This episode of Epicenter is brought to you by Microsoft Azure. Do you have an idea for a blockchain app but are worried about the time and cost it will take to develop? The new Azure Blockchain Dev Kit is a free download that brings together the tools you need to get your first app running in less than 30 minutes. Learn more at aka.ms slash epicenter. Hello and welcome to Epicenter. My name is Brian Palin Crane. And my name is Sebastian Couture. So before we get started with the episode, I just wanted to mention something briefly. There is this online conference called Decentralized Summit, it's organized by Mainframe and that's taking place on the 29th and the 30th, so January 29th and 30th. And I'm going to give a talk there, so if you're interested in that, check it out. So that's DecentralizedSummit.com, spoke a little bit about Proof of Stake and CourseOne and Cosmos. So yeah, if you want to check it out, that's there. There's also a bunch of other interesting speakers including, you know, former Epicenter guests like Vinay Gupta, Kyle Samani, Arthur Falls. So that's that there. We'll have a link to that in the show notes. Yeah, so today our guest is Jameson Lopp. If you are on Twitter and follow the crypto Twittersphere, you are probably familiar with this character. And so we talked a lot about his early days in Bitcoin, how he got involved in Bitcoin, sort of political views with regards to volunteerism or anarchy, as others like to call it. We also went in depth about his writing because he's quite a prolific writer and writes about Bitcoin and also operational security. So we talked quite a bit about his operational security and the lengths to which he goes to protect himself and his privacy and sort of his data in general. So it was a really great interview. We hope you will enjoy it. And if this sort of strikes a chord with you, if you think that operational security is something that's important to you, why don't you let us know on Twitter what you think or things that you might implement or best practices that you might implement in your own personal life to protect your operational security and protect your privacy online. So here's our interview with Jameson Lopp. We're here today with Jameson Lopp. Jameson is the CTO of a company called Casa. They provide kind of a very high-end, high-quality key storage solution. We're going to speak about that later a bit. They also have a Bitcoin lightning node. He was previously at Bitgo, so he was an early engineer at Bitgo, which of course has been providing also Bitcoin vault and storage custody solutions. And he's very well known for his writing. So he's an excellent writer. And I was actually just on a long plane ride over the weekend and I read all of your blog posts on Medium. So there's really a lot of fantastic in-depth Medium posts about Bitcoin, Bitcoin development, security aspects, but also some things like operational security and some of the crazy things that Jameson goes through to make sure his operational security is top-notch. So thanks so much for joining us today, Jameson. Pleasure to be here. Thanks for having me. I'm curious to start off. And often we ask that question, but it's always interesting to kind of hear the story of how people originally became involved in Bitcoin, learned about it, and sort of found their way in. Yeah. So I unfortunately do not remember the first time that I heard about Bitcoin. I'm sure that I heard about it several times and dismissed it several times as some new system that was going to get hacked and everybody was going to lose their money. But at some point it kept coming back. I kept reading about it on Slashdot and other tech sites. And I decided to look into it because it was not going away. And once I read the white paper, I realized that it was actually a fairly elegant computer science solution. And that's what really caught my interest and made me start wanting to dig into it more and really understand how it worked. And I was just fortunate at the time that I was working at this online marketing agency doing a lot of heavy lifting on the back end with the data analysis and whatnot. And I talked to the guy who was sitting in the cubicle next to me and I was like, hey, you know about this Bitcoin thing? And he's like, oh yeah, man, I've been writing bots to do automated arbitrage trading on exchanges between various cryptocurrencies and paid off my mortgage from doing that. And I was like, why didn't you tell me about any of this? But thankfully, he was able to answer a lot of my really basic questions about it. And then within a fairly short time period, I had surpassed even what he knew about it and kept diving down the rabbit hole and eventually created my own fork of the Bitcoin software to get more analytics and data out of it. And ultimately started a few meetup groups and after a few years, there was enough venture capital in the space that I was able to go full time. And so now I've been doing Bitcoin engineering for a good four years now. And so what was it about Bitcoin that when you heard about it was like, okay, this is something interesting. And what were kind of your political and philosophical views pre-Bitcoin? Yeah, I mean, I had never really thought about money and economics that much other than, you know, I took like an econ 101 class at university. But once I started looking into how it actually worked and the idea that you can actually represent money just with pure software and do it in a way that nobody controlled it, I realized that, you know, this is a very powerful concept and it makes sense to me because I feel like money is this abstract idea that it doesn't belong to anyone. It belongs to humanity at large. And it makes sense for something like this to be an open collaborative project. And the idea that we can actually make it an open source collaborative project was very intriguing to me and really appealed, I guess, to some of my anti-government sentiments. And so from a political standpoint, I had been all over the spectrum, was raised in a very conservative household and ended up going to a very liberal university. And so, you know, throughout my voting career, I voted conservative and then liberal. And then after realizing that like none of those parties were actually like fulfilling their promises or seem to be improving my life in any way, started going more towards the libertarian route. And it was once I got into Bitcoin and then started reading the history of the cypherpunks and the cryptoanarchist movement that spawned out of that, that really just pushed me even further down the libertarian thought process. In that vein, you did this interview with Crypto 101, which is a blog post that we'll link to in the show notes where you just said that you want to strive, that you strive to bring cryptoanarchy to the world. What does that mean exactly to you to bring cryptoanarchy to the world? So you know, the word anarchy can definitely trigger a lot of people, especially because governments use the word anarchy as a bad word, and they try to make it seem like anarchy is equivalent to chaos and violence and destruction and whatnot. But you know, a less triggering word would probably be volunteerism, or just the idea of having voluntary interactions with people. So if we're approaching it from the standpoint of we want to build a society where everyone is interacting with each other voluntarily, rather than due to threats of force or coercion from this overarching entity, such as a government, then the way that we get there is we look at all the different services that governments are providing and we ask ourselves, you know, how can you privatize these services, how can you offer them in a way that is voluntary? So that, you know, if, if I want to have my roads that I'm driving down, somebody needs to pay for them. Well, maybe the people who are using them should be paying for them. And right now, it makes sense that a lot of these services that we're paying for are done through taxes, because it's just an easier way to coordinate paying for things and actually, you know, paying for what you're using. But you know, as the technology continues to improve, then we should be able to automate a lot of these interactions and be able to have, you know, micro transactions, as we're, you know, going down the road or as we're using a service that is out there, where basically we need to decrease the cognitive load that is required to perform those interactions. So the government is basically stepping in and managing a lot of that stuff so that we don't