Then what should folks do? The alternative is having to "run your own encryption" by running your own Password manager on your own infra or re-using passwords
Yup. You pretty much have to do this. I love signing into my bank's bill payment system. "You appear to know your password and possess your second factor. But what's your favorite book? <all lowercase favorite book> WRONG YOUR FAVORITE BOOK IS ACTUALLY <starts with an uppercase book> NOW YOUR ACCOUNT IS LOCKED."
Even if you're using real answers, you will be locked out of your account if you don't treat them like passwords. Eventually.
Worse yet, real answers are just weaker passwords. Mother's maiden name? Childhood friend? Elementary / high school? For a targeted attack, against most people, this is very insecure in the all information online age. Nobody needs to know your 20 character password if they have your social media page.
Why? I found them way easier to review than regular PR during my time at fb. Since every commit is cleaner, you get fewer, higher quality commits than in a PR.
Didn't know that about the comp at his companies. Kind of crazy considering the risk to human life associated with many of his companies. Would've expected them to pay top tier.
Do you explain TLS to casual internet users? I'd like to see that.
The regular non-tech savvy user doesn't necessarily have to understand the details. That's why people are working on such solutions in the first place. Someone experienced with blockchains would never connect their wallet to a random stranger's and approve draining their funds. However the massive hype around them has brought in a lot of new users.
Wallets have come a long way from people writing their private key on a piece of paper back in the early days. The above complaint is bizarre in this context, because what they described is the exact opposite of what's actually happened. Every reputable wallet team has worked hard on improving security over the past years using strategies like social recovery, multi sig, cold storage of keys, etc.
The crypto space is rediscovering the financial system from first principals. At least by the end they can hopefully appreciate that the original government controlled system actually works the way it does for a reason.
> At least by the end they can hopefully appreciate that the original government controlled system actually works the way it does for a reason.
"A religion cannot fail, it can only be failed"; I admire your optimism, but I expect that the true believers will not question whether the premise of cryptocurrencies is wrong, but rather will twist themselves in knots to find new scapegoats as to why it doesn't work the way they expected.
All of these scams, crashes, and exploits are things that happens previously with regular currencies and have since been regulated away. Now crypto comes in with unregulated currency and runs in to every issue the regulations existed to prevent.
These scams, crashes, are exploits are non-issues to anyone with a reasonable degree of competence and skepticism. The solution is not to "fix" the system by removing user agency so that even an idiot can use it safely, but to educate users so that an idiot doesn't need to use cryptocurrency in the first place.
This criticism of cryptocurrency would be analogous to criticizing the concept of fiat currency by pointing to the inflation of the deutsche mark as an example. The cryptocurrencies being discussed here are real cryptocurrencies, they are bloated and useless shitcoins. Any credible project would not have all the bloated crap that enables the "exploits" mentioned in the article in the first place.
You can't both want crypto to have a real, material future and also simply blame the user for everything they get wrong or don't bother to educate themselves on.
If it's harder and riskier then the user isn't going to care if it's their fault or not.
Do you want a world where crypto is common and useful, or do you want it where it's the web equivalent of casinos, with some sharks making money off suckers but most people not taking it seriously as a "real" or useful business?
>You can't both want crypto to have a real, material future and also simply blame the user for everything they get wrong or don't bother to educate themselves on.
I can and I will. People know not to give out their credit card numbers to fishy businesses or install untrustworthy software on their computer. Why does that personal responsibility suddenly disappear when we talk about cryptocurrency?
>Do you want a world where crypto is common and useful, or do you want it where it's the web equivalent of casinos, with some sharks making money off suckers but most people not taking it seriously as a "real" or useful business?
The path to the world where crypto is a common and useful tool starts with these speculators and gamblers losing all their monopoly money and leaving. It's no surprise to me that the "scams" and "exploits" mentioned in the article are enabled by bloated "smart contract" cryptocurrencies like etherium that serve little real purpose.
It's pretty well known that individuals _do_ need protections against this while institutional investors do not. When crypto gets on the news, regular, uninformed people go and dump their life savings in to it. No matter how much you tut tut and say they should have done their research, they will still do it. And preventing people from losing their life savings on scams is good for society in general.
No. If you invest your money in something you do not understand, you deserve to lose it. I'm sorry you think that you need some authority to put their thumb on the scale and tell you what you can and can't do with your own money.
