What made me change my mind about Zcash

I have been in crypto for awhile now, but only very recently have joined the zcash community, and now strongly believe in zcash.

I believe in zcash from all sides: tech, devs, price, etc.

I first read about zcash back when it was just the zerocoin paper, and all theoretical.

When zcash first came out I was extremely excited because of the ground breaking tech, and I had anxiously been waiting for zk-snarks to evolve from a paper to a full fledged crypto project.

However, I stayed at an arms length’s distance because the zk-snarks were opt-in and because of the required trusted setup.

With shielded transactions being opt-in, the vast majority of the transactions were transparent, and I didn’t see this changing. This caused the anonymity set to be quite small. The trusted setup also made me uneasy.

A couple months ago I decided to check back in with zcash, since I remembered the Sapling update scaled the trusted setup to be among many participants instead of just a handful with Sprout, which made the trusted setup slightly better for me.

When I decided to research zcash again and see what the devs were doing, I was incredibly shocked to read about Halo! The amazing devs had somehow found a way to make zk-snarks trustless, something that was always thought to be impossible! The zcash devs literally made the impossible, possible.

In addition, I read that Halo was switching zcash to shielded by default unified addresses, which would change shielded transactions to opt-out, instead of opt-in.

I predicted that this would cause the Orchard pool size to be orders of magnitude larger than any other shielded pool had ever been, and therefore zcash’s privacy tech would dominate the privacy space.

In the past I had begrudgingly thought monero had the best privacy tech even though I was well aware of its downsides, only because zcash’s anonymity set was pretty small due to shielded transactions being opt-in, which most people did not choose to do.

Once I read about Halo being activated soon (this was a couple months ago), I was so excited to join zcash and support the project with its truly groundbreaking tech! And I’m so excited to continue seeing the size of the Orchard pool continue to grow!

What caused you to join/pick zcash?

14 Likes
  • Its openness to consider adoption of Proof of Stake, while not forcing or rushing it, putting its community at risk. Bitcoin’s unconditional refusal to even consider Proof of Stake will hamstring its adoption. Mining bans are starting to go into effect; it’s not unreasonable to expect that transaction bans will follow at some point. Look at how wikipedia has started to refuse accepting donations in bitcoin over stated ecological concerns. One can argue that the environmental concerns against digital currencies are a ruse by some with other agendas, that the output of carbon by traditional finance over many years has been far worse; but the fact remains: carbon output WILL be used to hamstring digital currency adoption -so why invite the opportunity to do so? That’s self-sabotaging. Address that alleged issue on the side with a best effort, and move on from it.

  • The speed of its transactions and their low costs

  • The good efforts of ECC to maintain a good reputation and discourage its use for any destructive or violent activities…

3 Likes

Why I chose Zcash

That is an excellent question. I recently addressed that in something that I wrote before this post:

To that, I will add a quotation of something that I recently wrote to a correspondent. (Much of my personal activity consists in nonpublic correspondence.)

As for what you say, @particlmike33: I had the same concerns about the “trusted setup”. I put up with it, because I know that no technology is perfect in Version 1. I frankly hated the trusted setup—but I knew that the Zcash team hated it, too. Well, they spent years labouring to get rid of it!

Although Zcash versioning worked out a bit differently, I think of it this way:

  • v1 tech: Sprout. Buggy and painful to use. A Sprout send took me multiple minutes on my old hardware, plus of course, gigabytes of RAM usage.
  • v2 tech: Sapling. Bugs fixed, orders of magnitude more efficient—but still stuck with the trusted setup. Suitable to start a push for wider adoption, but not yet really mature.
  • v3 tech: Orchard. With Halo2, no trusted setup! I officially consider the technology to have reached initial maturity. Ready for mass-adoption!

You know the old saying in technology about how v1 is for early adopters, and nothing is ever really “ready” until v3.

I observe that early Bitcoin was not what Bitcoin is today. It was revolutionary, but buggy and unpolished as you would expect from a lone inventor pursuing an impossible dream. In other venues, amongst Bitcoin maximalists, I have frankly stated my opinion that Bitcoin was not “ready” until Segwit fixed transaction malleability (a design-level security flaw!) and a bunch of other problems.

