faq.html

<!DOCTYPE html>
<!--  This site was created in Webflow. http://www.webflow.com  -->
<!--  Last Published: Fri Jun 12 2020 19:35:59 GMT+0000 (Coordinated Universal Time)  -->
<html data-wf-page="5eda8b59b414c7ac93a13049" data-wf-site="5eda64bd77a8dc6e05ed8a12">
<head>
  <meta charset="utf-8">
  <title>Faq</title>
  <meta content="Faq" property="og:title">
  <meta content="Faq" property="twitter:title">
  <meta content="width=device-width, initial-scale=1" name="viewport">
  <meta content="Webflow" name="generator">
  <link href="css/normalize.css" rel="stylesheet" type="text/css">
  <link href="css/webflow.css" rel="stylesheet" type="text/css">
  <link href="new-draft/css/zbay-v2.webflow.css" rel="stylesheet" type="text/css">
  <script src="https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js" type="text/javascript"></script>
  <script type="text/javascript">WebFont.load({  google: {    families: ["Rubik:300,regular,700,900"]  }});</script>
  <!-- [if lt IE 9]><script src="https://cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv.min.js" type="text/javascript"></script><![endif] -->
  <script type="text/javascript">!function(o,c){var n=c.documentElement,t=" w-mod-";n.className+=t+"js",("ontouchstart"in o||o.DocumentTouch&&c instanceof DocumentTouch)&&(n.className+=t+"touch")}(window,document);</script>
  <link href="images/favicon.png" rel="shortcut icon" type="image/x-icon">
  <link href="images/webclip.png" rel="apple-touch-icon">
  <style type="text/css">
<!--
   @media screen and (min-width: 1200px) {
	.w-container {
	max-width: 1170px;
	}
}
-->  
html {
    -webkit-appearance: none;
	}
html {
    -webkit-tap-highlight-color: rgba(0, 0, 0, 0);
	}   
</style>
</head>
<body>
  <div data-collapse="medium" data-animation="default" data-duration="400" role="banner" class="zb-navbar w-nav"><a href="index.html" class="brand w-nav-brand"><img src="images/logo-lockup--circle.svg" width="142.5" alt="" class="image-2"></a>
    <div class="spacer"></div>
    <nav role="navigation" class="nav-menu w-nav-menu"><a href="how.html" class="zb-nav-text-link w-nav-link">How it works</a><a href="why.html" class="zb-nav-text-link w-nav-link">Why  Zbay?</a><a href="faq.html" aria-current="page" class="zb-nav-text-link w-nav-link w--current">FAQ</a><a href="https://twitter.com/try_quiet" class="zb-flex-nav-link w-inline-block"><img src="images/twitter--black.svg" alt="" class="zb-nav-icon"><div class="zb-nav-text">Twitter</div></a><a href="https://github.com/ZbayApp/ZbayLite" class="zb-flex-nav-link w-inline-block"><img src="images/github--black.svg" alt="" class="zb-nav-icon"><div class="zb-nav-text">Github</div></a></nav>
    <div class="menu-button w-nav-button"></div>
  </div>
  <div id="faq" class="zb-faq-section">
    <div class="zb-faq">
      <p>
        ⚠️ Zbay is no longer maintained. We are now building <a href="https://tryquiet.org">Quiet</a>, a Tor-based alternative to Slack & Discord that doesn't rely on servers. 
      </p>
      <br>
      <h1
        data-w-id="57a5976b-66ed-76da-385d-08b82ab3d7e9"
        class="zb-section-heading"
      >
        FAQ
      </h1>
      <ul class="zb-faq__faq-list">
        <li class="zb-faq__faq-item">
          <h2 class="zb-faq__question">
            Should I trust Zbay to protect me against [insert specific
            adversary here]?
          </h2>
          <p class="zb-faq__p">
            No. Zbay, and Zcash, are experimental technologies. More
            generally, given the state of computer security, you should avoid
            using electronic means to communicate anything that could cause
            unacceptable harm to you if discovered.
          </p>
        </li>
        <li id="direct-messages" class="zb-faq__faq-item">
          <h2 class="zb-faq__question">Are direct messages private?</h2>
          <p class="zb-faq__p">
            Zbay sends direct messages in one of two ways:
          </p> 
            
