Opinion on anonymous chat page based on ZEC chain

Hi all,

to get familiar with zcash capabilities, I built a small page which can basically display the memo fields from zcash transactions and arrange them in a chat timeline.

However, I’d like to know if my statements on this page are correct:

• when users send transactions from a personal shielded address to the shielded address given on the page, the posted messages are completely anonymous and cannot be traced back to the sender; yes/no?

• when someone sends a transaction from a transparent address to the given shielded address on the page, the above privacy statement doesn’t hold; yes/no?

• when I disclose the viewing key for the given shielded address on the page, other people can recover all messages on the page, without disclosing sender addresses (and without harming anonymity); yes/no?

Please also test if you like and please let me know how you find it. Thank you

http://www.z-board.net

Best,
Thomas

As far as I know the shielded sender’s information can only be disclosed by the recipient (not sure if any information is revealed through that nickname process)
Sending a message from an unshielded address would not protect the sender (i wasn’t aware you could do that)
The viewing key, not sure but sounds right
Pretty cool app
Edit- don’t worry somebody will be along soon to correct me

Nice stuff. The encrypted memo field is a great addition as per this post: The Encrypted Memo Field - Electric Coin Company.

Yes.

I’m reasonably sure this isn’t possible. You can only send an encrypted message from a shielded address to a shielded address. See the blog post above albeit I’ve never tested this.

Yes. The sender’s address is never revealed.

No, the sender address is never revealed to the recipient. You might be thinking of payment disclosures but these are generated by the sender and not the recipient.

Just to test that, I posted to the message board (I don’t know why the alias didn’t work correctly) and the TXid is bcfef3bcc735397cf9631ff5aac408c41009a69cb14288d6616818fa5b8707ad. I then generated a payment disclosure to prove I sent it containing a link to this thread:

zpd:706462ff005fad58e65340749229f114d3c5998481f75c3b3784ef1143b8375bd166294022ad07875bfa186861d68842b19ca60910c408c4aaf51f63f97c3935c7bcf3febc000000000000000001acf15e79cdaa4425cf0aa501450b16bfbdbe622f66bb73466757edbde318ca700395ae1a38542f35365e20300b69f4f2c32972fd4525a758410945b51778f6635c466f72756d207468726561643a2068747470733a2f2f666f72756d2e7a2e636173682f742f6f70696e696f6e2d6f6e2d616e6f6e796d6f75732d636861742d706167652d62617365642d6f6e2d7a65632d636861696e2f3238313535606e3879ff6085e4652a0f3b5711f44aeabcc08ec0fc4b4d3ae8f985e992daa8ff540dec50fc2bd39c893c3339083855a815d5b257e14a81d03820f544142807

If you verify that with zcash-cli z_validatepaymentdisclosure zpd:70646...... you should see the below which contains the memo but does not reveal from where it was sent.

{
  "txid": "bcfef3bcc735397cf9631ff5aac408c41009a69cb14288d6616818fa5b8707ad",
  "jsIndex": 0,
  "outputIndex": 1,
  "version": 0,
  "onetimePrivKey": "22402966d15b37b84311ef84373b5cf7818499c5d314f12992744053e658ad5f",
  "message": "Forum thread: https://forum.zcashcommunity.com/t/opinion-on-anonymous-chat-page-based-on-zec-chain/28155",
  "joinSplitPubKey": "eceed6aaf9062bc762153479a17eda7698c7f32615f169a0517cb8cbb5d0b040",
  "signatureVerified": true,
  "paymentAddress": "zcWrP36TaR1MyVPChGgt8kip1yvMfHRXuiVzBNUCvZimY25in26fy9CDTWUbvgus2n8EBWsMnjRGCPJQKgXVBMzuzwRbkn3",
  "memo": "4e616d653a3a6761726574687464617669657320426c6f6720706f7374206f6e205a6361736820656e63727970746564206d656d6f7320686572653a2068747470733a2f2f626c6f672e7a2e636173682f656e637279707465642d6d656d6f2d6669656c642f0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
  "value": 0.00001000,
  "commitmentMatch": true,
  "valid": true
}

Thank you garethtdavies for this comprehensive explanation!
So basically my idea is correct: people sending messages to the board are completely anonymous and protected. Also, since I disclose the viewing key, even if the page is taken down, everyone who has a copy of the viewing key can restore the full chat history, but won‘t get any insights about the senders. Very cool.

So as a start let me copy the viewing key also here: ZiVKkwAQ9PAJ2tDkpseBUHUtRG5rWHfPe3bECY8yKbnLJBqU9EvvnggFgAmWv4DT41odsiScJYiHpukbgj7cicpsi1qT1Lcod

PS: regarding nickname, I‘ve added an example to the page, as the syntax was a bit unclear. (e.g. SpeedyGonzales:: Arriba, arriba! will parse correctly)

Thanks again for the kind response!

One more question: will sending many transactions to the same z-address somehow (maybe statistically) reduce security?

Interesting question, and no it shouldn’t. As you can see from the transaction above the only detail on the blockchain is the fee (so the default of 0.0001 should always be used). That being said this doesn’t consider network privacy (or lack thereof).

Perhaps where you mention transparent addresses, as I don’t think this is relevant here, you could mention these privacy recommendations Privacy Recommendations and Best Practices - Zcash particularly regarding network privacy. As per the recommendations:

• Be aware of IP linkability between transactions sent from shielded addresses and your other network traffic.
• Advanced users may use Tor to obfuscate the IP address of their Zcash node.

Awesome, thanks, that makes sense. I figured out after I had written that I’d read the docs a bit too literally!

Sorry, I was wrong here, I finally got around to testing it and you can indeed send a memo from a t-addr (so long as it is to a z-addr). Here is a sample transaction id 5add9c1c1e7a298a6ea97d829262e6d4e160066e66269f6fc2e9034fa204ed58 so you can see the address sent from on the blockchain. As you are publishing the viewing key you can see the txid associated with the message and then, although you would have some Bitcoin-style pseudonymity, it wouldn’t be truly private so, yes best to stick to sending from z-addrs as you originally stated.

@th0ms0n really interesting project you got here!
Big up!

Amazing, thank you! I used the weekend to read some more zcash blog posts and it seems the approach is pretty safe for users. Since the transaction is fully encrypted, it would even tolerate eavesdropping.

Any features you all would like to see on the page? Like/Dislike buttons, etc.?

Thank you,
Thomas