No Appeasement. ECC Update

Hi Zeeps.

A friend of mine was recently speaking about Great Britain’s strategy of appeasement with Nazi Germany leading into World War 2. He was talking about it in a different context, but I believe that much of the crypto industry is making the same mistake. It rhymes.

Under the 1919 Treaty of Versailles that ended WW1, the Germans were militarily neutered, forced to pay significant reparations, and lost a substantive amount of territory. Germany debased its currency to pay their debt, which led to hyperinflation. The Great Depression in the US and the loss of natural resources further exacerbated their economic woes. Hilter and the Nazi Party emerged with the promise of economic recovery and to do away with the Treaty of Versailles.

Britain wasn’t doing well financially either, and after five years and over 700 thousand lives lost in WW1, the Brits were understandably weary of war. And so, when Germany started picking away at the conditions of the treaty, Britain’s prime ministers, largely under Neville Chamberlain, implemented a strategy of appeasement. Bit by bit, Germany began building up its military and then expanding their territory: first into Rhineland (a demilitarized zone to the west), then by annexing Austria, followed by Sudetenland in Czechoslovakia with the blessing of Chamberlain under the Munich Agreement.

Emboldened, Germany then began its invasions into Czechoslovakia and Poland. The rest, as they say, is history.

Much of the crypto industry has also embarked on an appeasement strategy with global governmental authorities.

It’s no surprise that the powers of traditional finance are quick to embrace regulations that favor their ability to maximize profits. Many, like Blackrock’s CEO Larry Fink, are even touting the benefits of a single completely traceable currency.

But what is more alarming is that crypto projects and the industry is increasingly employing an appeasement strategy. Case in point, this clip is from the first US Congressional hearing on Defi, which occurred this week. If you don’t want to listen to it, I’ll paraphrase the discourse:

Congressman Foster: How are you able to dox everyone and ban people if they are allowed to protect their identity and store their own money? By the way, I can teach you how to program blockchains sometime if you’d like.

Rebecca Rettig: We have groups that work with the government to trace people.

Congressman Foster: Can you trace everything? Because we need to be able to trace everything.

Rebecca Rettig: We can’t trace everything under the BSA* either, but we should try to surveil at least that well in crypto. *The Bank Secrecy Act allows the government to spy on you through your bank without your consent.

Congressman Foster: If we decide someone is bad, how do we cut them off from access to financial services if we can’t surveil them?

Rebecca Rettig: Decentralized finance will have actors that behave like banks, provide reports to the government, and allow the government to trace not only the person we think might be bad but also anyone they interact with.

Congressman Foster: How do you trace everyone, though?

Rebecca Rettig: The crypto industry and government are working hand-in-hand and can do this very effectively, much better than you can when not using crypto.

Congressman Foster: Even if people use really good privacy-preserving technology (like Zcash)? Hmm, maybe we shouldn’t talk about this publicly because its too dangerous.

Rebecca Rettig: We have stopped criminals because we are really good at tracing this stuff.

I’ve only met Rebecca in passing. She is bright and likely well-intended. But if she believes what she is saying, she does not represent the ideals that many of us are here for. If she does not or isn’t sure, it’s appeasement. This is not unique to her, and many I respect are cheering her on.

Congressman Foster’s argument is sophistry. It’s the idea that if people have privacy and self-sovereignty, we might not know if they are doing something bad, and if we might not know someone is doing something bad, no one should have access to privacy and self-sovereignty. Attempting to address this argument because the person is in power is appeasement. The truth is that law enforcement has all kinds of tools to identify and prosecute evil-doers, and stripping away the freedom and rights of all people so that we might catch a few bad actors is wrong.

Additionally, while corporations and MSBs (money services businesses) must comply with the laws in which they are domiciled, this discussion was about decentralized finance, which is open source software made available as a public good for all people, all around the world and not just the US.

This appeasement strategy is also affecting many of us who are building human rights-preserving public goods. Freedoms are being taken away, not granted. The founders of Tornado Cash and Samurai have been jailed. Zcash has been de-listed by exchanges and we have been told to consider something akin to adding a back door.

