ARC

@SIGNAL_RETURN ㅤ 　　　 ࿀　 　࿀　⠀⃝　　　⠀⃝ 　　　　⠀⃝⠀⃝　　࿀　　࿀⠀⃝　࿀　࿀ 　　⠀⃝　࿀　࿀　⠀⃝ ࿀ 　　　　　࿀　࿀　　⠀⃝　࿀࿀ 　　　࿀　⠀⃝　࿀　࿀　࿀ 　　 ࿀ ⠀⃝　࿀　　　⠀⃝ ࿀⠀⃝　࿀ 　　⠀⃝　　⠀⃝⠀⃝ 　　 ⠀⃝　࿀ ㅤ

@arc4g what is it

This month will be the culmination of >1.5 years of work. 10 people working weekends, waking up in the morning and working into the night on a project, for over a year and a half. Everything from software engineers, cryptographers & BDs. One of the most incredible journeys I’ve had the pleasure of being a part of. We’ve landed some incredible partnerships, and are going to be working with a ton of great startups when @onflowxyz launches this month. Building useful, and perhaps most importantly, privacy enhancing tools for developers and users is my dream “job” (due to fortunate circumstances, many executives at Sundial doesn’t take a salary). Seeing it finally materialize and potentially outgrow what I dreamed possible is surreal. I’ll keep you updated on the journey here going forward. I’d also like to thank those who believed in our vision, and those who backed it to make our world a bit more private (which has made Onflow an increasingly relevant tool in the age of age verification). Thank you. And I hope you go find a team you love and make your values a reality that people appreciate.

