Epicenter - Learn about Crypto, Blockchain, Ethereum, Bitcoin and Distributed Technologies - Jameson Lopp: On Being a Professional Cypherpunk
Episode Date: January 30, 2019We’re joined by Jameson Lopp. Jameson is the CTO of Casa, a company providing key storage solutions. Previously, he was an early engineer at BitGo. However, to most people, he is perhaps known for h...is Twitter presence and his excellent writing. Over the years, Jameson has written extensively about Bitcoin development, cryptocurrencies, and personal operational security. A self-proclaimed “Professional Cypherpunk,” aligns with the ideas of libertarianism and volunteerism. Topics covered in this episode: Jameson’s background and how he learned about Bitcoin His political view before and after discovering crypto What stands out for Bitcoin in 2018 His writing on the decentralized nature of Bitcoin Core development His views on how Bitcoin compares to Ethereum on the topic of development control His thoughts on the Lightning Network and smart contracts on top of Bitcoin Jameson’s approach to personal operational security The tradeoffs of having air-tight personal OpSec Casa and its vault offering Episode links: Jameson Lopp's website Jameson Lopp's Bitcoin Resources CRYPTO 101 interview with Jameson Lopp Bitcoin Full Validation Sync Performance (article) Reflections Upon a SWATting (article) Bitcoin By the Numbers: 2018 Recap (article) Who Controls Bitcoin Core? (article) Professional Cypherpunk Jameson Lopp on the Lightning Network (article) Decentralized Summit 2019 Thank you to our sponsors for their support: Deploy enterprise-ready consortium blockchain networks that scale in just a few clicks. More at aka.ms/epicenter. This episode is hosted by Brian Fabian Crain and Sébastien Couture. Show notes and listening options: epicenter.tv/272
Transcript
Discussion (0)
This is Epicenter, Episode 272 with guest, Jameson Lop.
This episode of Epicenter is brought to you by Microsoft Azure.
Do you have an idea for a blockchain app but are worried about the time and cost it will take to develop?
The new Azure Blockchain DevKit is a free download that brings together the tools you need to get your first app running in less than 30 minutes.
Learn more at aka.m.m.s. slash Epicenter.
Hello and welcome to Episenter. My name is Brian Pauvin.
train. And my name is Sebastian Kutcheo.
So before we get started with the episode, I just wanted to mention something briefly.
There is this online conference called Decentralized Summit. It's organized by Mainframe.
And that's taking place on the 29th and the 30th. So January 29th and 30th.
And I'm going to give a talk there. So if you're interested in that, check it out. So that's Decentralized Summit.
And I spoke a little bit about proof of stake and chorus one and cosmos.
So yeah, if you want to check it out, that's there.
There's also a bunch of other interesting speakers, including, you know, former
epicenter guests like Minait Gupta, Kyle Salmani, Arthur Falls.
So that's that.
I will have a link to that in the show notes.
Yeah, so today our guest is Jameson Lop.
If you are on Twitter and follow the crypto Twitter sphere, you are probably familiar with this
character.
And so we talked a lot about, well, his early days in Bitcoin, how he got involved in Bitcoin,
his sort of political views with regards to, you know, volunteerism or anarchy, as others like to call it.
We also went in depth about, so his writing, because he's quite a prolific writer and writes about Bitcoin and also operational security.
So we talked quite a bit about his operational security in the length of the length of him.
to which he goes to protect himself and his privacy and sort of his data in general.
So it was a really great interview.
We hope you will enjoy it.
And if you also, if this sort of strikes a core with you, if you think that operational
security is something that's important to you, why don't you let us know on Twitter
what you think or things that you might implement or practices or best practices
that you might implement in your own personal life to protect your operations security
and protect your privacy online.
So here's our interview with Jameson Lop.
We're here today with Jameson Lop.
Jameson is the CEO of a company called CASA.
They provide kind of a very high-end, high-quality key storage solution.
We're going to speak about that later a bit.
They also have a Bitcoin Lightning Node.
He was previously at BitGo, so he was in early,
engineer at BitGo, which of course has been providing also Bitcoin Vault and storage custody
solutions. And he's very well known for his writing. So he's an excellent writer. And I was actually
just on a long plane ride over the weekend. And I read all of your blog posts on Medium. So there's
really a lot of fantastic in-depth Medium posts about Bitcoin, Bitcoin development, security aspects,
but also some things like operational security
and some of the crazy things that Jameson goes through
to make sure his operational security is top-notch.
So thanks so much for joining us today, Jameson.
Pleasure to be here.
Thanks for having me.
I'm curious to start off.
And often we ask that question,
but it's always interesting to kind of hear the story
of how people originally became involved in Bitcoin,
learned about it and sort of found their way in.
Yeah, so I unfortunately do not remember the first time that I heard about Bitcoin.
I'm sure that I heard about it several times and dismissed it several times as some new system that was going to get hacked and everybody was going to lose their money.
But at some point, it kept coming back.
I kept reading about it on SlashDod and other tech sites.
and I decided to look into it because it was not going away.
And once I read the white paper, I realized that it was actually a fairly elegant computer science solution.
And that's what really caught my interest and made me start wanting to dig into it more and really understand how it worked.
And I was just fortunate at the time that I was working at this online marketing agency doing a lot of heavy lifting
on the back end with the data analysis and whatnot.
And I talked to the guy who was sitting in the cubicle next to me.
I was like, hey, you know about this Bitcoin thing.
And he's like, oh, yeah, man, I've been, you know, writing bots to do automated arbitrage
trading on exchanges between various cryptocurrencies and, you know, paid off my mortgage
from doing that.
And I was like, why didn't you tell me about any of this?
But thankfully, you know, he was able to answer a lot of my really basic questions about it.
And then within a fairly short time period, I had surpassed even what he knew about it and kept diving down the rabbit hole and eventually created my own fork of the Bitcoin software to get more analytics and data out of it.
And ultimately started a few meetup groups.
And after a few years, there was enough venture capital in the space that I was able to go full time.
And so now I've been doing Bitcoin engineering for a good four years now.
And so what was your, like, what was it about Bitcoin that when you heard about it, it was like, okay, this is something interesting.
And what were kind of your political and philosophical views, you know, pre-Bitcoin?
Yeah, I mean, I had never really thought about money and economics that much other than, you know, I took like an econ one or one class.
university but um once i i started looking into how it actually worked and the idea that you can
actually represent money just with pure software and do it in a way that nobody controlled it i
realize that you know this is a very powerful concept and it makes sense to me because i feel like
money is this abstract idea that it it doesn't belong to anyone it belongs to humanity it belongs to humanity
at large, and it makes sense for something like this to be an open collaborative project.
And the idea that we can actually make it an open source collaborative project was very
intriguing to me and really appealed, I guess, to some of my anti-government sentiments.
