Replying to @liber_liver and @kanzure
Why controversial? We had to chose one that was pragmatic & met our criteria. Trezor also came close. For multisig best practices that we are currently drafting we are currently recommending Electrum. This is an evolving area — these documents are likely to change significantly.
Replying to @liber_liver and @kanzure
Everything has trade-offs and there are no easy answers. What we ultimately are teaching is how to create your own risk model & how to create processes to meet it. We looked a lot at different solutions and ultimately had to pick one for the specic Base Scenario risk model.
Replying to @liber_liver and @kanzure
Our next document out will be “#SmartCustody: Adversaries — Case Studies for Securing Digital Assets Against Loss” currently about 60 pages. Then another on Risk Modeling, currently 28 pages. These are what we are teaching in our second workshop: https://bit.ly/SmartCustodyWorkshop2
Replying to @liber_liver and @kanzure
Also, in our criteria is our choice of which adversaries to focus on, and which not. For instance, I’m this scenario we did not focus on issues of Systemic Network Attacks, as they are hard for a less sophisticated user to defend against. We defend strongly against Key Fragilty.
Replying to @liber_liver and @kanzure
One scenario I wanted to write up was using Tails with Electrum, but currently there are problems as Tails claims “a lack of maintenance of Electrum in Debian”. Side-loading it opens an attack surface that was part of why I wanted Tails in the first place. http://lists.autistici.org/message/20190319.170700.b3b5bf1f.en.html
Compare this Tesla AI vulnerability to visual cues vs this adversarial visual cue against human drivers: https://www.cinemablend.com/pop/Naked-Woman-With-Open-Window-Causes-Traffic-Delays-Accident-Vienna-64737.html https://twitter.com/tedgreenwald/status/1112770893342601216
RT @Appelcline: How to design a soulless eurogame. http://www.mechanics-and-meeples.com/2019/04/01/the-design-of-a-soulless-euro/
“Many are painting his about-face as a move to impede competitors and disruptors. With all due respect to my former classmate, I think there’s more going on than meets the eye (and distractions abound).” I find Zuck’s recent statement on privacy full of negative implications.👎 https://twitter.com/hackylawyER/status/1112855592501174273
“These so-called border searches are not random. NBC recently reported that CBP maintains dossiers of US citizens and targets lawyers, journalists, and activists, and monitors social media activity of U.S. citizens. My past work on encryption & online privacy is well documented” https://twitter.com/andreasgal/status/1113160811206213632
Replying to @matthew_d_green
I think supporting applied crypto is important. Would also like to see more case studies & post-mortems. This is why I co-founded with @socrates1024 the Cryptocurrency Implementors’ Workshop which was held at #FC19 with @pwuille sharing stories as keynote https://fc19.ifca.ai/ciw/
RT @ChristopherA: @matthew_d_green I think supporting applied crypto is important. Would also like to see more case studies & post-mortems.…
I do still agree with @cshirky that if people have to make decisions about micropayments then the tech will fail mass adoption. The power of newer micropayment tech like Lightning is that low cost transactions can be automated so that individual decisions don’t need to be made. https://twitter.com/jimepstein/status/1113566018834706432
Some conversation on the “Redundant Metal Devices” part of our 1st #SmartCustody white paper on Simple-Custody Cold Storage Procedures. Is 80 bits good enough security for the next 5 or 10 years? When will Shamir Secret Sharing be more mature? See issue #2 https://github.com/BlockchainCommons/SmartCustodyWhitePapers/issues/2
RT @Appelcline: Here’s a crypto paper that I’ve been working with @ChristopherA on for quite some time. It’s a scenario for self-custody of…
I found this technique of scoring only the player’s worst collaboration was a fascinating game mechanic. In a couple of other “partial cooperative partner” games scoring the best collaboration resulted in the cooperation quickly breaking down, but in this game it lasts longer. https://twitter.com/MeeplesTogether/status/1113494542865424385
Good start 👍 “The alpha hardware is implemented using a FPGA containing a RISC-V soft core. The primary goal of this phase is to solidify the specs of the eventual betrusted ASIC through development and testing on a looks-like, works-like prototype.” /ht @dstadulis https://t.co/y47FWKFj93
The plan by @buster is to publish a cognitive bias a day for the next 200 days using the @pocketbiases Twitter account. We are all subject to these biases—how do we create strategies to keep them from destroying the 21st Century? First step, learn about them! https://twitter.com/pocketbiases/status/1113343939405283330
👍💯 ”Ikigai, loosely translated, means sense of purpose in life…often grows as they get older…their reason for living, that thing that propels them out of bed in the morning…Moai is an informal social group of people who have common interests and look out for each other.” https://twitter.com/cnni/status/1114201004206170113
RT @Antonios7S: I submitted my 1000th review yesterday on @RPGnet. If somebody told me that in 2000 when the (long defunct) gamingreport-do…
Replying to @Melt_Dem
I’ve been prototyping tools focused on implementation of digital corporations under Wyoming’s new laws, using cryptocurrencies & digital stock keys for management. Longer term want to see a service firm around it that can offer more corporate governance support and accounting.
