vnprc/ruminations_on_privacy_coins.txt

## ruminations_on_privacy_coins.txt
issues with zcash

- corporation is a single point of failure
  - The feds operated a completely compromised, highly influential cryptography company for years. They can do it again
  https://en.wikipedia.org/wiki/Crypto_AG
- unfair launch
  - I believe it is a mistake to treat a currency like a software startup. Money is not a company. It needs to be a truly
  neutral arbiter with extremely minimal ties to human organizations. In my view, breaking this norm fundamentally compromises
  trust in a currency. Low trust => low adoption => no network effect
  - A founder's reward is anathema to a fair launch. The founder's reward was adjusted in 2020
  (https://help.slushpool.com/en/support/solutions/articles/77000423686-what-is-a-zcash-founder-reward-), but this is too
  little too late. The logarithmically declining zcash emission schedule gives the largest payouts early. These were delivered
  to founders and early investors. This misstep compromises my trust in zcash as a form of money. I believe that the
  technology behind zcash is probably sound but it bears too many similarities to an ICO scam for me to be comfortable using
  it for an extremely sensitive use case like a privacy coin.
- protocol updates are unsupported by academic research
  - based on the peer-reviewed Zerocash paper, which was published in 2014. But after the genesis block "updates to the
  protocol are not generally peer-reviewed" https://z.cash/support/faq/
- anonymity set is all shielded transactions happening at the same time, not all txs ever. Zcash shielded txs have low usage
and therefore, a small anonymity set

case in point: why do darknets use monero and not zcash?

zcash steelman arguments:
Apparently the crypto is better/stronger/harder/faster. (Ok, maybe not faster.) I am not a cryptography expert but this seems
to be the general sentiment (I think this is what @valkenburgh is alluding to when he states his preference for zcash).

Monero is playing a shell game to hide transactions, which is a strategy that is fundamentally at odds with a public
blockchain where every transaction is publicly and indelibly recorded. So your txs are arguably only private for a limited
time. I expect the capability of the feds to deanonymize transactions will grow steadily with time, so monero is playing a
perpetual cat and mouse game. </steelman>

But the monero shell game seems to be working presently. My long term hope is that bitcoin/LN privacy achieves levels suitable
for most uses, making monero and zcash largely obsolete. Given the shortcomings of zcash and the (hopefully) limited time
window where a non-bitcoin privacy coin is necessary, I trust Monero over ZCash.

I try my damnedest to maintain an open mind on all topics. I am open to changing my opinion on this topic but, given the
above, it seems a herculean task at this point. I welcome good faith rebuttals to all of the above arguments.
	issues with zcash

	- corporation is a single point of failure
	- The feds operated a completely compromised, highly influential cryptography company for years. They can do it again
	https://en.wikipedia.org/wiki/Crypto_AG
	- unfair launch
	- I believe it is a mistake to treat a currency like a software startup. Money is not a company. It needs to be a truly
	neutral arbiter with extremely minimal ties to human organizations. In my view, breaking this norm fundamentally compromises
	trust in a currency. Low trust => low adoption => no network effect
	- A founder's reward is anathema to a fair launch. The founder's reward was adjusted in 2020
	(https://help.slushpool.com/en/support/solutions/articles/77000423686-what-is-a-zcash-founder-reward-), but this is too
	little too late. The logarithmically declining zcash emission schedule gives the largest payouts early. These were delivered
	to founders and early investors. This misstep compromises my trust in zcash as a form of money. I believe that the
	technology behind zcash is probably sound but it bears too many similarities to an ICO scam for me to be comfortable using
	it for an extremely sensitive use case like a privacy coin.
	- protocol updates are unsupported by academic research
	- based on the peer-reviewed Zerocash paper, which was published in 2014. But after the genesis block "updates to the
	protocol are not generally peer-reviewed" https://z.cash/support/faq/
	- anonymity set is all shielded transactions happening at the same time, not all txs ever. Zcash shielded txs have low usage
	and therefore, a small anonymity set

	case in point: why do darknets use monero and not zcash?

	zcash steelman arguments:
	Apparently the crypto is better/stronger/harder/faster. (Ok, maybe not faster.) I am not a cryptography expert but this seems
	to be the general sentiment (I think this is what @valkenburgh is alluding to when he states his preference for zcash).

	Monero is playing a shell game to hide transactions, which is a strategy that is fundamentally at odds with a public
	blockchain where every transaction is publicly and indelibly recorded. So your txs are arguably only private for a limited
	time. I expect the capability of the feds to deanonymize transactions will grow steadily with time, so monero is playing a
	perpetual cat and mouse game. </steelman>

	But the monero shell game seems to be working presently. My long term hope is that bitcoin/LN privacy achieves levels suitable
	for most uses, making monero and zcash largely obsolete. Given the shortcomings of zcash and the (hopefully) limited time
	window where a non-bitcoin privacy coin is necessary, I trust Monero over ZCash.

	I try my damnedest to maintain an open mind on all topics. I am open to changing my opinion on this topic but, given the
	above, it seems a herculean task at this point. I welcome good faith rebuttals to all of the above arguments.