And so from a political standpoint, I had been all over the spectrum, was raised in a very
conservative household and ended up going to a very liberal university. And so, you know,
throughout my voting career, I voted conservative and then liberal. And then after realizing that
like none of those parties were actually like fulfilling their promises or seemed to be
improving my life in any way, started going more towards the libertarian route. And it was,
Once I got into Bitcoin and then started reading the history of the cypherpunks and the crypto anarchist movement that spawned out of that,
that really just pushed me even further down the libertarian thought process.
And in that vein, you did this interview with Crypto 101, which is a blog post that we'll link to in the show notes,
where you just say that you strive to bring crypto anarchy to the world.
What does that mean exactly to you to bring crypto-anarchy to the world?
So, you know, the word anarchy can definitely trigger a lot of people, especially because
governments use the word anarchy as a bad word, and they try to make it seem like
anarchy is equivalent to chaos and violence and destruction and whatnot.
But, you know, a less triggering word would probably be a volunteerism.
or just the idea of having voluntary interactions with people.
So if we're approaching it from the standpoint of we want to build a society where everyone is interacting with each other voluntarily
rather than due to threats of force or coercion from this overarching entity such as a government,
then the way that we get there is we look at all the different services that governments are providing,
and we ask ourselves, you know, how can you privatize these services?
How can you offer them in a way that is voluntary so that, you know, if I want to have my roads that I'm
driving down, somebody needs to pay for them.
Well, maybe the people who are using them should be paying for them.
And right now it makes sense that a lot of these services that we're paying for are done
through taxes because it's just an easier way to coordinate paying for things and actually,
you know, paying for what you're using. But, you know, as the technology continues to improve,
then we should be able to automate a lot of these interactions and be able to have, you know,
micro transactions as we're, you know, going down the road or as we're using a service that is
out there where basically we need to decrease the cognitive load that is required.
to perform those interactions.
So the government is basically stepping in and managing a lot of that stuff so that we don't
think about it.
We just have a lot of money taken out of our paychecks and then the government deals with
all the coordination.
So if we can reproduce the coordination with software, preferably software that is smart
enough to understand you as a user and what you want, then that's when we can actually
start to conceive of replacing some of these coordination mechanisms that the government is doing
with actual software mechanisms. And, you know, this is a very, like, long-term view. I don't think
it's going to happen even in the next few years. But it seems to me that as we are continuing
to build software that is getting better at performing these actions, then, you know, we're at least
headed in the right direction. So how do you see that actually playing out? Because
I agree with you on a high level, right?
If you look at something like roads, right, then, okay, you have this coordination problem
and taxes kind of make sense, right?
But then maybe a lot of other things you could say, okay, actually you could easily
replace it with sort of market-based mechanisms.
But do you do, is the path you see here, do you think because of these increased
technological possibilities, you know, let's say if you take like the U.S. government,
they would increasingly move in a direction like that and say, okay, we privatize and we have
these kind of voluntary mechanisms instead of tax-driven?
Or do you think what's going to happen is that, you know, the fiat system is going to collapse
and, you know, in its ashes, you will have the rise of these new more anarchist structures?
Or like, what's the path you see?
I certainly don't think it's going to all happen at once.
There will be these gradual evolutions, and it certainly seems less likely that it's going to be a major collapse of, like, United States or Europe or whatever.
But rather, what I think is more interesting is watching some of the smaller countries or the more mismanaged countries.
and as they collapse,
those could be test beds that are rife for adoption of technology like this.
So I know a lot of people talk about like Venezuela
and their hyperinflation and how Bitcoin could help people in that situation
potentially a lot more than those of us who are fairly comfortable in first world countries.
The same thing may be true for any other types of services and technology
that can replace various government functions.
How is it going to happen?
I mean, that's kind of where you have to wave your hands
and say, well, if we believe in the free market,
then entrepreneurs are going to come in
and find opportunities where a government
is not doing a good job, providing services,
and basically offer these new high-tech versions for people.
And that's where adoption would happen, I think,
of places where the new methodology for coordinating stuff is superior to what is already in place
with government.
So, you know, if that happens and is successful over a long term, then perhaps the technologies
will evolve to a point that they can provide even better services than first world
countries.
Not to get into any political discussions about the current state of the U.S. government, but
what does the government, current...
government shutdown, I believe it's still going on, tell you about the possibility or impossibility of
this to happen. Yeah, well, the U.S. government shutdown, I think, ended a couple days ago, but it's only a
temporary, like, three weeks. They're funding the government for another three weeks, and then it might
shut down again. And, you know, I think it's interesting to see, at least in the United States,
we continue to polarize politics more and more, I think, at least in part, due to the result of media and communications technology.
And that has, it seems to me, resulted in even greater levels of gridlock so that it's even more and more difficult to actually get things done from a political sense.
and that it seems like these nation states are kind of floundering in what they can do.
So that could provide, you know, more opportunity for these other types of technologies to step in.
But I don't know.
I don't even really participate in politics anymore.
I don't vote both for operational security reasons and because I think it's a waste of my time.
I mean, I think that it's a better use of my own resources to focus on these systems that I hope over the long term can replace a lot of the functions of the government.
Well, if it's any lesson, I think Belgium didn't have a government for what, like two years or more at some point in the early 2010s.
And there were, I don't think there were very many sort of voluntary or anarchic style.
systems to emerge from that. I mean, I was living right on the border of Belgium at that time.
It didn't seem like that was going on there. Maybe that's because
there were too busy drinking beer and having French fries or Belgian fries, for that matter.
So since you became involved in Bitcoin, did you have any periods of doubt where,
you know, you were doubtful about the future of the project and if so, in what way?
Sure. I mean, we've been through a number of hype cycles and fud cycles.
and, you know, Bitcoin is going to die for this reason or that reason.
The greatest doubts were probably in the early days of the scaling debate
when it seemed like we had a great opportunity in front of us
to just increase block sizes and allow more throughput on the network,
allow more use cases and whatnot.
And there were times when I thought that, you know,
There were some pretty big ground swells of support for that.
And, you know, we were looking at statistics like, you know, mining hash rate and stuff.
And it looked like, oh, it's, you know, it's sure to go through.
And then, you know, there were a number of surprises along the way that basically showed that, you know, statistics are not necessarily indicative of what is going to happen.
and there were also, you know, the whole censorship and moderation debate,
the thing has got fairly nasty there.
I mean, I even, I think I had some posts and comments and stuff that they got removed from
Reddit and pissed me off.
And I went and became a moderator of the Bitcoin XT subreddit because we were the censorship-free
subreddit.
But, you know, after moderating that,
for six or 12 months.
I gave it up because it became clear to me that
unmoderated forums are pretty terrible places
and you don't really get a whole lot of signal
through the noise.
But I never lost enough hope
that I wanted to stop working on the project.
This all happened basically after I had gone full-time
and was working.
at BitGo.
Even within BitGo, we had a number of arguments about where the direction of Bitcoin was
going to go and what different people wanted to see out of it.