          <p class="zb-faq__p">
            1. When one party is offline or has not enabled p2p messaging over Tor, Zbay sends direct messages via Zcash encrypted memo to the user's registered Zcash address. This takes several seconds to send and up to a few minutes to receive, and it costs a tiny amount of money, but it lets you leave a message for someone who is offline and be reasonably sure they will receive it.
          </p>

          <p class="zb-faq__p">
            2. When both parties are online and have enabled p2p messaging over Tor, Zbay sends direct messages via Tor v3 onion services to the user's registered onion service. Messages sent via Tor appear instantly, cost no fee, and unlike Zcash memos are not permanently stored on a public blockchain.
          </p>
            
          <p class="zb-faq__p">  
            Currently, Zbay relies on Tor and Zcash for encryption, though at some point we will add encryption at the application layer for defense in depth. Zbay has not been audited and should not be used for any activities where security and privacy are critical, but direct messages sent via Zcash should be as private as any Zcash encrypted memo, and direct messages sent via Tor should be as private as any connection to a v3 onion service over the Tor network. You can learn more about the privacy properties of Zcash encrypted
            memos
            <a href="https://electriccoin.co/blog/encrypted-memo-field/"
              >here</a
            >, and you can learn more about the privacy properties of Tor v3 onion services <a href="https://gitweb.torproject.org/torspec.git/tree/rend-spec-v3.txt">here</a>. 
          </p>
        </li>
        <li class="zb-faq__faq-item">
          <h2 class="zb-faq__question">Are channels private?</h2>
          <p class="zb-faq__p">
            Messages sent to a channel are as private as Zcash
            <a href="https://electriccoin.co/blog/encrypted-memo-field/"
              >encrypted memos</a
            >
            and the viewing key to that channel. Like a Bitcoin address or a
            Google Doc set to “anyone with the link”, the key provides full
            access. Unlike a Google Doc, messages on a Zcash channel can’t be
            deleted, so anyone with access, or anyone who controls a medium
            the key passes through, could potentially access all messages sent
            to that channel forever.
          </p>
        </li>
        <li class="zb-faq__faq-item">
          <h2 class="zb-faq__question">Will messages be private forever?</h2>
          <p class="zb-faq__p">
            No. In channels with large numbers of people, it’s likely that one
            of the participants will eventually leak the key or messages
            themselves, to some other medium. Even if the key is kept secure,
            it’s likely that the discovery of bugs or advancements in
            cryptography (e.g. quantum cryptography) will make all or some
            Zbay messages public at some point in the future. That said, in an
            age where intelligence agencies and companies routinely scoop up
            data and store it forever, this is true for most encrypted
            communication.
          </p>
        </li>
        <li class="zb-faq__faq-item">
          <h2 class="zb-faq__question">Can messages be deleted?</h2>
          <p class="zb-faq__p">
            No. If you delete your account, you will lose access to your
            messages. But your messages will still be accessible to
            recipients.
          </p>
        </li>
        <li class="zb-faq__faq-item">
          <h2 class="zb-faq__question">Is it anonymous?</h2>
          <p class="zb-faq__p">
            If someone has your Zcash address or username, you can receive
            messages and funds from them without revealing your IP address or
            identity, if Zcash’s anonymity claims are correct. (Note that your
            IP address would be visible as a Zcash or perhaps Zbay user, and
            there may not be many of those.) On the other hand, replying,
            sending messages, registering an account, or creating a public
            channel could reveal your IP address to an attacker who was
            actively monitoring the Zcash network at that moment.
          </p>
          <p class="zb-faq__p">
            Our hope is that the Zcash team will address sender anonymity in
            the future, and tools like VPNs or Tor may provide additional
            anonymity protection in the meantime.
          </p>
        </li>
        <li class="zb-faq__faq-item">
          <h2 class="zb-faq__question">
            Can third parties see who I’m talking to?
          </h2>
          <p class="zb-faq__p">
            Zbay messages use Zcash shielded transactions, so sender and
            recipient metadata is encrypted. You can learn more about shielded
            transactions <a href="https://z.cash/technology/">here</a>.
          </p>
          <p class="zb-faq__p">
            However, there may be methods to guess who is talking to who (e.g.
            based on the timing of messages) or through other attacks.
          </p>
        </li>
        <li id="tor" class="zb-faq__faq-item">
          <h2 class="zb-faq__question">Can I use Tor with Zbay?</h2>
          <p class="zb-faq__p">
            Not yet, but we're working on it. Right now, Zbay bundles Tor,
            but only uses it to send direct messages, and only when the recipient is also online.
            When the recipient is not online, Zbay sends and receives messages over the Zcash network,
            not over Tor. In the future we plan to use Tor for everything,
            so that using Zbay will be comparably anonymous to using Tor on the web,
            but until then please do not use Zbay for any activities where anonymity is important.
          </p>
        </li>
        <li class="zb-faq__faq-item">
          <h2 class="zb-faq__question">Can I earn money with Zbay?</h2>
          <p class="zb-faq__p">
            Yes! You can advertise and sell physical or digital goods on
            Zbay. The market is likely to be very small at first. But if