For similar reasons, I tried Monero after some of their major upgrades in the 2017–2018 timeframe. See above. With Monero, I was constantly examining my coins, my mixes, etc. in the CLI wallet. Churining, exercising coin control.

I never bought the argument about XMR allegedly having a “bigger anonymity set”, because Monero leaks information onto the blockchain. Of what use is a larger total set of privacy-tech users, if the privacy tech may eventually fail to prevent the users from being distinguished from each other?

As the security aphorism goes, attacks only improve. I just can’t stomach having my financial activity spread all over a blockchain—forever and forever, with no way to erase it. So what if it’s covered up and obfuscated with decoys? So what if the signal is mixed with some noise? I want for the signal to be absent altogether!

Early Zcash had only small usage of the shielded pools—but within the shielded pools, my usage was completely indistinguishable from everyone else’s. Zcash does not leak information (at least, not on the blockchain level; network-layer privacy still needs improvement to prevent, e.g., spies potentially linking your txids by observing them originating from the same source). Zero knowledge means zero knowledge. Few people get that—too few, unfortunately. I understood the power of that, from before Zcash even existed.

On the other hand…


Why I fear for the future

@steve.b, I notice that “privacy” is not listed or discussed in any of your three bullet-points.

I am the opposite. The news of the POS switch was the major impetus that pushed me to come out of the woodwork, when I had faded back so much into the long tail of anonymous users that I didn’t even hear about it until too recently. POS “rich get richer” financial manipulation is a strong negative for me, a hard-no, potentially a dealbraker—especially after the miserable hands-on experiences that I have had with other POS coins. I am trying to exit POS. I only haven’t yet much talked about it, because I am not yet sure what to do… sigh.

Given my personal years-long dependency on ZEC, which I reasonably presumed would stay as-is in its major economic characteristics, I have been upset and afraid about this.

May I ask why, when there are at least a score of POS chains plus thousands of POS-based tokens, you came to Zcash evidently quite recently—for reason of a potential future switch to POS? If this is such an important factor that you list it as your primary reason—it seems incomprehensible to me.

I strongly object to that. It is baseless FUD propaganda no different in spirit than, “Bitcoin will be globally delisted and banned if it gets strong privacy,” or, “Zcash will never gain mass social acceptance because it has scary, scary untraceable transactions!”

I trust Bitcoin because I know that it will never sell out its security, its decentralization, and its honest economics to chase fads, or to line the pockets of fat-cat VCs, DPOS companies, and other financial manipulators.

I observe that out of exactly 172 words in your post, 143 words (83%) are about POS—123 words (73%) are an attack on Bitcoin, anti-Bitcoin talking points that I have seen in many places, not about Zcash at all—and exactly 0 words (0%) are about privacy.

Frankly, I did not address privacy since it’s a given for the coin. You shouldn’t be working with ZEC if you’re not into privacy. I was listing reasons OTHER THAN that obvious one.

[Also keep in mind that if transactions need to be open (for the purposes of transparent open accounting…), we can make them so by publishing keys. Privacy is elective on zcash, and they have made a reasonable and practical decision to make that the default.]

That is a valid concern. But a more immediate concern is a digital currency getting marginalized by eco-regs -and that is happening as we post here; and will continue to happen more and more. You can complain that it’s a ruse by traditional finance cartels and governments seeking economic hegemony to stop bitcoin et.al. -but the fact remains: it’s effective; and it WILL marginalize them. Never mind the NY mining ban (there’s lots of other places around the world where one can mine, possibly using nuclear power…) What are you going to do when more and more countries, retailers, and finance institutions refuse to accept currencies with the excuse of it having a high energy consumption? That will sabotage their adoption and confine their use to small communities

I am definitely not into a rush to cut in Stake; better it be heavily tested. And I am also open to alternatives to Stake that will deliver the same or better energy savings.

The conflict we’re facing now (presuming you want to use Stake as your energy-saving approach) is: greater adoption versus the risk of a coin getting co-opted by plutocrats.

Well, the latter has sort of already started to happen somewhat with bitcoin. Add to that, even though plutocrats can certainly have a lot of outsized control, a swarm of sharks can cause problems for a single whale (look at what happened with Gamestop -right?)

