Real privacy ← all history until about 1980
bank/govt knows all ← you are here
Bitcoin panopticon ← even worse
Real privacy ← the Zcash era
— zooko
What's Interesting About Zcash
As the first and only fair-launched end-to-end encrypted ledger with a strong cypherpunk social layer, Zcash is perhaps the only real solution to the surveillance risks facing Bitcoin.
People are just starting to wake up to the necessity and urgency of a private store of value. Some people still think of Bitcoin in this way, but due to its transparent architecture, Bitcoin cannot be that. It cannot protect the collective from AI and surveillance being abused at scale. Zcash, however, already does.
Recent events across the world have meaningfully updated my priors with respect to the likelihood of nationwide capital controls being enforced over the next decade.
This trend no longer seems limited to countries like China and Russia. Fiat currencies (including USD) are almost all destined to significantly depreciate from here relative to hard assets. The UK is already wrestling with the possibility of full-blown dystopia. Europe feels like it's on a similar track. And America's social fabric feels like it's barely hanging on by a thread.
AI in combination with the existing surveillance apparatus will soon make it trivial for those in power to know about all your unencrypted onchain holdings across all ecosystems. And trivial to see where and when you send them out.
I think it's naive to think that such powers won't be used to target Bitcoin and transparent crypto holders (even those that do not rely on off-ramps) in order to neuter both legitimate social protests and to prevent capital flight. The difficulty lies in trying to predict which countries will resort to this and which won't. Unfortunately, the complexity of the system means it's simply not possible to predict precisely where the chips will fall here with a high degree of confidence.
How does Zcash help? If you hold at least some of your funds in the Zcash shielded pool, even the most powerful AI can't see or deduce what you have. Once those funds have sat in the shielded pool for long enough, you can move them around without traceability (provided you use a mixnet like @nym for routing).
Zcash turns 9 next month and has stayed true to its original vision since the beginning. Amidst the seemingly ever-increasing pressure to chase the next meta, I think it's worth remembering that sometimes it can take a decade for the market to even begin to realize the value of a unique company.
I think the same can be said for protocols. And in the current historical moment we are living through, I believe Zcash has a good chance of being one of them.
Why Now?
It feels like Zcash is at a social tipping point.
Apart from the fundamentals improving drastically over the last year (from a UX, organizational, and shielded pool adoption front), it feels like there's finally a meaningful vibe shift underway (fuelled by a new crop of younger holders like @Mert_ and @arjunkhemani).
My simple left curve thesis here is that the importance of privacy is up only over the next decade and Zcash is the most lindy privacy protocol, with a social layer that's as cypherpunk as it gets, and a very simple narrative (surveillance dystopia insurance) which I feel is just starting to resonate culturally.
The UX flow from shielded ZEC (Zcash's native currency) to private USDC payments on @payy_link via @zashi_app is very smooth today and will only improve — I honestly think this will become my main crypto use case over the next months.
I also think ZEC probably gets more mindshare and flows as more OGs become jaded with the nonstop ponzi scheme metas, VC dumps, and quickening institutional takeover of this space.
At time of writing, ZEC is still down ≈22.5% from its Dec 9 high, while the Orchard pool privacy set has increased by 4x since then (it now contains almost 20% of all ZEC in existence).
(ZEC is also still ≈72% down from its last cycle high of ≈$320 — a time when the fundamentals and regulatory climate were significantly worse and ZEC inflation was 3x higher than it is today).
The founder's belief and persistence is unshakeable (@zooko). The ECC feels like it has the right leader in @jswihart, and the presence of @shieldedlabs (an independently funded organization based out of Switzerland) ensures there isn't a single point of failure.
Macro Trends
AI powered surveillance, chilling effects, the weaponization of the rule of law, nationwide capital controls, and the confiscation of assets for political reasons are all trends that I unfortunately expect to get meaningfully worse during the next decade.
