RT @windley: Avoiding future identity catastrophes requires that we put technical and legal structures in place now to protect privacy and…

Wed Apr 01 20:28:22 +0000 2020

This is the release version of object capabilities/macaroons integration with the Lightning Network that we had as a discussion in the W3C-Credentials CG last month. Particularly useful for metered services. https://lightning.engineering/posts/2020-03-30-lsat/

Wed Apr 01 22:17:42 +0000 2020

Here is the transcript of the W3C-CCG meeting on the topic of LSATs https://w3c-ccg.github.io/meetings/2020-02-25/ We also discussed more generically Credentials & Capabilities a few weeks earlier https://w3c-ccg.github.io/meetings/2020-02-18/

Wed Apr 01 22:21:17 +0000 2020

One thing I’m interested in is the roadmap for LSATs or other ovaps to integrate newer cryptography forms like adapter signatures vs using mac hashing. @roasbeef, @Snyke @socrates1024, Andrew Poelstra?

Wed Apr 01 22:32:17 +0000 2020

” ’Big Brother is here,’ wrote Omer, a young father, on Facebook, minutes after he received a text message that he’d been close to a virus carrier the previous week.”


Wed Apr 01 22:53:17 +0000 2020

…”Now people find out that the Shin Bet and the police know exactly where they are in any second. People are awakening and understanding the problem of giving too much power to the government when it comes to our privacy.”

Wed Apr 01 22:54:23 +0000 2020

👍“we propose 8 privacy questions that we would like app developers to answer. We hope these questions will help start a high-level discussion to systematically evaluate potential vulnerabilities and real risks in existing and future contact tracing apps.” https://cpg.doc.ic.ac.uk/blog/evaluating-contact-tracing-apps-here-are-8-privacy-questions-we-think-you-should-ask/

Thu Apr 02 16:00:57 +0000 2020

Replying to @yvesalexandre

I facilitated a meeting in the W3C Credentials CG on the topic of #LocationPrivacy this week. I would like to suggest W3C processes, starting with a new CG as way of collaborating internationally on this. Contact me if interested.

Thu Apr 02 16:06:32 +0000 2020

Replying to @yvesalexandre

https://twitter.com/christophera/status/1245476356768567296?s=21 https://twitter.com/ChristopherA/status/1245476356768567296

Thu Apr 02 16:08:23 +0000 2020

RT @roasbeef: @ChristopherA @Snyke @socrates1024 it depends on the exact use case, but it’s possible to embed arbitrary data in macaroon as…

Thu Apr 02 19:04:40 +0000 2020

RT @roasbeef: @ChristopherA @Snyke @socrates1024 one thing we don’t use atm are “third-party caveats”, which allow the backend servers to o…

Thu Apr 02 19:04:50 +0000 2020

Replying to @TheCryptoFool and @WayneVaughan

I’ve the Queen of Masks at home, so she saves only the best for me.

Fri Apr 03 02:50:12 +0000 2020

Replying to @WayneVaughan and @TheCryptoFool

A Rider of the Purple Sage!

Fri Apr 03 05:57:41 +0000 2020

We are pleased to announce #LetheKit, the newest project from @BlockchainComns. It is a #DIY platform & SDK for developing sensitive crypto apps on an offline/airgapped device without WiFi, Bluetooth, or local storage, which could leak information. https://github.com/blockchainCommons/bc-lethekit

Fri Apr 03 19:09:20 +0000 2020

Without local storage, when you turn #LetheKit off it forgets any sensitive data stored in RAM. Thus the name Lethe (“lee-thee”) from the mythological river of forgetfulness and oblivion. (Thank you to @eordano for suggesting the name!).

Fri Apr 03 19:10:52 +0000 2020

Led by software engineer and hardware hacker Ken Sedgwick @ksedgwic, #LetheKit leverages a ASMD51 “SparkFun Thing Plus” board with an AMD ATSAMD51J20 32-bit ARM Cortex-M4 processor, printable 3D CAD and assembly instructions & an example seedtool application.

Fri Apr 03 19:12:28 +0000 2020

The example seedtool app leverages other libraries under development at @BlockchainComns to help with #SmartCustody. It allows you to create a master cryptographic seed from dice, save or restore it from offline using #BIP39 words or shards of multiple #SLIP39 words using Shamir.

Fri Apr 03 19:13:38 +0000 2020

One of the goals of #LetheKit is that all of its functionality is completely inspectable & auditable. You can enter the same dice used for randomness into IanColeman’s popular javascript tools, or our forthcoming CLI tools, and compare the results.

Fri Apr 03 19:16:18 +0000 2020

#LetheKit leverages a number of new cryptographic libraries by Blockchain Commons, including bc-shamir & bc-slip39, C implementations of the #SLIP39 shamir secret sharing standard. They currently conform to the @Trezor reference code. https://github.com/satoshilabs/slips/blob/master/slip-0039.md

Fri Apr 03 19:16:53 +0000 2020

This is a late alpha of #LetheKit v0, so it should not be used for production tasks until it has had further testing and auditing. We need your help to review the implementation & test it before we send it out for formal security review.

Fri Apr 03 19:20:36 +0000 2020

Future plans for v0 of the seedtool include #BIP32 xprv, xpub & digital asset key derivation, output of QR codes to ease input into other devices, and other useful tools for an airgapped device. Other apps might include #zkproof support.

Fri Apr 03 19:21:11 +0000 2020

Based on the reactions to #LetheKit hardware, we are considering improvements beyond v0 to include various approaches of hardening the software, making the hardware tamper evident, adding a auto-focusing camera for reading dice or QR codes, new motherboards with HSM support, etc.

Fri Apr 03 19:21:32 +0000 2020

We would like to thank our financial contributors, project sponsors, sustaining patrons, and of course our volunteers for helping @BlockchainComns to be able do these kinds of blockchain and security infrastructure projects…

Fri Apr 03 19:22:00 +0000 2020

#LetheKit Blockchain Commons Sustaining Patrons: Sean Moss-Pultz @moskovitch of https://bitmark.com & Digital Contract Design. Project Sponsors: @unchainedcap. Individual Financial Sponsors: @aantonop @gwillen Alexandre Linhares @DarioUTXO @B__T__C Anonymous x4

Fri Apr 03 19:22:46 +0000 2020

Volunteers who helped with this project, either with advice, code or review include: @ksedgwic @howech @kanzure @dsp6s @WolfMcnally @pavolrusnak @MarkFriedenbach @yancyribbens @htcexodus @Appelcline

Fri Apr 03 19:35:55 +0000 2020

#LetheKit is a project by @BlockchainComns, a not-for-profit benefit organization supporting the open web. Our work is funded entirely by donations from people like you. Every donation will be spent on building open tools & technology for blockchain & security infrastructure.