👍“In short, these are the things that a team needs to know what needs to be done (Clarity), have the skills and resources necessary to do the thing (Capability) & it is able and willing to take the necessary action (Autonomy)” https://twitter.com/rdonoghue/status/1115247466436276226
The Decentralized Identifier (DID) specification was incubated at #RebootingWebOfTrust, but now has moved on to the #W3C. However, the opportunity to meet F2F is still very useful. Here is the report out on refinements to the DID spec from our last event: https://github.com/WebOfTrustInfo/rwot8-barcelona/blob/master/final-documents/did-spec-refinement.md
RT @HillebrandMax: This is a great thread about the advantages and hurdles of seed splitting and Shamir’s secret sharing scheme, very worth…
Replying to @Melt_Dem and @timelessdev
I learned more science from Asimov than I did from textbooks. When I took chemistry in high school the teacher started the year by giving us the final exam, to show how hard it would be. I passed due to Asimov, largely missing only some things like mole calculations.
RT @Appelcline: I recently wrote an article on the flaws in postal and e-voting, for an upcoming book on self-sovereign identity … and he…
RT @mattblaze: I love this photo. It captures exactly the moment every scientist lives for and that makes all the toil worth it. Plus we ha…
RT @philchen913: Surveillance capitalism enables cheap phones and profit margins for handset producers. But the costs the consumer and ther…
Replying to @dickerson_des
My tweets are most prolific in otherwise down times: while in mass transit or waiting for it; before a meeting waiting for folk to arrive. I queue up quotes of stuff I’ve recently read in my saved drafts and send them in these ‘tween times.
👍 to this legislation on a human-rights & privacy basis. https://twitter.com/VallieBrownD5/status/1116370921386696706
RT @ACTobin: @kojacker @Steve_Lockstep @trbouma @james_monaghan @darrello @dhh1128 @drummondreed @windley @kimdhamilton @dsearls @IdentityW…
RT @yorkerhodes: @owocki @ConsenSys @GetGitcoin All agreed, except the @DecentralizedID work we’ve been doing in #opensource collaboration…
RT @dstadulis: See this anonymous network layer: Tor and I2P? That’s where deep packet inspection isn’t possible. It’s what the internet wa…
RT @phildaian: Just published “Flash Boys 2.0: Frontrunning, Transaction Reordering, and
Consensus Instability in Decentralized Exchanges”…
👍“Mentors & advisors (good ones, anyway) don’t invest in people because they want to get paid. Friends…don’t hang out with you because they need something in return. They’re there because they weirdly fell in love with what you’re doing, and they want to see you succeed.” https://twitter.com/nayafia/status/1115750460504199169
“There may be transactional benefits to that relationship…but I think the actual underlying reasons that compel us to patronage are much less logical than that. Patrons pay for the ritual, and the ritual tames them. These are ongoing relationships, not transactions.”—@nayafia
“Creators sell intimacy to patrons. They sell “stuff” - perks - to customers.”—@nayafia. As a supporter on @Kickstarter or @Patreon, what are you seeking? Do you want the intimate connection to a creator, or the access to perks of the creative work?