But ultimately, even though there was a lot of frustration and periods of doubt, I got to
the point where I basically figured that so many people are spending so much time and
resources arguing about what's going to happen to the system, then it's probably not an
indication that it's going to fail. It's actually an indication that there are a lot of people
who are dedicated to maintaining and improving the system. And we just have slightly different
beliefs about what the best way to go about that is and what the tradeoffs are that we're
willing to make. But ultimately, out of that many years,
of debate, my conclusion was that Bitcoin can't actually die unless we all agree that it's dead,
unless we agree that we no longer want to work on it and try to improve it. And so that's why I think
that really the biggest threat to Bitcoin is just apathy. It's not, you know, 51% attacks
or nation states and regulations or any of the other million reasons.
that you'll find people who have written articles about why Bitcoin's going to die this time.
Really, I think Bitcoin can only die if it becomes super boring and nobody wants to work on it anymore.
And so you think it's not, let's say, 51% attack, nation states, 5,000% attack,
because you think if people still care about Bitcoin, then they'll, I don't know,
hard for it to a different proof of work out or something like that.
Yeah, yeah, I mean, ultimately any technical failure or bug or anything that gets exploited at a technical level,
if that causes the system to cease to be functional and operational,
then that means that we have to fall back to the foundation, which is human consensus.
So all of the stuff, the code, the protocol, the network, the hardware,
that's running nodes and miners and whatnot.
All of that stuff is really just running machine consensus.
And machine consensus is just our best guess,
our best representation at trying to turn human consensus into code.
But this is what, like, I think the ultimate challenge is,
is figuring out what the human consensus is for what Bitcoin should be.
And that kind of, that starts to get more.
philosophical and go down on the path that I went into a great depth of with my article that I
entitled, Nobody Understands Bitcoin, where I was really just trying to describe this,
this vague concept that is floating out there of what Bitcoin is and how, you know,
developers and other people in the ecosystem who spend a lot of time talking about Bitcoin,
they're kind of like poking at that, you know, they're trying to read
the shape of what this actual consensus for Bitcoin is, but nobody can actually completely grab it
because it is dispersed amongst all of the people who are participating in the system.
Let's say we think that 10 years ahead, like, where would you like to see Bitcoin and what
would you like it to be?
Because, I mean, I think you correctly point out, right?
There's these different conceptions.
If you don't read the right paper, it talks about electronic cash, you know, in recent years,
this idea of digital gold has become more prevalent.
Maybe some people like the idea that it will be some sort of basis for trustless computing,
you know, and maybe those kind of things, even though now they probably get built more
on Ethereum, more other networks.
Maybe in the future, Bitcoin could also be that or like payment.
There's so many different things.
So like, what is the view of the thing you would most like to see Bitcoin evolve into?
I think that I summed up a lot of that.
in another article I wrote about Bitcoin being this trust anchor.
And so, you know, I am a technologist, and ultimately I see Bitcoin and then the blockchain
that's underneath it as a new type of database.
We just happen to have a new set of rules and a protocol around how that database gets
replicated and how we, you know, append new data to the database. So from that standpoint,
like I do think that there is more to it than just money. I think that what we're trying to do
is create this global record of truth or at least authoritative record that has no authority
behind it. And so you can definitely expend more.
resources to building on top of it than just for money and finance. Basically, you know,
any data that you want to become part of this authoritative record, you can put it in there.
The question just becomes if you're, if you're moving beyond the simple, you know,
accounting ledger that the Bitcoin protocol supplies, you have to basically create your own
protocol, your own new consensus for whatever that extension is. And so, you know, whether that is
some sort of layer two network or a side chain that is pegged to Bitcoin or extension blocks or
whatever, I mean, there's potentially, you know, limitless number of ways to do this. It's really
limited by our own creativity, imagination, technical engineering.
skills and our ability to convince other people to actually agree with us to use whatever we
build on top of it is. So from that standpoint, like I do think that more complex systems,
you know, smart contract type stuff, better privacy is definitely possible by anchoring into
Bitcoin and not necessarily having to change the Bitcoin protocol itself. So, you know, I want
to see a lot of people continue to experiment with this. And what is the most recent one? I guess
Vera Block is an interesting new one where they're anchoring a lot of stuff into the Bitcoin
blockchain to make use of the proof of work. And it's not quite clear to me, like, how many
different systems might get built on top of that. But it is this, you know, blossoming of
experimentation and a lot of them will fail but eventually you know any any type of system that is being
built on the internet and is meant to be some sort of global system with a state that is
backing and by state i mean data state that is backing whatever you're doing interacting with that
system, it could potentially benefit from using Bitcoin as an anchoring mechanism.
So, you know, it's really broad, really general.
Even if we're, you know, looking at smart contracting systems like Ethereum or EOS or whatnot,
I think a good example is actually like RSK, where they're kind of blending, you know, they're taking that
smart contracting language from Ethereum and they've created this side chain that is
pegged to Bitcoin so you can kind of have the best of both worlds. Whether or not that ends up
being highly adopted, nobody knows, but that's the type of experimentation that I like to see.
And just want to continue to see more systems get secured by these global consensus mechanisms
because it's going to make them more robust against various types of attack.
Are you kind of like Bitcoin maximalist in this regard that you think like Bitcoin is the correct, you know, foundation for this as opposed to having, you know, maybe other chains like or proof of stake or like do you think in the long, because right now for the most part, maybe you can build some sort of smart contract thing on Bitcoin, but hardly anybody does it, right? Like that this is like 99% of the activity is on, you know, Ethereum or other.
types of new chains?
So do you think those will migrate more towards building on Bitcoin?
It's going to require a number of things.
I mean, I think that there are people in the Bitcoin ecosystem who are interested in smart contracts,
and they simply don't like the way that Ethereum went about doing it.
It's kind of like there's this big clash between the idea of execution versus very,
verification. And so a lot of like the more conservative Bitcoin developers don't like having smart
contracts that have to get executed by everyone on the network. They rather want to perform the same
type of logic, but where the actual execution happens privately. And then you're just providing a
proof of the execution that the rest of the world can verify. And so from from that standpoint,
we are seeing stuff like
Merkalized abstract
syntax trees and
tap root and the simplicity
smart contracting language
which I would argue
like those are the
things that some of these Bitcoin developers
who are interested in smart contracts
are trying to build their
like Bitcoin version
of more expressive
smart contracts. Now
how long is it going to take before
that becomes a
thing that is as easy for a newbie developer to use as like solidity or viper or whatever on
Ethereum is once again up in the air. It seems like the like the space of advancements with the
Bitcoin base protocol is a lot more measured and slower than a lot of other chains
for a number of reasons. But I generally call it like conservatism.
or you could even think of it as like almost like aerospace engineering level of thinking through all the edge cases and testing stuff and not wanting to deploy anything unless like everybody's close to 100% confident about it.
But would you say that perhaps this conservatism and this time that it may take for these platforms to emerge and,
and become stable might cause a situation where people build applications on Ethereum because it's easy
and you have sort of a concentration of developers there and people already building on those
systems and where it just becomes, you know, the switching cost, it just becomes way too high
and where interactions between the two systems just don't exist or are complicated,
where in the end, it might not come to fruition that Bitcoin would become this system
where one can build complex applications?
