigations, and testimony from parents who had lost their children. Many of these parents later appeared before state legislatures, including California’s, urging lawmakers to put protections in place.

This context shaped 2025 as the first year in which multiple states introduced or enacted laws specifically targeting companion chatbots, including Utah, Maine, New York, and California. The Future of Privacy Forum’s analysis of these trends can be found in their State AI Report (2025).

SB 243 stands out among these efforts because it explicitly focuses on youth safety, reflecting growing recognition that minors engage with conversational AI in ways that can blur boundaries and amplify emotional risks.

SB 243 Explained: What California Now Requires

SB 243 introduces a framework of disclosures, safety protocols, and youth-focused safeguards. It also grants individuals a private right of action, which has drawn significant attention from technologists and legal experts.

1. What Counts as a “Companion Chatbot”

SB 243 defines a companion chatbot as an AI system designed to:

provide adaptive, human-like responses
meet social or emotional needs
exhibit anthropomorphic features
sustain a relationship across multiple interactions

Excluded from the definition are bots used solely for:

customer service
internal operations
research
video games that do not discuss mental health, self-harm, or explicit content
standalone consumer devices like voice-activated assistants

But even with exclusions, interpretation will be tricky. Does a bot that repeatedly interacts with a customer constitute a “relationship”? What about general-purpose AI systems used for entertainment? SB 243 will require careful legal interpretation as it rolls out.

2. Key Requirements Under SB 243

A. Disclosure Requirements

Operators must provide:

Clear and conspicuous notice that the user is interacting with AI
Notice that companion chatbots may not be suitable for minors

Disclosure is required when a reasonable person might think they’re talking to a human.

B. Crisis-Response Safety Protocols

Operators must:

Prevent generation of content related to suicidal ideation or self-harm
Redirect users to crisis helplines
Publicly publish their safety protocols
Submit annual, non-identifiable reports on crisis referrals to the California Office of Suicide Prevention

C. Minor-Specific Safeguards

When an operator knows a user is a minor, SB 243 requires:

AI disclosure at the start of the interaction
A reminder every 3 hours for the minor to take a break
“Reasonable steps” to prevent sexual or sexually suggestive content

This intersects with California’s new age assurance bill, AB 1043, and creates questions about how operators will determine who is a minor without violating privacy or collecting unnecessary personal information.

D. Private Right of Action

Individuals may sue for:

At least $1,000 in damages
Injunctive relief
Attorney’s fees

This provision gives SB 243 real teeth, and real risks for companies that fail to comply.

How SB 243 Fits Into the Broader U.S. Landscape

While California is the first state to enact youth-focused chatbot protections, it is part of a larger legislative wave.

1. Disclosure Requirements Across States

In 2025, six of seven major chatbot bills across the U.S. required disclosure. But states differ in timing and frequency:

New York (Artificial Intelligence Companion Models law): disclosure at the start of every session and every 3 hours
California (SB 243): 3-hour reminders only when the operator knows the user is a minor
Maine (LD 1727): disclosure required but not time-specified
Utah (H.B. 452): disclosure before chatbot features are accessed or upon user request

Disclosure has emerged as the baseline governance mechanism: relatively easy to implement, highly visible, and minimally disruptive to innovation.

Of note, Governor Newsom previously vetoed AB 1064, a more restrictive bill that might have functionally banned companion chatbots for minors. His message? The goal is safety, not prohibition.

Taken together, these actions show that California prefers:

transparency
crisis protocols
youth notifications…rather than outright bans.

This philosophy will likely shape legislative debates in 2026.

2. Safety Protocols & Suicide-Risk Mitigation

Only companion chatbot bills - not broader chatbot regulations - include self-harm detection and crisis-response requirements.

However, these provisions raise issues:

Operators may need to analyze or retain chat logs, increasing privacy risk
The law requires “evidence-based” detection methods, but without defining the term
Developers must decide what constitutes a crisis trigger

Ambiguity means compliance could differ dramatically across companies.

The Central Problem: AI That Protects Platforms, Not People

As both a parent and an AI policy advocate, I see SB 243 as progress – but also as a reflection of a deeper issue.

Laws like SB 243 are written to protect people, especially kids and vulnerable users. But the reality is that the AI systems being regulated were never designed around the needs, values, and boundaries of individual families. They were designed around the needs of platforms.