RT @ChristopherA: “Creators sell intimacy to patrons. They sell “stuff” - perks - to customers.”—@nayafia. As a supporter on @Kickstarter o…
Replying to @oceans4all and @nvk
To be clear, it isn’t in our base scenario, however if the split process is well tested it can reliably address some adversaries that our base scenario does not, at the price of being falling to 80+ bits of security if one share is compromised. https://github.com/BlockchainCommons/SmartCustodyWhitePapers/blob/master/%23SmartCustody-_Simple_Self-Custody_Cold_Storage_Scenario.md#-optional-step-use-metal-enhancement-redundant-metal-devices
Replying to @ccneill
What I’d like is combination of wiki-like notes & bookmarks with #tagging. Think a CLI of pinboard/delicious like tags, but can also be annotated with quotes & notes (in a way not to confuse the two), and saved to some plaintext parseable format like markdown is for regular text.
A number of us including @JoeAndrieu & @ScottLDavid are looking at what does fiduciary responsibility mean beyond the mandates of fiduciaries in investment law, including its possible uses to protect personal data & online identity. Theoretically software services could offer it. https://t.co/xCsQOoT85h
Replying to @Kyle_DH, @JoeAndrieu and @ScottLDavid
I’ve a draft for #SmartCustody that is about fiduciary responsibility that is mandated by law, focused on digital assets. However I am not a lawyer & have been seeking advice from those that are—which is where I came to this larger concept of fiduciaries for other digital assets.
Replying to @Kyle_DH, @JoeAndrieu and @ScottLDavid
Thread 👆cc: @hackylawyER @dazzagreenwood @RiganoESQ @stephendpalley @msantoriESQ @angela_walch @prestonjbyrne @shantanusurpure @cryptohm @ckayakr @fintechcounsel @bobambrogi Any thoughts on data fiduciary services beyond digital assets?
How does that fit in with that the power & knowledge of one individual is limited, say in the breach of a consent or privacy, but as a group they can have power? In particular the case of California privacy approach which requires individuals to manage what they don’t understand.
Replying to @ccneill
The nuanced editing I’d like to be able to do with any plaintext editor, rather than JSON or some database. There are some decent CLI bookmark tools out there, but also insufficient annotations & tagging is my problem. I like to add key quote from cite, plus my own comments.
Replying to @ccneill
Exactly! I might suggest investigating using bullet for each quote as well if that is supported by github markdown, just for ease of grep/regex, and I might use H3 rather than H2 to allow high level grouping of of bookmarks.
Replying to @ccneill
I agree that mandatory category is a challenge. I like the way the .txt could all be out of order, you could have a line for the quote, but then add a note much later. That may imply having a date in the the .txt version.
RT @angela_walch: @stephendpalley @trbouma @ChristopherA @Kyle_DH @JoeAndrieu @ScottLDavid @hackylawyER @dazzagreenwood @RiganoESQ @msantor…
RT @stephendpalley: @trbouma @ChristopherA @Kyle_DH @JoeAndrieu @ScottLDavid @hackylawyER @dazzagreenwood @RiganoESQ @msantoriESQ @angela_w…
RT @adamdavidlong: @JamieXML @ChristopherA @Kyle_DH @JoeAndrieu @ScottLDavid 1/ I might recommend this paper by my friend and law school c…
RT @adamdavidlong: @JamieXML @ChristopherA @Kyle_DH @JoeAndrieu @ScottLDavid 6/ See also this classic paper. https://scholarship.law.berkeley.edu/cgi/viewcontent.cgi?article=2330&context=facpubs especi…
RT @adamdavidlong: @JamieXML @ChristopherA @Kyle_DH @JoeAndrieu @ScottLDavid 8/ IMO anyway I think there could be much to be gained by impo…
Replying to @oceans4all and @nvk
It is in the base scenario, which is why you put a ledger with PIN in your local safe and the unencrypted recovery keys in a safe deposit box.
Replying to @oceans4all and @nvk
I agree that splitting keys has value, requiring two thefts to be successful. However, the price of process fatigue and key fragility also rear their ugly head. It is a trade off. Blockchain Commons is working with others on better social key recovery approaches which may help.