Fri Apr 03 19:36:37 +0000 2020

To financially support further development of LetheKit# & our other projects, please consider becoming a ongoing patron of Blockchain Commons by sponsoring us through @GitHub; currently, they are matching the first $5k so please do consider this option. https://github.com/sponsors/BlockchainCommons

Fri Apr 03 19:37:17 +0000 2020

You can also support our projects by contributing Bitcoin to Blockchain Commons via our BTCPay Server: https://btcpay.blockchaincommons.com

Fri Apr 03 19:37:40 +0000 2020

Please share with us on Twitter your progress on making your own #DIY #LetheKit! Share photos of your experience! We welcome issues (even basic questions) and pull requests at our GitHub repository. https://github.com/blockchainCommons/bc-lethekit

Fri Apr 03 19:39:02 +0000 2020

Replying to @awilkinson

The new social isolation status symbol: Masks

Fri Apr 03 21:19:14 +0000 2020

All of a sudden I can’t seem to reply to a message in my Twitter thread, on either my iPhone, the Twitter client, or directly from a web page. Has anyone run into this before? Will this new tweet even post?

Sat Apr 04 01:07:16 +0000 2020

Replying to @BTCSocialist

We did mention that your project was our inspiration in the README for the project. We needed to keep the volunteer list to those that directly contributed to this project or the Shamir code. We are very open to PRs if you want to get added! 😀

Sat Apr 04 01:07:47 +0000 2020

Replying to @r0ckstardev, @BTCSocialist and @repoocsov

We already gave him a special mention as one of the inspirations for the project in the README in the repository.

Sat Apr 04 01:09:39 +0000 2020

Hmm, it appears to be that I had the file name README (.md) in the tweet. For some reason Twitter no longer likes mentioning that filename. Maybe because .md is a new domain now and it thinks when I connect the filename to the .md extension that is a domain name?

Sat Apr 04 01:11:28 +0000 2020

Replying to @Coinicarus, @r0ckstardev and @BTCSocialist

We did, his project is mentioned as in inspiration in the README.

Sat Apr 04 01:12:11 +0000 2020

Replying to @CryptoCloaks

To be clear, we did give Ben credit in the README in his own section as an inspiration for our project. For the record, this project at Blockchain Commons actually began as open source code for a better social secret recovery tool, which ultimately became folded into SLIP39.

Sat Apr 04 01:15:42 +0000 2020

Hmm🤔How does one today do a good unit test for a random number generator? One that would run on a linux device and would pass, but when we ran it on more limited device (say Arduino or in a Trust Zone) would properly fail if the randomness was bad? I should know best practices.

Sat Apr 04 01:25:15 +0000 2020

Replying to @hodlwave

Agreed, but you certainly can test for some of the more egregious errors. #LetheKit uses casino dice as a source of randomness for a reason, but a well written PRNG can be a pretty good solution PROVIDED that it is running on known hardware. It is the latter that I’d puzzling.

Sat Apr 04 01:50:29 +0000 2020

Replying to @joedecker, @bahstgwamt and @microluciano

In the early days of SSL, my firm was the only one in the world willing to do security reviews of other SSL implementations (I co-wrote the spec). We failed over 50% on randomness problems in <1 hr! Ultimately RSA stopped requiring reviews as we failed too many, slowing sales!

Sat Apr 04 01:54:55 +0000 2020

Replying to @bahstgwamt, @joedecker and @microluciano

I’d be satisfied if we could catch the most egregious oddball platform problems. But what level of unit testing in code and tests implementations is good enough meeting 2020 best practices?

Sat Apr 04 01:56:53 +0000 2020

Replying to @bahstgwamt, @joedecker and @microluciano

Terisa wasn’t doing security reviews when this started. At the time, Verisign (an RSA spin-off) would not allow servers to do server certificate requests without a review, and both RSA & Verisign sales teams had strong sales incentive. Ultimately allowed “self-reviews” instead.

Sat Apr 04 02:39:58 +0000 2020

Replying to @bahstgwamt, @joedecker and @microluciano

Terisa Systems in those early years was pushing another protocol, shttp, and only became active with the SSL/TLS protocol when it was clear it was going to be the winner. When they joined they did find & fix a number of protocol flaws, and were a good citizen in the community.

Sat Apr 04 02:49:57 +0000 2020

“Long after the last community transmitted case of this pandemic, my fear is that these surveillance mechanisms that are being pitched by unscrupulous companies like NSO will stay on our networks and continue to track our phones”—⁦@jsrailton⁩ https://www.vice.com/en_us/article/epg9jm/nso-covid-19-surveillance-tech-software-tracking-infected-privacy-experts-worried

Sat Apr 04 05:14:30 +0000 2020

Legacy technologies for these type of certificates also have big “phone home” problems that make their privacy problems even worse. Verifiable Credentials tries to address this, in particular with DIDs, helps address these problems. https://twitter.com/mayazi/status/1246387709620506624

Sat Apr 04 18:22:06 +0000 2020

Replying to @matt_odell

From a #SmartCustody risk analysis perspective (see free book http://bit.ly/SmartCustodyBookV101)) it is a tradeoff. Yes, privacy of sources of your UTXOs in cold storage in theory protect you from coercion attacks, but there are other ways to correlate you as a holder. Also process fatigue.

Sat Apr 04 18:39:29 +0000 2020

Replying to @marksammiller

Thank you Mark! Your endorsement means a lot to me!

Sat Apr 04 20:04:59 +0000 2020

RT @JWWeatherman_: .@ChristopherA important thing.

If you can toss him GitHub social proof with a Microsoft matched sponsor buck or two it…

Sat Apr 04 21:08:39 +0000 2020

Replying to @Leon_Vandenberg, @marksammiller and @christopera

Volunteers for @BlockchainComns related advocacy absolutely needed. And not only coders, but requirements, UI, testing, documentation, fund raising, foundation proposals, law & regulatory review, marketing, graphics, etc. thank you!

