The answer to the question implied in the article -- why does Libra make such unjustified design decisions -- is simple. Some people have become enamored with blockchain despite it having almost no good use cases, and this certainly isn't one. It seems like a classic example of focusing on the technology rather than on the problem.
--
Regardless of the other, far more important sections of this article, I find the section about the programming language misleading. Programming language theory does not study the quality of programming languages or their suitability to certain tasks. It is simply outside the purview of the discipline. PLT does not have any tools whatsoever to determine which language is more or less suitable and it is not interested in that question. The theory studies the properties of formal systems and the internal implications of their design. Much like mathematics can deduce from the Peano axioms that 10 > 5, but it says absolutely nothing about whether 10 is "better" than 5 because the answer to that depends on context (are we talking cookies or tumors?) that is simply outside the purview of mathematics. Similarly, PLT can say whether a certain formal system is sound or not, but it says nothing whatsoever about whether soundness is "good", "bad" or neutral, and certainly not how good or bad it is. Of course, programming language theorists have opinions on the matter, but those opinions are not supported by the theory.
Also, given the other glaring flaws, there is nothing to suggest that a formal definition of the programming language would improve matters in any perceptible way. After all, we do entrust the world's monetary system, and sometimes even our lives, to software written in programming languages that don't have a formal definition. As someone who studies the issue of software correctness, a formal definition of a programming language is certainly of interest to theorists, but it has not been shown to be a particularly worthwhile means of increasing correctness.
If you may spare a minute, I'd like to know your opinion on mission-critical software in dangerous-prone contexts (such as avionics, life support, even just economically for permanently-written "ROM" software, etc). Formal methods seem required in such projects, but your final paragraph seems to imply the formalism isn't key to end quality?
(my agenda, for transparency: I want to send SOC's in space on tiny RISC-V satellites, and the lowest layers of those should be 100% error-free because there's no going physically there to reboot a working shell, remote is all we have.)
Regarding 'love' for blockchain, I think it's the basic proposition of "100% accurate data that cannot be controlled by anyone" that seduces. The 'cost' of that in performance becomes a nagging second concern. It gives people a feeling of safety if no other party, not their bank nor family nor employer nor anyone can alter their data, their transactions (whatever the kind, financial is but one use).
Whether blockchain is the only way to achieve that is another matter, but (afaik?) so far it's the only working implementation of the concept of perfectly secured data. I think that's what drove people nuts. I also think Bitcoin or currency in general is but one use case and a very impractical one in the current financial environment, i.e. Earth circa 2019. I'd wager there are much better avenues to explore, eminently non-financial in nature, such as peer-to-peer 'free' communication, or formal (law, contracts) codification (anything official and 'forever' until 'revoked'). No coin, no market, no whatever but the benefits of a slow but 100% truthful database, for small data (text fits quite well).
> but your final paragraph seems to imply the formalism isn't key to end quality?
That's not what I said. I said that merely creating a verified formal specification of a language is not in itself a good path to increasing correctness, and I wouldn't focus on that as a significant cause for concern given all others. But even when you use formal methods in the development of your software -- and I'm certainly a proponent -- there are many formal methods with widely different guarantees and costs, and some of them don't require a formal specification of the programming language. Moreover, no system can be 100% error free, regardless of verification method used. Systems rely on hardware whose actual behavior can never be "proven" correct, and, at best, only probabilistically matches the spec.
I personally believe that some formal methods can greatly improve correctness, and do so affordably, but the question of which formal methods are worthwhile when and by how much each of them improves correctness is very much an open question.
> it's the only working implementation of the concept of perfectly secured data.
I strongly disagree. There is no such thing as "perfectly secure." Security is defined with respect to certain threats (e.g. a hazmat suit can protect you from poisonous gas but gives you no defense from bullets, whereas a bullet-proof vest is the opposite), and blockchain is rarely the most secure with respect to the most relevant threats in a monetary system.
I think this question is best answered by economists, and I'm certainly not one. But blockchain does seem to interfere with some of the best regulatory defenses against economic disasters.
Blockchain gives the impression that the primary threat it is designed to defend against, is a government deciding (like Germany between world wars) to inflate their currency for whatever reason. So, not surprisingly, in order to defend a currency against being decreased in value by a central authority, it is vulnerable to all of the threats that a central monetary authority might help you with.
Which of these threats you think is the more salient is, of course, a matter on which people may disagree. I personally find the risk of a central monetary authority devaluing my money, to be not one of my top concerns, but I could understand why others might think differently (especially if they were in a different country, that used a different currency).
Right, here in Argentina our currency has lost more than half its value this year, and the US dollar has lost 96% of its value since the end of the gold standard in 1973. I carry a Zimbabwe 100 trillion dollar bill in my wallet to remind people what real hyperinflation is.
I don't think that's the main threat Bitcoin is designed to defend against, though; I think there's a whole spectrum of confiscation threats, ranging from thieves tunneling into bank vaults (I know a woman here who lost her savings that way), to immigration authorities confiscating jewelry, to pirates, to trumped-up "money laundering" charges. And of course if we're mentioning Germany and World Wars, we must not forget the confiscation of Holocaust victims' entire possessions, including jewelry and fillings after the gas chambers. Bitcoin can't make genocide impossible but maybe at least it can make it unprofitable.
> the US dollar has lost 96% of its value since the end of the gold standard in 1973
It is more like 80-85%, not 96%. $1 in 1972 is $6-$6.5 in 2019. A 96% loss of value would mean $1 in 1972 is more like $25 in 2019, which is not the case.
Also to phrase it in context you should probably say "the US dollar has had an average annual inflation rate of 4% per year over the last 5 decades". Also for additional context you should point out that bonds slightly exceeded, and that $1 of stock in 1972 in the US market became ~$104 in 2019.
It depends on which particular data series you use for deflation. There are definitely things for which US$1 in 1972 is more like US$25 in 2019, such as gold and energy. To take one example among many, oil cost US$3 per barrel at the beginning of 1973, and despite the fracking boom in the US, it costs US$63 today, 21× as much. And, as you yourself point out, you need over US$100 today to buy shares of stock that cost US$1 in 1972. (And there are other things which are cheap in 2019 that were unavailable at any price in 1972, and vice versa; and there are borderline cases like videotape recorders and microcontrollers, on one hand; and 1963 Buicks, ivory, old-growth redwood lumber, and quaaludes, on the other.)
I agree that "an average annual inflation rate of 7.1%" (or, using your US$6 number, 3.9%) sounds much milder than "lost 96% of its value since 1973" (or 83%). Where I differ is on whether the milder presentation or the more dramatic presentation is more informative. I think that, except to financial traders, "3.9%" or even "7.1%" is a misleadingly insignificant number.
Consider that throughout the 1600s, 1700s, and 1800s, there were families that lived on the interest income from government bonds, both in the US and in England. Even throughout the 20th century, people would buy "savings bonds" as presents for children or as a means to save up for college or retirement; the bonds would reach maturity decades in the future, providing a healthy reward for the prudent and patriotic purchase. Since the end of Bretton Woods, that 3.9% or 7.1% has made nonsense of such ideas. Despite what you might think, this hasn't eliminated plutocracy or increased social mobility — rather the opposite has happened in the post-Bretton-Woods years, in fact. I think it's hard to obtain the historical perspective necessary to appreciate the importance of this radical experiment. But it is, I assure you, a worthwhile effort. I recommend it.
Perhaps inflationary monetary policy is a necessary instrument for avoiding financial panics; it's a plausible idea. But the evidence against it — particularly the 1970s stagflation in the US — suggests that, though plausible, it isn't such a clearly open-and-shut conclusion that we should deny everyone access to alternative, non-inflationary currencies. Moreover, in most scenarios, attempting to institute such a policy would only deny such access to everyone but the well-connected and influential.
Certain things outpace inflation, yes. Certain things are drastically cheaper. That's why we use an inflation measure that's sort of an aggregate, not pinned to one or two commodities. You don't spend 100% of your money on oil and gold.
Oil now is 3x more expensive even after a more average inflation of ~4% compared to the bottom of 1973 (though in the mid 90s it wasn't so bad).
Energy as a whole though, is not 3x more expensive. Petrol is only about a third of energy consumption. Consumer electricity prices for instance are relatively constant from the 70s through now. Slight increase in the 80s, slight decrease in the 00s, but within say <5% of prices.
I'm not making assertions about the change to bond markets (which I agree are historically fascinating, and will continue to be so in the future too).
There isn't an objectively correct basket of goods that is obviously the correct deflator to use, which seems to be a significant underlying assumption of your line of reasoning. The debate about which ones are the important ones to include in statistics like the US BLS CPI is a politically charged debate resolved in part by political means, not purely by the disinterested pursuit of truth. The CPI in particular eminently susceptible to drift over the years, since the goods in it change over time according to the Consumer Expenditure Survey — in 1973 people in the US were buying washing machines that are still in use today and Saran Wrap made of actual Saran, for example, and today they're buying washing machines that wear out in five years and Saran-free Saran Wrap. And of course it measures the prices of only mass-market consumer goods, not services (such as the essentials, child care and elder care) or custom or unique goods such as hand-tailored suits or buildings — a political decision, not an objective one.
If we want to be skeptical of carefully tailored metrics with thousands of parameters produced by political appointees, what standard should we use to measure the value of the dollar? Precious metals have been the standard against which currencies have been measured for several thousand years — the gold standard for measuring the value of currencies, you could say — and by that standard the dollar's loss of value since 1973 is about a factor of 25. This compares to about a factor of 2 over the previous 40 years, since 1933, and a factor of about 1.1 over the previous 140 or so years since the dollar was introduced.
I suspect that if you compare other goods which are, like gold and crude oil, verifiably produced to the same standard of quality in 1973 and today, you will find a similar factor of 16–32 in their dollar prices. I'm thinking of the most common grades of steel, aluminum, brass, portland cement, window glass, industrial electric motors, and so on. There will definitely be some exceptions — ±1% resistors are much cheaper now, to the point where you can't even get the ±20% kind that were the norm in 1973, and I imagine the same is true of specialty steels, synthetic sapphire, and a number of other things that were barely feasible at the time; and presumably photographic film has become more expensive, as it has ceased to be a mass-market item. If you're right about the cost of electricity "staying the same" — by which I assume you mean that, in the US, it increases in line with the BLS CPI? — this suggests that my hypothesis won't be true of coal. Do you have any other ideas?
Let's take anthracite, because it's the purest grade of coal, so it should be less vulnerable to variation in value from drift in grading standards. https://www.eia.gov/totalenergy/data/annual/showtext.php?t=p... suggests that nominal anthracite coal prices have risen from US$13.65 per short ton in 1973 to US$70.99 in 2011; https://www.eia.gov/energyexplained/coal/prices-and-outlook.... says that in 2017 they were US$93.17 per short ton, FOB the mine. That's a factor of 6.8, which is a lot closer to 6 than to 25.
> If you're right about the cost of electricity "staying the same" — by which I assume you mean that, in the US, it increases in line with the BLS CPI?
Yes I meant real price, not nominal.
US electricity is somewhere around a third from coal.
I would be interested in a study showing a 15-30x increase in similar-quality construction materials.
The fixation on gold makes no sense to me. It's just a commodity, not a super useful one either. Gold's price floats wildly based on people's fears. It's not like everything became 4x more expensive between 2000 and 2015.
We were debating precisely which data series is best for computing the "real price" from the nominal prices. But it seems you take me for a fool and beg the question.
I see your point, but I think there are plenty of examples of people losing their Bitcoins through analogous nefarious activities (e.g. MtGox). For an expert in cybersecurity perhaps Bitcoin is safer, but for the average non-technical person (in the U.S.) it is probably _more_ likely to get your money taken by a thief than if you had it in fiat currency in a bank, though of course either one is possible.
Again, this could vary depending upon your nation's government and crime situation.
I think it's true that "for the average non-technical person (in the U.S.) it is probably more likely to get your money taken by a thief than if you had it in fiat currency in a bank." But I think you're locating the problem in the wrong part of the conjunction: the reason fiat currency in a US bank is more secure is because US banks are fairly secure, not because the fiat currency is secure.
It seems like some sort of confusion to blame the Mt. Gox heist on Bitcoin. Mt. Gox's depositors gave their Bitcoins to Mt. Gox; Mt. Gox didn't give them back and claims that an unknown party absconded with them. If you lent your car to a random French PHP programmer in Japan and he came back without the car, you wouldn't blame that on cars in general being an "unsafe" investment.
If the Mt. Gox depositors had kept their Bitcoins in a paper wallet in a Bank of America safe deposit box rather than in Mt. Gox, they'd still have their money. (In fact they'd have enormously more money, but that's sort of random; it demonstrates the fickleness of markets rather than any kind of fundamental security of Bitcoin.) Conversely, the investors and banks who invested or lent dollars and yen to Mt. Gox lost as much or more as the Bitcoin depositors.
Probably a BofA Bitcoin account would be better, but that's a matter of convincing BofA to offer Bitcoin or similarly secure currencies, instead of or in addition to dollar-denominated accounts. And that's where Libra comes from.
> But I think you're locating the problem in the wrong part of the conjunction: the reason fiat currency in a US bank is more secure is because US banks are fairly secure, not because the fiat currency is secure.
Fiat currency is secure in US banks because there is vast institutional protection for banks such as FDIC insurance and extremely strict laws against bank theft, the Federal Reserve, and so on. There are no such institutional protections for Bitcoin and there never really can be, by design.
> If you lent your car to a random French PHP programmer in Japan and he came back without the car, you wouldn't blame that on cars in general being an "unsafe" investment.
Sure I would - if lending a car to strangers was an effective necessity to use one in the same way using an exchange is an effective necessity to use Bitcoin, and there were "alternative cars" (aka fiat currency) that required no such lending to strangers.
Leaving your Bitcoin in an exchange is not now and has never been an "effective necessity to use" Bitcoin. However, for fiat-currency transactions, it is an effective necessity to leave your fiat currency in an "exchange" called a bank, if you want instant electronic transactions. Unlike with the banking system, you can engage in instant electronic transactions with Bitcoin you hold in your own wallet — although some counterparties may prefer to wait for a number of confirmations.
> There are no such institutional protections for Bitcoin and there never really can be, by design.
This is nonsense. Bitcoin's design permits all the same institutional protections available for dollar bills or precious-metal coins, and additionally permits others that are enormously more secure than the mere incentive structures we must rely on in the case of dollar-based institutions. For example, a bank holding gold or dollars cannot produce a mathematical proof of its reserves as a Bitcoin bank can, and there is no dollar equivalent of multisig wallets.
So, in both cases, you are incorrectly imputing advantages to fiat currencies that in reality belong to Bitcoin in this comparison.
> However, for fiat-currency transactions, it is an effective necessity to leave your fiat currency in an "exchange" called a bank, if you want instant electronic transactions
Yes. However there is also cash which allows for instant anonymous transactions in the physical world which is sufficiently widely accepted to be used to the exclusion of banks, if you so choose.
> you can engage in instant electronic transactions with Bitcoin you hold in your own wallet
Isn't the fact that transactions are not instant widely perceived in the Bitcoin community as one of, if not the, greatest barrier to adoption? If not, why all the investment in the Lightning network?
> Bitcoin's design permits all the same institutional protections available for dollar bills or precious-metal coins, and additionally permits others that are enormously more secure than the mere incentive structures we must rely on in the case of dollar-based institutions. For example, a bank holding gold or dollars cannot produce a mathematical proof of its reserves as a Bitcoin bank can, and there is no dollar equivalent of multisig wallets.
You're saying these words but not addressing the substance of what I said. There is no FDIC equivalent for Bitcoin - unless there's an exchange that guarantees replacement of lost/stolen Bitcoins? Replacing Bitcoin seems a difficult proposition when fiat currency can just be created out of thin air but Bitcoin cannot - once it's lost, it's lost, and can only be replaced in a zero-sum way.
> There is no FDIC equivalent for Bitcoin - unless there's an exchange that guarantees replacement of lost/stolen Bitcoins? Replacing Bitcoin seems a difficult proposition when fiat currency can just be created out of thin air but Bitcoin cannot - once it's lost, it's lost, and can only be replaced in a zero-sum way.
I didn't realize you were laboring under the misconception that the FDIC has the authority to mint money, like a central bank. That's why I didn't address it. Now I can. It doesn't. The FDIC is funded by premiums paid by its member institutions, not by creating currency out of thin air; an insurance scheme for Bitcoin depositors in a bank that provided fractional-reserve Bitcoin accounts could be funded in the same way. It could even be provided by the FDIC, which already provides deposit insurance for deposits denominated in foreign currencies.
> Isn't the fact that transactions are not instant widely perceived in the Bitcoin community as one of, if not the, greatest barrier to adoption?
Bitcoin transactions are instant; they reach everywhere in the mempool in a matter of seconds. It's just that until they're a few blocks deep in the blockchain, they might be reversed, like bank transactions can be for several months. This usually takes half an hour or so, and that's a hassle for some kinds of transactions. However, I think bigger barriers to adoption include the network effect of existing currencies, a sketchy reputation, and the fact that Bitcoin exchanges are now illegal in China.
> there is also cash which allows for instant anonymous transactions in the physical world which is sufficiently widely accepted to be used to the exclusion of banks, if you so choose
Cash limits you to transacting with people you can meet in person, which condemns you to poverty unless you are very lucky indeed.
> And Bitcoin lost over 90% of its value in just under 2 years.
When do you mean? Right now Bitcoin is US$9400, which is almost exactly half of its all-time high value of US$19891 (in 2017). There are several times it has lost more than half of its value, but I don't remember a time when it has lost 90% of its value.
The reason the dollar inflates and never deflates is that it's designed to inflate. On purpose. The underlying Keynesian monetary theory is a radical experiment in stimulating economic activity by maintaining the proper level of unemployment — when unemployment is "too low", central banks raise interest rates (in effect, printing less money), while dropping them when unemployment is "too high". Of course, deliberate inflation of coins by governments has a much longer history than Keynesian monetary theory or fiat currencies — not only did Song China experience it when it introduced paper "representative money", but it's also a well-attested phenomenon in Roman commodity money and later coinages (there known as "debasement", in a technical sense different from its metaphorical use in literary English to describe degradation.) But Keynesian monetary theory, which might be correct, provides a theoretical justification for believing that inflation is good under some circumstances and bad under others, and since 1973 we are all, for better or worse, participating in a radical large-scale experiment to test this hypothesis.
Bitcoin is, in significant part, a dissident response from a group of eccentric intellectuals looking for a way to opt out of that radical experiment. Consequently it is designed to make inflation (of Bitcoin) infeasibly difficult — the existing Bitcoin supply increases asymptotically toward a fixed quantity, known in advance. So, although Bitcoin's value will fluctuate, sometimes wildly, it doesn't have the secular inflation trend designed into the dollar's governance mechanism.
> we are all, for better or worse, participating in a radical large-scale experiment to test this hypothesis.
Well if you have a suitably sound and accurate economic model that you’ve been secreting away, let us know and save us the time.
Additionally, it’s not like it’s been exclusively Keynesian economics since the 70’s: there’s been a huge amount of neoliberal economics going around-do you not remember the popularity of austerity measures during the 2008 GFC?
To me, bitcoin and co’s dogged insistence on the evils of inflation feels more like someone along the way had some personal issue with inflation alone and designed something to counteract it, plausibly at the expense of numerous other economic factors.
> When do you mean? Right now Bitcoin is US$9400, which is almost exactly half of its all-time high value of US$19891 (in 2017). There are several times it has lost more than half of its value, but I don't remember a time when it has lost 90% of its value.
Looks like I overstated it slightly. It lost 85% of its value between its all time high December 17th 2017 ($19,891) and December 16th 2018 ($3,159).
The rest of your response, in my opinion, is immaterial. I can't imagine a soul who'd prefer their money to "fluctuate wildly"—to the tune of -85% in a year—vs slowly losing 1-3% per year. Especially when there are very accessible financial instruments (e.g., TIPS) to avoid even that.
Anyone who invests in a stock is taking a significant risk of losing 100% of their investment, a risk on the order of 5% per year. Anyone who invests in gold is used to seeing it fluctuate by a factor of 2 or 3 most years. Yet not only are these popular investments — they're better investments than dollars are over all but the shortest time periods. Anyone who invested a large amount of money in stocks or gold in 1973 would be rich today, unless they were very unlucky at picking stocks. Anyone who invested a large amount of money in a bag of dollar bills in 1973 would be poor today.