Replying to @CryptoKay3
If you have substantial part of your net worth in cryptocurrencies, are in first world country, and are not actively trading, we consider this a pragmatic minimum. It isn’t super difficult to do, but it does require two hours. https://github.com/BlockchainCommons/SmartCustodyWhitePapers/blob/master/%23SmartCustody-_Simple_Self-Custody_Cold_Storage_Scenario.md
“In short, the “move fast and break things” era is over. “Minimum viable products” must be replaced by “minimum virtuous products”—new offerings that test for the effect on stakeholders and build in guards against potential harms.” https://hbr.org/2019/01/the-era-of-move-fast-and-break-things-is-over
Our 2nd white paper from #RebootingWebOfTrust VIII in Barcelona is final “How will SSI Will Survive Capitalism” led by @agropper with @michaelxshea & @rado0x54: “We apply the SWOT framework to identify potential paths to adoption” https://github.com/WebOfTrustInfo/rwot8-barcelona/blob/master/final-documents/how-ssi-will-survive-capitalism.md
Replying to @BobMcElrath and @bramcohen
at some while working on Chia said he was surprised to discover that the 10 minute block time was actually fairly optimal (< 1 magnitude) for other reasons than you describe, but I’ve forgetten the details. Maybe he will recap?
Replying to @filamena and @rdonoghue
We have a whole section on this in our book on tabletop cooperative game design @MeeplesTogether. The section is called “The Controling Player” in “Chapter 12: When Games Go Wrong” where we offer 8 solutions: https://www.meeplestogether.com/about/
My fellow teacher @jimmyYji in the MBA Sustainable Systems I used to teach at, has opened sourced his master slides and notes for his Sustainable Energy & Strategy classes. A lot of useful info on building businesses in this field: https://github.com/JJia/Master-Lecture-Slides
RT @EmLindley: This is why I’ve spent over 16 years working on identity - it’s really not an easy fix and when these things don’t work they…
RT @unchainedcap: We’re happy to be sponsoring @ChristopherA and @BlockchainComns SmartCustody series (San Fran - 4/29). Sign up with link…
Also a proposal to ban “12. Nudge techniques: Do not use nudge techniques to lead or encourage children to provide unnecessary personal data, weaken or turn off their privacy protections, or extend their use.” https://twitter.com/PrivacyProject/status/1119254377506668544
RT @iang_fc: Cashless is not popular in USA.
In a country with 6.5% financially excluded, and another 18.7% financial challenged, people r…
RT @EileenAppelbaum: But common sense reforms can help. These could be limiting the debt an acquired company can take on, being transparent…
RT @C_Bendiksen: 7/ Renewables represent a 77.8% penetration in the #bitcoin mining energy mix. That compares to the 18.2% penetration in t…
I’m fascinated by #CooperativePlay & #StoryGames: “When I say storygame, what I mean is: •a playable system, •with units of narrative, •where the understanding of both system and narrative, and the relationship between them, enables a traversal through the work.”—@aaronareed https://twitter.com/aaronareed/status/989938983013572608
Still true… https://twitter.com/ChristopherA/status/722530295790997505
True about security infrastructure software as well: “I believe the relative ease—not to mention the lack of tangible cost—of software updates has created a cultural laziness within the software engineering community.” https://spectrum.ieee.org/aerospace/aviation/how-the-boeing-737-max-disaster-looks-to-a-software-developer
I don’t understand how the EU can be so well aligned with human rights privacy in GDPR but be so out-of-control to endorse this one biometric database to rule them all. I presume it is to appease anti-immigrationist groups? 👎 https://twitter.com/ZDNET/status/1120530375317520386
Replying to @TuurDemeester, @jasonklau, @starkness, @jimmysong, @saifedean and @APompliano
Check out Blockchain Commons https://www.BlockchainCommons.com and our projects like #SmartCustody https://www.SmartCustody.com, wallet & social key recovery standards, security reviews, etc.
Replying to @robep00 and @dgwbirch
https://twitter.com/pratsarthur/status/1120640781587554311?s=21
I’m not a graphic designer but I do like nice readable fonts that are open source. This one is from US Gov: “A strong, neutral, principles-driven, open source typeface for text or display.” https://github.com/uswds/public-sans
Replying to @nayafia
My definition of commons is “a regenerative, self-organizing complex system that can be drawn upon for deep wealth.“ Networks can be commons, but not all networks are.
