Is anyone else concerned with terms like “self-custody” and “self-hosted” wallets?

We don’t refer to physical cash in our possession as being in our “self-custody wallet” – we’d say that we have cash in our wallet.

Good point. This language is an industry response (I also endorsed it when we were brainstorming) to language being used by FATF, FinCEN and other regulatory actors referring to them as “unhosted wallets.” It’s an attempt to shift the language and perception as “unhosted” is an attempt to color them as anonymous black boxes that shouldn’t be trusted.

Great context, @joshs, also highlighted by Deputy Treasury Secretary Wally Adeyemo’s remarks at Consensys last week [Remarks by Deputy Secretary of the Treasury Wally Adeyemo at Consensus 2022]

Second, we are working to address the unique risks associated with unhosted wallets. Because unhosted wallets are effectively just addresses on a blockchain, it can be difficult to determine who really owns and controls them—creating opportunities to abuse this heightened anonymity. Fundamentally, financial institutions need to know who they are transacting and doing business with to make sure they are not making payments to criminals, sanctioned entities, or others. When it comes to unhosted wallets, we are working to provide them the information they need to avoid facilitating these kinds of illicit payments.

seems pretty silly when read without unhosted, doesn’t it?

This warning strikes me as ominous–even existential–for zcash. Particularly with permissionless interoperability (e.g. renZec) connecting ETH and ZEC.

Glad to see the ECC hiring a Electric Coin Company - Current Openings

It’s all very well and good that ECC is hiring lawyers or whomever to shovel sand against the oncoming regulatory tide.

But to me it’s clear how that is going to end. Governments in pursuit of total control have spent decades wishing they could ban cash once and for all, and now they are salivating at the prospect of Central Bank Digital Currencies that will finally let them do just that. There is no way they are going to sit back and let Zcash get in the way of that goal, not when a formal corporate entity like ECC exists for them to get their hooks into.

At some point ECC is going to be strong-armed into some sort of regulatory compliance that will be at odds with the vision of financial privacy that attracted us all to Zcash. At that time it will be necessary for some new entity to step up, hoist the black flag, and explicitly oppose the whole concept of letting governments have control of cryptocurrencies.

I would love to see some signs that the Zcash community realizes this and is creating tech that is explicitly intended to defeat a hostile regulatory apparatus. Are there any nascent efforts on that front? I don’t notice any. I hope I am wrong, but my impression is that people naively think that the regulatory alligator will be content to just nibble at the edges of Zcash. In fact it wants to swallow the whole thing.

We have had conversations with regulators where requests and suggestions were made that are not only unacceptable, but also impossible. I suspect those requests and questions will persist.

There are strong proponents of privacy among policy makers in the US, but not yet enough education of nuances. Privacy is not binary - most don’t yet understand that or the implications. I also think that the tide will eventually turn against fully transparent storage and transactions due to foreign mass surveillance by other nation states and exploitive commercial entities.

That said, I believe that we need further decentralization of Zcash that is inclusive of the geographic dispersion of supporting orgs. I also contend that we need DEX options and other access to ZEC that doesn’t require CEXs. Thorchain is a good step forward. Cross-chain interop is important.

In Bitcoinland, we have a motto: Not your keys, not your coins. Multiply and exponentiate that for a privacy coin! I would file “trust me” hosted Zcash wallets in the same product category as pre-perforated condoms, fishnet parachutes, and the Emperor’s New Clothes.

Calling a normal wallet “unhosted” is like calling a living person “undead”. It is nonsensically twisted, backwards, upside-down, inside-out thinking about a natural, normal, and desirable state of affairs.

“Self-custody” is less offensive; and thinking about it now, I realize I have taken to using it sometimes. It is descriptive, factually accurate, and to my mind, a positive: It stands in contradistinction to custodial services, i.e. abnormal and unwise usage of cryptocurrency.

But now that you mention it, @zlawyer—good point. You may be right. Do you have any better suggestions, for communicating with people who do not understand the concept of a normal, ordinary crypto-wallet? Language is, after all, for the purpose of communications; and I would not want to self-marginalize with some sort of cypherpunk political correctness that obstructs communications rather than improving them.

^^^ This.

An aside on Realpolitik—

Excluding the types of people who become privacy activists, Zcash early adopters, and die-hard Snowden fans, businesses generally care much more about privacy than individuals. Money talks. Commercial espionage is a thing. Sensitive financials leak inside info to competitors. The transparent blockchain is actually a major deterrent to business adoption of Bitcoin; some Bitcoiners are painfully aware of this. (IIUC, this was one of the major reasons that pushed Maxwell to invent CT, which is used in a B2B sidechain product from Blockstream.) Insofar as I can see, I infer that much of the Ethereum Foundation’s interest in ZKP seems to be motivated by a similar understanding. (Even moreso with Solana, a business-savvy chain now getting ZK tokens.)

I have been intending to write a separate post about how Zcash could improve its messaging to hit a broader range of privacy use-cases—P2P, B2C, and B2B; a major part of my focus is on business use, where I think that Zcash has missed some huge opportunities thus far. Ideas that I hope will interest ECC, @joshs. TBD.

Here, suffice it to note that in the U.S., businesses have more political weight than individuals. If it comes down to a fight between surveillance-capitalism businesses, versus businesses that want to enjoy the benefits of “blockchain” without leaking all their financials to competitors—well, at least we will have a fighting chance!