Companion chatbots today are largely engagement engines: systems optimized to keep users talking, coming back, and sharing more. A new report from Common Sense Media, Talk, Trust, and Trade-Offs: How and Why Teens Use AI Companions, found that of the 72% of U.S. teens that have used an AI companion, over half (52%) qualify as regular users - interacting a few times a month or more. A third use them specifically for social interaction and relationships, including emotional support, role-play, friendship, or romantic chats. For many teens, these systems are not a novelty; they are part of their social and emotional landscape.

That wouldn’t be inherently bad if these tools were designed with youth development and family values at the center. But they’re not. Common Sense’s risk assessment of popular AI companions like Character.AI, Nomi, and Replika concluded that these platforms pose “unacceptable risks” to users under 18, easily producing sexual content, stereotypes, and “dangerous advice that, if followed, could have life-threatening or deadly real-world impacts.” Their own terms of service often grant themselves broad, long-term rights over teens’ most intimate conversations, turning vulnerability into data.

This is where we have to be honest: disclosures and warnings alone don’t solve that mismatch. SB 243 and similar laws require “clear and conspicuous” notices that users are talking to AI, reminders every few hours to take a break, and disclaimers that chatbots may not be suitable for minors. Those are important: transparency matters. But, for a 13- or 15-year-old, a disclosure is often just another pop-up to tap through. It doesn’t change the fact that the AI is designed to be endlessly available, validating, and emotionally sticky.

The Common Sense survey shows why that matters. Among teens who use AI companions:

33% have chosen to talk to an AI companion instead of a real person about something important or serious.
24% have shared personal or private information, like their real name, location, or personal secrets.
About one-third report feeling uncomfortable with something an AI companion has said or done.

At the same time, the survey indicates that a majority still spend more time with real friends than with AI, and most say human conversations are more satisfying. That nuance is important: teens are not abandoning human relationships wholesale. But, a meaningful minority are using AI as a substitute for real support in moments that matter most.

These same dynamics appear outside the world of chatbots. In our earlier analysis of Roblox’s AI moderation and youth safety challenges, we explored how large-scale platform AI struggles to distinguish between playful behavior, harmful content, and predatory intent, even as parents assume the system “will catch it.”

This is where “AI that protects platforms, not people” comes into focus. When parents and policymakers rely on platform-run AI to “detect” risk, it can create a false sense of security – as if the system will always recognize distress, always escalate appropriately, and always act in the child’s best interest. In practice, these models are tuned to generic safety rules and engagement metrics, not to the lived context of a specific child in a specific family. They don’t know whether your teen is already in therapy, whether your family has certain cultural values, or whether a particular topic is especially triggering.

Put differently: we are asking centralized models to perform a deeply relational role they were never built to handle. And every time a disclosure banner pops up or a three-hour reminder fires, it can look like “safety” without actually addressing the core problem - that the AI has quietly slipped into the space where a parent, counselor, or trusted adult should be.

The result is a structural misalignment:

Platforms carry legal duties and add compliance layers.
Teens continue to use AI companions for connection, support, and secrets.
Parents assume “there must be safeguards” because laws now require them.

But no law can turn a platform-centric system into a family-centric one on its own. That requires a different architecture entirely: one where AI is owned by, aligned to, and accountable to the individual or family it serves, rather than the platform that hosts it.

The Next Phase: Personal AI That Serves Individuals, Not Platforms

Policy can set guardrails, but it cannot engineer empathy.

The future of safety will require personal AI systems that:

are owned by individuals or families
understand context, values, and emotional cues
escalate concerns privately and appropriately
do not store global chat logs
do not generalize across millions of users
protect people, not corporate platforms

Imagine a world where each family has its own AI agent, trained on their communication patterns, norms, and boundaries.An AI partner that can detect distress because it knows the user, not because it is guessing from a database of millions of strangers.

This is the direction in which responsible AI is moving, and it is at the heart of our work at Permission.

What to Expect in 2026

2025 was the first year of targeted chatbot regulation. 2026 may be the year of chatbot governance.

