everybody. Thanks for joining. I'm Bruce Fenton. We're here with our special guest, Jameson Lopp,
who is a long time Bitcoin. I think the best title that I can think of for Jameson is
Cypherpunk. That's the that's the one of the most honorable and best terms that I can think of.
And hey, so welcome everybody. Thanks for joining Jameson. Well, it's it's always good to be called
a cypherpunk rather than a self-proclaimed cypherpunk. So thank you. Well, thanks for
joining. So we're going to talk a little bit about security, OPSEC, some of the things you're known
for. Those of you who don't know Jameson, he's been in the space for a long time. When did you
start 2011, 12, something like that? Yeah, that was when I got enthusiastic. And then I really
went full time and started working in the space in 2015. So it's been a good five years of
full time Bitcoining for me. Nice. And Jameson is joining us from a solar powered train on the
border of California. Oh, I'm not supposed to say where that is, right? Tell us a little bit about
OPSEC and what you're that's one of the things who originally interested in OPSEC and what are your
what are your thoughts on that topic? Well, like most people, I didn't really care about privacy
until it became directly impactful to my life. It's actually kind of embarrassing because
in my pre Bitcoin days, I was really doing the antithesis of what I profess, which is I was
working as a large scale data analysis report writer essentially for online marketing companies.
And I was collating and aggregating and slicing and dicing petabytes of data on a regular basis
and building tools for automation so that essentially marketers could better target people
based on any attribute that they wanted. And so perhaps that has really helped me understand
how much data is out there, how hard it is to control your data and what can happen once it
gets leaked into any number of databases. And so it wasn't until around 2017 or so, of course,
when that all came to a head and my poor privacy and poor operational security resulted in an
unfortunate incident with law enforcement, which thankfully ended fairly about as well as it could
have. And that kind of sparked my real interest in exploring the cutting edge of what you can do
with privacy. Are we lagging? Connection is lagging. Sorry about that. No problem. What are
your thoughts on some of that? You know, the interesting thing about this privacy issue is
that a lot of people are giving a lot of privacy away now and there's convenience for it. Both you
and I, you're a huge user of Twitter. And I don't know about you, but I use TikTok, which is one of
the greatest sins now. I mean, it's blatantly spying on you, but it's also a great tool.
What's your thought on that trade-off for so many people now?
Yeah, it's tricky for me because I still want to maintain a public presence. And this is actually
upset, I think, a lot of people, especially the super hardcore privacy folks who in many cases
will say, oh, you know, this guy's not legit. Look how public he's being about what he's doing. You
know, true operational security means not telling anybody what you're doing. And there is definitely
some validity to that. But I believe that that mindset kind of contributes to the problem in the
sense that when I wanted to improve my privacy, it was really hard. I had to do a lot of research.
There was not a lot of great materials out there that made straightforward guides of how do you
do this. And that I think is at least partly because the people who did it didn't talk about it.
So from a security perspective, you know, when we talk about building secure systems, especially in
like the cryptographic space, then there's a mindset that you should be able to fully describe
the system that you have set up. And people should be able to attack it freely. Like you should not
rely upon security through obscurity. Therefore, I felt like if I can't tell everyone, at least
generally, what I'm doing for my own privacy and security, then I'm relying upon security through
obscurity. And that's more of a feel good thing, because that means if somebody actually finds out
what I'm doing, they're going to be able to find weaknesses and poke holes in it, and I'm not
actually secure. So that's why I've tried to outline a lot of the steps that I've done. And
really, in the couple of years since I started doing this, there have been better guides coming
out. I usually point people to Michael Basil and his ultimate privacy guide that actually volume
two just came out on that. And it's a real page turner. It's like 550 pages now. It's about twice
the size of volume one. So it's good that there are people who are being more open about privacy.
It helps us share knowledge and helps everyone who cares to improve their own stature. But like you
said, it's a lot of trade-offs. It's not easy. It's not fun. We're creating barriers, obviously,
for other people to figure out what we're doing. But in order to do that, you have to set up all
kinds of proxies, whether it's network proxies or legal proxies or financial proxies. These things
all, I think of it as creating firewalls of a sort, but you're complicating your life. You are
adding more moving pieces to your life that you have to manage. And that is the unfortunate
trade-off is additional mental overhead of keeping track of these additional things.
