Thanks! I really like that thread and the Resetting Zcash: Its about privacy thread.
We need to focus on the basics to get Zcash back on track
for fucks fucking sakeā¦
Stop incessantly twittering to people who donāt understand the implications of transacting over and over into the same t-address about zashi letting you transact PRIVATELY with all these other blockchains.
Make it actually privacy-preserving first and then start crowing about it.
1 Like
Yeah and this issue got much worse now with the swapping feature as basically every Swap and CrossPay use ties the userās outgoing payment back to their T-address, basically making all those features silently transparent on the chain. IMHO, this is now an emergency to fix.
3 Likes
Iāve been thinking more about how the change is reimbursed back to the single t-address associated with your Zashi wallet. At the moment, when you make a Crosspay transaction you only enter the quote asset address and amount from your Zashi wallet to initiate the payment. You are not manually inputting the change address, which means that Zashi is doing that for the user in the background.
Why does Zashi not specify a fresh unified address to receive the change? I donāt fully understand why we would choose to use Ephemeral t-addresses in lieu of fresh unified addresses to request the change?
It seems like this must be a preference Near has in which case we should demand they change their preference given the serious privacy implications it poses.
I think youāre overthinking it; this has nothing to do with NEAR as far as I can see. Itās really just missing feature (though I would say, itās also a serious bug). Josh said itās a priority for them to fix.
On a separate note regarding the repeated use of t-addresses, Iām wondering what is the difference of withdrawing directly from a CEX to 1 t-address and shielding versus 10 t-addresses and shielding? Does the action of shielding from 10 unlinkable t-addresses increase the effective size of the anonymity set since itās potentially 10 different users versus 1 user? Or, over a long period of time and lots of noise and activity happening in the orchard pool does this matter that much?
Iām making the assumption that itās a NEAR preference because they may use direct CEX withdrawals to satisfy orders, most of which will only support t-addresses.
Well, it (mostly) does not matter if you withdraw from the same CEX (1 address vs. 10 different ones). But as soon as you mix different actions, it matters immensely. For example, if you withdraw from the CEX to Zashiās T-address, then shield your balance, and then use CrossPay (which today re-uses the T-address) you basically lose all privacy, i.e. itās the same as if the shielding were skipped entirely.
1 Like
NEAR needs a T-address, but it does not need to be the one T-address that has been used for other things. Using a one-time T-address fixes the issue and thatās the feature soon to be released.
I understand that. Just to exaggerate, letās say I have 1 million ZEC and I want to withdraw it to the orchard pool. If I randomise the amounts and do it over a significant amount of time does this have the effect of increasing the anonymity set?
If Zashi had rotating t-addresses thatās what I would do. I would just keep rotating and withdraw over time to shield my ZEC. But if I do it in one big transaction it seems like itās bad for me and reduces the anonymity set as far as chainalysis can tell?
Why can it not send the change back to a unified address?
Zashi removed transparent receivers from unified addresses back in May, also for privacy reasons.
Keeping them decoupled and rotating the taddress is probably the best approach here.
2 Likes
Thatās true but I donāt think itās related to the issue. I donāt know why NEAR needs a T-address, but itās not related to transparent receivers in UAs
I was simply answering the question āWhy can it not send the change back to a unified address?ā and pointing out that unified addresses donāt contain transparent receivers.
Woohoo! Look how many people - who think they are transacting privately because we told them zcash was private - are using the new woop de doo we built into zashi before enabling the most basic privacy protection imaginable.
2 Likes
They are working on it. Lets stay postive please 
2 Likes
Okay cool.
Iām sorry but why is this not prioritized? In my opinion this renders Zashi entirely unusable. If I have only one transparent address then that means my NEAR intents will unshield first to this same address. All my shieldings and unshieldings will take place to this address. Any and all privacy features are obsoleted by Zashi being unable to rotate t-addresses. How is this acceptable? Itās been almost a year. This is crazy.
3 Likes
Nice turns out Nighthawk and YWallet is also literally crippled the same way.
It is impossible to take Zcash community and Zcash seriously when it comes to privacy claims until this is fixed. It isnāt even a hard fix, just comical to do other random improvements while such a gaping hole is present in the ecosystem.
Question for the ZCash wallet developers: are you even serious about this? Or is privacy just a grift for you?
1 Like
Itās not a simple add without potentially causing privacy issues:
The concept is: generating multiple T addresses and then Zashi auto shields all of them for you, you could see on-chain that those addresses belong to the same wallet which basically negates any positive effect of having T address rotation in the first place.
1 Like