@Juraj
Greedy capitalist
Relays (3)
- wss://relay.damus.io – read & write
- wss://relay.primal.net – read & write
- wss://nos.lol – read & write
Recent Notes
Because I don't pay, I stake the shitcoin, short it (to hedge the risk of shitcoin), and I get "free" compute capacity and a little bit of interest rate on the invested capital.
Unfortunately not much. Can't you run even quantized models?
Detailed report, hopefully they will address this.
My concerns about the PeerAuth extension
1. Telemetry should be opt-in - Currently it's not even opt-out. PostHog tracks wallet addresses and proof activity.
2. The extension must be free and open source - I won't run a closed-source extension that handles my bank data. It needs to be auditable. The analysis below was done on minified JS bundles.
3. This is NOT zero knowledge! The name "zkp2p" is misleading. You temporarily leak a TLS session key to a third party (the attestor), they decrypt your FULL bank API response (balance, transactions, personal info), then sign an attestation. You trust them not to log it. That's attestation, not ZK.
4. The prover design leaks too much to the attestor. A better approach: wrap TLSNotary proof in a ZK proof that verifies TLS certificate signatures up to root CA, verifies regexp of public parameters, and outputs only: recipient, amount, date, status. Everything else stays private - attestor never sees it. I believe this is now technically feasible. Oskarth will maybe correct me, see his talk on exactly this: https://www.youtube.com/watch?v=HmOw73tYzKI
5. Attestation server should be verifiable - Probably not open source either. Even with this non open source design, what would be nice: run a reproducible build in TEE with attestation. If it was end-to-end encrypted into the TEE and we could verify it's not logging anything, I'd like it much more.
6. Global page injection is actually useful - My report flags `https://*/*` permissions, but I think this enables building on/off-ramp services everywhere. The issue isn't broad permissions - it's the trust issues above.
Is the code and contracts open source? The monorepo on GitHub seems quite old (7 months). I'd like to independently verify it.
---
But not to complain too much, I'm writing this out of ❤️ - I've been waiting for a product like this. This brings cryptoanarchy tools closer to the present. Overall good job, the product experience has been great.
We could do many cool things with this - imagine a "Pay with Revolut" button for merchants not yet in crypto. Buy anonymous services, cashu tokens, whatever - pay with Revolut/Venmo/..., merchant gets stablecoins (hopefully privacy-preserving ones in the future) and never touches bank fiat.
The critique comes from wanting this to succeed. Hope for a better, more private, more trustless version. 🙏
Forward!
Report by my intern: https://cypherpunk.today/static/zkp2p-peerauth-report.pdf
@nevent1qvz...
My concerns about the PeerAuth extension
1. Telemetry should be opt-in - Currently it's not even opt-out. PostHog tracks wallet addresses and proof activity.
2. The extension must be free and open source - I won't run a closed-source extension that handles my bank data. It needs to be auditable. The analysis below was done on minified JS bundles.
3. This is NOT zero knowledge! The name "zkp2p" is misleading. You temporarily leak a TLS session key to a third party (the attestor), they decrypt your FULL bank API response (balance, transactions, personal info), then sign an attestation. You trust them not to log it. That's attestation, not ZK.
4. The prover design leaks too much to the attestor. A better approach: wrap TLSNotary proof in a ZK proof that verifies TLS certificate signatures up to root CA, verifies regexp of public parameters, and outputs only: recipient, amount, date, status. Everything else stays private - attestor never sees it. I believe this is now technically feasible. Oskarth will maybe correct me, see his talk on exactly this: https://www.youtube.com/watch?v=HmOw73tYzKI
5. Attestation server should be verifiable - Probably not open source either. Even with this non open source design, what would be nice: run a reproducible build in TEE with attestation. If it was end-to-end encrypted into the TEE and we could verify it's not logging anything, I'd like it much more.
6. Global page injection is actually useful - My report flags `https://*/*` permissions, but I think this enables building on/off-ramp services everywhere. The issue isn't broad permissions - it's the trust issues above.
Is the code and contracts open source? The monorepo on GitHub seems quite old (7 months). I'd like to independently verify it.