Projects like Dash and Horizen ditched privacy out of compliance concerns. Other projects, such as Privacy Pools are implementing “compliant” solutions. While they have the best of intentions, these are acts of appeasement. Bit by bit, we will lose more and more until one day, the hammer will come down so strong that there will be no choice but to pick a side. Tyranny or freedom, you chose.

Lest we in the Zcash community believe we are not immune to the lure of appeasement, we need to look no further than the decision to implement TEX address support. We bent the knee to the Binance compliance team, and I wish it were something that we refused. Binance didn’t want to have to conduct enhanced due diligence if they couldn’t see where a deposit originated. And so, war-weary and fearful of being cut off, we invested a ton of time and resources to comply with their wishes. When will single-hop transparency be deemed ‘not good enough.’ What will be our line in the sand?

Let’s take a lesson from history. A strategy of appeasement will not work. The mouth of the tiger is already open. We must continue to stand up and stand firm, unflinching because our mission is the betterment and freedom of mankind. There is no more noble a cause.

Here is where we focused this week:

Zashi

Design

  • Reworked Send UI and its Address Book components
  • Started working on new screenshots for the stores
  • Finalized Settings UI update
  • Prepared final designs for the devs, including design system variables and dark mode
  • Tested Keystone HW device and mapped out the onboarding & setup steps
  • Supporting Marketing with ad hoc design work
  • Updating Request ZEC flow based on the dev + product feedback

iOS

Unique Installs: 3.1k
Total Downloads: 3.64k
Rating: 4.9 ★

  • Finalized the Flexa integration, and payment flow is ready on our side; several bugs are blocking us and will be resolved in Flexa 1.0.2
  • Released SDK 2.2.2
  • Rebased and merged all Zashi PRs (8 of them)
  • Updated Zashi Release 1.2, already approved by Apple
  • Implemented Address Book feature, add, edit or delete a contact complete
  • Made design components for text fields, text editors, and buttons
  • Send screen UI/UX update in progress

Android

Total Install Base: 1.99k
Total Installs (incl. Open Beta): 6.41k
Rating: 4.679 ★

  • Merged Dynamic Server Switch - working on a crash issue with API 27
  • Finalized and merged Settings UI redesign
  • Finalized and merged Transaction Resubmission
  • Implementing and testing Shielding UI
  • Coinbase Onramp - PR review and testing
  • Finalized Android 15 support - ready to be merged
  • Made some progress on the Flexa integration
  • Investigated user reported syncing issues

Zcash Core

Other

We began releasing a series of product marketing content, including:

Treasury management research.

Continued contract negotiations with Raise for gift card purchases in Zashi.

Signed on with CoinTracker in support of accounting needs.

Bi-weekly sync meetings with Qedit and Shielded Labs.

I’ll be speaking at DevCon in Bangkok in November on why crypto is failing the cypherpunks.

Paul (now Coinbase and Bootstrap board member), along with Project Glitch, is organizing and hosting the DC Privacy Summit in October. The speaker lineup (including Zooko!) is incredible, and I’m honored to be a part of it. You can hear more about the event here.

I’ll be in Singapore all next week. If you plan to be there, let’s meet.

That’s all of this week!

Steadfast and true,

Onward.

24 Likes

Talk about sophistry. I mean clearly, you’re talking about a strategic decision affecting the project. That is literally part of governance. I don’t think I need to say more.

But I will: implement a dev fund zec holders on-chain checkpoint and take the habit of polling zec holders for important and controversial matters.

3 Likes

What a terrible use of an analogy used in this update. To use your position in this light to lump a three trillion industry into this way. Shame on you!

Look no further than using real life tools, such as in Northern California in front of a jury, fight for company and your shareholders rights. Better yet put your mouth to action and run for elected office and enshrine your ideals into hard fought words build into the law.

3 Likes

It’s disrespectful, inapropriate and revolting on many levels. But because it’s eloquently formulated by the CEO of Zcash, it will be absolutely fine from the perspective of our dear moderators. @daira I have enjoyed that you stood up publicly against my reasoning when it came to using mildly offensive words (ie “idiot”) on this forum; now I would be truly appreciative if you would share your thoughts on this much higher level of disrespectful discourse.

2 Likes

Love the honest take, few talk openly publicly. Tough question for sure :shield: :zebra:

9 Likes

Thank you for discussing this topic.

