In Darkode, the hosts tell the story of a ransomware victim who was forced to buy 500 dollars worth of Bitcoin to gain access back to her files that had been stolen and encrypted. In the process, she came in contact with TOR which has as its central mission to provide anonymous communication between people through computers. Because of the secrecy it provides, the dark web (which can be accessed through TOR) is home to a host of cyber-crime including selling stolen financial information and other illegal goods and services. Similarly, the purpose of ZCash was to take the ledger system implemented by Bitcoin but to improve the product by also ensuring  mathematically guaranteed anonymity in every transaction. Although this is a significant upside, it also opens the currency up to some potentially dark uses, since this anonymity is exactly what criminals are looking for to be able to buy and sell goods illegally without arousing suspicion.

Although the days of perfect security are gone, this level of anonymity is pretty good. It allows anybody who uses these services to be confident that their identity is almost certainly anonymous, and this poses a significant challenge to the privacy vs. security debate: how can we allow people to have access to pretty good anonymity without losing the ability to track down criminals? After all, if ZCash worked as intended, you could easily see a list of all transactions that had taken place, but you couldn’t figure out who was involved in them, creating the perfect smokescreen in which criminals can hide.

A comparison could be made to the selling of ski masks, gloves, and guns; all three can be used to do evil things, but all of them are still legal products that have legitimate uses. But the level of anonymity afforded by ZCash and other similar privacy-focused technologies goes far beyond what you could attain with a pair of gloves and a ski mask. Perhaps this nearly perfect anonymity has gone to far, enabling criminal activity without any significant benefits for legitimate uses. This is one of the most difficult questions to answer in the security vs. privacy debate, and one that could cast the deciding vote in which direction we as a society choose to go.