think about it. We just have a lot of money taken out of our paychecks, and then the government deals with all the coordination. So if we can reproduce the coordination with software, preferably software that is smart enough to, you know, understand you as a user and what you want, then that's when we can actually start to conceive of replacing some of these coordination mechanisms that the government is doing with actual software mechanisms. And you know, this is a very like long term view. I don't think it's going to happen even in the next few years. But it seems to me that as we are continuing to build software that is getting better at performing these actions, then, you know, we're at least headed in the right direction. So how do you see that actually playing out? Because I grew with you on a high level, right? If you look at something like roads, then okay, you have this coordination problem and taxes kind of make sense, right? But then maybe a lot of other things you could say, okay, actually, you could easily replace it with sort of market based mechanisms. But did you, is the path you see here, do you think because of these increased technological possibilities, you know, let's say if you take like the US government, they would increasingly move in a direction like that and say, okay, we privatize and we have these kind of voluntary mechanisms instead of tax driven or do you think what's going to happen is that, you know, the fiat system is going to collapse and, you know, in its ashes, you will have the rise of these new, more anarchist structures or like, what's the path you see? I certainly don't think it's gonna all happen at once that there, you know, will be these gradual evolutions and it certainly seems less likely that it's going to be a major collapse of like United States or Europe or whatever. But rather, what I think is more interesting is watching some of the smaller countries or the more mismanaged countries and as they collapse, you know, those could be test beds that are rife for adoption of technology like this. So I know a lot of people talk about like Venezuela and their hyperinflation and how Bitcoin could help people in that situation potentially a lot more than those of us who are fairly comfortable in first world countries. The same thing may be true for any other types of services and technologies that can replace various like government functions. How is it going to happen? I mean, that's kind of where you have to wave your hands and say, well, if we believe in the free market, then entrepreneurs are going to come in and, you know, find opportunities where a government is not doing a good job providing services and basically offer these new high-tech versions for people. And that's where adoption would have to happen, I think, of places where the new methodology for coordinating stuff is superior to what is already in place with governments. So, you know, if that happens and is successful over a long term, then perhaps the technology technologies will evolve to a point that they can provide even better services than first world countries. Not to get into any political discussions about the current state of the U.S. government, but what does the current government shutdown, I believe it's still going on, tell you about the possibility or impossibility of this to happen? Yeah, well, the U.S. government shutdown, I think, ended a couple of days ago, but it's only a temporary suspension. They're funding the government for another three weeks and then it might shut down again. And you know, I think it's interesting to see, at least in the United States, we continue to polarize politics more and more, I think, at least in part due to the result of media and communications technology, and that has, it seems to me, resulted in even greater levels of gridlock so that it's even more and more difficult to actually get things done from a political sense and that it seems like these nation states are kind of floundering in what they can do. So that could provide, you know, more opportunity for these other types of technologies to step in. But I don't know, I don't even really participate in politics anymore. I don't vote both for operational security reasons and because I think it's a waste of my time. I mean, I think that it's a better use of my own resources to focus on these systems that I hope over the long term can replace a lot of the functions of the government. Well, if it's any lesson, I think Belgium didn't have a government for, what, like, two years or maybe more at some point in the early 2010s. And there were, I don't think there were very many sort of voluntary or anarchic style systems to emerge from that. I mean, I was living right on the border of Belgium at that time, it didn't seem like that was going on there. Maybe that's because they were too busy drinking beer and having French fries or Belgian fries for that matter. So since you became involved in Bitcoin, did you have any periods of doubt where, you know, you were doubtful about the future of the project and if so, in what way? Sure. I mean, we've been through a number of hype cycles and FUD cycles and, you know, Bitcoin is going to die for this reason or that reason. The greatest doubts were probably in the early days of the scaling debate when it seemed like we had a great opportunity in front of us to just increase block sizes and allow more throughput on the network, allow more use cases and whatnot. And there were times when I thought that, you know, there were some pretty big groundswells of support for that. And, you know, we were looking at statistics like, you know, mining hash rate and stuff and it looked like, oh, it's, you know, it's sure to go through. And then, you know, there were a number of surprises along the way that basically showed that, you know, statistics are not necessarily indicative of what is going to happen. And there were also, you know, the whole censorship and moderation debate, the thing has got fairly nasty there. I mean, I even, I think I had some posts and comments and stuff that got removed from Reddit and pissed me off and I went and became a moderator of the Bitcoin XT subreddit because we were the censorship free subreddit. But you know, after moderating that for six or 12 months, I gave it up because it became clear to me that unmoderated forums are pretty terrible places and you don't really get a whole lot of signal through the noise. But I never lost enough hope that I wanted to stop working on the project. You know, this all happened basically after I had gone full time and was working at BitGo. You know, even within BitGo, we had a number of arguments about like where the direction of Bitcoin was going to go and what different people wanted to see out of it. But ultimately, you know, even though there was a lot of frustration and periods of doubt, I got to the point where I basically figured that, you know, so many people are spending so much time and resources arguing about what's going to happen to the system, then it's probably not an indication that it's going to fail. It's actually an indication that there are a lot of people who are dedicated to maintaining and improving the system. And we just have slightly different beliefs about like what the best way to go about that is and what the tradeoffs are that we're willing to make. But ultimately, out of that many years of debate, my conclusion was that Bitcoin can't actually die unless we all agree that it's dead, unless we agree that we no longer want to work on it and try to improve it. And so that's why I think that really the biggest threat to Bitcoin is just apathy. It's not, you know, 51% attacks or nation-states and regulations or any of the other million reasons that you'll find people who have written articles about why Bitcoin is going to die this time. Really, I think Bitcoin can only die if it becomes super boring and nobody wants to work on it anymore. And so you think it's not, let's say 51% attack, nation-states 51% attack, because you think if people still care about Bitcoin, then they'll, I don't know, hard fork to a different proof of work or something like that, or? Yeah, yeah. I mean, ultimately, any technical failure or bug or anything that gets exploited at a technical level, if that causes the system to cease to be functional and operational, then that means that we have to fall back to the foundation, which is human consensus. So all of the stuff, the code, the protocol, the network, the hardware that's running nodes and miners and whatnot, all of that stuff is really just