I hold crypto in my crypto wallet

In theory, I 2²⁵⁶% agree with you. But in practice, “crypto wallet” means different things to different people. I know this from experience (and frustration) struggling to explain it to people who just don’t get it.

To you, to me, and to my bygone friend whom I will call Alice here (although she was so cypherpunk anonymous, he refused to reveal one bit of PII which would partition her anonymity set between Alices and Bobs), “crypto wallet” means exclusive control of your own private keys.

To people who don’t know what “private keys” are, or why they are important, “crypto wallet” means “my Coinbase wallet”—or even nowadays, literally, “my Paypal account”. (Before the autumn of 2020, I used Paypal as a rhetorical symbol in contradistinction to cryptocurrency—whoops!)

What terminology do you suggest using with them? “Self-custody” unambiguously denotes, at least, that you are holding your own money. Is there anything similarly simple and unambiguous, which implies that this is the normal and natural state of affairs?

In my experience, the most frustrating part of this is that people who don’t get it are not necessarily stupid. I have groped in the darkness of their incomprehension—trying to make the little light-bulb go on for some people with PhDs or professional degrees, who certainly have above-average IQs. A secret pseudorandom number that you generate all by yourself, which has exclusive peremptory control of money, must be one of those concepts like pointers and recursion.

nullius embraces-and-extends Spolsky:

In the spirit of T. C. May, I will be so brash: It has been my unhumble experience that there are two three four things from an alien world of pure abstractions which many people just never really fully comprehend: pointers, recursion, public-key cryptography, and zero-knowledge proofs.

Aside: Zcash has this problem even worse. I have known people who get public-key cryptography, but who just cannot wrap their heads around a system where you prove in zero knowledge that you validated your own financial transaction.

nullius embraces-and-extends Clarke:

Any sufficiently advanced cryptography is indistinguishable from magic.

I’m of two minds. On the one hand, I think modifying “wallet” with something like “self-custody” misleads because I don’t carry my “self-custody wallet” in my back pocket, I carry my wallet.

On the other hand, private key cryptography is literally a new paradigm. Perhaps we need to summon a neologism. Digital vault? Privallet? Private Irreplaceable Portal?

Also, “wallet” is probably not the right word: Stop Calling it a Wallet — Gaby Goldberg

As an amateur philologist, I understand that a language’s fixed idioms survive the conditions in which they arose, and become absurd, if not taken metaphorically. For instance, it is neither uncommon nor incorrect to say that a modern ship with no sails has “set sail”.

“Wallet” is a fine word. It derives from an earlier form of the same word, meaning a ‘bag’ or a ‘pouch’; indeed, if you read old books even in modern English, you can find usages of “wallet” in such archaic senses.

Its crypto-usage grew organically amongst early Bitcoiners. It has the advantages of familiarity and of metaphorical meaning; cf. the desktop metaphor. It lacks the stilted, forced, self-conscious quality of an unnecessary neologism. Although I am not categorically opposed to neologisms, I prescribe that they should be avoided when unnecessary.

To speak of a “cryptocurrency wallet” is no more incorrect than to say that the RMS Titanic set sail for its fatal maiden voyage on 10 April 1912. For that matter, it is no more incorrect than to refer to UTXOs as “coins” or Zcash shielded notes as “notes”.

On the other hand, I agree with this:

And it is one which most people will never understand. (Never mind zero-knowledge proofs!)

Without wishing to incite any mystical thinking, I suggest that the only explanations that could facilitate practical mass-usage are magical metaphors. Magical and mystical beliefs arise organically when people are faced with phenomena which they do not understand scientifically. Such psychology is an unalterable fact of human nature; here, it can be exploited rationally for the greater good.

The Magical Doctrine of Crypto

You have a magic number. You must keep it secret. As long as you keep your magic number secret, your money is protected by impenetrably strong magic. Invincible magic! If you fail to keep your magic number secret, then invisible “blackhat” evil spirits will take away your money.

If you yourself lose your magic number, then you will lose your money. To protect against this, use the standard magical transformation^* of your magic number into secret magic words—sometimes confusingly called a “mnemonic seed phrase”. Store your secret magic words with secure physical backups, not on a computer—and keep them secret!

Wizards offer advice about how to protect your secret magic words.

Image credit: Jameson Lopp.1200×1057 356 KB

Beware: Tricksters known as “phishers” and “social engineers” will sometimes try to beguile, confuse, seduce, or otherwise scam you into revealing your secret magic number or magic words. Don’t tell them your magical secrets!

That is a practical explanation. It communicates all that 99% of people need to know. And anyone in the world can understand it!

I have previously used magic to explain the Bitcoin mining process. nullius, 2017-12-15:

I add that each magical security stamp (a.k.a. “blockhash”) is magically bonded to all previous magical security stamps.

/me secretly loves magic.

^* A note to pedants: I understand perfectly well that the transformation works in the opposite direction: BIP 39 casts its magic words through 2048 iterations of the “PBKDF2-HMAC-SHA512” spell into the magic number input to BIP 32 (or ZIP 32). Hypercorrections of my magical explanations would be unnecessary and unwelcome.

This is super clever. Making it fun is important