The most salient canary in the coalmine is wikipedia refusing bitcoin for donations on the grounds of its energy consumption. OK -how much of bitcoin capitalization is that? But if it keeps happening with more and more retailers -prominent ones with big media megaphones, mind you- and enforced as an excuse for more and more exchanges to bail, there will at some point (I can’t predict exactly when…) a heading to the exits on bitcoin/PoW. Bitcoin will always remain a useful tool as a digital gold financial instrument; that’s the great success story of bitcoin. But it won’t be a “money for the Internet” GIVEN the direction taken in the past couple of years. The people behind bitcoin (other than well meaning people like Dorsey) seem to be more concerned with it being a gold-like instrument, than it being useful for payments by most of the planet. That’s not my focus; if it were, I’d be doing software for gold traders and the like. My concern is getting an alternative to traditional finance into the hands of end-users. I don’t seek that traditional finance should fail (unless it deserves to, by continuing to make comfortably-numb decisions…) I’d just like to see a coin offering the possibility for payments outside traditional finance channels by people of many diverse interests (and traditional finance needs the competition for it to continue to answer to the needs of people using it…) Bitcoin is not much of that anymore; it’s getting hodled-out. People are afraid to use it because it might go to the moon. It has a lot of spot volatility now because of that hodling (which, by the way, is exactly the reason economists wanted the dollar off the gold standard in the 70s…)

As to Dash: it’s respectable technology; the problem I have with Dash (and a number of other coins…) is that they enlist the help of anonymous developers. I have a saying I have made since 2011: “When a digital currency fails, you want to know the names of the developers so we can visit them with pitchforks and torches.” In that regard, ECC and the Foundation have been good at policing developer transparency. Obviously we can’t have such potential conflicts of interest caused by the engineering of a weakness into a coin. [To those who will retort: “It’s Open” -hey; a lot of open code can get VERY subtle weaknesses engineered into them that everyone can miss. While I’m not saying Terra was such a case, look at how long that contract was in play before somebody found its exploit. You can do such loopholes on purpose, once sufficient complexity in the code is in play -and the tech behind ZK and nodes that implement it in a performant way is not a snap…]

PS If seeking an alternative to bitcoin since I see it getting marginalized down the road is “anti-bitcoin”, so be it. I credit bitcoin with being a great success for its becoming a digital gold; but given its current playbook, I don’t see it as a “money of the Internet”. You shouldn’t take someone not finding bitcoin suitable for all purposes as being “anti-bitcoin”.

Since this is a privacy coin, I must address this first:

You have a problem with pseudonymous developers, such as… “Satoshi Nakamoto”?

(Note for Tor users: According to theymos, the administrator of the Bitcoin Forum, IP access logs show that Satoshi always used Tor. Please be sure to mention that, the next time that someone stirs some “Four Horsemen of the Cryptocalypse” style FUD about Tor, anonymity, pseudonymity, etc.)

In the abstract, your argument is indistinguishable from general arguments against anonymity and pseudonymity. How is your argument different than arguing to ban Tor, and issue everyone a fully-doxed “Internet Driver’s License”:

“When Internet users troll, harass, spread misinformation, or even commit crimes, you want to know their names so we can visit them with pitchforks and torches.”

And your argument negates the whole concept of cryptocurrency.

By your argument, Bitcoin should never have been invented, trusted, or used. This whole post could be boiled down to the two words near the start: “Satoshi Nakamoto”.

Cryptocurrency holders have a generally strong need for privacy and anonymity. How much moreso, for some of the most valuable targets of coercion?

Moreover, in practice, we have seen how doxed Bitcoin developers are currently under attack with frivolous lawsuits by the extremely malicious scammer and identity thief Craig Wright.

At least one prominent Bitcoin developer, one of the most active committers for years, recently stopped contributing, citing “too much harassment” as the reason (archive, just in case). I don’t know exactly what he means by that. I do know that he was personally sued by Craig Wright. I also know that he has suffered a ton of other personal harassment. Any which way, someone in that thread suggests pseudonymity as a solution. It is a wise idea, although probably not helpful in that case: I know that no unusual personality can ever really hit NEWNYM on public activities.