running machine consensus. And machine consensus is just our best guess, our best representation at trying to turn human consensus into code. But this is what I think the ultimate challenge is, is figuring out what the human consensus is for what Bitcoin should be. And that starts to get more philosophical and go down the path that I went into great depth of with my article that I entitled Nobody Understands Bitcoin, where I was really just trying to describe this vague concept that is floating out there of what Bitcoin is and how developers and other people in the ecosystem who spend a lot of time talking about Bitcoin, they're kind of like poking at that, they're trying to read the shape of what this actual consensus for Bitcoin is, but nobody can actually completely grab it because it is dispersed amongst all of the people who are participating in the system. Let's say we think that 10 years ahead, where would you like to see Bitcoin and what would you like it to be? Because I mean, I think you correctly point out that there's these different conceptions. If you read the white paper, it talks about electronic cash. In recent years, this idea of digital gold has become more prevalent. Maybe some people like the idea that it will be some sort of basis for trustless computing and maybe those kind of things, even though now they probably get built more in Ethereum or other networks, maybe in the future, Bitcoin could also be that or like payment, there's so many different things. What is your thing you'd most like to see Bitcoin evolve into? I think that I summed up a lot of that in another article I wrote about Bitcoin being this trust anchor. I am a technologist and ultimately I see Bitcoin and then the blockchain that's underneath it as a new type of database. We just happen to have a new set of rules and protocol around how that database gets replicated and how we append new data to the database. From that standpoint, I do think that there is more to it than just money. I think that what we're trying to do is create this global record of truth or at least authoritative record that has no authority behind it. You can definitely expend more resources to building on top of it than just for money and finance. Basically any data that you want to become part of this authoritative record, you can put it in there. The question just becomes if you're moving beyond the simple accounting ledger that the Bitcoin protocol supplies, you have to basically create your own protocol, your own new consensus for whatever that extension is. Whether that is some sort of layer two network or a side chain that is pegged to Bitcoin or extension blocks or whatever, there's potentially limitless number of ways to do this. It's really limited by our own creativity, imagination, technical engineering skills and our ability to convince other people to actually agree with us to use whatever we build on top of it is. From that standpoint, I do think that more complex systems, smart contract type stuff, better privacy is definitely possible by anchoring into Bitcoin and not necessarily having to change the Bitcoin protocol itself. I want to see a lot of people continue to experiment with this. What is the most recent one? I guess VeraBlock is an interesting new one where they're anchoring a lot of stuff into the Bitcoin blockchain to make use of the proof of work. It's not quite clear to me how many different systems might get built on top of that, but it is this blossoming of experimentation and a lot of them will fail. Eventually any type of system that is being built on the internet and is meant to be some sort of global system with a data state that is backing whatever you're doing interacting with that system, it could potentially benefit from using Bitcoin as an anchoring mechanism. It's really broad, really general, even if we're looking at smart contracting systems like Ethereum or EOS or whatnot. I think a good example is actually like RSK where they're kind of blending. They're taking that smart contracting language from Ethereum and they've created this side chain that is pegged to Bitcoin so you can kind of have the best of both worlds. Whether or not that ends up being highly adopted, nobody knows, but that's the type of experimentation that I like to see and just want to continue to see more systems get secured by these global consensus mechanisms because it's going to make them more robust against various types of attacks. Are you kind of like Bitcoin maximalist in this regard that you think Bitcoin is the correct foundation for this as opposed to having maybe other chains or proof of stake? Right now, for the most part, maybe you can build some sort of smart contract thing on Bitcoin, but hardly anybody does it. This is like 99% of the activity is on Ethereum or other types of new chains. Do you think those will migrate more towards building on Bitcoin? It's going to require a number of things. I think that there are people in the Bitcoin ecosystem who are interested in smart contracts and they simply don't like the way that Ethereum went about doing it. There's this big clash between the idea of execution versus verification and so a lot of the more conservative Bitcoin developers don't like having smart contracts that have to get executed by everyone on the network. They rather want to perform the same type of logic, but where the actual execution happens privately and then you're just providing a proof of the execution that the rest of the world can verify. So from that standpoint, we are seeing stuff like Merkleized Abstract Syntax Trees and Taproot and the Simplicity smart contracting language, which I would argue those are the things that some of these Bitcoin developers who are interested in smart contracts are trying to build their Bitcoin version of more expressive smart contracts. Now, how long is it going to take before that becomes a thing that is as easy for a newbie developer to use as like Solidity or Viper or whatever on Ethereum is once again up in the air. It seems like the space of advancements with the Bitcoin base protocol is a lot more measured and slower than a lot of other chains for a number of reasons, but I generally call it like conservatism or you could even think of it as like almost like aerospace engineering level of thinking through all the edge cases and testing stuff and not wanting to deploy anything unless everybody's close to 100% confident about it. But would you say that perhaps this conservatism and this time that it may take for these platforms to emerge and become stable might cause a situation where people build applications on Ethereum because it's easy and you have sort of a concentration of developers there and people already building on those systems and where it just becomes the switching cost, it just becomes way too high and where interactions between the two systems just don't exist or are complicated where in the end it might not come to fruition that Bitcoin would become this system where one can build complex applications. I don't know about switching costs, but it's really more of like a network effect growth. I think the argument for creating almost any alternative system to Bitcoin is that you have a lot more flexibility in what you can do and changes and evolve it. So you potentially have a better chance of growing faster than Bitcoin exceeding its network effects and becoming the dominant system or what have you. That seems to be basically true for almost any crypto asset network out there is that it's usually because some set of people or developers wants to do some things that were pretty clearly not going to get accepted into the Bitcoin based protocol and they would feel like it would be easier for them to create their own new consensus around a shared set of objectives and roadmap and what have you. That's why competition is great. I think one of the big pushbacks to the maximalism thought is I see a lot of people saying, well, you're maximalism is pushing for like a monoculture and I think that that's kind of a misunderstanding of at least what most Bitcoin maximalists think. I don't think any of them are diluted to the point that they don't think that other systems will exist. I think that it's more about looking at the ways that network effects evolve and first mover advantages, the value of networks and how they are distributed where generally the vast majority of value between competing networks will go to one network and then the other networks will just be a lot smaller. But these tend to be I think more economic type of thoughts of how