            you’d like to pioneer a new kind of platform, try it out. Because
            Zbay doesn’t have a built-in ratings system (yet) we recommend
            focusing on building a reputation with a small group of people as
            a trusted seller and working up from there.
          </p>
        </li>
        <li class="zb-faq__faq-item">
          <h2 class="zb-faq__question">Do Zbay channels have moderation?</h2>
          <p class="zb-faq__p">
            Yes. The channel owner can appoint moderators, and moderators can
            hide posts, hide all posts by a certain user, ban messages to the
            channel from unregistered users, and set a minimum spend to
            message the channel.
          </p>
        </li>
        <li class="zb-faq__faq-item">
          <h2 class="zb-faq__question">Can moderators delete messages?</h2>
          <p class="zb-faq__p">
            No, they can only instruct the Zbay app to hide them from users.
            Messages cannot be deleted.
          </p>
        </li>
        <li class="zb-faq__faq-item">
          <h2 class="zb-faq__question">
            If another Zbay user scams me, do I have any recourse?<br />
          </h2>
          <p class="zb-faq__p">
            Probably not, in the sense of recovering your funds. However, you
            can post about the scam in Zbay channels and on any relevant
            subreddits, to warn other potential victims. Channel moderators
            could potentially block the scam seller, also. We hope to have
            build a ratings system of some kind.
          </p>
        </li>
        <li class="zb-faq__faq-item">
          <h2 class="zb-faq__question">
            Can I post images or other files in Zbay?<br />
          </h2>
          <p class="zb-faq__p">
            Not at this time, though you may be able to post very small images
            or files in the future.
          </p>
        </li>
        <li id="node-info" class="zb-faq__faq-item">
          <h2 class="zb-faq__question">
            What does the information in the "node status" section mean?<br />
          </h2>
          <p class="zb-faq__p">
            Network - This confirms that you're connected to the Zcash mainnet&mdash;where you will send and receive real Zcash&mdash;as opposed to the Zcash testnet.
          </p>
          <p class="zb-faq__p">
            Blocks - Zcash transactions are stored in blocks. Here you see how many blocks Zbay has synced so far, and the total number of blocks available, from Zbay's perspective.
          </p>
          <p class="zb-faq__p">
            Connections - This is the number of other Zcash nodes you are connected to. Typically you will connect to 8 nodes.
          </p>
          <p class="zb-faq__p">
            UTXO - This is the number of unspent outputs. We show this number here because running out of UTXOs will temporarily block you from sending messages, even if you have funds. (This should almost never happen, especially after you've been using Zbay for a bit.)
          </p>
        </li>
        <li class="zb-faq__faq-item">
          <h2 class="zb-faq__question">
            What is Zbay’s carbon footprint? Will it destroy the planet?<br />
          </h2>
          <p class="zb-faq__p">
            An October 2019
            <a
              href="https://forum.zcashcommunity.com/t/dev-fund-proposal-carbon-offsetting/34834/6"
              >estimate</a
            >
            of the Zcash network’s carbon footprint estimated that it used the
            equivalent of 7.09 American households per year. So at the moment
            it will not destroy the planet, no!
          </p>
          <p class="zb-faq__p">
            This footprint could grow in the future if the price of Zcash
            increases. It could also decrease as the Zcash network becomes
            more efficient by introducing things like proof of stake, as
            renewables become cheaper or more prevalent in China (where most
            cryptocurrency mining happens), as carbon taxes spread in
            prevalence, or due to other factors.
          </p>
          <p class="zb-faq__p">
            According to the same estimate above, offsetting the carbon
            emissions of the Zcash network would cost $5,000/year, which is
            pretty manageable.
          </p>
        </li>
        <li class="zb-faq__faq-item">
          <h2 class="zb-faq__question">
            How many people will be able to use Zbay?<br />
          </h2>
          <p class="zb-faq__p">
            Right now, not that many! The Zcash network can process about 6
            “transactions” per second. Zbay can potentially fit a few short
            messages into a single transaction, so let’s say it can handle 10
            messages per second. If Zbay quickly grows in popularity, it could
            become less reliable or even unusable.
          </p>
          <p class="zb-faq__p">
            There are many ways Zbay could put less of a burden on the Zcash
            network. Meanwhile, the Zcash team seems intent on making the
            Zcash network scale to billions of users, and has a credible path
            towards doing so. So it could be that, by the time Zbay becomes
            popular, the Zcash network is no longer a bottleneck.
          </p>
        </li>
        <li class="zb-faq__faq-item">
          <h2 class="zb-faq__question">
            What if someone uses Zbay to do something awful?<br />
          </h2>
          <p class="zb-faq__p">
            (TL;DR: Even if Zbay pursues state-of-the-art approaches to
            protect users’ privacy, which it has a moral obligation to do,
            that will not stop well-resourced law-enforcement institutions
            from subverting or working around these protections to enforce the
            law, which is as it should be. In short, we take the same position
            that Apple has taken in their design of the iPhone.)
          </p>
          <p class="zb-faq__p">
            This question is important and deserves a complete answer, so this
            section is itself a mini-essay on the state of technology,
            democracy, and power.&nbsp;<br />
          </p>

