What made me change my mind about Zcash

Well, we’re just going to have to agree to disagree on that point. I can’t imagine bitcoin having taken off without Gavin’s good effort’s. He got tricked -hey; that never happened to you?? When he realized he got tricked, he didn’t fight getting taken off of the repos.

A “real name” can get criminally charged or sued; an anon cannot. There will be little suasion checking the bad actions on the part of an anon.

I’m down with privacy on how you USE your zcash; but given that the code can impact people who use zcash in a negative way, there has to be transparency and accountability on the part of its developers.

We don’t have to know the identity of people who use paper money; but knowing something about the people who run the presses that prints it is a VERY reasonable idea. You wouldn’t want a person with a history of counterfeiting to be doing it.

As it stands, if Gavin were to come up as a candidate for a project, given your strong feelings about him [which I don’t share], you could object to him.

But if Gavin were behind an anon identity -how would you know? He could be behind multiple identities; one whose actions you loved, and another whose actions you found to be anathema.

I was alluding to that when I said plutocrats have started to co-opt bitcoin…

I have many arguments against Gavin—most of which are wildly off-topic here, except insofar as Bitcoin’s resilience in the years-long Fork Wars proved all the best POW theories in practice!

On 15 August [2015], Mike Hearn and Gavin Andresen (who recently stepped down as the lead developer of the Bitcoin core and who now acts as chief scientist for the Bitcoin Foundation) released an update called BitcoinXT.

(By the way, that caused a major BTC market crash. In late August–late September 2015, Bitcoin was sliding around the 200 WMA line—frequently under it. It was the worst Bitcoin crash before—well, before the present; this current flock of black swans is worse. 2018–early 2019 were nothing compared to 2015 and 2022.)

Gavin did not tell one lie. (A lie, not a mistake—unless you suggest that Gavin Andresen has no idea how digital signatures work! I do not accuse Gavin of such gross stupidity and technical incompetence.) He ran the so-called “Bitcoin Foundation” in such a wrong direction that to this day, Bitcoin maximalists despise the very idea of having a foundation to back a cryptocurrency. He and the anti-privacy, anti-fungibility Hearn, who poisoned Bitcoin with the taint-tracing and coin-blacklisting ideas that may yet prove its destruction.

Events eventually lined up so that blocs of miners with terrifically high hashrate were aligned against Bitcoin Core. Matters came to a head in 2017 with UASF, the BCH fork, and the S2X fork which was cancelled at the last minute.

Please understand that I am not preaching power to miners, but to the contrary: I trust POW more because I have seen the limitations on miners’ real-world power. I do not want a coin controlled by any high-capital parties—not by miners, not by big DPOS operators. In practice, the theory that “full nodes rule the network” is battle-tested.

This started as an excellent thread for people to say why they chose Zcash. I wish to keep it that way. I do need to speak out about this issue, and to answer what I see as a massive organized attack on the freedom for which Bitcoin was invented.

Who’s arguing to “give up”? Is seeking to check a move to hamstring your access to its use [by using a more energy-efficient algo] “giving up”?? Maybe it’s giving up on PoW; but it’s not giving up on blowing away a semi-plausible reason to marginalize you. If anything, it’s fighting!

Well, fortunately we found the solution to that: the Foundation was blown up. Bitcoin didn’t need the Foundation, given bitcoin’s first-mover status and its tendency to be manipulated by many interests. It was impossible to make any move at the Foundation without shrieks that it was to somebody’s personal benefit.

This argument is predicated on the unexamined assumption that POS is a drop-in replacement for POW, providing equal or better (a) security and (b) economics. False on both points.

Yes, and Bitcoin has thrived since then! Decentralization for the win. Who needs a centralized foundation?

I do recognize that in today’s environment, startup coins perforce need to start with some centralization. I do hope that over time, ECC and ZF could bootstrap the ecosystem to the point that it can achieve greater decentralization. I think that some of the principals there would probably love that; they are idealists about this kind of thing—sometimes even too much so, in my opinion.

That is a fancy way of saying that Bitcoin is truly decentralized: No one party can control it, so yes, there are always many irreconcilably conflicting interests trying to pull it in all different directions. Thanks for agreeing with me.

The so-called “Bitcoin Foundation” was irredeemably corrupt. Its continued organizational viability would have destroyed Bitcoin to the point that I would have become an activist against Bitcoin. Good riddance.

Imagine how much more robust Zcash will be, if someday it can grow to the point that it does not need any centralized entities of such a nature! It is a dream I’d be willing to work for.

