Stop calling transparent UAs private

There needs to be a concerted effort across our ecosystem to stop calling anything with a T-address in it “private,” and especially not calling it something that has “maximum privacy”.

I am a fan of T-addresses. They keep Zcash listed in many places, and make it easy for any developer familiar with Bitcoin RPCs to quickly implement Zcash. T-addresses got us NEAR, and are getting us Maya, by being nearly-identical to Bitcoin when it comes to implementing support for them.

UAs have freaked me out for a long time. Hiding a T-address inside a UA without a user’s knowledge is dangerous! And it’s the default in many of our wallets, including Zashi, which is harped to be Zcash’s gold standard of wallets.

Either UAs should be redefined to NEVER contain a T-address, or UAs with T addresses embedded in them should always start with a “T”.

I guarantee you that people are already getting doxxed due to this. Non-technical users will face real consequences for using UAs with T-addresses in them, once shared a UA is forever-shared. It’s irresponsible to ever share a user’s T-address without their knowledge: which is what UAs usually do.

And it’s worse: T-addresses are not rotated inside of UAs.

Non-technical users (99.99% of people) should be able to visually distinguish that a T-address is inside a UA, or we cut T-address support from UAs altogether.

Sharing a transparent-UA can result in legal consequences for you in the future. Today the only way to know if your UA contains a T-address is to check it using a tool, such as a block explorer.

I use Ywallet for anything that I actually need to be private because thus far it’s the only wallet that reliably supports multiple accounts, and has had long-time support for Orchard-only UA addresses.

Wallet devs, wake up. Stop leaking users’ T-addresses.

User story:

1. Human rights activist/anon swaps USDC to ZEC using a swap interface which only supports T-addresses (NEAR, Maya).
2. User shields their transparent ZEC into the Orchard pool using Zashi.
3. User posts their “Zashi Shielded Address” publicly on their social media profile, feeling safe by the phrase “Maximum Privacy”.
4. Adversary sees their T-address in the UA, searches the address in NEAR or Maya’s transaction history, determines their USDC came from a KYC exchange, is able to identify the activist.

I had not realized half of this, thanks so much for bringing this up.

I think this is a reflection of the level of education needed for the masses. This property of UA’s has been known for years and yet most simply dont understand or don’t care.

I think to ECC’s credit, they are making small manageable steps in the right direction, and we have the option to use any wallet we feel is right for our use cases.

Zashi isn’t exactly pointed at power users and even with a full UA its better than a single T address.

I also think this issue highlights great ideas don’t always win when folks dont understand how they beneift from it, and CEX’s reluctance to use UA’s is a signal we should better understand. Zebrad is around the corner and this problem will echo with full node’s needing to switch – CEX’s/DEX’s need a reason to switch and it needs to be easy to use, and easy to understand.

My theory here is that the proliferation of T-addresses at exchanges is laziness. Exchanges take their off the shelf Bitcoin RPC code, which calls “getnewaddress”, which zcashd by default returns T-addresses for.

I think getnewaddress should return orchard-only UAs by default and we will see a lot of exchanges magically supporting UAs all of a sudden.

Make UA support opt-out rather than today’s opt-in.

I think a subtle approach would be wiser, if we force anything, folks will just delist.

I hear that concern but disagree. Let anti-privacy exchanges delist.

Monero is listed in many, many exchanges.

We need a compelling reason folks WANT to use a UA. If we can find that, and its easy to use, the transition will go smoother.

I can agree with that, and now that I understand that UA address may include t-addrs, I’m not into using UAs ever again. What’s wrong with z-addrs? It’s nice to be able to immediately know whether I’m transacting publicly or privately.

Orchard is the superior privacy pool of today on Zcash. UAs are the only way to use Orchard. So please use UAs but use “orchard-only UAs” that some wallets like YWallet and Zingo (recently) can generate.

Always test your UA before using it by pasting it into a block explorer via VPN or Tor to make sure that it doesn’t have a T-address in it, if you don’t want to disclose a T. (explorer.zec.rocks will show you, or any Nighthawk explorer running like it)

Example of an orchard-only UA: Zcash Unified Address

Goodness, do you realize how much of an abomination of a method for the general public this is? Again, thank you so much for bringing this up, it wasn’t on my radar and this is looking like a major issue.

An idea I had was using color coding for QR codes to signal types of addresses but I’m not sure how to enforce that world wide. This is a hard problem to solve because its a battle of security vs usability .

I would recommend a LOCAL block explorer, otherwise the node runners will know too.

As soon as we get Zebrad support, I will do a tutorial.

I don’t rely on QR codes but I don’t think the color of one is part of the QR protocol, we have to be careful not to make things worse in the way.

Personally, I would like a method where the prefix of the address indicates whether it’s going to include a t-addr private or not. Needless to say, it should be really simple, and really clear.

edit: or remove t-addrs from the UA specification.

We did a poor job at tooling for UAs because of sandblasting and other ecosystem problems that affected Bitcoin forks. It’s understandable that they don’t adopt something that to their eyes we didn’t care to invest on ourselves

This discussion reminds me of an issue I encountered recently.

If you have 2 phones and want to use Zashi on both with the same seed, the transaction history on the second phone where you imported the seed shows different addresses for e.g. ZEC you sent out.

The reason for that (as hanh explained to me) is that an Unified Address consists of multiple address types - Transparent, Sapling and Orchard. On your first phone it shows the UA with multiple receivers. On your second phone it only shows the Orchard address, as the other address types are not broadcasted to the blockchain. Both start with u1 but the “Orchard-only” address seems to be shorter. This might be confusing for users, but atleast now I know it is not a bug.

Yes, the keyword is ‘unified’ and assuming it also implies private by default is a misnomer. One of it’s main functions is to support legacy compatibility for Sapling and Transparent and the extent of UA implementation and support is a wallet level design choice.

Let’s change UAs to never include transparent addresses