RT @unchainedcap: Join us in SF on Monday (4/29) for a free event co-hosted with the #SmartCustody workshop series. Unchained’s @dhruvbansa…
RT @nayafia: After two years, ~4000 applications, and nearly $40,000 in grants, I’ve decided to put Helium Grants on indefinite hiatus.
I’…
RT @rdonoghue: So, just remember - next time you’re at a con and read a description for a game and think “Ugh, i would never want to play t…
This thread is worth revisiting. It tries to identify what attracts people to bitcoin & blockchain technologies, which often have a lot to do with perceived fairness (aka participation) and agency (aka self-sovereignty). What is missing from this model?👇 https://twitter.com/ChristopherA/status/856507432415236096
For an unrolled version of thread: https://threadreaderapp.com/thread/856507432415236096.html
RT @CaitlinLong_: 8/ Second point–#crypto exchanges, clean up your act! You really need to voluntarily disclose #ProofofSolvency (h/t @nic…
RT @jchervinsky: 20/ For example, we could include folks with certain educational backgrounds, professional certifications, relationships w…
Replying to @jamesob
Blockchain Commons has proposed some security reviews to a variety of wallet companies as part of our #SmartCustody efforts, however, for the skills required to do an effective audit it is not inexpensive.
Replying to @theinstagibbs and @jamesob
The reason why many paid audits of wallets are a waste of time is that the reviewers only understand how to review in limited domains, like pen tests of web services or of Android apps. Very few deeply understand the challenges of reviewing cryptocurrency wallets.
Replying to @nopara73
I am running on same machine as my full node, but I’m not sure if new Wasabi is seeing it. Is there a visual indicator?
RT @shanselman: Now, go to http://google.com. Search for “thanos” and click the Infinity Guantlet. #AvengersEndame
I’ve been diving into a legal problem that #KeysAreNotAssets—a court judgement should not compel you to transfer keys, as they are not designed to be transferred. Instead, the court should only ask you to transfer the digital assets held by the keys and controlled by you.
While investing this problem, I ran across a very old legal concept of “feoffment with livery of seisin” which oddly corresponds more accurately to use of keys on blockchain, as it not a contract but is evidence that a transfer took place. https://legal-dictionary.thefreedictionary.com/Livery+of+Seisin /ht @scottldavid
RT @ChristopherA: While investing this problem, I ran across a very old legal concept of “feoffment with livery of seisin” which oddly corr…
Another topic related is that there may be some general doctrine in contract law that prevent courts from compelling “specific performance” when there could be harm to the promisor or to their autotomy. Thus a key which protects many things shouldn’t be compelled. /ht @connbrown1
RT @ChristopherA: Another topic related is that there may be some general doctrine in contract law that prevent courts from compelling “spe…
As keys may also control private information I would like see that courts be prohibited from compelling keys as a remedy for civil cases. Instead, any payment of digital assets owed as a result can be satisfied through a transaction to the control of the party seeking the remedy.
RT @ChristopherA: As keys may also control private information I would like see that courts be prohibited from compelling keys as a remedy…
This way, an individual can retain their own autonomy over their digital identity and private information while also satisfying any obligations that would arise out of a breach of contract, divorce claim, or other similar legal matter.
I hope to be able bring this up as a topic during the Wyoming legislative Blockchain Task Force meeting on May 6-7th in Jackson as it is an interesting intersection of digital assets & privacy, well suited for what Wyoming has been doing. https://www.wyoleg.gov/Committees/2019/S3 /cc @CaitlinLong_
RT @ChristopherA: This way, an individual can retain their own autonomy over their digital identity and private information while also sati…
RT @ChristopherA: I hope to be able bring this up as a topic during the Wyoming legislative Blockchain Task Force meeting on May 6-7th in J…
Replying to @PereGrimmer and @ScottLDavid
Say more. I’m not an attorney but my professional life as a blockchain architect seems to be intersecting with them more and more often.
👆 #KeysAreNotAssets cc/ @hackylawyER @stephendpalley @msantoriESQ @angela_walch @adamdavidlong @shantanusurpure @cryptohm @fintechcounsel @ckayakr @bobambrogi @dazzagreenwood
I believe the metaphor of a “key” causes part of the problem. In cryptography the key is part of the method, not the asset. It largely does not parallel a physical object in many ways, as each share breaks its fundamental utility. Master keys in particular.