@SIGNAL_RETURN can i get a one letter email when we launch

Announcement: our TEE/ZK/MPC privacy email service is will be called Iron Mail. Our current estimate for a release date is start of Q3 2026 (roughly a 4 month development time). If you read the article below, and comment we'll award you with a perk (read on). A lot of people boldly claim "SMTP is old, therefore privacy is impossible". That's fair, if you say it with an open mind. What is also true is that multi-party computation and zero-knowledge proofs have come a long way, and so has TEEs. By utilizing a novel stack of these technologies (a stack we call IRON), we can ensure that even if served with a subpeona, we cannot capture data while at rest, while in transit (both inbound and outbound), this includes metadata. We will have free options that give you up to 1 GB of storage, as many folders as you need. Pinned mails, and so much more. While I can't go fully into detail on the exact mechanisms of how the IRON stack works yet to achieve in-platform privacy soundness, you'll be getting it near launch to verify for yourself exactly how we make sure that you can still receive, send and store emails with no option to for the service provider (us), to read your emails. Period. Iron Mail is developed for everyone to use. We'll be doing a public ceremony to get rid of so called "toxic waste" (generating a CRS which anyone who's verified can participate in) as the entire service relies on zero-knowledge proofs that every user can verify for their email dispatch that: 1) inbound is decrypted within a TEE edge server. 2) the plaintext was directly sent to an MPC council. 3) mail routing and attribution was done correctly. 4) SMTP-specific things such as DKIM verification. 5) outbound is jointly broadcast through MPC collaboration with the final email not being visible to the service provider. All zero-knowledge circuits will be released, after they've been audited by several parties, you can audit them yourself. This means, there is no uncertainty on whether we have hidden log infrastructure, since that would be either a) tampering with the process, which would invalidate the proof chain or b) be outright impossible once it's being processed by the MPC committee. Setting expectations 1. Referrals On referrals. We will have them. If we sponsor influencers, they will not be given a script, they can give their honest opinion. We will only be giving sponsorships to niche technical channels who actually knows what they're vouching for. Ironmail is mostly meant to be deployed for institutional and governmental security. Running a permanent free service for the public is purely in the interest of promoting good opsec and giving people access to a new innovation in a space where there hasn't been much for years now, despite annual earnings in excess of $100M+ (for Proton Privacy in 2024, per Zoominfo). We might also give referral code to tech enthusiasts who write blogs or has an audience, as these are the people who can accurately assess the veracity of the claims made. This has remained our biggest issue with companies like Proton: the marketing. We've seen them be subversive or sometimes, what can easily be suspected to be, intentionally misleading. 2. Defending users Based out of Delaware, US., jurisdictionally, we'll stand up for every subpoena, and we will always carry an up-to-date warrant canary in the footer of the website that we urge you to check (or setup an automated curl for), to ensure the company is still in our control. Signing up will be through 3 options: 1. A proof of work puzzle that takes between 5-10 minutes to solve on most processors. 2. An SMS message (after which that number is marked "used", but is not associated with your email). 3. By using @onflowxyz, zero-knowledge based proof of uniqueness using an ICAO 9303 document (i.e. a passport, or ID card, none of the info is transmitted to us, only a zero-knowledge proof, which is merely a mathematical proof of the validity of information, not any of the actual information). Any request for user info, be it IP address, email, contents of email, phone number, name or setting up future snooping is impossible within the IRON protocol. But again, we always urge you to check the warrant canary. Accessing the Site We will offer both a web UI and a fork of Thunderbird to access the Ironmail. We will also have endpoints setup for TOR and I2P (though experiences may be slightly degraded in terms of smoothness due to JS blocking) if you do not want your ISP to know you're using privacy-respecting services. Users can sign up on a VPN (we suggest Mullvad), on TOR or via I2P. You can pay via credit card where we give you the option to pay via credit/debit card (but, it is not recurring, and all payment data is deleted after 20 days), you can decide if you want to renew. You can also pay using cryptocurrency, including Monero and Zcash shielded transactions. We want to keep as little information about you as possible. We do not store which transaction hash was associated with your purchase after the sufficient number of verifications. Pricing The service, as mentioned, is meant for governmental and institutional usage in private deployments, however for our public-facing site, which can also be used by organizations of any size, the pricing will be similar to that of Proton, simply due to a much larger computational overhead than something like Proton (MPC and TEE isn't cheap in overhead, neither is ZK). The service is 100% free for everyone who doesn't wish to use an extended feature set, and comes with half a gigabyte of storage by for the free tier. Political affilations We are not aligned with any party or ideology as a company, and our team rarely if ever discusses politics, we discuss privacy. Launch Due to the complex nature of the engineering the protocol to be production confident, then the auditing process, as well as stress testing, fuzzing and vulnerability testing along the way, combined with a UX we hope can rival the best, launch is set to be in approximately 4-5 months. The Prize Thank you for reading this. I've garnered a ton of support personally from a privacy-conscious crowd for talking about privacy pretty much everyday, from interesting papers to Proton to zero-knowledge and whatever else is on my mind. Sam Bent makes amazing videos, and apparently also, amazing blog posts (and hopefully he'll also make a video on the blog post he made). If you share what you liked most about his article, and why privacy-preserving emails matter to you we will reserve a handle for you, plus give you 2 months of the Enthusiast tier for free (use your own domains, more storage, aliases and unlimited email addresses). There is no upfront cost, we will simply send a code for you to enter once you sign up, which will also verify that you're trying to register the handle you reserved (some handles go quickly like first names, short words, etc.). Thank you For continuing the fight for privacy. We hope you're excited about the innovation we're trying to bring to this sector that has been very good at twisting words, using unclear marketing, only speaking up when caught and generally has tarnished the word 'privacy' for the average person in what they should expect. The more services LARP as true privacy-oriented services, that then turn out to be something different in highly publicized events, hurts the reputation of everyone else trying to build for privacy. And finally, good article Sam. Keep writing these.

Working on a novel product where law and technology meet in a very elegant way for a very noble goal. I've never been this excited making something since my early 2021 art days. I'm literally losing sleep thinking about the potential this has.

That's like saying how can food compete with drugs. I agree patience matters but I think audiences are patient when something earns it. The issue is when "attention span" becomes a catch-all excuse for lazy long content rather than ask themselves "why isn't this resonating with people?"

@arc4g How can you compete with something meant to attract your attention and fire dopamine in the first 3 seconds x100 vs anything meant to build a world or tell a story? Some moments of life require different focus to find meaning. Attention span means being willing to be patient.

I think the whole people have lower attention span nowadays is an overblown myth. They just have lower tolerance for things that doesn't interest them. People will spend 4 hours on TikTok but won't sit through a 2 hour movie because they know better options exist. It's not shorter attention spans, it's lower tolerance for uninteresting content. Longer isn't inherently better. Make something compelling and people will watch.