Right, for sure. And your tools that you've been kind enough to share, that's a great point. A lot
of people don't share these things, but your tools are great. And those people who haven't seen your
website, I think it's almost always listed. I see it as rightfully one of the top, more on the Bitcoin,
especially the Bitcoin resources. But you've got a really great site that you've obviously put a lot
of thought and work into over many, many years. It's not the kind of site you just throw together.
And there's many copycats, but yours is the source that I think a lot of others use for their
source. So that's great. That's an interesting point about the obscurity, because I think there's
a lot of people who kind of have their coins sort of safe, but there's another problem with the
obscurity is that if they die, they probably don't even have an instruction list for their
heirs. And if they do, I mean, The Da Vinci Code is a great movie, but these things where people
are like, oh, I have three words written here and another one carved on my childhood sculpture.
Those things are a problem. What are your thoughts on things like estate planning?
And another related question to that is, what about cases where you have to trust somebody,
like a trust or law firms or investment advisors or something like that, where you sort of have
to trust somebody. Do you envision those people ending up running the keys or do you think there
will be a place for third parties? Yeah, this is tough too, because I mean, there are several
people and entities that I've had to trust with sensitive information. I have accountants and
attorneys who essentially they know everything about me and they could be a single point of
failure with regard to my privacy. And so I do have to trust them with various things, though,
of course, I'm not just handing my private keys over to them. That is thankfully a matter in which
we have a bit more flexibility. So, you know, one of the things that we run into a lot, especially
at CASA, the service that we're building, there is a trade off between privacy and the ability
to have people help you. So there are, you know, rightful arguments where with what we're doing
at CASA, we try to make it as private as possible in the sense that we don't do AMLKYC. We have ways
for clients to come to us anonymously, and we have various anonymous authentication protocols
that they can opt for. But at the end of the day, if they want to go to the level of having
an estate plan that works within the legal system, their name is going to have to be somewhere on
some document and you know, some estate attorney is going to need to know how to execute the last
will and testament. And so the ability for you to be secure and private in your holdings and your
private keys is one mindset and set of issues that you have to worry about. But the other perspectives
that I think the majority of Bitcoiners have not taken is, okay, I don't want the wrong people to
be able to access my keys while I'm alive. The second half of that is, how do I make it so that
the right people and not the wrong people can access my keys if I get hit by a truck if something
happens to me suddenly and I'm not able to, you know, transfer them to my heirs and beneficiaries.
And this creates, of course, a much more complex security model that you have to think through of
just protecting your keys against everyone but yourself is a straightforward thing. But when
you get into estate planning, it can get really nasty if you get into a situation where, you know,
the beneficiaries are key holders and they become adversarial, etc, etc. So basically, we built a
whole protocol at CASA around this, where you put your keys into a three of six setup where normal
day-to-day operations, you have access to four of those different keys. And however, three of the
keys are always kept in different situations where they can be accessed legally through the estate
process with proof of death. So that could be a safety deposit box with the beneficiaries at either
a bank or another private institution, one key, of course, with CASA and then a sixth key with your
estate attorney who will be, you know, conducting that entire process. And this type of setup, I
think not many people have really thought through, you know, the people who have come to us and talked
to us about their setups have done basically what you described and what we describe as the treasure
hunt. And this is the same setup that I had for myself. And I set up a last will and testament a
number of years ago, not because I had errors that I was specifically worried about, but rather
because I wanted to have something written down officially and legally of like, these are the
crypto assets and this is how you execute them. And of course, the process that I came up with years
ago is convoluted and never really got fully vetted. Like, I was never 100% confident that
my executors would actually be able to pull it off and you find all the pieces of the keys and
reconstitute them, et cetera. So it's, I think a lot of it has to do just with putting in enough
time and effort to create a robust model that can be reliably executed. And that, you know,
the people who are supposed to be part of that process understand the instructions and, you know,
we need to make these things as easy as possible because we cannot assume that your heirs or your
executors are crypto nerds and they know how all these different technologies work.
Exactly. Yeah. Unfortunately, there's probably a lot of people that have lost a lot of money.
You know, I'm sure you've heard of stories of a lot of people that, you know, and it is scary
because it is such weird and complex stuff and it's always changing too, you know, something that
might have been state of the art. I remember when paper wallets was the most state of the art,
at least it was the most state of the art thing I knew of. And then what was the Glacier Protocol
or something else? And then the other thing that I remember is that, you know, I was in the
and then I suppose the people before paper wallets, they didn't even have that option. So
Glacier Protocol was, you know, the real gold standard. And in fact, the primary CASA employee
that we had working on are both our regular wealth security protocol and then our inheritance
protocol. He was one of the co-authors of the Glacier Protocol. So, you know, very adversely
minded. But, you know, instead of us telling him, oh, create the ultimate security setup, we said,
create the best security setup you can that is still, you know, executable by normal humans.