Expect:

More state-level bills mirroring SB 243
Increased federal involvement through the proposed GUARD Act
Sector-specific restrictions on mental health chatbots
AI oversight frameworks tied to age assurance and data privacy
Renewed debates around bans vs. transparency-based models

States are beginning to experiment. Some will follow California’s balanced approach. Others may attempt stricter prohibitions. But all share a central concern: the emotional stakes of AI systems that feel conversational.

Closing Thoughts

As a mom here in San Diego, I’m grateful to see our state take this issue seriously. As Permission’s Chief Advocacy Officer, I also see where the next generation of protection must go. SB 243 sets the foundation, but the future will belong to AI that is personal, contextual, and accountable to the people it serves.

Project Updates

ASK Trading and Liquidity are Now Live on Base’s Leading DEX

Nov 14th, 2025

{time} read time

We’re excited to share that the ASK/USDC liquidity pool is now officially live on Aerodrome Finance, the premier decentralized exchange built on Base. This milestone makes it easier than ever for ASK holders to trade, swap, and provide liquidity directly within the Coinbase ecosystem.

Why This Matters

More access. You can now trade ASK directly through Aerodrome, Base’s premier DEX—and soon, through the Coinbase app itself, thanks to its new DEX integration.
More liquidity. ASK liquidity is already live in the USDC/ASK pool, strengthening accessibility for everyone.
More connection to real utility. As ASK continues to power the Permission ecosystem, this move brings its utility to DeFi, where liquidity meets data ownership + real demand for permissioned data.

How to Join In

Visit the official USDC/ASK pool on Aerodrome.

Always confirm the official ASK contract address on Base before trading:
0xBB146326778227A8498b105a18f84E0987A684b4

You can trade, provide liquidity, or simply watch the pool evolve — it’s all part of growing ASK’s footprint on Base.

Building on Base’s Vision

Base has quickly become one of the most vibrant ecosystems in crypto, driven by the vision that on-chain should be open, affordable, and accessible to everyone. Its rapid growth reflects a broader shift toward usability and real-world applications, something that aligns perfectly with Permission’s mission.

As Coinbase CEO Brian Armstrong has emphasized, Base isn’t just another Layer-2 — it’s the foundation for bringing the next billion users on-chain. ASK’s launch on Base taps directly into that movement, expanding access to a global audience and connecting Permission’s data-ownership mission to one of the most forward-thinking ecosystems in Web3.

100,000+ ASK Holders on Base 🎉

As of this writing, we’re proud to share that ASK has surpassed 100,000 holders on Base. This is a huge milestone that reflects the growing strength and reach of the Permission community.

From early supporters to new users discovering ASK through Base and Aerodrome, this growth underscores the demand for consent-driven data solutions that reward people for the value they create.

Providing Liquidity Has Benefits

When you add liquidity to the USDC/ASK pool, you’re helping deepen the market and improve access for other community members. In return, you’ll earn a share of trading fees generated by the pool.

And as Aerodrome continues to expand its ve(3,3)-style governance model, liquidity providers could see additional incentive opportunities in the future. Nothing is live yet, but the structure is there, and we’re watching closely as the Base DeFi ecosystem evolves.

It’s a great way for long-term ASK supporters to stay engaged and help grow the ecosystem while participating in DeFi on one of crypto’s fastest-growing networks.

What’s Next

ASK’s presence on Base is just the beginning. We’re continuing to build toward broader omnichain accessibility, more liquidity venues, and new ways to earn ASK. Each milestone strengthens ASK’s position as the tokenized reward for permission.

Learn More

📘 ASK Token Utilities & Docs

💧 Aerodrome Liquidity Pool

Disclaimer:
This post is for informational purposes only and does not constitute financial, investment, or legal advice. Token values can fluctuate and all participation involves risk. Always do your own research before trading or providing liquidity.

Insights

Online Safety and the Limits of AI Moderation: What Parents Can Learn from Roblox

Nov 10th, 2025

{time} read time

Roblox isn’t just a game — it’s a digital playground with tens of millions of daily users, most of them children between 9 and 15 years old.

For many, it’s the first place they build, chat, and explore online. But as with every major platform serving young audiences, keeping that experience safe is a monumental challenge.

Recent lawsuits and law-enforcement reports highlight how complex that challenge has become. Roblox reported more than 13,000 cases of sextortion and child exploitation in 2023 alone — a staggering figure that reflects not negligence, but the sheer scale of what all digital ecosystems now face.

