Parking zKal: lessons learned
The best place to start is Brewster Kahle's feedback to me when I was in Berlin:
"This isn't just a cryptography toy for tech events. Activists need this. If they see it, they'll use it for real. You have to get it right."
Then he asked really good questions about the security model — how the ZK proofs worked, where trust assumptions lived, what happened if the server was compromised, what happened if an attacker faked events.
I loved the hard questions. I couldn't stop smiling on the inside. Finally someone understood what I'd been working on for a year! And it was someone who knew what worked - the founder of Internet Archive and Alexa Internet.
I'm glad I had good answers too. It boosted my self-confidence, realising my work was able to pass a serious bar.
This was an unconference session c-base — that spaceship discovered under Berlin, turned into a hackerspace. The first time I was there, I saw the massive array of LED-lit recycled bottles, radiating warmth. Later I noticed the tea station. Community infrastructure. Care. Since then, it's felt like a kind of spiritual home to me.
Talking to Brewster there about Ethereum hackathons and ZK proof privacy — then about people whose privacy needs are life-or-death — it felt misplaced.
Originally, I thought zKal was something I could build as a gift to the DoD team, something I could do to give back. Standing here at c-base, I realised this was something else.
Lesson 1: I built on the wrong question
Two years ago, at ethBerlin, I'd asked ligi a question: "What DoD problem do you wish you'd solved by now?"
Great hackathon question. It surfaced something real: their calendar privacy mattered to them.
But a suicidal product question. There were reasons it hadn't been solved already. Those reasons would bear down on zKal too.
I should have been helping solve problems they were putting energy into solving too.
Lesson 2: I missed the train
After the hackathon, ligi said they might even try zKal at Devcon in Thailand. There was an open door.
I couldn't get there.
I remember staying up all night hacking, taking breaks for baby feedings. The math of babies: At 3AM, two hands aren't enough but four hands make things easy.
I had a flight to Devcon. I couldn't get on it. My family needed me at home. But doors ligi could open wouldn't stay open forever.
Once I had time to commit seriously, I wanted to give it a real shot. I asked if it was still useful. Yes. But the lack of excitement was clear. "Let's talk at CCC" — the door still open a crack. A kindness.
But the message underneath: Sorry, I don't have time for this now.
Lesson 3: I planted the seed in unstable ground
Even if I'd asked the right question and hit the timing perfectly — the organisations I was trying to plant in couldn't support it.
Zupass support was intermittent at first, and eventually it was quietly abandoned. No commits. Support channel dead. ligi and I both loved it, and their new direction with the underlying POD2 framework. I offered to maintain Zupass myself. Didn't matter. They weren't interested.
You might know this smell: when orgs go opaque, it's usually infighting behind the scenes.
DoD had become disillusioned with Berlin Blockchain Week. They politely describe it as too "corporate". What I read in the situation is the broader cultural schism in Ethereum between FOSS values and crypto-bro mercenaries. The practical situation: DoD controls the event listing website, but its a legacy obligation put into maintenance mode.
The DoD partnership with DWebCamp was rushed, broken from the start imho. DoD thought it would mean less work; it was pitched as a chance to curate a stage with their deep connections. Instead they're carrying the operational roles, plus managing a collaboration beset with different priorities, decision-making structures, and operational stacks. And doing the curation. All while being called "the local partner" in public.
Again, I figured I'd push through. The alternative was admitting I'd been building something nobody really wanted. I rationalised it with ethics: do what you can to help the cause.
The smell test for next time: No straight answers? Contributions getting ignored or trapped in political cross-fire? These are not the organisations where a new tool plants adoption roots.
Lesson 4: I mistook principle signalling for adoption choices
A few days after c-base, I spent the afternoon with Cade Diehm. We walked around green suburban parks and coffee shops on a sunny day, while he laid bare the brutal mechanics of surveillance totalitarianism. He's observing a setup for something worse than what we see today.
It put some things in context:
I've heard from more than one person that the web3privacy (now rebranded "Neo Cypherpunk") organizers call privacy "just a meme" behind closed doors. The fact that they still use Luma after two years of being asked to stop backs that up. They're literally handing a list of every activist in attendance to a US server -- a package deal that comes with FISA warrants, Palantir and ICE targeting.