I think many of us within the community did not agree to give in to Binance for the development of the TEX addresses. In that case Binance and government oversight won. But it was done and the option is there.

People need to be taught that the “surveillance options are there”, but that we RECOMMEND always using the private ones.

This week I had the wonderful experience of teaching young people about Zcash, Zingo, Free2Z and other things, and the question that came up was: how do I change my ZECs to dollars or bolivars? Can I use Binance, which is the most recognized exchange?

To everyone I said: yes, you can use it, only if you manage T addresses, but I recommend you to use Coinex and other exchanges that allow you to use your Z or U address. Privacy is normal!

Personally I have become more of an activist for privacy, for not depending on bank surveillance… and it is a job that all of us who believe in this must do.

I hope that in your conferences and interventions you can also raise awareness about this. It has to be done! I perceive a lot of fear in the crypto ecosystem when it comes to regulations and privacy. We must recover the cypherpunk spirit!

11 Likes

Say it louder for the people in the back!

Make zcash so good exchanges will fight governments to list it. Anything less is a waste of all our collective time

4 Likes

You would have difficulty finding a hairsbreadth of difference between @joshs and me on this issue. [1]

I’m not a moderator of this forum. But I strongly disagree that there’s any problem with using historical comparisons, including to fascist and totalitarian regimes, when describing the current global assault against privacy and other freedoms. I have done so on many occasions, and I would and will do so again.

For instance, recently I appeared on a panel about privacy at TUM Blockchain, and was asked similar questions to the ones @joshs is addressing in his post, about whether a compromise with the surveillance state was possible on financial and communication privacy. Both the substance and the expression of my answers were quite similar to Josh’s.

During that discussion and in the context of how financial and comms privacy relate to bodily autonomy, I made a comparison of the Stasi surveillance regime in East Germany, involving the co-option of citizens as spies against their neighbours, to current abortion laws in US states such as Alabama and Texas [2]. The correspondence is direct: those laws also co-opt citizens as spies, by offering bounties to report anyone seeking or helping to provide an abortion. I didn’t state it explicitly on the panel, but the Stasi and the East German government also extensively used financial surveillance, as have other oppressive regimes. My overall argument, which I’ve alluded to in previous talks, was and is that financial privacy, location privacy, bodily autonomy, and freedoms of expression and assembly are intertwined. In particular an adversary against any one of these can often gain an advantage in attacking the others. For that reason, and also from fundamental principles of justice and freedom, we must take an uncompromising stance against weakening protections for any of them.

I also explicitly called out the importance of including governments as adversaries when modelling security. This is partly because our political structures are, despite any appearance or opinion to the contrary, unstable. It is not only possible, but it has happened many times and is at significant near-term risk of happening again in the United States, for a supposed liberal democracy to become a totalitarian regime very, very quickly. I also said, when asked about terrorist financing, that governments sometimes directly fund and sometimes are the terrorists. I didn’t mean that as hyperbole; I meant it literally.

Video of the panel might be published on the TUM Blockchain Club YouTube channel. I will link the specific video when and if it becomes available. [3]

[1] Although it’s true that Churchill was one of the most vocal of those pointing out the folly of appeasing Nazi Germany, he was also a racist whose policies towards India, for instance, had a terrible and well documented death toll. So he is not who I would choose to quote.

[2] In the session I initially said Florida, but then was unsure about the exact set of states that have passed such laws. In fact a similar law has been proposed but not passed in Florida.

[3] The video of panels at TUM Blockchain is published within a few days if and only if everyone on the panel agrees to it. I’ve agreed but I don’t know whether the other panelist and moderator have.

9 Likes

I don’t agree that Zcash bent the knee. As @daira has repeated many times, TEX addresses don’t compromise any privacy properties the Zcash Protocol. I can also bring up a quote from Thomas Sowell, that @zooko really likes and uses often: There are no solutions. There are only trade-offs.

TEX addresses are a trade-off. And as such they are sour. Nobody likes trade-offs. It’s not something anybody ever feels proud of.

I do agree that we need to learn from (our) history and be better prepared for the next time they want to draw a line in the sand, so we don’t have to trade-off and we can tell them to walk off.

