You know, we all say that Bitcoin is antifragile and it's resilient from attacks, right?
But is it really like that?
I mean, there are so many different kind of attacks like network attacks, blockchain attacks,
legal threats, you know.
So we would love to talk about all of these topics today, but it's going to be almost
impossible.
So I will try to make the best thing and to moderate the panel in the best way.
And I would like to start with Jameson with the ossification topic.
And it's a pretty huge topic and hot topic right now.
And I would like to ask you if, in your opinion, like premature ossification of the base layer
is going to be like a problem and an attack vector in the near future.
It's interesting because this is not necessarily a direct obvious attack vector.
We were actually talking backstage about what would be, if we were a malicious, say, nation
state entity or whatever, what would be the cheapest and least obvious way of attacking
Bitcoin?
And I think we generally agree that some type of psyop would be a way of socially attacking.
And so I think that the question in my mind is, is there a certain perspective that some
people are taking that we must stop developing the protocol because it's not safe to continue
to change it?
I see this as a very fear-based thing, because obviously there are trade-offs.
Whenever you make a change, you may enable new functionality that may add value, but
you also might unintentionally enable some sort of exploit or backdoor.
And so that's generally what I hear people talking about.
The flip side of it and what I've been trying to get across recently is that we actually
have a multi-decade history of observing internet protocols ossifying.
I think everybody agrees ossification is almost a problem of physics in the sense that you
have a network protocol that it continues to expand in adoption until eventually that
network of protocol users gets crushed under its own weight.
And it becomes really impossible to coordinate upgrades because it's too dispersed and there's
no one who owns it, no one who centrally coordinates it.
But point being that the internet protocols that many of us use today that are essentially
ossified, there's plenty that could be done to improve them.
Of course, it's not possible to improve them anymore, but they didn't stop changing because
people made a conscious decision not to do that.
So I think that it's worthy of our time as developers to continue to push forward to
try to improve Bitcoin as much as we possibly can, because we know there will become a point
in time in which we can no longer do that.
And we also know that even if a protocol ossifies, the world does not ossify around it, and new
unanticipated things can come up which you need solutions for.
And what we've seen is kind of hacky solutions, usually hacky centralized solutions come up
to address issues in other internet protocols.
I usually talk about email because I spent a decade working on that, but email is a very
terrible history of centralization and hacky solutions bolted on, which has resulted in
email becoming highly centralized.
You want to add something, Andrey?
The question was, what would I do if I would be at a state level to destroy Bitcoin?
I would do it slowly and methodically.
First of all, I would limit Bitcoin liquidity by making centralized exchanges very expensive
to run.
Then I will poison Bitcoin development by making it very inconvenient to not even commit
any changes to Bitcoin repository, but even to discuss any changes.
Then I would spread a fad about how mining kills the planet, tax it into oblivion, make
mining centralized activity.
And then I would like to control manufacturing of ASICs, basically to limit access to them
just to actors that would support my view of Bitcoin.
And if somebody would decide to oppose it, I would just physically destroy them.
Peter?
Well, I mean, I was involved in what could have been an attack on Bitcoin in the block
size debates.
And in terms of ossification, I would actually make the opposite point where a lack of ossification
is a very big concern.
Because a protocol that keeps on changing is a protocol that you can go and apply pressure
to to change in the way you want to.
And every single time it changes, that's another opportunity to apply pressure in a way that
may not be in the interest of people using the protocol.
And the beautiful thing about what we have with Bitcoin right now is I think it's ossified
to a large extent.
How we use Bitcoin at the base layer is pretty stable.
It doesn't look like it's going to change very much in the foreseeable future.
And then you build layers on top of it like lightning, where it's okay if you and I have
a lightning channel or use lightning in a way that's different than those two dudes
there.
That's okay.
We can still go back to Bitcoin and move value around later and move it back up to this new
system.
And we can experiment with completely new things on the side too.
And that gives you much better competition, much better ability to experiment.
This is why my professional life, I did do one change to Bitcoin's consensus, which is
off check, lock, unverify.
It's very boring.
But basically all my effort has been on figuring out how do you go and use the protocol as
is to do interesting things without having to coordinate with other people.
And do you think that's like pressure coming from outside, like an external pressure regarding
classification or like a political pressure?
Well I think the block size debate was an example of pressure to change Bitcoin for
the worst.
You know, and I look at it this way, if in 20 years they declassified a bunch of NSA
documents and it turned out half those people were NSA operatives, I would not be surprised.
And there are examples of protocols in the past where this has turned out to be true.
Now is it necessarily true?
Well we really don't know.
But it certainly was a force to make Bitcoin worse and it's something many other coins
have gone through as well.
And we're just lucky we navigated that in a way that led us to something better.
You know, it's slightly imperfect, no, but it's better than the alternative.
You want to add?
Peter, still regarding pressure and specific pressure to developers and legal threats to
developers.
So we all know that things are changing in the last years, right?
So what do you think about legal threats and pressure on developers, maybe like public
developers like you, where you have your full name and surname, and you can be attacked
on the legal side by malicious entities from various countries and jurisdictions all over
the world.