It explains why the real activists in Berlin steer clear from them.
In my conversations with DWebCamp and DoD, nobody wanted to give decision-making power over tool choice away — not even to the teams using those tools. DWeb had been burned by alpha tools before and felt they had enough tooling changes to contend with already. DoD had to take a hard line to get dWebCamp to switch Google Docs and Zoom to decentralised alternates. (Why were these still being used in 2026?) They gave up on the Cloudflare issue, which blew up badly when a few weeks of 404s showed the whole community they were using one of the most centralised hosting platforms in the world. In such a tug-of-war, it was no wonder nobody wanted to stick their neck out to try something new.
This meant that for me, every time I asked about goals or what operational functionally was needed somewhere, calendars or otherwise, the answer was avoided. Instead, it was always about power dynamics: "We'll need keep this decision ourselves," or "You'll have to ask someone else."
This was even the answer after they asked me to take responsibility for their unconference. I volunteered happily, but said we needed to look at goals first, then design to those. And I needed authority over tool choice to meet those needs. That wasn't on the table.
I learned Holochain and Ink & Switch, builders I look up to, had tried contributing before. The dweb team wasn't happy with the results, and I was regularly asked to pass judgement on them, when all I wanted to do was learn from their past experience. I didn't know whose fault it was, but it was another warning sign of a difficult environment.
At that point, I bowed out.
I can understand the time pressures of running events, and how you just grab last year's version and update it. Lock-in is a powerful force, even for dWebCamp, who are personally feeling those same totalitarian trends back home in the US.
But clear out all the reasons why and why not, look past the principles and rationalisations to the user behaviour alone. When have they actually made the space to change tools? What does it take to trigger a change?
I wasn't able to see actual adoption behaviour I could connect to.
Lesson 5: I confused entry taxes with real needs
A simple Node.js app on a small server could remove Ethereum events from big tech infrastructure entirely. hi.events has a one-click install and Pretix is tried-and-true. But that's not the latest tech, so nobody's interested.
ligi had originally suggested ZK proofs because that was the hackathon theme. It felt overkill, but I took it on, and started believing that ZK would be worth the long-term benefits. It ended up being 10X to 20X the time and complexity to build on. Time I didn't have.
What I should have kept clear: ZK was an entry tax.The price of fitting Ethereum's frontier tech preferences, not the price of solving calendar or privacy problems.
Like the entry taxes of selling to banks — procurement, compliance, risk reviews, year-long cycles — stuff that isn't part of the core offer, but still needs to be there. The difference is Ethereum's status currency is novelty, not stability.
That became obvious when DoD shifted to Bluesky — completely open attendance data instead of private. I went right along, and started working out how tack merkle roots into Bluesky event updates.
But let's be honest with ourselves.
When we say, "we need privacy-preserving identity infrastructure," what we're not saying out loud is, "we want to use whatever feels like the next big thing."
In this way, the Ethereum community's instinct to dogfood frontier tech also functions like chasing hype.
Ligi pushed me toward Zupass, and I'm still grateful. The ZK patterns I designed from there — proof projectors, portable-data wallet design, in-browser security models, the density index — those are real. And the're useful far beyond conference calendars.
Both things are true. ZK produced patterns that matter for a more serious class of privacy user. But it was too high an entry fee to a small community like Ethereum conferences.
And back to Lesson 2, my time constraints. I took on a drag factor with Zupass that was really high, and it was more than I could afford.
Letting go is a form of persistence
When I was planning on coming to Berlin for that unconference, Afri told me, "Don't come for zKal. Come to be with us."
I love how he can speak high truths in short syllables.
DoD brings together a community that matters to me and to the world. It was a great week in Berlin.
zKal will return to its simpler version, and we'll use it for The Infinite Build. I'm glad I built my cryptography muscles on a real-life problem.
I'm excited about having the ZK mechanisms in my toolbelt for whatever comes next. These explorations opened a lot of paths outside of events, some about collaboration at scale, and some about the security problems that affect all browser-based apps.
I can see DoD keep up the fight for their principles, but feel their energy slipping. I'm sad there's no way I can help.
Better to try different paths than keep sliding back down the same one. There are many roads to where we want to go.
I keep reminding myself that, and every time I do, it feels like a relief.