In short, if any soul you could imagine had won the lottery in 1973, they'd be poor again by now because of not knowing how to manage their money, incorrectly believing that a currency is not a kind of investment.
You're moving the goalposts. Are we comparing BTC to currency or investments?
People invest in things, generally understanding the risk. Risk is not all equal. BTC is far riskier (more volatile) than virtually all publicly traded stocks or commodities. See again the very recent 85% drop in 1 year.
And let's be clear: BTC is not comparable to a stock. Company stock is valuable because it gives you ownership (and therefore a stake in) the company's profits. Gold is a much more reasonable comparison, but even that has real practical value (e.g., use in electronics, jewelry, dental work, etc.) And funny enough, Gold is worth less today than it was in 1979. So... it's not a great investment. It's just volatile, and "investment" in it is basically a 0-sum game. Just like Bitcoin.
In 1979 the price range of gold was $226 to $512 per troy ounce, a slightly higher level of volatility than the Bitcoin level you describe with a bit of exaggeration as "far riskier than virtually all…commodities." The gold price today is $1485 per troy ounce.
I'd like to caution the people who have downvoted your other comment that there is a plausible reading that is sufficiently charitable to make your new comment not actually false. Namely, although if you measure it in dollars, it's "worth" 3 to 6 times more, even over the timespan you cherry-picked, the dollar has lost more than a factor of 6 since 1979, so gold really is worth less today than it was then. The attraction of gold — just as with Bitcoin — is precisely that it doesn't have a secular decline in value built in, so it's a good vehicle for preserving wealth through periods of instability, even though it doesn't generate a return in the way that stocks and bonds do.
> I don't think that's the main threat Bitcoin is designed to defend against, though; I think there's a whole spectrum of confiscation threats, ranging from thieves tunneling into bank vaults (I know a woman here who lost her savings that way), to immigration authorities confiscating jewelry, to pirates, to trumped-up "money laundering" charges. And of course if we're mentioning Germany and World Wars, we must not forget the confiscation of Holocaust victims' entire possessions, including jewelry and fillings after the gas chambers. Bitcoin can't make genocide impossible but maybe at least it can make it unprofitable.
You cannot mean this seriously. Every example you write is worse for bitcoins. If your coins are stolen, that's it, you can pretty much kiss them goodbye. If the government wants to confiscate someone's bitcoins, they will beat the private key out of the holder with a $5 wrench. If WW3 breaks out and the world order collapses, a wholly digital asset that relies on a large network of high upkeep, high-tech infrastructure is surely not a particularly safe bet. You can bet that datacenters will be among the first casualties in such an event, whether outright government confiscation or a denial of service attack by the enemy.
If a bank gets robbed, for most cases it won't impact account holders at all. Even if the bank goes bankrupt, there are various government schemes that will cover account holders up to some limit (e.g. $250k currently for the US). There is none of this for bitcoins. There could be of course, but then the argument is: what do cryptocurrencies actually offer beyond what is already possible with normal currencies?
To the best of my knowledge, the only practical benefit of cryptos is that they completely sidestep KYC/AML regulations and therefore one can easily move money between regions that draw regulatory scrutiny. Countries with at least semi-modern banking infrastructure already have instant transfers so let's not bring that argument up. In any case, that's not a feature uniquely enabled by cryptocurrencies.
The fact that bitcoins are deflationary I consider a bug, not a feature. Perhaps history will prove me wrong, but in my opinion money is not supposed to be an investment asset. People should not hold cash expecting it will appreciate. It should be reinvested as much as possible.
Basically, scams. The ability to block a planned payment or ask your bank to chargeback is one of the keys to trust in online economy.
If our banking system had used something like bitcoin to implement online transactions, odds are that e-business would have had much less successs and much higher barrier to entry.
Given a system with irreversible transactions you can always add structure on top to support escrow, chargebacks, or whatever other protection mechanisms you deem prudent. It doesn't work so well the other way around.
Protection from scams requires that a malicious actor with full technical control of some account is still unable to make irreversible transactions by opting out of whatever structure supports escrow, chargebacks, etc; so either those mechanisms (conditional reversibility, with technical controls defining a reasonable regime of when reversals will be possible and when not) are built in the core system and aren't optional, or the system doesn't have a sufficiently usable reversibility because all the really large scams will simply avoid that "structure on top".
The other alternative, of course, is someone taking on full legal liability for transactions that can't be secured technically. If Facebook would offer Libra to consumers in e.g. UK, then all that "transactions are technically irreversible" means is that Facebook would be required to "reverse" the transaction to customer while being unable to recover the funds from the beneficiary - and if they can afford to do that, that's their choice to make.
You're asking way too much. It's not as if the current system actively prevents you from opting out of all the safety measures and, say, irreversibly handing cash (or something else of value) directly to a scammer; nor should it. Reversible transactions come with costs, especially when the other side of the transaction is not reversible. Chargeback fraud, for example, is a big problem for merchants, and can only occur in a system with reversible transactions. Contracting parties should be free to negotiate both the form of payment and the degree of risk each side is willing to take.
The main problem is simply the novelty of it all. Once reasonable and customary structures to handle disputes are in common use asking people to bypass those structures without a very good reason will be just as much of a red flag as it is under the current system.
Facebook is not a party to a transaction between any other two Libra users and should have no liability in the event of a dispute over payments beyond maintaining accurate records and providing a fair and above all neutral platform to conduct business.
There's a bunch of "should" in this argument. I won't debate whether it should have liability, but I'll point out that no matter how it ought to be, according the law of the land at least in EU any payment service provider inavoidably has liability in certain cases e.g. when your account has been hacked; if they are unable to reverse a transaction that wasn't authorised by me but by someone else, well, that's their problem, they still have to compensate the consumer above a self-risk of 50 Eur.
The original article mentions UK Consumer Credit Act which IMHO is not appropriate (its scope is limited to credit relations, and the protections of that act generally exclude both debit cards and most e-money systems including Libra), so the scope for potential payment service provider involvement in disputes between buyer and seller is narrower than that - and probably closer to your "should" statement than the arguments of the original article.
However, it can't be a fully neutral platform distancing itself from all liability. It is illegal to "simply" offer payment services without incurring any liability for misuse of them, breaching AML/KYC regulations, etc. Facebook has not yet (as far as I know) stated what exact legal structure they'll use for compliance with the legal requirements, so I can't comment on that, but they did make statements that Libracoin will comply with the EU regulations so I presume that some legal entity regarding Libracoin (possibly co-owned by the consortium members, or possibly multiple entities) will (have to) be a licensed payment service provider in EU, and similarly (it's usually done with separate legal entities) in other major jurisdictions.
Technical structures that "just happen" such as Bitcoin can ignore regulations but any person or organization that wants to offer services using these technical structures is fully liable for meeting all the legal requirements - and if the technical structure makes impossible to do something, they're still fully responsible for any consequences of not achieving the impossible thing; if they don't want the liability, they're free to not use that technical structure and not use/offer/advertise anything with it.
This thread was originally about the social and technical issues of scams in the context of irreversible ledgers, not legal liability. As far as that goes I am in full agreement with you: Facebook and other Libra consortium members are likely to face quite a bit of legal heat from various jurisdictions desiring them to block or reverse transactions and willing to hold them accountable for others' actions on the network. In my opinion the only sane way to introduce something like Libra would have been to give up control entirely, along with the ties to fiat currencies, and make it a permissionless, decentralized system like Bitcoin. Exchanges in a decentralized system have various regulations applied to them but in the end they aren't inherently in the position of transmitting money on behalf of their users; nor are they strictly necessary for the network to function. Libra, on the other hand, will be seen as a payment system controlled by Facebook and the other consortium members, and Facebook itself as a money transmitter, not a mere buyer and seller of coins.
Personally I find it much more interesting and productive to debate what the law ought to be rather than what it is, but as a practical matter Facebook will obviously need to take the various injustices of the jurisdictions in which they intend to operate into account—and the centralized design of Libra doesn't seem very well suited to deal with that reality.
There are a lot of minor threats to monetary systems that blockchain does not address. Bitcoin addresses the rare but fatal threat of hyperinflation (runaway inflation). Historical examples https://en.wikipedia.org/wiki/Hyperinflation#Notable_hyperin...
The only known solution to this threat is not have a single supplier of money (i.e. a lot of independent miners digging metal out of the ground, or the block chain equivalent)
I reckon the only way to error-free is redundancy, i.e. 'out of the box' we just put two boxes, or actually three for "high availability"; the underlying controller being just a dead man's switch — if A's life signal dies, failover to B; set up C as new failover; reboot A.
> I personally believe that some formal methods can greatly improve correctness, and do so affordably, but the question of which formal methods are worthwhile when and by how much each of them improves correctness is very much an open question.
Oh I can see that.
In general terms, I think cost should be focused on the most critical components; like we don't need to test every single bit of code before production. You just crash gracefully and resume state when the loss (if any) is acceptable. When it's not, then it's not a choice to front the cost, it's an imperative, part of your 'spec' as a business/product/service/free thing. Tor is slower than normal browsing, but that's the tradeoff. Fast forward 10 years and costly workloads have become either accelerated by hardware or simply benefit from general improvements, like encryption is now fundamentally cost-free for usual things like TLS (AES-based things), or increasingly AI workloads.
> blockchain is rarely the most secure with respect to the most relevant threats in a monetary system.
I very much agree. Key words being "in a monetary system", and indeed it's about economics more than tech (what I alluded to in saying 'Earth circa 2019', i.e. globalized monetary system, central-bank driven, mostly insured for most customers, etc).
Hence why I advocate that blockchain proponents explore other domains. I know businesses are, but it has more to do with topics like compliance (internal, legal).
> I reckon the only way to error-free is redundancy, i.e. 'out of the box' we just put two boxes, or actually three for "high availability"; the underlying controller being just a dead man's switch — if A's life signal dies, failover to B; set up C as new failover; reboot A.
>That's not what I said. I said that merely creating a verified formal specification of a language is not in itself a good path to increasing correctness, and I wouldn't focus on that as a significant cause for concern given all others.
This seems to be poorly considered. Isn't it easier for an OS and a language to be verified once even at great cost than hoping future billions of lines of developer code already produced at lesser cost per line are actually correct?
A formal specification for the programming language doesn't automatically verify all programs written in it; in fact it verifies none, or at most one. It serves two purposes: it defines what each language primitive does so that proofs of programs written in the lang can make use of those definitions, and sometimes it is also used to verify that a compiler indeed preserves the language's semantics, as defined in the spec, when translating it to some other language; in other words, it can be used to verify the compiler.
Focusing on a formal language spec is like saying that a good way to make your software more correct is to work hard to ensure your compiler doesn't have bugs. I'm sure you'll agree there are more important things. As to use by program proofs, often an approximate ad-hoc specification is good enough.
BTW, the article you linked to is about one particular formal method -- deductive proof. There are many others, with varying costs and benefits.
Perhaps, but PLT is not the main discipline studying software correctness -- those would be formal methods and software engineering -- although it has some overlap with those disciplines. PLT is not the general name for all study of programs; it is the name for a particular perspective, and a particular component of that study.
> my agenda, for transparency: I want to send SOC's in space on tiny RISC-V satellites
I've seen your posts in multiple threads K0SM0S, and I generally enjoy reading your thoughts and opinions. When I meet people I find interesting, I like to ask what they plan on doing with their lives. I understand completely if you don't want to share further details, but I for one would be interested in an off-topic detour into your intentions with these microsatellites. One application I always toy with in my head is a time+location verification service, but I don't think satellites are strictly necessary for that one unless you're trying to work around region-specific laws that would regulate towers.
First of all, thank you so much for your kind words, they mean the world to me, and for your interest — which is now reciprocal, I want to hear about you as well!..
I must admit I've spent way too much time trying to answer your questions in a 'concise' manner —HN's norm— but, as usual with this topic, it proved unusually hard fo me. It's rather complex, several independent yet synergistic 'moving parts' — too much repetition and cognitive bloat for a mere comment.
Thus I'm drafting something to share and discuss the concepts, if time permits it'll be up on some website (maybe reddit, maybe a forum, maybe some blog, idk...) by month's end. I'll keep you updated, if you so wish. You can reach me by email `cosmos// a t //vcx.cx` ;-)
The gist of it, FYI:
- the satellite thing is a personal research project (in very tangible ways, the experiment is to actually do it and launch). But the endgame (think 2030-2040) is a massive swarm of ~8 billion devices or more, if you catch my drift.
- However, it's an extension to a ground network which essentially aims at being an alternative infrastructure to internet. Formally it's something along the lines of a distributed, decentralized ("peer-to-peer") mesh network, fully encrypted yadi yada.
- This network is but an "optional" medium for my original idea (in ~2010) which was, in dumb terms, a communication network (which people would call 'social network' I guess, but it's not against such existing services, it's more of a global standard / spec whose primary goals are security/freedom/privacy, interoperability (like email), and to be 'unstoppable' (in the event of war, catastrophe, etc). Going back to first principles, this 'network' is not even an application but a formal protocol I suppose. It's the kind of thing that would ideally exist as an RFC 'standard' by the IETF.
This is more generally motivated by some of my philosophical values, notably freedom, empowering individuals (in the name of progress, civilization, but also happiness, self-growth).
Oh yeah, mesh nets are another great thought. We definitely need our own pipes. CJDNS is beautiful (I love that addressing scheme), but lacks incentives for people/corporations to build infrastructure for non-ideological reasons. The OpenLibreNet whitepaper had the incentives theoretically correct, but didn't go anywhere. I honestly haven't kept up on this space, but I still think about it a lot.
My biggest question is how to handle payments. Bitcoin can't realistically handle the micropayments for this purpose -- I'm not waiting for a block to hash before my website loads, nor do I want to pay miner fees for every request. The best proposal I'm aware of is that nodes keep track of balances to neighboring nodes, and when you want to establish a new connection with an unknown node you need to send them an up-front payment for X amount of data in advance. (The price of data wouldn't really be per byte of course, it's bytes multiplied by the arbitrary node-selected edge-costs all the way to the actual source and back through the cheapest/fastest path as selected by the end user.) Then when you're approaching the limit you pay more in advance, aggregating the micropayments. This means the inital connection still has to wait for a block to be hashed, and it's annoying from the perspective of a user trying to find valid peers once it's profitable enough to launch malicious fake nodes that eat up-front payments and refuse to forward packets. The initial connection time issue might be mitigated by allowing a Zahavian signal worth of coins to be sent to a burn pile, like an address that is just all zeroes, since a user who was willing to burn a pile of coins covering X+Y data Z hours ago probably isn't trying to rip you off for X data now even if they haven't successfully made a payment to your specific node yet. I'd like to believe that something like IOTA could probabalistically work well enough for micropayments that we don't have to worry about that, but I'm not convinced. Ideally a connection could be established quickly enough that vehicles passing along highways/oceans could route traffic as they go, breaking apart and reforming as necessary.
IPFS is worth googling too, if you haven't seen it already.
I'll send you an email before the end of the month!
I need to research more into that. Great pointer, thanks!
> IPFS
Yup, definitely, it's on the radar. It's still not production ready though, I'm unsure whether it will/can (I mean this particular project/implementation, not the concept).
> payments
You've definitely thought this through, maybe developed already on e.g. blockchain?
Note that my initial idea, for a neutral human communication medium/protocol, dates back before bitcoin, blockchain, etc. My "system" was designed thus works without those. The inspiration was another 'bit' network: bittorrent.
Later on when I found out about bitcoin etc., I researched the tech. While I ignore the 'currency' aspect of blockchain for this project (because 'currency' is an application; and I'm merely concerned with the protocol beneath all applications), I did find interesting ways to integrate the blockchain paradigm itself (the idea of a database that can't be tempered with, and may be distributed).
My system remains independent of its database implementation though, it should work with simple txt files, or more typically some postgres.
The naive architecture is simpler than you might think, it relies on tried-and-true enterprise-inspired models and implementations. Simple things. Where we do the magic is precisely in the execution, to make it extremely efficient (eg target the lowest viable solution space; have a "concurrency-driven design" for scaling, modularity, distribution). And as of 2019, we have incredible computing resources in the hands of half the population, so 'efficient' is 'enough'.
So there's no payment at this level. It's a protocol, a language we agree to use, and one application may be human communication, but I may be wrong about that part. The protocol stands nonetheless. We are fundamentally not far from XMPP conceptually, although we integrate much deeper (XMPP could probably be a high-level API of a node in this system).
However there's this simple equality rule: "for every bit you ask the network to process n times, you too must process n bits for the network in return". Take some, give back some.
So nodes come a la "BYOR" (Bring Your Own Resources: CPU, RAM, storage, GPU, sensors, whatever), and each node is both server / client; like bittorrent or Tor you simply receive and serve continuously.
This puts the burden of scaling entirely on users individually (remember, it's decentralized: there's no central anything, no 'final' or 'higher' authority) and you'd expect the biggest traffic producers to also be those who make a business out of it (and I'm sure there would exist many applications on this system to let users charge/pay e.g. content or merch etc). Note that "sharing" should probably mean you are willing to 'seed' said shared content, thus fairly distributing load in viral cases.
Note that the network should guarantee anonymity of all accounts (each of your chosen 'persona' is derived but your core account is never exposed and can't be compromised by misuse, only theft in-real-life).
> mesh
It's a hard problem though, I'm aware of that. The MVP may definitely 'cheat' by using regular internet to bridge the gaps (it will be necessary anyway between cities). But one primary goal is that whenever possible (i.e. within range), two devices should never communicate but through an ad hoc LAN between them. Why go to Google's server when I just need to serve a file that's locally cached in the next room, or maybe just next house?
Regarding mission-critical software in dangerous-prone contexts, there is good information from experts from the Apollo program on http://www.htius.com/
> (my agenda, for transparency: I want to send SOC's in space on tiny RISC-V satellites, and the lowest layers of those should be 100% error-free because there's no going physically there to reboot a working shell, remote is all we have.)
Speaking from a bit of experience at Satellogic as well as folklore, trying to make the lowest levels 100% error-free isn't a good strategy. A better strategy is to make the lowest levels capable of recovering from the errors that will occur most frequently. Radiation is going to flip bits; processors are going to fail and sometimes hang; batteries are going to go low; temperatures are going to exceed specifications. If your system is built on the assumption that the lowest layers are going to be 100% error-free, you won't give sufficient attention to handling those errors when your assumption inevitably turns out to be wrong.
One suggestion: include a remotely-triggerable reset sequence in a hardware state machine. A 4-bit state machine driven by 4-bit symbols will work reliably if your channel error rate is small compared to one error per 16 symbols, and it has a false positive trigger rate of 5.4 × 10⁻²⁰. (This is of course vulnerable to malicious DoS attacks if a malicious party learns the 64-bit reset code, but in practice those have historically been an enormously smaller concern than satellites failing randomly in ways that a reset switch can correct.)
It's worth thinking through the fault tree of that reset mechanism. It needs to use omnidirectional antennas, for example, because otherwise it's dependent on attitude control. It needs to be on all the time, not just when you're passing over ground stations, because otherwise it depends on the clock and whatever kind of navigational system you have. It needs to be unencrypted, because otherwise it depends on your encryption protocol, which typically also involves clocks. It unavoidably depends on some kind of power source, but you can connect it directly to the solar panels and/or batteries, rather than through a switch. You probably want to use logic that can tolerate a fair bit of uncontrolled variation of the power supply voltage, not, say, TTL. But then you need like 4 flip-flops and a couple dozen gates. It can fail, but it's simple enough that you can make it highly reliable, unlike a RISC-V.
So, don't think in terms of making the bottom level 100% reliable. You won't get there. Think in terms of how to prevent inevitable unreliability from snowballing, how to make the satellite resilient against inevitable damage and malfunctions, as well as reducing that bottom-level unreliability to an absolute minimum.
As for blockchains, I think they're a very pragmatic solution to serious problems that are otherwise unsolvable: how can I send money to a friend in Venezuela? How can refugees carry their money safely without it being confiscated by pirates, corrupt police, or immigration authorities? How can people pay for illegal drugs without meeting in person with the vendors? How can we fund Wikileaks so they have the resources to transport Ed Snowden to safety? How can we fund Sci-Hub so that knowledge is available to everyone and not lost? Even international remittances to family members work enormously better with Bitcoin than with Western Union or SWIFT, particularly between countries with some degree of unfriendly relations.