I am one of, on the order of like 15 people or so, involved in different aspects to Bitcoin
and Bitcoin development, who of course is being sued by Craig Wright.
And that's actually for me personally two separate lawsuits with, you know, ludicrous
billions of dollars claimed in damages and all this nonsense.
But you know, that's certainly something that we're very glad that people are helping with.
But you know, maybe even a more concerning example is more like the Tornado Cash dev,
who of course, he's in jail right now, or maybe bailed out.
Just got bailed out.
Yeah, just got bailed out from a crowd.
And you know, he has very serious charges against him for what appears to be a charge
of essentially writing open source software.
And of course, due to the way the Dutch legal system works, he doesn't actually technically
have charges against him yet, which is its own level of ridiculous.
But you can see this kind of thing happening.
And I think the real challenging part is that going anonymous is not the solution to this.
Going pseudo anonymous is not the solution to this.
You know, you need, for a project like Bitcoin, for an ecosystem like Bitcoin, you need devs
who are able to go on stage and talk to people, you know, and to be able to create that community
and gather together and, you know, teach people how stuff works.
You need people who are able to do that.
And if all you have is pseudo anonymous devs, both you don't have that community, but also,
how do you know who those people are?
I mean, bootstrapping trust is really difficult.
Pure pseudo anonymous devs, it's very easy for those kinds of groups get taken over by
bad actors.
It's much less likely, or at least much harder to pull off the same kind of thing with devs
who are not anonymous.
And while, you know, there's threats in both models, I think we're far better off if we
can have a mix of both.
And unfortunately, to do that, we really need to go fight governments and other bad actors
in the legal system.
There's no getting around that because pseudonymity is not the magic solution.
Imagine that you have a time travel machine right now.
Would you go back in the past and change something and change like how you approach it to Bitcoin
and contribute it to Bitcoin?
Absolutely not.
In fact, I consciously made that decision way back in 2012 or something when I first
got involved in this under my own name, because I thought very hard, do I want to do this
under my own name or pseudonym?
And for me personally, the decision was basically, I like being out in public, I like speaking
to people, I'm reasonably good at it, probably better than the average dev.
So I should be the sort of person who takes that risk, because, you know, people are good
at different things.
I happen to be better at that side of it, so I might as well take that risk.
It's the right thing to do.
And I would not change that decision one bit.
For the record, I tried really hard to get Craig Wright to sue me, and he threatened
me many times, but he always backed off.
But yeah, I mean, this is somewhat a problem with anyone who becomes a public persona.
You know, anyone who contributes to open source development has a potential for this to become
a problem if their project takes off and becomes big enough.
And I mean, open source development is certainly an adversarial environment.
I think for most open source projects, the adversarial nature is very limited to just
a small number of contributors.
But when you have a project that ends up being adopted by millions of people, you just have
a lot more eyeballs, and as a result, more bad actors or more people who are just willing
to do nasty things.
I would like to add something.
I appreciate your strategy of fighting legal battles, but I guess...
Sorry.
You are from Western democracies, and you are convinced that you can win legal battles.
I have seen a lot of legal cases in my country and in Russia, and I guess that you haven't
seen cases when a state is really against you.
Just imagine, you would like to sue a state in a state court, and if there would be a
real decision to make you liable, a judge will just dump the correct decision that was
given to them from above.
So this is...
I hate to say it, but part of the advice kind of has to be in some cases, you just have
to go move to a better country.
Yes, but at one day, there will be no more countries to move.
So this is...
If we get to that point, we're just screwed.
Bitcoin is not magic.
But you can't stop at this point.
You have to...
I don't agree with you.
I'm more hopeful.
Okay.
Let's change the topic.
So right now, another hot topic is the possibility of having backdoors inside hardware wallets.
I'm pretty sure that most of the people are using hardware wallets nowadays because they
trust them more than their own computer.
It can be risky to trust a black box, even if you have an open source firmware or software,
but still you have a piece of hardware that you don't really know what happened when you
bought it, when someone sent it to you, and maybe even when you let it at home.
You know, even made attacks and supply chain attacks are real.
So is it a real threat, like the possibility of having a backdoor in a hardware wallet?
Or can we minimize or reduce the risks of using hardware wallets by, for example, generating
our own entropy, letting them offline all the time?
So I mean, what's your point of view about attacking hardware wallet and hardware wallet
companies?
It's certainly possible.
I think in general, we talk about security, usually you want to be paranoid and go to
the extreme end of what could a well-funded nation state attacker do.
And so from the perspective that probably the vast majority of the hardware devices
out there are created by only a handful of companies.
Thankfully, these companies are generally in different countries, but I think they're
mostly in Western and EU countries that tend to work together on various things.
Then yeah, I mean, there are potential points of failure.
I mean, and even being open source, it's not like security panacea.
It's still quite possible to slip in code that is, you know, an average open source
developer can look at the code and not tell that it's malicious.
I mean, there are entire competitions around like subversive programming of malicious code.
So yeah, I mean, there is no perfect security solution.
How could we get around that?