7 Likes

I agree. In fact I’d like to take this opportunity to apologize publically for arguing in favour of that option at the time. I’ve learnt from it and I also believe we should refuse any similar requests in future.

As a (non-succinct :sweat_smile:) proof that I actually have learnt, most of the rest of this comment is a detailed explanation of what we were thinking and why we were wrong. This is critical to help us make better decisions, to come back to and remind ourselves and spot analogies between this and any similar future cases.

The gist of the argument concerning privacy was as follows: the intended behaviour of wallets for payments to a TEX address is to send from the wallet’s shielded funds to a fresh ephemeral t-address, and then to the TEX address in a separate transaction. If implemented correctly this leaks no information, and therefore causes no privacy loss, compared to sending directly to a t-address from shielded funds. (There are nuances about paying multiple TEX addresses but we needn’t go into them.)

The privacy implications were the main potential obstacle to doing something to (possibly) avoid delisting from Binance. Given a solution to those, there was a realistic chance of avoiding delisting —at least in the short term— by adding the new address type. This could be done without a consensus change, and in a reasonable timescale and with reasonable effort (we thought).

There are several problems with that overall argument that I should have given more weight.

Working on “compliance” [mis]features costs engineering bandwidth and time that we vitally need. We’re essentially in a race for adoption of Zcash versus a regulatory and political attack on financial privacy. This is not hindsight; we knew it at the time of this decision.

As it happens, we severely underestimated the engineering and time cost, but note that there is always the risk of such underestimation for any non-trivial feature. So the fact that we underestimated this one in particular is not the relevant mistake. The mistake was not properly factoring in the risk of underestimation.

ZIP 320 is not even done yet! It still requires more work to ensure that any money sent back by the recipient of a ZIP 320 payment will be recovered. It involves code, database schema, spec, and ecosystem additions (e.g. wallet support for the address format) that will need to be maintained. Although I don’t know of any inherent weaknesses, the associated complexity creates ongoing attack surface.

We have previously noted that work on ZIP 320 support ended up overlapping with work on transparent functionality that was needed anyway for zcashd deprecation. That is true, but should be discounted in assessing the wisdom of our decision about ZIP 320. We didn’t plan in advance for that overlap, and so that wasn’t part of the decision. It would only be valid to take it into account as a positive if it had been planned. Also, it is possible that the necessary transparent functionality could have been implemented more simply, or avoiding some bugs due to the complexity of bundling it with the ZIP 320 support, or with smaller maintenance costs.

Not only the actual engineering cost, but also the perception (inside and outside the Zcash community) of what we’re spending time on, matters.

The potential value of the feature in avoiding delisting was and still is contingent on decisions of a third party. Binance haven’t dropped Zcash but they still could.

As @joshs pointed out, they could also just start sending back every payment that is one hop from shielded (which would include every ZIP 320 payment), forcing their users to send from t-addresses without the protection of those addresses being unconnected to their other t-address usage. Ensuring that protection manually would at best require unreasonable and unrealistic effort from the user, and is impossible in some wallets.

This isn’t even fully under Binance’s control. It depends on what their outsourced “risk assessment” providers do. We can’t assume those aren’t adversarial or won’t come under further regulatory pressure.

Related to risks of third party decisions, a lesser issue is that I inappropriately counted advantages of one of the two possible design approaches —the option using UAs that was dropped in favour of TEX addresses— toward the benefit side of the decision. I should have discounted those advantages given that it wasn’t under our control whether that option would be taken.

We should be focusing on decentralized exchanges. Many critics of ZIP 320 said so at the time, and they were right. The mistake here was in thinking that we would have enough bandwidth to do both. But in fact this has distracted to some extent from work toward DEX support. This was also predictable without hindsight.


That was a wall of text and perhaps there is also a simpler argument. Suppose you are an adversary trying to expend the engineering resources of ECC and other Zcash ecosystem participants unproductively.

What better thing to make us work on? Something that:

  • Focuses attention on centralized exchanges.
  • Has the risk of expanding to other exchanges (even if we tell them not to, as we have in some cases).
  • Has the risk of doing nothing useful at all except expend effort, depending on future decisions of a third party.
  • Requires a heap of complex justification in order to convince people (perhaps) of nothing more that we’ve stood still on privacy.
  • Increases the complexity and potential attack surface of the protocol at the wallet layer.

