It’s becoming clear to me that in regions without unified leadership against COVID-19, safe restarts will not be possible. Places such as Vietnam and Taiwan, where we have offices, are keeping their citizens safe (and working), while others are not…
In this unfortunate time, Bitmark hopes to make a difference. Let me get you caught up with what’s new at Bitmark:
We teamed up with Girls in Tech to launch a new podcast series, Hope in Crisis, discussing how technology can help us rise from various crises in modern society, both in English and Chinese.
You can follow the series on the following platforms:
News anchor Catherine Lu’s Facebook English-language interview with Bitmark CEO Sean Moss-Pultz “美國怎麼了？台灣做對了什麼？（Part.1）” about our public health app Autonomy received over 330K views, 7.8K likes, 2.8K reshares, and about 300 comments. (English and Chinese)
We have faced serious difficulty in launching Autonomy to App Stores. Coindesk covered our failed launch, asking what happens when the gatekeepers we trust have too much power?
Bitmark and Blockchain Commons announced Charter, a new and open architecture for the next generation of social media projects:
Charter reimagines social media to recover its initial promise, with new safeguards so that no single vendor one can steal it away. Its architecture ensures that every social-media participant has both autonomy and agency. As individuals we control and govern our own data, deciding for ourselves how online information is shared, used, and deleted. For social media, this means we have authority over not just a timeline of posts, but also our social graph of connections. Each individual now decides who reads our posts and what we see ourselves.
But more than anything I worry that this exemplifies where Apple has lost its way with the App Store. What exactly is the point of running a strict approval process for apps if not, first and foremost, to ensure that they’re good apps? An iPad email app that doesn’t support split-screen multitasking for five years is, by definition, not a good app.
I’d like to see all the vim, vigor, and vigilance Apple applies to making sure no app on the App Store is making a dime without Apple getting three cents applied instead to making sure there aren’t any scams or ripoffs, and that popular apps support good-citizen-of-the-platform features within a reasonable amount of time after those features are introduced in the OS. I don’t know exactly how long “reasonable” is, but five fucking years for split-screen support ain’t it.
If technology companies often don’t understand (or prioritize) security and privacy, why do we think governments do? From the New York Times:
Norway is one of many countries that rushed out apps to trace and monitor the coronavirus this spring, only to scramble to address serious complaints that soon arose over extensive user data-mining or poor security practices. Human rights groups and technologists have warned that the design of many apps put hundreds of millions of people at risk for stalking, scams, identity theft or oppressive government tracking — and could undermine trust in public health efforts. The problems have emerged just as some countries are poised to deploy even more intrusive technologies, including asking hundreds of thousands of workers to wear virus-tracking wristbands around the clock.
In fact, “the vast majority” of virus-tracing apps used by governments lack adequate security and ‘are easy for hackers’ to attack, according to a recent software analysis by Guardsquare, a mobile app security company.
The need for local communities and neighborhoods to have autonomy to make the right decisions during COVID, backed by data and science, not just opinion. From the New York Times:
Far from Denver, pushed up against the Utah border, Mesa County is known for its stunning flat-topped mountains and abundant outdoor activities. Residents are proud of their record so far on the coronavirus — just 55 known cases, and nearly all have already recovered — but some worry about the price the county has paid.
The largest country music festival in Colorado has been canceled. So has the Junior College Baseball World Series. Despite getting state permission to open some businesses ahead of the rest of Colorado, many in the county are struggling — and patience is thinning.
“Obviously we don’t want to let it get away from us, we don’t want to ruin a good thing, but did it really have to be this level of shutdown?” said Doug Simons, a third-generation owner of Enstrom Candies, which has five retail stores that have remained open as essential businesses.
“There was a real reluctance from our leaders to let things open back up, even though we had practically zero disease in our community,” he said. “I thought: ‘What the heck is going on? We don’t have any cases here and we’re being told to shut down like it’s New York City.’
See you next month. We’ll keep fighting for your #digitalrights.
Every generation brings something new to the world. Your generation is going to liberate music and creativity. We believe your creativity and rights should never be compromised – you deserve better.
For most of the popular music today, with no beat, there is no song. However, there is another aspect which is often overlooked: recognition, both personal and financial. We know that money is not a primary incentive in creating culture, but beatmakers should reap the success and recognition should their beats become hit songs.
OurBeat is a musical ecosystem for beatmakers. Anyone who registers their beats with our app can freely sample and remix beats from other OurBeat creators. Those beats are streamed on OurBeat Radio – free of cost for anyone to listen to, free of cost for anyone to contribute to. A constant 24/7 ad-free stream created by you and the OurBeat community.
Sell your beats across the Internet and never worry about being unable to track where your beats end up. If your beat ends up on the top of the charts, you will be duly compensated and credited for it. Likewise, we know you do not want to have accidentally ripped someone else off.
How do rights work? Who talks to who? Where do you get clearance for what? OurBeat simplifies this complicated world of copyright and makes it easy to understand and inspiring for you as a beatmaker.
Today, we stand at the edge of a maturing digital music world. We’re excited about OurBeat, and we want to help you create freely, without worry and break new heights of collaboration.
Join our mailing list to be part of this exciting new initiative. We welcome beatmakers, musicians, creators, music lovers, developers and futurists alike to join us on this journey to reimagine the limits of digital collaboration.
Terence Leong, Group Chief Content Officer, KKBOX Group / Co-founder, OurSong & KKFARM Sean Moss-Pultz, Co-Founder & CEO, Bitmark Inc.
About KKBOX Group
KKBOX Group is Asia’s leading music entertainment company. Started by a group of music loving Internet software developers, we built and launched one of the world’s first music streaming services in 2005. Based in Taipei, the heart of Chinese pop music, we gradually grew our business from Taiwan out to Hong Kong, Singapore, Malaysia and Japan. Ever curious towards reinvention and discovering new business models of the future, we have expanded our business scope from music streaming to live events, technology services, content, investments and continue to explore reinvention through innovation in the digital entertainment space.
Bitmark restores trust in data by democratizing rights control for any digital resource at scale, including media, personal data, and information. Bitmark’s work with KKBOX Group on OurBeat empowers creators, simplifying rights management for all beat makers.