I don't know about switching costs, but it's really more of like a network effect growth.
It's like the, really the, I think the argument for creating almost any alternative system
to Bitcoin is that, you know, you have a lot more flexibility.
and what you can do and changes and evolve it.
So you potentially have a better chance of exceeding,
you know, growing faster than Bitcoin exceeding its network effects
and becoming the, you know, dominant system, what have you.
That seems to be basically true for almost any, you know,
crypto asset network out there is that, you know,
it's usually because there are some set of people or developers wants to do
some things that were pretty clearly, like, not going to get accepted into the Bitcoin-based
protocol, and they would feel like it would be easier for them to, you know, create their own
new consensus around a shared set of objectives and roadmap and what have you. And, you know,
that's why competition is great. You know, we definitely, one of, I think one of the big pushbacks to
the maximalism thought is, I see a lot of people saying, well, you know, your maximalism is
pushing for like a monoculture. And I think that that's kind of a misunderstanding of, at least
what most Bitcoin maximalists think. I don't think any of them are diluted to the point that
that they don't think that other systems will exist.
I think that it's more about looking at the ways that network effects evolve.
And first mover advantages, the value of networks and how they are distributed, where generally
the vast majority of value between competing networks will go to one network and then the other
networks will just be a lot smaller.
but you know
these tend to be I think
more economic
type of
thoughts of like how
these types of systems
tend to play out rather than
a blind belief
that you know Bitcoin was first
and it must be the best
and will never be superseded
yada yada yada I mean
there's definitely
plenty of potential for other systems
to get greater adoption
and surpass Bitcoin
or somehow be, you know, order of magnitude more utilitarian than Bitcoin is and therefore, you know, supersede its network effect.
So, you know, I don't think that anything is set in stone for sure.
You know, there's going to be a lot of competition for the foreseeable future.
This episode of Epicenter is brought to by Microsoft and the Azure Blockchain Workbench.
Getting your blockchain from the whiteboard to production can be a big undertaking.
and something as simple as connecting your blockchain to IoT devices
or existing ERP systems is a project in itself.
Well, the folks at Microsoft had you covered.
You already know about the Azure Blockchain Workbench
and how easy it makes bootstrapping your blockchain network
pre-configured with all the cloud services you need for your enterprise app.
Their new development kit is the IFTTT for blockchains.
Suppose you want to collect data from someone in a remote location via SMS
and have that data packaged in a transaction for your HyperLedger Fabric blockchain.
The development kit allows you to build this integration in just a few steps in a simple drag-and-drop interface.
Here's another great example.
Perhaps you're an institution working with Ethereum and rely on CSV files sent by email.
One click in the Devkit and you can parse these files and have the data embedded in transactions.
Whatever you're working with, the Dev kit can read, transform, and act on the data.
To learn more and to build your first application in less than 30 minutes, visit AKA.ms slash epicenter.
and be sure to follow them on Twitter at MSFT blockchain.
We'd like to thank Microsoft and Azure for their supportive epicenter.
So you're with this great post on Medium looking at Bitcoin in 2018 and sort of drawing the picture of what unfolded over the year.
And in that post were a lot of really in-depth statistics on everything from, you know, transaction volume to,
number of times Bitcoin has been declared dead over the years. So I really encourage people to
look at that post. We'll have it on our show notes. What stands out the most for you in 2018?
What were the sort of, you know, flagship things that we can look at standing out for this
year, for this past year? Well, I think the biggest thing that also surprised a lot of people
was the growth of the Lightning Network and how quickly
people were adopting it despite it still being fairly risky to do so.
This is even true with my own company and the lightning nodes that we've been shipping out there.
There are still plenty of unresolved issues from security and usability standpoints where, you know,
the Lightning Network still has years worth of development ahead of it before I think it will become something.
that is capable of really being a mainstream payment network.
But nevertheless, the enthusiasm for that,
probably at least partially after years of stalemate
with the scaling debate and people being excited
about actually having something new to do,
a lot of people have just been plugging in
and experimenting with it and as a result, you know,
finding issues, breaking things,
which is, you know, that's how it evolves.
is we push the envelope, we find problems, and then we fix them.
And this has certainly been my experience over the past year
with learning more about Lightning Network
and having some close calls with losing money
and blowing up my nodes and stuff.
It's actually the basis for one of my newest talks
that I've been going around,
which is basically entitled,
the Bitcoin Decades,
and failing forward.
It's,
once again,
looking at the history
of this space,
there have been
innumerable failures
over the years.
And actually,
I think,
like Andreas Antonopoulos
did a really good talk
a few years ago,
it was his bubble boy
and sewer rat talk,
where he talked about,
you know,
how these anti-fragile
networks continue to evolve
over time.
You know,
the internet itself is a,
a similar type of story.
And that's why I think, once again,
that apathy is what is going to kill this thing.
As long as people are still interested in it,
they're still putting their time and resources
into using it and experimenting, building, and breaking.
That's how the technology continues to improve.
And that's how we slowly but surely get to that next tier
and then the next tier and the next tier of adoption.
So I remember we did podcasts.
2015, I think, or maybe it was beginning of 16, you know, and it was like, okay, lightning is
four months away and it's going to be used. And now it's taking much longer. I think last year
there was a significant amount of activity, but at the same time, it seems all like the kind
of activity you were talking about, right? People are saying, oh, this is cool. I want to try it out.
They want to, you know, play with it, I want to test it. But it's not really people using it yet for,
you know, commerce, right? The mainstream wallets haven't adopted it. So do you feel like this is just
an inevitable thing and it's going to take some time what's going to happen? Or do you still see
major risks and, you know, a big, big probability that maybe like a network is actually
never going to reach the point where it's going to be, you know, kind of mainstream capable?
Well, it currently seems to be the inevitable path because that's what a lot of people,
people are focusing on with regard to the capability of going mainstream. I would say that the,
you know, there are still a lot of questions out there. There are things that need to be built and,
and improved upon. But I would say that one of the biggest open questions is mostly going to be
around liquidity management. You know, the, not necessarily the technical side of the network,
but the financial side of, you know,
how do we build tools that make it easy for people to manage the liquidity on the network
and, you know, specifically manage the balance of the channels on the network?
I think that the first article that I wrote about Lightning Network was around early 24.
and that was really one of the biggest problems that I was talking about back then as well is
trying to model what the economic issues are going to be with the network and you know as
we've had a lot more people actually experimenting and building out the real networks you
know that now we're actually getting data where we can better understand you know how
this new network works and so
you know, from a protocol standpoint, that's where things like the autopilot functionality that the LND devs are working on is important.
Like the autopilot functionality that exists right now is not great.
Like, a human who is being careful about their channel management can do a lot better than what the autopilot is doing.
but this is one of the things where, you know, we need more data in order to figure out what the best way of managing the channels is.
And that's just like at a micro level.
