Parking zKal: lessons learned
The best place to start is Brewster Kahle's feedback to me when I was in Berlin:
"This isn't just a cryptography toy for tech events. Activists need this. If they see it, they'll use it for real. You have to get it right."
Then he asked really good questions about the security model — how the ZK proofs worked, where trust assumptions lived, what happened if the server was compromised, what happened if an attacker faked events.
I loved the hard questions. I couldn't stop smiling on the inside. Finally someone understood what I'd been working on for a year! And it was someone who knew what worked - the founder of Internet Archive and Alexa Internet.
I'm glad I had good answers too. It boosted my self-confidence, realising my work was able to pass a serious bar.
This was an unconference session c-base — that spaceship discovered under Berlin, turned into a hackerspace. The first time I was there, I saw the massive array of LED-lit recycled bottles, radiating warmth. Later I noticed the tea station. Community infrastructure. Care. Since then, it's felt like a kind of spiritual home to me.
Talking to Brewster there about Ethereum hackathons and ZK proof privacy — then about people whose privacy needs are life-or-death — it felt misplaced.
I thought I'd found something to build as a gift to the DoD team, something I could do to give back. This was something else.
Lesson 1: I built on the wrong question
Two years ago, at ethBerlin, I'd asked ligi a question: "What DoD problem do you wish you'd solved by now?"
Great hackathon question. It surfaced something real: their calendar privacy mattered to them.
But a suicidal product question. There were reasons it hadn't been solved already. Those reasons would bear down on zKal too.
I should have been helping solve problems they were putting energy into solving too.
Lesson 2: I missed the train
After the hackathon, ligi said they might even try zKal at Devcon in Thailand. There was an open door.
I couldn't get there.
I remember staying up all night hacking, taking breaks for baby feedings. At 3AM, four hands are way better than two. I had a flight to Devcon. I couldn't get on it. My family needed me at home. But doors ligi could open wouldn't stay open forever.
Once I had time to commit seriously, I wanted to give it a real shot. I asked if it was still useful. Yes. But the lack of excitement was clear. "Let's talk at CCC" — the door still open a crack. A kindness.
But the message underneath: Sorry, I don't have time for this now.
Lesson 3: I planted the seed in unstable ground
Even if I'd asked the right question and hit the timing perfectly — the organisations I was trying to plant in couldn't support it.
Zupass support was intermittent at first, and eventually it was quietly abandoned. No commits. Support channel dead. ligi and I both loved it, and their new direction with the underlying POD2 framework. I offered to maintain Zupass myself. Didn't matter. They weren't interested.
You might know this smell: when orgs go opaque, it's usually infighting behind the scenes.
DoD had become disillusioned with Berlin Blockchain Week. Too corporate. Too crypto-bro mercenary. Except they still controlled the event listing website, an obligation put into maintenance mode.
The DoD partnership with DWebCamp was rushed, broken from the start imho. DoD thought it would mean less work, a chance to curate a stage with their deep connections. Instead they're carrying the operational roles, plus managing a collaboration beset with different priorities, decision-making structures, and operational stacks.
When I offered to help the unconference side of DWebCamp, I learned Holochain and Ink & Switch, builders I look up to, had tried contributing before. The dweb team wasn't happy with the results. I didn't know whose fault it was, but it was another warning sign.
Again, I figured I'd push through. The alternative was admitting I'd been building something nobody really wanted.
The smell test for next time: no straight answers, contributions getting rejected, ignored or trapped in political cross-fire. These are not conditions where a new tool plants adoption roots.
Lesson 4: I mistook principles for adoption choices
A few days after c-base, I spent the afternoon with Cade Diehm. We walked around green suburban parks and coffee shops on a sunny day, while he laid bare the brutal mechanics of surveillance totalitarianism. He's observing a setup for something worse than what we see today.
It put some things in context:
I've heard from more than one person that the web3privacy (now rebranded "Neo Cypherpunk") organizers call privacy "just a meme" behind closed doors. The fact that they still use Luma after two years of being asked to stop backs that up. They're literally handing a list of every activist in attendance to a US server -- a package deal that comes with FISA warrants, Palantir and ICE targeting. It explains why the real activists in Berlin steer clear from them.
In my conversations with DWebCamp and DoD, nobody wanted to give decision-making power over tool choice away — not even to the teams using those tools. DWeb had been burned by alpha tools before and felt they had enough tooling changes. DoD had to take a hard line to get Google Docs and Zoom switched to privacy-respecting alternates. They gave up on the Cloudflare issue, which blew up badly when a few weeks of 404s showed the community they were using one of the most centralised hosting platforms in the world. In such a tug-of-war, it was no wonder nobody wanted to stick their neck out to try something new.
So for me, every time I asked about what functionally was needed somewhere, calendars or otherwise, the answer was about power dynamics: "We'll keep this decision ourselves," or "You'll have to ask someone else."
I can understand the time pressures of running events, and how you just reach for the tool that's fastest. You grab last year's version and update it. Lock-in is a powerful force, even for dWebCamp, who are personally feeling those same totalitarian trends back home in the US.
But clear out all the reasons why and why not, and just look at user behaviour alone. When do people running events actually make the space to change tools? What does it take to trigger a change? I wasn't able to see a way in.
Lesson 5: I confused entry taxes with real needs
A simple Node.js app on a small server could remove Ethereum events from big tech infrastructure entirely. hi.events has a one-click install and Pretix is tried-and-true. But that's not the latest tech, so nobody's interested.
ligi suggested ZK proofs because that was the hackathon theme. It felt overkill, but I took it on, and started believing that ZK would be worth the long-term benefits. It ended up being 10X to 20X the time and complexity to build on.
What I should have kept clear: ZK was an entry tax.The price of fitting Ethereum's frontier tech preferences, not the price of solving calendar or privacy problems.
Like the entry taxes of selling to banks — procurement, compliance, risk reviews, year-long cycles — stuff that isn't part of the core offer, but still needs to be there. The difference is Ethereum's status currency is novelty, not stability.
That became obvious when DoD shifted to Bluesky — completely open attendance data instead of private. I went right along, and started working out how tack merkle roots into Bluesky event updates.
But let's be honest with ourselves.
When we say, "we need privacy-preserving identity infrastructure," what we're not saying out loud is, "we want to use whatever feels like the next big thing."
In this way, the Ethereum community's instinct to dogfood frontier tech also functions like chasing hype.
Ligi pushed me toward Zupass, and I'm still grateful. The ZK patterns I designed from there — proof projectors, portable-data wallet design, in-browser security models, the density index — those are real. And the're useful far beyond conference calendars.
Both things are true. ZK produced patterns that matter for a more serious class of privacy user. But it was too high an entry fee to a small community like Ethereum conferences. At least not without EF-sponsored runway. And back to Lesson 2, I took on a drag factor with Zupass that was a higher time cost than I could afford.
Letting go is a form of persistence
When I was planning on coming to Berlin for that unconference, Afri told me, "Don't come for zKal. Come to be with us."
I love how he can speak high truths in short syllables.
DoD brings together a community that matters to me and to the world. It was a great week in Berlin.
zKal will return to its simpler version, and we'll use it for The Infinite Build. I'm excited about having the ZK mechanisms in my toolbelt for whatever comes next. And I'm glad I built my cryptography muscles on a real-life problem.
I can see DoD keep up the fight for their principles, but feel their energy slipping. I'm sad there's no way I can help.
Better to try different paths than keep sliding back down the same one. There are many roads to where we want to go.
I keep reminding myself that, and every time I do, it feels like a relief.