In the United States (where I am), we’re currently seeing states starting to open up due to political and economic pressure. It seems like there’s too much pressure from the top (President Trump) and the bottom (unemployment) to hold people on extreme lockdowns any longer, but this is driving a bigger question of “how do we all operate in this environment without creating a runaway pandemic?”
As I mentioned in my last newsletter, this need is why we’re building Autonomy, a neighborhood public health forecasting tool. A couple of weeks ago, Autonomy won Cohack, an online hackathon co-organized by the Taiwanese and the US governments with the goal of developing sophisticated solutions for managing the coronavirus pandemic.
You can learn about how we protect user privacy in hopes to activate mass participation in public health on our website. You can also sign up to get notified once Autonomy is out. Currently, we’re still in internal testing and we expect to have exciting announcements about launch partners soon.
In other news, Bitmark was named a 2020 Technology Pioneer by the World Economic Forum. Personally speaking, I am really happy to see our mission to restore trust in data validated at a global level.
First, we can create a global early warning system. Much like systems for tsunamis and earthquakes, an early warning system could allow for early detection of and rapid response to an outbreak before it spreads. It would gather intelligence through a combination of zoonotic reconnaissance, artificial intelligence (AI) surveillance and outbreak investigation.”
The problem, Garrett added, is bigger than Trump and older than his presidency. America has never been sufficiently invested in public health. The riches and renown go mostly to physicians who find new and better ways to treat heart disease, cancer and the like. The big political conversation is about individuals’ access to health care.
But what about the work to keep our air and water safe for everyone, to design policies and systems for quickly detecting outbreaks, containing them and protecting entire populations? Where are the rewards for the architects of that?
– How Japanese are living with COVID-19 on What Japan Thinks. Health isn’t simply about our physical symptoms, it includes our mental health, it includes how the people around us affect us. Until there’s a safe way for people to participate in these discussions, we cannot hope to move health significantly forward.
– What’s the line between privacy / freedom and safety? It’s easy to be cynical about the need for privacy when people seem to share more than ever. Well-regarded venture capitalist Fred Wilson shares his perspective.
– Why is public health so important? Because modern society depends on it, yet the incentives, as discussed by Modern Healthcare, to fund it continue to ensure future pandemics.
The Trust for America’s Health estimates public health efforts are about $4.5 billion underfunded. That’s led state and local health departments woefully unprepared to address public health emergencies such as infectious disease outbreaks, extreme weather events, and the opioid crisis.
“One could argue that there has always been underfunding but it is more meaningful at a period of time when cuts haven’t been restored and risks have increased,” said John Auerbach, president and CEO of Trust for America’s Health.
– Context into Benjamin Franklin’s famous quote: “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety”, from NPR.
Thanks for reading, and keep up the support for #digitalrights.
When social networks first appeared, they offered the hope of human connection: the promise that we could gather our friends and families together online; that we could connect to businesses of our choice; that we could select news from sources that appealed to us most. It was to be the dawn of the citizen-journalist and the global family. In the modern day, with its social distancing and sheltering in place, these goals are more important than ever, but our hopes and the promises of a new, more open, respectful social institution have been dashed.
Unfortunately, today’s most popular social networks cut us off from our family and friends with arbitrary algorithms. They sever us from our news services and favored businesses in order to gain favor and advertisements. Their corporate greed led directly to the misappropriation of our personal information, adversely impacting the US 2016 election. Even today, these networks encourage blatant falsehoods to propagate across their platforms, simply because doing so makes them more money. They have literally sold out our democracy.
It doesn’t have to be that way.
Charter reimagines social media to recover its initial promise, with new safeguards so that no single vendor one can steal it away. Its architecture ensures that every social-media participant has both autonomy and agency. As individuals we control and govern our own data, deciding for ourselves how online information is shared, used, and deleted. For social media, this means we have authority over not just a timeline of posts, but also our social graph of connections. Every individual gets to decide who reads our posts, and also what we see ourselves. That’s what Charter does.
This new initiative is founded upon individual rights recognized by Europe in the GDPR and by California in the CCPA, both of which ensure that individuals may request copies of any personal data held by a vendor. This has forced social networks to make archives of accounts available to all their users. Bitmark’s Spring app focuses on Facebook and allows people to download their timeline and its graph of social connections. It’s the dawn of data independence.
This is just the first step. Blockchain Commons and Bitmark are now working in concert to develop an engagement model for what comes next. We are expanding the well-tested and trusted Bitmark Protocol, which protects digital assets using blockchain technology, to offer cryptographic object capabilities. This will allow individuals to create a graph of online connections under their own control.
People also gain personal agency that simply doesn’t exist on current social networks. Anyone can charter community groups based on any criteria: geographic location, topical interest, old friendships, or something else. Individuals get to decide which groups to join, and each group gets to decide what the rules are for participating. Meanwhile, personal data and community data will be protected in online data stores cryptographically restricted to only the appropriate people.
How is Charter different from the most popular social networks of today? The underlying algorithms and protocols are open source and will be open standards, not owned by any single company. Personal data is stored in a private vault, but the rights to it are recorded on a public blockchain, maximizing the balance between privacy and public needs. When someone uses Charter, the platform itself doesn’t limit what posts they get to see; it won’t boot people for violations of arbitrary rules; and it can’t sell personal data to advertisers. Instead, Charter is under the control of individuals and the groups that people create and join.
Charter replaces corporate social media with open infrastructure: everyone can use it, anyone can improve it, and no one can take it away.
We expect the first deployment of the Charter architecture to be in Bitmark’s Autonomy app, which uses Charter’s social graphs for public health by defining neighborhoods that can share information. We’ll be talking about that in the near future.
To take the next step in developing Charter, we need your help. We invite you to join us at a virtual conference to discuss how to reinvent our social institutions through new collaborations. Join our mailing list to stay informed and to be a part of this new initiative. We welcome futurists, developers, and social-media users alike, so that we can have a wide spectrum of views. Together, we can create a social network built upon social independence, where we decide with whom we associate.
Christopher Allen, Founder & Principal Architect, Blockchain Commons Sean Moss-Pultz, Co-Founder & CEO, Bitmark Inc.