Right. Yeah, that's important. You know, the usability, because I think if it gets too hard,
and I think we've all run into this, if things get too hard, you end up cheating. You know, I mean,
I had a I got a purism laptop and it was all complex and I made a password that was like this.
Guess what I did? I ended up writing it down. It was so complex. And I'm like, well, wait a minute,
that's that's bad. We've got a million questions here. So let's, let's see what we can ask.
Hartej asks, I guess, what your thoughts are on DeFi, WBTC, Bitco and security.
Oh, boy. Well, that's a whole that's a big one conversation unto itself. Right. You know, I'm
I'm I'm watching DeFi, you know, from a sort of bemused, far away perspective of I just see
complexity. And and whenever I see complexity, I see potential points of failure. I think it's
fascinating because it's finance that can be innovated at a pace that is insanely fast compared
to traditional highly regulated environments. And so that's why it's going to be really fun to watch.
We're, I think, going to continue to see very interesting new devices, services, products,
whatever, at least for the foreseeable future. I think a lot of these are going to be like highly
speculative gambling type stuff that is going to blow up from time to time. People are going to get
hurt. We're going to learn lessons. We're going to move forward. Hopefully, eventually that results
in some more stable products that are coming out of all of this. The like wrapped Bitcoin stuff or
like Bitcoin on Ethereum, Bitcoin on side chains, et cetera. That becomes interesting from the
standpoint of, well, what is happening to the actual underlying Bitcoin? And my understanding
with wrapped Bitcoin is that it's basically in BitGo custody. I don't think that it's a federation.
I think it's just BitGo custody and that they then, you know, meant the wrapped Bitcoin on Ethereum
and people can play around with that. And so you run into some interesting scenarios, for example,
kind of related to I think what happened with USDC this week where they basically blacklisted
like $100,000. What happens when some of that underlying money, what if that underlying Bitcoin
gets taken because the regulated custodian has some law enforcement action against them?
What happens to the rest of the wrapped Bitcoin from like a fungibility standpoint? Does it all
become worth less because now it's, you know, 90% of backed, you know, can you enter into
essentially a fractional reserve system because of some failure with the custodian?
So like with Liquid, for example, that's a federation. I think a few weeks ago,
there was some hubbub around potential security issues with how the federation was working and
keeping all their stuff up to date. So, you know, it's complexity, right? There's more moving pieces.
There's more things that can go wrong. But it's also enabling more innovation where, you know,
people can go off on their own networks and do crazier things and experiment. So I'm continuing
to watch it. But I gave a talk over a year ago where I basically, the title of the talk was
DeFi for Defiance. And my main point was, like, if whatever you're building isn't really censorship
resistant, if it has points of failure or pressure points where law enforcement or other authorities
can come in and essentially say no, then I'm not really sure that that is sufficiently
decentralized to be decentralized finance. Right, decentralized finance without the D
a lot of times. Zim Valencourt asks about OPSEC and everyday life. He's specifically wondering
about AI and facial recognition, metadata. And I think, you know, sort of in my own words,
question related to what he's asking is, can Americans, what do you think about Americans
combating actions like what you're seeing in communist China with social scoring? And, you
know, I'm sure you've seen these video cameras, and they, they can identify you by your gate,
or by just how you're walking down the street. And then they know, okay, that's you, they have
your credit report. And, you know, all of this kind of stuff. What are your thoughts on that?
That is a really hard one. And of course, it comes down to where you are physically and,
you know, what your local government has instituted. On the bright side now, you know,
you can walk around with a hat and glasses and a mask covering your face, and you generally won't
get any weird looks. We don't know how long, of course, that is going to continue, you know,
maybe that becomes a new normal. And people can rely on that. From really all the technology
solutions I looked at of trying to defeat facial recognition are just, they potentially work at
night, but not during the day. I'm not aware of anything that would really work against
gate recognition unless you like, put an insert in one of your shoes that made you a hovel or
something. But even then, I suspect there's probably ways for their algorithms to detect
that type of thing. It's, it's not a, it's not an optimal solution. But really, like the,
the way that I look at it is most of the time when you're walking around and there's surveillance
cameras, it's either because you're in like an urban environment where that local jurisdiction
has set up a bunch of surveillance cameras, or because there's, you know, larger corporations.