The Industry’s Safety Challenge

Most parents assume Roblox and similar platforms are constantly monitored. In reality, the scale is overwhelming: millions of messages, interactions, and virtual spaces every hour. Even the most advanced AI moderation systems can miss the subtleties of manipulation and coded communication that predators use.

Roblox has publicly committed to safety and continues to invest heavily in AI moderation and human review — efforts that deserve recognition. Yet as independent researcher Ben Simon (“Ruben Sim”) and others have noted, moderation at this scale is an arms race that demands new tools and deeper collaboration across the industry.

By comparison, TikTok employs more than 40,000 human moderators — over ten times Roblox’s reported staff — despite having roughly three times the daily active users. The contrast underscores a reality no platform escapes: AI moderation is essential, but insufficient on its own.

When Games Become Gateways

Children as young as six have encountered inappropriate content, virtual strip clubs, or predatory advances within user-generated spaces. What often begins as a friendly in-game chat can shift into private messages, promises of Robux (Roblox’s digital currency), or requests for photos and money.

And exploitation isn’t always sexual. Many predators use financial manipulation, convincing kids to share account credentials or make in-game purchases on their behalf.

For parents, Roblox’s family-friendly design can create a false sense of security. The lesson is not that Roblox is unsafe, but that no single moderation system can substitute for parental awareness and dialogue.

Even when interactions seem harmless, kids can give away more than they realize.

A name, a birthday, or a photo might seem trivial, but in the wrong hands it can open the door to identity theft.

The Hidden Threat: Child Identity Theft

Indeed, a lesser-known but equally serious risk is identity theft.

When children overshare personal details — their full name, birthdate, school, address, or even family information — online or with strangers, that data can be used to impersonate them.

Because minors rarely have active financial records, child identity theft often goes undetected for years, sometimes until they apply for a driver’s license, a student loan, or their first job. By then, the damage can be profound: financial loss, credit score damage, and emotional stress. Restoring a stolen identity can require years of effort, documentation, and legal action.

The best defense is prevention.

Teach children early why their personal information should never be shared publicly or in private chats — and remind them that real friends never need to know everything about you to play together online.

AI Moderation Needs Human Partnership

AI moderation remains reactive.

Algorithms flag suspicious language, but they can’t interpret tone, hesitation, or the subtle erosion of boundaries that signals grooming.

Predators evolve faster than filters, which means the answer isn’t more AI for the platform, but smarter AI for the family.

The Limits of Centralized AI

‍The truth is, today’s moderation AI isn’t really designed to protect people; it’s designed to protect platforms. Its job is to reduce liability, flag content, and preserve brand safety at scale. But in doing so, it often treats users as data points, not individuals.

This is the paradox of centralized AI safety: the bigger it gets, the less it understands.

It can process millions of messages a second, but not the intent behind them. It can delete an account in a millisecond, but can’t tell whether it’s protecting a child or punishing a joke.

That’s why the future of safety can’t live inside one corporate algorithm. It has to live with the individual — in personal AI agents that see context, respect consent, and act in the user’s best interest. Instead of a single moderation brain governing millions, every family deserves an AI partner that watches with understanding, not suspicion.

A system that exists to protect them, not the platform.

The Future of Child Safety: Collaboration, Not Competition

The Roblox story underscores an industry-wide truth: safety can’t be one-size-fits-all.
Every child’s online experience is different and protecting it requires both platform vigilance and parent empowerment.

At Permission, we believe the next generation of online safety will come from collaboration, not competition. Instead of replacing platform systems, our personal AI agents complement them — giving parents visibility and peace of mind while supporting the broader ecosystem of trust that companies like Roblox are working to build.

From one-size-fits-all moderation to one-AI-per-family insight — in harmony with the platforms kids already love.

Each family’s AI guardian can learn their child’s unique patterns, highlight potential risks across apps, and summarize activity in clear reports that parents control. That’s what we mean by ethical visibility — insight without invasion.