these types of systems tend to play out rather than a blind belief that Bitcoin was first and it must be the best and will never be superseded, yada, yada, yada. There's definitely plenty of potential for other systems to get greater adoption and surpass Bitcoin or somehow be order of magnitude more utilitarian than Bitcoin is and therefore supersede its network effects. I don't think that anything is set in stone for sure. There's going to be a lot of competition for the foreseeable future. This episode of Epicenter is brought to you by Microsoft and the Azure Blockchain Workbench. Getting your blockchain from the whiteboard to production can be a big undertaking and something as simple as connecting your blockchain to IoT devices or existing ERP systems is a project in itself. Well, the folks at Microsoft have you covered. You already know about the Azure Blockchain Workbench and how easy it makes bootstrapping your blockchain network pre-configured with all the cloud services you need for your enterprise app. Their new development kit is the IFTTT for blockchains. Suppose you want to collect data from someone in a remote location via SMS and half that data packaged in a transaction for your hyperledger fabric blockchain. The development kit allows you to build this integration in just a few steps in a simple drag and drop interface. Here's another great example. Perhaps you're an institution working with Ethereum and rely on CSV files sent by email. One click in the dev kit and you can parse these files and have the data embedded in transactions. Whatever you're working with, the dev kit can read, transform, and act on the data. To learn more and to build your first application in less than 30 minutes, visit aka.ms slash epicenter and be sure to follow them on Twitter at MSFT blockchain. We'd like to thank Microsoft and Azure for their support of Epicenter. You wrote this great post on Medium looking at Bitcoin in 2018 and sort of drawing the picture of what unfolded over the year and in that post were a lot of really in-depth statistics on everything from transaction volume to number of times Bitcoin has been declared dead over the years. So I really encourage people to look at that post. We'll have it on our show notes. What stands out most for you in 2018? What were the sort of flagship things that we can look at as standing out for this past year? Well, I think the biggest thing that also surprised a lot of people was the growth of the Lightning Network and how quickly people were adopting it despite it still being fairly risky to do so. This is even true with my own company and the Lightning nodes that we've been shipping out there. There are still plenty of unresolved issues from a security and usability standpoints where the Lightning Network still has years worth of development ahead of it before I think it will become something that is capable of really being a mainstream payment network. But nevertheless, the enthusiasm for that probably at least partially after years of stalemate with the scaling debate and people being excited about actually having something new to do, a lot of people have just been plugging in and experimenting with it and as a result finding issues, breaking things, which is how it evolves. We push the envelope, we find problems, and then we fix them. This has certainly been my experience over the past year with learning more about Lightning Network and having some close calls with losing money and blowing up my nodes and stuff. It's actually the basis for one of my newest talks that I've been going around which is basically entitled The Bitcoin Decade and Failing Forward. Once again looking at the history of this space, there have been innumerable failures over the years and actually I think like Andreas Antonopoulos did a really good talk a few years ago, it was his Bubble Boy and Sewer Rat talk where he talked about how these anti-fragile networks continue to evolve over time. The internet itself is a similar type of story and that's why I think once again that apathy is what is going to kill this thing. As long as people are still interested in it, they're still putting their time and resources into using it and experimenting, building, and breaking, that's how the technology continues to improve and that's how we slowly but surely get to that next tier and then the next tier and the next tier of adoption. I remember we did podcasts 2015 I think, or maybe it was beginning of 2016 and it was like okay Lightning is four months away and it's going to be used and now it's taking much longer. I think last year there was a significant amount of activity but at the same time it seems all like the kind of activity you were talking about. People are saying oh this is cool, I want to try it out, play with it, test it but it's not really people using it yet for commerce, the mainstream wallets haven't adopted it. So do you feel like this is just an inevitable thing and it's going to take some time but it's going to happen or do you still see major risks and a big probability that maybe Lightning Network is actually never going to reach the point where it's going to be mainstream capable? Well it currently seems to be the inevitable path because that's what a lot of people are focusing on. With regards to the capability of going mainstream I would say that there are still a lot of questions out there, there are things that need to be built and improved upon but I would say that one of the biggest open questions is mostly going to be around liquidity management. Not necessarily the technical side of the network but the financial side of how do we build tools that make it easy for people to manage the liquidity on the network and specifically manage the balance of the channels on the network. I think that the first article that I wrote about Lightning Network was around early 2015 and that was really one of the biggest problems that I was talking about back then as well is trying to model what the economic issues are going to be with the network and as we've had a lot more people actually experimenting and building out the real networks now we're actually getting data where we can better understand how this new network works and so from a protocol standpoint that's where things like the autopilot functionality that the L&D devs are working on is important. The autopilot functionality that exists right now is not great. A human who is being careful about their channel management can do a lot better than what the autopilot is doing but this is one of the things where we need more data in order to figure out what the best way of managing the channels is and that's just like at a micro level then the next question becomes what are the macro economic issues and I also talked about a few of those problems in my article but one of my conclusions was that in order for liquidity at a macro scale on the network to be more sustainable I think it'll be extremely important that we have exchanges that get tied into the Lightning Network so that you can basically rebalance channels easily sort of without a band payments through exchanges. So lots of open questions for sure that is there's a lot of work ahead of us. I think that at least from a general standpoint that you know this type of layered protocol engineering does make sense it's the same way that the internet itself was scaled with various layers of technologies so I certainly don't believe any of the FUD that people are putting out there of saying that it results in like inherent centralization and fractional reserve banking and all this other stuff but that's not to say we're doing something that has never really been done before so you're going to come down to I think the level of dedication that people are going to put into trying to solve the hard problems. We also wrote this post recently about who controls Bitcoin and in it you describe the history of Bitcoin core development and who has maintained the repos over the years and also describe the different layers of security and the different layers of decentralization all the way from you know when someone issues a pull request to a fork being adopted or something of that nature you know it was a great post also I want to mention so why did you want to write about this why did you feel it was important for you to write about this? Yeah I would say probably the majority of the long-form blog posts that I write are fairly self-serving because I tend to write about things after I have received a question numerous times and I find myself repeating myself basically of trying