Then the next question becomes like, what are the macro economic issues?
And I also talked about a few of those problems in my article.
But one of my conclusions was that in order for liquidity at a macro scale on the network,
to be more sustainable, I think it'll be extremely important that we have exchanges that get
tied into the Lightning Network so that you can basically rebalance channels easily with out-of-band
payments through exchanges. So lots of open questions for sure. It is, there's a lot of work
ahead of us. I think that at least from a general standpoint that, you know, this type of
layered protocol engineering does make sense.
It's the same way that the internet itself was scaled
with various layers of technologies.
So I certainly don't believe any of the FUD
that people are putting out there of saying that, you know,
it results in like inherits centralization
and fractional reserve banking and all this other stuff.
But that's not to say, you know,
we're doing something that has never really been done before
So you're going to come down to, I think, the level of dedication that, you know, people are going to put into trying to solve the hard problems.
You also wrote this post recently about who controls Bitcoin.
And in it, you describe the history of Bitcoin core development and who has maintained the repose over the years and also described the different.
layers of security and the different layers of decentralization all the way from, you know,
when someone issues a poll request to, you know, a fork being adopted or something of that
nature. It was a great post also I want to mention. So why did you want to write about this? Why did
you feel it was important for you to write about about this? Yeah, I would say probably the majority
of the long-form blog posts that I write are fairly self-serving because I tend to write about things
after I have received a question numerous times, and I find myself from repeating myself,
basically, of trying to explain a complex topic.
And so then a lot of times I'll just say, you know what, I'm going to write it once really,
really well, and then in the future I just send that linked, you know, whenever somebody,
ask the question.
So this question of like does Bitcoin Core as a group control the protocol itself of Bitcoin
is something that has been coming up at least ever since the scaling debate started
and we started seeing alternative Bitcoin implementations that were created specifically
for the purpose of forking away from Bitcoin Core.
in their process.
And it's very difficult to convince people of because of what a complex process it is.
Though if I had to sum it all up, you know, it basically comes down to the fact that Bitcoin
Corps can't force anybody to run their software.
But even behind the scenes, there are so many other security considerations and processes
in place to ensure the integrity of the code.
to try to minimize the trust within Bitcoin core itself as an organization,
that we want it to be as verifiable as possible and as difficult as possible for anyone to inject
bad code in there.
Ultimately, this doesn't address, I guess, governance issues of, you know, what if I have an idea
that will make Bitcoin so much greater and the Bitcoin core development process rejects it,
you know, that is ultimately going to come down to the way that any open source software works,
which is, you know, you have voice and exit as your two main options.
And if you can't voice your opinion to the point that you can convince others to change
the software repository that is being used by most people,
you have to fork your own and try to build, you know,
new level of human consensus around that.
But the main thing that I guess I was trying to get at is that,
you know, Bitcoin Core is just a name.
The fact that it happens to use this specific GitHub repository
is also not that particularly important.
Once again, it comes down to this.
kind of vague, hand-wavy concepts of earlier we were talking about, well, what is Bitcoin? What is
the human consensus for Bitcoin? It's something that's out there, you know, in the ether.
And we're all trying to understand what it is so that we can turn it into code. And it's
kind of the same thing for the main reference implementation for that code, this sort of focal point
of development.
There is no authority that forces the focal point to be in one GitHub repository
or forces it to be managed by certain people.
That focal point has changed names over the years.
It has changed platforms of where the repository is over the years.
And there's nothing really preventing it from changing again.
if the human consensus
occurs to change it.
And there's plenty of reasons why that might happen.
And, you know, this is, once again,
the sort of the voluntary interactions
of this anarchic system can be very frustrating
to people who like to have, you know,
hard and fast decisions made about things.
And when we get into like stalemate situations,
where the default in these systems is basically no or veto.
If people don't make a conscious effort,
then usually the default is no action.
That's when people get really frustrated,
and that's when drama happens
or people start forking off and trying to build new consensus.
And ultimately, I think that is the way
that the governance of these systems is meant to work.
It's a completely new model that people are not very familiar with and can result in frustration in people getting upset.
I really like this notion of focal point that you use quite a bit in the article.
And I think one thing that this article, a few things that I learned from this article.
One, it kind of opened my mind to this idea that these focal points exist in just about every,
form of organization in our society.
And the other also is that, well, I kind of realize that Bitcoin is a lot less
centralized than I thought it was previously.
It feels much more decentralized now that I sort of understand the different layers and
fail safes that are in place in order to protect the repository, but also the network.
I mean, committing to the GitHub repo ultimately doesn't signal very much.
in terms of the direction of the network.
So I encourage people to read the post in detail.
Compared to other GitHub repositories or other software repositories,
open source software projects,
does Bitcoin fall in the norm in terms of implementing all these fail safes
and the signatures and the verifications and whatnot?
Or is this really an outlier?
I think that it's an outlier.
I don't even have enough time to do.
that same level of research on all of the other repositories.
But, you know, even, you know, I have looked at, like, some of the other, the forks of
Bitcoin Core and their processes.
And I've, you know, some of them at least do, like, you know, GPG signed code commits.
But none of them seem to have that same level of, like, automated infrastructure and
integrity checks set up.
really what you find with a lot of projects is that it's like one or two developers that pretty much control everything.
And that's usually just due to the lack of size and interest in that particular project.
Another particularly interesting thing that I find is like which node implementations have automatic update mechanisms built into them.
There's actually something that I ran into recently where I was trying to update one of our parity nodes,
and I downloaded the new binary for it and was checking the version from the RPC output,
and for some reason the version wasn't changing.
And it took me like half an hour to figure out that basically, you know,
parity had this automatic update functionality,
and it was, you know, under the hood, even though I was running a different binary,
it actually had some other binary on the back end
that it was running in place.
You know, that's just kind of like weird stuff
where it makes sense for a lot of software
to automatically update.
You know, it decreases the cognitive load
of the users of having to keep looking for updates
on their own.
But it definitely changes the security model
when you're trying to run this independent distributed network.
So I am glad you, you know, we speak a bit about this process of like, okay, how Bitcoin is, is updated and managed in this.
And I agree. I was impressed just like how much thought and levels of control, you know, having automated tools to check, you know, all of the commits ever made in the cryptographic signatures, etc.
You know, there's such a thorough thing that has been built up over so many years.
And I recently heard this interview with some investment advisor, right?
And so he was asked about what do you think of Bitcoin?
And he was like, well, you know, you have so many cryptocurrencies and, you know, blockchain is interesting.
But, you know, the issue is it's open source and somebody can take it and, you know, they can improve it.
And, you know, why would the first version have been the best?
Why wouldn't somebody be able to go and say, hey, I'm changing something of Bitcoin.
Now it's better.
And then if you invest in Bitcoin, how would you ever be sure that not?
it's going to be replaced.
And of course, it could happen.
But I think this also just points to there's so much infrastructure that's been built
and so much, really such a level of quality and optimization and processes and automation
and checks and assurances.