It's a similar approach to that with satellites: we know there are bad actors in the financial system, and we want to engage in transactions with them, without giving them the opportunity to sell our credit card numbers to the Russian Mafia or take all our money. We want to prevent the small amounts of inevitable unreliability from snowballing and destroying the entire civilization. Also, we want to minimize the number of attempted ripoffs, so that our defenses against them can be less costly. It turns out that thieves, unlike cosmic rays, respond to incentives, so by making thefts more difficult to pull off, we can also decrease the number of attempted thefts.
Obviously I don't trust Facebook to design the world financial system, though. They elected Trump.
Thanks so much for all the food for thought and recommendations. I had a hunch for "capable of recovering", and now I have a clearer roadmap (some critical steps). I see your way of thinking. This in particular:
> Think in terms of how to prevent inevitable unreliability from snowballing, how to make the satellite resilient against inevitable damage and malfunctions, as well as reducing that bottom-level unreliability to an absolute minimum.
High-availability of components seems like a given to me (e.g. have 2, 3, 4 batteries as distant from each other as possible, to mitigate loss if one gets shot by some collision or outright fails; rinse and repeat for every critical component, starting at circuit design). In another comment, user "pjc50" suggests to me “"lockstep" chips, such as TI Hercules”, and yet my intuition would be to put two redundant ones on each satellite, just for good measure.
But the ultimate economics of the project can be made to work, imho, because I envision a swarm of such tiny satellites actually, wherein you can afford to lose a few nodes now and then, if that makes all of them orders of magnitude cheaper — and thus you can send orders of magnitude more, overall. Brute-force the reliability issue by making them expendable to a reasonable degree. No human life means they can die for all we care, if it makes sense cost-wise. Hence why in that perspective, a discussion on the cost versus benefit of formal methods is of great interest.
Needless to say, any advanced draft of the project would inevitably have to be vetted by, actually co-developed with field experts like you. To each contributor their domain. I hope it will be a given too, since I'm thinking of a 100% open-source project (both software and hardware ideally). The more eyeballs...
____
I see your points about blockchain, and they make a lot of sense; the problem I see with current 'cryptos' in general (including the big one) is that they simply aren't welcomed by most decisive institutions, including those who combat on principle the problems you mention. Like, you see the EFF et. al defending e.g. E2E encryption, but none of that drive to promote bitcoin.
Thus that 'respectable' cryptocurrencies exist to solve these problems, sure, please, yesterday! — but that they reform the financial system by their very existence? There doesn't seem to be much appeal in the mainstream. I think it's a matter of time, how much each generation weighs demographically in the global opinion / decision power. For now, it's boomers, and they're not in that place.
I'm not a field expert; I didn't design Satellogic's satellites.
Satellogic's CubeBug design did use a TI Hercules TMS570 Cortex-R, and I think it's safe to say our experiences with chips like that were good — for the relatively restricted tasks they can perform. The automotive industry has a lot of lockstep chips available for it, because it's a mass market that demands reliability under harsh conditions.
I'd like to point out that what you're describing is pretty similar to Satellogic's original business plan.
I disagree. You're making two different arguments. The first is that PLT does not study suitability, but then you switch course and say that math analagously can define suitability for specific tasks but suitability is not (and this is my own words) a normed space.
Programming language theory does not, in fact, make value judgments, but it does make statements upon which value judgments can be built given context, which contradicts your first statement.
I think you've misread my comment. Also, of course theory could be used to make judgment given all the necessary context, but the context, in this case, is much harder to obtain than the theory. If we knew whether a language's type system being sound is greatly positive (for some metric), slightly positive, neutral, slightly negative or greatly negative, then the knowledge that a certain language is sound or not could be valuable in making certain judgments. But PLT does not even attempt to ask that question, and it seems to be a much harder question than the ones PLT does ask.
Don't get me wrong -- I think that PLT is a valuable theory, but people are often confused about what it actually studies. PLT most certainly cannot tell us whether certain language designs are desirable or not as that is not what the theory studies. It can't even tell us if certain language designs lead to more correct programs or programs that are easier to read. It does tell us that if certain typing rules are used, then, say, all types in the language can be inferred, or that a system with certain typing rules is sound.
I’m new to this space so I’m not sure how PLT is distinct from formal verification, but my view of it is that formal methods are another form of testing. Unit testing also does not guarantee that you’re testing the right things, but it’s a good way to catch issues post-compile but pre-release. Formal verification moves that so that you catch issues as part of the compilation step, which is just another tool in the general toolbox of finding errors before you ship them to your users. It’s not about proving that your spec is good, it’s about automatically generating tests that find certain types of bugs.
Formal methods are a large set of methods that allow you to analyze a program in ways that can verify it satisfies certain (correctness) properties. Most formal methods don't generate tests (although some do), but the term "compile-time" is not often used, as most formal methods are not part of the compiler.
There is some overlap between PLT and formal methods, as that some concepts studied in PLT -- most notably type systems -- can be used for formal verification, but the main thrust of formal methods uses other techniques. Both disciplines heavily rely on formal logic.
>PLT does not have any tools whatsoever to determine which language is more or less suitable and it is not interested in that question.
You are slightly off here. Look at [1], it views over a metric which correlates with language utility and provides 1) result of the metric applied to various languages and 2) reason why some languages can be more of utility (less errors, for example).
I disagree that blockchain has almost no good use cases.
All a blockchain is, is a Merkle tree with a third party that ensures there is only one “main line”. That’s the use case.
All the other stuff — such as having all computers in the network watch every transaction — that’s the wasteful part. There are other ways to have a set of third party validators, that is a subset of the network watching a given merkle tree, simply says which branch is correct. SAFE network uses a Kademlia DHT with various mechanisms to ensure the validators have no say in what they watch and they need to “earn” their way into having any say about anything over time.
There are tons of useful properties, some of which are used in Merkle trees like git:
Immutability
Quick verification of tree membership using Merkle branch
Ability to download different parts from different actors (Bittorent)
Consensus and rule enforcement (eg chess game or any other evolving document)
Smart contracts and autonomous code execution
And much much more. The main problem is when people think of blockchain they think of a giant monolithic chain of blocks each of which contains ALL TRANSACTIONS IN THE NETWORK. This is wasteful.
What’s even more wasteful is when you have divisibility of the tokens, leading to an exponential growth of UTXOs and unlimited storage requirements. And each full node needs to verify the entire history of every transaction because then they get intertwined. That’s the ridiculous part.
And proof of work is the most wasteful thing of all. People need to get off of that!
> All a blockchain is, is a Merkle tree with a third party that ensures there is only one “main line”.
No. The "wasteful part" is also part of the definition of the blockchain.
Just because the word "blockchain" seems to describe only the data structure, doesn't mean that's the case.
The innovation was to couple a Merkle tree with a proof-of-work system. Both existed before in standalone forms. The Merkle tree in many, many applications, the proof-of-work for example in Hashcash to combat email spam.
Only the combination of both reached a level of novelty that deserved a new name.
(That we still haven't found a single compelling use case is another matter.)
What you mean is indeed succinctly and correctly named "Merkle tree" or "hash tree". It would have been wasteful to coin another word for it.
Blockchains are just a datastructure and proof of work is not a strict requirement. I believe the rising popularity of Proof of Stake blockchains will make that evident.
> proof of work is not a strict requirement. I believe the rising popularity of Proof of Stake blockchains will make that evident.
I thought for a second whether I should include PoS and other schemes, but decided (wrongly) that nobody would try to squeeze imaginary internet points out of being willfully misunderstanding.
But so be it: proof of stake is a different mechanism that fulfills the same role as proof of work in blockchains.
My comment had nothing to do with imaginary internet points. You just said being wasteful was part of the definition of a blockchain which is a common argument people like to make when promoting the false idea that blockchains are inherently bad for the environment. It felt important to point out that there are non-wasteful ways of accomplishing the same thing as PoW.
There is no requirement that blockchains must be secured by proof of work. Many blockchains use proof of stake. A blockchain is one or more Merkle Trees plus an external ledger saying what the last state of each tree is. The innovative piece is Consensus about this last thing. How it is achieved can vary. Ultimately consensus is achieved by the end users checking the results.
The "efficiency savings" are probably because they've rejigged their processes to make them cleaner as part of the new initiative - NOT because of blockchain. If you control and trust your data source, blockchain is a really silly choice for storing your data. And the fact that SAP is the provider says it all really - them and their like are purveyors of superfluous hokum, sold to corporate managers that don't know any better.
Because while the core innovation of blockchain is a trusted database a context without trust, the core benefit of blockchain is reduced transaction costs.
A blockchain is a singleton global computer of program code and data. It turns out this is sufficient to represent capital (money) on that computer.
In practice this results in dramatically reduced transaction costs. For example you can transfer money with an API call.
Another example is that an API can be "implemented with money". The https://uniswap.io/ API allows you to exchange currencies without any API keys or middlemen. But, the Uniswap API only works because there's a large amount of liquidity deposited by 3rd parties into its system, much like an inventory of food in a grocery store that shoppers can then access.
"What's the big deal?", you might say. "Uniswap sounds just like a bank. Who cares?". Well as I understand it Uniswap was built by a dude in a basement over a few months, not a multi-million dollar bank project. And you can integrate your app with Uniswap in an afternoon. If you don't think that's going to change the world then you might consider spending a few dozen hours reading https://weekinethereumnews.com/ and see if your opinion is stable :)
The key in your explanation is "without any middlemen". It's really easy to build a system that lets you send tokens to other people with low transaction costs: just trust someone to run a central database of all the account balances. This is how you can trade Team Fortress 2 hats with virtually no fees or settlement time, for example.
What blockchain ostensibly allows you to do is create that system without having to trust anyone to run the central database. But why would Coca-Cola ever need to do this? There will always be a trusted central party who can maintain the Coca-Cola bottle production database: the Coca-Cola company itself.
> the core benefit of blockchain is reduced transaction costs.
No, this is not true. It might incidentally currently be the case with, say, Bitcoin vs. $US, but there's nothing technical that inherently makes it so. In fact, as this article and countless others reiterate, from a technical perspective blockchain is almost always more costly.
Indeed. The main reason why a given bitcoin transaction might be cheaper is because nobody's checking to make sure it's actually legal.
It's the same reason why AirBnB is often cheaper: hosts don't pay business fees and don't follow other regulatory requirements like safety inspections.
Yes, I'd agree that, today, typically nobody is checking to make sure that an Ethereum transaction is legal.
But, it's important to understand that Ethereum is not a replacement for or opponent of KYC, AML, or checking if transactions are legal. Ethereum is a starting point, a base layer. It is necessary to rebuild all kinds of monetary controls into Ethereum's app layer. I support this development. Within 5-10 years all of the traditional controls will become available on various parts of Ethereum -- KYC, ability for government to freeze accounts, etc.
You just reminded me: A friend of a friend who worked at Autodesk told me once that their inter-office "mail" system was international and didn't go through customs.
Blockchain (ie. Ethereum) is, overall, a reducer of monetary and non-monetary transaction costs.
Example of reduced monetary transaction costs:
The current Ethereum gas price for a token transfer is $0.04 (https://ethgasstation.info/). Operations on Ethereum are relatively inexpensive and will become much cheaper with Ethereum v2 in a couple of years. The cost of Ethereum operations is orthogonal to the value of the money being manipulated. You can transfer $100M for $0.04.
Example of reduced non-monetary transaction costs:
Say you wanted to launch an eBay-type app with a single market for a dozen countries. Some customers may bring Euros, others Swiss Francs, some USD. Each market auction selects a currency from a whitelist. All bids for that auction must be in its selected currency. On Ethereum you can bid Swiss Francs which will be dynamically exchanged for USD. Unlike using your VISA for forex, this currency exchange is at the same price that whales and banks get; you pay no spread fee for being an end consumer. The non-monetary transaction cost part is that this Ethereum-based currency exchange API can be permissionlessly integrated in an afternoon.
2nd example of reduced non-monetary transaction costs:
https://www.pooltogether.us/ is a no-loss, audited, provably fair lottery built on Ethereum. The way the lottery works is -- you always get your money back, but your money bears interest during the lottery period, and all the interest goes to a single lottery winner. So the cost of the lottery is the time value of your money. PoolTogether is built on other Ethereum projects, that's why the lottery proceeds earn interest. The non-monetary transaction cost part is that PoolTogether is able to access interest-bearing deposits as easily as you can use jQuery. Also anyone in the world can participate - reduced cost of being in another country.
Here's how monetary and non-monetary transaction costs are relevant to a Coca-Cola supply chain --
Blockchain (ie. Ethereum) excels when a heterogenous network of 3rd and 4th parties come together in a commons and interact permissionlessly based on a set of rules enforced by the system.
Ethereum is basically the World Wide Web with hyperlinks except with programs in general and money can live inside those programs.
An Ethereum-based supply chain system could do a lot of things. Not sure if these are valuable because I'm not a supply chain expert. But I can speculate.
Coca-Cola's Ethereum-based supply chain system could...
1. associate an eBay-style reputation with each supply chain participant. These reputations could then be used by more parties (eg. Pepsi) than if they were locked in a centralized system. Coca-Cola might retain the option to override any reputation.
2. provide a global audit trail of supply tracking. Similar to FedEx's "track my shipment", except you could transfer payment for supplies in the same blockchain transaction that updated their status. And those updates could automatically feed into the reputation system.
3. pay for supplies with a security. For example, Coca-Cola could tokenize a portion of its common stock and pay suppliers tokens of common stock in the same transaction that pays them currency. Or Coca-Cola could automatically distribute a pro rata stock grant to the entire supply chain each quarter. This could better align a global, heterogenous supply chain with the long term interests of Coca-Cola.
4. integrate with other Ethereum-based systems. For example supply payments held in escrow could automatically earn interest in https://compound.finance/. Payments crossing international borders could automatically exchange currencies at a very competitive, no-fee rate (eg. https://dex.ag/).
Should Coca-Cola embrace an Ethereum-based supply chain? I have no idea. But after spending hundreds of hours studying Ethereum I feel very confident that there is something very special going on here.
Blockchains are genuinely pretty promising for supply chain tracking. Distributed ledgers are most famously useful when you distrust the motives of a central authority like Bitcoin, but they're also a reasonable option if you distrust the accuracy of a a central administrator.
So for the purposes of supply tracking, different Coca-Cola facilities and shipments are 'individuals' which might report mistaken or dishonest results to the central server. And once somebody screws up, that trusted authority becomes a problem for others facilities to work around. For sufficiently large and restrictive systems (like US military supplies), correcting an error can become functionally impossible. At that point, you start resorting to awful two-wrongs-make-a-right solutions like entering fictional shipments which "move" a misdirected item from the listed location to the real one, or even redoing needless part replacements to match reality to documentation.
Obviously you can track supplies without a blockchain, and I'm sure a lot of Coke's actual gains came from tearing out a bad system and replacing it, but a blockchain does at least encourage good tracking design (one authoritative record per item, transactions are assessed by peers rather than immediately accepted by an authority). And if the goods in question have individual identifiers, "proof of work" is actually a great addition. It doesn't have to be computationally hard if you trust all the users, but you still get a system where "I am holding this and hitting it with an RFID scanner" is allowed to overrule any number of past errors regarding that object.
(Did Coke get all those gains? No idea. They probably just scrapped some legacy nonsense for a not-too-stupidly designed system.)
As the article explains, they're expanding their test because it's demonstrated that they could reduce order-reconciliation duration from 50 days to just a few days. That's a big deal for a $21 billion-a-year supply chain.
So, for those of you who are so sure that blockchain is pointless end-of-story, it seems like you're not taking into account how messy and expensive it is to manage data and legal contracts with many small business entities throughout supply chains. But I'll read more into the links you sent with your arguments, thanks for that.
I don't disagree with the article per se, but I think many technologists are missing the forest for the trees when it comes to the motivations here. Or perhaps they're being charitable and are evaluating Libra on purely on its stated motivations rather than the ulterior motive that Libra can't name out loud. For example, take this quote:
"The possibility that a Libra node run by Mastercard or Andressen Horrowitz would suddenly start running malicious code is such a bizarre scenario to plan for and is better solved by simply enforcing protocol integrity and through non-technical (i.e. legal) means."
It goes without saying that Libra isn't concerned about any sort of security event at Mastercard or a16z. The purpose here is simply to evade and arbitrage different regulatory regimes. The plan is to build a ledger that no single party (or coalition of parties in a single legal jurisdiction) has the capacity to edit or alter, and to make such alterations so technically challenging that it's beyond the capacity of any single court or legislature to do so. Once this chain is up and running, it becomes a "fact of nature" that courts and policymakers will simply have to deal with.
It's a brilliant strategy from that perspective. It's going to be alternately fascinating and horrifying to see if it works.
>"The possibility that a Libra node run by Mastercard or Andressen Horrowitz would suddenly start running malicious code is such a bizarre scenario to plan for and is better solved by simply enforcing protocol integrity and through non-technical (i.e. legal) means."
In regards to that, I don't think it's any more bizarre than a SCADA system in an Iranian nuclear enrichment plant suddenly running malicious code. Cyberattacks against financial systems are a very real worry.
In the history of computing, there have been countless times when people casually dismissed a security concern only for it to bite them years later. And oftentimes, trying to add security after the fact is much less successful that designing it to be secure from the get-go. I'm not a fan of Facebook Libra, but I do think that it's misguided to criticize it for having a robust security model with properties that can be reasoned about mathematically.
To the best of my knowledge, no deployed banking system relies on immutable ledgers. They all rely on detection and revision of ledgers. Libra has chosen to do something fundamentally different, and the author is asking why.
Adding to the other posters, Monzo's ledger is immutable (this is in fact a design requirement, since Monzo's Cassandra environment makes it impossible to update rows atomically).
> The possibility that a Libra node run by Mastercard or Andressen Horowitz would suddenly start running malicious code is such a bizarre scenario
It doesn't seem like a bizarre scenario at all. Consider:
- Real-time control system nodes in Iran's nuclear energy project suddenly started running malicious code, destroying a large number of their centrifuges.
- Crypto AG cipher machines sold to embassies around the world were always running malicious code (or perhaps malicious circuits), giving the US a major advantage in 20th-century diplomacy.
- Google's and Facebook's data centers suddenly started running malicious code as part of the PRISM attack carried out by the NSA.
- Municipalities regularly pay ransomware ransoms because their computers have suddenly started running malicious code.
- Numerous nonprofits organizing conferences have discovered to their dismay that the code running on Paypal's servers is malicious to them, opportunistically freezing their accounts because they have recently received a lot of payments.
- We saw an article last week about how WeChat runs malicious code in their chat application to censor politically controversial images.
- What was the name of that popular NPM package for building pipelines that suddenly started running malicious code on everybody's servers looking for Bitcoin wallets? Was that this year or last year?
I don't think it's at all far-fetched to suggest that if Mastercard or Andreessen Horowitz is in a position to decide how much of other people's money they're entitled to, they might decide that the answer is "all of it". Paypal and Google do this on a regular basis. Here in Argentina, the banking system decided that the answer was "75% of it" in 2001, with respect to dollars; in the US, the Federal Government did precisely the same thing in 1933 with gold.
"Regulators" and "courts" and "legislatures" are indeed among the parties that might decide to confiscate the holdings of participants in some kind of financial system, using various rationalizations. (And that's why "simply enforcing protocol integrity…through legal means" is a less effective solution, as you say.) But they are far from the only ones.
Still, it seems like if that's Fecebutt's motivation, it would just back Bitcoin.
> I don't think it's at all far-fetched to suggest that if Mastercard or Andreessen Horowitz is in a position to decide how much of other people's money they're entitled to, they might decide that the answer is "all of it". Paypal and Google do this on a regular basis. Here in Argentina, the banking system decided that the answer was "75% of it" in 2001, with respect to dollars; in the US, the Federal Government did precisely the same thing in 1933 with gold.
The consensus model of blockchain would at least require Mastercard, Andreessen Horowitz and other validator nodes to be in agreement about stealing / being entitled to the money, which seems less likely. That said, this is one of the flaws of having only a few nodes validating transactions. Libra went this route instead of Bitcoin's proof of work consensus model. With Bitcoin's proof of work consensus, 51% of the miners in the world would have to collude in order to steal funds.
All of the comments I see that say blockchain has no use case, seem to miss another point you raise, in that Bitcoin can not be seized, even by government (like the US government did with Gold), unless they had miner control and the public didn't continue to operate and spin up new miner nodes. This seems unlikely considering that the miners could lose their funds, if they did not prevent a counterparty having 51% control of the network. This is a protection that Bitcoin has, that Libra does not. The government could go to corporations in the Libra association and tell them to do what they want.
