Principles for expanding z2z transactions

I am concerned with enhancing my own security.

Happily this goal is aligned with another thing I value which is enhancing my community’s security… and even more happily that goal is consistent with a radically inclusive community… to wit, everyone.

To be clear, this is a post about community values… it’s about Identity <–(notice the capital “I”) and Values! This post is not about something other than Identity, or Values <–(more caps).

Since we’re here, I’d like to mention that I have another value which is Reason. I like to use evidence based thoughtful arguments to expand my understanding of the Universe… especially around issues where I need to make decisions. As Far As I Can Tell, this is a really healthy way to approach decisions, and a fun way to approach the universe.

Since my last post on this forum I engaged in behavior that has become commonplace for me since last summer.

pay_with_zcash1512×2016 1.57 MB

As (I hope) you are aware there are at least 3 widely available z2z wallets.

I was in a ride-share car yesterday.
The driver and I chatted about stuff… the usual stuff… is there such a thing?

Anyway, he like most people I discuss zcash with, was quite interested in the topic, and very open to trying out a z2z wallet.

At the end of the exchange I left him with a zcash (z2z) tip and the sticker in the picture (I bought that sticker with… guess what?!?).

The driver example is just one of many examples of me introducing people to z2z zcash in the past month.

I prefer to offer to pay for goods-or-services with zcash during in person interactions.

I didn’t require any permission to invite this person to join the zcash community. I just extended the invitation (which was quite positively received). I don’t know how that person will use zcash. Will they engage in a range of z2z mediated activities? My crystal ball fails me.

I also engage in repeated business with my local coffee shop owner. He makes me a latte, I pay him z2z zcash… lather-rinse-repeat. He definitely knows a great deal about zcash-based products and services, because now he’s shopping for places to spend his zcash. In particular, he mentions resources to me, that I hadn’t previously been aware of. We’ve been chatting about getting his roaster to roast a batch of beans for z2z zcash. Meanwhile I have the intention of paying dues at my gym and hackerspace with z2z zcash.

Is there governance involved here? Yes! I am governing myself in these choices! The people I have onboarded into the community are themselves making autonomous choices that impact the expansion of The Anonymity Set, and more generally the vibrance of the zcash community. So the “governance” is distributed among us… more distributed with each new adopter.

Is the security (including privacy) of the community enhanced by my actions? Yes. I have directly engaged in a number of z2z transactions, I have indirectly catalyzed some other number of z2z transactions that I was not party to.

Now I would like to circle back to an earlier point. I said that I valued “Reason”. I’d like to invite reasoned discussion of this strategy. In particular I am curious about @tromer 's opinion on this post because:

I believe that he and I have disagreed in the past. I believe he has thoughtfully explained the reasoning behind his Different Position, in the past, and I have consequently changed my mind. In other words, I feel like I learn interesting things… gain insights from, @tromer 's reasoning. I Value that!

As a challenge, I’d like you (Dear Reader), to consider how many people you have onboarded in the last month…

Finally, I want to highlight something I believe to be critical:

I could NOT have engaged in this behavior 1 year ago. The technical innovation of the wallet developers (atop the innovations of the protocol developers, atop the innovations of ZK proof cryptographers, atop the innovations of Professor Ian Meiers… atop the innovations of Aristotle) enabled this new possibility for me. Thank you Ian!!!

Summary:

1. Wallet innovation has enabled me to personally expand the anonymity set
2. This is a distributed process where governance is localized to each actors individual decision
3. The same innovation that empowered me, and autonomy that I exercised, is now in the hands of each individual I have onboarded. Each of them has the potential to catalyze z2z usage and (more importantly!!) more adopters non-linearly.

That’s a great use case for those stickers! I only have a few left if anyone wants one.
https://twitter.com/paywithzcash/status/1236399367969439745

If I don’t need more soon… then I will have not reached some self-determined goals!

Actually, how much ZEC are you asking per sticker? How many do you have left? I might just take the rest of your current stock.

8 more left, and I believe they cost ~$1 each to make because of the custom key shape design and holographic coating. So cost plus shipping is good w/me.

I’ll take the lot!

Deal! I’ll see if I can get more made, but no guarantees.

Hey @zancas, I love what you’re doing here. I wish my own attempts at grassroot education+airdrop were as effective as yours!

And yes, you’re absolutely right that none of this would have been possible before shielded mobile wallets become available thanks to the hard work of the ECC wallet team, @adityapk00, the Nighthawk team and the earlier attempt by Guarda. These wallets are a great show of what the ECC community is capable of, by join action, when they keep their eyes on the ball of shielded adoption.