In Nassim Taleb's words:
"If your assets can be frozen because you once met someone who had lunch with the brother-in-law of a banker connected to Putin, why take the risk of holding dollars?"
Notably, this problem extends past the currencies in question. It also applies to the real-world assets (real-estate, gold, shares, etc.) and cryptocurrencies that are held within those countries or jurisdictionally dependent on them.
These trends are all tailwinds for a fully encrypted store of value like ZEC.
Why Not Another Private Asset Instead of ZEC?
Privacy comes from funds at rest, not from value in flight.
There's simply no way to get strong privacy in the digital realm just at the moment of spend. The reason why this is the case is subtle but important.
It's very hard to avoid information leakage when you're shielding with a predetermined intention to spend. So you need to assume that your behaviour under such scenarios will leak some information that a powerful AI could link back to you in some way you haven't considered.
This is because the information leaked by where you held your funds, plus the information leaked by where your funds ended up, adds up to enough to dox you — even if the spending tech leaks no additional information.
Put another way: humans are pattern-emitting creatures and AIs are pattern-seeing creatures. And it's hard to intentionally change which patterns of information your actions emit.
So the only effective way to ensure you have strong privacy is to make sure you only spend from longer term funds that have been shielded for a certain amount of time (preferably weeks).
There are two important consequences from this insight:
- If you're sufficiently paranoid to care about your privacy in this way you're unlikely to want to hold a significant portion of your funds in a shielded bridge or separate chain (i.e. non natively) because doing so inevitably adds additional trust assumptions that you need to depend on long term — in other words, base layer privacy matters.
- This property creates a natural sink for something like ZEC: holding capital in a shielded pool long-term makes it more private; and a higher TVL in the shielded pool makes it more attractive for private capital. It's a great flywheel.
One of Zcash's core advantages is that targeted censorship is effectively impossible if you use it the right way. Thanks to base layer e2e encryption, the targeted censorship attack vectors against a shielded ZEC user are quite different to those against a Bitcoin/Ethereum/Solana user.
Mass censorship of the shielded pool is unlikely because all mining proceeds are paid out through shielded transactions. So if miners prohibit shielded transactions generally, they receive no revenue from the consensus protocol.
L2s
I think well-constructed L2s will find demand for composable private applications. But I don't think they can replace or obsolete Zcash. As long as Ethereum base layer transactions aren't e2e encrypted, some metadata leakage is unavoidable, even when using an encrypted L2 (especially at the L1-rollup boundary).
Even assuming the platonic ideal of a fully trustless encrypted rollup that doesn't yet exist, there are gas linkages and timing leakages that occur through batching / data availability cadence.
You should expect that this sort of metadata leakage (coupled with other information) will be enough for a powerful actor to de-anonymize you at some point in the future.
You need base layer private DA, a private mempool, and uniform or shielded fees to get close to the ≈0 information leakage of ZEC shielded-shielded transfers, but even then you have more leakage if batch timing/size depends on real demand.
You also inherently add a social layer dependency on the L1. Is that social layer willing to die on the hill of e2e encryption, or can it be pressured to compromise on this in some way?
Privacy Pools
There's a sense in which the association sets underlying the design means your privacy is dependent on what others choose to share — which I think is an inherently very dangerous and fragile privacy assumption to make in a world where those in power are increasingly resorting to lawfare to shape and coerce citizen behavior.
When Zooko first dug into the design and debated Vitalik on it, he had primary objections:
- It is an attempt to comply with the principle of guilty until proven innocent — while the opposite, innocent until proven guilty, is a bedrock principle of law in well-ordered societies.
- The implementation doesn't provide strong privacy to normal users: mixer systems like Tornado Cash are an evolutionary dead-end in terms of privacy.
There's a widespread myth within the crypto community that goes something like "the government can and will ban anything that offers privacy." The criminal charges around Tornado Cash have reinforced this bias. But Zcash is a counter-example that we should learn from. The fact that Zcash is widely used, offers strong privacy, and is still legal in the USA — and still supported by Coinbase and Gemini — is a very significant data point.