For example, I think it came out recently that it was like Lowe's or Home Depot, or maybe both of
them basically had cameras in all of their stores, and they were all networked, and they were all
getting fed into facial recognition software. And so, whenever possible, and this actually works
well for, you know, pandemic status as well, but whenever possible, I just order things online,
because it means I don't have to physically go out and potentially, you know, have various
surveillance cameras pick me up. But of course, unless you're going to be a hermit and never leave
your house again, that's, that's not going to work for everything. I suppose, you know, you can set
up, or optimally, I would love to, you know, just be out in the middle of nowhere. But I think even
that is only a temporary escape. You know, we already have, well, we have surveillance drones
that got used during protests recently, we have satellite coverage of basically, you know, every
square meter of the earth. There's, I think, no perfect solution to hiding without essentially
going underground into a bunker. So you have to figure out, like, what are the trade-offs you're
really willing to make? What are, what, what are you trying to protect yourself against? And I don't
think that, you know, protecting yourself against, like, nation-state levels surveillance is really
feasible.
Yeah, exactly. I mean, we have an address that we stay at, and I try to keep our names off of that
address. There's not really a need for it. And as simple as that is, it's very, very hard. There's
very, very hard. There's always something where they need your real name, they want to know where
you are, there's legal documents, you may have a lease if it's a physical place. And then even if
you, you know, with, you know, with where we usually stay, we have things sent, we don't even
have them sent in our name. But all that does is basically obscure, you know, the most obvious
things. I mean, even Amazon can figure it out. They're not stupid. They're like, oh, okay, you
know, this person ordering a bunch of comic books and Andreas's book and everything, you know, you
were at one address and now you're at another address. They know it's us. They know the credit
cards. I mean, and that's a pretty low level. I mean, forget about governments or something. I
mean, pretty much with just a little bit of effort, I'm sure that a good private investigator could
find almost anybody's physical location. And when you get into governments, I mean, people were
wondering how the FBI caught, you know, Epstein's associates. I say, how could they not? I mean,
you know, with the way that phones are and everything now, you'd have to make an extraordinary
effort to avoid even, even a private investigator or Amazon, let alone a nation state. Well, I mean,
it's all about resources, right? Is, is you have to decide what is the level of resources that an
attacker is willing to expend to find you. And the more you spend, the higher, you know, you can make
that requirement. If I recall correctly, I think the FBI said that they spent $5 million tracking
down, uh, Jelaine, which is, it's a lot, but for a nation state, it's not. I mean, if someone spent
$5 million, I'm sure they could find me. Um, but if they spent five, 10, 20,000, they probably would
not be able to find me. So, you know, I think I have a reasonable idea of what would be required
to find me. I mean, I pay private investigators to try to find me, but I don't pay them a hundred
thousand dollars. So I'm not sure what level, you know, that would result in. Yeah, that's interesting.
Yeah. And it depends on your threat level, the threat model too. You know, I, uh, you know,
there's different, everybody has their own thing that they're worried about, you know, whether it's
you know, what, what your physical threats are or what you, you know, whether it's a mugger or
whether it's a mafia member trying to hack your coins, you know, there's different, different
threat levels and different things that you, that you have to protect against. So that's worth,
you know, taking into account as well. Um, let's see. Oh, here's a simple one, maybe. How about,
uh, how do you configure your home router? Any tips on that from Nathan Hawk?