In terms of other use cases, I think having an immutable ledger, that can't be changed by one party, or even a few parties with DB access, also seems like a compelling use case for blockchain / cryptocurrency. Libra isn't really a cryptocurrency by this standard though, although Bitcoin is.
Also, just to put it out there, Mastercard, PayPal, Stripe, Visa and a few others already have left the Libra association.
> The consensus model of blockchain would at least require Mastercard, Andreessen Horowitz and other validator nodes to be in agreement about stealing / being entitled to the money, which seems less likely.
Right, I think you, I, and Libra's developers are in agreement about this being a significant risk and one that using a blockchain effectively mitigates, in precisely the way you say, but Diehl and Green aren't.
+ FWIW, 51% of the mining power only allows you to double-spend, not arbitrarily modify the existing ledger.
+ Since Libra uses a HotStuff variant, you need to control 2/3+ of the voting power to violate safety, i.e., double-spend. In exchange, however, you only need to control 1/3+ to halt progress (liveness).
If you can halt progress, you can make any particular person's holdings impossible to spend (if you can identify them), by refusing to include any blocks that include transactions from them. That isn't quite as lucrative as simply confiscating someone's holdings, but it's close; you can demand a ransom of a sufficient fraction of their holdings, perhaps 5% to 50%, depending on human nature.
I wouldn't say it is quite the same threat model, but certainly a powerful attack vector if you happen to control 1/3+ of the voting power. In the unlikely event that someone does compromise 1/3+ of the voting power, the remaining validators can always hard fork to a new quorum, though this is an expensive and highly synchronized affair.
A street vendor in canada was selling cuban coffee. They used "square canada" as a payment processor. Square canada, in turn, used the US bank JPMorgan as a back end. JPMorgan is required to enforce an embargo on money going into cuba. The seller and all the buyers were in canada, but because the money passed through a US bank, they vendor was locked out of thousands of dollars.
We live in a more globally connected world. That should not mean that everyone is (potentially) subject to every nation's laws. It also should not mean that no one is subject to any nation's laws. But enforcing the laws at boundaries seems a whole lot better than enforcing it at every checkpoint along the way. I will not, for example, get out of paying taxes because I received all my money over a blockchain. The sky won't fall.
> The purpose here is simply to evade and arbitrage different regulatory regimes. The plan is to build a ledger that no single party (or coalition of parties in a single legal jurisdiction) has the capacity to edit or alter, and to make such alterations so technically challenging that it's beyond the capacity of any single court or legislature to do so.
If they respond to a legal demand saying “Our software won't let us comply”, do you really think that the answer will be “oh well, guess the law doesn't apply to you” and not “halt operations until you are in compliance with the law”?
> The plan is to build a ledger that no single party (or coalition of parties in a single legal jurisdiction) has the capacity to edit or alter, and to make such alterations so technically challenging that it's beyond the capacity of any single court or legislature to do so.
I'm not seeing why they need a new cryptocurrency for this. If you grow Bitcoin (or any other existing cryptocurrency) to be "too big to fail", it would also have all these properties. Is starting from scratch with zero users easier?
Bitcoin has some pretty significant drawbacks. The main one being that it is severely limited in the number of on chain transactions that it can do.
And that the proposed "solutions", such as the Lightning Network, to this are nowhere near completed (and have indeed suffered from doomsday "someone can steal all my money" type bugs as of recently)
If the US supported cryptocurrency, particularly Bitcoin, instead of considering regulation, we could keep up with innovation at least, instead of having other countries leave us in the dust in terms of developing the technology.
Therein lies a problem: there are no facts of nature. The only things that could be said to be a fact in nature is to describe how you observe something to work. The observations may change, how it works may change, and neither of these things force nature to be a certain way.
It would not be impossible for someone to change the observations of the blockchain, manipulate its inputs and outputs, or even change how it operates, as software and hardware are imperfect, along with how we use them. Furthermore, even if the system were technically perfect, political and economic systems do not have to abide by their rules. An oppressive state can simply decide not to deal with them, as the world is in no way bound to being purely rational at all times.
It's like trying to "fix" a painting by using philosophy. One is a series of logical arguments, and the other is paint on canvas; certainly they can influence each other, but they can't solve each other's problems.
One can build any amount of consumer protection required into most cryptocurrencies. In their bare form they don't have that, exactly like cash doesn't have that.
One can use the desired amount of third parties for fund protection.
The new thing about cryptocurrencies, is that some of these third-party services can be made non-custodial, so the third-party never has access to your funds. They arbiter, but not transmit.
What are you talking about? Fiat currency isn't reprogrammable--how would you implement a consumer protection mechanism on it?
Pick your favorite consumer protection mechanism, and I'll pick my favorite cryptocurrency and let's compare:
A) the up front implemention cost of the protection mechanism in fiat currency
B) the up front implemention cost of the protection mechanism in the crypto
C) the year-over-year cost in fiat
D) the year over year cost in crypto
I bet A and C are going to be in the hundreds of millions, if not billions, while B is going to be in the tens of millions and D is going to be in the thousands of dollars.
Here's an example of the kind of thing I'm talking about:
Consider the recent news regarding contaminated black market vape cartridges--that's going to be insanely expensive to fix, because there's nothing about high schoolers passing around dollars after school that gives those students any insight into the supply chain of the cartridges they're buying. But if some vape company did with their supply chain what Cardano is trying to do with coffee, they could provide consumers (and authorities) a way to trace their products back to their origins, a capability that already would have saved several lives.
It's not surprising that Libra is a dumpster fire, but let's not throw the baby out with the bathwater.
You've made some assumptions here about the impact of a verified supply chain for vape cartridges, and it sounds like you're proposing a solution to a non-existent problem.
A reputable supplier of vape cartridges gains nothing from having a verified supply chain - people trust them anyway and they maintain a supply of good cartridges to protect that reputation.
A non-reputable supplier of vape cartridges doesn't care, and only sells to people who don't care what they're buying. Their lack of good reputation doesn't matter, and their lack of a verifiable supply chain won't matter either.
If the customer wants a dodgy black market vape cartridge, that's what they'll buy. If they want a quality one from a reputable source, they can already do this.
That's a fair point. But I mentioned high schoolers in my example because they can't buy from a reputable source since they're not old enough (not that I think they should be vaping at all, but supply and demand...).
But still, the perpetrators here are not technically capable of pulling off a convincing forgery, so if the kids were sensitive to this issue in the first place then I guess there would indeed be no reason to insert a blockchain into the situation.
So let's take a scenario where the middle men are indeed capable of convincing forgeries: sneakers. Cardano is working on a supply chain integration there too:
And my wife's students (she's a teacher) are really into their sneakers. They're also largely unaware that chain/web of trust type measures exist at all for validation of product authenticity--but if Nike started doing this, they'd become experts overnight. And then, after school, when offered a sketchy vape product, they might think twice.
Maybe that's a weak argument too. Still, I like the ability to use the same channels you money would flow through to determine if your upcoming purchase came from where you think it did, and I think that that's a capability that's going to be hard for fiat currency to mimic.
>I bet A and C are going to be in the hundreds of millions, if not billions, while B is going to be in the tens of millions and D is going to be in the thousands of dollars.
Bitcoin is incredibly wasteful. If we're talking about digital transactions we already have credit cards and digital transfers. A block chain isn't required for those benefits.
Supply chain tracking is interesting but literally no one is talking about that. Its also an even harder problem. Its really not verifiable at all because you're now relying on data from outside the chain, ie how many widgets were created, whether the label on the real life widget is unique or forged, etc.
I expect the waste of Bitcoin will not carry forward into its successors. Nobody has yet proven that high value proof of stake currencies can scale, but I bet they will.
Also, what kind of consumer protections would you want to see in a currency? It seems to me that ensuring that you actually got what you paid for pretty much sums it up but I'm probably overlooking something.
> they could provide consumers (and authorities) a way to trace their products back to their origins, a capability that already would have saved several lives.
Why would blockchain be required for that? In case of drugs and food there recalls are being done using batch number of day of production.
Suppose somebody named Mary wants to sell you a vape cartridge which has a serial number, and they also give your a website which accepts the serial number and tells you:
> Joe runs the factory and gave this cartridge to Bob. Bob have it to Mary.
The assumption is that if you buy it then the site will then say:
> And Mary gave it to aiCeivi9
What reason do you have to believe that the website contents are accurate or that people accepting vape cartridges from Joe Bob and Mary are still alive?
In the blockchain case, you can see that Joe Bob and Mary have sold thousands of these and that very few of the transactions are in dispute over authenticity. Also, rather than trusting some faceless 4.6 star rating you can see which of the people that supplied the rating are ones that you know, and which of those are ones that you trust. You can also see if you trust people who trust Joe Bob and Mary. This let's you make a more informed decision about the quality of the thing you're buying.
Yea, having third parties capable of reversing transactions has an associated cost. But, it’s Billions relative to fraud, so Billions ends up being cheap.
Yeah, for now it's all we have, so I guess the juice is worth the squeeze. But in a world where our cryptocurrencies are a bit more mature I think we can stop being reactive by reversing transactions and start being preventative by using their structure to build chains and webs of trust that make fraud harder to commit up front, rather than just making it harder to get away with.
The amounts to giving the advantage to fraudsters until something that doesn't exist is invented.
Blockchains are irrevocable and unalterable, which removes two useful tools (reversing and changing transactions), and replaces them with nothing workable.
But so are events in the real world. When you think about "reversing or changing a transaction" what you really mean is creating a new transaction that brings an equivalent amount back to the person that paid it.
This is done in the real world by knowing the identity of the receiver person or entity and threatening them with consequences if the money is not returned. It seems to me more a problem of being able to identify the parties in a transaction rather than of mutability of the ledger.
The faults that people are attributing to blockchain are also applicable to cash, if you go the market and buy some magic beans from dodgy Dave with cash you won't be getting your money back. If you buy something from a reputable supplier with cash/blockchain then you would probably get a refund if you had some form of receipt.
Sure, cash has some of the same shortcomings of BTC, but that's why cash isn't touted as the future of payments and in modern economies is mostly used for transactions which are either small or illegal, and isn't considered to be a smart way of storing or carrying large amounts of money.
The initial question was whether cryptocurrencies have the capacity for consumer protection measures, not whether those measures are ready for prime time. I'm just arguing that when they're ready, they'll be more efficient than what we have, so we should encourage their development in the meantime (though maybe not in Libra's particular case).
Also, there are limits on how old a transaction can be when a bank goes and rewrites history. In my experience the limit is about six months. Transactions older than than are considered settled.
If this is a feature that people want in a cryptocurrency, it shouldn't be hard to achieve with smart contracts. The problem right now is just that you need a solid settlement layer before you work on features supporting the politics of rejiggering unsettled transactions.
Also, provided there is community consensus (this differs based on whether your currency is proof of work or proof is stake) blockchains can be altered after-the-fact to undo a threat. It happens:
https://spectrum.ieee.org/tech-talk/telecom/internet/ethereu...
It's just that for most currencies, it's currently a political affair that occurs at a risk to the stability of the overall system. But there are (what appear to be) good technical solutions to that (decred, for example, has a neat approach to post-fork-attempt stability https://medium.com/decred/detailed-analysis-of-decred-fork-r...).
As far as deciding whether a transaction ought to be settled in the first place, people are experimenting with some really interesting approaches (https://particl.wiki/learn/market/mad-escrow for instance).
It's probably not time to forget your bank password and switch to crypto, but if we want to eventually have good solutions to our fraud problems then we should be working to shape crypto into the system we want, not dismissing it as inflexible.
Out of that entire list, the one thing that exists now is the Ethereum blockchain fix, and that basically required global agreement to respond to a single theft. That's not particularly scalable.
The rest of the things on the list aren't in significant use at the moment, and might never be. Measures that are not ready for prime-time are as good as nonexistent. We're talking about money here!
> Measures that are not ready for prime-time are as good as nonexistent
That's not how technology works. To become fruitful it requires patience and investment. Nobody is saying you have to be an early adopter of these currencies.
> We're talking about money here!
...and particularly whether it's current feature set is amenable to fraud prevention. I work at a traditional payments company and the waste is infuriating--there has to be a better way.
> Nobody is saying you have to be an early adopter of these currencies.
This here is probably the source of our disagreement. As far as I can tell, tons of people actually are saying "get in now", which means we're no longer in the patience and investment stage, and any deficiencies in the cryptocurrency ecosystem have real consequences.
Yeah, I think you're right. There are all of these people who bought in because they just wanted to make money, and they're getting impatient and trying to get the rest of the world in too.
I'm interested in the tech and I want to work on it--so I'm just arguing that we shouldn't dismiss it.
If you have the interest, now might be a good time to diversify in that direction, but it's nowhere near ready to compete with fiat currency in terms of usage by the masses.
The logical followup question would be which problem is actually the most serious?
It's difficult to argue that low and predictable rates of USD inflation has had more of an adverse impact on holders of USD over the last few years than crypto fraud on holders of crypto.
Indeed, given that most cryptoassets have actually lost significant amounts of value against the USD since the end of 2017, it's difficult even to argue that the crypto world has adequately solved 2
Your wallet can be stolen and when using crypto so it doesn't solve 3 very well.
Credit card fraud is regulated such that the consumer is protected after a manageable amount of theft, $50 in the US last I looked. If you use a bank you receive some protections but at that point the implantation is abstracted and not that relevant.
If you use a smart contract wallet you can actually protect yourself from losing all your money even if someone gets your private key.
You can set a withdrawal limit of say, $50 and you can set a few recovery addresses (of friends, family or other personal wallets).
So if I have $10,000 in my ethereum wallet and I post my private key in every forum and every chatroom on the internet then the most I lose is $50. Before 24 hours pass I send my remaining $9,950 to a pre-defined recovery address which is excluded from the withdrawal limit.
Consumer protections are actually pretty good. The trouble is getting these tools in the hands of users.
The cost of doing that is making the wallet largely useless for purchasing anything over 50$. The independent ability to send all your money to a recovery address is a new security risk. Further, you need to notice the issue which means you could be our far more than 50$ unless you happen to be checking how much is in the wallet constantly.
So, this is strictly worse than using a credit card.
>The cost of doing that is making the wallet largely useless for purchasing anything over 50$.
I don't think I ever spend that much in a single day though. The limit will differ from person to person.
>The independent ability to send all your money to a recovery address is a new security risk.
It's not new and it's not a risk. You could always send all your money to another address. And the recovery addresses are meant to be trusted. I could send my money to a secondary wallet sitting in a safe or to a trusted family member. That isn't a risk.
>Further, you need to notice the issue which means you could be our far more than 50$ unless you happen to be checking how much is in the wallet constantly.
Your balance is printed in big letters whenever you open the wallet. It's hard to not notice really. There's also these things called automatic notifications, not difficult to set up.
>So, this is strictly worse than using a credit card.
But this is supposed to replace cash not credit cards. It is objectively better than cash in terms of consumer protections.
It’s the “independent ability” that’s new. Without that you just need to keep your key safe. With it your key could be safe and you still end up with a problem.
> objectively better than cash
Many people don’t use cash just credit cards. They might keep 50$ or less in their wallets, but that’s about it.
Further, Billions of people can hack my PC, only those I come into contact with can take my cash.
You still need the private key to make a transfer. This is for cases when you key is stolen.
>Many people don’t use cash just credit cards. They might keep 50$ or less in their wallets, but that’s about it.
Because they value convenience over privacy and freedom.
>Further, Billions of people can hack my PC, only those I come into contact with can take my cash.
Even if someone managed to gain access to your wallet they would still have to decrypt your private key. So, it isn't an issue if you use a strong password.
In general the answer for consumer protection is to use any escrow service. Multi-signature schemes can even prevent you from a bad escrow, as long as no two parties are colluding.
In general the need for consumer protection mechanisms is of course already a failing of the justice system. Virtually every case where consumer protection is useful is covered by existing laws and shouldn't require anything from the payment facilitator.
> In general the answer for consumer protection is to use any escrow service.
No, it's not, because the problem being addressed with consumer protection is power imbalance in the marketplace; mutually voluntary mechanisms cannot be the answer to it.
Also, escrow notionally solves exactly the same problem as cryptocurrency: providing the ability to rely on a transaction with an untrusted counterparty. If you need escrow for anything with cryptocurrency, the cryptocurrency is not doing the one thing that is it's defining purpose. So, why cryptocurrency at all?
Yes, that’s the failing. Ideally, justice should be cheaper in both time and monetary costs.
I don’t know of any state that has ever tried to optimize for a low-overhead justice system “in the small” (e.g. many, more efficient, more convenient small-claims courts; or the introduction of another triage layer of “medium-claims” courts, where most all civil contractual disputes would land) which is an interesting fact all by itself. Speedy+cheap justice goes somewhat hand-in-hand with things like red-tape reduction, in that both are attempts to “oil the wheels” of the state apparatus—yet you’d never hear the same people (e.g. libertarians) espouse both.
Aren't small-claims courts precisely an attempt to optimize for a low-overhead justice system in the small? Doubtless you feel they don't succeed or don't go far enough, but it seems odd to claim that nobody's tried.
That's what cryptocurrencies allow, since Bitcoin. People can pick a dispute mediator who gets involved and can reverse the transaction only if there's a dispute. It's all done with OP_CHECKMULTISIG. The mediator is not an escrow service and can't steal the money. So you end up with a competitive market of tiny "courts".
> I don’t know of any state that has ever tried to optimize for a low-overhead justice system “in the small”
Both small-claims courts themselves and rules giving effect to binding arbitration agreements are attempts to do that, as are many specialized, domain-specific administrative forums.
I mean, except that it's actually not cheaper, you've just moved the trust and security problems around (to your own opsec and your trust in the counterparty) and the privacy most cryptocurrencies provide is pseudonymity rather than anonoymity...
but I think, with traditional money exchange the reliance is on regulatory and legal enforcement, rather than making the technology itself watertight, which increases the risk profile, and thus cost. You can do this in traditional approaches because you just pass on these costs and there's no need to improve beyond what people are willing to pay. Crypto represents an asymptote for what a rigorously applied technological approach (as opposed to beaureaucratic/legal approach) can do, using commodity equipment, which is much more available at the endpoints of these transactions now ... (because most people have high-powered, always connected computers available to them).
> but I think, with traditional money exchange the reliance is on regulatory and legal enforcement, rather than making the technology itself watertight,
A lot of money and research has gone into this, and the tech is being tightened up all the time.
> which increases the risk profile, and thus cost.
Except the cost isn't actually higher.
> You can do this in traditional approaches because you just pass on these costs and there's no need to improve beyond what people are willing to pay.
In the US perhaps, not in places where these costs are regulated.
> Crypto represents...
A much more expensive and more risky way to do basically anything, because you have neither solved security nor trust problems, you've just moved them.
> A lot of money and research has gone into this, and the tech is being tightened up all the time.
Yeah, but it's not being deployed at consumer level, nor are the savings being passed on.
> A much more expensive and more risky way to do basically anything
Risky, yeah. Like any new technology. But transaction cost is cheaper.
Sorry, I didn't mean to get involved in some holy war. I can see there's people with a lot vested in both sides of the debate. I'm neither. Just pointing out the obvious.
> Yeah, but it's not being deployed at consumer level, nor are the savings being passed on.
It absolutely is, not sure where you're getting your ideas from here.
> Risky, yeah. Like any new technology. But transaction cost is cheaper.
It's not risky because it's new technology, it's risky because you've passed all the risk to the end user and their opsec. The cost per transaction of something like the VISA network is utterly tiny compared to most cryptocurrency transactions, particularly if you factor in the externalities (mining) and it's a pretty small cost to the merchant as well in places where regulation has been put in place (i.e. not the US). To the consumer it's free. See also bank transfers in most advanced economies.
> Just pointing out the obvious.
You're not pointing out anything that's actually true though.
> it's risky because you've passed all the risk to the end user and their opsec.
This was exactly my point. With pervasive crypto end users can assume this to a greater degree, whether you believe that appropriate or not.
Visa e.g. requires specialist terminal equipment, complicated issuer and acquirer and banking relationships and is heavily dependent on legal enforcement wherever you use it. Try using mastercard or visa in a third world country.
For “actual” money transfer, compare with western union where toure talking about ~10% fee.
> ... nothing that’s actually true
Oh you’re a rude one. But I’m sure to somebody you’re very special. Good boy.
It's not a point you made before this, you just said it was "more secure" and "cheaper" without qualification. Now you're just trotting out 'coiner memes about the third world and Western Union.