Decentralization and cypherpunk pseudonymity are important! For that reason, I have recently had some discussions about how better to fund more strictly pseudonymous developers for Bitcoin Core.

One of my major concerns about Zcash—a subject already on a long list of things I want someday to post about: Zcash lacks pseudonymous core developers, who could lead a community fork in case ECC and/or identifiable ECC devs were somehow coerced, bribed, or corrupted. If they were harassed with frivolous lawsuits, or if Zcash were banned in the United States, who would take it up? How would there be any continuity? Who would have a long-proven track record of well-reviewed commits for the community to trust?

The problem with DASH is not “anonymous developers”. The problem with DASH is that 0. it started with a huge premine scam, and 1. its privacy is fake—a false sense of security—vastly inferior even to Monero, which is strictly inferior to Zcash.

The same argument could be made about untraceable money—or indeed, about so-called “unhosted” wallets.

I don’t want to derail this thread with a long essay laying forth my arguments against POS. I intend to address that in an appropriate manner. Only a few points in summary for you to consider:

  1. Most people do not understand the subtlety of the POW Nakamoto Consensus. The primary power is held by full nodes. Every non-mining full-node is a “validator”, equal in status to every other. Miners are paid employees, not the bosses. Miners have one job: Byzantine fault-tolerant transaction ordering. Miners != “validators”. A Bitcoin Validator is the thing running on a Raspberry Pi on your home Internet connection, drawing 10W of electricity.

  2. The security guarantees of POS on paper fall apart in the real world, where the parties controlling large stakes have strong incentive to collude—and where the big players usually all know each other. DPOS has no equivalent to Bitcoin mining pools, let alone efforts like P2Pool.

  3. What I say in the foregoing is no mere theory: It has been proved in practice. On both the POW side (where malicious miners seeking to protect their covert ASICBOOST tried and failed to usurp Bitcoin—whereas users could have forced their will with UASF), and the POS side (where colluding “validators” with high stakes hardforked chains against massive community opposition). I have watched both types of events up-close, with my own money on the line. POW did what I expected. POS failed catastrophically.

  4. The economics are screwed up in ways I can’t even begin to summarize without an essay. Not in theory, but in a “why is my money locked up when I need it? why are my profits a mirage?” experiential way here.

  5. The argument that we should give up because “traditional finance cartels and governments seeking economic hegemony” will prevail is an argument that cryptocurrency has failed. Why bother? I can still open a bank account. And if we want anonymous digital cash without caring about decentralization, it would be much more efficient than POS for @zooko to build an overtly centralized DigiCash for us. He knows where that road leads!

(An explanation for the newbies: Zooko worked with Chaum on DigiCash in the 1990s. It is one of the things that gives Zooko serious cred, because DigiCash was a great concept except for the catastrophic centralization. Zcash as originally designed has the strong privacy of DigiCash with the decentralization of Bitcoin—the best of both worlds! I have also been doing cypherpunk things since the 90s; I cracked a big smile when I saw Zooko’s name first pop up here.)

As aforesaid, I will take this up further in an appropriate thread in the near future.

1 Like

I don’t get how proponent of POW keeps saying POS promotes “rich get richer” while in POW, only the rich can mine the coin. Even owning a gaming GPU is hard for over 90% of world internet users and now you force everyone to buy cartel-produced ASICs if they want to participate in providing network security?

1 Like

AH: Satoshi was not the developer; he was the architect! Gavin Andresen did the code. And we could go to Gavin with torches and pitchforks if there was a weakness engineered into it.

Considering the move to Stake has not been executed yet, it’s a good thing you argue against it -expound away on this thread…

I am especially sympathetic to that argument, because I myself lack the financial resources to mine. (Disclosure: I have no past or present financial interest in mining. I hope to someday in the future.)

The short answer: The exact feature which short-sighted moon-chasers dislike, i.e. miner dumping of coins, is what ensures a fair distribution. Miners are forced to sell, to cover their costs; they operate on razor-thin profit margins in a hypercompetitive environment. It is a very tough business. (This is why I have not yet done it, despite years of wanting to.)

POS is easy money for the rich to get richer, with obscenely high profit margins only for those who have sufficient capital to lock up huge amounts.