Yeah. Um, I have actually, I recently wrote a article about configuring DDWRT and a VPN on that,
on a Linksys router. Uh, I actually prefer historically the high level ASUS routers with
the Merlin firmware. But the main point being that I think the lowest hanging fruit that a
semi-technical person can do is to set up a VPN at the router level so that you're not having to
configure every possible device on your network and having to make sure that they're all staying
on the VPN. You know, you just set it up one time on your, your router and then have a,
a kill switch so that it, you know, it kills your entire internet connection. If the VPN goes down
so that, you know, something is wrong. Uh, other than that, I mean, you can get a little more
complicated and set up, um, things like a pie hole to, you know, intercept as many DNS requests
as possible, uh, so that they're not going out to, uh, all these different advertising agencies
that are then trying to, you know, correlate your activity across different sites. Um,
other than that, there's not a whole lot that I do other than maybe some just sort of quality
of service configuration. But, you know, the, I think the biggest problem that I've had with
trying to go like full VPN all the time is that, you know, there is overhead for that. There's
processing overhead. So even if I'm on a gigabit connection, I'm not going to get gigabit speeds
anymore because it has to encrypt and decrypt all that traffic. And most routers are not
particularly powerful. So if you really care about that, then you actually need to essentially have
a full desktop computer that you run your router software on so that it can do all the VPN
encryption decryption. The one thing that I have not really gotten to play around with yet is
WireGuard. Supposedly, you know, this is a newer VPN protocol that's supposed to be
more efficient. Uh, that is on my to-do list. So hopefully I can set that up on my routers
instead and get some better bandwidth. Cool. Um, here's a good one. If the U.S.,
I'm going to vary the words a little bit. It says, when the U.S. bans Bitcoin ownerships
and prosecutes devs, what would you do? I don't think you can prosecute devs, but,
but they, I guess they could, they could ban ownership. What would you do?
Well, the, I think the most likely scenario I would hope if that were to happen, would be a
sort of, you know, similar to gold repatriatization type of act, but rather Bitcoin repatriatization,
where the government wants to take ownership of all the Bitcoin and use it as like a new reserve
to, to back their worthless fiat. But, uh, one way or another, I think the question would be
whether or not I would be able to escape to a Citadel somewhere. Uh, you know, there's no
timeframe on this question. So if it was far enough in the future, you know, hopefully we'll
have some like sea steds or other, uh, Citadel fortresses that are in international waters or,
or, or perhaps even, you know, newly formed micro states, uh, so that, you know, we have a safe
haven to flee to. But of course, I'm not going to be able to, uh, to hide from a nation state for
very long. So it would have to be a fast decision. Yeah, that would be a tough one. I mean, I think
it's, although Carol Van Cleef was a leading attorney, she said devs more likely to be
prosecuted than Bitcoin ban. I'm hoping the thing because it's open source, at least with Bitcoin
devs, I would, I would, I'd go to bat to fight that because I feel like all you're doing is
giving software away. Other projects could be a different, a different sort of story, especially
if it's a securities offering or something like that. But with Bitcoin, man, if that was the
thing that would say, there's not a lot of things I'd want to go to court and fight the government
for, but if that was one of them, I have no commits though. I've been looking for a spelling
error on there so that I can get one, but I'm not a developer. I certainly can't code. So,
and somebody always catches the spelling error. So, but, but maybe they let me in so I could
fight that in court, but, or better yet, let somebody else fight it. But hopefully the free
speech issue, you have the right to write down code and, and release it. But, um, it's interesting.
So the next question was, was what you just referenced. What about Bitcoin Citadel? Should
we start them? When can I join yours? That's from Kate Higgins. Yeah. Uh, I mean, we need to get
started on this as soon as possible. Now, unfortunately, uh, one of, one of our, our
client services guys actually at Casa is a former Navy. And I've had some lengthy discussions with
him about sea steadying and, uh, feasibility of, you know, having fortresses and international
waters. And, um, we're going to need much better defensive technology, essentially. So, you know,
any, any things that's sitting out on the water in the middle of nowhere is a huge target. Uh,
and when, when you're faced off against a nation state that has the ability to rain down hellfire
from beyond the horizon, you can't even see them. Then, you know, that's, that's when you really need
to have some crazy anti-missile technology. Um, my only, my only hope for how we might be able to
combat that type of stuff in a actual, an actual feasible and, um, I guess way that doesn't cost
billions of dollars is perhaps through drone technology or, you know, trying to think through
like, how do we use the, like the aspect of cheap decentralized defense rather than extremely
expensive centralized offense. Uh, so I am, I am interested in drone technology from the sense of
like mesh network style, uh, AI powered drone swarms. And, you know, what, what are the results
of that? Like, how does that change the dynamics of war when you can have tiny, tiny little
autonomous units that only cost a few dollars. And so it's possible, it's feasible for an individual
or a small group to essentially create this new sort of collectivize, uh, defensive mesh net.
But, you know, this is getting kind of far out there, but I mean, we've already seen proofs of
concept of, uh, drone swarm technology. And of course, as all technology does, it's only
going to become cheaper and, uh, more efficient and easier for people to play around with.