I have a MAJOR problem when people describe centralization as a discrete state; either you have it, or you don’t. Reading your understanding of certain events, I think you would have to acknowledge that decentralization is a continuum. The fact that mining is concentrated in the hands of fewer players, and that non-tech end-users often need hand-holding (unless they resort to a CENTRALIZED exchange for their wallets? which just should NOT be the case…) all points to chinks in the “bitcoin is decentralized” argument. But given that, did I give up on bitcoin? No; it was the most decentralized game in town. But there’s other decentralized options on the rise. So I could abide you saying something like: “relatively decentralized”. but “TRULY decentralized”? That’s A Bridge Too Far for me!

@tokidoki, with apologies for the double-reply, this is such a pivotal point that I wanted to circle back to it after batting out a quick reply earlier:

Out of many arguments against POS (including corrupt economics/financial manipulation), my biggest argument is that the only POS “validators” who participate in providing network security are staked nodes. Even POS language is exclusionary towards those who are relegated to mere “observer” status.

I do not speak from ignorance of POS. I have direct experience in POS-land, I have studied the technical aspects of some POS coins, and I know people deeply involved in POS business. I also saw up close what happened recently with the Terra hardfork: A group of DPOS companies colluded to hardfork the Terra chain by executive fiat, over massive community opposition. High capital rules the day.

In Bitcoin and Bitcoin-like Nakamoto Consensus coins, every full node, including every non-mining node provides network security. Every full node is a “validator”!

I am a veteran of that debate. And the theories that I expound were brilliantly proved in practice in 2017. In particular, on 2017-11-12, I personally watched as miners attempted “flippening” Bitcoin in a hostile takeover. Their declared intent was to kill off the BTC mainnet, and force everyone to switch to BCH. They only succeeded in moderately degrading Bitcoin’s performance for a short time.

It is for this reason that Bitcoiners are fanatical about getting people to run inexpensive full nodes. For one of innumerable examples that I have seen, this recent forum post by gives instructions for “How to run a Bitcoin Core full node for under 50 bucks!” Subhead: “Everyone should have the opportunity to run a node.” That is for people who “want to participate in providing network security”, as you put it.

Insofar as reasonably practicable, I wish to show that I am not only saying this now. From my history as nullius elsewhere, please see this post that I made 2018-02-04 (yes, this was given “merit” by Greg Maxwell; all italics and boldface are in the original):

See also the footnote to this post from 2017-12-04—one of the first posts I made on the Bitcoin Forum, even though I created the account there the same day as my account here:

I advocate that Zcash should follow the same model. I also wish to urge ECC to optimize and reduce full node resource requirements. This is partly self-interested, because I run, and have always run zcashd on weak, underpowered hardware.

If you want everyone everywhere in the world to be able to run zcashd, without discrimination on the basis of wealth or access to fancy hardware, I can tell you from experience where the pain points are—for example, my node is currently stuck partly due to a performance issue that I noticed is already ticketed in GH. :-\ I have had many such issues with Zcash, over the years; and in Sprout, shielded send took not “30–40 seconds” as advertised, but minutes of spinning my machine at full throttle. I endured that, because I care about privacy—I demand only the best privacy!

I myself have many complaints about too much miner centralization in Bitcoin. The solution is to remediate that problem, not to replace the whole system with something that tends towards much worse centralization.

A constructive suggestion for Zcash: A ZEC P2Pool implementation that actually works! (Also, a question for which I do not know the answer: Does the Zcash mining ecosystem have any support for Stratum2? Stratum2 is very important for mitigating the effects of centralization in pool operators.) I would love to help with such things, except that I really have no direct experience with mining. I could only help from a “book learning” perspective. As an experienced developer, I know the value of hands-on experience in such matters.

I am a passionate proponent of DEXes. In Bitcoinland, I have gotten into flamewars with some people who criticize me for using DEXes “because altcoins!” I think that is hypocritical. I need something permissionless, decentralized—with no KYC. I have never done KYC for a cryptocurrency exchange—never, not even once. That is for me a matter of principle, like how I do ordinary, innocent websurfing with Tor despite the slowness. I am not engaged in any illicit activities.

Accordingly, I would be thrilled to see Zcash get ZSAs, plus future developments for DEX support! DEXes usually suffer full blockchain transparency. In the long term, what could Zcash do to fix that? Maybe I should ask the zero-knowledge wizards at ECC if they have any ideas.

In an elaborated reply to the edits to your earlier post:

A question: How much experience do you have with development, or even with closely following it?

Your arguments suggest to me that Zcash needs to grow until its development process can have public reviews as broad, inclusive, and intensive as Bitcoin Core. More developers, more interest in participation. Building the Zcash ecosystem and economics would help to achieve that goal. Sounds good to me!

Security as a process means reducing personal trust. And when you have that—does it really matter if you can easily catch and punish people who do damage? I prefer to set up processes that prevent the damage from occurring.