A perfect example of why “real name” developers are not necessarily more trustworthy! Gavin is a liar who did extreme damage to Bitcoin. For that reason, he can never show his face in Bitcoinland again (although I heard that he is making some sort of comeback in Ethereum).

Well, we’re just going to have to agree to disagree on that point. I can’t imagine bitcoin having taken off without Gavin’s good effort’s. He got tricked -hey; that never happened to you?? When he realized he got tricked, he didn’t fight getting taken off of the repos.

A “real name” can get criminally charged or sued; an anon cannot. There will be little suasion checking the bad actions on the part of an anon.

I’m down with privacy on how you USE your zcash; but given that the code can impact people who use zcash in a negative way, there has to be transparency and accountability on the part of its developers.

We don’t have to know the identity of people who use paper money; but knowing something about the people who run the presses that prints it is a VERY reasonable idea. You wouldn’t want a person with a history of counterfeiting to be doing it.

As it stands, if Gavin were to come up as a candidate for a project, given your strong feelings about him [which I don’t share], you could object to him.

But if Gavin were behind an anon identity -how would you know? He could be behind multiple identities; one whose actions you loved, and another whose actions you found to be anathema.

I was alluding to that when I said plutocrats have started to co-opt bitcoin…

I have many arguments against Gavin—most of which are wildly off-topic here, except insofar as Bitcoin’s resilience in the years-long Fork Wars proved all the best POW theories in practice!

On 15 August [2015], Mike Hearn and Gavin Andresen (who recently stepped down as the lead developer of the Bitcoin core and who now acts as chief scientist for the Bitcoin Foundation) released an update called BitcoinXT.

(By the way, that caused a major BTC market crash. In late August–late September 2015, Bitcoin was sliding around the 200 WMA line—frequently under it. It was the worst Bitcoin crash before—well, before the present; this current flock of black swans is worse. 2018–early 2019 were nothing compared to 2015 and 2022.)

Gavin did not tell one lie. (A lie, not a mistake—unless you suggest that Gavin Andresen has no idea how digital signatures work! I do not accuse Gavin of such gross stupidity and technical incompetence.) He ran the so-called “Bitcoin Foundation” in such a wrong direction that to this day, Bitcoin maximalists despise the very idea of having a foundation to back a cryptocurrency. He and the anti-privacy, anti-fungibility Hearn, who poisoned Bitcoin with the taint-tracing and coin-blacklisting ideas that may yet prove its destruction.

Events eventually lined up so that blocs of miners with terrifically high hashrate were aligned against Bitcoin Core. Matters came to a head in 2017 with UASF, the BCH fork, and the S2X fork which was cancelled at the last minute.

Please understand that I am not preaching power to miners, but to the contrary: I trust POW more because I have seen the limitations on miners’ real-world power. I do not want a coin controlled by any high-capital parties—not by miners, not by big DPOS operators. In practice, the theory that “full nodes rule the network” is battle-tested.


This started as an excellent thread for people to say why they chose Zcash. I wish to keep it that way. I do need to speak out about this issue, and to answer what I see as a massive organized attack on the freedom for which Bitcoin was invented.

Who’s arguing to “give up”? Is seeking to check a move to hamstring your access to its use [by using a more energy-efficient algo] “giving up”?? Maybe it’s giving up on PoW; but it’s not giving up on blowing away a semi-plausible reason to marginalize you. If anything, it’s fighting!

Well, fortunately we found the solution to that: the Foundation was blown up. Bitcoin didn’t need the Foundation, given bitcoin’s first-mover status and its tendency to be manipulated by many interests. It was impossible to make any move at the Foundation without shrieks that it was to somebody’s personal benefit.

This argument is predicated on the unexamined assumption that POS is a drop-in replacement for POW, providing equal or better (a) security and (b) economics. False on both points.

Yes, and Bitcoin has thrived since then! Decentralization for the win. Who needs a centralized foundation?

I do recognize that in today’s environment, startup coins perforce need to start with some centralization. I do hope that over time, ECC and ZF could bootstrap the ecosystem to the point that it can achieve greater decentralization. I think that some of the principals there would probably love that; they are idealists about this kind of thing—sometimes even too much so, in my opinion.

That is a fancy way of saying that Bitcoin is truly decentralized: No one party can control it, so yes, there are always many irreconcilably conflicting interests trying to pull it in all different directions. Thanks for agreeing with me.