          <p class="zb-faq__p">
            First, unlike with centralized services, all of the basic data
            necessary to hold lawbreaking users and channel owners accountable
            will be equally available to everyone on the Internet. If anyone
            is considering using Zbay to break the law, this fact should give
            them pause. While Zbay seeks to protect the privacy of its users,
            the current state of cybersecurity is such that it is always
            possible, even against the most advanced privacy and anonymity
            tools, to identify and disrupt those seen as bad actors, given
            sufficient resources. Unlike with cloud platforms like Facebook,
            agencies and researchers will not need special privileges to
            access the data they need; it will all be in the open to everyone,
            to the extent it is to anyone.<br />
          </p>

          <p class="zb-faq__p">
            Perhaps the best example of how technology can be as secure and
            private as possible while still leaving room for law enforcement
            is the iPhone. Apple provides the best encryption they can for
            every iPhone, to protect their customers’ photos, messages, and
            online accounts if a phone is lost or stolen. When, to investigate
            a terrorist attack, the FBI demanded Apple change this code to let
            them access a seized iPhone, Apple famously stood firm and
            refused. Apple argued that this “back door” would undermine the
            privacy and security of all their customers, including
            journalists, world leaders, and engineers maintaining critical
            infrastructure—which would in turn undermine
            <em>everyone’s</em> safety. Soon after, the FBI revealed that it
            had contracted a highly specialized service that, despite Apple’s
            best efforts, was able to break the security protecting the seized
            iPhone. This is hardly an isolated case: time and again, when
            products have used encryption to protect privacy, law enforcement
            agencies complain loudly about their imminent powerlessness
            against scary adversaries, while quietly mustering their abundant
            resources to break through technical barriers and bring the most
            technically-savvy bad actors to justice.&nbsp;<br />
          </p>

          <p class="zb-faq__p">
            Zbay will go as far as it can to protect users’ privacy and
            anonymity. If governments want to spy on conversations or identify
            users they might need to go to great lengths to do so. It might be
            hard, and that’s okay: violating peoples’ privacy in a democracy
            is <em>supposed</em> to be hard.&nbsp;<br />
          </p>
          <p class="zb-faq__p">
            Unlike centralized services, the Zbay team will not hold any
            useful data or be a gatekeeper to their ability to do this, and no
            government will have privileged access to user data on Zbay simply
            because they are the home jurisdiction of the company. In a world
            where communication happens on peer-to-peer platforms like Zbay,
            countries and organizations with advanced offensive hacking and
            surveillance capabilities will enjoy an advantage when it comes to
            data collection and enforcement against unlawful behavior. However
            they will have to choose their targets carefully, since any
            methods used to enforce the law could also be used by bad actors
            against legitimate users once widely known. (Which means the Zbay
            platform or Zcash network will have a basic duty to its users to
            fix these privacy problems once they are discovered.)&nbsp;<br />
          </p>

          <p class="zb-faq__p">
            This pattern places a strong limit on mass surveillance while,
            given the ever imperfect state of cybersecurity, providing law
            enforcement with ample options for enforcing against antisocial
            behavior in important cases.<br />
          </p>

