And if there is not a specific good reason why this is the case, can I suggest that it would be quite a lot better for privacy to make the receiving t-addresses be single use and spin up a new one for each transaction?
5 Likes
A quick mention of another privacy pet peeve: wallets should always warn users when merging t-address inputs (sending a transaction with multiple inputs) because this stores a permanent record on the blockchain that the same user likely controlled both addresses, enabling clustering.
Perhaps
This transaction will permanently reveal to the public:
- The input addresses used to fund it
- That the owner of these input addresses is likely the same person
- The recipient (if t-addr)
- The amounts sent to the recipient (if t-addr)
- The date and time of the transaction
- If not running your own lightwalletd node, it is possible your IP addresses are logged by this server: 1.2.3.4:443
Confirm?
Personally I love T-addresses and I think that theyâre a huge, if controversial, differentiator to have around. But we really could do better to steward the UX around them for less obsessive people.
5 Likes
If the process of consolidating transparent funds to shielded in zashi is doing this 
kind of merging, then i vote for changing that to making each t-address â z-address a discrete transaction.
1 Like
@joshs any chance you have a ballpark timeframe for when this may land?
1 Like
Likely Q2.
3 Likes
Solid request, looking forward to the t-address rotation update
It seems to me it reuses z addresses as well. As like if it knew only one z address. This is odd
reusing z address is common practice from privacy standpoint you dont lose any privacy as nobody can track your assets or transactions on chain using z address.
unless ofc you want more than 1 wallet for different use cases or to separate money. then multiple z addresses can be good - and i think its planned in the future?
Using the same z address does impact your privacy though because it can reveal information about you.
If I post my z address on Facebook so all my FB friends can see or more if my fb profile is public (for example because I am doing a garage sale, asking for donations, etc)âŚand then I post the same z address on here or another public forum for my politics website or to sell VPN, email, storage, or LLM services for zcash then anyone who can see my FB profile will be able to tie me to my politics website or the websites I sell those services.
2 Likes
yeah, thats true.
only use z address multiple times only in places where you are ok that the address could be tied to your identity. even tho none of the funds or transactions can be seen by anyone else.
Yeah, unfortunately currently Zashi doesnât allow creating multiple z-addresses (or t-addresses). As much as I like the simplicity of Zashi, I think it will be much more compelling to use once we can create and manage multiple addresses.
Things are shaping up very nice for Zcash, but I think this is a significant missing piece that helps tie and make private commerce seamless with Zcash. Flexa allowing shielded payments, Mayaprotocol and Near allowing crosschain, Keystone wallet supporting shielded ZcashâŚnow we just need Zashi to allow managing multiple addresses with these to really make all this powerful to use for all kinds of commerce.
3 Likes
Including shielded address or is it only applicable to transparent addresses?
If under my persona âaliceâ I have a transaction with you and share my wallet address, and then under my persona âbobâ I have another transaction with you and share my wallet address, youâll know that âaliceâ and âbobâ are the same person.
Itâs a boring yet clear example, but the idea is that if people transact with one entity, and then another entity, those two should not be able to know they have been transacting with the same individual. If keys are not rotated after each transaction, the risk is very much there.
1 Like
UA address rotation
In what follows, Iâm going to try to avoid using the term âretardedâ except in this meta first sentence.
How is it possible that this issue about rotating t-addresses has been sitting here unaddressed for months even though it is the absolute lowest of low hanging fruit in terms of pragmatically increasing the privacy available to zashi users and someone brings up a good reason to take t-addresses out of the UA address and start rotating shielded addresses and it goes from a conversation to a shipped release in like 3 days?
do i actually need to list the reasons why rotating t-addresses is much, much more pressing for user privacy than rotating shielded addresses (though of course rotating shielded addresses is also SMART)?
WTAF?
3 Likes
There are some good engineers working on Zcash. Unfortunately many of them are more focused on usability (for users and exchanges) than privacy.
I actually assume that the issues you raised have been known all along by most developers.
When/if development funds are finally under the control of shielded stakeholders/voters. I think the Zcash privacy community will finally be able to demand privacy first development practices (or developers wont get paid).
2 Likes
I like your username.
You might enjoy reading the first thread i started on this forum from 2016.
1 Like
âThere are some good engineers working on Zcash. Unfortunately many of them are more focused on usability (for users and exchanges) than privacy.â
I agree with the intent but I think it slightly misses the mark, the aim should be to maximize simplicity BUT not so simple that it is missing core and basic privacy features that any zcash user with even a basic clue would want if they plan on using the app on a regular basis. The fact that T-addresses canât be rotated does put a sour taste in my mouth as a pretty basic user myselfâŚyou want to win over basic users who want simplicity combined with the core privacy features needed for everyday use. You canât forgo basic utility for would be basic active zcash users in order to target only clueless users. Basic users not totally clueless users will be your first core active user base.
Having the option to generate a new t-address doesnât seem like an advanced feature from a user perspective, it seems like a simple (basic core) feature for anyone who wants to use Zashi.
That being said I know there are limited developer resources, and things take time.
This twitter thread from the @zashi_app account borders on criminal hypocrisy. Seriously.
I agree with you about a lot of hypocrisy from some of those receiving funding to develop Zcash. Lots of talk about the importance of privacy combined with actions that undermine it in practice.