The so-called “Bitcoin Foundation” was irredeemably corrupt. Its continued organizational viability would have destroyed Bitcoin to the point that I would have become an activist against Bitcoin. Good riddance.

Imagine how much more robust Zcash will be, if someday it can grow to the point that it does not need any centralized entities of such a nature! It is a dream I’d be willing to work for.

I have a MAJOR problem when people describe centralization as a discrete state; either you have it, or you don’t. Reading your understanding of certain events, I think you would have to acknowledge that decentralization is a continuum. The fact that mining is concentrated in the hands of fewer players, and that non-tech end-users often need hand-holding (unless they resort to a CENTRALIZED exchange for their wallets? which just should NOT be the case…) all points to chinks in the “bitcoin is decentralized” argument. But given that, did I give up on bitcoin? No; it was the most decentralized game in town. But there’s other decentralized options on the rise. So I could abide you saying something like: “relatively decentralized”. but “TRULY decentralized”? That’s A Bridge Too Far for me!

@tokidoki, with apologies for the double-reply, this is such a pivotal point that I wanted to circle back to it after batting out a quick reply earlier:

Out of many arguments against POS (including corrupt economics/financial manipulation), my biggest argument is that the only POS “validators” who participate in providing network security are staked nodes. Even POS language is exclusionary towards those who are relegated to mere “observer” status.

I do not speak from ignorance of POS. I have direct experience in POS-land, I have studied the technical aspects of some POS coins, and I know people deeply involved in POS business. I also saw up close what happened recently with the Terra hardfork: A group of DPOS companies colluded to hardfork the Terra chain by executive fiat, over massive community opposition. High capital rules the day.

In Bitcoin and Bitcoin-like Nakamoto Consensus coins, every full node, including every non-mining node provides network security. Every full node is a “validator”!

I am a veteran of that debate. And the theories that I expound were brilliantly proved in practice in 2017. In particular, on 2017-11-12, I personally watched as miners attempted “flippening” Bitcoin in a hostile takeover. Their declared intent was to kill off the BTC mainnet, and force everyone to switch to BCH. They only succeeded in moderately degrading Bitcoin’s performance for a short time.

It is for this reason that Bitcoiners are fanatical about getting people to run inexpensive full nodes. For one of innumerable examples that I have seen, this recent forum post by gives instructions for “How to run a Bitcoin Core full node for under 50 bucks!” Subhead: “Everyone should have the opportunity to run a node.” That is for people who “want to participate in providing network security”, as you put it.


Insofar as reasonably practicable, I wish to show that I am not only saying this now. From my history as nullius elsewhere, please see this post that I made 2018-02-04 (yes, this was given “merit” by Greg Maxwell; all italics and boldface are in the original):

See also the footnote to this post from 2017-12-04—one of the first posts I made on the Bitcoin Forum, even though I created the account there the same day as my account here:

I advocate that Zcash should follow the same model. I also wish to urge ECC to optimize and reduce full node resource requirements. This is partly self-interested, because I run, and have always run zcashd on weak, underpowered hardware.

If you want everyone everywhere in the world to be able to run zcashd, without discrimination on the basis of wealth or access to fancy hardware, I can tell you from experience where the pain points are—for example, my node is currently stuck partly due to a performance issue that I noticed is already ticketed in GH. :-\ I have had many such issues with Zcash, over the years; and in Sprout, shielded send took not “30–40 seconds” as advertised, but minutes of spinning my machine at full throttle. I endured that, because I care about privacy—I demand only the best privacy!

I myself have many complaints about too much miner centralization in Bitcoin. The solution is to remediate that problem, not to replace the whole system with something that tends towards much worse centralization.

A constructive suggestion for Zcash: A ZEC P2Pool implementation that actually works! (Also, a question for which I do not know the answer: Does the Zcash mining ecosystem have any support for Stratum2? Stratum2 is very important for mitigating the effects of centralization in pool operators.) I would love to help with such things, except that I really have no direct experience with mining. I could only help from a “book learning” perspective. As an experienced developer, I know the value of hands-on experience in such matters.