to explain a complex topic and so then a lot of times I'll just say you know what I'm going to write it once really really well and then in the future I just send that link you know whenever somebody asks the question so this question of like does Bitcoin core as a group control the protocol itself of Bitcoin is something that has been coming up at least ever since the scaling debate started and we started seeing alternative Bitcoin implementations that were created specifically for the purpose of forking away from Bitcoin core in their process and it's very difficult to convince people of because of what a complex process it is though if I had to sum it all up you know it basically comes down to the fact that Bitcoin core can't force anybody to run their software but even behind the scenes there are so many other security considerations and processes in place to ensure the integrity of the code just to you know try to minimize the trust within Bitcoin core itself as an organization that you know we want it to be as verifiable as possible and as difficult as possible for anyone to inject bad code in there ultimately you know this doesn't address I guess governance issues of you know well what if I have an idea that will make Bitcoin so much greater and the Bitcoin core development process rejects it you know that is ultimately going to come down to the way that any open source software works which is you know you have voice and exit as your two main options and if you can't voice your opinion to the point that you can convince others to change the software repository that is being used by most people then you have to fork your own and try to build you know new level of human consensus around that but the main thing that I guess I was trying to get at is that you know Bitcoin core is just a name the fact that it happens to use this specific GitHub repository is also not that particularly important once again it comes down to this kind of vague hand wavy concepts of early we were talking about well what is Bitcoin what is the human consensus for Bitcoin it's something that's out there you know in the ether and we're all trying to understand what it is so that we can turn it into code and it's kind of the same thing for the main reference implementation for that code this sort of focal point of development there is no authority that forces the focal point to be in one GitHub repository or forces it to be managed by certain people that that focal point has changed names over the years it has changed platforms of where the repository is over the years and it can there's nothing really preventing it from changing again if the human consensus occurs to change it and you know there's plenty of reasons why that might happen and you know this is once again this sort of the voluntary interactions of this anarchic system can be very frustrating to people who like to have you know hard and fast decisions made about things and when we get into like stalemate situations where the default in these systems is is basically no or veto you know if if people don't make a conscious effort then usually the default is no action that's when people get really frustrated and that's when drama happens or people start forking off and trying to build new consensus and that ultimately I think that is the way that the governance of these systems is meant to work it's just a completely new model that people are not very familiar with and can can result in frustration and people getting upset I really like this notion of focal point that used quite a bit in the article and I think one thing that this article a few things that I learned from this article one it kind of opened my mind to this this idea that these focal points exist in just about every form of organization in our society and and the other also is that well I kind of realized that Bitcoin is a lot less centralized than I thought it was previously it feels much more decentralized now that I sort of understand the different layers and fail safes that are in place in order to protect you know the repository but also the network I mean committing to the GitHub repo ultimately doesn't doesn't signal very much in terms of the direction of the network so I encourage people to read the post in detail compared to other GitHub repositories or other software repositories open source software projects does Bitcoin fall in the norm in terms of implementing all these fail safes and the signatures and the verifications and whatnot or is this really an outlier I think that it's an outlier you know I don't even have enough time to do that same level of research on all of the other repositories but you know even you know I have looked at like some of the other the forks of Bitcoin core and and their processes and I've you know some of them at least do like you know GPG signed code commits but none of them seem to have that same level of like automated infrastructure and integrity checks set up really what you find with a lot of projects is that it's like one or two developers that pretty much control everything and that's that's usually just due to the like lack of size and interest in that particular project another particularly interesting thing that I find is like which which node implementations have automatic update mechanisms built into them there's actually something that I ran into recently where I was trying to update one of our parity nodes and I downloaded the new binary for it and was checking the version from the RPC output and for some reason the version wasn't changing and it took me like half an hour to figure out that basically you know parity had this automatic update functionality and it was you know under the hood even though I was running a different binary it was it actually had some other binary on the back end that it was running in place you know that that's just kind of like weird stuff where it makes sense for a lot of software to automatically update you know that it decreases the cognitive load of the users of having to to keep looking for updates on their own but it definitely changes the the security model when you're you're trying to run this independent distributed network so I am glad you you know we speak a bit about this process of like okay how bitcoin is is updated and managed in this and I agree I was impressed just like how much thought and levels of control and you know having automated tools to check you know all of the commits ever made in the cryptographic signatures etc etc you know it's such a thorough thing that has been built up over so many years and I recently heard this interview with some investment advisor right and so he was asked about what do you think of bitcoin and he was like well you know you have so many cryptocurrencies and you know blockchain is interesting but you know the issue is it's open source and somebody can take it and you know they can improve it and you know why would the first version have been the best why wouldn't somebody be able to go and say hey I'm changing something on bitcoin now it's better and then if you invest in bitcoin how would you ever be sure that not it's going to be replaced and of course it could happen but I think there's also just points to there's so much infrastructure that's been built and so much really such a level of quality and optimization and processes and automation and checks and assurances and you're replicating that is so hard and not just for the repository though what I think a lot of people don't realize is the magnitude of the infrastructure across the entire ecosystem and this is something that I ran into when I was at BitGo and you know we were running basically enterprise wallet API's that were used by exchanges and payment processors and and other various merchants and you know once once the like all of these bitcoin fork started happening and once like the real like explosion of tokens and stuff happened in 2017 it created a huge engineering workload for anyone who is working in this space because in order to add support for these things like even if if we're talking about like forks that are very almost identical to bitcoin or if we're talking about like erc20 tokens that are all very very similar the ability to add support for new ones is it's a lot more than just a copy paste operation like you you have this entire infrastructure stack that has to be replicated and then slightly modified and then have all of your new alerts and all of your other management systems running on that infrastructure stack and it's it's a lot more difficult to get this entire