I'm confused by your last paragraph. How does the existence of laws that protect consumers actually protect consumers if the payment systems we use don't allow reversals?
If an ebay seller delivers me a faulty product I can sue them for not delivering what I payed for and when I win the court orders them to pay the money back (plus my expenses). If they don't pay I can go after their assets.
It's basically the same how a business would recover money from a bad supplier. With small claims court it's even somewhat efficient for small sums, but of course still orders of magnitude more work than a credit card dispute.
That's an enormous burden. If we require lawsuits to enforce even minor cases of consumer protection, I argue that there is effectively no actual consumer protection.
The law not working for "minor cases" (which includes cases over hundreds of dollars) is exactly the failing of the justice system I mentioned. This isn't universal, in many places you can get theft of a Mars bar or possession of tiny amounts of drugs prosecuted very effectively, all cases much more minor than the typical credit card dispute.
So, rather than having a financial system with basic consumer protections (which would allow transaction reversals and contestation), you would prefer we have a criminal justice system which aggressively enforces and prosecutes minor offenses? I think there is a weak connection between the two, particularly since most situations where we do things like dispute a credit card charge are civil matters. And, as stated above, requiring civil suits for something like disputing a credit card charge is an enormous burden, and puts the burden on the consumer. (Which will also disproportionally affect the poor.)
Anyone saying blanket "we don't need consumer protection mechanisms" because it's a "failing" of something or the other must be taking the piss.
As a parent of children, consumer protections are overall a "good thing" to help prevent bad actors from doing harm. It goes for any space that can do harm to you or your family in any way.
It's why you have exchanges like Gemini in place that seek to be the "most regulated" crypto exchange - to instill trust in the service and market... and your investment.
That being said there is still a ways to go... it will be interesting to see if the market can solve some of these issues through natural growth and competition.
I think it's weird how family gets invoked to change the moral gravity of an issue. It suggests orphaned children, for instance, should care less about humanity.
It's not about the moral gravity but about an illustrative example of a particular category of people who have access to devices where buying stuff is possible - children. Our marketplace has at least some customers that clearly are unable to protect themselves and need protection, e.g. these children. This places some contraints on the properties that this marketplace must have - e.g. reversals must be possible without undue burden. And this places some limitations on what technologies can/can't provide these properties and thus would/wouldn't be suitable.
How does being an orphan make one care less about humanity?
Personally, I want orphans (as defined as minors with no living parents) to be well-cared for regardless, either by relatives or by an outside agency ("orphanage" or foster home).
Absolutely, that's my point. We should care about people, period. Whether one has a family should be irrelevant to the question of how to engineer a society.
The legacy monetary system may have nice consumer protections on the micro scale, but it fails on the macro scale:
1. Inflation eats 2-4% of everyone's purchasing power each year, disproportionately affecting the poor. This inflation is desired by the central planners.
2. The American system of banking regulations introduces systemic risk into the financial sector.
Sure, if you can prove that your transaction was fraudulent, you can get a couple thousand bucks back into your savings account. But you'll have to gamble your money in the market to beat inflation just to break even. And then, every so often, the entire system will collapse and destroy trillions of dollars of wealth.
As an aside, you also get the bonus of having political control of banking relationships, so you can conveniently freeze and take the money of those who find the political winds aren't blowing their way.
Edit: PLEASE don't take this is an argument for Libra (sorry I wasn't clear), merely an argument for sound monetary policy and decentralization.
I’m consistently amazed by how many people here dont understand inflation at all and are confident they need to throw out the financial system before they figure it out.
Inflation is an incentive to invest. If you invest in literally anything other than cash under your mattress inflation stops mattering completely to you, and all you have to think about is constant dollar returns. That’s why we have it. So long as your wages track inflation (broadly they do) you benefit from implicit depreciation in your debt obligations. It costs you nothing if you don’t hold cash like you’re supposed to, and it costs you effectively nothing if you hold money in a savings account as many offer 1.8% interest these days, matching inflation.
What nobody arguing for a deflationary currency can tell me is why they think money should be worth more later solely by virtue of them having gotten it first. A risk-free guaranteed return at the expense of the next generation! It makes no sense.
This is basic ECON 101. High school level home ec probably. Not some big conspiracy perpetrated by the central banking cabal.
Bitcoin in particular seems to be driven by people who are really obsessed with the idea of having a store of wealth with zero risk (assuming they never make a mistake handling it, or get tricked by swindlers, which I think they're seriously underestimating).
But as you say, inflation is a tool; it motivates investment. Expropriation is a tool; I don't see how eliminating it is appealing at all to the billions of people with no savings at all. They may want to take money from the wealthy at some point.
If there's ever a point where "the masses" really understand bitcoin, and how a few HODLers possess most of it's value, they're not going to want it.
I’m referring to a US audience (Ally offers 1.8%). These rates are designed to incentivize you to allocate capital accordingly. The point is you not put much of your money there. Depending on how you feel about the future exchange rates between the EUR and USD you’re welcome to invest in US treasuries, for instance.
I'm not sure that is "why we have it". It sure is why the central banks are pumping money into the system (they quite rightly want people and companies to invest), but it's far from clear why we have it a priori.
As I mentioned before a dollar today should be worth more than a dollar next year since, if you are smart, you can make that dollar work for you for a whole year.
You have not explained why; you've explained why you think we should have inflation. And why someone thinks something should be is a long way from explaining why something is.
The same amount will be worth less in the future! That's really all there is to it. A certain amount of money is not value, money is a number that has a value associated with it, that value will continuously change depending on what you can do with it.
Inflation (deflation) simply reflect the change in value for doing something today versus tomorrow. When the economy works well you have inflation, when the economy works badly it becomes deflation.
> The same amount will be worth less in the future! ... When the economy works well you have inflation, when the economy works badly it becomes deflation.
This is backward, actually. If the economy is working well then withholding consumption (i.e. saving) means that more goods are available for others to either consume or invest. The portion that ends up invested should result in higher future productivity and, in the absence of currency supply manipulation, decreasing prices (deflation), a natural reward for producing more than one consumes.
Only in an economy which is consuming capital—investing so little that productivity is actually decreasing—should prices increase over time. In that case we need more investment to bump up production—the investments don't need to be all that good to be better than the status quo, and anything with a positive return is superior to just waiting for prices to increase further. In the deflationary case, however, we should be more selective about where we invest. It's better for the economy to simply hold our funds in reserve rather than actively compete against more competent investors to expend resources—not just money, but the labor and material it represents—on ventures that will provide lower-than-average returns.
If we expand the currency supply to manufacture inflation and thus make it look like we need more investment when we actually don't then the net result is malinvestment, wasted resources, and a lower average rate of return. It's not good for the economy or the average citizen, but the extra transactions and higher nominal prices directly benefit the bankers and tax collectors with influence over monetary policy.
Because it is my choice? If you want to use an inflationary currency, go ahead. But other people should have the option of opting out, and using a different currency, with different properties
That’s not a reason. Give me a justification for why you think money should be worth more later. Because it would be sweet for you isn’t really compelling. I gave you a reason for inflation and your counter was “because I would be rich” - see if you can make a better case and if not, maybe reconsider your position.
> Give me a justification for why you think money should be worth more later
My justification is freedom of choice. Or, in other words, the reason is "because I want it to, and I am justified in making my own free decisions".
I believe it is people's right to choose which money system that they want, and you should not have the right to prevent other people's voluntary choice to use a different money system.
I am justifying why people should be allowed to make their own decisions about what money system that they use.
Freedom of choice is a valuable principle in and of itself.
You cannot just dismiss this important concept of freedom of choice. It applies to all parts of society.
The only justification I need, is that I do not want people's freedoms to be infrindged upon.
> My justification is freedom of choice. Or, in other words, the reason is "because I want it to, and I am justified in making my own free decisions".
You're intentionally not answering my question which is: explain to me what benefit to society could potentially arise from money being worth more over time?
I'm not saying you can't do it I'm asking you why. It seems you and everyone else can't point to anything other than making yourselves wealthy.
The benefit is that people are allowed to use money of their own choosing.
Freedom is something that many people care about and value.
The benefit is also that different people want different things in their own money system, and a diversity of things and monetary systems is good, merely because of the money systems being different.
There is value in having differing money systems with different properties (merely because they are different!), and letting the market decide which one is best.
So a direct answer to your question is "because it is different from what we have now", and more diversity in monetary properties is a good thing.
Dropping a flaming turd on someone’s porch is an alternative to putting up with someone but it’s strictly worse for obvious reasons. Providing that alternative is not better if you can’t even begin to speculate on why it might be better. The entirety of your case is "#freedom" and you refuse to speculate on why it might actually be better. Nobody's arguing with your right to do stupid things, I'm just asking why your suggestion might be better and you keep refusing to even speculate.
> is an alternative to putting up with someone but it’s strictly worse for obvious reasons
If the person has the choice of this happening, and chooses, for whatever reason, to have this happen to them, then yes, I would say that it is positive, and not negative.
I am specifically referring to people voluntarily choosing something for themselves. And no matter how ridiculous, I'd still say that it is positive, if they choose to do it.
> Nobody's arguing with your right to do stupid things
I am saying that if someone chooses to do it, then it is not stupid. People can have whatever reasons that they want, for doing anything, and I am not going to argue against it.
> I am saying that if someone chooses to do it, then it is not stupid.
That may be the worst argument I’ve heard in support of anything ever. People do stupid things a lot and I’m your model that’s never true solely because they chose to do that. I don’t think you’re arguing in good faith, anymore.
I am absolutely arguing in good faith. If people want the free choice to choose a different set of properties, for their own money, then the fact that they want it is a good enough reason, in an of itself, for such a money to exist.
No other reason or justification is necessary. “Because people want it”, is good enough.
Freedom of choice is something, in an of itself, that people value. And because people want something, is a good enough reason, alone, such that it is justified.
People can want things that you think are “stupid” or “ridiculous” things if they want, and your opinion that they are stupid or ridiculous, does not overrule their own value system and wants.
There are basically no situation where your opinion on this, would matter. It would be like saying “Why do you like ice cream! That’s stupid!”. Such a statement is just meaningless. The fact that you think it is stupid that someone else likes ice cream is irrelevant and doesn’t matter.
The fact that I just like ice cream, is a good enough reason, in an of itself, for me liking ice cream. Me liking something, or not liking something, is circularly, self evidently true, and I need no other justification or reason for it. I like it, because I like it, and that’s it.
The fact that I like ice cream, is axiomatically true, because I am the one who decides what I like, not other people, and so it make no sense, and is just a meaningless statement to say that it is “stupid” that I like ice cream.
> No other reason or justification is necessary. “Because people want it”, is good enough.
Some people want to dump chemicals in the river, and yet, when its bad for society we decide not to let them do that, and I'm totally okay with that. Which is why if you want to make a broad social decision like changing how money works (even allowing for a new option) that conversation needs to be had on merits. We weigh pros and cons. Then we decide. That's how society works broadly, at least in a democracy.
Remember, your freedoms end where my rights begin. In so long as something doesn't impact anyone else, they're free to have at it. Once it starts to impact those around them, it's no longer solely their decision -- and degree matters. If you want to eat a ton of ice cream, do it. If you want to change the way a broad swath of society functions, we need to have a chit-chat. Much of our day to day is in between.
> Which is why if you want to make a broad social decision like changing how money works
No, I don't want to force you to use any money that you don't like.
It is pretty silly for you to argue that people are infrindging on other people's rights, just because they prefer to use a different method of voluntarily exchange with other people.
It is interesting that you are jumping to this argument, because you previously tried to pretend like you didn't want to force other people to make certain decisions for themselves, and now you are totally backtracking on that.
It seems like you didn't really mean anything by those statements previously then?
If you cared so much about what type of paper that other people are using voluntarily, so much that you are willing to compare it to dumping chemicals in water, then why didn't you just say that from the beginning instead of pretending like you didn't care about what voluntary decisions other people were making with their own means of exchange?
Freedom is a valuable property in and of itself, and that is the only justification I need, to say that this is a good thing.
Since this has been long and winding let me try and simplify:
- I asked you to attempt to justify the positive social value and implications of a deflationary currency, and you replied a number of times "freedom" and told me that there was no such thing as a stupid decision because someone made it. You re-iterated "freedom" as though it was an answer to my question many times, and then said that "freedom" was intrinsically awesome, which is again, not an answer to my question.
- I don't care if some people want to barter. I was trying to have a conversation about whether a deflationary currency is good for society as a whole, and what the impact would be if it took over more of society. I made numerous arguments why this would be a bad thing, to which you again replied "#freedom".
- Freedom of choice is intrinsically valuable, what people choose to do with it may or may not be, and worth a conversation on a case by case basis. Especially if impacts a lot of people, and we as a society reserve the right to curtail said choices if they don't make sense. Nobody's arguing you shouldn't be able to choose things, and similarly, you can't possibly believe anything you choose is good because you chose it, and that choices shouldn't be curtailed if they lead to negative outcomes. You know, like crimes.
- I also made the argument that the current model provides maximum freedom of choice by decoupling a long-term store of value from a unit of exchange and account. That way you can choose what you want to back your personal economy with. It also represents a voting mechanism for capital allocation. Switching to a "backed" model for currency removes the freedom by stapling back together two things that don't need to be stapled together and drags in a number of negative social consequences. Unbundling represents maximum freedom, something I figured you'd be a fan of.
> Nobody's arguing you shouldn't be able to choose things
You made a comparison to people's right to swing their fist, and that this right ends. So in other words, you did, at the very least imply that what currency people used should not be their choice.
So yes, it does seem like you want to take away people's choices on what money they should be aloud to you.
You can't have it both ways here. Don't say "I am not trying to take away your choice!", And then at the same time say that the right should be curtailed.
> Switching to a "backed" model for currency removes the freedom by stapling back together two things that don't need to be stapled together
Or... You could use it if you want, and don't use it if you don't want.
> Unbundling represents maximum freedom
Or... A person could individually decide if they want it bundled, or not bundled, for themselves, by choosing which currency to use.
I won’t reply until you answer my question. You’re intentionally trying not to understand it appears. If switching to a different currency model leads to negative social consequences then we should have that conversation. That’s where the freedom to and from intersect. If you can’t see that there’s no point in talking.
Also, please avoid these long tit-for-tat arguments that don't go anywhere and only continue because it's hard to let go. They don't interest other readers, and they end in ill feeling.
Cool. Fine. Then you should have just said that, and you shouldn't have said the previous stuff about not wanting to prevent people from making decisions about what money that they voluntarily choose to use.
Please avoid these long tit-for-tag arguments on HN. They almost always turn into arguments about the argument itself, and get unpleasant if not aggressive at the end. None of this is good reading or interesting to other users.
Short version: Deflation benefits society by preventing malinvestment in ventures with a below-average (i.e., below-deflation) rate of return which would divert labor and materials from actually profitable investments.
I think you didn’t read anything I wrote because my core focus is that inflation is 100% avoidable through investment which is the behavior explicitly being incentivized via, to your point, a stick and not a carrot approach.
It’s theft like taxation is theft: it’s not.
> a GSE creates money from nothing
Yes that’s the point. The economy gets bigger and more people are born and the money supply expands. To not do so would create deflationary pressure which, again, creates a risk free return for existing money holders for no justifiable reason. In fact you haven’t justified it either, you say it as though it’s self evident.
If you don’t believe the value of existing money should go up then you agree the money supply must expand to match economic growth and population growth. All were then arguing about is how much.
> money grubbing banks...
Banks are paid for the role they serve in the economy: liquidity and security. Look at how much they make, it’s all publicly disclosed. Banks make around a 1% return on deposits (you know, the collateral for this lending thing). Almost nothing. It’s a shit business. The remaining “free magic money” is cost of doing business and paid out to employees, landlords, suppliers and so on. You know, business expenses.
> If you don’t believe the value of existing money should go up then you agree the money supply must expand to match economic growth and population growth.
The unit of exchange (money/currency) should remain relatively constant. That's the point. Maybe it will go up some, maybe it will go down some, but having it manipulated for the profit of large banks is theft.
It's a complete perversion of free market banking and benefits the few over the many.
> 100% avoidable through investment
Not true, unless you're talking about investing in financial instruments. Investing in almost anything else subjects you to property taxes almost everywhere.
I sure hope you don’t need the army, police, schools, fire, water, roads, air and so on. Most adults came to realize at some point that some things need to be provided as a group, and they’re not free. For those everyone has to pony up.
If you don’t want to pay taxes there’s a few countries you can do that in but in most paying taxes is social contact: it’s a take all the benefits and pay taxes, or leave to a society with a contact you view more amiable.
> unit of exchange should remain relatively constant.
Well if I have 100 people and my economy had $100, and Steve has $20 of them, then Steve invented the steam train and 100,000,000 more people show up then the value of my dollar has gone up millions of times over and Steve is now the single wealthiest human on earth even though he’s only got $20. To keep it stable I’d make more dollars. If you see how this works on the macro timescale you must see how it translates to the micro.
> to the profit of the large banks
We’re paying them to provide liquidity to the economy via lending and again they only make 1% on assets on deposit. It’s not the system you seem to think it is.
> avoidable...
You just have to factor that in to the investment minimum yield. This isn’t rocket science. You are not guaranteed a risk-free return on capital. To ease this Trump is considering indexing capital gains against inflation, another approach (which I wholeheartedly disagree with).
> I sure hope you don’t need the army, police, schools, fire, water, roads, air and so on. Most adults came to realize at some point that some things need to be provided as a group, and they’re not free. For those everyone has to pony up.
I'd be willing to pay for some of those. Lots of people have an inability to separate 'goods and services required for society' and 'government.'
Society can have all of those things, there need not be a government and there need not be taxes.
> paying taxes is social contact
This is just an empty phrase used as propaganda. There's no such thing as a 'social contract.' Taxes are taken under threat of physical harm and death, always have been.
> To keep it stable I’d make more dollars
This has the presumption that you, or someone should be in charge of what money is worth. That should not be a function of the government.
> This is just an empty phrase used as propaganda. There's no such thing as a 'social contract.' Taxes are taken under threat of physical harm and death, always have been.
Tell that to the judge haha
> Society can have all of those things, there need not be a government and there need not be taxes.
Yeah no, not really.
> This has the presumption that you, or someone should be in charge of what money is worth. That should not be a function of the government.
You’ve again completely ignored my point which is that your share of the value of the economy if the dollars in the system remain constant goes up by inaction. Maintaining a constant Value of the dollar as you yourself suggested requires active management. Once you agree on that we’re just chatting degrees.
> Maintaining a constant Value of the dollar as you yourself suggested requires active management
I don't think that it requires any management. If the value of a currency increases, then the ratio of currency to goods decreases. If a currency became so valuable that people can't trade with it, they'd trade with something else.
You argued for a constant value of a single dollar and then told me what would happen if the value of the currency increases, which is the opposite of what you were telling me before. If it does increase then it leads to massively disproportionate accumulation of wealth for existing holders, which you cannot justify.
> This has the presumption that you, or someone should be in charge of what money is worth. That should not be a function of the government.
That's (a) very much your opinion stated as self-evident and (b) not currently the job of the government, it's the job of an independent private central bank specifically designed to separate monetary policy from fiscal policy and the whims of the elected officials.
The Federal Reserve is federal in the same way that Federal Express is: it's not. Doesn't this line up with the libertarian ethos?
> The Federal Reserve is federal in the same way that Federal Express is: it's not
It's analogous to hiring a contractor. The government wants a program, it simply outsourced the operation to another entity.
Here's what I actually said:
> The unit of exchange (money/currency) should remain relatively constant. That's the point. Maybe it will go up some, maybe it will go down some, but having it manipulated for the profit of large banks is theft.
It should remain relatively constant. That's the entire point of a unit of exchange. There might be periods where the relative demand for the currency outstrips the supply, and if it becomes such a dramatic situation as your presented in your contrived example, then it would cease to be useful as a currency, and something else would/should become the currency.
> (b) not currently the job of the government
Congress has the power to coin and regulate value, per the US constitution. I'm not sure how we ended up talking about the US specifically here, I'm referring to governments generally.
> It's analogous to hiring a contractor. The government wants a program, it simply outsourced the operation to another entity.
No, it isn't, explicitly so. The reason the Fed operates at arms-length is explicitly to avoid having the government set monetary policy. This degree of stability allows businesses to plan and reduces their currency risk. Otherwise you face D vs. R every 4-8 years totally reversing monetary policy.
> It should remain relatively constant. That's the entire point of a unit of exchange. There might be periods where the relative demand for the currency outstrips the supply, and if it becomes such a dramatic situation as your presented in your contrived example, then it would cease to be useful as a currency, and something else would/should become the currency.