Of course, there’s a lot of work left to improve usability and security of the shielded wallets. Especially on the usability side, what’s your experience with common hitches that these people encountered?

I’d be delighted to relate some things, hopefully @adityapk00
and other wallet developers will notice.

Although I haven’t played with it yet, I believe this wallet:

supports z2z transactions in addition to NightHawk and Zecwallet (mentioned above).

Observations:

For zecwallet lite:

There is a button (up arrow shaped) in the “Send Perspective”, this button causes the entire balance of the wallet (or perhaps spendable balance?!) to be entered into the send-amount-field. I am uncertain what the intention of the designer is/was, but I observed a User accidentally send the sizeable balance of their wallet to a Receiver. This was NOT the intention of the User. Because The Sender and Receiver were close associates (sitting next to each other in the same room), the situation was soon remedied. However the risk introduced by the existence of this button is unacceptably high.

The term “seed” is confusing. I have yet to onboard a new user who understood what a “seed” was, even if they immediately understood the reason to store it.

Most people… study the seed page for about a minute, and then take a screen shot. I usually interject that they should make sure that the seed phrase is “off the phone” in case the “phone falls in the toilet”. <–(I have no direct evidence of this actually happening.)

One user, upon encountering the “seed” on-boarding screen laughed and asked me if it was a kind of joke.

Maybe the phrase “back up code” or “recovery phrase”… would be better than “seed”?

Some people, wrote the seed down on a piece of paper, but again, most took a screen shot.

I have observed User’s getting stuck inside a relatively deep interface. When interacting with the “Send” perspective they would select a field (e.g. amount) this would cause a phone interface offering numeric input (a number keyboard) to pop-up. Several different Users (including me) then had difficulty rediscovering the zecwallet interface (i.e. the send, wallet, receive) buttons, as they were obscured by the phone-numeric-keypad. The answer was to press the “zecwallet symbol”. This was non-obvious.

A significant difficulty arose when a User was trying to acquire a “receiving address” from a second New Onboard.
The Sender asked The Receiver for an address. (In a side channel.) The Receiver sent a screen shot of the Receive page which includes a QR code, and a character encoded string representation of the address.

The Sender was unable to use the screen shot (her QR code scanner being the camera on her zecwallet-lite phone).

I then explained that it would be better for The Receiver to send the string-encoded version of the address.

The Receiver typed in each segment of the address as displayed in Her Receiver screen. She started at the top-left most chunk. She then moved down one row to the left-most chunk in the second row… she iterated through the chunks of the first column, and then moved to the second column… all the while laboriously typing by hand…

I felt pretty bad about that process (which I only became aware of after the fact). She, The Receiver, then sent each chunk in it’s own side-channel message.

Even if she had the correct ordering for the chunks, The Sender would have received them as a series of individual chunks.

I think a terse description of how to use each Receive representation might solve most of this/these issue(s).

After significant coaching The Sender became familiar enough with cut-and-paste gestures in zecwallet to explain them via text to The Receiver.

It is not obvious that the string/character representation CAN be copied-and-pasted!!

Once The Receiver copied and pasted to The Sender, The Sender was able to send a “test transaction” of .0(n)1 ZEC.

Once The Receiver acknowledged receipt the The Sender noticed a warning in Her ‘Send Perspective’ notifying her that some transactions hadn’t been confirmed yet. She told me she couldn’t send more funds to The Receiver immediately (though that was her intention, and she had already announced to The Receiver that she was doing so).

taddresses:
Several alert adopters asked me about the “taddress” option. I explained to them that it was an option used in an obsolete version of zcash, that it was insecure, and that the only reason it was still available was in case someone needed to convert from an older version of zcash.
I then reiterated that taddresses are only available for the case where you have to upgrade old zcash, and that they should almost never be used. Thus far everyone has shrugged, and as far as I am aware use zaddresses exclusively. The sole exception was a User who was sending from a source that only provided a taddress option. I recall that occuring once.

Finally, it is not possible (As Far As I Can Tell) to copy data out of the encrypted memo field using the phone copy-and-paste buffer. I believe enabling copying-and-pasting from the memo field would be very useful in many cases, and it should be enabled/implemented as soon as reasonably possible.

Overall the zecwallet is reliable, responsive, and has reasonable defaults, for an innovative software project.