Never KYC again. No account required, the magic of our privacy-first MPC account system will remember your encrypted data. No more searching for PDFs of bank statements. KYC once, KYC everywhere, fully privately. Coming to you Q1 2026 in any app using Onflow for compliance.

onflow's solving critical problems for apps that few today even recognize exist. providing privacy-first compliance to sybil protection to toxic flow prevention (+ more) - it'll truly be a case of slowly then all at once. looking forward to seeing everything come together soon

(long post on going from pre-product to post-product as a founder) We're swiftly approaching launch, so I thought I'd take some time to reflect. The accompanying video is of the first graphical implementation of Onflow (on Android) for a demo we did at Devcon. Barebones (a bit rough around the edges compared to today's visuals) from exactly a year ago. Onflow might prove to be the most complex protocol engineered thus far within the ZK/MPC/privacy space. ~2 years of work, 13 employees, expertise, refining, rebuilding, consulting, re-writing, auditing, novel research in MPC and ZK constructions. What goes into what we're building? First I'll outline what the scope for the initial release of @onflowxyz is (skip to next section if this isn't interesting to you): - Be an SDK, not a standalone monolith. While we do have Onflow ID (our Onflow implementation), we never want Onflow to be centralized around 1 app. This also makes our user-by-default system so much more stronger in garnering network effects. If you've used Onflow even once, as soon as you open another app a few months later that requires compliance, you'll be pleasantly surprised to find that the magic of the protocol has auto-submitted exactly what the service provider is looking for and there is no-to-little user interaction required on your end. - Privacy, privacy, privacy. My background, and a 90% of the development team at Sundial has a solid background in complex privacy schemes, zero-knowledge, academia and practical implementations. We believe compliance/KYC breaches are some of the most dangerous (both physically and virtually) data leaks that can occur, and so Onflow was built to be virtually impossible to leak any meaningful data from, even if you're delegating work to overseas staff, due to how data is stealth-schematized so support agents only see *exactly* what they need to solve your case, and nothing else. - Privacy, again. So what does privacy entail? Well. For Onflow we're utilizing so many new primitives in one, that all come from different departments. From the zero-trust infrastructure for our compliance dashboard, our never-before-seen quantum-resistant QuantMQ data dispatch protocol that is pervasive throughout the entire Onflow ecosystem, to complex routers for oracling and verifying proofs onchain (EVM and SVM initially, as recently announced). We also have our TDE, or "Trusted Data Enclave", which allows you to easily port your credentials to a new device, whether it be your laptop, or another phone, it'll all get transferred over seamlessly through a bespoke mesh-based distribution system (think Signal-type), again through QuantMQ tunnels. Now the true beauty of all of this? Some of the most senior software engineers, protocol engineers, system administrators, applied (& research) cryptographers alongside amazing visual artists, and our incredible CPO (ex-Disney, Apple, AOL and many more) all worked on their individual bits of the protocol. All with a shared love, and deep respect for privacy and great UX, came together to build the behemoth that is the inner workings of Onflow and distill it down to an SDK that takes just a dozen lines to implement, whether in an app, on a website, or in a cryptocurrency setting. One simple SDK that encapsulates hundreds of bespoke, novel and battle-tested MPC, ZK, QP protocols, and productized it into something that will make onboarding and compliance in general a one-click action going forward (for the most part), and will only be more and more normalized as more and more apps adopt this. Who is interested in using Onflow? We're very fortunate to have an exceptional product, which traditional finance, fintech and digital assets immediately recognize the importance of. Therefore, we're proud to announce that alongside our joint announcement with our day-1 deployment to @circle's @arc network, we're also entering traditional finance. Soon, users will be able to create bank accounts for short-stay overseas work solely using Onflow. We're actually surprised at the extremely positive reception from traditional finance, as you can quickly convince yourself words like "zero-knowledge" will scare what's often seen as arcane institutions, but our experience has been the polar opposite. Banks understand the importance of privacy. Banks understands utilizing privacy-enhancing tools to make the onboarding UX more convenient, and save them money and risk assessment staff when it comes to compliance. What's coming up? More privacy, more convenience. Soon you'll be introduced to the full product offerings of our initial release of Onflow. We plan to open-source every part of the stack that we're able to and provides a benefit to proliferating privacy online (such as our QuantumMQ library with bindings for C++, Rust, C#, Swift and Typescript). We plan to prove that all of the hundreds of millions, if not billions of dollars spent on solid cryptographic, privacy-oriented research has not gone in vain, and we've employed and improved upon under-explored breakthroughs to make Onflow happen. What took you so long? Perfect is the enemy of (progress/good/etc.), however, being a product that de-risks businesses and transmits PII (even over quantum-proof tunnels) still require extreme rigor and a lot of systems and novel infrastructure to make sure that there is no central breach point. Version one of Onflow will support 147 jurisdictions, and we soon plan to add support for Aadhar 2.0 as well, to include India (even though they just got biometric passports, they're not as ubiquitous). We support thousands of passports and IDs and have the most comprehensive coverage out of any compliance provider with over 15,000 documents covered. Novel things take time. Onflow is truly a novel, never-before-seen approach to the full compliance stack, with inherent digital ID features as an essential part of the protocol, giving it endless possibilities. We wanted to make extremely sure that what we're releasing here in a couple of months is as solid as can be, and will offer hefty bounties to people who can successfully find a way to disrupt the protocol (one can never do too much manual review, fuzzing, external audits, etc., and we firmly believe in rewarding solo auditors for findings). Lastly. Thank you to everyone building in, researching, contributing to or otherwise promoting, privacy. Privacy is not reliant on financial turmoil, it is the first question a start-up should ask itself when making a new product class. And we're super fortunate to say that in the difficulties of navigating novel privacy, we've found extremely satisfying solutions to extremely complex problems we otherwise never would've discovered. Do not fade privacy. Privacy is a moat, and there are so many markets that are begging to be disrupted if someone with a privacy-oriented view decided to take a pragmatic look at them. Thank you.