I am a big fan of air-gapped machines.
I'm actually a big fan of the various hardware devices that only transfer data, you know,
either over like an SD card or over animated QR codes.
If you're transferring the data, if you're plugging in over USB, you can't really be
totally sure that no data is being exfiltrated, or at least the average person isn't going
to be able to tell what's happening there.
So yeah, I mean, black boxes are generally bad.
Open source isn't perfect.
It's certainly better, or at least it makes it more likely that some eyeballs will catch
the problem.
So this is unfortunately just the fact that there is no perfect security solution.
It's trade-offs all the way down.
But if you're using a hardware device, you're already better off than the vast majority
of people.
>> Peter, I know that you are a huge CubeSOS fan, a user.
Well, I mean, for the most part, I don't use hardware devices at all, or I should say hardware
wallets to be precise.
You know, when I've been in situations where I've needed to store a large amount of Bitcoin
securely, I've done things like say, buy a used laptop, preferably one a few years old,
wipe the system and go install Linux on it from a source that I can at least trace back
and have reasonable trust in, and then put something like, say, Bitcoin Core on it.
Because the big problem with hardware wallets is your whole supply chain leading up to the
point where you receive that hardware wallet, every step in that supply chain is touching
a device that they know will be used to store Bitcoin.
And that's a very big target.
Now, the security posture of hardware wallets is very different than, say, a laptop, which
is why with multisig, hardware wallets can absolutely be useful.
You know, using hardware wallets in addition to a key kept on, say, a laptop you go keep
on a safe and don't otherwise use.
But you know, in single key environments where the thing that processes that key and signs
those transactions has full control of where the money goes, I don't trust hardware wallets.
Like they're just, they add so many supply chain risks that do not exist in the simpler
and easier version of just get a computer or, you know, get a phone and only use it
for that one thing.
But in the future, like I say, I think this will change with multisig, but the software
ecosystem, you know, it was only very recently gone to the point where any of that's practical.
And of course, morality too.
I mean, I run lightning nodes, which have reasonable amount of money on them in those
cases.
Well, you know, it's lightning.
You just kind of got to cross your fingers and hope right now because nobody has lightning
multisig.
But I'm not too worried.
And you know, I've never been in a position where I've lost money due to hacks.
But you know, I do things like I use cubes, which splits up my computer into many different
virtual machines.
I mean, I, for my way I use computers, it's just much more secure than the average person.
And that really says something about how terrible computer security has been in general, you
know, in the whole ecosystem.
Yeah.
We don't want to go down that rabbit hole because we'll scare everybody in the audience
because yeah, regardless of what solution you're using, you know, if it's an air gap
laptop or if it's one of the big manufacturers, I mean, almost nobody has the ability to fully
verify that entire hardware and software stack.
So like Peter was saying, like the only way you can kind of get around that is, you know,
additive security of just like using a diversity of different key mechanisms and then, you
know, being okay with one or two of them having flaws and potentially failing.
And I should point out the security of being untargetable.
And you know, a really funny example of this is like I've personally reviewed security
protocols for things like exchanges, which are storing, you know, many, many, many millions
of dollars worth of Bitcoin.
And when they're doing their job right, often the protocol starts with something that sounds
ludicrous, like go to the local computer store and just get a laptop off the shelf at random.
But bizarrely, that can be more secure than ordering something from a, you know, a secure
manufacturer because that creates a target and we know for a fact in the past and probably
they still do, entities like the NSA have intercepted packages and put back doors in
there.
You know, Snowden leaked this and we have photos of Cisco routers getting opened by
NSA operatives.
So that is a very real risk.
And unfortunately, there, you know, there isn't a good answer to that risk other than
things like randomization, making sure that you're getting stuff from stocks where they
just don't know in advance what it's being used for.
Hardware vaults are definitely not that.
With hardware security, we are right now in a situation that looks like with software
before say 1993 or 5, before Linux kernel was created and open source operating system
started to become popular.
Until you can't yourself verify what is going on with your hardware, you are out of luck.
You just can increase, well, decrease probability of getting hacked, but you can't be sure.
And unfortunately, with current technology of chip manufacturer, you have no chance because,
well, you can't invest how many, tens of billions of dollars to create your own touch just to
manufacture one or a dozen of chips.
Yeah, so Peter mentioned supply chains.
And I mean, supply chains are just terribly fragile and insecure and not verifiable, but
not only hardware supply chains, but software supply chains.
And this is actually something that I've started to understand better in recent years is really
the fragility of especially things like library package management and dependencies and actually
a lot of the tooling that has helped us really accelerate development as software engineers
because we don't have to reinvent the wheel.
We let other people do a lot of the heavy lifting and then we put all the pieces of
the puzzle together.
But unfortunately, this becomes a huge attack vector as well because many times these software
packages become unmaintained and get taken over by attackers who insert malicious code.
Or Peter actually had a really good point backstage where probably some of the biggest
attack vectors, not just for Bitcoin, but for all of human society is like Microsoft,
Apple and Google because they own the supply chains for probably the vast majority of computing
devices that are used by humans on this planet.
