I would like to introduce a service that will increase the utility of shielded ZEC addresses. removed by op is a simple shapeshift-like service that uses shielded ZCash. Native connections over Tor are supported and the site is JavaScript-free.
You can send specific amounts for bill payments or just send zcash and let the site exchange it to equivalent BTC value.
The service is currently in beta, so any feedback is welcome.
“Privacy” but you have to submit your email? Converts it to BTC? Unknown provider?
This is only for customer service. It isn’t used in the normal operation.
Yes. This way you can pay any vendor that accepts BTC.
This is similar to xmr.to
Very cool
I’m not trying to be negative, I am glad people build stuff for the ecosystem, but this has a number of red-flags.
If you could explain a bit about how the service works:
*what ensures that users won’t just send funds and never get them back
*how are exchange rates determined
*what data the site collects about the users
*what correlation there is between the sender/website/tx’s
There are many Privacy risks to using a service like this, like connecting Z-address ownership to IP addresses. Connecting the Bitcoin output to a IP address and subsequent transactions. Correlation of time users visit the site to TX IDs, etc… Not to mention it could be working fine one day and gone the next.
Plus, the Zcash name is trademarked, did you receive permission from ECC to use it in the website name? Trademark policy - zcash foundation
Unfortunately any centralised system needs trust. In this particular case though the users can start with small amounts. One tangible proof that I’m not leaving tomorrow is the onion address. It took me 4 days and quite a bit of Google Compute funding to brute force a good address that is somewhat resistant to phising attacks.
Feed from exchanges. The actual, as opposed to indicative, rate is the rate at 10 confirmations of ZCash deposit. BTC is sent immediately after that.
Clearnet webiste is behind Cloudflare, unfortunately, for DDoS protection. However users can also use Tor address removed by op. Tor and Tor Browser anonymizes users, this means the only information stored on the server is the information given in the form.
ZCash obscures any blockchain links. Temporal link (transaction going in, transaction going out) is mitigated by batching deposits up to maximum order value (0.15 BTC currently)
Z-addresses are resistant to this attack. Unlike T-addresses you can’t associate a transaction with a Z-address that you don’t own a key for.
This is addressed by Tor which the site is designed around, in particular the no-Javascript restriction, which unfortunately gives it a feel like it is from the 90s.
It is my understanding that there is a general permission for
USE OF TRADEMARKS TO INDICATE ACCEPTANCE OF OR SUPPORT FOR THE ZCASH CRYPTO-CURRENCY
You may use the Word Marks and the Logos to indicate that you accept payment in the Zcash cryptocurrency, or that your product or service supports the Zcash cryptocurrency. Our Word Marks should be used in a way that makes the nature of the acceptance of or support for the Zcash cryptocurrency clear. Some examples of acceptable use include:
We accept payment in Zcash
[Your product or service] supports Zcash
Buy or Sell Zcash on [Your product or service]
Removed all references to the service due to trademark threats from a major community member.
To be clear, I made no “threats” I simply asked if you had permission to use the trademark. I don’t work for ECC and have no power of enforcement.
Users should know that by using such a service you are trusting a unknown third party with your funds.
Feel free to PM me if you want to straighten out things. I’m not shuttering the site yet, however I much prefer to remove the links myself rather than having non-existent attack vectors (“Z-addr collection”, “IP addr collection over Tor”) thrown at me by major community community members.
I can’t verify the validity of any of your claims, nor is it my responsibility to do so.
I don’t think the number of attack vectors possibly encountered by using this kind of service is zero. Clearnet website, asking for a users Z-addresses (which otherwise are not visible on chain) and a users email to correlate with that Z-address and the subsequent BTC funds sent out (which can be easily traced on-chain) is also known to you in the backend.
I urge caution to users and ask questions, that’s my job as a Mod. I have seen several websites like “zero knowledge bank” asking for users private keys, fake “Zcash online wallets” and fake “interest bearing” websites that later exit scammed.
So I apologize if I’m a bit cynical, the cryptocurrency space has its fair share scams.
Even if intentions are honest no one should trust such services. Even more with an onion address → website is untrackable and no legal action can be put into place in case of fraud.
With no garantees it’s not worth the risk.
Escrow is a much more reliable service and can be made without leeking any private information.
Edit: Welcome to the forums 
In all fairness, I like what you are trying to do. However people need to be sceptical. I wish you all the best, the comments in this thread are not meant to be seen as hostile, they are trying to help you.
If you can come up with solid and convincing arguments as to why Shawns concerns are acceptable risk, and be honest and forthright, you will get a lot of really positive attention. You are offering a really cool service and are taking a personal risk with this venture. By the same token so are your users. To get these users you need to convince people you are legit.
c’mon mate, its not like that. Shawn is a mod, so on here a lot more than most. I would have asked those exact same questions and possibly flagged your post because of the links. - They could have been to a scam for all we (as in the community you are trying to provide a needed service for) knew/know. Removing the links was a good idea.
Please don’t get discouraged, but try to engage more with people and address their concerns as if you want their business, not as if they are attacking your business.
A lot of people here are very good with personal data leakage/management so they will probably ask questions that you might not have thought of as potential to leaks personal information.
Good luck with your project, I hope it works out. Maybe contact the foundation to try to get them onside to add legitimacy.