And you're replicating that is so hard.
And not just for the repository, though, what I think a lot of people don't realize
is the magnitude of the infrastructure
across the entire ecosystem.
And this is something that I ran into when I was at BitGo.
We were running basically enterprise wallet APIs
that were used by exchanges and payment processors
and other various merchants.
And once all of these Bitcoin Fork started happening
and once like the real like explosion of token,
and stuff happened in 2017, it created a huge engineering workload for anyone who was working in this space.
Because in order to add support for these things, even if we're talking about like forks that are very almost identical to Bitcoin, or if we're talking about like ERC 20 tokens that are all very, very similar, the ability to
add support for new ones is it's a lot more than just a copy-paste operation. Like you have this entire
infrastructure stack that has to be replicated and then slightly modified and then have all of your
new alerts and all of your other management systems running on that infrastructure stack. And
it's it's a lot more difficult to get this entire distributed ecosystem with all of their own
infrastructure to to basically spool up entirely new systems to support, you know,
whatever your new Bitcoin 2.0 is. It's, uh, it's, it's, it's, it's, it's, it's, it's,
it's, it's, it's, it's, it's, it's, it's, it's, it's, bring us to,
an interesting question, because the other big cryptocurrency or, or kind of
blockchain network that has, you know, strong network effects, of course, is Ethereum.
But what is your stance on Ethereum? Like, what do you think of it?
Let's see. I've written a few articles about it. Ethereum in particular gave me a lot of grief as an infrastructure engineer, especially during the, I guess, the CryptoKitties period or whatever you want to call it. During late 2017, the last big run-up where a lot of crypto networks were seeing high adoption rates and, and, and, you know,
basically running into their own technical limitations of what they could process on the network.
And as an infrastructure engineer at BitGo, I was running quite a few different nodes.
We were supporting Bitcoin and Bitcoin Cash and Bitcoin Gold and Ethereum and several ERC 20 tokens and Ripple
and probably a few other things I don't even remember.
and during that period when a lot of adoption was happening,
I found that it was the Ethereum nodes and the ripple nodes
that were having the biggest problems from an infrastructure standpoint.
The Bitcoin nodes never had any performance issues with them,
but of course there were plenty of issues on the network at large
just due to like throughput capabilities and, you know,
resulting downstream
usability problems for people that were
trying to make transactions on these networks.
But my
main problems with
Ripple and Ethereum
was that
they were really,
really disk I.O. intensive
compared to
the Bitcoin and its derivatives.
And if I had to speculate
that I imagine, at least for
Ethereum, that is because of all
of the state changes
where, you know, when you're executing all of these smart contracts, it's having to go look up a lot of data and do disc reads.
And from what I've seen, the Geth and probably also parity developers have made some pretty good progress since that time of, you know, reducing the disk I.O. requirements.
But this is one of those things where these networks, they have to get stress tested in order for you to find the limits of what they.
they're capable of doing. And then, you know, you find the bottlenecks, you try to fix the
bottlenecks as much as possible. And then you continue forward until the system gets adopted to the
level enough that you find new bottlenecks. And, you know, that's the way that pretty much all of
these things are going to have to continue to evolve. And I think that what a lot of people are
arguing about when they talk about, like, long-term adoption and technical capabilities, is that
they're trying to argue about like foreseeing bottlenecks far in the future, which I don't think
that that's really possible. Bottlenecks are often surprises and it's generally hard to predict them
unless you're doing a lot of diligence of basically, you know, creating your own networks and
running a lot of stress tests on them, which as far as I can tell, there aren't many people that
doing that these days.
Maybe one more question on the Ethereum versus Bitcoin side, and where I think we have a big
difference.
So we spoke a little bit about the processes around Bitcoin, and those processes revolve a lot
around Bitcoin Core, and, you know, Bitcoin Core is kind of very sophisticated in,
like, making sure, you know, changes are safe.
And of course, in Bitcoin, right, Bitcoin Core is this reference implementation and all
of the miners basically run Bitcoin Core or some kind of like, you know, basic.
basically that software.
Now in Ethereum, we have a specification,
and then we have multiple clients, right?
So there's parity and GIF that I think are the most popular ones.
And then I think those are, you know, much less decentralized,
you know, parity, I think is, you know, basically by parity the company, you know,
and I'm sure there's some external contributors, but, you know, probably not too many.
And then Geph is mostly the Ethereum Foundation.
And, you know, again, they're probably external contributors, but, you know, it's kind of.
But then you have some process where they have to coordinate
you know, and kind of make sure that the changes they make actually align and don't end up splitting the network.
So what do you think are the kind of pros and cons of that approach versus Bitcoins?
Yeah, there have been some very interesting debates around, you know, specifications.
And, you know, what is the specification for Bitcoin?
And people generally say, well, the specification is the code and the reference.
implementation. I don't fully agree with that either. I mean, I think that it gets you most of the way
there. But then, you know, with Ethereum actually having a written down specification, that can
certainly help. And I know that there was at least one case, probably a few cases where one
Ethereum node implementation had a bug. And, you know, when they went and they looked at
that implementation versus the other
implementations, it was pretty clear
that, you know, that implementation was
not following the specification.
But I think
ultimately, the question is, you know, what is the
specification for any of these things?
And I kind of have to
fall back to my hand-wavy
thing of like, what is Bitcoin or what is
Ethereum? What is any public
permissionless protocol?
While you can definitely write down
the rules of what is in the
code, it does a pretty good job of allowing you to understand the machine specification.
I still believe that it's not really possible to write down the human consensus for specification.
Ultimately, I mean, you can write, you can write down whatever you want and you can go about,
you know, trying to find human consensus in a number of different ways, but there's,
there's no guarantee that you're going to get that right.
and, you know, unforeseen things can happen.
You know, I guess a kind of good example, at least with Ethereum, you know, they had the Dow fork.
And I don't recall, but I, you know, I don't believe that, like, re-entrancy or whatnot was, like, a hard part of the specification there.
it really became more of a philosophical question around, you know,
specification of the code versus actual intent of the code.
And, you know, once we get away from this machine, this cold-hearted machine specification,
and we start talking about human intent and what it is that we really want,
that's when I think we get more towards this vague, hand-wavy notion that the actual consensus
for what any of these public permissionless networks is,
is just kind of out there.
And it's hard to actually formalize.
So TLDR, it can certainly help in a few situations,
but I don't think that you can fully formalize any of these things
because it's what's up in here,
except it's distributed amongst thousands, if not millions, of people.
You also wrote another blockpost describing your,
I guess your operational security protocol or process or whatever you want to call it.
And this was something that really struck a court with me because it's something that I've been really trying to get a handle on as well in my own personal life.
But the level at which you seem to have gone to protect yourself, your data, and presumably your family is at a level that I never would have imagined someone could go to really try to protect themselves while.
remaining a public figure. Now, without maybe spending a lot of time on why you decided to do this,
which people can read about, that is probably because you were swatted in 2017, I believe.