Yes, and my whole point is to avoid a large dramatic change you apply small amounts of pressure over time. This is called managing the money supply. And once you agree that this kind of adjustment achieves your objective of "relatively" stable currency (it does), then we can talk degrees, but we're now having a very different conversation.
> Congress has the power to coin and regulate value, per the US constitution. I'm not sure how we ended up talking about the US specifically here, I'm referring to governments generally.
Government handles the fiscal policy, federal reserve handles monetary policy. They're explicitly separated. This is true in many developed countries in the world operating under a central banking model, including Canada (Bank of Canada), and all of Europe (ECB) and England (Bank of England -- privately owned from 1694 to 1946).
> Government handles the fiscal policy, federal reserve handles monetary policy.
This is entirely semantics.
> And once you agree that this kind of adjustment achieves your objective of "relatively" stable currency
I can prove to you that it doesn't result in a stable currency. See the purchasing power of the US dollar over the last 100 years.
> This is called managing the money supply
That's what you call it. I call it theft. If an individual does not have the power to create money, then neither should a group of individuals, regardless of what color robes they're wearing.
> Otherwise you face D vs. R every 4-8 years totally reversing monetary policy
I don't think there's any risk there. They're the same party, both are spend-spend-spend.
Simply being born is no justification for stealing by fiat. People should be rewarded for saving capital. Forcing people to gamble their money only to maintain the wealth they already earned is not ethical. It is sufficient for people to be incentivized to spend money on things that are useful or interesting and to invest for higher return where the investment is sound.
EDIT: the money stolen by fiat is not evenly redistributed, and definitely not in favour of the poorest.
Accumulation of savings is valuable as it can be used for capital investment at the best opportunity. Forcing people to spend prematurely on crappy mal-investment is not optimal. Spending for the sake of spending is not optimal investment.
You're telling me in the market today, there's absolutely nowhere for you to productively allocate capital for an expected return of over 1.8% per annum? Even though Ally offers savings accounts that yield 1.8% per annum? And treasury bills yields are 2.2%? Remember, a savings account or CD are also valid investments assuming they yield more than inflation. What I'm saying you shouldn't do is store literal cash in a mattress. A savings account serves as collateral for loans which are in fact productive investments.
A savings account pays below the real inflation rate here in New Zealand. The cost of housing has increased hundreds of percent over the last 20 years thanks to central bank monetary policy that artificially manipulate interest rates. A shoebox apartment is now ridiculously unaffordable. I can put money into savings that loses money after inflation, and funds a system that is fundamentally corrupt, which leaves me worse off overall than if we had a real free market without centralized manipulation of currency and interest rates.
This centralized artificial interference has caused major imbalances in the economy here. It didn't work for the Soviet Union and it's not working in the "capitalist" world either.
> A savings account pays below the real inflation rate here in New Zealand.
That's a market force designed to disincentivize that investment. Nobody's guaranteed a risk-free return, or even retention of value in what's not a long-term store of value. Pick something else to invest it in.
For what it's worth, NZ's inflation rate is tracking at 1.5% per annum and Rabobank offers a 2.4% online savings account.
> The cost of housing has increased hundreds of percent over the last 20 years thanks to central bank monetary policy that artificially manipulate interest rates. A shoebox apartment is now ridiculously unaffordable.
Cost of housing is a total red herring and largely unrelated to this conversation. Cost of housing is overwhelmingly supply-side driven. If you want cheaper houses demand municipalities permit new construction. You can always build up, there's no limit on that. Build enough, the cost will drop substantially. There's plenty of markets that exemplify this effect, like Houston and Tokyo. SF on the other hand routinely forbids totally reasonable construction and the pricing speaks for itself.
The cost of housing roughly boils down to this: the narrative is that housing "should be an investment" and that it "should go up over time" so the directionality is accepted. Homeowners tend to be older, wealthier, have deeper ties to the community and vote. Renters tend to be younger, less affluent, transient and don't vote. As such policies are enacted that benefit homeowners. This includes zoning restrictions, building restrictions and tax deductions benefiting homeowners. Too few new units are built relative to influx of population, and price goes up. It's simple market economics.
Want to solve the problem? Get people to vote to allow more housing.
For what it's worth in the US housing prices on average tend to track inflation. It's certain municipalities like SF and NYC that far exceed due to asinine policy. The monetary policy was the same in all regions of the US so why then would pricing changes be uncorrelated across markets?
> I can put money into savings that loses money after inflation, and funds a system that is fundamentally corrupt, which leaves me worse off overall than if we had a real free market without centralized manipulation of currency and interest rates.
New Zealand ranks routinely as the world's least corrupt government. A system that maintains stability of money and debases it over time slowly and predictably helps keep wealth inequality down, and benefits the less well off by inflating away debts and encourages productive allocation of capital.
> This centralized artificial interference has caused major imbalances in the economy here. It didn't work for the Soviet Union and it's not working in the "capitalist" world either.
This doesn't make sense. The Soviet Union fell for all sorts of reasons that weren't inflation related or even central planning related. Authoritarian states tend to do so in time.
I'd say it's working just fine, inflation is roughly 1-2% per annum and incredibly well controlled. We've got plenty of actual problems (like the cost of housing), though, this isn't one of them.
New Zealands actual inflation is way, way higher than 1.5%. You are very naive and gullible if you believe that number. You also have no idea how the cost of housing is determined. Central banks have artificially manipulated interest rates to an extremely low level, where savers are forced to malinvest in things such as housing, which is also encouraged by mortgage rates being way below the reasonable cost, because again, the interest rates are artificially low. The reserve bank governor even admitted they were at fault.
> New Zealands actual inflation is way, way higher than 1.5%. You are very naive and gullible if you believe that number.
It's defined with a mathematical formula based on a basket of goods. You haven't provided any sources other than your gut and a baseless assertion about gullibility. I have references [1, 2].
> You also have no idea how the cost of housing is determined.
It's literally on the investopedia write-up. [3] And also, it's basic, fundamental market economics. More supply, price goes down. Less supply, price goes up assuming constant demand. Sure lending makes unaffordable places more affordable. That doesn't really matter if you flood the market with supply though does it? [4]
FTA [4]: "Tokyo rent is cheaper because it builds lots of housing. Every year, the city adds about 100,000 new homes. This increase has more than kept up with the increase in population, leading to a housing surplus." Average rent is $2.50/sqft in Tokyo vs $6/sqft in SF. And they have negative interest rates. Supply. Matters.
> Central banks have artificially manipulated interest rates to an extremely low level.
Set them at a low level. That's their job. To maintain a consistent, low, predictable rate of inflation.
> The reserve bank governor even admitted they were at fault.
Look I'm not saying they're perfect, I'm saying inflation has little to do with the very real issues you call out.
You are fundamentally off the mark at every single point. The basket of goods specifically excludes things such as housing which is the by far the number one cost of living here, which leaves that "inflation" figure as an utterly meaningless metric.
>> Set them at a low level. That's their job. To maintain a consistent, low, predictable rate of inflation.
Your reading comprehension failed here. I am referring to control of interest rates, which has far reaching consequences beyond inflation. This is the "fatal conceit" of socialist minded people such as yourself. No one on this planet is qualified to control interest rates.
As for the Soviet Union - I was talking about their centralized / planned economy. Socialism. We have a socialist monetary system in the West.
Yes New Zealand is the least corrupt government in the world, apparently, and despite that, the divide between rich and poor is increasing. It has become way less affordable to live here since the mid 2000's and is not getting any easier. We are locked in to a corrupt global system. Our monetary policy is a slave to the global socialist monetary system.
(traditional, not "American") Socialism isn't central planning it's the state owning the means of production. To my knowledge, there's no concerted effort in New Zealand to have the government own the means of production.
> ...the divide between rich and poor is increasing...
For sure, and it shouldn't. At least in the US it really started to get bad after Reagan dropped the top income tax from 90% to the current 35%. And the estate tax from 80% to the current basically-zero. Nothing to do with inflation, in fact, inflation would reduce this spread as it would disproportionately affect those with more money, and aid those with debt.
Who would have thought that letting the wealthy keep more money would lead to the wealthy having more money? Shocking.
> We are locked in to a corrupt global system.
Explanation needed.
> Our monetary policy is a slave to the global socialist monetary system.
Is the global government (United Nations?!) trying to own the means of production?
Listen man, you’re obviously a very smart guy (I’m assuming your gender), but it seems that you haven’t been exposed much to the “Austrian School” of economics.
Keynesian theory is the orthodox economic religion, which you have fully subscribed to. Austrians are heretics and we are burned at the stake for our beliefs.
I’ve read both sides. The Austrian school is far more compelling and rational. It cuts through the obscurantist bullshit with precision.
To me, Keynesian theory with its justification for continued economic chaos, is for those suffering from “battered wife syndrome”. To accept the Keynesian excuses, is akin to a wife getting brutally raped and beaten by her husband every day, while telling everyone “It’s OK, I deserve it, he knows what’s best for me”.
If you haven’t seriously examined the Austrian side of the debate, have a look at this:
EDIT:
In the first link, read the paragraph that begins with "In the face of overwhelming arguments against inflationary expansion ..." . The entire article is good but that really gets to the point of inflation.
This post is nonsense. 1) FB claims they want to eventually make it a public network. Therefore, they'll need BFT sooner or later. 2) No blockchain can match a centralized system (WeChat, Visa, et al). 3) Very few languages have a formal semantics written in Coq. 4) So what if the crypto lib has additional functions? Algorand has VRF code in their repo. Is the whole project doomed now? And it would take a huge effort to verify a crypto lib ala Everest. Even cryptographers don't do it. 5) In the US many banks are in a consortium called Zelle which allows retail customers to send money around. It has finality; can't be reversed.
I don't give 2 shits about Libra. Gov'ts will clobber it anyway. But these criticisms are mostly "why didn't Libra do the latest bleeding edge researchy thing that no-one else does?" Because they had to ship this century, that's why.
> It is a pivot from a company whose advertising business is so embroiled in scandal and corruption that it has no choice but to try to diversify into payments and credit scoring to survive.
It's amazing to me that nearly every single expert that weighs in on this topic completely misses the intention behind Libra. Facebook wants to make money off of it's massive user gains in the developing world (like hundreds of millions of users massive), but many of those people don't have digital money right now. Libra wants to be their digital money so Facebook can sell more expensive ads.
It's really as simple as that. Move on from the "why" and talk about the rest of it which is the actually problematic part.
I'm confused about this article. I've read it, and it's skeptical of libra (which is fine) but makes handwavy and non concrete arguments about it's soundness. Can anyone tell me why it's so popular, besides just bashing Facebook?
It's bashing both Facebook AND blockchains using handwavy faux-intellectual arguments, and is thus in the exact sweet spot of Hacker News upvotability.
It appears in the case of the Move language it doesn't actually contain a 'linear type system'.
> The claim of the Move language to use of linear types appears to be unsubstantiated by a dive into the compiler as it reveals no such typechecker logic. As far as one can tell the whitepaper cites the canonical literature from Girard and Pierce and does nothing of the sort in the actual implementation.
I've been thinking and it actually makes a lot of sense for new ways to be created to transfer money and pay for things (though I'm highly skeptical of having it operated by Facebook and of the ad-hoc pump-and-dump-prone and whitewashing-and-tax-avoidance-friendly properties of cryptocurrencies). But when you think about it, it's insane that transferring money is something credit cards and payment processors can regularly charge a fee of 1.5-3.0% on. In order to change some numbers in a couple databases... The marginal cost of this ought to be less than pennies. The only reason they can even partially justify this is because of fraud and credit, and the costs associated with dealing with that. But what if we had a way to transfer money between entities that mandated two factor authentication to prevent fraud, and sidestepped the whole credit thing by only working if you had the money? (or required that you took the loan elsewhere, so the account that actually transfers the money does not have to deal with credit at all). Verify that the person is who they claim to be, and that they have the money needed, then do the transaction - no more, no less. No chargebacks, no credit checks, no fraud checks. Why isn't this a thing?
The actual cost of processing payment is far less than 1.5-3% - especially with debit cards (which actually implement most of what you think "is not a thing") but even when dealing with credit cards and the necessity to include some overhead for countering card fraud and chargeback costs and whatnot, the total cost is far lower, below 1%.
How can I know this? Well, how do all these credit cards that offer cashback bonuses in the realm of typically 1-2% make this unbelievable feat of paying you for paying stuff happen? They pay for it out of the 2-3% that they get for the transaction. Let's take 2.5% as a middle ground and deduce 2% cashback, that leaves us with 0.5% from which the actual costs of doing the payment have to be covered - and the profits to be paid to shareholders, of course.
Also, Europe has this nice regulation in place limiting credit and debit card interchange fees to 0.3% for credit and 0.2% for debit cards. This regulation has been in effect for a few years already, and the only thing that disappeared were these 2%-cashback-on-every-payment cards (or similar offerings, like granting airplane miles of about the same value). Debit and credit card issuers seem to be entirely able to operate under these conditions, which means that their actual costs of doing business must be under these fractions of a percent.
The credit card companies' share of the entire economy is problematic, but few companies could handle the threats of fraud in e-commerce as well, for as little. There's a very harsh tradeoff between ease-of-use and fraud protection, and it's not an easy problem to solve. Doing it for 3% is beyond most companies' (or governments') capacity. It may provide the incumbents with a healthy profit, but few if any newcomers would be able to get their costs low enough to survive on that.
>The possibility that a Libra node run by Mastercard or Andressen Horrowitz would suddenly start running malicious code is such a bizarre scenario to plan for and is better solved by simply enforcing protocol integrity and through non-technical (i.e. legal) means.
Refusing to rely on legal means of enforcement suggests the project views itself supreme over all national policies, laws and regulations. On the one hand, such a concept is usually the domain of autocrats, despots, and organized crime-- odd for a tech startup. On the other hand, it would suggest a system more secure from outside legal interference than, say, MasterCard. This detail tends to add a datapoint explaining the lack of support from global ministers of finance....
Would like to point that the work done by the curve25519 team is solid, Henry is also behind the ristretto RFC.
The reason Facebook used the BFT algorithm is for pure regulatory purposes (they needed a Blockchain therefore a solid consensus algorithm with failure tolerance).
The cryptographic constructions used are quite solid unlike OP claims.
The article also incorrectly claims that curve25519-dalek has never had security audits. It's had at least two by reputable cryptography auditing firms (Quarkslab and NCC), the former of which is public (the NCC audit was done at the request of my former employer and is private, but like the Quarkslab audit only found minor issues):
I think the start problem of Libra was to go with the ideas that:
1. One globally _uniform_ payment system is needed/wanted/makes sense. (It doesn't make sense due to regulation, is not needed, as long as a non uniform system still can make cross area transactions reasonable fast. It is not wanted (by some) as it put consumers at additional risk wrt. data protection and international conflicts).
2. Blockchain makes sense and "fixes everything", somehow, magically
Sure the current payment systems have a lot of problems. But many come from complicated regulations which makes building such systems harder not incompetent bank IT. I fear a single company can't do to much here. Especially because banking software has to be reliable from the get-to-go.
There are many valid criticisms of Libra, even if we restrict our view to the code. This article contains none of them.
However, use of a BFT consensus algorithm, newish crypto libraries, and missing but promised features in an unlaunched product are not reasonable criticisms.
BFT algorithms that scale well (Libra's will, that's one thing Facebook is good at) are great for public financial networks. All large companies end up implementing their own crypto libraries and for some (Google, Facebook) this ends up a net positive for the open source community.
Consumer protection will be there, Facebook is not going to knowingly violate local regulations in such an obvious way.
> smart contracts refer to logic deployed on public networks which allows escrowing, laundering money, and the issuance of extralegal securities and gambling products
An alternative company which actually seems to do good work w.r.t. safe languages is Alacris/LegiLogic. Though I haven't found the operational semantics of the language there is a public compiler that can be found here: https://alacrity-lang.org/codeeditor
This ignores the big problems in Facebook's Libra:
1) It charges ECONOMIC RENTS. The ethical asset backed and currency backed stable coin needs to pass profits from revenue generating assets to the currency holder. The member companies should only take a tiny slice of the profits. This is the MASSIVE problem.
2) Libra is designed that ECONOMIC RENTS will be sharecropped and sent to the member companies. This will be the economic incentives for them to force it on their customer base and create incredibly fast adoption. This is a good thing, except it turns evil by the economic rents from #1.
I'm no fan of FB or Libra, but I don't get it, how is that any worse than existing system? Banks charge huge interest rents and pass only a tiny (or zero) on to customers, credit cards charge even bigger interest rates in addition to fees that make all our products more expensive, ...
Interest rates are lower than at almost any time in history. They're usually strongly linked to default risk, which is why mortgages are about 2% but credit cards in the 10-20% range. But none of that is applicable to cryptocurrency, which doesn't really have a credit infrastructure at all and instead is trying to replicate something closer to negotiable bearer instruments.
Transaction fees are a real thing, but essentially that covers keeping fraud out of the system. In cryptocurrency that's your problem, and many of the "solutions" are riskier and in the end more expensive.
> in addition to fees that make all our products more expensive
There's a decent argument to be had that they make products cheaper.
What, you didn't think it was free to handle cash, did you? It takes time and effort to do that. So much time and effort that a lot of smaller places are going card-only here in the UK so they don't have to deal with cash.
Economic rents is an issue, but how else would you incentivize member companies to join into Libra in the first place?
The proven business models are "evil" to some population: 1. Charge fees (like paypal, stripe, bank ach / wires), 2. Collect interest via economic rents, or 3. Capture and monetize user data ala Facebook.
Can you think of a better way to jumpstart a new monetary network?
Yes, but we're not comparing cash, we're comparing one digital solution to another digital solution. Libra does have the potential to further reduce fees.
Also, in order to use EC, you need a bank account, so it doesn't help the unbanked, which do exist even in Europe.
What's the profit potential for Facebook here, especially above using an existing cryptocurrency for payments on their platforms?
Having low friction payments on Facebook makes sense, it build value into the platform and Facebook can capture some of that. But can't they do that with an existing cryptocurrency?
It doesn't seem like Facebook will maintain full control of the currency due to the consensus algorithm. There is power and control if Facebook continues to control the fork of the code base that everyone uses, but presumably nodes could choose to switch away from Facebook's fork. So I'm not seeing "control a currency" as a long term benefit.
It makes sense that anyone running a Libra node would make money, but anyone else running a node would make similar profit.
The article mentions that a long term goal could be "act as a data broker and mediate consumers access to credit", although again, doesn't the decentralized nature permit any node from taking those steps? That doesn't seem to uniquely advantage Facebook.
As others mention, once a cryptocurrency is "too big to fail", regulators are locked out. Is Libra really an easier approach to getting a cryptocurrency to that point, versus adopting and accelerating the growth of an existing coin (like Bitcoin)?
Does Facebook just think they can build a better cryptocurrency? I don't doubt that they can hire good engineers, but with all the politics and marketing focus on the code now, development is probably getting stressful and chaotic.
In a world where "everyone" uses Libra, they need a FB account to access their wallet, and FB will see every consumer decision at its most valuable - the point of exchanging money for goods and services. This is immensely valuable for an ad company.
> Not many people who work on financial infrastructure speak publicly about their work...
This was a bit of a throw away line, but I found it insightful. As someone who isn't in this space, my question is: why is this? Is it contractual, or is that just not part of the space's ethos?
Feels like we need to overcome this some how to achieve progress?
I build financial market infrastructure and in the last twelve months I've seen companies in my industry presenting at AWS and Splunk conferences, and a Cassandra meetup.
There are lots of great technologists in the space that are just like the rest of us and love sharing ideas. There are definitely NDAs in place, but "financial infrastructure" generally refers to processing systems, not trading systems. The former is increasingly utilized, while the latter generates alpha (i.e. where you actually make money).
People like sharing ideas about processing infrastructure because everyone benefits when the rest of the market gets better at it also. Your efficiency is only as good as your counterparties' efficiency. If their system breaks, you still have a broken trade that costs you operational time and money no matter how good your infrastructure is.
There is a lot more wrong with what this author wrote, but in the interest of time I'll keep my answer to the question asked.
Why would you give away any details, when each one of them might end up being a secret that is causing your firm to make millions of dollars?
The financial sector is many things, it's a lubricant of the economy, it is a prediction machine, it's a fascilitator of markets, but not least important it is setup as a game, where every player tries to outsmart the others. Why would you talk about how you are playing and give your opponents a chance to outplay you?