Not the vast majority of servers because they tend to run Linux, but of consumer stuff,
absolutely.
And I want to further that point by saying from the point of view of developers, in some
cases we're going backwards on that.
Like PGP usage is going down.
I happen to maintain the Python library, Python Bitcoin lib.
And just the other day, the Python packaging service, they dropped support for PGP.
Now when you download my library, there really isn't any practical way that you can verify
what you actually downloaded.
You're purely trusting this packaging service with no authentication.
Got a bootstrapping problem.
No logging of what they're doing.
It's nuts.
It's completely nuts and we're going backwards.
I mean, if I was to go point somewhere and say, I think this is NSA action, I would actually
point to the demonization of PGP.
That's one of the most suspicious things in computer security right now.
And unfortunately it's working.
And how can you avoid those things?
I mean, what would you advise to a normal guy just trying to have and own some Bitcoins
in a safe way without like being a victim of those issues?
For the layman, you know, they can go learn more, but I'm really talking more to the developers
and the people who are kind of working as sysadmins.
You know, if you don't understand PGP, but you're developing cryptography software, what
are you doing with your life?
Like, you know, I have a PGP key.
I use it.
Like that is just table stakes to get involved in this stuff.
You know, even if all you do is act as a sysadmin for like a Bitcoin exchange, if you are not
checking packages and downloads with PGP, you are just really bad at your job and you
really have no excuse for this.
And unfortunately we're seeing tons of people in the computer security industry just demonize
PGP as though it's like some terrible thing that will somehow make you less secure.
It's just not.
It's the only really good thing we have to verify software provenance.
Okay.
Is it spamming the blockchain right now like an attack vector for Bitcoin or not?
No?
No, I mean, at least, you know, Bitcoin has been designed to absorb, you know, quote unquote
attacks.
But, you know, calling it an attack is also a subjective thing.
Well, obviously we impose economic costs upon anyone who wants block space.
So if you're using block space in a way that is inefficient or that is basically economically
not very valuable, then the economics of the system will play out over time.
Some people like to look at a 2017 era when there was a lot of odd activity that some
suspected may have been an attack, you know, to try to push the scaling debate in one direction
or the other.
And if that was the case, they failed and they spent a lot of money doing that and basically
paid the miners a lot of money for the privilege of doing that.
So, you know, I'm not worried about that particular mechanism.
Spamming Bitcoin blockchain?
You have wondered what would support Bitcoin security after block subsidy will end.
So inscriptions.
I mean, I'm certainly worried about the long term, but that's like 10 years off.
Certainly for the now, I think what's happened with these so-called spam attacks is really
more like an immune response.
And I don't mean that in a good way.
I mean, like our immune response to that has been way overactive.
And frankly, you know, had a bunch of Bitcoin quote unquote maxis not gone all crazy about
inscriptions, I don't think they really would have been a thing.
We were giving them free advertising by getting all bent out of shape over this on Twitter
and other social media.
You know, that was free advertising for them.
That made them much more popular than they would have otherwise been.
Had everyone just ignored them, fees would have gone up a little bit.
Then people would have got bored of it.
Fees would have gone down.
Instead, fees went way up and then went mostly way down.
You know, we did not need that big spike of interest.
That was purely our own fault.
What about like adding illegal content on the blockchain?
I mean, can it be used on a political way?
Like to say you can't use Bitcoin because now it contains something illegal.
People have already tried to go pull this angle years ago and it never got traction.
It worked really well against BitTorrent.
BitTorrent is totally dead now.
Yeah, totally dead.
You know, in theory, it could be an issue, but like it's a legal question.
And the nice thing about that scenario is there are other services like certificate
transparency where if, you know, putting illegal content in the Bitcoin chain is bad, people
can do the exact same thing as certificate transparency, which, you know, literally every
single person in this room uses that as a blockchain to go verify HTTPS certificates.
It's by far the biggest use of blockchain.
It dwarfs Bitcoin, dwarfs Ethereum, dwarfs all this stuff.
And yet it still has that same vulnerability.
And I would love to see someone go try that just to see what the immune response would
be and I'm sure, you know, laws will have to just accept that.
Well, you know, it's a data publication mechanism like treating that as, oh, everything must
be shut down is ludicrous.
Andrei, what's the point of your body?
Well, it definitely will be used against Bitcoin users when the courts and the police will
get the orders.
Just recall how gold was banned in the United States.
If they would find gold in your house, you are under criminal charges.
Same way if they would find illegal content on Bitcoin blockchain that was downloaded
on your notebook, you would be held liable and most likely there will be a few public
cases just to scare off people.
Will it be successful in the end?
Of course, no.
But will this be used as an attack on the vector?
Definitely yes.
Okay.
I would like to say just three words.
Okay.
Quantum computing is in the context of Bitcoin.
And I'd like to like to finish the phrase quantum computer is probably bullshit.
Okay.
I used to I used to prior to being involved in Bitcoin, I used to work in gravity radiometry
and I had a lot of co-workers who are extremely good physicists, including quantum nuttiness.
