How Zbay works

Zbay is a Mac, Windows, and GNU/Linux desktop app that uses encrypted memos sent over the Zcash network to build an experience like Slack, Telegram, or Facebook Marketplace. You can register a username, message other users, join channels (group chats), offer items for sale, and buy things—all over the Zcash network. There’s no central server.

Zbay uses Zcash shielded transactions and encrypted memos for everything

What makes Zcash different from Bitcoin or Ethereum is that it has shielded transactions. Shielded transactions can include tiny encrypted memos, which only the recipient can see. The cost per message is very low: penny can send more than a hundred messages. (So we automatically send every Zbay user a small amount of the Zcash currency, ZEC, to get them started.)

An encrypted memo allows a maximum of just 512 characters, but Zbay squeezes a lot of interesting stuff into it. If you message another user, we send a transaction with a tiny amount of ZEC and an encrypted memo containing the contents of your message and your signature. (Zcash includes no information about the sender of a message, so we have to include your signature so that the recipient will know it's you!)

If you message a group of users, we send the exact same kind of message to one address, but everyone in the group has the key to read messages sent to that address. That's what lets you into the group: knowing the address to send to and having the key to read all the messages sent there. Zcash has separate keys for viewing and spending, so just because you can read messages doesn't mean you can spend money sent to the channel—only the user can do that. Unfortunately, there is no way to know who has joined the group, or to remove someone from the group. Access control for channels is very crude for now, but it works and is a starting point.

Zbay has secure, human-readable usernames and channels

Since Zbay can send encrypted messages to other addresses, share access to these addresses, and use the contents of these messages however it likes, it can offer familiar experiences like having a username and being able to message people with usernames, without smart contracts. The data live in the blockchain, but the smarts, for now, live in the Zbay app.

If you register a username, we send a message to an address that everyone has the viewing key for. The message says "I hereby register the username @alice, this is my address, and this is my public key." And it's sent to a special address that's hardcoded into the Zbay app. (Soon you will be able to register multiple usernames and switch between them, but right now you can only have one.)

We do the same thing when you make a channel public. ("I hereby register the channel #bears, this is its address, and this is its viewing key.") The Zbay app can see all the channel registration messages sent to this address and give users a nice searchable list, or make the channel #bears a clickable link if someone mentions it in a message.

Zbay has moderation

Anyone can send a message to any address they know about, but Zbay can decide which messages it displays and which it ignores, and you can control this. If someone starts spamming you, you can block them and Zbay will recieve their messages but hide them from you. If spam becomes a problem we might start charging people more money to create accounts, or charging them to send a first message to someone else. (Each user could register the minimum spend to contact them for the first time.)

Channel owners can moderate by sending special messages to a channel that tell the Zbay app to ignore a specific message or a problem user. Of course, if channel participants don't like this they can always move to another channel, so channel owners must tread carefully in how they conduct moderation.

Users can even offer items for sale. An offer is a normal message with some special information that Zbay parses to show an ad-like blurb in the channel. Users can message the seller with questions, buy the product, and even include their shipping information in a convenient way. All of this is sent directly to the seller in an encrypted message. Someday, channel owners will be able to set a minimum price for posting an offer to a channel.

Zbay uses encryption, not deletion, to protect privacy

Messages never get deleted, but deletion may be overrated, or at least much more difficult in practice than it seems. According to the Snowden leaks, America’s NSA is saving a permanent copy of all messages that travel across the Internet. Other countries likely are too. In purely technical terms, when you delete something, whether on a centralized service like Facebook or even on your own computer, it’s hard to be sure it was deleted. Some peer-to-peer networks make deletion of messages the norm, but on a peer-to-peer network any participant with a modified app—from the NSA to a sleazy data collection business—can save every message they see, forever. As Edward Snowden explains in his book Permanent Record, the best way to keep things private is to encrypt information and control the keys, not to rely on deletion.

Zbay can be used with Tor or VPNs for greater anonymity

Finally, there's an important caveat when it comes to anonymity: even though information about the sender of a message is hidden from folks viewing the blockchain, peers on the Zcash network can see the IP addresses of other peers as they post transactions. An attacker could join the network with a lot of peers and then associate transactions (like messages registering a username) to an IP address. This isn't especially expensive. So it could be a good idea to use Zbay over a VPN, Tor, or both if you want increased anonymity, though you should understand the limits of those approaches and the risks too!