Sat Apr 04 21:11:34 +0000 2020

RT @Leon_Vandenberg: @marksammiller @ChristopherA #Agreed @ChristoperA and his friends/peers truly lead the pack on Policies #Wyoming #Neth…

Sat Apr 04 21:12:21 +0000 2020

RT @ChristopherA: @Leon_Vandenberg @marksammiller @christopera Volunteers for @BlockchainComns related advocacy absolutely needed. And not…

Sat Apr 04 21:12:27 +0000 2020

Replying to @PyVitor, @Leon_Vandenberg, @marksammiller, @christopera and @BlockchainComns

👍 The community repo for Blockchain Commons is woefully out of date, but that could be a good place to start. I’d prefer GitHub and markdown centric when possible. It is harder for non-devs but possible. Maybe post issues there? https://github.com/BlockchainCommons/BlockchainCommonsCommunity

Sat Apr 04 22:39:06 +0000 2020

Replying to @auryn_macmillan

We at @BlockchainComns have a number of ongoing open source projects: #SmartCustody, #LetheKit & social key recovery libraries, and much more. https://GitHub.com/BlockchainCommons

Sun Apr 05 05:38:57 +0000 2020

RT @RyanGamlin: As I drove home later that day, through the protective ring of equipment, I realized a fundamental difference between publi…

Sun Apr 05 05:58:12 +0000 2020

RT @ManningBooks: Self-Sovereign Identity provides insight into the problems of digital identity just when we desperately need to solve the…

Sun Apr 05 07:21:17 +0000 2020

RT @FullyNoded: Curious how FN2 works? Check out our recently updated ReadMe which covers important details. Also includes improved “build…

Sun Apr 05 17:40:01 +0000 2020

Replying to @rdonoghue and @miniver

It depends what you are looking for. Sortition is the method of creating a random but representative group (but in total # is a minority) to accurately gauge the majorities best judgment. Ideal size can very, but can vary to be quite small (juries are a form of sortition). …

Mon Apr 06 20:51:11 +0000 2020

Replying to @rdonoghue and @miniver

There are some completely separate thoughts on size of a “wisdom of the crowds” group, both in absolute minimum number and %. It may also only apply to specific domains: quantity estimation, general world knowledge, and spatial reasoning are known to work.

Mon Apr 06 21:04:08 +0000 2020

Replying to @rdonoghue and @miniver

There is a variant that seems to work well, known as “surprisingly popular” where people are asked they think the right answer is, and what they think popular opinion will be. The averaged difference between the two indicates the correct answer.

Mon Apr 06 21:05:25 +0000 2020

Replying to @rdonoghue and @miniver

On the majority side of the equation there are a lot of choices. See my “Spectrum of Consent” article: http://www.lifewithalacrity.com/2015/09/a-spectrum-of-consent.html

Mon Apr 06 21:07:34 +0000 2020

Replying to @rdonoghue and @miniver

Not knowing the domain or the scope of your question, @rdonoghue, makes this a pure guess, but there is something magic that happens at least a dozen people and fully representative 5% of the people. ៚

Mon Apr 06 21:12:43 +0000 2020

Replying to @miniver and @rdonoghue

There are actually at least three domains here. What deliberation is required to create consensus, how to groups make decisions when there is not consensus, and how to get information from small groups to inform good decisions.

Mon Apr 06 21:30:37 +0000 2020

Replying to @miniver

You should read two of my blog series: Systems for Collective Choice http://www.lifewithalacrity.com/2005/12/systems_for_col.html and…

Mon Apr 06 21:32:40 +0000 2020

Replying to @miniver

Community by the Numbers http://www.lifewithalacrity.com/tags/community-by-the-numbers/

Mon Apr 06 21:33:29 +0000 2020

Replying to @miniver

You may also be interested in: https://github.com/ParticipatoryOrgs/Participatory-Organizations-Overview-and-Taxonomy

Mon Apr 06 21:35:21 +0000 2020

Replying to @miniver

And of course chapters near end of my book @MeeplesTogether https://www.MeeplesTogether.com/about

Mon Apr 06 21:36:34 +0000 2020

Replying to @miniver and @MeeplesTogether

I really need to update all of these with newer research and my opinions have evolved a bit, but all I believe are still correct.

Mon Apr 06 21:38:32 +0000 2020

I’m not sure I’m ready to meet this standard for my Zoom calls 😅: https://youtu.be/DGwQZrDNLO8

Tue Apr 07 17:07:32 +0000 2020

RT @DeutscheBank: The COVID-19 pandemic is accelerating the rise of central bank #digitalcurrencies as many governments see the handling of…

Tue Apr 07 21:59:32 +0000 2020

Replying to @jorisvanhoboken

Show them this video on what good intentions in Dutch Civil Service caused before: https://youtu.be/isanNSDoSnE

Tue Apr 07 22:03:34 +0000 2020

Much of my research today on cooperation is learning how to harness it for creativity — how it connects to, and is supported by narrative & storytelling. This case study about #MicroscopeRPG was cut from our book @MeeplesTogether but the patterns I learned from it were profound. https://twitter.com/MeeplesTogether/status/1247659605229854722

Wed Apr 08 00:25:45 +0000 2020

RT @LuditeSam: The big reason Microscope makes players narrate independantly rather than the supposedly more cooperative “design-by-committ…

Wed Apr 08 00:27:37 +0000 2020

RT @markmackinnon: The “coronavirus coups.” It’s not just Hungary - authoritarian leaders around the world are using the pandemic to take n…

Wed Apr 08 16:52:03 +0000 2020

RT @PindarWong: T414) Really glad to see this initiative by @ChristopherA : we need this kind of thought leadership to complement intern…

Thu Apr 09 05:50:17 +0000 2020

Replying to @JimDabell, @FiloSottile and @zx2c4

We are very careful at @BlockchainComns with GPG provenance in our new cryptographic library repos. It is a PITA, but makes clear commitment of contributors not only to secure code but also to license. But what we hope to build is a replacement to GPG: #RebootingWebOfTrust.

Thu Apr 09 06:54:38 +0000 2020

I have been playing & writing #TTRPGs for over 4 decades! Here is my high school #DnD group from 1980. I didn’t realize until I was in college that having half the group being women was uncommon—was not #StrangerThings! Glad this has been changing for the better in recent years!