I am a passionate proponent of DEXes. In Bitcoinland, I have gotten into flamewars with some people who criticize me for using DEXes “because altcoins!” I think that is hypocritical. I need something permissionless, decentralized—with no KYC. I have never done KYC for a cryptocurrency exchange—never, not even once. That is for me a matter of principle, like how I do ordinary, innocent websurfing with Tor despite the slowness. I am not engaged in any illicit activities.

Accordingly, I would be thrilled to see Zcash get ZSAs, plus future developments for DEX support! DEXes usually suffer full blockchain transparency. In the long term, what could Zcash do to fix that? Maybe I should ask the zero-knowledge wizards at ECC if they have any ideas.


In an elaborated reply to the edits to your earlier post:

A question: How much experience do you have with development, or even with closely following it?

Your arguments suggest to me that Zcash needs to grow until its development process can have public reviews as broad, inclusive, and intensive as Bitcoin Core. More developers, more interest in participation. Building the Zcash ecosystem and economics would help to achieve that goal. Sounds good to me!

Security as a process means reducing personal trust. And when you have that—does it really matter if you can easily catch and punish people who do damage? I prefer to set up processes that prevent the damage from occurring.

Whereas you are arguing against yourself here: When Gavin lost his status in Bitcoin development, there was no need to trash the code that he had already contributed. The code is objective. Code from people who are found to be untrustworthy bears greater scrutiny, but it doesn’t just go bad. I myself use code every day from people whom I personally dislike, or about whom I have some misgivings or questions about their motives.

I even use Gavin’s many, many lines of code remaining in Bitcoin (and Zcash). I issued Gavin’s Bitcoin Forum account negative trust feedback—if he were to tell me today that the sky is blue, I would double-check—yet, I use his old code! How is doxability even relevant to that?


An edit of my own: My beginning and end argument on this point consists of two words: “Satoshi Nakamoto”. If you distrust pseudonymous development, then please don’t use Bitcoin or anything derived from it!

Over 30 years, commercially; a mix of traditional finance and crypto.

[FYI: This appears to be steering towards a personal attack; which is not in the spirit of positive discussion. Look at all my replies above; while I disagree with some of your viewpoints, I don’t seek to question your bona fides. In the interest of keeping things positive for zcash, please lets steer away from questioning each other’s cred for merely having expressed a differing viewpoint…]

A “real name” can get criminally charged or sued; an anon cannot. There will be little suasion checking the bad actions on the part of an anon.

I’m down with privacy on how you USE your zcash; but given that the code can impact people who use zcash in a negative way, there has to be transparency and accountability on the part of its developers.

We don’t have to know the identity of people who use paper money; but knowing something about the people who run the presses that prints it is a VERY reasonable idea. You wouldn’t want a person with a history of counterfeiting to be doing it.

As it stands, if Gavin were to come up as a candidate for a project, given your strong feelings about him [which I don’t share], you could object to him.

But if Gavin were behind an anon identity -how would you know? He could be behind multiple identities; one whose actions you loved, and another whose actions you found to be anathema.

Your thoughts to that?

From your experience as such, can you see any way to sneak malicious code through Bitcoin Core’s gauntlet of security—from public reviews to reproducible builds, which deprive even the most trusted developers of the ability to sneak a bad binary?

(I understand that “traditional finance” comes with a mindset of checking ID. My background is more along the lines of cypherpunks. Understandable difference of perspectives here; the question is, do you prefer to embrace crypto, or to bring to crypto the portions of “traditional finance” that do not even make sense here? I have known people exclusively by PGP fingerprints and pseudonyms, whom I trusted more than anyone I knew offline by face and “real name”.)


Which part? I think I adequately addressed the argument at a higher level; and this isn’t a legal hearing with technical rules requiring some point-by-point refutation, as most readers would find boring.

You mean this?

How would I know? I could never be certain: Bitcoin Core has pseudonymous developers! You evidently are not aware of that. Check out the lists of credits on any Bitcoin Core release. Unidentifiable parties are still adding code to the world-class masterpiece of financial engineering that can support a trillion-dollar market cap (recently did; will again…). Will you stop using Bitcoin now?

Now, what are your thoughts on the totally untraceable pseudonymous ghost known only as “Satoshi Nakamoto”?