About Blockchain Commons
The open infrastructure of Charter is being designed with Blockchain Commons, who is proudly a “not-for-profit” social benefit corporation and champion for decentralization on the internet, giving power to the people instead of to corporations. Its founder, Christopher Allen, is the co-author of the TLS standard that is used today to protect almost all secure connections on the internet, granting people the power to make purchases on the internet, securely bank online, and more. He has championed object capabilities for use on the decentralized web at the Rebooting the Web of Trust design workshops, which he founded; the first such papers, “Identity Hubs Capabilities Perspective” and “Linked Data Capabilities”, were authored by participants at RWOT V in Boston, 2017.
Charter is being developed by Bitmark, who has been working on empowering people online since 2014. Bitmark’s best-known product, the Bitmark Protocol, allows people to autonomously govern their digital properties and gives them the agency to use them as they see fit. Charter is a new initiative for Bitmark, built on the Bitmark Protocol and the company’s core principles. It is a response to the 2016 attacks on democracy.
It’s been a stressful last few months for everyone at Bitmark, and I am sure you or many people you know have been struggling as well. After the last newsletter, we had expected to launch Spring, our app to help people get their Facebook data, understand it, and eventually use it under their own control.
As we saw the suffering caused by COVID-19, however, we felt an obligation to use our resources to help.
You may already know that through our past efforts in healthcare, our team has learned from patients around the world who suffered greatly from data breaches or were denied access to their health data. Since then, these insights have led our work to put individuals in full control of their data. Our past projects include helping Pfizer match patients to clinical trials while preserving privacy, UC Berkeley safely source health data from underrepresented populations for public health studies, and H2 form the world’s first data trust to cure diabetes.
As we spoke with people about the impact of COVID-19, we learned that people understood what was going on at a greater regional level, but did not know what this meant specifically for them. Was anyone in their neighborhood affected? Were certain areas nearby less exposed to the virus than others? Where would it be safe to take family for a walk?
In response, we are building Autonomy to answer these questions through local neighborhood health forecasts. These forecasts are presented through a numerical score that encapsulates the relative danger of a neighborhood. Autonomy learns from data provided by you, those near you, and verified public sources – every so often, you’ll receive a notification when your neighborhood’s health forecast has changed and requests to share information about how you are doing. Your privacy is always protected.
While Autonomy was created to help measure the spread of COVID-19, our vision is for much wider applicability by enabling mass participation in public health. In the future it might detect cancer clusters or assess how common the cold is in your local community. It might help to evaluate the precise effects of pollution or allergens on our health. It can be an early warning system, a danger assessor, and an analytic research tool. It can help us all to get better. Together.
We expect to launch Autonomy next week in Taiwan, and we are talking with partners throughout the US and Europe to help us support local communities – Autonomy needs local, verified data along with advocates to get the word out. If you can help, please reach out to me. As with the Bitmark protocol, Autonomy is open-source software and available for anyone to use, validate, or modify for themselves.
Happy new decade! I hope you’re not looking for the unsubscribe button already – we have not sent a newsletter in a very long time. There are a number of reasons for that, but I’ve been mainly wondering about what you wanted when you originally signed up.
No one likes getting junk in their email and I certainly do not want to waste your time.
Next week, we’re going to release our new app Spring to the Apple iOS and Android app stores. I will send you a separate email about that soon. I’m very excited to tell you about it.
Here’s what I’d like to do moving forward, however. Each month, I can give you an update on how Bitmark is doing:
Any recent media coverage
Past and upcoming events
News on current projects, partners, and products
Interesting articles that we’ve been sharing internally
For example, a few months ago, we ran an “Artist-to-Peer” (A2P) experiment with renown artist Casey Reas that was covered by WIRED and also Artnome. We see computational art as the beachhead into the larger art market. How, and Why, Artists Exchange Work (NYT article) and Fluxus show how this method has worked in the past. Reas, along with three other curators, selected 75 of the top artists working with digital formats. Each artist made an original digital artwork that was registered to the Bitmark system. From that artwork, 11 tradable editions were generated, each with its own unique provenance. The artists then had one week to build a personal art collection by trading their editions with one another.
Proof of stake could endanger the equality of the blockchain and hidden centralizations could endanger its trustlessness. However, there’s another innovation that may endanger both…
written by Shannon Appelcline
Upon inventing Bitcoin, Satoshi Nakamoto created an open ledger that anyone could write to as long as they followed the consensus rules. This design revealed two crucial elements of blockchain design. First, it declared the equality of the blockchain: anyone could see anything on the blockchain thanks to its permissionless design; and anyone could add any valid transaction to the blockchain thanks to its censorship resistance. Second, it demonstrated the trustlessness of the blockchain: anyone could verify that both the blocks and their transactions were validly constructed.
But the founding principles of a community are constantly endangered as it grows and evolves. As we’ve written in past philosophy articles, we feel that proof of stake could endanger the equality of the blockchain and that hidden centralizations could endanger its trustlessness. However, there’s another innovation that may endanger both: secrecy.
A Confidential Possibility
There has been a bit of secrecy in Bitcoin from the start, as Satoshi Nakamoto states in the original paper: “The necessity to announce all transactions publicly precludes [traditional privacy, which limits information about an exchange to the parties involved and a trusted third party], but privacy can still be maintained by breaking the flow of information in another place: by keeping public keys anonymous.”
However, the blockchain is not truly anonymous. At best, it’s pseudonymous and even that’s quite fragile. It depends on strict key hygiene, where everyone constantly creates new keys, and even then there’s the danger of correlation if someone can detect clusters of addresses and connect any of them to a real-world identity.
The quest for privacy beyond Nakamoto’s pseudonymity has loomed large as Bitcoin has matured. In 2013, Greg Maxwell proposed CoinJoin as one of the first solutions; it simply mixed together bitcoins, making it harder to correlate them. That same year Adam Back detailed “bitcoins with homomorphic value”, which would eventually become the Confidential Transactions of Blockstream’s Elements Project. Back took a different tack by blinding the contents of a transaction, so that people outside the transaction could only see that it occurred (and what the mining fee was). The fact that later non-Confidential Transactions could leak information about previous Confidential Transactions is probably what led to the creation of fully privacy oriented blockchains, such as Monero in 2014 and Zcash in 2016, each of which took different approaches to secrecy.