Whoops, I was muted. Uh, somebody asked about Hive, Nathan Mars. I don't know if you know
about Hive, but somebody, I guess it had a, I don't know much about it. I guess it had a
hostile takeover by steam. Um, do you, do you have any suggestions about, do you know anything about
this? Do you know anything about Hive or its governance or anything like that?
Uh, only slightly in passing. I mean, uh, it was kind of fascinating to see like a power play
against a decentralized network. Um, I think the, the, essentially it was a power play against
steam to take over various, I forget it was like minor hash powers or witness hash power or
something. Uh, you know, these, um, I think the witnesses were essentially staking on steam, but,
um, I think the end result was they, the community just forked off, right? And so that is,
that's, that's the great thing about open networks is that, you know, even if there is,
um, a power play against one piece of the power structure, if the network as a general whole,
the, if the, the community at large disagrees with a particular change, then all they have to
do is find meat space consensus on what they actually want, turn that into code and then
deploy the code. And there you go. No one can stop that. Yeah. Yeah. It's fascinating. There's been
a lot of, you referenced it in a tweet a while ago. Um, I know you mentioned like five, five
different projects that have had security weaknesses. I think you said, even though it's
open source doesn't mean it's, it's secure. And that's a, that's a great point. Um, the one I was
most familiar with was Ravencoin and that was always, always known. I mean, Fluffy and others
warned about exactly that kind of, the kind of risk where being open source actually is a risk
and nobody has as many developers as Bitcoin. Bitcoin is pretty secure because it has, I think
750 people or something that have contributed. And there's hundreds and hundreds more, you have,
you know, really high-end, uh, engineering capability at companies like Bitfury, even though
they're not, you know, developers, they sure as heck know what they're doing. And they're looking
at the code and nobody else has anything close to that, but even Bitcoin had a couple of close
calls, um, over time. So I think a lot of people don't realize how, how complex it is. And I think
you've talked a lot about it. A lot of folks like Adam Back and others have just continually drilled
home this security point that I think a lot of people don't get because it is so different than
the rest of the world. It's very hard to quantify too. Uh, you know, I think there's a general
consensus that, you know, Bitcoin has the most eyes on it and therefore it's probably the most
difficult to get malicious changes or even accidental, uh, bad code into the code base. But,
you know, it's still possible and there is no foolproof, you know, guaranteed way to prevent
that. It's, uh, it's at least partially, it's just history, you know, the longer we can go
without any issues, the more confident people will feel about it, but we should never be
overconfident. Uh, we, we want to have as many people, as many different, you know, diverse
views, perspectives, um, occupations like of, of interested parties in the network, because
the more angles of attack that, you know, people take on the network, the more robust it will be.
It's, um, you know, one person might look at the code or might look at one aspect of the
network and see one thing and someone else might look at it differently and, you know, find a
weakness that could be exploited. Right, for sure. By the way, if I pause my video while you're
talking, I'm still here. I'm just doing that for bandwidth. The, um, last coin standing asks about
progress on lightning network gaps in where, where it is and where it needs to be. What are your
thoughts on when we can get there and do you have any concerns about risks or impediments to
lightning realizing its vision? I mean, there has been a lot learned about lightning network
over the past couple of years. Uh, we've seen even just over the past month or two, you know,
new research reports coming out showing various weaknesses that developers need to think more
carefully about when they're trying to figure out how to move forward with designing the network.
Uh, my own personal experience has, you know, led me to find a number of different edge cases.