I wish superior innovation were more responsible for the bulk of profits. Weighted by volume, in more cases it is simple market power.
(Fun fact: Statistics was invented many times throughout history. Minus the last time, it was always hidden to make someone money.)
Even when you've got awesome secrets, you've still got other parts of the business. Open research moves faster. Libraries of books have been written about investment, or running a business, or writing software, or other profitable things. Granted, some of that comes from people teaching without acting -- but a lot of it too comes from actors with serious skin in the game.
> Not many people who work on financial infrastructure speak publicly about their work...
What pieces of financial infrastructure do you want to know about?
Mastercard and Visa (for example) publish a lot of information about their technology and standards, and certainly people aren't prohibited from talking about implementing them or interfacing with them.
It's hard to speak about the infrastructure because:
1) it's complex and relies on a bunch of concepts that are niche/uncommon in tech field, so it's really hard to make a short answer that makes your point understandable without adding an essay-length explanation about why some assertion of fact is actually true, or how some aspect of the financial system works slightly differently than the common understanding and has serious implications that usually doesn't matter only because the system is carefully engineered to ensure that this never happens, but for a different system it would matter.
2) you can't have a purely technical discussion because pretty much every factor of infrastructure is part technical, part legal, part financial, and you can't really separate these aspects because they put serious constraints on each other.
3) it's a bit emotionally unpleasant because multiple important, relevant aspects have political connotations and invite passionate debate about things that I'd like to assume as axiomatic and offtopic to the main point. For example if we want to debate why technical payment systems are the way they are and what other technical payment systems are plausible in the short-term, aspects like the need for reversibility are pretty much an undisputable unavoidable constraint from the legal/economic side to the technical part; IMHO any productive technical debate is possible only about how to best design systems within these non-technical constraints (and what exactly are the actual constraints), but a lot of the discussion here is centered whether these constraints "should" be there - which is interesting but a completely different topic, to note the "is-vs-ought" distinction, debating whether reversibility (or, say, KYC/AML) ought to be a requirement has absolutely no relevance to the debate whether and when it is a requirement. But it's hard to make a technical description of how/why something works without getting sidetracked into a political discussion of whether some must-have requirement should have a right to exist.
There's not really an ethos of secrecy (at least for the main infrastructure side), all the technical and legal (but not financial) details are generally available to whoever is interested but they are large and details matter, and key details differ between countries. Seriously, when getting started in the industry when I had spent months reading on various details of e.g. card issuing/acquiring process, I thought I had a reasonable understanding.... and now I know how a bunch of that understanding was slightly but dangerously wrong.
I am not sure you would consider me directly in that space, even though the vast and distributed nature of that "space" seems unlikely to produce someone that can be considered equal part high level broadly knowledgeable enough, technical enough to make a statement about the work, in addition to muck around here to provide an answer. I think your answer is lost in the crevices of the nebula of dissimilar characteristics.
That being said though, take or leave by following boiled down opinion on the matter that it is essentially just a form of greed that drives this ethos you highlight. It's both negative greed of people not wanting to discuss their secret sauce that does or could make them rich and wealthy, especially if and when it comes as the expense of others (regardless of whether it is only their sub-conscience that acknowledges it), not wanting to expose things like the spaghetti code that makes up the core of a multi-trillion dollar enterprise of maybe even the literal fraud being perpetrated to achieve riches, some self-delusion that obfuscation quals security that hopefully will prevent nefarious actors gaining insights.
The very nature of the financial industry, a store of value, worth, and a huge closet of misdeeds and fraud that is chocked full and bursting at the seams to reveal the putrid innards; makes it a massively sensitive matter and domain. The behaviors and actions or ethos of the financial industry is not at all dissimilar to when you interact with other dishonest and nefarious and secretive types who have dirty secrets to hide and ill gotten gains to obscure and squirrel away. But there is also a layer of honesty that must be maintained. The notion of "disrupting" the financial sector with the trademark wonton recklessness of the Silicon Valley mentality gives me shivers, because when, e.g., the WeWork fraud
One may as well have asked why African government officials don't publicly speak about how their government work or ask the CCP how China really works. But one could also even ask that question closer to home like how massively lossy Silicone Valley unicorns can exist or one may also ask for an audit of the DoD (which, interestingly, the recent attempt to audit the Marines led to the Auditor refusing to sign the audit) or the Federal Reserve (a set of private bankers that control the money supply without any accountability, oversight, let alone limits or balance of powers). Those are ALL equally sketchy and nefarious deceptive and manipulative smoke and mirrors slight of hand operations that one could ask the same question of why does not one speak publicly about their work.
You may be one of those that realizes that there is a thread that runs between all of the above.
> The possibility that a Libra node run by Mastercard or Andressen Horrowitz would suddenly start running malicious code is such a bizarre scenario to plan for and is better solved by simply enforcing protocol integrity and through non-technical (i.e. legal) means.
Hmm, I'm not sure I'm convinced. While "Mastercard as an entity turns into a malicious actor" doesn't seem like an important threat model, it seems to me maybe guarding against mailicious actors within (eg) Mastercard, as well as external attacks on Mastercard is? And justifies this stuff?
The possibliity that a node run by Mastercard would suddenly start running malcicious code doesn't seem that bizarre a scenario to me, if we remember it can happen not just cause the CEO of Mastercard directs it to, but because of criminal activities from hackers as well as employees for their own gain.
The author didn't say that we should trust MasterCard but he was saying that this trust issue can be solved much more efficiently via the legal system. And in practice the current system already works as billions entrust their financial transactions in these institutions.
Some people have the tendency to think that technology could solve anything and should be allowed to solve everything. This Libra thing is no better than the crypto-currencies.
Ok, now what if the legal system is the one trying to get them to run the malicious code?
For example, governments, in the past, have tried to prevent bank transactions from being sent to wiki leaks, even though they were never charged with any crimes.
The credit card transactions failed to go through, but the crypto transactions DID succeed.
Crypto currencies seem to have done a pretty good job so far, of preventing this attack vector.
I can think of no examples where a government has taken over a crypto currency yet.
I strongly agree with him on transaction privacy, though not for the reasons he lists.
Some issues, however:
1. His argument against BFT is "legal systems are efficient" (lmao). Also, the whole point of HotStuff (vs. PBFT etc...) is linear O(N) communication complexity outside of cascading proposer failures...
2. He clearly didn't investigate move bytecode-verifier, which asserts linearity.
3. Strong disagree on the untested crypto-primitives argument. curve25519-dalek is audited (x2) and written in Rust; simple and minimal; not a bloated, unauditable mess like TLS.
4. Consumer protection can be built on top via the wallet providers.
<Reading through the publications released, it is clear there is a fundamental deception in the stated goal and implementation of the project. Put concisely, this project will not empower anyone. It is a pivot from a company whose advertising business is so embroiled in scandal and corruption that it has no choice but to try to diversify into payments and credit scoring to survive. The clear long term goal is to act as a data broker and mediate consumers access to credit based on their private social media data. This is such an utterly terrifying and dystopian story that should cause more alarm than it does.>
<The overhead from the consensus algorithm serves no purpose and will only limit throughput of the whole system, and appears to be there here no reason other than apparently cargo culting public blockchain technology which is not designed for this use case.>
<Libra has no transaction privacy>
<The system is designed to be a very large way of replicating transactions to a number of external parties who under existing European and US bank secrecy laws should not be privy to the economic details.>
<Libra HotStuff BFT is not capable of achieving the throughput necessary for a payment rail.>
<Libra’s Move language is not sound.>
<Libra’s cryptography engineering is unsound.>
<Libra has no capacity for consumer protection mechanisms.>
> " It is a pivot from a company whose advertising business is so embroiled in scandal and corruption that it has no choice but to try to diversify into payments and credit scoring to survive. The clear long term goal is to act as a data broker and mediate consumers access to credit based on their private social media data. This is such an utterly terrifying and dystopian story that should cause more alarm than it does."
I used to think that Libra is just an attempt to combine the transaction speed of blockchain with the trustlessness of fiat, I didn't expect the rabbit hole to go so deep.
Facebook and a variation of "libre" in the same sentence makes so little sense to me that by definition I would refuse to use this product if it would ever reach market. Companies which main purpose is aggregation and selling of data to advertisers should simply not be trusted with financial transactions because in the end, this data will be used to make your financial transactions greater and more tailored to the advertiser paying the most for your data.
>For a system that is designed to be run in a consortia of highly regulated multinational corporates, all running Facebook signed code and access controlled by Facebook it simply makes no sense to deal with malicious actors at the consensus level. Why is this system designed to be byzantine tolerant at all rather than just maintaining a consistent audit log for compliance checks. The possibility that a Libra node run by Mastercard or Andressen Horrowitz would suddenly start running malicious code is such a bizarre scenario to plan for and is better solved by simply enforcing protocol integrity and through non-technical (i.e. legal) means.
BFT is still useful in that scenario as part of a defense-in-depth against compromise of some of the validators/nodes, yes even ones run by Mastercard or A16Z.
It’s certainly more difficult for that to happen in these settings, but given the state of the world with nation states rampantly hacking each other in any way they can of varying levels of sophistication, from social engineering to stealing user databases to stuxnet, having an extra layer defenses against that in a global currency is not superflous.
And that’s what Libra is, a global currency, not a mere payment system.
I am always amazed at the concept that blockchain is private at any level. The architecture is built specifically to share transactional data. It is useful for creating a digital entity that is unique and can be treated as currency, but the shared transactional nature is a huge, huge privacy flaw, as far as I understand blockchain (at least Bitcoin). Please correct me if I am wrong about the public nature of transactions - I haven't seen anything discussing the encryption of transactions but I am by no means an expert on this.
So assuming the transactions are accessible to anyone (and even encrypted is somewhat worrisome), what are the implications? Well, for a while Whole Foods was accepting payment by Bitcoin. That means if you know Whole Foods' Bitcoin account number you could simply look up all transactions to Whole Foods to see how much money they were making through Bitcoin, how many unique accounts paid them as well was when and how much. Does every business want their detailed transaction history to be public?
And on a personal level, I remember when Netflix released anonymized data of movie ratings with ratings and date stamps. From this alone, some people were identified by looking at other personalizing data: https://www.wired.com/2007/12/why-anonymous-data-sometimes-i...
All it would take is one data harvesting company to pair your account to your transactions and then could track everything you do through it. I really hope this isn't how all of this works... and even if there are protections to prevent this, it seems like a viable attack vector to consider for any blockchain technology.
> Well, for a while Whole Foods was accepting payment by Bitcoin. That means if you know Whole Foods' Bitcoin account number...
They wouldn't have just one "account number". Standard practice is to use a different address for each transaction, both for privacy and for increased security. (An attacker only has the public key hash to work from for any unspent transactions, not the full public key.) Now, these funds would probably be consolidated into a smaller number of holding accounts, and you might be able to deduce some other likely payments to Whole Foods by looking at which inputs were combined together in later transactions, but obtaining their complete ledger is nowhere near as simple as looking at one payment to Whole Foods and finding all the other transactions involving the same address.
I wouldn't worry as much about Libra’s byzantine tolerance architecture. Sure it is O(n^2) now, but it can be replaced. That can be optimized away, if the economics cause companies to push it into the market and make it have mass adoption.
Bitcoin, Ethereum and EOS have optimized away the exponential problem of O(n^2) byzantine tolerance. I'd be careful that that is just a short-term artifact of getting an early version running.
I have only studied Move by reading the whitepaper, but there's a gaping architectural hole that I found in five minutes:
public withdraw_from_sender(amount:u64): Coin {
let transaction_sender_address: address = GetTxnSenderAddress();
...
}
Checking the global txn sender address is not a sound way to authorize a transaction in a smart contract language. Consider that a buggy or malicious function in a different smart contract could call withdraw(). Linear type theory might prevent the resulting stolen coins from being duplicated, but they're still stolen.
I don't know if there is a clean theoretically sound way to do this, but here's an idea based on linear types:
The main function in a transaction is given a Sender object as one of its arguments. The Sender has a method that generates an assertion (an object) that the transaction intends to perform a specific action, e.g. withdraw 10 coins of type A. The withdraw() function takes an assertion as a parameter and calls a method that consumes the assertion before withdrawing the coins.
It sounds like what you're describing is passing a capability to withdraw balance (which is implicitly captured in an erc20's internal state via `approve` [0]). Of course, cap handling is probably a bit unwieldy for a snippet in a whitepaper, so they're likely making the assumption of "don't call untrusted code." I don't see a construction for sender delegation, so at least it reduces the TCB to the immediate callee.
Typical blockchain and Libra hatchet job, except this time under the veneer of someone with software skills. I will make some counterpoints.
> Byzantine fault tolerance is a fairly niche area of distributed systems research that concerns the ability of a networked system to endure arbitrary failures of its components while taking corrective actions critical to the system’s operation. Networks that are byzantine tolerant must resist several types of attacks including restarts, crashes, malicious payloads, and malicious voting in leader elections. This design decision is central to Libra and it makes zero sense.
BFT consensus is standard in blockchain. Libra is building a protocol and reference implementation but anyone can build their own implementation, just as Bitcoin and Ethereum have several clients written independently as separate open source projects. As Facebook intends to be just one member of the Libra consortium, and anyone (member or not) can write software to the protocol spec, BFT is the logical choice.
If Libra was trying to be a centralized entity owned by Facebook, then BFT consensus would make no sense. But it's not - Libra is supposed to be a decentralized blockchain payment system, similar to Bitcoin, so BFT is the logical (and standard!) choice.
> Libra has no transaction privacy. By the admission of the whitepaper the system is designed to be pseudonymous meaning the addresses used at the protocol are derived from elliptic curve public keys and contain no metadata about the accounts.
This means the same level of anonymity as provided by Bitcoin. Post-transaction analysis may identify the owners of keys by cross-referencing known addresses, but onchain it is unknown. Again, very standard in blockchain. There are various techniques to improve privacy, such as how SiaCoin generates new addresses for every transaction by default, but again I want to emphasize that the shrill language used by the author is coming from someone who doesn't understand the technology. I agree with him that Facebook could (and probably will) improve on Bitcoin's pseudo-anonymity, but claiming outright that this is some sort of grand oversight is just plain wrong.
> Libra HotStuff BFT is not capable of achieving the throughput necessary for a payment rail... There is no technical reason that cross border payments could also not settle instantly, except for the differences in rules and requirements across the jurisdictions involved.
This is more about the philosophy of our payments infrastructure. Let's assume Facebook solves scaling, which is a problem many blockchains have solved (or are solving) in various ways. For example, Bitcoin's lightning network moves small transactions off-chain to settle later in one transaction that batches them. I'm not saying that's a good solution, either for Bitcoin or for Libra, I'm just saying the scaling problem can be solved even if the consensus algorithm is limiting.
On the question of "why use blockchain for payments at all", this is more philosophical. You have monopoly-controlled payment systems that tightly control who can integrate with them and improvements to the core level take years / decades (see ACH in the USA). Blockchain is one major way that software is eating finance - companies and individuals will be able to hack away at the system and build novel innovations with much less friction. Whether you think this is a good thing is a matter of philosophy.
> Libra’s Move language is not sound... In the public blockchains, smart contracts refer to logic deployed on public networks which allows escrowing, laundering money, and the issuance of extralegal securities and gambling products. These are typically done in a shockingly badly designed language called Solidity, which from an academic PL perspective, makes PHP look like a work of genius.
Clearly biased, Solidity has its warts but it is successfully being used for billions of dollars in real-world transactions per day. The author is something of a compiler hacker according to his Github so I assume he feels qualified and passionate to speak on this. But Move has not been battle-tested yet so I would at least let it get finished and deployed before claiming it's dead-on-arrival.
> Libra’s cryptography engineering is unsound.
Facebook, like many other companies, can pay for audits and formal verification of crypto libraries. As Libra will not be production-ready for years (it isn't live today!), I think we can give Facebook the benefit of the doubt on this. They are a massive company with near-limitless resources.
I want to conclude by saying that blockchain and cryptocurrency are knee-jerk hated by Hacker News, and have been so for years. You typically won't find positive (or even neutral) opinions on it, nor casual HN comments discussing the minutiae of the underlying tech the way you would for (say) Rust.
People who are deep into this scene are posting on other websites that aren't as negative on the subject. There are indeed highly technical and competent people who work in this space. However it remains quite niche given its outsized mindshare in society. I encourage people to keep an open mind, there are very interesting problems to be solved if you can avoid the overwhelming criticism.
> Let's assume Facebook solves scaling
...
> Move has not been battle-tested yet so I would at
> least let it get finished and deployed before claiming
...
> > Libra’s cryptography engineering is unsound.
...
> Facebook, like many other companies, can pay for audits
> and formal verification of crypto libraries. As Libra
> will not be production-ready for years (it isn't live
> today!), I think we can give Facebook the benefit of
> the doubt on this.
That's a lot of benefit of the doubt! There are situations in which such generosity is warranted, but this is not one of them. "Move fast and break the financial system" is a philosophy we've seen play out before. It's bad.
(I find particularly strange the idea that we should give them the benefit of the doubt because they're a huge rich company.)
> > Libra has no transaction privacy.
...
> This means the same level of anonymity as
> provided by Bitcoin.
Diehls' point regarding privacy is not that pseudonimity is inherently bad. It seemed to be that pseudonymous networks (like Libra or Blockchain) do not satisfy US or EU legal requirements.
> I want to conclude by saying that blockchain and
> cryptocurrency are knee-jerk hated by Hacker News,
Looks like the "guy with no software skills" and his team has created their own blockchain, and cryptographic implementations around bulletproofs, sonic zksnarks, pairing, etc.
> People who are deep into this scene are posting on other websites that aren't as negative on the subject
What other technical analyses of the Libra software are there? So far I've seen this and Elaine Ou - who I'm sure you would concede knows a thing or two about the space, even as she's a bitcoin maximalist - being shocked at how incomplete the code dump was: https://www.bloomberg.com/opinion/articles/2019-06-20/facebo...
> Libra is supposed to be a decentralized blockchain payment system, similar to Bitcoin
There's a very big difference between Libra and Bitcoin. In Bitcoin miners can come and go as they please, and they don't have to be known or trusted. Bitcoin's innovation with POW was to make this possible at all.
In Libra the consensus nodes are known, making POW unnecessary.
Genuine question: how do I share code with other parties in the industry?
Suppose that I'm working in the insurance industry and I want my company A to share the ownership of some code (and its execution) with company B. It's a redundant piece of code that would otherwise be implemented in both companies internally.
We may share a repository. That's simple and clear. But who is going to run this code? How do I know that the code running is the one shown in the shared repository?
When I see things like Hyperledger Fabric, I see a possible solution to this problem (although I don't know about the downsides of Fabric). I can ensure that, given the same inputs, all parties will produce the same outputs. This seems like a fair use for a permissioned blockchain and smart contracts.
But what else is out there? How would you approach this problem?
Not sure if that because he is setting himself up for a new job at Libra after his BoE gig finishes in 2 months, or is there merit to the idea and appetite from central bankers?
> Aside from the perhaps lack of developers / competency, I wonder why central banks don't issue digital currencies themselves?
Why would they though ? I can transfer money worldwide in a few hours for very little fees already. Normal currencies are good for 99.99% of use cases. Aren't most currencies already mostly digital, they're literally integers in databases around the world, most of it isn't backed by any physical currency.
Facebook wants its own currency because it would allow granular tracking and profiling like never before. What would banks gain from it ?
1) Geopolitical - if there was a widely accepted, regulated global currency that is relatively non-volatile, pegged on a basket of assets, I think many countries would gladly do cross-border trade in that rather than USD. I don't think Libra will be it, because it's perceived as being Facebook coin. But an effort from central banks could be it.
2) mainstream programmable money doesn't really exist, neither do microtransactions, or access to the financial system for many of the world's poor
>> I wonder why central banks don't issue digital currencies themselves?
Because they already have one? And it comes with handy features such as being available in paper form, storable in a regular DB, relatively stable and manipulatable and easy for everyone to understand. And a whole host of other goodies gleaned out of 400 years of attempting to keep the gears moving while keeping economic implosion to the bare minimum.
Aren't all currencies digital these days? When I receive my salary it's just an entry in a digital ledger and when I buy something it's just another entry.
This whole article sounded like he started with a conclusion and then found reasons to support it. It doesn't look objective. I am no supporter of Libra but increasingly media and influencers are about starting with a belief/conclusion based on their bias and then finding proofs for it. Perhaps that's how any human mind works!?