distributed ecosystem with all of their own infrastructure to to basically spool up entirely new systems to support you know whatever your new bitcoin 2.0 is it's uh it's it's it is that power of network effects yeah and of course network effects bring us to an interesting question because the other big cryptocurrency or kind of blockchain network that has you know strong network effects of course is ethereum what is your stance on ethereum like what do you think of it uh let's see i've i've written a few articles about it ethereum in particular gave me a lot of of grief as an infrastructure engineer especially you know during the i guess the crypto kitties period or whatever you want to call it you know during late 2017 the the the last big run-up where a lot of crypto networks were seeing high adoption rates and and basically running into their own technical limitations of what they could process on the network and you know as an infrastructure engineer at bitgo i was running quite a few different nodes you know we were supporting bitcoin and bitcoin cash and bitcoin gold and ethereum and several erc 20 tokens and ripple and probably a few other things i don't even remember and during that period when when a lot of adoption was happening i i found that it was the ethereum nodes and the ripple nodes that were having the the biggest problems from an infrastructure standpoint the the bitcoin nodes never had any performance issues with them but of course there were plenty of issues on the network at large just due to like throughput capabilities and you know resulting downstream usability problems for people that were trying to make transactions on these networks but um my my my main problems with with ripple and ethereum was that the they were really really disc io intensive compared to the bitcoin and its derivatives and if i had to speculate then i imagine at least for ethereum that is because of all of the the state changes where you know when you're executing all of these smart contracts it's having to go look up a lot of data and do disk reads and from what i've seen the geth and probably also parity developers have have made some pretty good progress since that time of you know reducing the disk io requirements but um this is one of those things where these these networks they have to get stress tested in order for you to find the the limits of what they're capable of doing and then you know you you find the bottlenecks you try to fix the bottlenecks as much as possible and then you continue forward until the system gets adopted to the level enough that you find new bottlenecks and you know that's the way that that pretty much all of these things are going to have to continue to evolve and i think that what a lot of people are arguing about when they talk about like long-term adoption and technical capabilities is that they're trying to argue about like foreseeing bottlenecks far in the future which i don't think that's really possible bottlenecks are often surprises and it's generally hard to predict them unless you're you know doing a lot of diligence of basically you know creating your own networks and running a lot of stress tests on them which as far as i can tell there aren't many people that are doing that these days maybe one one more question on on the ethereum versus bitcoin side and where i think we have a big difference so we spoke a little bit about the processes around bitcoin and those processes revolve a lot around bitcoin core and you know bitcoin core is kind of very sophisticated in like making sure you know changes are safe and of course in bitcoin right bitcoin core is this reference implementation and all of the miners basically run bitcoin core or some kind of like you know basically that software and now in ethereum we have a specification and then we have multiple clients right so there's parity and geth that i think are the most popular ones and then i think those are you know much less decentralized you know parity i think is you know basically by parity the company you know and and i'm sure there's some external contributors but you know probably not too many and then geth is mostly the ethereum foundation and you know again they're probably external contributors but you know it's kind of so but then you have some process where they have to coordinate you know and and kind of make sure that the changes they make actually align and don't end up splitting the network so what do you think are the kind of pros and cons of that approach versus bitcoins yeah there have been some very interesting debates around you know specifications and you know what is the specification for for bitcoin and people generally say well the specification is the code in the reference implementation i don't fully agree with that either i mean i think that it gets you most of the way there but then you know with ethereum actually having a written down specification that that can certainly help and i know that there was at least one case probably a few cases where one ethereum node implementation had a bug and you know when they went and they looked at that implementation versus the other implementations it was pretty clear that you know that implementation was not following the specification but i think ultimately the question is you know what is the specification for any of these things and i kind of have to fall back to my my hand wavy thing of like what is bitcoin or what is ethereum what is any public permissionless protocol while you can definitely write down the rules of what is in the code it does a pretty good job of allowing you to understand the machine specification i still believe that it's not really possible to write down the human consensus for specification ultimately i mean you can write you can write down whatever you want and you can go about you know trying to find human consensus in a number of different ways but there's there's no guarantee that you're going to get that right and you know unforeseen things can happen you know i guess a kind of good example at least with ethereum you know they had the dowell fork and i i don't recall but i you know i don't believe that like re-entrancy or or whatnot was like a hard part of the specification there it really became more of a philosophical question around you know specification of the code versus actual intent of the code you know once we get away from this machine this cold-hearted machine specification we start talking about human intent and you know what it is that we really want that's when i think we get more towards this vague hand wavy notion that the the actual consensus for what any of these public permissionless networks is is is just it's kind of out there um and it's hard to actually formalize so tldr it can certainly help in a few situations but i don't think that you can fully formalize any of these things because you know it's it's it's what's up in here except it's distributed amongst thousands if not millions of people you also wrote another blog post describing your i guess your operational security protocol or process or whatever you want to call it and and this was something that really struck a chord with me because it's something that i've been really trying to get a handle on as well in my own personal life but the level at which you seem to have gone to to protect your yourself your data and presumably your family is is at a level that i never would have imagined someone could go to you really try to protect themselves while remaining a public figure now without maybe spending a lot of time on why you decided to do this which people can read about and that is probably because you were swatted in 2017 i believe you know why did you feel that you needed to go to these lengths to to protect yourself well the the biggest issue which i think i talk about near the beginning of my my very long post of what i did the the biggest issue is that you don't know what might become an issue it's you know in the the internet age now we have the ability to to easily reach millions if not hundreds of millions if not billions of people with a single tweet for example and there are a number of of examples out there where people have unintentionally said something you know on social media that triggered a horde of people as a result and within that horde of people there might be one or two imbalanced people or people who have you know mental issues or they don't know where the line is and they're willing to go to an extreme length to try to harm you in some way or at least to to make you afraid and so i think that that's