Obviously, there is interest in increased blockchain privacy: it’s been one of the driving forces for cryptocurrency adoption. This transactional secrecy has a variety of advantages, the most crucial of which is fungibility: with true privacy, it becomes impossible to trace the provenance of an individual transaction, which is crucial for working currency; without it, the cryptocurrrency in individual transactions could be censored if the network did not like who used it or how it we used.
However, we must balance this growing philosophical desire for complete secrecy with the philosophies that have been a developed part of the blockchain from the start. Secrecy may actually enhance some of the blockchain’s core ideals, such as its censorship resistance. And, it doesn’t hurt others, such the blockchain’s trustlessness: protocols like Blockstream’s Confidential Transactions were explicitly designed to balance out the inputs and outputs of a transactions, allowing verification by anyone.
But that’s not to say that secrecy doesn’t have problems of its own.
The Dangers of Cryptocurrency Secrecy
One of the original goals of Bitcoin (and other cryptocurrencies) was to give power back to the people. In the physical world, we’ve lost agency to corporations, government, and plutocrats. The blockchain gave that back to us in part due to its transparency. It suddenly became possible to require that transactions of public entities be public in a way that we never could have considered in traditional financial systems. We could require that proxies publicly reveal their votes, that elected officials detail their contributions, and that corporations declare transactions related to their advertisements, their guarantees, and their certifications — and many of these revelations could be verified through the blockchain itself.
But now, as a shroud of secrecy is spreading across blockchains, expectations of transparency are rapidly fading. If cryptocurrency becomes as opaque as traditional currency, then the opportunity to demand transparency, to truly change the rules of the game, will evaporate.
Confidential transactions and privacy-protecting digital currencies are being advertised as a way for us to have privacy, but it’s them, the rich and the powerful, who will make the greatest use of this power. We already see this in the opaque finances of the physical world, at places like Deutsche Bank, which is facing legal action as the result of laundering twenty billion dollars of Russian money. If the transparency of the blockchain becomes opaque, it’ll happen there too. The rich and the powerful will hide their transactions so that they can maintain the influence and authority they’ve gathered in the physical world and extend it to the digital world — using the very tool that’s supposed to reverse those trends.
In addition, secrecy may turn cryptocurrencies into what people fear. There has long been concern over criminal uses of the blockchain but the transparency and pseudonymity of most blockchains have worked against that — and in fact have made criminals vulnerable when they mistakenly thought they were safe. Cryptocurrrency secrecy could let them in.
Perhaps we, as a blockchain community, will assess these costs as acceptable given the privacy gains for the common person. Or perhaps not. But the problems become even greater when moving from cryptocurrency to the wider world of digital assets, a topic that’s dear to us at Bitmark.
The Dangers of Digital Asset Secrecy
Bitmark defines and defends digital property through the Bitmark Property System, which allows people to register their digital assets and data, then to license, sell, loan, or otherwise leverage that digital property for the good of both themselves and our society. KKBOX’s use of the Bitmark blockchain to record royalties for the use of digital music shows how this system can help individual musicians, while UC Berkeley and Pfizer have demonstrated the benefits of recording health data permissions to support health studies and clinical trials that could contribute to the whole world. But for digital assets to have value, it’s vitally important that ownership records be public, not secret.
Last year we wrote about the case of Shepard Fairey, whose famous “Hope” stencil portrait of Barack Obama became the source of a legal dispute because Fairey didn’t license the original photographic source. That case study demonstrates our need to know who owns something so that we can license it (or purchase it or borrow it): secrecy works against the interests of both asset holders and hopeful licensees. The music industry offers another use case: rights information should be stored in electronic data, but it’s often wrong, which has left artists unable to collect billions of dollars in royalties.
This problem of determining asset ownership is so large that it became a major focus of the US Copyright Office in the ’00s. As corporations like Google tried to turn physical assets into digital assets, they ran into a major problem with “orphan works”, where they couldn’t discover who the rights-holder for an asset was, and so were unable to attain permission (or refusal) to use the work. The Copyright Office was thus tasked with determining whether these orphaned works still served to “promote the progress of Science”, one of the major purposes for copyright in the United States. Their conclusion was:
“Both the use of individual orphan works and mass digitization offer considerable opportunities for the diffusion of creativity and learning. Too often, however, the public is deprived of the full benefit of such uses, not because rightsholders and users cannot agree to terms, but because a lack of information or inefficiencies in the licensing process prevent such negotiations from occurring in the first place. As countries around the world are increasingly recognizing, these obstacles to clearance are highly detrimental to a well-functioning copyright system in the twenty-first century. The Office thus agrees that a solution for the United States is ‘desperately need[ed]’ …”
In other words, the US Copyright Office recognized that society and its institutions needed to be able to discover both the attributes and ownership of assets, so that it could better itself and reach its full potential.
Obviously, having ownership information easily available could have helped Shepard Fairey and Google, who each wanted to reuse existing assets. It could have helped musicians, who desired to receive payments for their music. But it goes far beyond that and far beyond these cases of accidental secrecy. By knowing who owns resources, a society can find those resources when it needs them — whether it be iron ore required for construction or health data needed to solve a medical problem. By knowing who owns items, a society can contact the owners of those items — perhaps because those items are surprisingly dangerous (due to a recall) or perhaps because they’re surprisingly valuable (due to a need). Finally, as the US Copyright Office noted, registration of ownership can allow negotiation, a necessary element to resolve negative externalities related to a marketplace, as discussed in Coase Theorem. Having purposeful secrecy would directly contradict all of these use cases, which is why it’s even more problematic for digital assets than for simple cryptocurrency.
The US Copyright Office suggested legalistic methods to solve this problem. But there’s another, better solution, one that can avoid works being orphaned or misplaced in the first place: technology. It’s the solution offered by the Bitmark Property System, which organizes and codifies the ownership of digital assets on a property rights blockchain for the good of both the rights holders and our society. By maintaining these deeds in the public eye, not in secrecy, we can enable all of these use cases: Fairey’s artistic reimagination of a photo, Google’s digitization of classic works, and our society’s ability to locate, recall, or purchase items of importance.
Many people laud the privacy of the blockchain, something that was possible once upon a time when transactions depended on cash in the physical world, but which is becoming increasingly difficult in a world of electronic banking on the internet.