> The possibility that a Libra node run by Mastercard or Andressen Horrowitz would suddenly start running malicious code is such a bizarre scenario to plan for and is better solved by simply enforcing protocol integrity and through non-technical (i.e. legal) means.
> The overhead from the consensus algorithm serves no purpose and will only limit throughput of the whole system, and appears to be there here no reason other than apparently cargo culting public blockchain technology which is not designed for this use case.
> ... the model as proposed is hundreds of person-years away from being able to handle global transaction throughput and would likely have to be completely redesigned from first principles.
> Enterprise software consultants generally thrive on ambiguity and smart contracts are the apotheosis of enterprise obscurantism because they can be defined to mean literally anything.
> It should be assumed this entire crypto stack is vulnerable to a variety of attacks until proven otherwise. The “move fast and break things” model should not apply to cryptographic tools handling consumer financial data.
> The final conclusion one must take away after doing technical due diligence on this project is this simply that it would not pass muster in any respected journal on distributed systems research or financial engineering. Before trying to disrupt global monetary policy there is a massive amount of a technical work needed to build a reliable network the public and regulators could trust to securely handle user data.
> I see no reason to believe that Facebook has done the technical work needed to overcome these technical issues in their project, not does it have any technical advantage over existing infrastructure that already works. Claiming one’s company needs regulatory flexibility to explore innovation is not an excuse for not doing it in the first place.
> The overhead from the consensus algorithm serves no purpose and will only limit throughput of the whole system, and appears to be there here no reason other than apparently cargo culting public blockchain technology which is not designed for this use case.
I may be behind on Libra news, but my understanding was that the permissioned blockchain governance model would only exist during the bootstrapping phase to launch Libra and would eventually evolve into a public blockchain once it reaches some arbitrary point of stability. If that is still the case, then wouldn't Byzantine fault tolerance be required from the get-go, assuming Facebook wants to avoid a hard fork of Libra?
Crypto in general still have a ton of security flaws. To call out a specific currency is silly. Lets acknowledge that there is still tons of security to fix with crypto in general.
When you make a oversea money transaction the banks take up to 20%. For every electronic transaction a bunch of middle-men takes a percentage. Maybe there need to be a payout for those that keep the system running? Like in Bitcoin mining ... But the thing is, transactions can be highly automated, with almost zero marginal cost (the cost of making yet a transaction when you already process millions per second). So the transaction fees for the middle-men is almost pure profit after a certain level. So there will be efforts to make sure any joint solution fails.
The author correctly states that BFT algorithms are meant to handle arbitrary failures, but then explains how that is the wrong choice because one shouldn't handle malicious actors at the consensus level. Yet there are categories of faults that cannot be handled by basic FT systems, that BFT systems can handle, and are not due to malice. So all in all, BFT is the right choice.
There have been a lot of posts and responses about Libra. The core of it is that FB wants to be an unregulated bank. That is all this whole thing is about. Given the current (and post 2020 political realities?), it is no wonder all the established payment companies tapped out. This effort will be delayed until their is a government structure willing to look the other way. It will also be really interesting to see how this gets rolled out against GDPR and other European laws.
As time goes on, it's increasingly looking likely that it won't be rolled out in Europe[0].
> "Libra is not welcome on European soil," French Economy Minister Bruno Le Maire told reporters the sidelines of the annual meetings of the World Bank and International Monetary Fund
> "Do we want to put monetary policy in the hands of a private company like Facebook? My answer is clearly no," he said
Worth noting however that Facebook could register some entity as a bank and operate the Libra service from there (even sharing offices with Fb, that's not illegal afaik).
They would fall under all possible kinds and manners of banking regulation, but it's viable; many companies originally outside of the fin sector are offering financial services now (notably Orange, the French leading and historical ISP, formerly a state-owned public company).
This would likely result in some tiny fee when crossing in/out of the traditional banking sector (from/to Libra and some regular account or merchant paying system), and maybe when entering/leaving Europe, but would remain largely free for Libra transactions within the EU.
Which, as I see it, is the purpose of said regulation: to protect EU citizens (account insurance up to €100K, rights to certain features like free inter-bank transfers within the EU, etc). Libra unregulated would basically fall to Facebook's unilateral rules for protection and features, and that just isn't acceptable to the EU.
So far as I can tell, (a) Calibra will be a "custodial wallet", i.e. it'll hold the Libra tokens and present to the user a bit like PayPal; (b) they're talking up a Libra-per-currency, rather than the synthetic basket; (c) they're actively at work developing Calibra, in some sense.
To me, it's increasingly looking like they're heading for Calibra as PayPal-but-it's-Facebook. This is a more sane and comprehensible business idea, at least.
Indeed, and thanks for the info. Makes sense, definitely.
Basically just a layer of abstraction like in-game currency in virtual worlds, only this one has some 2.2b 'players' so the in-world PayPal is one hell of an easy way to transfer money?
That's much less sexy from a technological and social standpoint, but it might just be the simplest way to both reach a solution and seduce just enough blockchain lovers for the 'buzz' (best fueled by Controvery®).
When you think about it, people use items as secondary currency to exchange real-world money since forever and a day. E.g casino chips (physical), in-game assets ("virtual" but really we just mean software i.e. codified text, like we'd write score cards in tabletop RPG, or... computer punched cards). Colibra, fundamentally, would be just that...
So much ado about nothing if it turns out to be such a custodial abstraction. Now I expect Colibra lootboxes and gift shops in WhatsApp and Instagram! — once you've seen people spend hundreds on pixels in games, cosmetic shaders to embellish their avatar, you know there's no limit to human commerce. Probably Facebook's endgame with Libra if you ask me.
Well the only thing that is clear that people seem to be a bit hand wavy about what exactly is being blocked and why it is being blocked. Lets clear that up a bit.
Libra is several things, most of which will be hard/impossible to block without new laws and also blocking a large amount of currently legal things. So, blocking all of it is not a thing.
First it's an oss blockchain platform. It's similar in design to several other blockchain platforms; none of which are currently banned anywhere. Banning software is (mostly) not a thing.
Once it gets to a stable state, somebody will fire up some nodes and a Libra network comes into existence. If other blockchains are any indication, there's a good chance there will be multiple of these (e.g. testing and public). Blockchain networks don't get commonly blocked and you can legally connect to most blockchains out there from most countries. Blocking blockchain access is not a thing.
Then it is a legal entity based in Switzerland with representatives from lots of companies (though minus a few of course as of a few weeks ago). This too is nothing special. Doing business with, being a member of, or interacting with this legal entity is not subject to blocking either.
Then there are the countless financial products, tokens, etc. you can build on top of Libra, most of which are going to be similar to other stuff out there and many of which are not currently illegal or blocked in the EU or the US.
One of those things is the Libra coin. As such coins don't get blocked but the organizations that create them are subject to legislation. The controversial thing about Libra is related to how Facebook intends to implement mechanisms for controlling its value. These are in scope for legislative action.
Once all this is up and running, Facebook plans to integrate some kind of wallet type solution to do payments into their products. That would be similar to Paypal, Android Pay, WeChat, and other stuff in this space. Payment solutions as such are fine as well. Payment solutions using some kind of stable coin are also fine. Several fintech companies already do this, legally.
So, Facebook and the Libra foundation have quite a bit of wiggle room to make most of the above a reality. Yes there would be legal hurdles. The only thing that stands out is Facebook's intention to do market making (via the Libra Association) this is the bit that is controversial. When politicians say they want to ban Libra, what they are saying is that they want to ban all of it because of this market making. The reality is that they will likely try to create some legal hurdles for the market making. Facebook can then choose to work around those.
E.g., you could feasibly implement some alternate coins (simple euro and dollar stable coins like already exist on exchanges) and Facebook has already indicated that they are thinking of doing exactly that.
IMHO it is entirely likely that Facebook may give in to the political pressure to not do this given that they already are under pressure on other fronts. This would happen before they get blocked. But if they push through with this, it's very likely that the legal and political fights around this will be very lengthy. Legislation around this topic will be slow and translating the uninformed but widely spread sentiment "we don't like this" into concrete action is not likely to happen fast.
The article is so confused about the underlying reasons for choosing a decentralized (among Libra members) ledger that it boggles the mind.
It's a legal move. Not a technical one.
Regarding privacy — it seemed obvious to me that privacy solutions for Libra would be build on top of Libra (the so-called "Layer 2") and not within the core protocol.
Stephen's critique here is bizarre and lacks context.
As soon as blockchain is even mentioned on HN, everyone loses their freaking minds. For some people that tout themselves as intellectuals, they just seem to parrot that 'blockchains are useless' without even taking a cursory look into the technology. It seems to me that a lot of people here fall into the category of ultracrepidarianism.
If that were true, then they would come to a different conclusion. There are several examples of useful applications that are live today that would be otherwise impossible without a public programmable blockchain.
Bitcoin launched with crypto that was replaced later. Yes, the algorithm, key length and similar things need to be right at the start (or back compat is harder). But the cypher and cryptography library implementation can be wholesale replaced, without a problem. Just as you pointed out, Microsoft did with a new TLS library.
Not being able to reserve payments is a FEATURE and not a BUG. That inherintly breaks a currency that is fast and removed of human transaction approvals. My thesis is that refunds will need to operate at a business level at a higher level. Their KYC and AML can be effective at backing that up.
It is a mis-feature - it is done intentionally, but it is a bad idea. Having to go through the legal system to reverse a fraudulent transaction is a huge hurdle compared to the current state of affairs, and it will significantly impact the use of Libra for internet payments.
This is a well-written post, although obviously carrying some confirmation bias against the idea of a cryptocurrency.
I'm also obviously biased, but if people are interested in my opinion (and only my own) here it goes.
> Libra’s byzantine tolerance on a permissioned network is an incoherent design.
There are two aspects here that the author seems to forget:
* The next best system, that a consortium of very different companies (think from different countries) would agree to run together is probably a protocol like Certificate Transparency which would be too slow and would have no mechanism to prevent double spending. If you're not doing this, then you're probably using a protocol that doesn't tolerate faults and the first time you have a fault your protocol collapses. There's probably a reason that Venmo cannot talk to Paypal which cannot talk to Square.
* Libra will eventually move to a permissionless setting, which means it has to be designed from scratch to support this evolutionary change. You can agree or not with this, but this is the way it was planned.
> Libra HotStuff BFT is not capable of achieving the throughput necessary for a payment rail.
Two things again:
* The number of people in the world who uses GBP vs the number of people who will use Libra at launch is probably not comparable. This means that Libra will be perfectly fine to carry the load for a number of years.
* Current research has shown that the largest throughput improvements are hidden in layer 2. If you don't know what layer 2 is: basically you do transactions off-chain, with whatever protocol you have, and only sometimes do you confirm the current state on the chain.
> Libra’s Move language is not sound.
I believe the type checking (and other checks) are done by the VM, (but that's not my domain so I might be wrong). Indeed, why would you trust the compiler to do the right thing?
> Libra’s cryptography engineering is unsound.
There are two things in this section that are completely wrong:
* No, dalek is not the "wild west” and is actually written by some of the few people who you could trust to write such a library. Yet, audits are planned. Also: we do actually use formally verified code! We have integrated fiat-crypto (a formally verified library, not a cryptocurrency :D) into dalek in order to use formally verified field operations.
* Neither do we use VRFs, bilinear pairings, and threshold signatures (they are just experimentations at this point) nor are these new tools or techniques. I don't have to say much at this point but I would take the author "It should be assumed this entire crypto stack is vulnerable to a variety of attacks" with a huge grain of salt.
> Libra has no capacity for consumer protection mechanisms.
Of course, it is a financial backbone, not a financial service.
>For a system that is designed to be run in a consortia of highly regulated multinational corporates, all running Facebook signed code and access controlled by Facebook it simply makes no sense to deal with malicious actors at the consensus level. Why is this system designed to be byzantine tolerant at all rather than just maintaining a consistent audit log for compliance checks. The possibility that a Libra node run by Mastercard or Andressen Horrowitz would suddenly start running malicious code is such a bizarre scenario to plan for and is better solved by simply enforcing protocol integrity and through non-technical (i.e. legal) means.
Eh, I'm not so sure about that. It seems like a good feature that hackers successfully targeting a single node don't take down the whole system.
>In congressional testimony the product was stated as a challenger to emerging international payment protocols such as WeChat, Alipay and M-Pesa. Yet none of these systems are designed to run on byzantine tolerant pools of validators. They are simply designed in the traditional high-throughput bus that orders ledger transactions according to a fixed set of rules. This is the natural approach to designing a payment system. Preventing double-spends and forks is simply not an issue that a properly designed payment rails should ever have to deal with by design.
I would assume these systems are each run by a single company though, no? Which makes them fundamentally different from what Libra seems to be aiming at.
>The overhead from the consensus algorithm serves no purpose and will only limit throughput of the whole system, and appears to be there here no reason other than apparently cargo culting public blockchain technology which is not designed for this use case.
On the contrary, running byzantine fault tolerant consensus on a small number of node partners (which each submit aggregations of transactions from their clients) seems like exactly the kind of system that blockchain technology is best suited for. Not the kind of highly distributed consensus we see in e.g. bitcoin.
>A defining feature of a payment rail is the ability to reverse transaction in case payments need to be undone by legal action or if they result in accidental or system malfunction. The Libra system is designed to have “total finality” and does not include a transaction type to reverse a payment.
I don't know that this is necessary? A transaction can of course be reversed simply by making the inverse transfer. I don't know what kinds of annotations / metadata they would be storing in the ledger for audit trails, but it doesn't seem to me like a reverse transaction should be treated extra special.
Disclosure: I work for Facebook in a totally unrelated initiative (Facebook Connectivity) but have only cursorily followed Libra news in news media. I'm generally highly skeptical of cryptocurrencies, but less skeptical of distributed byzantine fault tolerant ledgers as a general technology for some niches. My comments are completely my own personal views.
For the case of "A transaction can of course be reversed simply by making the inverse transfer." the equivalence is broken by the technical authorisation required - in most systems if I'm able to make a transfer, I'm not able to simply make the inverse transfer, that other person is able to make the inverse transfer. So the question of reversals essentially is whether the inverse transfer can be made (and if so, under what conditions) against the wishes of the original recipient.
And when there's a good answer to that, the next question is what are the exact consequences to reversals (or attempted reversals) of money that's "not there anymore" - e.g. there's a valid transfer from A to B; followed by a transfer from B to C; followed by a need/decision to reverse the A to B transaction (which is a very, very common scenario in e.g. scam resolution). For systems that treat money as the conceptual equivalent of "stuff" (e.g. Bitcoin) that's a very hard question; most of our financial infrastructure (probably for millenia) treats money as the conceptual equivalent of "debt relationship" i.e. a metric of who owes whom how much, and then it's a bit easier but still not trivial.
I am not affiliated with Libra in any way, but I cannot agree with this article. Let me respond point by point.
Libra’s byzantine tolerance on a permissioned network is an incoherent design.
The criticism here is that byzantine tolerance is not needed, when every participant is a regulated multinational company. But it certainly isn't a bad thing to have byzantine tolerance. Maybe a set of the regulated multinational companies will have backdoors put in place by a malicious entity - that has certainly happened before.
The downside of byzantine tolerance is the computational overhead. Yes, there is going to be a cost in throughput. But it just doesn't make sense for Libra to optimize for transactions-per-second at this point. If they run into scaling problems, then they can optimize. Right now they are quite far away from having scaling problems.
Libra has no transaction privacy.
It's the same privacy level as Bitcoin. Transactions are public, endpoint identities are trackable but don't have real identities attached. You can say it isn't a good set of tradeoffs for a cryptocurrency to be pseudo-anonymous. But it doesn't make the system "architecturally unsound".
Libra HotStuff BFT is not capable of achieving the throughput necessary for a payment rail.
Again, it doesn't make sense to criticize Libra at this point for not being able to achieve tens of thousands of transactions per second. If they start running into scaling problems, they can work on all sorts of extensions and improvements then.
Libra’s Move language is not sound.
The criticisms here really boil down to "Move needs more work". It isn't fundamentally unsound, it just needs more work.
The claims seem to reduce to nothing more than handwaving and marketing rather than actual proof. This is an alarming position for a language engineering project which expects the public to trust it to handle billions of dollars.
Okay, well don't go putting a billion dollars in a Move smart contract tomorrow. Programming languages, and especially programming language documentation, can be improved a lot over time.
...
There's more in the article, but really, it reads like a rant, where the author is so biased by their hatred of Facebook that they think every little thing that Libra does is wrong.
IMO, the core mistake behind Libra is assuming that regulators would be okay with it, because it isn't very different from other permissioned cryptocurrencies, like Stellar. Instead, regulators have been quite opposed to it because Facebook is behind it, even when technologically it isn't very unique. It is certainly not "architecturally unsound".
Wait for enough confirmations where the payment becomes unlikely to reverse, which of course takes time and that's the more practical blocker for regular shops to accept Bitcoin.
They aren't doing that, in places I've seen, they just take your payment and let you go away with that. (I've never paid myself, but I've seen other customers do so)
If it's raw bitcoin, they couldn't even be sure that the transaction is a valid one (that the wallet has the funds in the first place, not even talking about double spending). I suspect they use some kind of third party like Coinbase, and that there aren't really using bitcoin at all (and just use Coinbase as a bank) but I'm not sure.
Thanks. I'm not sure I understood the answer given in the specific post you're liking to (or at least, I don't see how it answers my question). A following response linked to this story: https://www.ccn.com/bitcoin-atm-double-spenders-police-need-... which gives a pretty good answer.
There are 2 approaches to Bitcoin Network usage in play. Bitcoin Core team went with RBF(Replace-By-Fee) which gives rise to the double spending problem as the funds can be re-directed before a transaction gets in to a block. And Bitcoin Cash protocol implementation removed the RBF to support trust in 0-confirmation. There are even more optimizations in BCH implementation of Bitcoin, you can review it here https://cash.coin.dance/development
From my quite limited understanding, RBF basically allows to cancel a transaction (since you can set the fee to something that would never be accepted in a block) which is even worse than a regular double spending, because in the end, nothing at all is spent.
But even without RBF, there's nothing stopping you from spending the same coins online and in a restaurant at the same time. I'm not even sure if a restaurant would know that you and you're friend aren't actually spending the same money twice for your respective meals.
0-conf transactions have timestamps and the receiving wallet/node checks for the tree of transactions to even allow the spending of unconfirmed transactions up to a limit of 25 for now, there is on-going research and testing to up this limit to 500 that was sponsored by SatoshiDice https://twitter.com/PeterRizun/status/1181980303033692162
For a list of transactions trying to double spend BCH and failing at it, see this https://doublespend.cash/
"Digital cash" is really the best way to explain the uses of it. Cash is still useful as well. And, equally, don't fall into the cashless utopia "why would anyone want to use cash except criminals?!" trap either.
Just ignore this Facebook Libra pollution; failure from inception, as the producer cannot be trusted for shit, which is prerequisite #1 for this type of endeavor.
The point of Libra is to create a consumer small purchase transaction medium with low friction. Businesses using it only care if it has enough Swiss backing so they can get a week’s business or two turned into real currency.
It only has to be sound enough for those goals. As it is used more it will get hardened.
The killer use is being able to pay overseas contractors without friction. Since there is no privacy, government on the other end will levy instant income tax withholding with glee.
--
Regardless of the other, far more important sections of this article, I find the section about the programming language misleading. Programming language theory does not study the quality of programming languages or their suitability to certain tasks. It is simply outside the purview of the discipline. PLT does not have any tools whatsoever to determine which language is more or less suitable and it is not interested in that question. The theory studies the properties of formal systems and the internal implications of their design. Much like mathematics can deduce from the Peano axioms that 10 > 5, but it says absolutely nothing about whether 10 is "better" than 5 because the answer to that depends on context (are we talking cookies or tumors?) that is simply outside the purview of mathematics. Similarly, PLT can say whether a certain formal system is sound or not, but it says nothing whatsoever about whether soundness is "good", "bad" or neutral, and certainly not how good or bad it is. Of course, programming language theorists have opinions on the matter, but those opinions are not supported by the theory.
Also, given the other glaring flaws, there is nothing to suggest that a formal definition of the programming language would improve matters in any perceptible way. After all, we do entrust the world's monetary system, and sometimes even our lives, to software written in programming languages that don't have a formal definition. As someone who studies the issue of software correctness, a formal definition of a programming language is certainly of interest to theorists, but it has not been shown to be a particularly worthwhile means of increasing correctness.