kind of what happened to me is i went from having you know a thousand followers on twitter and most people not really caring what i said to having you know close to 200,000 followers and now if if i say something that offends someone or that you know might be against someone's financial interests because they hold a certain crypto asset then they might feel compelled to try to do something to to hurt me or to to make me afraid or you know in the case of the swatting they were trying to extort me though they didn't do a very good job at the extortion so it's from my perspective trying to like look at where i am now and then think well i should probably be conservative and assume that it might get like an order of magnitude worse so i should try to improve my security and privacy to the point that someone who might expend an order of magnitude or more resources trying to find me or hurt me or whatever because you can't put that protection in place retroactively or at least if you do you have to do what i did and basically burn your old life and start all over and that's very difficult for most people to do so it's it's a lot easier to have the the privacy and security up front like way more than you think you need in case there is an attacker because you know if an attacker succeeds then the consequences are probably going to be you know more devastating than whatever resources you put into the defenses up front if you're trying to be proactive about it what do you think are the trade-offs of having such rigid operational security because i mean i've implemented a few things in my life one of the things is i'm working to get off google completely and off most social networks and you know the trade-offs are that you know once in a while i need to do a little bit of more searching you know to find like the closest restaurant that i'm looking for or something like that but in your case this seems to be a lot more it seems to be a lot more of a burden or at least i would assume how have you found it's impacted your life yeah i mean the the trade-offs mostly occur when it comes to like physical real world interactions of stuff so on the extreme case no one in my like physical proximity or no one that i interact with physically where i am now actually knows who i am they don't know my real name they don't know what i do they just know that i'm a programmer i'm a boring old programmer we don't have to talk too much about you know what i'm actually doing because you don't want to hear it and so you know that that can affect you know your like real world social life basically is that i consider most of my my real friends that i share interests with are on the internet or you know they're remote there i no longer have friends with shared interests who are like in my physical location i do have friends you know that i've made that you know we can do things together and and have fun activities and play games and you know entertain ourselves and whatnot but it's not not in the you know crypto or privacy sphere of shared interest so it's it's kind of like living a double life almost and sometimes that feels kind of like you know james bond spy type stuff and other times it's just plain annoying you know having to like drive around like to if i want to pick up my my mail i have to drive fairly far to go to a private mailbox if i want to do anything that like requires a membership where they're going to id me or whatever then i'm probably going to have to drive pretty far because i i don't want you know my name and any databases that are tied to a location so it can definitely be inconvenient in quite a few different ways but on the other hand thankfully there are a lot of services out there these days that allow you to to sign up uh pseudonymously so that has been helpful for a few things but um for the ones for the things that don't um that is where it's become a lot more expensive and um you know hiding my real identity will tend to like involve lawyers who charge me a lot of money to basically act as a proxy on my behalf wow that's pretty mind-blowing so like actually like let's say your neighbors and stuff like that they don't know your real name they know but i mean that seems to be tricky especially with your you know pretty big public profile i mean the chance that somebody i don't know listens to this podcast or sees you on twitter or something and then it was like hey isn't that the guy that you know i have this other name for like that seems like a high risk no well i guess i'm not actually a celebrity uh you know i've only ever been recognized out in public one time and i think that that was mostly due to the the beard i had at the time but other than that most of the time when i'm out and about i i keep it pretty low key and i just you know look like another guy so uh you know if i ever got to like real celebrity status level then hopefully that would mean like bitcoin has done so well that i can buy my private island or something i had this conversation with someone over the weekend where we're talking about privacy not so much personal opsec but more on the privacy side and you know at the beginning of your blog post you say uh some of the effects of you know most people would look at this and say well i have nothing to hide or i'm not you know such a high profile person why would someone want to attack me or steal my identity and people often say this to me and and i'm not really quite sure what to respond i guess one of the things is of course you know we don't really know what artificial intelligence and this sort of thing can could you know is capable of in the future with the data that has accumulated on you what do you normally tell people what's your sort of way to convince people that having good operational security you know keeping your privacy matters sort of like under wraps and also being careful about like your data and what you share with whom and what companies what's your what's your way to convince people i guess so that's a good idea yeah yeah uh so it's like i said it's kind of like the um spoonful of of proactive measures is worth a um uh i guess a pound of of of trying to fix things up um it's because we know there are a few things that we know um one of those is that information wants to be free and um basically any any service that you give your data to over a long enough period of time it's almost inevitable that that data is going to leak it might leak due to you know what we've seen with facebook of like partnerships and accidentally allowing partners to see data and and then those partners might leak it in other ways or it might leak because they get exploited somehow and someone managed to manage to get like a big data dump and put it for sale out on the darknet but um that's uh the first thing that i try to tell people you know um at the very least you might want to worry about identity theft because that's so common at least in the united states but then you know from more of the like actual physical security and and operational side of things uh you don't know who you might piss off and uh especially if you're active on social media um it's just not possible to fully comprehend like the thought processes of everybody else out there who's on the internet who might read or hear something that you say and then what they might do as a result and so i believe that the vast majority of people are you know quote unquote good moral people you know who will not harm others to help themselves in most situations but it's pretty clear that there are a small number of people out there who have you know sociopathic tendencies or who will do things that we generally consider to be immoral and and that's that's you know what i'm worried about and and and for me that's because my audience size and my reach has grown to the point that there are a non-negligible number of those people who are likely to come across what i'm saying and you know get triggered by it but um while while the likelihood of something like that happening for the average person is probably lower uh you never know and so it's just like a it's a form of insurance against a somewhat unlikely but still possible event that uh it's uh it's like the justine sacco lady that i had in my post where uh you know she made one bad tweet and as a result it uh it impacted her career and her life and uh you know her reputation is basically ruined at this point yeah i think this this fear of escalation is is very is a very kind of us-centric type of idea where like i think in the u.s. people will protect will want to protect