But, we should be aware that secrecy of this sort has very real consequences. Some people might value their privacy enough to empower the plutocratic powers of the physical world in cyberspace, though we think there’s real weight to both sides of the argument. But when we delve into the wider world of digital assets, we think this position becomes increasingly dangerous.
Which is why the Bitmark Property System is open and transparent, just as Bitcoin was in its original design.
A Philosophy of Blockchain: Do You Have Hidden Centralizations?
A Philosophy of Blockchain: Do You Have Hidden Centralizations?
It’s hard to avoid hidden centralizations, particularly when you’re creating code that’s being used by a network…
written by Shannon Appelcline
There is no doubt that decentralization was one of the core philosophies of Bitcoin (and thus the blockchain). In his original white paper, Satoshi Nakamoto wrote that Bitcoin could enable “any two willing parties to transact directly with each other without the need for a trusted third party”. Over time, this idea has become a touchstone for the blockchain technology: the Nakamoto Consensus protocol ensures that a blockchain is created in a decentralized way, then anyone can validate transactions to ensure that a blockchain remains trusted.
Why is decentralization important to blockchains? Satoshi Nakamoto alludes to the intent in the original Bitcoin white paper, saying that it would be problematic if “the fate of the entire money system depend[ed] on” a centralized authority. This is certainly a crucial, if pragmatic, reason to avoid centralization: if the health and viability of that authority fails, then so does the entire system.
However, the Cypherpunks, who prefigured the creation of Bitcoin, offered more philosophical reasons behind the logic of decentralization. In “A Cypherpunk’s Manifesto”, Eric Hughes discussed how the traditional right of privacy was being eroded as commerce moved into electronic realms, saying: “We cannot expect governments, corporations, or other large, faceless organizations to grant us privacy out of their beneficence.” Perhaps more importantly: we can’t depend on the people who run those organizations and corporations to protect our privacy. Even if we trust a centralized authority when we give them our data, we can’t guarantee that we will trust them in five, ten, or fifty years when new executives take over. The cypherpunks saw the need to sidestep those centralizations to ensure that the privacy of the physical world was replicated on the internet, but the mere desire for decentralization doesn’t ensure it.
Despite our best intentions, hidden centralization have crept into blockchains. They take power from the people, which was core to the conception of the blockchain, and instead give it to small and powerful groups of elites. Many people fear the 51% attack, where a majority of miners could take over a blockchain, because any proof-of-work blockchain has a hidden centralization in just 51% of its full mining nodes. However, there are even more insidious possibilities. Protocol designers, code programmers, and even blockchain voters can all be part of small, hidden centralizations, where a small subset of blockchain users suddenly become an authority.
Different blockchains have approached this problem in different ways, either fighting the hidden centralizations of miners, coders, or voters or embracing them.
But even for those of us who believe that these hidden centralizations violates the core philosophies of the blockchain, it’s a difficult battle.
Programmers & Bitcoin
Bitcoin offers the best example of the battle over hidden centralization, both because it’s the largest blockchain and because it’s worked the most with the issue — largely focused on the hidden centralization of Bitcoin protocols and code.
Theoretically, any code that aligns with the Bitcoin consensus protocols can be used to interact with the Bitcoin blockchain, but its technological future is primarily directly by Bitcoin Core — the codebase ultimately derived from the original code of Satoshi Nakamoto, and now used by approximately three-quarters of Bitcoin nodes. This code thus represents Bitcoin’s first hidden centralization.
Though Bitcoin Core has a small number of “core” team members, led by Wladimir van der Laan, the code is maintained on Github to maximize community involvement. This has allowed for hundreds of contributors: theoretically any Bitcoin aficionado can join in. However, even for the most popular and most successful blockchain, reality doesn’t always line up with desire. Just 67 contributors have made more than a dozen commits, just 45 have made more than twenty, just 23 more than a hundred. Only a dozen or so people have full commit permissions on the Bitcoin Github repository.
Fortunately, Bitcoin’s centralization begins to recede when you move away from the Bitcoin Core code to the underlying consensus protocols. Changes are initiated in Bitcoin Improvement Protocols, which support widespread community involvement. They then continue through a process of “rough consensus”, where major objections are heard and resolved. Only afterward are BIPs introduced as actual code.
If this rough consensus was the final word in which BIPs were eventually introduced into code, then the hidden centralizations within Bitcoin’s consensus protocols would be greatly minimized. However, there’s another step: Bitcoin nodes must indicate that they’ve adopted a new protocol element through signaling, as detailed in BIP9. It was never intended to be anything but a marker to show which nodes had adopted the newest protocols … until the great Bitcoin block-size debate. Different interest groups fought over how large blocks on the Bitcoin blockchain should be, and during this conflict, BIP9’s signalling methodology became a de facto voting process for how the debate should be resolved. Essentially, it was “vote-by-work”, since the votes were determined based on the power of miners creating blocks.
In other words: there are hidden centralizations all the way down. Even if “core” coders don’t have ultimate power on the Bitcoin blockchain (and there’s certainly disagreement here), then miners might, because they can limit what consensus protocols go into actual use. They’re both centralizations, and like Eric Hughes said, you can’t expect such authorities to respect the best interests of the rest of a network.
As the block-size debate continued, a User Activated Soft Fork, or UASF, attempted to shift the decision-making power all the way down to the end-user, but was superseded by the adoption of BIP91 before the UASF could come to fruition. Nonetheless, it was an important statement of the power of the people at the foundation of the blockchain (and an important step away from centralization).
The long and bloody debates over block size resulted in the creation of Bitcoin Cash, a variant of the Bitcoin currency. This fundamental and irrevocable disagreement demonstrated that even Bitcoin doesn’t deal perfectly with the problems that can be introduced by centralized code and protocols. But it’s certainly the blockchain that’s done the most to battle its hidden centralizations.
Others of us have further to go.
Programmers & Ethereum
Ethereum is the second most popular blockchain after Bitcoin, focused on distributed computing rather than just cryptocurrency transfer. Like Bitcoin, Ethereum has its own Github, its own BIPs (called ERCs), and a relatively small team of developers — though Ethereum has twice as many regular developers as Bitcoin, according to a Cointelegraph report. So, there’s certainly been care and effort in managing Ethereum’s hidden centralizations of code and protocol. However, unlike Bitcoin, Ethereum has its own non-profit: the Ethereum Foundation. This non-profit is a different sort of hidden centralization that could exert a lot of control over the future of the network — a problematic possibility that blossomed in the 2016 DAO incident.