Thu Apr 09 14:34:15 +0000 2020

RT @ChristopherA: #qotd “Art celebrates beauty & the glory of mankind’s role in it—science’s job is to make us humble.”—Christopher Allen,…

Thu Apr 09 14:40:55 +0000 2020

RT @gameplaywright: “Fractally create an epic history” in the game that’s the fourth Meeples Together lost study. “Microscope places more f…

Fri Apr 10 00:10:52 +0000 2020

RT @FullyNoded: New logos 🖤 👀 Coming next update along with other improvements.

Fri Apr 10 17:21:20 +0000 2020

Diving into this #LocationPrivacy #ContactTtacing specification today. Comparable tech specs at this level or other references appreciated. https://twitter.com/hdevalence/status/1248661056622186496

Fri Apr 10 17:29:43 +0000 2020

RT @hdevalence: The key schedule is very simple: users have a root Tracing Key, deriving Daily Tracing Keys, which are used to generate Rol…

Fri Apr 10 17:29:59 +0000 2020

Replying to @hdevalence

“Run by Whom?” Is the key problem of a number of these #ContactTracing proposals. (’ve almost a dozen other proposals on my list but few have real technical details. As a co-inventor of the Decentralized Identifiers, I’d like my privacy preserving tech to avoid centralized nodes.

Fri Apr 10 17:56:36 +0000 2020

RT @ChristopherA: @hdevalence “Run by Whom?” Is the key problem of a number of these #ContactTracing proposals. (’ve almost a dozen other p…

Fri Apr 10 17:57:42 +0000 2020

RT @ncasenmare: To beat COVID-19, we need contact tracing apps. But does that mean sacrificing our right to privacy?


Here’s a c…

Fri Apr 10 18:39:27 +0000 2020

RT @drewharwell: Bluetooth is short-range, low-power, and more precise & private than GPS location data. But its effectiveness depends on m…

Fri Apr 10 19:39:45 +0000 2020

RT @errorinn: The adversary model for contact tracing apps isnt a bored cryptographer working alone with no resources; it’s a company nobod…

Fri Apr 10 19:41:37 +0000 2020

RT @JustinBrookman: Former FDA Commissioner @ScottGottliebMD issued a report earlier this week calling for far greater public health survei…

Fri Apr 10 19:42:06 +0000 2020

I use Twitter’s list feature while I’m doing research or diving into a topic. Using it keeps me from be distracted to another context. I just spent some time updating my “Privacy Tech & Advocacy” list, feel free to subscribe: https://twitter.com/i/lists/1068260260555579393

Fri Apr 10 19:52:19 +0000 2020

RT @lukOlejnik: Privacy preserving contact tracing. Looks really solid and privacy proofed. Hope someone will use it, though seems governme…

Fri Apr 10 20:05:38 +0000 2020

I too am skeptical about both the efficacy (because it is too late) & the #PrivacyByDesign (too centralized) of this first generation of #ContactTracing apps. That being said, I think it is worth the effort to learn best practices and make better choices for the next generation. https://twitter.com/fs0c131y/status/1248687857184772096

Fri Apr 10 20:12:54 +0000 2020

Replying to @madadric

Have you had thoughts on applying your Impulse Drive ideas to gmless approaches like Belonging Outside Belonging? I’m puzzling through similar territory in a rev of my late game Gate Watch and a new game Twilight Road.

Fri Apr 10 20:21:29 +0000 2020

Re: efficacy — https://twitter.com/MarkFriedenbach/status/1248705352998125569?s=20

Fri Apr 10 20:23:19 +0000 2020

“The way that we enable, administer and check the exceptional surveillance and social powers that each government exerts to contain COVID-19…will frame an important part of the future of state power in a world with increasing emergencies.” https://www.cigionline.org/articles/digital-response-outbreak-covid-19

Fri Apr 10 20:45:47 +0000 2020

“While the risks and harms associated with digital surveillance are often framed as related to privacy, there are significantly larger issues that apply during a pandemic, such as the escalation of government powers. “

Fri Apr 10 20:45:56 +0000 2020

There has some some discussion & collaboration in the #W3C Credentials CG on what a #Covid19 Immunity Credential might look like using the #VerifiableCredentials standard. Thread (long) starts at: https://lists.w3.org/Archives/Public/public-credentials/2020Apr/0052.html Example credential: https://github.com/w3c-ccg/vc-examples/tree/master/docs/covid-19

Fri Apr 10 20:53:50 +0000 2020

RT @ChristopherA: “While the risks and harms associated with digital surveillance are often framed as related to privacy, there are signifi…

Fri Apr 10 20:57:03 +0000 2020

Replying to @madadric

If you’d like to see what I’m up to there I’d be glad to do a zoom.

Sat Apr 11 01:02:32 +0000 2020

Replying to @madadric

DM me.

Sat Apr 11 01:04:35 +0000 2020

RT @moxie: First look at Apple/Google contact tracing framework:

1) Once a day, your device derives a new key (“daily tracing key”).

2) I…

Sat Apr 11 07:32:45 +0000 2020

Despite ever more immersive 3D games of today, my most visceral computer game experiences came from text games. From pre-microcomputer days of Adventure & Zork, my first authorship of an Eamon game on Apple ][, killing Kesmai dragons on CompuServe, many muds & ultimately Skotos. https://twitter.com/aaronareed/status/1249020133982396417

Sun Apr 12 10:21:31 +0000 2020

Some real problems in #ContactTracing: “The performance art people will tie a phone to a dog and let it run around the park; the Russians will use the app to run service-denial attacks and spread panic; & little Johnny will self-report symptoms to get the whole school sent home.” https://twitter.com/rossjanderson/status/1249286931911004161

Sun Apr 12 18:45:03 +0000 2020

👍“It is entirely possible to ensure that the ideals of Trustless Identity be implemented using the pragmatism of LESS Identity by combining thoughtful, careful design and architecture with technologies that are open, standards based and community driven.”—Anil John @aniltj #SSI https://twitter.com/aniltj/status/1249324837853696001

Sun Apr 12 18:51:31 +0000 2020

These are some key questions that I too have about the Apple/Google #ContactTracing proposal: https://twitter.com/benadida/status/1249067499628269568

Mon Apr 13 05:21:14 +0000 2020

“any decentralised scheme can be turned into a centralised scheme… By pushing a button on one phone, by reporting it as infected, all other phones that were recently in close proximity reveal themselves to the central server”—@xotoxot https://blog.xot.nl/2020/04/11/stop-the-apple-and-google-contact-tracing-platform-or-be-ready-to-ditch-your-smartphone/

Mon Apr 13 07:01:08 +0000 2020

Like many, John Conway’s “Game of Life” was one of my first programs. My obsession did lead me to some game credits with Will Wright @stupidfunwill which ultimately led me to my first investor in Consensus Development. So I owe my career to Conway. 😢 https://dailyvoice.com/new-jersey/mercer/obituaries/covid-19-kills-renowned-princeton-mathematician-game-of-life-inventor-john-conway-in-3-days/786461/

Mon Apr 13 07:32:56 +0000 2020

RT @PrivacyMatters: Product lead for Singapore’s TraceTogether app.

