What are the technical differences between Monero and Zcash and how does this affect privacy?
Monero:
1) has Cryptonote algorithm to get most of privacy; it is widely described in peer-reviewed mathematical journals and is well known for scientific society for ~20 years; it is highly unlikely that Cryptonote algorithm contains unknown vulnerabilities.
2) has total 'privacy by default' paradigm in end-user business-logic: an end-user must do EXTRA steps to DECREASE his privacy, otherwise his privacy stay at maximum possible level forever; for example, some exchanges require view-key to monitor deposits, this view-key must be apparently set by end-user as extra parameter of a transaction.
3) Privacy of Cryptonote may decrease if there are too few recent transactions on the blockchain, and in few other conditions that are WELL KNOWN and STUDIED; Cryptonote has no kind of 'Initialization trust' that has ZCash (see below).
ZCash:
1) has Zk-snark algorithm to get most of privacy; it is very promising but it is NOT known for scientific society for a long time (just 2-3 years against 20 years for Cryptonote); there is quite significant chance that Zk-snark has unknown vulnerabilities.
2) has NO 'privacy by default' paradigm: furthermore, ZCash transactions are PUBLIC by default; end-user MUST do extra steps to INCREASE his privacy. That steps include not only extra parameters to be applied to a transaction: end-user must pay attention that he DOES NOT transfer money between public-typed addresses and private-typed addresses, otherwise, his anonymity may be lost very easily. This drawback of ZCash was widely discussed on the net recently.
3) MOST TERRIBLE. ZCash as well as other coins that utilize Zk-snark MUST rely on so called 'Initialization trust'. The 'Initialization trust' is a set of secret parameters that should be generated once for the whole blockchain. The devs of ZCash PROMISE YOU they have wiped and fired off that initial secret parameters. DO YOU TRUST IN ZCASH DEVS?! Welcome to the 'Initialization trust'!
P.S. Oh just forgetting... one little property that has ONLY Monero (of course, we don't consider its various shit-forks):
FUNGIBILITY. This is a property that even fiat money don't have, because each fiat money note has unique serial number: you can mark, trace and distinguish one fiat money note from other one.
Monero's math from the other hand does guarantee that XMR coins have no serial numbers and can't be distinguished from each other. RingCT hides transaction amounts further on the blockchain. So there is no way to trace even XMR coin entities between (already) anonymous addresses. Monero blockchain is the only TOTALLY encrypted.
Final cherry pick we wait this fall is Kovri - a pure C++ i2p implementation that will place all the communication between world-wide Monero nodes into highly secure and anonymous network called i2p (it is much more secure than Tor network - see Wikipedia).