Among other government agencies, regulators, and actual law-makers, there are a substantial number who actually believe the opposite: that privacy that protects American citizens should actually be required by the law. This is how things have played out in the past. Part of the government (led by NSA and FBI) tried to ban encryption from the Internet, but eventually the government mandated encryption (e.g. HTTPS) in order to protect citizens.
At a minimum you need real decentralization of power and jurisdictional resilience. In Zcash's case there are three main contributing teams: the Electric Coin Company (a 501(c)(3) nonprofit), The Zcash Foundation (a U.S. 501(c)(3) public charity), and Shielded Labs (Swiss-based, donation-funded org) — plus contributors like Sean Bowe (@ebfull) that work completely solo.
Why ZEC over XMR?
Five principal reasons:
- XMR's brand is too associated with crime money. There is no path to institutional flows. Zcash has government and institutional relationships as a core competency.
- Crosslink brings PoS finality to Zcash that makes long rollbacks impossible — effectively fixing the hash rate concentration concern.
- Zcash has a pro-social mission and community and developer orgs and ecosystem (Coinbase, Gemini, Kraken, Binance).
- Zcash has the dev fund (funded via block rewards) for ongoing development that isn't easily captured by special interests.
- Monero's current heuristic privacy model is broken. They know it and they are trying to replace it with Zcash-style privacy.
The Importance of the Social Layer
While the above points primarily address the technological advantages, it feels like almost everyone who understands the technology is overindexing on the technology vs the values and resilience of the social layer that upholds it.
You can't fork or vampire attack the strength of the values of a core social layer that's gone through hell and back.
If those values are upholding a technical property of the system (e.g. 21M, e2e encryption) that humanity finds — or will find — useful, then the underlying token will probably be valuable long term.
I think this is ultimately the only long term moat in a quickly changing and highly competitive open source and borderless world. While the Bitcoin social layer can be trusted to uphold the 21M cap at all costs, it simply does not have the same muscle when it comes to privacy. Out of all the projects in existence, Zcash has the only social layer today that I feel has what it takes to uphold the technical property of e2e encryption under significant external pressure.
Memetic Potential
ZEC is one of the few genuinely useful coins that has effectively unlimited memetic potential.
From Satoshi linking to Zooko's blog to Snowden participating in the first ceremony under the pseudonym John Dobbertin — the lore is simply insane.
The protocol's name is inextricably tied to the value and importance of privacy in crypto. When people think privacy, they think Zcash.
Digital SOVs are primarily a memetic challenge — with the caveat that the technical properties underlying them need to enable something that humanity finds useful or necessary over an extended period of time. You also need a social layer that's willing to defend the key property of the SOV at all costs. In Bitcoin's case that's the 21M hard cap. In Zcash's case that's e2e encryption.
In Sum
- Zcash pioneered the tech — and the best in the business consider it to be an exemplary protocol
- They've proved they can deliver on UX
- They have government and institutional relations as a core competency
- Pass-through privacy options like XMR can't give you strong privacy
- L2s on unencrypted L1s inevitably leak more metadata and will require more trust assumptions
- Privacy pools on unencrypted L1s inevitably leak more metadata and still enable selective censorship via chilling effects
- The core teams and contributors are independently funded and jurisdictionally distributed
- The social layer is battle hardened and willing to die on the e2e encrypted privacy hill
- The name Zcash is already synonymous with privacy within crypto circles. The memetic potential has no ceiling and the lore is unique and uncopyable
- They're starting to appeal to the next generation in a meaningful way
ZEC's Price Action
People love to FUD the long term ZEC price graph, but what they miss is that ZEC launched with no premine or ICO. So the circulating supply at the moment of launch was effectively 0%. Early rewards were deliberately tiny due to a slow-start mining design — they ramped up linearly to 12.5 ZEC by block 20,000 (i.e. ~34 days in).