our first article, on a bespokely made blogging system from one of our partners (which will get better over time). more articles to come, but for any zero-knowledge & privacy enjoyers. give it a read. onflow.xyz/blog/revolutio…

Uploading a whole 4K scan of your ID whenever a site requires it to verify a specific thing, such as your age or name, is quite ridiculous and unnecessary, but most services require it because it's more convenient for them to just ask for everything instead of what they actually need. With onflow, we'll give you the option to only share what's necessary. For example, if a site needs to know your age, you can only share the date of birth field without sharing your name or image. You can even go a step further and only share that you're above a certain age without actually revealing your exact date of birth. All this stuff will be possible in onflow soon. Any company or service still asking for a full 4K image dump of your ID is being lazy and perhaps even malicious, from what we've seen in the past few months with constant breaches and hacks leaking people's info.

Arc here. You might have followed this account for my art, but unfortunately my condition has progressed to the point where making art is too physically demanding to continue. So I’ve decided to step back from art and focus on another endeavor: tech, specifically privacy-preserving tech. I’m building @onflowxyz with my dear friend @SIGNAL_RETURN. It’s a niche sector that not many people know about, yet it’s something almost everyone deals with at least once in their life. It’s actually quite interesting once you dig deeper: a cross-section of tech, law, personal liberty, and more. Most of us have experienced a bank or website asking us to upload a photo of our ID or passport to verify our information, and the number of services demanding this deeply personal data is growing by the day while the technology and security around it haven’t kept pace. We saw that with the recent Discord breach, where people’s IDs were mishandled and hacked. We’re aiming to solve that with Onflow, creating a win-win for both users and the services that require this information. If you care about tech and privacy, feel free to keep following. If you’re here only for the art, I understand if you unfollow so I don’t clutter your feed with a topic you’re not interested in.

My art will be there :D Truly honored to be one of the 40 artists selected.

@SIGNAL_RETURN @onflowxyz 🔥

@SIGNAL_RETURN @onflowxyz It's so crazy we were able to do this. I'm so hyped.

@SIGNAL_RETURN @onflowxyz @SundialEngineer I think a lot of those struggles are because people want a radical impossible solution like removing kyc completely instead of actually trying to make it better and improving the experience. kyc isn't going away anytime soon. So people get stuck with horrible kyc services.

The quality-of-life upgrades Onflow will bring to onchain protocols is indescribable. Closed iOS beta this month for 350 people. See just how incredible Onflow is & get rewarded with early perks (rare username). Like & retweet for a chance to participate. Notifications on. 🔔

>Devs: i don't have a passport to test onflow. >Sundial: here's a real physical passport that follows all the standards set by ICAO 9303. with a sandwiched antenna + RFID chip w/ 32kb of storage and shipped to you for free. >Devs: wtf