Why did you feel that you needed to go to these lengths to protect yourself?
Well, the biggest issue, which I think I talk about near the beginning,
of my very long post of what I did.
The biggest issue is that you don't know what might become an issue.
In the internet age now, we have the ability to easily reach millions,
if not hundreds of millions, if not billions of people with a single tweet, for example.
And there are a number of examples out there.
where people have unintentionally said something, you know, on social media that triggered a horde of people as a result.
And within that horde of people, there might be one or two imbalanced people or people who have, you know, mental issues or they don't know where the line is and they're willing to go to an extreme length to try to harm you in some way or at least to make you afraid.
And so I think that that's kind of what happened to me is I went from having, you know,
a thousand followers on Twitter and most people not really caring what I said,
having, you know, close to 200,000 followers.
And now if I say something that offends someone or that, you know,
might be against someone's financial interests because they hold a certain crypto asset,
then they might feel compelled to try to do something to hurt me or to make me afraid or, you know, in the case of the swatting, they were trying to extort me, though they didn't do a very good job at the extortion.
So it's, from my perspective, trying to like look at where I am now and then think, well, I should probably be conservative and a,
assume that it might get like an order of magnitude worse. So I should try to improve my security
and privacy to the point that someone who might expend an order of magnitude or more resources
trying to find me or hurt me or whatever. Because you can't put that protection in place
retroactively. Or at least if you do, you have to do what I did and basically burn your old
life and start all over. And that's very difficult for most people to do. So it's a lot easier to
have the privacy and security up front, like way more than you think you need in case there is an
attacker because, you know, if an attacker succeeds, then the consequences are probably going to be,
you know, more devastating than whatever resources you put into the defenses up front if you're
trying to be proactive about it.
what do you think are the tradeoffs of having such rigid operational security?
Because, I mean, I've implemented a few things in my life.
One of the things is I'm working to get off Google completely and off most social networks.
And, you know, the tradeoffs are that, you know, once in a while I need to do a little bit of more searching in order to find, like, the closest restaurant that I'm looking for or something like that.
But in your case, this seems to be a lot more, it seems to be a lot more of a burden, or at least I would assume.
How have you found it impacted your life?
Yeah, I mean, the tradeoffs mostly occur when it comes to like physical real world interactions of stuff.
So on the extreme case, no one in my like physical proximity or no one that I interact with
physically where I am now actually knows who I am. They don't know my real name. They don't know
what I do. They just know that I'm a programmer. I'm a boring old programmer. We don't have to
talk too much about, you know, what I'm actually doing because you don't want to hear it.
And so, you know, that can affect, you know, your, like, real world social life, basically,
is that I consider most of my real friends that I share interests with are on the internet or,
you know,
they're remote.
I no longer have friends with shared interests who are like in my physical location.
I do have friends, you know, that I've made,
uh,
that,
uh,
you know,
we can do things together and,
and,
and have fun activities and play games and,
and,
you know,
entertain ourselves and whatnot, but it's not in the, you know,
crypto or privacy sphere of shared interests.
So it's kind of like living a double life almost.
And sometimes that feels kind of like, you know,
James Bond spy type stuff.
And other times it's just plain annoying,
you know, having to like drive around,
like to, if I want to pick up my mail,
I have to drive fairly far to go to a,
a private mailbox.
If I
want to do
anything that requires
a membership where they're going to
ID me or whatever, then
I'm probably going to have to drive pretty far
because I don't want
my name and any databases
that are tied
to location.
It can definitely be inconvenient
in quite a few different ways,
but on the other
hand, thankfully
there are a lot of services out there these days that allow you to sign up suit anonymously.
So that has been helpful for a few things.
But for the things that don't, that is where it's become a lot more expensive.
And, you know, hiding my real identity will tend to, like, involve lawyers who charge me a lot of money to basically act as a proxy on my behalf.
Wow, that's pretty mind-blowing
So actually, like, let's say your neighbors
And stuff like that
They don't know your real name
They know
But I mean, that seems to be
tricky
Especially with your, you know, pretty big public profile
I mean, the chance that somebody
I don't know
Listen to this podcast or sees you on Twitter
Or something
And then it was like, hey,
Isn't that the guy that, you know,
I have this other name for?
Like that seems like a high risk, no?
Well, I guess I'm not actually a celebrity.
You know, I've only ever been recognized out in public one time,
and I think that that was mostly due to the beard I had at the time.
But other than that, most of the time when I'm out and about,
I keep it pretty low-key, and I just, you know, look like another guy.
So, you know, if I ever got to, like, real celebrity status level,
then hopefully that would mean like Bitcoin has done so well that I can buy my private island or something.
I had this conversation with someone over the weekend where we're talking about privacy,
not so much personal obsequc, but more on the privacy side.
And at the beginning of your blog post, you say something to the effect of,
most people would look at this and say, well, I have nothing to hide or I'm not such a high profile person.
why would someone want to attack me or steal my identity?
And people often say this to me.
And I'm not really quite sure what to respond.
I guess one of the things is, of course, you know,
we don't really know what artificial intelligence
and this sort of thing can, you know,
it was capable of in the future with the data that has accumulated on you.
What do you normally tell people?
What's your sort of way to convince people
that having good operational security, you know,
keeping your privacy matters sort of like under wraps and also being careful about
like your data and what you share with whom and what companies.
What's your what's your way to convince people?
I guess that that's a good idea.
Yeah, yeah.
So it's like I said, it's kind of like the spoonful of proactive measures is worth
I guess a pound of trying to fix things.
up. It's because we know, there are a few things that we know. One of those is that information
wants to be free and basically any service that you give your data to over a long enough
period of time, it's almost inevitable that that data is going to leak. It might leak due to,
you know, what we've seen with Facebook of like partnerships and accidentally.
allowing partners to see data and then those partners might leak it in other ways,
or it might leak because they get exploited somehow and someone managed to get like a big data
dump and put it for sale out on the dark net.
But that's the first thing that I try to tell people, you know,
at the very least you might want to worry about identity theft because that's so common,
at least in the United States.
But then, you know, from more of the, like,
um,
actual physical security and,
and operational side of things,
uh,
you don't know who you might piss off.
And, uh,
especially if you're active on social media,
um,
it's just not possible to fully comprehend,
like,
the thought processes of everybody else out there who's on the
who might read or hear something that you say and then what they might do as a result.
And so I believe that the vast majority of people are, you know, quote unquote, good,
moral people, you know, who will not harm others to help themselves in most situations.
But it's pretty clear that there are a small number of people out there who have, you know,
sociopathic tendencies or who will do things that we generally consider to be immoral.
