Hacking the Ethical Layer

Hi folks, there’s been a lot of discussion recently around community sentiment… and indeed around community sentiment about the ZSA surveillance grant.

I think now might be a moment when we could benefit from a pause, and the consideration of what it is the we expect of fund managers.

What’s our expectation of the ZCG, or future custodians of community resources?

I propose that their primary role is to check for consistency with the values of the community. Is the request that they’re evaluating consistent with our values?

I believe that question begs another question… what are our values?

I don’t have a simple answer to that question, but it’s noteworthy that the community overwhelmingly rejected the surveillance grant. It was aligned against something fundamental, that’s precious to many of us.

One reason I don’t really know what “our” values are is because… I think they’re diverse. I think we all value autonomy and human dignity… but in myriad and subtly different ways.

I have been studying some of the principles laid out here:

@ChristopherA from this community reached out to us recently and it’s clear to me that these folks have taken a very thoughtful approach to these issues. I particularly appreciate a note I read somewhere (not in the above link) that explicitly lays out that these ideas are provisional… they intended as start points for reasoning.

This seems imminently reasonable to me, and I believe that also is a core value of our two communities. Being reasonable.

I believe that the @ZcashGrants might find this framework useful.

I tried applying it to the QEDIT Surveilance Proposal, and found that the proposal failed all four criteria!

It didn’t support:

• independence
• privacy
• resilience
  OR
• openess

That’s at least intriguing!

The community forcefully rejected that grant (post-hoc), AND the grant failed to uphold all four of these principles.

Perhaps we could benefit from more consideration of what the Gordian community is offering.

I deeply object to a grant intended for research to explore solutions in the problem space that least compromise privacy being characterized as a “surveillance grant”. It’s divisive and polarizing and I feel it mischaracterises the committees intentions.

Ahh… I was following @daira 's lead there.

I hear that is an objectionable association to you, and think that you’d never knowingly support something that could be accurately described as such.

Therefore I believe that there has been both a communication breakdown, which I believe must be laid at the feet of those with deep technical knowledge, and a betrayal of trust, which must be owned by QEDIT.

I won’t re-label the technology in a way that I feel is less accurate, but I want to be clear that I believe it’s critical to be aware of which actions were taken by whom.

@_jon characterizes this as a reasonable approach to a difficult problem. I disagree, but I am open to conversation.

Your belief, haha! As a regular user of hyperbole, I’ve gotta say you can be the new torch bearer.

There is clearly some stronger inspiration under the surface of only the words from the past few days.

That said, you did make effective work of getting the details aired out, and the grant stopped in a quite timely fashion. Better sooner than later, for all of us.

That belief isn’t informed by insider information. I don’t think ZCGers would intentionally support surveillance therefore I conclude that their trust was betrayed.

If you have the same starting assumption, you’ll necessarily arrive at the same belief.

Can you unpack this use of “surveillance” (getting to the hyberbole thing again).
(As an ELI5 if possible)

I haven’t followed all of the details, what parts of the Qedit R&D proposal intended to build surveillance into Zcash?

Actually… I retract this. I won’t delete it, because I think it’s a useful error, but there’s no evidence of bad faith. That’s an erroneous assumption on my part.

I believe that it’s possible to generate a capability that allows the holder to inspect the details of the transactions in the L2.

Is that overstatement @daira ?

The purpose of the protocol that Qedit would have been developing under the now-cancelled grant, was to reveal information to the issuer and any other holder of a certain decryption key, that allows those parties to surveil payments. It doesn’t do anything else. The definition of surveillance I’m using here is just the common usage: close watch kept over someone or something, implied to be under suspicion. We may disagree on the framing, but surely we don’t disagree on what the protocol does? It enables surveillance.

So call what they were hoping to build a surveillance protocol. But the grant was not intended to develop such a protocol, and when we found out the protocol was not being changed according to your objections, we cancelled it, precisely because it was not a surveillance grant.

What I’m lost on here, is the strong stance against this hypothetical ZSA surveillance feature. Meanwhile, ~85% of all Zcash transactions are wholly/ indiscriminately surveilable. How can we square up this inconsistency? [rhetorical]

Is deprecation of the transparent pool an initiative that has ever been taken seriously?

It’s about consent.

The current Zcash protocol maximizes honoring the individual user’s consent.