The DAO, a “decentralized autonomous organization” was a new business model controlled by smart contracts. It allowed investors to place their money into an organization that could then make investments of its own all run from an open and borderless blockchain. It could have been the future of business on the internet.
Unfortunately, the Turing-complete nature of Ethereum’s expansive programming language ultimately spelled the DAO’s doom. Turing-complete languages are either difficult or impossible to logically prove, which means there’s no way to formally say that they will do what they’re supposed to. Or, if you prefer: they can have hidden bugs. And that was the case with The DAO. Participants invested $150 million into the decentralized autonomous organization, and then a hacker used an exploit to transfer out $50 million of that money. The bug, it should be clear, was in the DAO software, not in Ethereum itself.
Blockchains are merciless. There are no take-backs. If you send money to the wrong place, don’t recover your change, mess up a hash … or write a program wrong, that’s on you. The autonomy of decentralization becomes a harsh reality if you make a mistake. So, under the core philosophy of the blockchain, that $50 million should have been gone. As some people said in the wake of the DAO incident: “code is law”.
That’s not what happened. Instead, the Ethereum Foundation proposed a hard fork to wind back time and get the lost money back to the DAO’s contributors. The whole community voted using a brand-new “Carbonvote” system, which was essentially vote-with-stake: yes and no votes were counted based on the amount of cryptocurrency held by the voting address. 89% of voters agreed to roll back the DAO losses, but it still raised the spectre of hidden centralization. How much authority did the Ethereum Foundation exert by making and pushing the proposal? And, would they do it again? In the worst case, Ethereum had revealed a hidden centralization in the small group of people controlling the Foundation, while in the best case they’d merely shown that 51% of voters could make unprecedented changes to the blockchain.
Either way, the centralization was real. The Ethereum Classic blockchain was the result: a new cryptocurrency spun off of Ethereum for people who felt that the DAO rollback had violated the philosophies of the blockchain. (Like the somewhat similar Bitcoin Cash fork, the new cryptocurrency has proven considerably less valuable than its parent.)
Programmers & Bitmark
At Bitmark, we’ve developed our own blockchain for the specific purpose of building a digital property system: the Bitmark blockchain, focused on the registration and management of digital property and assets. It allows users to transfer and license these various properties, controlling and monetizing their digital assets. Much as with the cryptocurrencies of Bitcoin and Ethereum, it’s crucially important that this network be truly decentralized, so that its users can trust the neutrality and openness of the blockchain.
And here we’ve discovered what the creators of Bitcoin and Ethereum already know: it’s hard to avoid hidden centralizations, particularly when you’re creating code that’s being used by a network. As with the other blockchain communities, our code is available on Github. We also have a brand-new Bitmark Upgrade Proposal (BUP) system, where community members can suggest upgrades to the Bitmark Algorithms. But that’s not enough on its own: several external developers have forked our core code, but to date all of the commits are from our own engineering team, while the BUP system is too new to have generated proposals.
Though Bitmark has had strong success with partners like KKBOX (who uses the Bitmark Property System to record rights to digitally streaming music) and Chibitronics (who registers Bitmark certificates to verify the authenticity of their hardware), making additions to a blockchain’s core code (or its algorithms) requires a totally different sort of community. We’ve thus experimented with other methodologies, such as seeding our coding community via a bug bounty program. A few community members have already been paid out for reporting small bugs in our web app. These bug reports aren’t Github commits or BUPs, but they’re a first step toward decentralizing our coding work.
After we’ve welcomed more external coders into our community, we’ll eventually need mechanisms to decide what actually gets added to our code and our protocols. Bitcoin and Ethereum both developed somewhat ad hoc systems to allow voting on contentious protocols: Bitcoin used a signalling system that wasn’t intended for voting, while Ethereum’s Carbonvote was created to resolve an immediate crisis. A more thoughtful system, not created due to immediate exigencies, could more carefully consider the best way to manage collective choice, whether it be rough consensus, work voting, stake voting, or something else.
Unlike the philosophy discussed in our last article, on proof of work vs proof of stake, the blockchain community is much more settled on the advantages of decentralization.
In spite of that, blockchains have big problems with centralized authorities; they’re just somewhat hidden.
The central power of the Ethereum Foundation to pursue a radical reversion of the Ethereum blockchain was an eye opener for many in the blockchain community, but it’s just a singular example of a more endemic problem, one that generates serious questions that we all need to consider.
How can we reduce the centralizations inherent in miners, protocol developers, coders, and blockchain VIPs?
How can we develop protocols of collective choice that maintain the power of the people without subjecting it to the tyranny of the majority?
In other words, how can we truly meet the blockchain’s original goals of decentralization in reality?
A Philosophy of Blockchain: What Would Satoshi Nakamoto Think of Proof of Stake?
A Philosophy of Blockchain: What Would Satoshi Nakamoto Think of Proof of Stake?
We’ve been somewhat surprised by how many people ask us why we don’t use proof of stake instead. There are a few reasons, but most importantly…
written by Shannon Appelcline
The blockchain began with the Bitcoin ledger, which started on January 3, 2009, making it just more than ten years old. That’s still very young for a major new field of computer technology. It’s like databases in 1970, before the relational database model or the structured query language appeared, or like the TCP/IP-based internet in 1993, just a couple of years after the advent of the web page.
Given the youth of the field, it’s not surprising that we’re still exploring different routes forward: finding out how to best design and best use the immutable consensus ledgers that represent a whole new way to record and store information.
We’re still trying to decide what the philosophy of blockchain is, and what it should be.
Proving the Blockchain
One of the blockchain’s current technological discussions focuses on consensus: how do you decide what can be added to the blockchain? What can you do to make sure the blockchain is fairly constructed and remains immutable? This question has long been viewed through the lens of The Byzantine Generals’ Problem, which requires the consensus of selected “generals”, but accepts that some might be adversaries. A system is considered Byzantine Fault Tolerant if it can remain true despite the failure of some percentage of its components.