And I think the simple answer is it appears that as you scale quantum computers up and
add more qubits, the cost of the computer goes up exponentially because you got to work
harder and harder and harder to keep the quantum states from decomposing basically.
And that you know, that makes intuitive sense.
If quantum computers were real, they would be like analog computers.
And we all know that if you have true analog computers, you can break all kinds of crazy
math.
And it's, it looks like physics doesn't actually work that way.
All this stuff about internet resolution, quantum fields, it probably isn't how the
world actually works.
And the cool thing is maybe in the process of building quantum computers, we'll find
new physics, we'll find out why they don't work.
And that will probably be a brand new branch of physics understanding why quantum computers
don't actually work.
Well, I mean, on the bright side, Bitcoin is actually probably one of the biggest bug
bounties when it comes to solving quantum computing, or at least if you had a quantum
computer with sufficient qubits, there's a wide variety of things that you could attack.
But it would probably make sense to start mining some of those early pay to pub key
Bitcoin blocks.
And, you know, this would be noticeable, of course.
So you could claim that as long as we're not seeing massive odd activity of spins from
those first couple of years of Bitcoin mined blocks, that it's probably good evidence that
a quantum computer with sufficient capacity does not currently exist.
Now is it worth talking about how to harden Bitcoin against that?
Maybe.
I can't think of any way, though, that we would be able to protect those early pay to
pub key UTXOs without breaking the original owner's ability to spend that money.
So it would certainly be an extremely controversial change if we wanted to, quote unquote, protect
all of the Bitcoin against quantum computing.
So for you, quantum computing is?
A fascinating problem.
Irrelevant.
Quantum computer is irrelevant.
I also have quite good familiarity with quantum mechanics and quantum chemistry, and it would
be extremely difficult and expensive to build actually a useful quantum computer.
And if you will, would build it, you would better spend it, use it to mine Bitcoin, not
to break off keys.
And as a reminder, all this stuff you hear about things like D-Wave, they are not the
type of quantum computer that has anything to do with cryptography.
That's an entirely separate class.
So for the most part, all the press releases you hear about, you know, Google having quantum
computer, that's actually not relevant to Bitcoin.
Okay, let's talk about network attacks and attacks on privacy.
So in my point of view, I think that's something not good at all, I think.
But I feel like the Bitcoin network right now is being split into two different UTXOs
and users.
Like, know your customer users and know your transactions user.
And like, cyberpunks who doesn't follow these things, they coin join, they want to do this
swaps and this.
So do you think that the attacks on privacy in the long term will be like an attack vector
for Bitcoin or not?
I mean, is that a non-existent user issue?
Or is it real?
In general, I'm unfortunately very like bearish on both security and privacy, just from observing
human actions and incentives.
And it just seems like, I think it's a fair statement to say the average person doesn't
care about privacy or security until it's too late.
And I don't really have a solution for that.
I mean, humans are complicated creatures, and we all have busy lives and our own priorities.
And generally, privacy and security are nowhere near the top because we're focused on more
day to day issues.
So you know, I think the general state of privacy in Bitcoin is pretty terrible.
And in order to actually achieve decent privacy on Bitcoin, you have to be willing to put
in a lot of effort.
So it's certainly possible.
But I think the sort of proportion of people who will be willing to put in the effort is
infinitesimally small.
But don't you think that maybe in the future, these two kind of like users will not be able
to communicate and do transactions with each other?
I mean, as it stands today, it seems like the hardcore pro privacy people are more likely
to essentially get themselves locked out of the traditional on ramps and off ramps in
the system.
And maybe that's okay.
If you're living a pure Bitcoin lifestyle and doing circular economy within Bitcoin,
you don't have to worry about getting censored by a third party.
Yeah, but that's the small part of it.
It is, unfortunately.
But keep in mind, I mean, you're actually talking about as though the UTXO set splits.
But that's not really how it works.
If I am this pro privacy guy, I will happily accept your KYC coins.
It's not relevant to me where they came from.
I don't care.
It's only relevant if I go try to go send them, say, your exchange or something.
Now, you might choose to be locked into a service where you cannot send your coins at
all.
Although, I don't think that's a likely attack because that kind of politics doesn't like
the ability to own Bitcoin at all.
I mean, it doesn't like the ability to own things.
There is a somewhat unrelated Bitcoin itself.
There are political proposals to have asset registries.
So the idea is anything of value you own with non-trivial value, like an example, like your
phone, would be required to be on an asset registry to ensure that the government knew
at all time exactly how much stuff you own.
Those are serious political proposals that people are trying to go push.
And I think in that world, from that point of view, Bitcoin is just so unacceptable.
It's not like there will be a split of Bitcoin.
It's that for those people, Bitcoin just should not exist.
Whereas I would say for the less extreme world, the fact that Bitcoin privacy can be, but
isn't always bad, has actually allowed Bitcoin to navigate some of the politics in ways that
things like Monero can't.
You know, Monero keeps on getting delisted on exchanges because it's too private.
Whereas Bitcoin can kind of do this weird fig leaf dance where it's like, no, no, you
can see what's on chain.