Whereas you are arguing against yourself here: When Gavin lost his status in Bitcoin development, there was no need to trash the code that he had already contributed. The code is objective. Code from people who are found to be untrustworthy bears greater scrutiny, but it doesn’t just go bad. I myself use code every day from people whom I personally dislike, or about whom I have some misgivings or questions about their motives.

I even use Gavin’s many, many lines of code remaining in Bitcoin (and Zcash). I issued Gavin’s Bitcoin Forum account negative trust feedback—if he were to tell me today that the sky is blue, I would double-check—yet, I use his old code! How is doxability even relevant to that?

An edit of my own: My beginning and end argument on this point consists of two words: “Satoshi Nakamoto”. If you distrust pseudonymous development, then please don’t use Bitcoin or anything derived from it!

Over 30 years, commercially; a mix of traditional finance and crypto.

[FYI: This appears to be steering towards a personal attack; which is not in the spirit of positive discussion. Look at all my replies above; while I disagree with some of your viewpoints, I don’t seek to question your bona fides. In the interest of keeping things positive for zcash, please lets steer away from questioning each other’s cred for merely having expressed a differing viewpoint…]

A “real name” can get criminally charged or sued; an anon cannot. There will be little suasion checking the bad actions on the part of an anon.

I’m down with privacy on how you USE your zcash; but given that the code can impact people who use zcash in a negative way, there has to be transparency and accountability on the part of its developers.

We don’t have to know the identity of people who use paper money; but knowing something about the people who run the presses that prints it is a VERY reasonable idea. You wouldn’t want a person with a history of counterfeiting to be doing it.

As it stands, if Gavin were to come up as a candidate for a project, given your strong feelings about him [which I don’t share], you could object to him.

But if Gavin were behind an anon identity -how would you know? He could be behind multiple identities; one whose actions you loved, and another whose actions you found to be anathema.

Your thoughts to that?

From your experience as such, can you see any way to sneak malicious code through Bitcoin Core’s gauntlet of security—from public reviews to reproducible builds, which deprive even the most trusted developers of the ability to sneak a bad binary?

(I understand that “traditional finance” comes with a mindset of checking ID. My background is more along the lines of cypherpunks. Understandable difference of perspectives here; the question is, do you prefer to embrace crypto, or to bring to crypto the portions of “traditional finance” that do not even make sense here? I have known people exclusively by PGP fingerprints and pseudonyms, whom I trusted more than anyone I knew offline by face and “real name”.)

Which part? I think I adequately addressed the argument at a higher level; and this isn’t a legal hearing with technical rules requiring some point-by-point refutation, as most readers would find boring.

You mean this?

How would I know? I could never be certain: Bitcoin Core has pseudonymous developers! You evidently are not aware of that. Check out the lists of credits on any Bitcoin Core release. Unidentifiable parties are still adding code to the world-class masterpiece of financial engineering that can support a trillion-dollar market cap (recently did; will again…). Will you stop using Bitcoin now?

Now, what are your thoughts on the totally untraceable pseudonymous ghost known only as “Satoshi Nakamoto”?

[I was referencing it because it was an out-of-order edit you might have missed…]

I think they were a liberating influence. Personal opinion, based on conjecture: the team was anonymous because they had some people in Europe where intellectual property rights lean strongly in favor of employers. So to make sure the code would not later be laid claim to by some of their employers, they did the anon thing.

But I myself was cool with it because there was a non-anon responsible party we could pillory if there was an extremely subtle occult weakness designed into it. Satoshi was an architect (opinion: team of architects), not a “developer” (or developerS…) The code guys are ultimately responsible for the implementation of their code -not a systems architect. It is the coder and QA team’s responsibility to insure that the system works as advertised. An architect might feed the coder/coders a faulty design; but coders should catch that.

Happened with NIST.


Comes down to a matter of who (at the time up to its release) has more manpower to review it -the guys wanting to slip one in vs. the coders, QA people, and large communities of reviewers. And while I prefer open review to a closed one any day, even large open reviews can miss things. Developer accountability is the failsafe for that.

For that matter: do we really know that the bugs that were missed in bitcoin were not really just engineered weaknesses? I personally doubt it; but could be possible. Again: having accountable developers you can act against in concrete ways is the safety net for decreasing the likelihood of mischievous activity.

Second of all, do you suppose that anything in the Snowden leaks is news to me? Hahah.

First of all, this is a total non sequitur: What does intelligence agency infiltration via fully non-anoymous, real-world identifiable operatives of the exact types of bureaucratic processes you should know from “traditional finance” tell us about pseudonymous developers in Bitcoin and other cryptocurrencies?

For the most spectacular example: The (purported) authors of Dual EC DRBG, the people at NIST who standardized it, and the people at companies such as RSA and Microsoft who widely fielded it, were all not pseudonymous cypherpunks! What you are really demonstrating is that “identifiable” parties provide only a false sense of security.