You can explore this philosophy further in our upcoming piece:
➡️ Monitoring Without Spying: How to Build Digital Trust With Your Child (link coming soon)

What Parents Can Do Now

Until personalized AI guardians are widespread, families can take practical steps today:

Talk early and often. Make online safety part of everyday conversation.
Ask, don’t accuse. Curiosity builds trust; interrogation breeds secrecy.
Play together. Experience games and chat environments firsthand.
Set boundaries collaboratively. Agree on rules, timing, and social norms.
Teach red flags. Encourage your child to tell you when something feels wrong — without fear of punishment.

A Shared Responsibility

The recent Roblox lawsuits remind all of us just how complicated parenting in the digital world can feel. It’s not just about rules or apps: it’s about guiding your kids through a space that changes faster than any of us could have imagined!

And the truth is, everyone involved wants the same thing: a digital world where kids can explore safely, confidently, and with the freedom to just be kids.

At Permission, we’re committed to building an AI that understands what matters, respects your family’s values and boundaries, and puts consent at the center of every interaction.

Announcements

Meet the Permission Agent: The Future of Data Ownership

Sep 10th, 2025

{time} read time

For years, Permission has championed a simple idea: your data has value, and you deserve to be rewarded for it. Our mission is clear: to enable individuals to own their data and be compensated when it’s used. Until now, we’ve made that possible through our opt-in experience, giving you the choice to engage and earn.

But the internet is evolving, and so are we.

Now, with the rise of AI, our vision has never been more relevant. The world is waking up to the fact that data is the fuel driving digital intelligence, and individuals should be the ones who benefit directly from it.

The time is now. AI has created both the urgency and the infrastructure to finally make our vision real. The solution is the "Permission Agent: The Personal AI that Pays You."

‍What is the Permission Agent?

The Permission Agent is your own AI-powered digital assistant - it knows you, works for you, and turns your data into a revenue stream.

Running seamlessly in your browser, it manages your consent across the digital world while identifying the moments when your data has value, making sure you are the one who gets rewarded.

In essence, it acts as your personal representative in the online economy, constantly spotting opportunities, securing your rewards, and giving you back control of your digital life.

Human data powers the next generation of AI, and for it to be trusted it must be verified, auditable, and permissioned. Most importantly, it must reward the people who provide it. With the Permission Agent, this vision becomes reality: your data is safeguarded, your consent is respected, and you are compensated every step of the way.

This is more than a seamless way to earn. It’s a bold step toward a future where the internet is rebuilt around trust, transparency, and fairness - with people at the center.

‍Passive Earning and Compounded Referral Rewards

With the Permission Agent, earning isn’t just smarter - it’s continuous and always working in the background. As you browse normally, your Agent quietly unlocks opportunities and secures rewards on your behalf.

Beyond this passive earning, the value multiplies when you invite friends to Permission. Instead of a one-time referral bonus, you’ll earn a percentage of everything your friends earn, for life. Each time they browse, engage, and collect rewards, you benefit too — and the more friends you bring in, the greater your earnings become.

All rewards are paid in $ASK, the token that powers the Permission ecosystem. Whether you choose to redeem, trade for cash or crypto, or save and accumulate, the more you collect, the more value you unlock.

Changes to Permission Platform

Our mission has always been to create a fair internet - one where people truly own their data and get rewarded for it. The opt-in experience was an important first step, opening the door to a world where individuals could engage and earn. But now it’s time to evolve.

Effective October 1st, the following platform changes will be implemented:

Branded daily offers will no longer appear in their current form.
The Earn Marketplace will be transformed into Personalize Your AI - a new way to earn by taking actions that help your Agent better understand you, bringing you even greater personalization and value.
The browser extension will be the primary surface for earning from your data, and, should you choose to activate passive earning, you’ll benefit from ongoing rewards as your Agent works for you in the background.

With the Permission Agent, you gain a proactive partner that works for you around the clock — unlocking rewards, protecting your data, and ensuring you benefit from every opportunity, without needing to constantly make manual decisions.

‍How to Get Started

Getting set up takes just a few minutes:

Download the Permission Agent (browser extension)
Activate it to claim your ASK token bonus
Browse as usual — your Agent works in the background to find earning opportunities for you

The more you use it, the more it learns how to unlock rewards and maximize the value of your time online.

A New Era of the Internet

This isn’t just a new tool - it’s a turning point.

The Permission Agent marks the beginning of a digital world where people truly own their data, decide when and how to share it, and are rewarded every step of the way.

Products

Company

For Business

Company