Although at the same time, I can easily just install Wasabi and get very good privacy on
my coins.
Or I can go send you with Lightning and get extremely good privacy under most threat models.
You know, if I go send you with money with Lightning, you really have no idea where it
came from.
And it's very difficult to figure that out.
But you can play the stance of, well, no, it's on the chain some of the time.
You just track it.
Yeah, but like most, like the biggest nodes in Lightning Network are being controlled
by an entity and you can put pressure on that entity not to like communicate with other.
I mean, imagine that.
But the moment that happens, people can immediately start running other Lightning nodes.
I mean, the bigger threat is not putting pressure on it.
The bigger threat is them doing surveillance of the incoming and outgoing Lightning payments
and then trying to go piece that together.
But there is so much Lightning capacity from so many entities that you can easily add modes
to Lightning wall to route around, you know, bigger entities.
Also, I mean, you know, even if I pay through, say, Bitfinex and let's suppose hypothetically
that Bitfinex has been forced or stolen all their transaction data, that's still good
privacy because the way Lightning works is it's onion routing.
So if you lose that privacy on, say, the Bitfinex node, all of the other nodes before and after
still provide privacy.
You know, it's just exceptionally difficult for attackers to attack Lightning without
putting a lot of efforts into it, which is certainly not true of on-chain Bitcoin without
CoinJoin.
Is it an attack vector on Bitcoin?
No, but it is very heavy attack vector on Bitcoin usability.
You can happily live in a poor Bitcoin economy, but at the moment it is very teeny.
And if you will actually try to live only on Bitcoin and try to make sure that your
suppliers also use only Bitcoin, you will quickly find that your life becomes unmanageable.
So unless you will be able to exchange, you or somebody in your supply chain will be able
to exchange Bitcoin into fiat to pay out for their supplies or their credit.
Tough luck.
And if exchanges will just be forced to accept only K-wasted coins.
So the only solution for Bitcoin usability to improve is within a few years drastically
increase the number of businesses that not just use Bitcoin as payment rails and immediately
sell out into dollars or euros, but that quote prices in Bitcoin and do accounting in Bitcoin
and do investment in Bitcoin.
On the bright side, we are seeing more development, like the Fediment basically has some interesting
privacy properties.
I think ARK has some interesting privacy properties.
So the game is not over.
The game is still afoot and we will continue to have people developing better options.
I got to say though, I am much more concerned about the war on cash.
Bitcoin can do its own thing.
The war on cash is the thing that has to be stopped.
And frankly, everyone in this audience, if you don't use cash to go pay regularly, I
don't respect you as a Bitcoiner.
Like that's just a fact.
If you're using credit every single day, fuck you.
The war on cash is far more important than Bitcoin.
So we have around like two minutes remaining and I would like to ask something from you.
What is your biggest fear about Bitcoin and why?
Well, I would say my biggest fear is that we don't achieve the level of scalability
that we would like to see.
There are a number of different options out there.
I think we need to keep exploring more and more.
There's this open question, obviously right now it's not even physically possible to get
a UTXO into the hands of even a hundred million, a billion people like in a meaningful timeframe.
So I think there's this open question of like, what is mass adoption actually look like?
And I'm sure we'll get to fight over that in the coming years.
My biggest fear is psyops.
So just to mention, if there would be a semi-coordinated activity between states to do something like
it was around COVID hysteria, but about Bitcoin.
So Bitcoin will be dirty, gangster money and it kills babies and everyone suddenly would
believe it.
Sorry, but people and mass are stupid and they will believe if they will be told it
24/7.
So that's my biggest fear.
Well, remember, I mean, I don't really care about Bitcoin per se as much as ability to
go and use cryptocurrencies in general.
You know, Bitcoin happens to be the biggest, don't probably remain so, but you know, if
to scale to like 10 billion people, a couple other cryptocurrencies pop up and you know,
that's fine.
But I'm much more concerned again, but we're on cash.
Like the general wars on privacy we have, that's the biggest threat to Bitcoin.
If Bitcoin scales to a billion people in like five other coins, take up the slack, whatever,
I'm not too worried about that.
That's perfectly good opportunity, but we have to be in a position politically where
that's even possible.
And if we lose ability to go pay anonymously in fiat currencies, we are so screwed.
And unfortunately that is what governments want.
Okay.
I think that the public has some questions for you.
We will have like a 15 minutes Q and A session.
So if I'm not wrong, you should be able to scan like a QR code somewhere around here
and you can ask something to Peter, Andrea and Jameson.
So yeah.
You know, it's really difficult to choose the right ones actually.
Okay.
Well, let's start from this one.
So SHA256, is it like safe in the long term?
Well nothing is safe forever, right?
Now I don't think anyone is worried about SHA256 being broken anytime in the near future,
but you know, all cryptography degrades and is eventually broken.
Yeah, I don't agree with that.
I think it's quite possible in my entire lifetime, SHA256 is never broken.
Sometimes in tech we solve problems and actually get to the limit of what is possible.
It's probably true that cryptography can exist and there's a reasonable chance we've actually
succeeded.