If you look closely at the market cap graph instead (price × circulating supply), you'll see that each cycle so far has led to a higher peak market cap than the previous one (≈$2.5bn in 2017/18 and ≈$3.5bn in 2021/2022). Zcash's market cap at time of writing is ≈$0.9bn — in other words ≈4x less than its previous cycle high.
In Frank Braun's words:
Zcash is about two halving cycles behind Bitcoin. While inflation in Bitcoin became very low (sub 1%) after 4 halvings, inflation in Zcash just became manageable after the second halving, which pushed it down from an annual inflation of ~12.5% to ~4.2% and that occurred less than a year ago in November 2024. This might serve as a catalyst for Zcash in the current bull market, given that the effects of halvings usually lag behind by a year to 18 months. The next halving will make the inflation rate good, comparable to gold and the target inflation rate of most central banks, namely ~2%. And after the fourth halving the inflation rate will be a very good sub ~1%.
Why Do I Believe 1 ZEC May Be Worth $50k in 10–15 Years?
Best estimates for Signal's MAU put it at around 2–3% of WhatsApp's MAU but Signal's compound annual growth rate is much higher (20–36% vs WhatsApp's 8.4%). This shows there is an important set of users that value full encryption of their messages with minimal metadata leakage — and that this set is growing fast.
Extrapolating these growth rates under a reasonable range of assumptions leads to Signal attaining somewhere between 5–8% of WhatsApp's size in 10 years time. Interestingly, this sort of relative market share and growth rate vs market leader seems to hold across most services where privacy is a concern (e.g. best estimates show that Brave has a ≈2% market share of the browser market vs Chrome's ≈69.2% but a much higher user growth rate).
I think we'll see a similar trend start to play out for e2e encrypted value over the coming decade as surveillance + AI keep ramping up and capital controls and targeted censorship of crypto holders become more likely.
If you agree with this, then it's reasonable to expect that the TAM for a fully encrypted SOV will eventually reach ≈5% of the TAM of the more transparent market leader (in this case Bitcoin). If you believe one BTC could one day be worth $1M, then that leaves you with a price estimate of $50k per ZEC (5% of $1M).
As a sanity check, $50k per ZEC would give ZEC a trillion dollar market cap — which is ≈1/10th of the value of all undeclared/hidden offshore wealth today.
Wherever you land on this though, I think it's hard to argue that it isn't a smart hedge at this stage to put ≈1% of your BTC/ETH/SOL stack into shielded ZEC. If Zcash fails, losing that 1% won't change your life. But if it succeeds, that 1% could end up being more valuable than the entirety of your crypto holdings.
In Closing
This essay is focused on making the case for a small allocation to ZEC and therefore focuses on the possible financial gain to be had if Zcash succeeds. But if Zcash does for the internet what the Bill of Rights did for America, the prospect of unprecedented economic and collective freedom is far more exciting than any possible financial gain.
In Nassim Taleb's words:
"At no point have governments been more effectively intrusive, thanks to technology… Today's governments have far more reach, and this is proving to be unstoppable."
Both encrypted messages (Signal) and encrypted assets (Zcash) are necessary to slow down the trend here. In the best case they'll help reverse it.
To paraphrase @snowden: a lot of people today are confused about privacy; they think of privacy as an individual right — but privacy is a collective right that derives from the individual right.
One of the common attacks against privacy, which comes straight out of the Nazi playbook, is to build a web of laws, administrative hurdles, and everyday routines that make self-disclosure the default. When you turn this sort of disclosure into a condition for ordinary life, you are able to separate the collective into groups, and to analyze and assess those groups individually.
From there, you have the foundations that enable you (or a future more malicious power) to act against those groups, separately from the collective.
The only way this can happen though is if people are persuaded that max disclosure is a normal condition to participating in everyday life.
To hold ZEC is to take a stance against this extremely short-sighted and dangerous philosophy that is starting to take root across the world. It's to believe in the possibility of a world in which disclosure is consensual. A world in which the individual exists on an equal level to the State rather than being subservient to it.