Why do you believe that victims should be punished? Wouldn't it be more compassionate to recover their losses and punish the perpetrators? Trust shouldn't be seen as a weakness. Trust powers all the best things humans can do. Trust should be rewarded, not punished.
>Why do you believe that victims should be punished?
I don't believe victims should be punished. I just don't think victims should be rewarded either. I do think that the perpetrators should be punished.
>Wouldn't it be more compassionate to recover their losses
It would be "compassionate", but it would also encourage people to make risky and stupid decisions. Tough love I suppose.
>Trust shouldn't be seen as a weakness. Trust powers all the best things humans can do. Trust should be rewarded, not punished.
There is a difference between knowledge, trust, and blind faith. Your inability to discriminate between the three is what allows you to mix these unrelated platitudes.
> It would be "compassionate", but it would also encourage people to make risky and stupid decisions. Tough love I suppose.
What you call tough love, I call inflicting trauma that makes everyone worse off. No one should ever risk being destitute. There's no societal benefit to risks with a downside of total loss.
And that's why I think your comment of blind faith was a non-sequitor. I'm not advocating for blind faith, I'm advocating for informed faith. I think we should have an informed assumption that the risk in a scam is on the part of the scammer. When something blows up, the scammer pays. Let's go ahead and reward people for blowing up scams from the inside.
Do you feel the same way about violent crime? I.e., if a person through their own stupidity or naivete puts themselves in a position where they become a victim of armed robbery/assault/murder/rape, did they get what they deserved?
only to the extent that the violent crime is preventable. Ultimately, the victim bears the risk and the rest of society will do what they must (policing, self-defense, investigation, justice, compensation) after the fact to prevent future victimization themselves.
In the case of crypto/investment fraud, you have to take into account that all investments and transactions bear a certain amount of risk and reward. It's not fair to expect the public to bail you out for risks that you knowingly accepted when they wouldn't get a slice of the reward. In the conventional financial system, the public sees a slice of that reward through taxation. The same is not true of cryptocurrency, so why use everyone else's tax dollars to regulate it?
The only reason authorities like the SEC exist is to reduce risk, thus increasing the amount that ordinary people can safely invest. It's not a matter of ethics, it's a matter of economics.
> In the conventional financial system, the public sees a slice of that reward through taxation. The same is not true of cryptocurrency, so why use everyone else's tax dollars to regulate it?
You should maybe run that past a tax attorney just to make sure. I'm in the US, where capital gains from cryptocurrency are taxed just like capital gains from stocks, but of course this may not be true in your jurisdiction.
> The only reason authorities like the SEC exist is to reduce risk, thus increasing the amount that ordinary people can safely invest. It's not a matter of ethics, it's a matter of economics.
I don't think that's correct, but if it is, yeesh! What a bleak hellscape we live in, where the only reason to add safety to anything is to prevent the plebs from getting too scared to spend money.
I take it from your responses that you're one of the "hardcore believers in the 'code is law' dark forest" mentioned in an earlier comment, so I guess we'll just have to agree to disagree.
The point is that cryptocurrencies are not secure nor dependable in the way that people actually need them to be, and they don’t solve any of the actual problems that people have with the banking and credit system.
Cryptocurrencies are secure and dependable in the way that I need them to be and they solve problems that I have with the banking and credit system.
I mean, really. The security of the banking/credit system is not even based on public/private key cryptography. There is no notion of a separate spend address vs a sending address. Anyone with access to your (usually open source or easily findable) information can make a transaction on your behalf. Identity theft is a massive problem which is enabled by the current state of the industry.
There is nothing about crypto that prevents scams.
But in the regular banking system we have decades of experience in how to mitigate the impacts of them e.g. account insurance, MFA for any new transfers or over a certain limit, auditing by independent regulators.
Crypto attracts a lot of statements like this and it's so ridiculous when you think about it because usually the statement applies so generally as to be virtually irrelevant. Almost every invention or new thing solves a problem that was solved already, and yet they often find success and may even become more popular than whichever way people were using to solve that problem before.
The tech community should be keenly aware of this because there are new apps, new languages, new libraries, new plugins, etc all the time, which solve a problem that was pretty much solved already.
You might counter that new things usually have to have some value proposition to gain a footing, like cheaper, faster, more reliable, etc. For one, that's not always true, but also crypto does have a value proposition like that. It's immutable, trustless, and can be anonymous. And it is even cheaper and faster than the regular banking system in some circumstances, depending on the sum being sent and where it goes.