Years ago, Nate Wilcox and I were talking about Zcash strategy, and he said “I think consent is a good touchstone.”

At that moment I realized that privacy isn’t the core of my value system — it’s consent.

The current Zcash protocol, including the t-addresses, gives each user a high level of control over what they disclose and to whom.

If you want to disclose nothing to anybody, you can send ZEC to someone without revealing to anyone — not even to them — anything about yourself. If you want to disclose some things to some people, you can use View Keys. (Although they are little used. I think I’ve only used them a few times, myself.)

And if you want to disclose a specific amount and some specific linked transactions to everybody, you can use a t-address. This is often useful.

But it’s all under your own consent, as far as the Zcash protocol can enable that.

You can open your favorite Zcash wallet right now and move some of your ZEC from the shielded pool to a t-address or from a t-address to the shielded pool. Try it! Nobody can stop you. Nobody can force you to do it. Nobody can even know that you’ve done it!

Consent is about “What are your alternatives?”.

But the nuance that I’ve learned over the years is that “consent” isn’t binary. It’s really about what your alternative is if you opt out. If somebody has power over you that can harm you unless you cooperate, then your decision is not fully consensual.

Four examples

1. Today’s Zcash protocol and today’s Zcash wallets

Moving your ZEC around today, using your own self-sovereign Zcash wallet, including using t-addresses, is highly consensual, because thanks to the Zcash protocol, it would be pretty hard for someone else to put pressure on you about your choices.

2. Binance’s “no depositing from shielded” policy

But not impossible! Witness Binance. They recently started rejecting their user’s deposits if they deposit into Binance from the shielded pool.

(Which they almost certainly did, by the way, because certain elements within the U.S. federal government were threatening them with harsh consequences, including imprisonment. So Binance’s decision to do that isn’t fully consensual either.)

This reduces the consensuality of their users, but doesn’t entirely eliminate it. Their users still have reasonable options, such as moving their funds to a t-address before depositing them, or switching to a different exchange. And, when a Zcash wallet adds support for TEX addresses, that will restore the power to that wallet’s user, to approximately the same level as before.

3. Tether on Tron

The most widely used cryptocurrency payment system in the world is Tether on Tron. It gives the company behind Tether the ability to track all user actions and to freeze any user’s funds at any time. If a user chooses to subject themselves to that system, is their choice consensual?

It depends on what that specific user’s alternatives are. If they are a wealthy, privileged, “first world” user who knows how it works and just wants to use it to move funds from one exchange to another, it is consensual. If they have no other way to feed themselves, or if they don’t understand what they are giving up by using it, it isn’t consensual.

4. The aborted “surveillance” feature of ZSAs

If that feature had gone through in ZSAs, and Tether had deployed on Zcash, would a user’s choice to use it be consensual? Again, that depends on what that particular user’s alternatives would be. Their only way to opt out would be to not use Tether-on-Zcash (or USDC-on-Zcash either) at all. For some users, they would understand the consequences and would have reasonable alternatives they could use instead. For other users, they wouldn’t.

Conclusion

This is why I think the proposed “surveillance” feature is in a low tier of honoring the user’s consent, and the current Zcash protocol, including t-addresses, is in the highest tier.

This is certainly true in theory, but (albeit anecdotally), t-addresses have been harmful to unknowing users who expect “privacy” from Zcash. While things like UA and shielded by default can solve this problem, we have to admit that t-address have resulted in users not getting the privacy they expect from Zcash.

I addressed that here:

This is exactly what I was thinking. Don’t use T-addr/tx if you don’t want surveilled - Don’t use ZSA-stablecoins if you don’t want surveilled. What is the difference?

(And to be clear here, I’m only raising questions as a devil’s advocate. Taking Daira’s technical, instead of ideological, concerns as-is leaves me comforted that the Qedit R&D proposal was stopped in it’s tracks).

As Toki, mentions too, we all know that great scores of ZEC buyers have done so on CEXs via T-addr/tx, and have subsequently suffered surveillance, without realizing it. The feeling seems quite naïve (or overly optimistic) to suppose that all ZEC owners understand the nuance of T vs. U/Z.

This is why I wonder what is really so different from the hypothetical surveilability within the ZSA stablecoin feature set? It seems equally as rational to assume that users of centrally issued ZSA-stablecoins would know that there is an element of surveillance involved, for the sake of compliance/ legality.