This is a good question because I don't know if you know about Purism, it's like a company
that is producing like security and privacy focused hardware.
And they are asking like, what about using anti-interdiction techniques similar to Purism
for shipping hardware security devices.
So you know like, imagine all the anti-interdiction features.
So to explain, I mean what they're talking about is basically ways of shipping things
in containers that are tamper evident.
Yeah, kind of.
Yeah, I mean, well the famous example is like you go put glitter on something and as it
turns out, getting glitter to recreate more glitter is really difficult.
Because glitter is very fine.
And I mean, I think that's all good.
I think the big, you know, and I certainly would say a lot of companies do not do this
right.
You know, they do really silly things like they'll say put holograms on something, but
they don't tell you on the website what the hologram should look like.
Yeah.
So someone can trivially peel it off and replace it with a different one, you never know.
So you know, Purism, I like what they're doing, but I just wish more people did it.
But I also caution people, this isn't a perfect solution.
You know, Purism, their own factories could be receiving stuff that's back door, people
can back door stuff at the factory, you know, more people should do it, but it doesn't solve
everything.
Something that they do, for example, is that they put the glitter on the SKUs.
Yep.
They take a picture, they encrypt, they save that picture and they send it to you, which
are like, they encrypt it and they send it to you by email just after you receive the
package and you can check, you know, like the, if the glitter is the same.
So yeah, I think it's cool.
It's like a paranoid, paranoia mode.
But there's a neat app for this actually called Blink Comparator, which will save an image
of something like that and you can just easily switch between the image and your camera to
see if anything's changed.
Unfortunately, that's kind of broken because like not many people actually do this, but
someone should fix this stuff and make it easy.
And I'll point out, seriously, this is actually how nuclear weapon security works in a lot
of cases.
You know, nuclear weapons are actually secured in transit using these kinds of techniques.
So do Satoshi's and Lost's UTXOs with revealed public keys pose a systemic risk for Bitcoin?
Let us pretend that quantum computers will be real in the future.
So we're talking about it already, huh?
Yeah, yeah.
I mean, if that happens, well, it's not only Satoshi's coins, really.
It's any UTXO that has ever exposed the public key.
So this is one reason why address reuse is discouraged.
But let's be honest, a lot of people reuse addresses.
I bet some of those like top 50 whale addresses that belong to exchanges and stuff have been
reused like crazy.
So a quantum computing attacker would actually probably go after them first before the like
Satoshi era coins.
What are you going to do about it though?
You know, unless it was some sort of forced upgrade that essentially breaks all of the
non quantum computing UTXOs that have public keys.
I don't know.
Well I mean, worse comes to worse.
I remember I looked up this number recently and something like at most maybe 10, 20% of
all coins in circulation appear to be lost.
And by the definition of they haven't moved for like five plus years.
Well think about it this way.
If the economics works the way we think it does, if 10% of the coins get stolen and redistributed,
the price in theory should go down on the order of 10-ish percent, 50%, something like
that, roughly.
I mean, that's happened before.
It's not really a big deal.
And if we do decide to do a soft fork to go see, you know, hold those coins in place,
well you could do that too.
I mean, you could do a soft fork that expires in 10 years.
Maybe someone will find a clever math trick to let you bypass this problem and let the
coins be spent another way.
I don't really know.
And honestly, I'm not that worried because the really important thing with all this is
that quantum computer resistance signature algorithms do appear to exist.
And Bitcoin can upgrade to new signature algorithms.
It's not that hard.
It can be done in a soft fork.
And you know, when you do that, people can move their coins on.
Of course, obviously, if an alien drops by with a quantum computer that breaks everything
tomorrow, we might be screwed, but Bitcoin might be the least of our worries.
Like everything will break.
All computer security will break all at once.
There's another question for you, Peter.
So do you see any chance to win the war on cash and how?
So if you see any chance to win the war on cash and how?
Oh, yeah.
It's a public opinion thing.
And there are countries where cash usage is actually going up.
Germany, I believe, is an example of this.
And you know, like anything, you have to go and win it with politics.
You have to go convince people this is politically important.
You know, in the U.S., gun laws are getting better decade after decade because of massive
political efforts to make gun freedoms more free.
This stuff works, at least in democratic countries.
Now, you know, if you're in China, well, I hate to tell you, but you may be screwed and
there'll be nothing that will ever work, you know.
But fortunately, most of the people in this audience are in places that are reasonably
democratic and you can play politics with this.
And the thing I always tell people is like, there's this idea that cypherpunks write code.
That's all well and good, but these things are synergistic.
Bitcoin gives us abilities so we don't have to purely rely on politics.
But Bitcoin's not perfect.
Crypto isn't perfect.
You also need to play the political game to take advantage of the gains you have here
and vice versa.
And we really need people doing both at once for all this stuff.
Be it Bitcoin, be it cash, you know, be it being allowed to have end to end encryption.
I mean, the EU would very much like, at least some elements of the EU bureaucracy would
very much like to ban end to end encryption.
And we need concerted efforts politically to make sure they don't ban it.
Because even though you can still run the code, having so fewer people use it is still
a massive loss.