You know, there are a lot of things that can go wrong because once again, this is extremely
complex, you know, where we take the base Bitcoin protocol and then we build a whole other protocol
on top of it, uh, that is also based upon a lot of game theory. And so what happens is we've created
a whole new game and now we have to go through a fairly long process of various people playing
that game and figuring out what are the actual rules to the game, because we don't necessarily
know them. We know what we think they are, uh, but there's always unwritten rules. You have to keep
fleshing those out until we have a network where the rules that we think are in place are the actual
rules that are in place. So it has been, I think, slower going than a lot of people hoped for, but
it is also gone, I think better than expected in some sense in that I've fully expected that by now
we would have seen some, you know, catastrophic collapses of the network because of one edge case
or another. And, uh, while there, there have been, you know, a few issues where, you know, we needed
to do like some emergency updates because there were potentially catastrophic problems with like
channels, for example, uh, and the values that people thought were on them. Uh, this, this has
not actually led to, you know, massive like adversarial loss of funds or massive, uh, you know,
sweeping channel closures, uh, collapse of the actual network graph. So I think that the developers
have done pretty good job of, you know, staying conservative in their changes and we're making
incremental progress. And while that may seem like it's going slowly, eventually, you know,
years from now we'll look back and say, Oh, look at, you know, look at all the progress that we've
made, but there's definitely still, from my perspective, mostly, uh, robustness issues at
the individual level that, that need to keep being improved, uh, because there's still plenty of ways
you can lose money on lightning. And, uh, I've spent a decent amount of time helping people
recover money, uh, from those that have crashed or had other issues. And, you know, it is still
a fairly complex technical thing to get in under the hood there. So I think for us to get to the
point where it really is just a mainstream push button, uh, you know, self custody type of
lightning setup is going to require some more robustness, especially around like light, uh,
watch towers. For example, it's, it's, it's the inane issues of like data management and,
and keeping backups of data, uh, which it becomes, I think one of the, the challenges that we have
to deal with whenever we're talking about private key management is that everybody likes to talk
about adversaries that are trying to hack you and take your money. And that's an obvious thing to
talk about the less sexy aspect of all of this, which I ended up spending probably more of my time,
uh, dealing with and thinking through is, um, the user, you know, how can the user screw up or,
uh, suffer from some random catastrophe that just causes them to lose money. Uh, it's not that
someone stole it. It's just that, you know, we had a hard drive die and now your data is gone and you
didn't have backups. You know, it's more boring stuff like that, that we need to figure out how
to make that bulletproof before I think we're really going to see a mainstream adoption of this.
Yeah, I agree. And it's always those, those last mile little things that end up wrecking people,
not always, but a lot, a lot of times, you know, I know in the stunt business,
they say that the most dangerous thing is the usually the more simple stunts.
You know, when you have something really, really complex, when Vin Diesel's doing a
skydive off a building, they put a lot of safety into that. There's this footage going around of
Tom Cruise. He's hanging out. He actually hung outside of a plane for a shot, but, uh, those
aren't typically when the people die. It's when they're, you know, they're doing something they've
done a hundred times. Um, speaking of complexity on top of the Bitcoin lay, uh, you know, Bitcoin
and second layer stuff, do you follow some of the, the, um, projects that, that either do side
chains or, uh, you know, other things looking at tokens on top of Bitcoin? So you've got RSK,
RBG, Liquid. Do you have a favorite? Do you, is that a space that interests you?
Um, I'm also kind of watching from afar. Um, I have not, no, I have not directly actually used
any of those technologies. So I, you know, I don't have an opinion or comment directly, I think on
like one of them being better than the other. Um, you know, they're each taking their own approach
and that, I actually, I think that's, you know, that's better to have that, you know, diversity
of different approaches to things. Um, it seems like Liquid, it gets the most press and most folks
talking about it. Um, but this could just be due to my own bias of, you know, who I'm listening to.
Um, RSK is definitely interesting because they're, you know, merging Bitcoin with Ethereum, a virtual
machine, though, uh, I can't think of any projects off the top of my head that are well known that
are using it, but that could also just be my own ignorance. And, uh, RGB, I think is probably the
newest and least mature of all of those. So definitely still waiting to, to see some folks
to see some folks like building stuff that I can play with on top of it.
Yeah. Yeah. I think it's exciting. And I'm psyched that I like them all.
I just want to see everybody doing all, and I'm hoping that there's enough of them that,
uh, you know, they're slightly different. Some of them are a little bit more of a cypher punk
versus centralization trade-off. I, I hope there's going to be uses for all of these. You know,
you may have a, an activist group has a need for some sort of token that allows them to communicate.
And meanwhile, a regulated security in the United States has a token that they've got to,
you know, comply with AML rules, you know, totally different use cases and hopefully different,
you know, either side chains or entirely other chains. So that comes up on it. Well,
let's do one more question on our sort of 45 minutes here. And thanks. Thank you again.
And can this is a good one to close on. Michael Gerton asked,
can you give an example about the most recent time you changed your
mind about something significant related to Bitcoin and what made you contribute
to that change in thought? Oh, most recent change. Uh,
I mean, I've, I've had a number of different changes in opinion. I mean, my, my largest
change in opinion throughout my entire time in Bitcoin was definitely around a block size
stuff that that has been several years now. Uh, you know, essentially before I went full time
in Bitcoin, I was like, oh yeah, you just make the blocks bigger. Uh, it's, it's obvious,
but it wasn't until after I was running a bunch of Bitcoin infrastructure and seeing what the
effects of that would be and how difficult it already was to, uh, to build like indexing
services, for example, that grabbed all the data and sliced and diced them. Um, and how
those were like steadily taking more and more resources that I changed my mind on all of that.
