RT @initc3org: How can you ensure anonymous (and potentially adversarial) clients have their reputation updated onchain without revealing t….

An interesting question is, practically, how much data you can hide from a merchant while going through visa/master card. There are various means of tokenization in these protocols, but in practice Im not sure what merchants get.

What do you want to know?.

Technically, you can get onchain privacy AND, offchain, ensure Payy, Visa, and merchants only see one-time payments—think one time gift cards per payment with no linkable identity. But business rules and issuer policies make this unlikely in practice.

Payy: May see everything. They run a "single-sequencer validium rollup"—fancy words for "we run a server." If they also generate the ZK payment proofs (likely), they see your address and balances. Unclear what they learn about your credit card transactions, but potentially a lot.

on chain: Normally everything is exposed—blockchains are Twitter for your bank account. Payy's ZK proofs, hopefully, fix this. Merchants: may get your name or a persistent ID that tracks usage. Visa/issuer: Almost certainly full card history, maybe full name. Payy: The wildcard.

This is the slickest 'private' payment experience I've seen in crypto. Uses the same zk tech we built for Zcash. But private to whom? .When you pay crypto address → Payy → Visa/card issuer → merchant, each step has different privacy issues and levels of safety. In more detail:.

Seriously, if you're going to build a dystopian internet to protect children, only apply it to children. Don't.1) require everyone to show ID for social media.2) or let AI decide if your mature enough. Just put spyware on kids devices. Its awful, but at least transparent.

G-HAL: "Im sorry Dave, I can't let you do that. You lack the emotional majority to look at adult content".Dave: " But I'm 27".G-HAL: " But you keep watching the same lowbrau comedy pods. ". Jokes aside, this is just as bad as requiring ID on the internet.

When did TLS notaries/oracle/zk TLS first emerge? Chatting with a colleague, we guessed ~2017 in industry and academia. 1st academic paper I know of, however, is 2019 (Deco). For industry, TLS Notary's Git dates to 2014, which seems early.

Oh, Railgun on Eth probably falls into this category (if your careful about gas).

There probably a few other Zerocash derived schemes that are live besides the ones I listed, thats just what I got off the top of my head for projects who I've actually met and have constructions that , if implemented correctly, give full privacy.

Its the weekend and I have grant proposals to write, but need a distraction. So here's a crypto meme crudely edited to accurately summarizes the state of privacy techniques on blockchains.

Yes, there are maybe more reasonable ways to do nudity monitoring. E.g., opt-in, or have the recipient's device scan incoming images if it belongs to a child. Indeed, that's where Apple started a year or two ago. Now it's by default, for adults, and on outgoing. A Slippery slope.

Seriously though, this normalizes AI content monitoring. And what the AI policeman on your phone looks for will grow. It could flag anti-GMO activists, chemtrailstans, or anyone who's ever used the word "toxins" unironically (assuming it gets sarcasm). Its a bipartisan problem.

Apple will use AI to look out for your ass (and other body parts). Don't worry, FaceTime Big Brother is watching for your protection . today. Tomorrow it's when you sext the wrong adult. Don't worry, your telescreen will decide what's appropriate.

Prototype code in arkworks (do not use in production): .Paper:

From the academic side: zk-promises is a new tool for reputation and anonymous credentials. From the crypto side: it finally makes the account model private. Before this, Zexe-derived projects like Aleo and Aztec (plus Zcash if we go back to payments) were stuck with UTXOs.

We can build this for credentials on the web with a simple server, or use it for private smart contracts on a blockchain. In the latter case, we get a private account model where clients sequence their own updates but can't selectively drop requests.

When a moderator invokes an anonymous callback, they post it to a public bulletin board with some function arguments. To use your credential again, you must first prove you checked that bulletin board and applied all of your pending callbacks.

Your anonymous account isn't tied to the post, so you have no incentive to honor a downvote or ban. zk-promises solves this by creating anonymous callbacks. When you take an action, you also generate a callback that can be safely hand out without linking back to your credential.