And that's what I'm worried about. And for me, that's because my audience size and my reach
has grown to the point that there are a non-negligible number of those people who are likely
to come across what I'm saying and get triggered by it. But while the likelihood of something
like that happening for the average person is probably lower, you never know. And so it's just
like a form of insurance against a somewhat unlikely but still possible event. It's like the Justine
Sacco lady that I had in my post where, you know, she made one bad tweet. And as a result, it,
it impacted her career and her life. And, you know, her reputation is basically ruined at this
point. Yeah, I think this sphere of escalation is is a very kind of U.S.-centric type of idea where, like,
I think in the U.S. people will want to protect themselves in part because of the sphere of
escalation, whereas in Europe, people would want to protect themselves more as a preventative
measure against, you know, companies that might misuse their data or data leaks or this sort of thing.
I feel like if I think here in in Europe at least like fear of escalation is quite low.
I don't think people have much of a fear that like you know they might say something on Twitter that will piss someone off to the extent that they might might get physically harmed or threatened or something like that.
I mean the one thing that stands out to me.
So, you know, Twitter sure, right, people get.
I mean, one of the things that I have found striking, right?
Like often you have people on Twitter and I think in the crypto space is very common who you know.
just seem like horrible people on Twitter, right? They're like so aggressive and like totally
and then I met some of these people in real life and they're like huge difference.
Like this is actually like nice, reasonable person seemingly like that. So I like I think that
scenario personally it doesn't seem. I mean I could see it happen but I don't find it so
concerning, but then the scenario, and I think you've talked about that too, right, of
basically people saying, okay, let's target crypto users and go in and try to extort them or steal
their funds. And I remember reading a while ago, there was some guy in Norway who was, I think,
doing some Bitcoin trading and, you know, somebody went in to his house and tried to steal the
Bitcoins and then he killed the guy.
There have been
dozens, dozens of
those incidents and in fact we
just saw a guy
tweeting earlier
today about his friend
in Oman, I believe
was physically
robbed and assaulted.
And then I saw another
piece of news pop up about
someone actually being murdered in
Japan after
meeting someone at a Bitcoin meetup
I'm trying to find more source material on that.
But, you know, that's part of the problem, I guess,
with being an early adopter in this space is that it's kind of a paradox
where it's not a good idea to talk about like money and wealth and assets.
But we also have a incentive to talk about these networks
because we want them to grow.
we want to get more people to come into the networks and expend their own resources to build
the networks and evolve them.
And so as soon as you start talking about being interested in these things, then you've
created a point in time where an attacker might go back and look at your history and say,
oh, they've been talking about, you know, Bitcoin since 2010 or Ethereum since 2015 or whatever.
And then, you know, the attacker starts extremely.
extrapolating, well, you know, they could have, you know, this many millions of dollars and they probably
don't have bank level security. So, you know, if I'm weighing my options of where I get some
easy money, you know, do I rob a bank or do I go find this crypto person who probably has a
bunch of money, you know, under their mattress in a hardware wallet? And I just need the $5
wrench attack. And so that is one thing specific to, I guess, people who are in the crypto space is that,
You know, we're talking about these highly liquid bearer assets.
And if you are going to go down the path of being your own bank, you have to actually
understand everything that is involved in being your own bank.
So I guess just before we were about, maybe we can briefly talk about something that ties
in very nicely here.
So the company that you're a CTO of CASA, is that you're building basically this sort of custody
self-custody solution for Bitcoin, is that's also presumably one of the scenarios that you try
to protect against, like this $5 wrench attack? Or can you talk a little bit about what this product
looks like? Yeah, so the first service that we started offering at CASA is the Key Master Service,
which is basically a vault product. It's a three out of five multi-sig Bitcoin wallet. And what's
different about this wallet.
There's a few things.
One is that it is mostly
backed by hardware devices,
and we support off-the-shelf hardware devices
like Trezor and Ledger.
And the
premise is that it's not only
multi-sig, it's multi-device and
multi-location. So we're building
in a level of
redundancy and
robustness and
minimizing any single points
of failure to
that every aspect of the system that we can in order to protect not only against theft,
but also against loss.
And when I say loss, I generally mean, you know, something happening where the user screws up
and they can no longer access their keys and basically, poof, all of the money is gone,
but nobody has stolen it.
In my experience and from some of the analysis that it has been done,
like by chain alysis, we estimate that twice as many bitcoins have actually been lost than have
been stolen. So it's the fact that users are generally not IT experts or even if they are technical
like myself, it's just annoying. Like nobody wants to go through really boring data backup
and like backup integrity testing checks and all of this other stuff like nobody wants to spend
even you know an hour a year doing that and i was spending one to two days every year uh refreshing
my own cold storage setup which was this custom thing that used like shemir secret sharing
and you know sharded out these encrypted uh file containers across uh various people that i
semi trusted and um you know just thinking through
all of the different attack and failure scenarios is exhausting.
So we've basically created a very user-friendly app on iOS and Android,
where if you can read the screen and follow the workflows on the screen,
then it's really as simple as plugging in your hardware devices that you buy
and following our guidelines for how to initialize them and test them
and do health checks every now and then.
The one thing that we did that had not been done before
is that we actually got rid of the need
for storing recovery seed phrases.
So with our solution,
when you actually set up your wallet,
we tell you not to write down the seed phrases,
and that is by design,
because users are terrible at security,
and if the user has to keep a,
a seed phrase secure, then that's this whole other basically iceberg of security knowledge that
needs to be ingested by them. So by getting rid of that, they can instead just think of their
security in physical terms. You know, where are my physical hardware devices? You know,
distribute them in different access-controlled locations, and that's a lot easier to reason about.
And so this is generally what we're trying to do at CASA. We also have other products, one of which
is the node, plug and play node product.
And I've got a few other things that are coming out pretty soon.
But we're from a very high level trying to bring usability to the masses when it comes to
securities.
We want to decrease the level of technical knowledge that is required to operate within
these systems to get that maximum level of security.
And so as a result, like our mission is just.
to help increase personal sovereignty.
And so it's a very broad mission,
and we're going to be trying to attack it
from a number of different angles.
Key management is just, you know,
the first most obvious one.
Cool.
Well, thanks so much for joining us today, Jameson.
It was a real pleasure speaking with you.
Hopefully we can have you back on at some point.
I think there was a lot of stuff
that we could dive in a lot deeper
and maybe have a more focused thing,
like especially like Opsic and the whole security thing
is massive area.
Absolutely.
So yeah, thanks so much for coming on.
And we're of course going to link to many of your blog posts,
which really make for excellent readings.
So please keep up the fantastic work there.
We'll do.
Thanks for having me.
Thank you for joining us on this week's episode.
We release new episodes every week.
You can find and subscribe to the show on iTunes, Spotify, YouTube, SoundCloud,
or wherever you listen to podcasts.
And if you have a Google Home or Alexa device,
you can tell it to listen to the latest episode
of the Epicenter podcast. Go to epicenter.tv slash subscribe for a full list of places where you can
watch and listen. And while you're there, be sure to sign up for the newsletter, so you get new
episodes in your inbox as they're released. If you want to interact with us, the guest or other
podcast listeners, you can follow us on Twitter. And please leave us a review on iTunes. It helps
people find the show, and we're always happy to read them. So thanks so much, and we look forward
to being back next week.