It’s part of my job to consider the overall cost/benefit of proposed features from ECC’s point of view, and I don’t think I did so with sufficient skepticism in this case. Features that aren’t directly focused on directly improving privacy or the usability and applicability of the shielded protocol, at this point in Zcash’s evolution, need to clear a higher bar.

Note: we could have done worse. This decision was carefully considered, and it was made in good faith. It seems to have avoided delisting from Binance for now, which is what we were trying to achieve. What I think we got wrong is to over-value that goal relative to the costs. In that sense it wasn’t the right decision, and not just in hindsight. I take responsibility for that (both as ECC’s engineering manager and because my arguments were persuasive), hence this apology.

15 Likes

They want the funds to come from a transparent address. I have a separate “Binance” account in my wallet, which I use as a staging area. Its address doesn’t change, but neither does the Binance TEX address. Therefore, is there a loss of privacy?

3 Likes

I confess that at first I had a single wallet for everything, but over time I changed and use a different wallet to receive the Zcash that I buy on Binance. I have already transferred my coins about 3 or 4 times to different wallets. I like to transfer the coins from Binance to a mobile wallet and then transfer them to my current wallet, I feel safer having a separation between the transaction wallet and a reserve wallet. My fear is that one day the government will ask for proof that I bought everything from Binance, since I no longer have access to the various wallets that I used to receive the coins from Binance.

1 Like

When ywallet gets transparent-only accounts, TEX maye be restricted to them.

1 Like

I’m glad this doesn’t compromise the privacy of the protocol. But my hope is that other exchanges feel the urgency to support shielded pool deposits. I feel like this request was so that they don’t have to accommodate zcash, and instead they asked to be accommodated.

2 Likes

Glad we are now in agreement on this. I have tried my best [0] to convince you all on the dedicated thread pertaining to this matter but a voice on a forum has very little weight. It has been a great waste of time.

Now what is the greatest waste of time? Not dedicating resources to implementing a dev fund zec holders on-chain checkpoint and take the habit of polling zec holders for important and controversial matters. It will be such an evidence in the future, how can we not see it today.

Yes I repeat it because that’s the only thing I can do at the moment as a ZEC holder to put weight / attention behind an idea.

Sorry but that’s a double standard that I find unacceptable.

You guys can essentially literally say that the current government is similar enough to make comparisons to nazis without being moderated in any shape or form. What happens to my account if I would say “I think @joshs is similar enough to a nazi because X”. That’s so much stronger than calling him an “idiot” (I do not believe either, I think he’s great overall).

I really appreciate you taking the time to detail you thinking. I wish I’d have a quarter of your writing, programming, logic, <you name it> skills. :sweat_smile:. Either way, I don’t like the analogy he has used but I believe in free speech so I’m glad he can express himself freely. Lucky him.

1 Like

By this same argument, shouldn’t we deprecate the transparent pool?

(Also amused by people mad at the comparison. Being “rude” against the US government isn’t forbidden by the CoC :wink: )

2 Likes

It seems many people have changed their minds on this. The reasoning I understood is that we don’t gain much by deprecating it. Apparently the privacy of the private pool is very high regardless of its size. I have not found a convincing mathematical formula to back that up though. Anyway if this is correct and on one side we don’t gain anything and on the other we lose several exchanges, it does not seem like a great deal.

The main point I would say is about wasting resources on short term vision projects, such as this Binance thing.

Is that a good thing that we cannot say mean things about people in the forum, but we can about people outside of it? Nobody is going to give a warning to @joshs so this will just make my case stronger that we have a moderation issue that now includes double standards. And so there’s no confusion, I am glad that @joshs could express what he said, even if I disagree.

I wouldn’t put too much faith in centralized exchanges. They have become global surveillance hubs and that trend is going to accelerate exponentially (just have a look at the upcoming EU DAC8 regulations for example).

2 Likes

Seems nobody really trusts centralised exchanges.

Great! Now download Bison Wallet and deposit Orchard ZEC - requires fully synced zcashd*

ZEC Market expected to open next week

3 Likes

Technically no, but philosophically yes.