Traditional solutions to this problem predate the blockchain: Practical Byzantine Fault Tolerance (pBFT) achieves consensus by its community members engaging in multiple rounds of voting until they achieve sufficient agreement — even if some members are not responding or are responding maliciously. It was groundbreaking, but also has some severe limitations: because of its extensive communication requirements, pBFT requires a limited number of established actors: you can only have so many generals, and they must also be known in advance.
Despite these limitations, pBFT (or close variants) has come into use on some permissioned blockchains. The federated consensus used by Blockstream’s Liquid network is one such example. It’s a private network where cryptocurrency exchanges come together to support arbitrage between their companies, therefore a permissioned solution works well. The Hyperledger Fabric blockchain is similarly built around pBFT.
However, Satoshi Nakamoto realized that entirely different solutions would be required for permissionless public blockchains built on trustless transactions. One of the largest innovations of Bitcoin was thus his “Nakamoto Consensus” protocol. It contains multiple elements, including: block proposer selection (where someone is given the opportunity to suggest a block) and block inclusion (where the block is added to a blockchain, which may or may not become the main chain, depending on a stochastic process). Some people also consider Bitcoin’s scarcity and rewards structures to be part of the protocol.
It’s that first element of Nakamoto Consensus, the block proposer selection, that really catches peoples’ attention and that drives many of the discussions over the future of blockchains, and that’s because it’s core to the idea of permissionless blockchains such as Bitcoin. Technically, you could choose a block proposer through a random or a round-robin mechanism. (In fact, pBFT does the latter.) That works for permissioned blockchains, but it quickly falls apart on permissionless blockchain, as anyone could make any number of accounts to increase their odds of proposing blocks. As a result, Nakamoto Consensus required a Sybil defense mechanism to prevent people from gaining advantage in the consensus by creating numerous accounts. That’s what a good block proposer selection method does.
Two Sybil defense mechanisms have achieved strong attention: proof of work and proof of stake, both of which control Sybils by making them expensive. (There are also other proposer selection mechanisms such as proof of activity, proof of authority, proof of burn, and proof of capacity, but they haven’t yet achieved the same attention.) Though proof of work was Satoshi Nakamoto’s original Sybil defense, proof of stake is quickly gaining on it. There are now even systems that combine proof of stake with traditional BFT systems — such as the EOS blockchain, which uses proof of stake to vote for the “generals”, who then engage in BFT voting to achieve consensus.
So how do the two most popular Sybil defense systems work?
Proof of work is the traditional method of Sybil defense on a blockchain, used by Bitcoin and (at the moment) by Ethereum. Every participant is given the opportunity to solve a math problem. Whoever manages to do so is allowed to propose a block for the blockchain, contributing to the consensus and the growth of the ledger. Sybil defense is provided by the fact that it’s very hard to make these calculations, and so has real costs in energy.
Proof of stake is a newer Sybil defense, first used in production by Peercoin and being studied by Ethereum for a future release. Here, a random participant is chosen to create a new block based on their “stakes” in the system, usually defined as either quantity or age of cryptocurrency holdings. In other words, participants randomly get to make blocks if they either have a lot of digital assets or a lot of old digital assets; this is the core cost that prevents attackers from making numerous Sybil accounts. Early proof-of-stake mechanisms presumed that stakeholders were inherently incentivized to produce correct blocks, but that resulted in certain attacks, so newer systems create security by adding punishment: if a participant incorporates fraudulent transactions, then they lose part of their stake and the ability to create future blocks.
There are advantages and disadvantages to each system; however, to truly assess which is best for the blockchain community requires going back to the beginning and remembering the technology’s philosophical underpinnings.
Reconsidering the Philosophy
In recent years, Bitcoin discussion has mainly focused on its price, while wider blockchain discussions tend to concentrate on what can be done with the technology. But that omits a crucial topic: why the blockchain was created in the first place.
Satoshi Nakamoto’s original white paper on Bitcoin is heavy on technology and light on philosophy, but it offers a few clues with its discussions of “peer-to-peer” networks and its move away from “central authority”. Bitcoin was about giving power to the people, so that they could transact currency without having to depend on either a corporation or the state. As such, it was an outgrowth of the cypherpunks, who had been working on digital cash solutions for some time. They advocated for privacy and fought against government control and against censorship.
The philosophical underpinning of blockchain can easily be derived from the intersection of cypherpunk ideals with the decentralized, peer-to-peer technology imagined by Nakamoto. This meeting of ideas suggests a world where everyone is an equal: where everyone has the opportunity to contribute to the consensus, and where they can all interact on a level playing field.
It’s about reversing the plutocratic and autocratic trends of the physical world, where very small numbers of people have great influence and power, and instead creating a place where everyone has autonomy and agency.
At Bitmark, we abstract the core philosophies of the blockchain by saying that it should be open (so that anyone can access it), borderless (so that real-world barriers don’t impact our virtual equality), censorship-resistant (so that no one can prevent another person’s participation), and permissionless (so that anyone can add to the consensus).
And that brings us back to the question of proof of stake versus proof of work. For a Sybil defense system to truly uphold the original principles of blockchain, it needs to be a system that anyone can join, and the two most popular Sybil defense systems are not equals in this regard.
Comparing the Protocols
Bitmark has its own stake in this debate because we’ve created our own blockchain, the Bitmark Property System. Where the Bitcoin blockchain secures digital money, the Bitmark blockchain secures property rights, allowing people to own, transfer, and generate income from their data and other digital assets. In constructing the Bitmark public blockchain, we had to consider many questions about the philosophy of the blockchain; we then used the answers to guide the design of our blockchain. One of our decisions was to use proof of work, and we’ve been somewhat surprised by how many people ask us why we don’t use proof of stake instead. There are a few reasons, but most importantly:
We don’t believe that proof of stake matches the original ideals of Bitcoin, which are also our own ideals in creating the Bitmark blockchain.
In short, proof of stake reverses the egalitarian ideals of the blockchain. Certainly, miners have a lot of power in proof-of-work blockchains, but we know people who have purchased mining rigs solely to ensure that they would always have a voice on the blockchain. Though they might only be able to rarely produce a block, they can ensure that their transactions can never be censored. Every single person has that possibility on the Bitcoin blockchain (albeit at a higher price now than in its early days, due to its success).
proof of stake consolidates power in the hands of the few — the old and the rich — exactly mimicking the real-world environment that Bitcoin was trying to overthrow.