“If you ask me whether any Bluetooth contact tracing system deployed o…

Mon Apr 13 08:46:14 +0000 2020

China: “Co-ordination between different areas of the public sector…marred by bureaucratic rivalries…customers whose lives now revolve around a series of apps on their smartphones, many private sector companies are reluctant to be seen handing over data” https://www.ft.com/content/760142e6-740e-11ea-95fe-fcd274e920ca

Mon Apr 13 21:09:02 +0000 2020

…”Pandemic-tracking apps are now proliferating as local governments have started trying to gain access to phone GPS location data through the apps, which are more accurate than carrier location data.”…

Mon Apr 13 21:09:57 +0000 2020

…”The test version of the national government’s online services platform links to at least 12 provincial- or major city-level governments’ own health code apps, as well as providing a national-level app.”…

Mon Apr 13 21:10:18 +0000 2020

…”As is often the case when multiple bureaucracies collide, the health apps have overlapping coverage. On arriving back in Beijing from a trip out of the city, one FT reporter was told”…

Mon Apr 13 21:11:17 +0000 2020

…“by their district authority to ignore the Beijing municipal government’s app and register on another health app used by the district. “One person, six codes”, ran the headline of a local media feature lamenting the multiplication of district- and municipal-level apps.”

Mon Apr 13 21:11:38 +0000 2020

RT @MeeplesTogether: We referenced John Conway’s Game of Life in Meeples Together because its cellular automata model was a clear precursor…

Mon Apr 13 23:45:10 +0000 2020

New collaborative white paper from #RebootingWebOfTrust on the topic “Five Mental Models of Identity”. Team led by @JoeAndrieu w/ Nathan George, @IDIMAndrew, @cmacintosh & Antoine Rondelet https://github.com/WebOfTrustInfo/rwot7-toronto/blob/master/final-documents/mental-models.md

Tue Apr 14 06:45:14 +0000 2020

…”consider multiple mental models for better communication and better identity systems. Whatever your own goals, we believe you are more likely to achieve them if you can communicate clearly in terms others understand and can incorporate the needs of others into your own work.”

Tue Apr 14 06:46:40 +0000 2020

…”The question we are seeking to answer in this paper is the following: ‘When we are evaluating the evidence, what are we trying to determine?’. Each mental model approaches this differently.”

Tue Apr 14 06:47:48 +0000 2020

…”The space-time mental model sees identity as resolving the question of the physical continuity of an entity through space and time.

Does the physical body under evaluation have a continuous link through space and time to a known entity?”

Tue Apr 14 06:48:26 +0000 2020

…”The presentation mental model sees identity as how we present ourselves to society. This is the mental model behind Vendor Relationship Management [16], user-centric identity, and self-sovereign identity.

Is this how the subject chooses to be known?”

Tue Apr 14 06:48:54 +0000 2020

…”The attribute mental model sees identity as the set of attributes related to an entity as recorded in a specific system. Enshrined in ISO/IEC 24760-1…standard for identity management, this mental model is the primary focus for many engineers.

Who is this data about?”

Tue Apr 14 06:49:47 +0000 2020

…”The relationship model sees identity emerging through interactions and relationships with others. Our identity is not about what we are in isolation from others, but is rather defined by the relationships we have…Ubuntu…’I am because we are’.

How is this person related?”

Tue Apr 14 06:51:54 +0000 2020

…”The capability mental model pragmatically defines identity in terms of an individual’s actual capability to perform some task, including their physical ability now, in the past, or in the future…the inevitable approach for…an emergency.

What can the subject actually do?”

Tue Apr 14 06:53:33 +0000 2020

…”When two people discuss identity with different mental models, the conversation inevitably focuses on the intersection between those models, sometimes without either party realizing they are coming from different perspectives.”

Tue Apr 14 06:54:17 +0000 2020

The paper adds commentary on the intersections between these models, and the misunderstandings that each pair of different identity models might introduce to a collaboration.

Tue Apr 14 06:56:51 +0000 2020

A very interesting and thoughtful paper that is very worth while to dive deeply into to help you and your team broaden your shared language and models about digital identity. 👍

Tue Apr 14 06:58:42 +0000 2020

RT @hackylawyER: Spoke with @digitalprivacy re @Apple @Google’s #COVID19 app. TLDR: Ticks all the boxes at the app-level in terms of good #…

Tue Apr 14 22:06:27 +0000 2020

“As authoritarianism spreads, as emergency laws proliferate, as we sacrifice our rights, we also sacrifice our capability to arrest the slide into a less liberal and less free world. Do you truly believe…that these capabilities will not be kept?” https://www.vice.com/en_us/article/bvge5q/snowden-warns-governments-are-using-coronavirus-to-build-the-architecture-of-oppression

Wed Apr 15 03:59:45 +0000 2020

“CAP’s proposed air travel rules are instructive: ‘Airline passengers must download the Contact Tracing app, confirm no close proximity to a positive case, and pass a fever check or show documentation of immunity from a serological test.’” https://twitter.com/voxdotcom/status/1250151886256209920

Wed Apr 15 17:19:22 +0000 2020

“foresee a digital pandemic surveillance state in which virtually every American downloads an app to their phone that geotracks their movements, so if they come into contact with anyone who later is found to have Covid-19, they can be alerted and…quarantine can begin.” https://twitter.com/ezraklein/status/1248587310804930560

Wed Apr 15 17:27:08 +0000 2020

…”Similarly, people would scan QR codes when boarding mass transit or entering other high-risk public areas. And GPS tracking could be used to enforce quarantine on those who test positive with the disease, as is being done in Taiwan.”

Wed Apr 15 17:27:45 +0000 2020

@CoboVault We at @BlockchainComns would be interested in talking with you about open standards for Bitcoin-related airgap QR-code standards for keys, social recovery, identifiers, etc. for use with @FullyNoded 2 mobile wallet, #LetheKit, etc. Other companies are also involved.