---
But not to complain too much, I'm writing this out of ❤️ - I've been waiting for a product like this. This brings cryptoanarchy tools closer to the present. Overall good job, the product experience has been great.
We could do many cool things with this - imagine a "Pay with Revolut" button for merchants not yet in crypto. Buy anonymous services, cashu tokens, whatever - pay with Revolut/Venmo/..., merchant gets stablecoins (hopefully privacy-preserving ones in the future) and never touches bank fiat.
The critique comes from wanting this to succeed. Hope for a better, more private, more trustless version. 🙏
Forward!
Report by my intern: https://cypherpunk.today/static/zkp2p-peerauth-report.pdf
@nevent1qvz...
I agree, it is true. Or even worse. For example I was investigated by Revolut for a normal, definitely not dirty transaction. What if it is really dirty?
I also prefer P2P and cash.
But as long as people prefer electronic payments (look even at @nprofile1q... - many are "send me to revolut"), this will have utility. But it will have utility also beyond this.
Imagine for example instant release of collateral when you repay a loan. You have contract (Firefish), all is good, they would release the collateral manually, but now it would instant, you don't have to wait for anyone.
Or imagine onboarding to Cashu, or some Nostr wallet peer to peer. You send someone - not the Cashu / wallet operator some fiat and you get Bitcoin/cashu tokens instantly. No third parties, no fees, no KYC(!) by a centralized entity. It is not anonymous, but there is no central entity collecting your identities.
I also prefer P2P and cash.
But as long as people prefer electronic payments (look even at @nprofile1q... - many are "send me to revolut"), this will have utility. But it will have utility also beyond this.
Imagine for example instant release of collateral when you repay a loan. You have contract (Firefish), all is good, they would release the collateral manually, but now it would instant, you don't have to wait for anyone.
Or imagine onboarding to Cashu, or some Nostr wallet peer to peer. You send someone - not the Cashu / wallet operator some fiat and you get Bitcoin/cashu tokens instantly. No third parties, no fees, no KYC(!) by a centralized entity. It is not anonymous, but there is no central entity collecting your identities.
He is too lazy to post on more platforms without his tooling. He has an idea, writes it in one app and blasts everywhere. It doesn't have Nostr support though.
But I'm working on a project that might convince him, stay tuned.
But I'm working on a project that might convince him, stay tuned.
A few notes about this. The first version of the extension used tlsnotary. The new version is quite concerning to me from privacy perspective. The data leaks a bit more than is required and has telemetry.
This is for the buyer of stablecoin (the person that sends bank fiat). The seller of the stablecoin does not need the extension at all.
I think this is doable in a much more private way technologically (if nothing else, prove the validity of tlsnotary proof in zk proof with few public parameters).
On the other hand, this has basically the user experience of Binance p2p - instant on ramp and off ramp, without KYC. Good job.
@nevent1qqs...
This is for the buyer of stablecoin (the person that sends bank fiat). The seller of the stablecoin does not need the extension at all.
I think this is doable in a much more private way technologically (if nothing else, prove the validity of tlsnotary proof in zk proof with few public parameters).
On the other hand, this has basically the user experience of Binance p2p - instant on ramp and off ramp, without KYC. Good job.
@nevent1qqs...
From @nprofile1q... who does not post on Nostr much:
"Technology leads, politicians just follow," a famous quote from my friend @nprofile1q..., which I have remembered for a decade and see everywhere around me.
Politicians and bureaucrats continually impose restrictions and limit our freedom and privacy.
And it is disruptive technologies that are giving us back our freedom and privacy.
The best examples are Bitcoin and VPN/Tor.
Both are disruptive technologies that undermine power structures — the centralized, monopolized banking system and government efforts to censor or control internet content (yes, that includes European Chat/Age Control).
Since 2026, EU legislation DAC 8 has been in force, which makes all crypto transactions on centralized platforms completely transparent.
If you, as a European citizen, use centralized exchanges or any other centralized crypto platforms, the state/tax office will know everything about you.
In a situation where a French tax office employee leaked internal information about individuals who own cryptocurrency to the mafia, which then organized armed robberies, I don't think it's a good idea to disclose to the state how much cryptocurrency you have. And in 2026, you will be doing just that by using state-regulated, centralized crypto services.