Um, you know, I've, I've slightly changed perspective over the past year, you know, as
Casa, we started off with our multi-sig self custody product, and then we came out with the
Bitcoin and lightning node product as well. And, you know, we, we were hoping to build,
start building out, you know, comprehensive suite of, you know, uh, be your own bank type
of products, essentially. And one of the things that we realized, you know, after we saw the
success of the node, it actually arguably, uh, gave us like more press, uh, with the node product
than, uh, with the self custody product. But we actually determined that there was very little
overlap, uh, between those two things. Like we essentially ended up with like two different
market segments of customers where the people who were interested in the node, and this of course
is making blanket generic statements. So there's plenty of, uh, people that don't fall into this,
but in general, uh, the people who were interested in the node were sufficiently technically
sophisticated that they, they had the ability and the desire to also do their own key management
and not have like a really user-friendly guided experience. Um, whereas the, the folks who
either didn't have the time or, or didn't have the technical sophistication to set up their own
to set up their own self custody, we're not at all interested in the node, um, despite the,
you know, ideological aspects of, of running a node. And so, um, you know, that was one of the
reasons we ended up cutting the node product line, uh, for the foreseeable future. We can always
bring it back, but, um, it's, uh, it's, it's gonna be, I think, a challenge. And, and the main reason
for that, it actually comes back to what I was talking about before of the boring IT data
management stuff. And like, we knew that, uh, shipping a node in a box product would present
additional challenges because you're essentially putting hardware out into unknown environments
that are going to have all kinds of crazy variables. And we saw a lot of unexpected things. Um,
but when you're asking someone to essentially start managing their own server, you know, even
if you're building as much automation and, you know, recovery logic into that hardware as possible,
then you're still going to have to deal with, um, electricity outage, you know, issues with networking
issues. And, and these are the type of things that I'm not sure that we're going to see a simple
solution to until other aspects of just like the internet and networking in general, uh, get improved
upon. And I definitely want us to get there eventually, but I think that we know it's more
important for people to have their own keys than it is for them to necessarily be able to
validate, you know, everything that's happening on the blockchain. Like, you know, I,
I think Trace Mayer, uh, used the like first-class, second-class, third-class citizen type of thing.
I kind of see it as different tiers, you know, of, of being a self-sovereign Bitcoiner and the, um,
you know, managing your own keys and validating all the transactions and doing it all in a, a
sovereign way where you're not relying upon any third parties that are single points of failures.
You know, this is the ultimate dream of Bitcoin and it is, it has always been achievable. Like
the, the promise of being your own self-sovereign bank has always been there. The, the question is
what can we build that lowers the bar for people to achieve that? And so, uh, at the moment, you
know, at Casa, we are focused on getting people to the, the private key management level of, you
know, being able to, to have a robust setup that they don't have to spend a lot of time worrying
about. And, and hopefully once we get enough people into that level, we'll be in a position
where we can start to think more about that final level. How, how do we have a, a fully packaged,
like all in one solution that is, you know, point that, you know, people can be their own, uh,
be their own, uh, fully encapsulated system, their, their own, uh, bank setup without having
to deal with all of the boring ins and outs of private key management and server management and
data backups and redundancy and all these other little things. So like, I see the light at the
end of the tunnel, but unfortunately, um, I think it's further away than I hoped or I would have said
a couple of years ago. Yeah. What's the old saying? You, um, we underestimate what we can do in 10
years and overestimate what we can do in one year. So that's Bitcoin for you, right?
Well, thank you again. We really appreciate it. It's wonderful to have you, uh, you join us. This
will be, um, uh, rebroadcast, you know, we'll be able to rebroadcast on YouTube and, um, we really
appreciate you, uh, joining us and, uh, hope to see you in person again. And, um, I hope you're
safe at your, um, tent in Guatemala. Oh, sorry again. Sorry. Sorry. Uh, thank you again, Jameson.
You have a great, uh, great time. I hope you're safe and, uh, we really appreciate it. Thanks.
See you. All right. Have a good one.