What is the utility of a stablecoin on the Zcash chain, if it’s fully transparent? People have lots of fully transparent stablecoin options. The distinguishing feature of a stablecoin on Zcash would be precisely that it is shielded. Transparent stablecoins compete on features like vendor integration and the reliability of their issuers or issuance protocols.

Any token for which the entire transaction history can be exposed should be considered fully transparent. So as far as I can tell, a surveilled stablecoin on the Zcash chain is not only antithetical to many of our goals, it also has no utility whatsoever.

This is exactly the right question! My post above is my opinion about exactly this question.

My answer is that consent is all about what’s your alternative if you opt out. T-addresses provide an extremely high level of consensual control to the end user, because nobody can stop you from opting out of a t-address or opting into t-address at any time. It takes only a few seconds and costs less than one U.S. cent (1/100th of a U.S. dollar), and not only is it difficult — near impossible — for anyone to proactively prevent you from doing it, but it is difficult — near impossible — for anyone to even to tell that you did it, in order to punish or coerce you after the fact.

So by my way of seeing things, t-addresses as they currently exist, married to Z-addresses in the full Zcash protocol, honor the individual’s consent to a high degree.

The proposed, now abandoned, “surveillance” feature for ZSAs would not offer the user a similarly permissionless and consequence-free way to opt out. Maybe, for wealthy and well-informed people in countries with strong civil rights, they could sometimes opt out of the surveillance by moving their money into their fiat bank account (into the grasp of a different tentacle of the surveillance regime) or something, but there could be a lot of people who wouldn’t understand the surveillance, and who would just not have a reasonable alternative, because they are depending on Tether/USDC for their daily bread, and if they decide they don’t want to be surveiled, or if their Tether/USDC account gets frozen, then their children go hungry.

So for people like that, being subjected to the surveillance feature would not be consensual.

Does that make sense? The reason the two things are different, to me, is that they offer very different answers to “What would the consequences be to a particular individual if they wanted to opt out?”.

There’s one way in which the transparent pool does not provide an opportunity for consent, and I believe it’s an important one, worthy of nuanced discussion.

When receiving funds, the recipient does not have any control over whether the sender has behaved in a way that preserves the sender’s privacy in the past. With the existing transparent transfer protocol, it may be the case that an unwary sender’s behavior may be traced via their interaction with the transparent pool, and that unwary sender may then be compelled to reveal information about their counterparties - which could be you! So by choosing to receive Zcash funds, a user of the protocol as it exists today is compelled to take on some risk of discovery that is not under their control.

Now, even in a fully-shielded version of the Zcash chain where the Bitcoin Script functionality and transparent addresses have been removed from the protocol, it’s possible for a malicious sender to reveal information about their counterparties. But malicious senders should be distinguished from incompetent or incautious senders when considering these sorts of risks.

Of course, on-chain behavior is not by any means the only or the largest source of this kind of risk. But it’s still worth considering. On-chain lack of privacy permits “fishing expeditions” where other kinds of incautious behavior might require a more targeted sort of inquiry to discover.

deprecation of the transparent pool is the only way to get good zcash adoption and try to mitigate zcash 21 mil security budget problem somehow

zcash need adoption

It doesn’t need to in practice, imo, because users already have ample access to Tether, USDC, et al in production stablecoins with insufficient privacy protections. So my thinking is more that its an opt-in chance for better privacy than they have today…

I viewed the Qedit concept as taking a step in the direction of providing a better than what we have now implementation. Although it would knowingly fall short of the ideal.

What we have now is Tether / USDC which are both wholly surveillable by issuers, and by third parties, and by everyone else with an internet connection.

My understanding of the Qedit concept was that it was an enhancement because it could have eliminated the problem of being surveillable by anyone with an internet connection… reducing risk down to only that from the issuer and ~qualified third parties (lets call em’ evil corporations and governments)

Here is a mess of a X-Y concept about stablecoins, and how we could try and determine ideals, vs. perhaps tolerable middle-ground solutions heading in the right direction.

I’d suggest that the ideal stablecoin would be
_ decentrally issued
_ decentrally collateralized
_ (dynamically collateralized, not even on my graph)
_ entirely shielded
_ omni-fiat morphable (i.e. I can instantaneously convert to any fiat of my choice, fee-free)

image1539×1353 71.4 KB