I have also seen, e.g., some first-hand descriptions on the cryptography list of how IPSEC was made so bad. (Sorry, no links handy—enough time searching.) What appeared to be incompetence, design-by-committee stupidity, and bureaucratic inertia really turned out to be the product of… a secret conspiracy. From your “traditional finance” experience, the whole process probably would have looked entirely normal and mundane. Only “real name” identifiable parties were involved.

What has this to do with Bitcoin Core’s development process?

(From your edit as I was writing and searching for links:)

Your link shows that your style of “accountability” provides no protection whatsoever against nation-state threat actors.

Which weaknesses? Besides some major bugs that would have no discernible purpose for an intelligence agency, AFAIK, Bitcoin has had three major security flaws: A garden-variety integer overflow in 2010, which IIRC was purely Satoshi’s fault—the transaction malleability design flaw, also Satoshi’s fault, fixed by Segwit—and the unexploited miner inflation CVE in 2018, which was accidentally introduced by a “real name” identifiable party (Pieter Wuille, who claimed responsibility).

Sure, that’s a popular theory. In my opinion, it is a real “conspiracy theory” in the most negative sense. I don’t buy it. Have you ever examined the original code that Satoshi released? I linked to it in my first post on this thread. Another link, more prominent this time:

It looks to me like the product of a single eccentric genius, working very much alone on a project of breathtakingly huge scope. His public posts are also consistent with my opinion.

I think that some people just can’t believe (or don’t want to accredit) that yes, one lone individual can change the course of history by obeying the aphorism: Cypherpunks write code.

In fairness, I must ask if you have any thoughts on the benefits of pseudonymous developers who are de facto immune to legal attacks. This is no mere theory, when Craig Wright is now actively damaging Bitcoin Core development (and accordingly, also depriving Zcash of valuable improvements to its upstream).

Pseudonymous developers can simply ignore frivolous lawsuits. As a matter of Realpolitik, their presence also deters unjust laws and regulations: In practice, the prospective cost of enforcement decreases the likelihood of adverse legislation or regulation. I think that’s important for Bitcoin—and in the long term, potentially even more important for Zcash.

They weakened open standards…

Not all bad actors are nation-states; MANY are perpetrated by individuals or groups of individuals to make a profit. Accountability stops that. Will it stop nation states? Well: for openers, we can check the history of someone to see if they have suspect links to nation states BEFORE they are trusted to work on code (what can be done after they succeed in infiltrating? little, of course; but an ounce of prevention…)

Good thing; what if it had been an anon and they didn’t speak to it; just suddenly went permanently radio silent when confronted about it? That would be most unpleasant.

I have a counter-explanation to how it is more than one person; if you or anyone else is interested, you can message me privately on this forum. Seeing as how this is a zcash forum, I don’t want to veer off on that topic too much.

But to the mods: understand that much of what has been discussed above is relevant because I am a former bitcoin stumper who sees possibilities in zcash that no longer exist for bitcoin [again: bitcoin as digital gold is a HUGE success; but not for the “money of the Internet”] So it was unavoidable discussing on this thread, when challenged, as to what I see as the gaps in bitcoin’s functionality that has piqued my interest in zcash

You added this later, so I just saw it. This has happened with many/most of your posts; I know only what caught my eye scrolling around. I will not waste my time rereading the thread to see what else changed. Please stop that.

When we are discussing this before an audience that mostly consists of non-developers, and the arguments that you express come off as what could only be said by someone new to this space and unfamiliar to the development process, then your level of experience is relevant to the discussion.

Too many of these types of discussions result in uninformed speculation: The blind leading the blind. It is not the first time that I have seen it.

By analogy, if we were discussing safety standards for vaccines, and if you made a statement about pharmaceutical development processes that showed a patent lack of experience in the field, then it would be legitimate to make an analogous inquiry—not a fallacious ad hominem or personal attack.

Please don’t take questions about your level of experience as offensive: If you had no development experience whatsoever, as the overwhelming majority of people do not, would that be cause for embarrassment?

Anyway, I have no way to verify what you said in reply to me. Not asking for your dox for “accountability” about what you said in a forum post. :slight_smile:

As it stands, this discussion has gone into rapid-fire back-and-forth replies that wildly diverged from the topic. I am not here to chat with you personally; if the thread is uninteresting to others, then I am uninterested in continuing this discussion.

Understood; it just had me getting nervous as to that was where we might be going (I was exercising an ounce of prevention…)

“Satoshi” most definitely did code; but Gavin was the responsible party. Even if Gavin took some of his/their code verbatim and pasted it in to a block to be committed -at that point, Gavin was the responsible party [much in the same way that developers do with StackOverflow snippets -and now we have git making AI suggestions] Satoshi’s idea; Gavin’s product (and of course Gavin was later succeeded by other responsible parties…)