Wed Apr 15 20:03:52 +0000 2020

Replying to @amirrajan, @VinayTaylor, @doublespeakgame and @continuities

“A Dark Room” is interesting as a text game, as it has a “real time” element to it that I’ve not seen before. @aaronareed (who is working on a book on history of text games), have you seen anything quite like this before? @continuities: have you used this idea elswhere?

Wed Apr 15 20:33:30 +0000 2020

Replying to @CryptoLixin, @ElectrumWallet and @wasabiwallet

We also have been working on QR formats, not only for PSBT & bitcoin wallet descriptors, but also for master entropy seeds (binary BIP39) with metadata (birthday, etc), two-level Shamir (binary SLIP39 plus encrypted metadata and public metadata), and more. cc/ @StepanSnigirev

Thu Apr 16 03:39:57 +0000 2020

Do anyone happen to know at what bit sizes the bech32 standard becomes less optimal? I know that @pwuille optimized for 40 bytes (320 bits) as that is what a segwit transaction is, so it is great for 32 byte keys & schnorr sigs. I think it is ok at 64 bytes for xpubs…

Thu Apr 16 04:28:28 +0000 2020

…but I vaguely recall you loose its BCH error correcting capabilities as you move to 80 bytes and more. But I’m not sure at what thresholds you lose them. I’d love to see a bech64 or bech128, even if not as optimum as @pwuille could do them.

Thu Apr 16 04:30:46 +0000 2020

Replying to @pwuille

Thank you! Am I correct that your optimization automated testing focused on 40 bytes (320 bit) scenario? Any advice if I was to try my hand at bech64?

Thu Apr 16 05:05:26 +0000 2020

Replying to @pwuille

Thanks. My initial focus is a good balance of error correction and detection at 128 bytes. In some ways error correction is now more important as this is a worst case scenario of over voice. Do you have a rough guess for how many amazon hours or $ were used in your ezbase32 sim?

Thu Apr 16 05:34:56 +0000 2020

Replying to @meshcollider and @pwuille

xpubs, wallet descriptors, etc. SMS & Voice are also cases.

Thu Apr 16 05:55:52 +0000 2020

Replying to @meshcollider and @pwuille

Other scenarios are an encrypted signed key or xpub, or a slip39 shard with sharded metadata (say lightning info).

Thu Apr 16 06:01:08 +0000 2020

Replying to @meshcollider and @pwuille

I’d like to be able to encode this base64 2 of 3 descriptor: wsh(multi(2,03a0434d9e47f3c86235477c7b1ae6ae5d3442d49b1943c2b752a68e2a47e247c7,03774ae7f858a9411e5ef4246b70c65aac5649980be5c17891bbec17895da008cb,03d01115d548e7561b15c38f004d734633687cf4419620095bc5b0f47070afe85a))

Thu Apr 16 06:03:45 +0000 2020

Replying to @meshcollider and @pwuille

So the queston that @pwuille asked is “how many errors you want to correct”. <3% errors is considered acceptable in typing but gross errors is >6%, so 4-8 for that scenario.

Thu Apr 16 06:16:56 +0000 2020

Replying to @meshcollider and @pwuille

I wish I knew what the historical expected error rate was for ham radio operators doing voice or morse code. 10%? If true that would be 13 errors. That is my worst case % — say for terrible censorship resistance scenario.

Thu Apr 16 06:18:31 +0000 2020

Replying to @meshcollider and @pwuille

I do believe anything beyond this point SMS size (140 characters) is infeasible for these type of communications. The reality is that I’m most interested are ECDH (with its embede pubkey) at ~75 bytes, the new Schorr signatures + pubkey at ~64 bytes, xpubs & xprv unencrypted.

Thu Apr 16 06:28:02 +0000 2020

Replying to @_drgo, @meshcollider, @pwuille and @nvk

I’ve also heard concern about transmitting xpubs in the clear, so that could be the 64 bytes of the xpub plus signature, which is ~128 bytes, thus the upper end of my size range.

Thu Apr 16 06:29:46 +0000 2020

I do believe that this is a great start for a proscriptive list for the EU to avoid some of the risks to human rights privacy of #ContactTracing. But I believe there should be more. For instance, will compliance by authorities to these standards be auditable? There is much more. https://twitter.com/SophieintVeld/status/1250437299491360768

Thu Apr 16 07:29:25 +0000 2020

A worrisome precedent towards #ImmunityCredentials #ImmunityPassport. Remember—we don’t even know the efficacy of these test are yet. “Dubai-based airline Emirates has begun carrying out Covid-19 blood tests on passengers at the airport prior to flights.” https://www.cnn.com/travel/article/emirates-passengers-blood-test-covid-19/index.html

Thu Apr 16 15:36:25 +0000 2020

RT @AriDavidPaul: Everyone complaining about US not giving you a covid19 test? Skip the hospital, don’t bother calling your state’s health…

Thu Apr 16 15:40:01 +0000 2020

Ten years later, still true, if not more so! https://twitter.com/ChristopherA/status/12301926688

Fri Apr 17 02:30:37 +0000 2020

A #SmartCustody scenario to restore a root master seed (in BIP39 or SLIP39 shards) from a titanium blank into the @BlockchainComns #LetheKit, which is then used to create a new child master seed on a hardware wallet to take home or sign a multisig PSBT. https://github.com/bitcoin/bips/pull/910#issuecomment-615045135

Fri Apr 17 05:16:46 +0000 2020

RT @FullyNoded: 🚨 Teaser alert 🚨

New halving countdown, mainnet capability, along with many improvements/fixes coming soon!!!! 👀


Fri Apr 17 08:03:36 +0000 2020

Replying to @henkvancann and @peterktodd

We don’t, and I don’t think they want us to know.

Sat Apr 18 04:18:37 +0000 2020

🤔“It is not hard to imagine nefarious use cases as well. A foreign operative who wished to sow chaos, an unscrupulous political operative who wished to dampen political participation, or a desperate business owner who sought to shut down the competition, all could…” https://twitter.com/rcalo/status/1248672673892159489

Sat Apr 18 05:47:17 +0000 2020

…”use self-reported instances of COVID-19 in an anonymous fashion to achieve their goals. The process of threat modeling apps that purport to trace the prevalence of coronavirus is limited or nonexistent.”