themselves in part because of this fear of escalation whereas in europe people would want to protect themselves more as a preventative measure against you know companies that might misuse their data or data leaks or this sort of thing like i feel like if if i think here in in europe at least like fear of escalation is quite low i don't think people will have much of a fear that like you know they might say something on twitter that will piss someone off to the extent that they might might get physically harmed or threatened or something like that i mean the the one thing that stands out to me so you know twitter sure right people get i mean one of the things that i have found striking right like often you have people on twitter and i think in the crypto space is very common who just seem like horrible people on twitter right they're like so aggressive and like totally and then i met some of these people in real life and they're like this huge difference like oh this is actually like nice reasonable person uh or seemingly like that so i like i i think that scenario personally it doesn't seem i mean i could see it happen but i don't find it so concerning but then the scenario and i think you've talked about that too right of basically people saying okay let's target crypto users and go in and try to extort them or steal uh their funds uh and and i remember reading a while ago there was some guy in norway who was i think doing some bitcoin trading and you know somebody went in to his house and tried to steal the bitcoins and then he killed the guy so i think that kind of thing yeah dozens dozens of those incidents and in fact we just saw a guy tweeting earlier today about his friend in oman i believe was physically robbed and assaulted and then i saw another piece of news pop up about someone actually being murdered in japan after meeting someone at a bitcoin meetup trying to find like more source material on that but um you know that's a part of the the problem i guess with being an early adopter in this space is that it's it's a it's kind of a paradox where it's it's not a good idea to talk about like money and wealth and assets but we also have a incentive to talk about these networks because we want them to grow we want to get more people to come into the networks and expend their own resources to build the networks and evolve them and so as soon as you start talking about being interested in these things then you've created a point in time where an attacker might go back and look at your history and say oh they've been talking about you know bitcoin since 2010 or ethereum since 2015 or whatever and and then you know the attacker starts extrapolating well you know they could have you know this many millions of dollars and they probably don't have bank level security so you know if i'm weighing my options of where i get some easy money you know do i rob a bank or do i go find this crypto person who probably has a bunch of money you know under their mattress in a hardware wallet and i just need the five dollar wrench attack and so that is one thing specific to i guess people who are in the crypto space is that you know we're we're talking about these highly liquid bearer assets and if if you are going to go down the path of being your own bank you have to actually understand everything that is involved in being your own bank so i guess just before we're about maybe we can briefly talk about something that ties in very nicely here so the company that you're cto of kasa is that you know you you're building basically this sort of custody self-custody solution for bitcoin is that's also presumably one of the you know scenarios that you try to protect against like this five dollar wrench attack or can you talk a little bit about like what this product looks like yeah so that the first service that that we started offering at kasa is the key master service which is basically a vault product it's a three out of five multi-sig bitcoin wallet and what's different about this wallet there's a few things one is that it is mostly backed by hardware devices and we support off-the-shelf hardware devices like trezor and ledger and the the premise is that it's not only multi-sig it's multi-device and multi-location so we're building in a level of redundancy and robustness and minimizing any single points of failure to every aspect of the system that we can in order to protect not only against theft but also against loss and and when i say loss i generally mean you know something happening where the user screws up and they can no longer access their keys and and basically poof all the money is gone but nobody has stolen it in my experience and in from some of the analysis that has been done like by chain analysis we estimate that twice as many bitcoins have actually been lost than have been stolen so it's the fact that users are generally not it experts or even if they are technical like myself it's just annoying like nobody wants to go through really boring data backup and like backup integrity testing checks and all of this other stuff like nobody wants to spend even you know an hour a year doing that and i was spending one to two days every year refreshing my own cold storage setup which was this custom thing that used like shamir secret sharing and and you know sharded out these encrypted file containers across various people that i semi-trusted and you know just thinking through all of the different attack and failure scenarios is exhausting so we've basically created a very user-friendly app on ios and android where if you can read the screen and you know follow the the workflows on the screen then it's really as simple as you know plugging in your hardware devices that you buy and and following our our guidelines for you know how to initialize them and test them and do you know health checks every now and then the one thing that we did that had not been done before is that we actually got rid of the need for storing recovery seed phrases so with our solution when you actually set up your your wallet we tell you not to write down the seed phrases and that is by design because you know users are terrible at security and if if the user has to keep a seed phrase secure then that's this whole other basically iceberg of security knowledge that needs to be ingested by them so by getting rid of that they can instead just think of their security in physical terms you know where are my physical hardware devices you know distribute them in different access controlled locations and that's a lot easier to reason about and so this is generally what we're trying to do at casa we also have other products one of which is the node plug and play node product and we've got a few other things that are coming out pretty soon but we're from a very high level trying to bring usability to the masses when it comes to securities we want to decrease the level of technical knowledge that is required to operate within these systems to get that maximum level of security and and so as a result like our mission is just to help increase personal sovereignty and so it's a very broad mission and we're going to be trying to attack it from a number of different angles key management is just you know the first most obvious one cool well thanks so much for joining us today jameson uh it was a real pleasure speaking with you hopefully we can have you back on at some point i think there's a lot of stuff that we could dive in a lot deeper and maybe have a more focused thing like especially like offsec and the whole security thing is massive area absolutely so yeah thanks so much for coming on and uh we of course going to link to many of many of your blog posts which which really make for excellent reading so please keep up the fantastic work there will do thanks for having me thank you for joining us on this week's episode we release new episodes every week you can find and subscribe to the show on itunes spotify youtube soundcloud or wherever you listen to podcasts and if you have a google home or a lexa device you can tell it to listen to the latest episode of the epicenter podcast go to epicenter.tv slash subscribe for a full list of places where you can watch and listen and while you're there be sure to sign up for the newsletter so you get new episodes in your inbox as they're released if you want to interact with us the guests or other podcast listeners you can follow us on twitter and please leave us a review on itunes it helps people find the show and we're always happy to read them so thanks so much and we look forward to being back next week