I was extremely pleased that with the advent of DAC 8 dystopia, new disruptive technologies emerged.
ZKP2P is the first trustworthy, DeFi, P2P on/off-ramp service that enables a new way of buying and selling cryptocurrencies (crypto-fiat, both ways).
And it is fully decentralized (without a centralized administrator that the state can regulate) and without the risk of fraud.
ZKP2P cryptographic proofs allow buyers to automatically verify that they have transferred the correct amount to the seller. The settlement itself is carried out by non-custodial smart contracts.
Everything is done in 60 seconds.
Something like Binance P2P, but decentralized, without the need for KYC.
Something like Bisq, but much easier to use, with lower fees.
Something like Vexl, but you don't have to share your number with anyone, and you can safely trade with completely anonymous people (you are not limited to a trusted circle of acquaintances).
https://zkp2p.xyz
ZKP2P only allows you to buy and sell stablecoins, but you can swap any crypto into them anonymously — without telling the government (via Zashi, Near Intents, Thorswap, Thorchain, or other services).
ZKP2P currently only supports global banks (including Revolut, N26, and Wise), but it is easy to add support for any local banks.
Ultimately, you make an instant bank transfer (you can enter any payment description), but no one knows that it is for the sale/purchase of cryptocurrency. And indeed not the tax office, which, as we can see, can pose a real threat to your physical safety.
Centralized, state-regulated exchanges are dead. DAC 8 killed them completely.
Long live ZKP2P!
Long live disruptive technologies!
"Technology leads, politicians just follow," a famous quote from my friend @nprofile1q..., which I have remembered for a decade and see everywhere around me.
Politicians and bureaucrats continually impose restrictions and limit our freedom and privacy.
And it is disruptive technologies that are giving us back our freedom and privacy.
The best examples are Bitcoin and VPN/Tor.
Both are disruptive technologies that undermine power structures — the centralized, monopolized banking system and government efforts to censor or control internet content (yes, that includes European Chat/Age Control).
Since 2026, EU legislation DAC 8 has been in force, which makes all crypto transactions on centralized platforms completely transparent.
If you, as a European citizen, use centralized exchanges or any other centralized crypto platforms, the state/tax office will know everything about you.
In a situation where a French tax office employee leaked internal information about individuals who own cryptocurrency to the mafia, which then organized armed robberies, I don't think it's a good idea to disclose to the state how much cryptocurrency you have. And in 2026, you will be doing just that by using state-regulated, centralized crypto services.
I was extremely pleased that with the advent of DAC 8 dystopia, new disruptive technologies emerged.
ZKP2P is the first trustworthy, DeFi, P2P on/off-ramp service that enables a new way of buying and selling cryptocurrencies (crypto-fiat, both ways).
And it is fully decentralized (without a centralized administrator that the state can regulate) and without the risk of fraud.
ZKP2P cryptographic proofs allow buyers to automatically verify that they have transferred the correct amount to the seller. The settlement itself is carried out by non-custodial smart contracts.
Everything is done in 60 seconds.
Something like Binance P2P, but decentralized, without the need for KYC.
Something like Bisq, but much easier to use, with lower fees.
Something like Vexl, but you don't have to share your number with anyone, and you can safely trade with completely anonymous people (you are not limited to a trusted circle of acquaintances).
https://zkp2p.xyz
ZKP2P only allows you to buy and sell stablecoins, but you can swap any crypto into them anonymously — without telling the government (via Zashi, Near Intents, Thorswap, Thorchain, or other services).
ZKP2P currently only supports global banks (including Revolut, N26, and Wise), but it is easy to add support for any local banks.
Ultimately, you make an instant bank transfer (you can enter any payment description), but no one knows that it is for the sale/purchase of cryptocurrency. And indeed not the tax office, which, as we can see, can pose a real threat to your physical safety.
Centralized, state-regulated exchanges are dead. DAC 8 killed them completely.
Long live ZKP2P!
Long live disruptive technologies!
No
Yes. Cca the safe dose 😁
Exactly
Polymarket is on ultra transparent chains.
It needs zero knowledge proofs and fill anonymity
It needs zero knowledge proofs and fill anonymity
Nie, iba appku na zapnutie bt device bez internetu.