Sat Apr 18 05:47:45 +0000 2020

RT @IEthics: “This is not the time for #technology optimism or pessimism. It’s the time for technology realism, with the full understanding…

Sat Apr 18 06:07:51 +0000 2020

RT @rcalo: The demographics of COVID-19 apps are going to be messy. Adopters are likely to skew young, and hence disproportionately asympto…

Sat Apr 18 06:08:13 +0000 2020

“Although Google and Apple might win the public over by emphasizing that their contact tracing approach is voluntary, nothing guarantees this arrangement. In time, it might become not really voluntary. In order to secure the benefits…will be tempted to mandate the technology. “ https://twitter.com/GlobeOpinion/status/1251243925232398339

Sat Apr 18 06:15:08 +0000 2020

So far my research shows doubts on efficacy. “By emphasising efficacy as a first-order concern for determining whether to run a new surveillance programme or use new surveillance features during the crisis, we’re making the case that evidence-based considerations are fundamental” https://t.co/h4xSrHIZv2

Sat Apr 18 06:30:58 +0000 2020

A very good, country by county, look at #COVID19 proposals for #ContactTracing, #ImmunityCredentials & other #surveillance https://twitter.com/davegershgorn/status/1250515010301972480

Sat Apr 18 06:42:43 +0000 2020

“The EU has called on Apple to remove from the App Store contact tracing apps that don’t have appropriate privacy safeguards. Google should do the same with the Play Store…stating that fighting the coronavirus must not mean sacrificing rights of citizens. https://9to5mac.com/2020/04/16/contact-tracing-apps/

Sat Apr 18 06:47:26 +0000 2020

RT @Fonta1n3: This is why @FullyNoded always decodes, parses and displays each signed transaction’s input and output before asking you to b…

Sat Apr 18 17:03:40 +0000 2020

I’ve updated my #GPG key FDFE14A54ECB30FC5D2274EFF8D36C91357405ED’s expiration date to not expire for another year (2021, April 15), as I still don’t have good best practices for #PGP key rotation. This is the key I use to sign all my @GitHub commits. https://github.com/christophera.gpg

Sat Apr 18 23:28:30 +0000 2020

An observation today that is frustrating is that @KeybaseIO doesn’t seem to respect key expiration dates, nor does it seem to have any way to revoke keys. When I tried to import my updated key it rejected the update as it already had imported the key material & didn’t need it.

Sat Apr 18 23:31:10 +0000 2020

RT @ChristopherA: An observation today that is frustrating is that @KeybaseIO doesn’t seem to respect key expiration dates, nor does it see…

Sat Apr 18 23:31:18 +0000 2020

Vital infrastructure! “With most donors (users, the US government & the private sector) being focused on surviving the COVID-19 economic crisis themselves, the Tor team appears to be having issues raising funds to support itself through the pandemic.” https://www.zdnet.com/article/tor-project-lays-off-a-third-of-its-staff/

Sun Apr 19 07:27:14 +0000 2020

“There are very few protections out there for software developers to make sure that packages they install from these repositories are malware free…There is a huge gap in the market at the moment which is being exploited by malware authors.” https://arstechnica.com/information-technology/2020/04/725-bitcoin-stealing-apps-snuck-into-ruby-repository/

Sun Apr 19 07:46:37 +0000 2020

My organization @BlockchainComns not only supports @torproject financially, but also with infrastructure. For instance, we established a Tor exit node at @nycmesh & we are working on adding at least 2 more in other parts of the world. If your company relies on Tor, do the same!

Sun Apr 19 17:52:46 +0000 2020

Replying to @exiledsurfer

https://twitter.com/christophera/status/1251931761929359360?s=21 https://twitter.com/ChristopherA/status/1251931761929359360

Sun Apr 19 17:53:03 +0000 2020

RT @ChristopherA: My organization @BlockchainComns not only supports @torproject financially, but also with infrastructure. For instance, w…

Sun Apr 19 17:53:15 +0000 2020

I appreciate in this #ContactTracing architecture paper that the @PeppPt team is sharing their threat modeling & adversarial analysis. I wish everyone was doing that BEFORE starting desiging the code. And we should share these broadly as I’m sure we are all missing some threats. https://twitter.com/carmelatroncoso/status/1251931084843110401

Sun Apr 19 18:04:33 +0000 2020

I care about the #ContactTracing side of the problem, but I’m focused this week on threat modeling & adversarial analysis of #ImmunityCredentials, as I’m co-chair of W3C Credentials CG I have a bully pulpit to stand on to try to get people to think carefully first.

Sun Apr 19 18:13:03 +0000 2020

I’m collecting, organizing, annotating, and curating links on #ImmunityCredentials (aka #ImmunityBadges #ImmunityPassports) here https://github.com/ChristopherA/Lists-of-High-Signal-Low-Noise-Links/blob/master/ImmunityCredentials-VerifiableClaims-COVID19.md Still relatively loosely organized but useful. Threat modeling & adversarial analysis next.

Sun Apr 19 18:17:34 +0000 2020

RT @ChristopherA: I care about the #ContactTracing side of the problem, but I’m focused this week on threat modeling & adversarial analysis…

Sun Apr 19 18:17:42 +0000 2020

RT @ChristopherA: I’m collecting, organizing, annotating, and curating links on #ImmunityCredentials (aka #ImmunityBadges #ImmunityPassport…

Sun Apr 19 18:17:45 +0000 2020

Replying to @alececere and @lopp

We have #BitcoinStandup scripts for Linux & Linode & a Mac app to make it easy to install bitcoin full nodes with Tor v3 available now in our community repos. They work now but we need some volunteers to help make them better—better docs, windows app, ++ https://github.com/BlockchainCommons

Sun Apr 19 19:49:55 +0000 2020

I really don’t want 2019 to be “peak human”. https://twitter.com/ChristopherA/status/722530295790997505

Mon Apr 20 16:51:13 +0000 2020

Part of me just wants to drop what I’m doing & design a new collaborative game for #ZoomJam, a contest for best 500 word game that can be played on Zoom. Submissions end on April 24th. I suspect I have too many commitments but may try to squeeze it in! https://zoomjam.org/

Mon Apr 20 17:31:29 +0000 2020

RT @MeeplesTogether: If you’ve bought our book “Meeples Together: How and Why Cooperative Board Games Work” the authors challenge you to ap…

Mon Apr 20 18:40:59 +0000 2020

RT @degregat: We started to map out the high level building blocks from the different privacy preserving contact tracing proposals here: ht…

Mon Apr 20 21:51:28 +0000 2020

Replying to @degregat

I’m currently working on something similar for #ImmunityCredentials (aka #ImmunityPassports, #ImmunityBadges, #ImmunityCertificates).