It would be significantly enhanced by:

• removal of the Epic Surprise “Send All” button
• allowing copying and pasting from the memo field
• terse hints emphasizing the utility of cut-and-paste for extracting and sharing the string representation of zaddresses
• perhaps an automated transaction (opt-in?) that makes spendable funds available as early as possible
• shifting focus between the wallet buttons (send, wallet, receive) and more generic phone interfaces (number keys) is non-obvious, perhaps the zecwallet symbol should be made to appear more “button-like”?
• the version of the software differs between the phone apps, and the desktop app. I was confused by this, and spent some time believing that my phone app, had somehow missed software updates.

P.S. – I have decided to flip a coin, outcome A → I will spend the next 30 days onboarding folks into NightHawk, and I will post some impressions here. B → I will spend 30 days onboarding people into Unstoppable, with impressions here. Following that I will play with whichever wallet remains (of The Shielded 3).

Since I posted the preceding review, I was asked about whether pin-protecting zecwallet seemed like an important feature.

I am a very enthusiastic advocate of adding a face/pin-lock to zecwallet.

This is very helpful, and your feedback is very valuable.

I’ve started working on fixing the things you have identified.

You’re my hero!

How difficult is it to use the existing Android or iOS fingerprint scanner? My Gemini app has the option to set a passcode or fingerprint to log in.

plus FaceID too

Oh… boy @adityapk00 I am imagining an app that you could implement in/with zecwallet, that I really want, and that I think would be super easy for you to do.

I think it could be really useful for lotsa’ folks… especially when The ECC comes through with scaling!

Want to chat about it?

This is awesome!

One case that sounded important was you onboarded a barrista that you visit regularly, so that you have repeat interactions.

When I hear about a one-off event, like giving ZEC to a ride-share driver, I have medium-to-low confidence that ZEC will ever re-emerge into the “zeconomy”. (If that person later hears news, that increases the chance they’ll transact their ZEC again, and rising price news is probably a great motivator.) OTOH, you get to learn about a total noob on-boarding perspective, and that’s super valuable.

By contrast, a repeated relationship with repeated transfers and practice seems much more valuable.

This is, quite frankly, very awesome. If Zcash had a growing percentage of agitators like this who were onboarding repeat users who are doing things like trying to onboard their business suppliers, what rate of growth in repeat users would compound into something substantial in 2021?

Please let me know if that acquaintance successfully makes any supply purchase with ZEC, and what he can report about the experience of “downstream onboarding”.

One time noob onboarding < repeat interaction onboarding < multi-hop business supply chain onboarding < cycles of multihop zeconomy and/or multiple vendors/suppliers/customers to choose from.

I’m inspired. I’m going to personally commit to onboarding at least one repeated transactor in January, and 3 in February using any shielded wallet. This will be fun, because I’m terrible at salespeople skills, so it’ll be a noob challenge for me.

Brainstorm: what if @zancas puts the users he’s onboarded onto ZecWallet into direct touch with @adityapk00 or other “community tech support” folks to make a tighter feedback loop for product refinement?

Usability brainstorm:

I assume for these kinds of onboarding cases that @zancas mentioned, they’re bootstrapping from personal connections (ie: daily barrista+customer interaction, or the fat-finger case where the sender/recipient were sitting next to each other). So maybe instead of QR codes, for these use cases sending your acquaintance a “request-for-payment URI” through something like Signal would be easier to use.

In fact, @zancas, did you say in the QR code case, the recipient send the screenshot in a friend-to-friend message anyway?

Tech exploration tangent: is there anyway to successfully combine QR codes and payment URIs into one thingy? My thinking is that a recipient who doesn’t know much about tech clicks a receive button, and gets a “Magical-QR-URI-THINGY”. Then they can give that to the sender in any manner of ways: show the screen to be scanned (QR code scanning), send through Signal, the user somehow “clicks on it” and it magically opens the wallet, cut’n’paste it, etc… I’m not aware of any way to handle all of these cases with a single artifact. I’m nevertheless inspired to search for that.

Interesting product development insight: if you asked me to imagine a “point-of-sale” use case, my mind would immediately jump to strangers using a PoS device like the market Square has cornered, so I would mentally exclude sending a payment-request-URI through Signal, because I implicitly assume sender and recipient are strangers. All of that would easily happen without me even realizing my assumption in the first place!

This is a great example of how on-the-ground experimentation shows that for these cases, at least, that assumption is wrong or misleading.

A coffee shop ordered some Pay With Zcash stickers awhile back. I wonder if that was the one you go to? If they’re accepting Zcash payments from general customers I’d be happy to add them (or anyone else you onboard) to the paywithz.cash website.

Is it in your plans to get onto stripe, xoom, transfer wise, payoneer, PayPal, cash, Apple Pay, and a long list of payment platforms seems? Seems these platforms are embedded into commerce—-