          <p class="zb-faq__p">
            We believe that law enforcement by public institutions rooted in
            democracy—not rules created by private platforms—is the correct
            way to hold online communities and their participants accountable
            for their behavior. Right now, governments and shareholders are
            pressuring large online platforms to arbitrarily create their own
            private rules, outside the representation guarantees of democratic
            structures. This is wrong: democracies should not abdicate their
            role and give unaccountable private power total control over what
            people can and cannot say online. Instead, democracies should
            create clear, consistent standards that protect free expression
            and create public institutions capable of enforcing these
            principles directly against their most destructive offenders. Zbay
            is completely compatible with this vision.<br />
          </p>

          <p class="zb-faq__p">
            At the same time, every online platform exists in a global reality
            where some governments are sometimes corrupt, unrepresentative,
            violent, and repressive. So we must create platforms that give
            ordinary people the power to resist their local laws, speak truth
            to power, and—even with the best privacy and anonymity tools when
            working against well-resourced adversaries like governments—risk
            getting caught.&nbsp;<br />
          </p>

          <p class="zb-faq__p">
            After all, accountability between law and online discussion runs
            in two directions: for residents of democracies to hold each other
            accountable, they need to be able to enforce the law—but for
            residents of non-democracies to hold each other accountable, they
            need to somehow hold their authoritarian governments accountable,
            which means being able to break the law. One can say this isn’t
            the way things should be, but it is the way things are now: much
            of the world is not governed by democracy. This stark fact means
            that everyone who cares about democracy must agree governments
            need strong checks—as strong as we can make them—on their power to
            control what people do online.<br />
          </p>

          <p class="zb-faq__p">
            We believe that all of us—especially those of us who enjoy the
            benefits of democracy—owe residents of repressive countries the
            best protections for privacy we can practically muster, so that in
            pivotal moments they can gather in courage and make their voices
            heard.<br />
          </p>

          <p class="zb-faq__p">
            This belief doesn’t exist in a vacuum. It emerges from a
            centuries-old discussion on the value of freedom of expression,
            and is surrounded right now by an ever-accelerating debate pushed
            forward by a dizzying barrage of terrifying news and political
            events. We recognize that not all the answers will be visible
            right now, but we hope that by launching Zbay into the world, we
            can dig deeper down, past the first wave of superficial responses,
            down to some thoughtful and robust answer that can last. We
            welcome and treasure the conversation.<br />
          </p>
        </li>
      </ul>
    </div>
  </div>
  <div class="zb-footer">
    <div class="zb-footer__logo-container"><a href="/" class="zb-footer__logo-link-block w-inline-block"><img src="images/logo-lockup--circle--watermark.svg" alt="" class="zb-footer__logo"></a></div>
    <ul role="list" class="zb-footer__pri-btns-list">
      <li class="zb-footer__pri-btn-item">
        <a href="how.html" class="zb-footer__pri-btn w-inline-block">
          <div class="zb-footer__pri-btn-text">How it works</div>
        </a>
        <a href="why.html" class="zb-footer__pri-btn w-inline-block">
          <div class="zb-footer__pri-btn-text">Why?</div>
        </a>
        <a href="faq.html" aria-current="page" class="zb-footer__pri-btn w-inline-block w--current">
          <div class="zb-footer__pri-btn-text">FAQ</div>
        </a>
      </li>
    </ul>
    <ul role="list" class="zb-footer__sec-btns-list">
      <li class="zb-footer__sec-btn-item"><a href="https://twitter.com/try_quiet" class="zb-footer__sec-btn w-inline-block"><img src="images/twitter--white.svg" alt="" class="zb-footer__sec-btn-image"></a></li>
      <li class="zb-footer__sec-btn-item"><a href="https://github.com/ZbayApp/ZbayLite" class="zb-footer__sec-btn w-inline-block"><img src="images/github--white.svg" alt="" class="zb-footer__sec-btn-image"></a></li>
    </ul>
    <div class="zb-footer__copyright-text"><span class="copy-left">©</span> Copyleft Zbay 2020</div>
  </div>
  <script src="https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.4.1.min.220afd743d.js?site=5eda64bd77a8dc6e05ed8a12" type="text/javascript" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous"></script>
  <script src="js/webflow.js" type="text/javascript"></script>
  <!-- [if lte IE 9]><script src="https://cdnjs.cloudflare.com/ajax/libs/placeholders/3.0.2/placeholders.min.js"></script><![endif] -->
</body>
</html>