It prevents the many from participating, it allows the rich to get richer, and it creates new dangers of censorship. Though we speak of this at a personal level, every corporation, organization, and government should have the same concerns: newcomers could face new barriers to entry because a competitor could prevent them from participating in a proof-of-stake blockchain. Proof of stake has the very real possibility of creating digital plutocracies, and even absent other concerns, that dramatic change in philosophy would be enough for us (and we suspect for many blockchain enthusiasts) to abandon proof of stake entirely.
The other major issue with proof of stake is that it’s poorly tested. We have faith in proof of work because it’s been the backbone of Bitcoin and Ethereum for years; it’s processed three-quarters of a billion transactions. In contrast Peercoin, even with a market cap of $10 million dollars, is averaging about a dozen transactions an hour. Overall, Peercoin has accumulated just a few million transactions; that’s one thousandth of what Bitcoin and Ethereum have done. Meanwhile, Ethereum has spent over five years working through a few different proof-of-stake mechanisms. Partway through that time, in 2016, Vitalik Buterin said: “After years of research, one thing has become clear: proof of stake is non-trivial — so non-trivial that some even consider it impossible.”
It’s possible that at some time in the future, someone will come up with a well-tested, well-reviewed proof-of-stake protocol that also answers the problems that proof-of-stake mechanisms currently have in regard to consolidation of power. But the time is not now.
None of this should suggest that proof of work is without challenges, because there are many. We’re aware that energy usage has often been a complaint, but it’s not one we find particularly credible; just as we think that people should have autonomy in the blockchain world, we think they should have that control in the real-world too, and that means not censoring or controlling their energy usage. This sort of autonomy has been a general rule in any free society: for example, we are aware of the environmental costs of cars and their dangers to occupants, other drivers, and pedestrians; but for the most part we don’t try and control car usage by limiting it, we simply work to make it more efficient and safer. Similarly, we can work to make energy production cleaner and more reusable, but as a free society we shouldn’t place limitations on how people use their power.
But, there are other challenges to proof of work: the idea of a 51% attack, that’s something that keeps us up at night. Further, as a company working on a proof-of-work blockchain, we have to ask whether there is room for a third major proof-of-work network, following Bitcoin and Ethereum. Or, would a proliferation of proof-of-work networks dilute the miner base of each, making them more susceptible to an association of miners who could jump from blockchain to blockchain to engage in 51% attacks?
For the moment, we prefer the better known and better tested solution, but we should be aware of the dangers of any method for controlling Sybils in a permissionless system.
On balance, Bitmark feels that the advantages of proof of work currently remain greater than those of proof of stake. But we find the philosophical issues even more important: we would need to see a proof-of-stake mechanism that was aligned more closely with the blockchain’s original ideals before we were willing to adopt it, even if it was well-tested and offered clear improvements over current proof-of-work systems.
Certainly, we understand that other groups might balance the advantages and disadvantages of these two Sybil defense mechanisms in different ways.
But ultimately, we believe it comes down to that philosophical question: like the founders of blockchain, are you interested in empowering the people? Or, does your personal philosophy lie elsewhere?
We think philosophies are important, and we expect to continue to address the topic in future articles about choices in blockchain design. Future topics we’re considering include hidden centralizations, the inclusion of tokens and scripting languages, the publication of information, and whether you should just use the Bitcoin blockchain (or no blockchain at all).
Castro, Miguel and Barbara Liskov. February 1999. “Practical Byzantine Fault Tolerance.” Proceedings of the Third Symposium on Operating Systems Design and Implementation. http://pmg.csail.mit.edu/papers/osdi99.pdf.
Technology is Not Magic: The Hacker’s Point of View — Bitmark Ambassador “bunnie” Huang
Technology is Not Magic: The Hacker’s Point of View — Bitmark Ambassador “bunnie” Huang
“One of the reasons I am so passionate about open source, is that I worry that, if people believe that technology is magic, then we find ourselves in a dangerous situation. We essentially become slaves to the technology…”
The Bitmark Ambassador series highlights innovators who understand the importance of property rights in the modern digital environment. They are industry pioneers — artists, lawyers, scientists, health researchers, hackers, makers and creators.
Andrew “bunnie” Huang is a renowned hacker, author, researcher, and activist. He is best known for his open hardware designs: the Chumby (app-playing alarm clock), Chibitronics (peel-and-stick electronics for craft), and Novena (DIY laptop). His book on reverse engineering, Hacking the Xbox, is a widely respected tool for hardware hackers. He serves as a Research Affiliate for the MIT Media Lab and a technical advisor for several startups including Bitmark and MAKE magazine. bunnie received his PhD in Electrical Engineering from MIT and currently lives in Singapore where he runs a private product design studio, Kosagi.
Throughout his various projects to empower fellow hackers, journalists, and women, these projects all share one core value: “The Importance of Free Will”.
“I really value free will. A lot of times at the end of the day, part of the idea of seeing the world as a hacker and not seeing the labels on things — that’s kind of the essence of free will.”
In his Bitmark Ambassador video, bunnie raises an interesting question about the people behind large organizations and companies that create rules and define structure. These people are no better than us — we all have the intelligence and capability to question what we are led to believe. We do not need to settle for blind acceptance.
“I really hope in the future we can always find a way to preserve free will. And a lot of the idea behind open source and sharing and sharing the idea of hacking is teaching people how to have that sense of free will and independence, that ability to control their destiny.”
bunnie tells us that if technology makes people feel trapped or lost then there is a path to understand it. That is how a hacker looks at technology, seeing it for what it really is, not what it’s only packaged to be.
“That kind of experience of being able to just kind of touch the hardware and play around with it, break it, fix it, kind of got me over even the notion that technology is magic. Technology is something that you can understand.”
Enjoy “Technology is Not Magic” below and let us know how technology impacts your perspective on the world.
▪ He teamed up with NSA whistleblower Edward Snowden to develop Introspection Engine, an iPhone case for journalists and human rights activists that detects if their devices are secretly transmitting Wi-Fi, cellular, Bluetooth, or GPS signals when they shouldn’t be.