And this is where I have to disagree with Peter because I'm so bearish on privacy.
I don't think the question is, how many people care about privacy?
Because you could argue that you only need like a couple percent of people to be like
advocates for Apple has end to end encryption on messaging.
And obviously people cared enough to go and install it and Apple cared enough.
So I'm bearish, but I'm not that bearish.
And I would disagree about the political part.
Once again, as you have mentioned, most of the people in this audience live in Western
democracies and Western countries are, let's say, pretty rich.
You haven't seen how politics works in countries that are poor and therefore the state is also
poor.
Meanwhile, I was involved in lawmaking since 2001 or 2002, I don't remember.
And such activity in small and not very wealthy country looks like, yes, guys, you can come
to us, you can talk, we can discuss forever, whatever you would like.
But everything was already decided and the law is already written and anything you would
like to change will be just thrown into the trash.
Well, remember, I'm from Canada.
Canada is full of immigrants who have come from terrible countries with terrible politics
and they moved to a place with better politics.
These things can change.
Often these things get a lot worse and people have some amount of choice.
It's not perfect, it's not terrible.
Sorry, my point is not that countries say everybody should move to Canada, but since
in Western democracies there is state and state makes each country less wealthy and
state can only grow, therefore even Western countries become more and more poor as time
goes.
So you will just see the same behavior from your state as time will go.
I can't agree things consistently get worse.
There are plenty of counter examples.
Let's save it for another day.
Jameson, a question for you.
Is running my own lightning node better for privacy?
Running your own lightning node?
Yeah.
Certainly.
As Peter said, there is an onion routing protocol.
This is kind of one of the unknowns.
What we do know, I believe chainalysis published something recently saying they were getting
into lightning network analysis.
We don't know what they are doing.
But it's a question of how many hops is your payment making.
So if you're -- in Peter's example, if you have a node and you're connected directly
to Bitfinex or whatever other provider and you're just sending directly to them, they
have a reasonably good idea where it's coming from, especially if it's associated with some
other account that you're using.
If you're hopping through multiple different nodes, they can only know one hop before,
one hop after.
But unfortunately, there is no perfect aspect to all of this.
If you wanted to be really paranoid, you might want to even limit incoming channels to your
node and be much more, I guess, meticulous about which nodes you connect to so that you
don't accidentally connect to a surveillance node.
A big problem with limiting incoming nodes is -- remember, plausible deniability is a
thing.
If it is known that your node accepts incoming connections, that does make it harder to go
figure out for the next hop whether or not it's you or someone else.
And in fact, you ideally want to -- if you're going to use lightning this way, you ideally
want to know that it's very busy with tons of routing going through it so there's basically
a whole lot of cover traffic.
Your KNMD sets of what transactions could be yours or could be others, the more transactions
other people send through your node, the better.
>> I think one of the unfortunate things that I and many other people have found over the
past few years is that lightning has not worked very well over Tor, especially as Tor itself
has come under attack.
So hopefully we'll see some alternatives there.
It's not great that in order to use lightning well, you're pretty much relegated to using
it over Clarinet.
>> I think there's also an educational issue here because most of the people that are opening
channels to the same and same nodes every time, we should even start telling people,
look, you don't have to open a channel to the biggest node to have a better network
reach.
You can basically achieve the same result by opening to a newer node and to a smaller
node probably.
And maybe it can help on the privacy level.
>> Of course, I do also need to point out, when chain analysis says they can do something,
I personally -- I have a funny story where I managed to speak to a CEO of a competitor
chain analysis and they were drunk enough that they admitted to me, oh, yeah, our service
is basically a fraud.
We don't actually have the ability to do all this analysis.
We're just selling it to exchanges that don't care and we're selling it to police who don't
care either because they already know who they want to arrest.
So is chain analysis like that too?
It wouldn't surprise me.
I don't know.
I don't work for them.
I don't have access to their internal data.
But it would not surprise me if they've oversold their capabilities.
There is a lawsuit -- sorry, criminal case going on right now where chain analysis is
extremely relevant and it's looking like the chain analysis data is just wrong and they
picked the wrong guy.
So we can't know the stuff for sure, but I wouldn't take what they say at face value.
Do you believe in Bitcoin-based future for all or just a niche tool for able individuals?
That's almost a scaling question, at least in my mind.
Or is it like a hyper-Bitcoinization?
When is that going to happen?
Many, many years from now.
I mean, it's not impossible, but I wouldn't say it's the most likely thing within, say,
the next 20 years.
You know, the world economy is just very big and it takes a lot to go shift that.
But could Bitcoin act as something that large numbers of people have in addition to fiat
currency?
I think that's a very likely outcome.
And we've already seen that.
You know, if you go ask a country like Canada and poll people on who owns cryptocurrencies,
I think the number is like 10-20% now, which is an enormous impact.
Well, Bitcoin future is the only one, because fiat currencies die and the state dies with
them.
We've got that going for us.
Well, guys, thanks for your participation.
I think it was a really great panel.
And yeah, thank you, Andrej and Peter.
Thank you.