RT @adamdavidlong: @ChristopherA @hackylawyER @stephendpalley @msantoriESQ @angela_walch @shantanusurpure @cryptohm @fintechcounsel @ckayak…
I would be glad to participate in such an article. I’m not a lawyer but as an expert on decentralized identity and working on the best practices of care of cryptographic keys, individuals are unlikely to have too many properly protected master keys, thus this issue came up.
The most basic best practices today (which will evolve) for storage of a master private key takes a couple of hours “#SmartCustody: Simple Self-Custody Cold Storage Scenario—Best Practices for Protecting Your Personal Digital Assets Using Cold Storage” https://github.com/BlockchainCommons/SmartCustodyWhitePapers/blob/master/%23SmartCustody-_Simple_Self-Custody_Cold_Storage_Scenario.md
His (@propelforward) paper is “Throw Away the Key, or the Key Holder? Coercive Contempt for Lost or Forgotten Cryptoasset Private Keys, or Obstinate Holders” https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3328870
Replying to @odtorson and @propelforward
Wyoming has been working on this, see:
Replying to @lex_node and @connbrown1
IANAL so I’m out of my zone here, but I’ve been looking at 1978 Kronman’s “Specific Performance” https://chicagounbound.uchicago.edu/cgi/viewcontent.cgi?article=11624&context=journal_articles & 1979 Schwartz “The case for Specific Performance” https://digitalcommons.law.yale.edu/cgi/viewcontent.cgi?referer [http://digitalcommons.law.yale.edu/&httpsredir=1&article=2104&context=fss_papers](https://digitalcommons.law.yale.edu/cgi/viewcontent.cgi?referer=http://digitalcommons.law.yale.edu/&httpsredir=1&article=2104&context=fss_papers)
Replying to @propelforward, @lex_node and @ScottLDavid
I was intrigued that the concept was not a contract, but instead evidence: not “I hereby give” but “Know ye that I have given” as part of a public ceremony. …
Replying to @propelforward, @lex_node and @ScottLDavid
…Blockchain is like this in that we can mutually transact via contracts (eg Lightning) as much as we like. But not until offered in public (settled on Bitcoin) it is truly complete, and at that point keys are not necessary, as there is evidence the obligations are satisfied.
Replying to @propelforward and @odtorson
All of this discussion has me more firmly coming down on side of not revealing my keys. If someone has a legitimate argument about my ownership of a digital asset that has been adjudicated in court, I comply by transferring the asset, not the keys controlling it. …
Replying to @propelforward and @odtorson
The court has other remedies if I fail to do so, but compelling me to give up my master key is akin to sending me to jail as far as the broader rights involved, and this would not be a civil court matter.
Replying to @benedictevans
I once lead a team to do a secure apps store, initially for the Silent Phone, but Google quashed the effort by not only requiring that the Google App Store to be on the phone, but that it could not be turned off. I’m thus not a big fan of platform app stores that are monopolies.
Replying to @benedictevans
The problem with AOSP is that Google has placed much of the modern Android APIs on the closed source side and requiring a Google Play Store license to access them. This is particularly bad in that all the major Enterprise APIs are lock-in there. So if you want to sell to execs 👎
RT @ChristopherA: @benedictevans I once lead a team to do a secure apps store, initially for the Silent Phone, but Google quashed the effor…
RT @msw: Here’s a blog post from @kemitchell that is good food for thought, especially for members and directors of @OpenSourceOrg
https…
RT @ChristopherA: I’ve been diving into a legal problem that #KeysAreNotAssets—a court judgement should not compel you to transfer keys, as…
Replying to @jasonthehealer and @CaitlinLong_
In the case of Bitcoin the key is effectively the account. Thus the need to transfer the funds to a new key rather than transferring the key, which can’t be done safely, especially in the case of master keys.
Replying to @HPECDAO and @idworkshop
See this thread for just one topic of possible future legal & regulatory discussion: #KeysAreNotAssets https://twitter.com/christophera/status/1121883628701544449?s=21