Ethereum must provide privacy unconditionally , without forcing users to prove their innocence.
This roadmap outlines the necessary steps to transform Ethereum into a maximally private and self-sovereign financial system. Privacy must not be an optional feature that users must consciously enable — it must be the default state of the network.
Presumably the proof-of-innocence refers to the first demo implementation of the Privacy Pools paper Vitalik and I wrote, so I’ll chime in here.
I think privacy by default at the L1 is a bad idea—unless we also build tools that allow (not force) users to dissociate from other users. If we don’t, then we are actually the ones forcing users to provide privacy to other users (including DeFi hackers, terrorists, and in the case of North Korea: both) just to access privacy themselves.
Being able to disscociate from other users actually increases my sovereignty, it does not decrease it. Sovereignty is about choice.
I have had this argument about 100 times since the Privacy Pools paper came out, many times with people who are triggered by the proof-of-innocence meme, and you can see these arguments on Twitter by searching the keyword “dissociation” on my account (ameensol): https://x.com/search?lang=en&q=dissociation%20(from%3Aameensol).
It’s also a fallacy to compare anonymous money to encryption (and personally, I wish this wasn’t true but it is). In the case of encryption, I don’t need participation from anyone else to get the benefits of being able to keep secrets. But in the case of anonymous money, if I am the only one using the anon money system, it’s pretty obvious who I am. So value I get from the anon money system is actually socially derived from the participation of other users, and thus the quality of my anonymity set matters, not just the quantity. If I am in the anon set that also includes North Korean hackers, I will have a much harder time getting my funds from the anon money system accepted anywhere else (and rightfully so).
source: https://x.com/delete_shitcoin/status/1521461832266956803
Being able to prove the funds are legit is an important part of helping combat the ability of criminals to launder money through our anon money systems. Tornado Cash & ZCash have view keys, where users can selectively reveal their transactions to an authority if desired. Before they both joined Vitalik and I on the Privacy Pools paper, Fabian Schar and Matthias Nadler wrote the best paper on Tornado Cash that I have seen, in which they 1) argue for the importance of privacy and 2) provide a potential regulatory framework for it: anonymous money system should be legal, but users should still be required to reveal their transaction history to a financial authority in order to legally access them.
I know it’s difficult, but if you can bring yourself to empathize with a regulator, the problem you face is: how do I tell the good money apart from the bad money? One solution is the above: require all anon money system users to reveal their tx history to a financial authority, and in the backend, create a data-sharing system by which we know the sum of all users that have complied with this requirement, and thus by process of elimination, we know that the rest of the money is (probably) the bad money. However, this still creates a government-owned honeypot of all the tx history which itself can be leaked or abused, and is thus not an ideal solution.
The reason Vitalik, Matthias, Fabian and I got together and wrote the Privacy Pools paper is because Vitalik thought of a potentially better way: what if we can prove in public which deposits we are not, allowing users to publicly dissociate from known bad money, and thus create a more useful separating criteria for regulators, and critically, potentially avoiding the need for a centralized honeypot of all the tx history in the first place. If I was a regulator, I would be OK with this solution. Financial institutions, if desired, could still demand the specific tx history from their users, but at least the funds are known to not be from known illicit sources, based on their public dissociation proofs.
In conclusion, I encourage any technological development we do on enhancing base layer privacy to proceed in lockstep with tools that allow public dissociation proofs, which would serve to enhance user sovereignty by allowing users to choose for themselves who they are willing to associate with.