In the meantime you might find these “high-signal low-noise” resources useful…

Mon Apr 20 21:53:45 +0000 2020

Replying to @degregat

Annotated list of opinionated, high-signal but low-noise links about #LocationPrivacy #ContactTracing #PublicHealthVsPrivacy #COVID19 https://github.com/ChristopherA/Lists-of-High-Signal-Low-Noise-Links/blob/master/LocationPrivacy-ContractTracing-PublicHealthVsPrivacy-COVID19.md

Mon Apr 20 21:55:20 +0000 2020

Replying to @degregat

Annotated list of opinionated, high-signal but low-noise links about #ImmunityCredentials #VerifiableClaims #COVID19 https://github.com/ChristopherA/Lists-of-High-Signal-Low-Noise-Links/blob/master/ImmunityCredentials-VerifiableClaims-COVID19.md

Mon Apr 20 21:56:22 +0000 2020

Replying to @degregat, @robvank, @jaromil and @SarahJamieLewis

I would really like to see @SarahJamieLewis contributions here. I’m pulling together a list of vulnerabilities, threats into a #ImmunityCredential risk model, but she knows more about risks to a number of important vulnerable populations than I do. We’ve also asked her to speak.

Tue Apr 21 00:53:40 +0000 2020

Agreed! There is also some past history here, such as this paper about New Orleans #ImmunityPrivilege in the era of Yellow Fever. https://academic.oup.com/ahr/article/124/2/425/5426380 https://twitter.com/degregat/status/1252362605412286465

Tue Apr 21 00:58:23 +0000 2020

…and this one from the AMA Journal of Ethics on history of stigma and disease https://academic.oup.com/ahr/article/124/2/425/5426380

Tue Apr 21 00:59:52 +0000 2020

Today I learned that there is no BIP or SLIP docs specifying how the m/48’ HD derivation works for bitcoin multisig. This was apparently agreed upon by @ElectrumWallet , @Ledger , @Trezor & Copay and now used by @COLDCARDwallet & others. But many important details missing!

Tue Apr 21 03:16:48 +0000 2020

I’ve already had a couple of people already report that they were unable in the past find any docs and that they’ve had to reverse engineer the details themselves. This is not best practices of open development!

Tue Apr 21 03:32:09 +0000 2020

Replying to @mflaxman and @Coinsurenz

To be clear, you only need 2 devices. The third cay be an offline key (say BIP39 on titanium or xprv). For @FullyNoded 2 the devices for multisig are your home computer (or VPS if you really want), your phone & then BIP39 offline. I can also be two phones, which many people have.

Tue Apr 21 03:39:42 +0000 2020

My best guess that the idea was that by using m/48’ for multisig paths, you’d never need to check a single signature bitcoin address for balance from those derived keys, and you’l never reuse a derived key that will be used for a single-signature wallet and also multisig wallet.

Tue Apr 21 04:48:23 +0000 2020

One of the challenges without m/48’ docs is that apparently legacy, nested segwit & native segwit all use the same m/48’ root, a different approach then separate roots for single signatures. It also isn’t clear to me how accounts work, and which portions of path are hardened.

Tue Apr 21 04:55:35 +0000 2020

I’ve started a HackMD markdown document with my notes for now, but with the goal of a BIP quality document to submit either a future BIP or SLIP document in the future. DM me if you want added for access, but I’ll make a GitHub repo for it soon.

Tue Apr 21 04:57:33 +0000 2020

Replying to @hodlwave

I agree with your problem statement, but I’m not sure about your answer, but that is fine. But an open development process should have allowed these type of ideas to be floated.

Tue Apr 21 04:59:22 +0000 2020

Replying to @hodlwave

For now I’ll be satisfied with documenting m/84’, but longer term there are some assumptions in our designs that one hardware wallet has exactly on hd master seed, but that isn’t necessarily true. @FullyNoded 2 can have several HD seeds & future airgapped like #LetheKit will to.

Tue Apr 21 05:00:42 +0000 2020

If there are devs / technical writers who would like to help document m/48’ multisig usage properly, contact me via DM - I’ve got a temporary HackMD collaborative document started, which I’ll move to @BlockchainComns repo when we have acceptable draft, for ultimate submit as BIP.

Tue Apr 21 19:53:41 +0000 2020

Though @drummondreed‘s wallet metaphor as described here by @RuffTimo has its weaknesses, it is the best I know of to introduce people to #SSI who come from the identity mental model of “Capability” https://github.com/WebOfTrustInfo/rwot7-toronto/blob/master/final-documents/mental-models.md#capability aka “What can the subject actually do?” cc/@JoeAndrieu https://twitter.com/DigitalTrustVC/status/1252392036881149954

Tue Apr 21 21:58:10 +0000 2020

We do need a good ethical models for the benefits vs risks in the area of public health commons vs human rights. Even consent has its limitations—their are forms of coercion to get consent that are subtle & unconscious; yet no consent is required if harm to public is too large. https://twitter.com/taoeffect/status/1252648508781244416

Tue Apr 21 22:04:33 +0000 2020

Best I’ve got for an ethical model is what I taught my “Using the Social Web for Social Change” when I taught in an MBA for Sustainable Systems. https://twitter.com/christophera/status/895765368228134914?s=21 https://twitter.com/ChristopherA/status/895765368228134914

Tue Apr 21 22:13:51 +0000 2020

My whole presentation on “Tactics of Persuasion & Influence” are at https://www.slideshare.net/ChristopherA/tactics-of-persuasion-influence-bgiedu A key point in my class is that though we may not use coercion or power in our influence designs, these tactics only make it less risky, but if we are not careful can still be unethical.

Tue Apr 21 22:18:54 +0000 2020

Replying to @FullyNoded, @B__T__C and @BlockchainComns

It would be helpful to know which specific model of iPhone this corrupted QR is coming from. I’ve only seen this before on an iPod Touch.

Wed Apr 22 04:44:35 +0000 2020

RT @VTeagueAus: 1/4: In the absence of any source code for the #covid19au tracing app, I decided to pull the TraceTogether code and start l…

Wed Apr 22 04:47:40 +0000 2020

Replying to @hackylawyER and @aniltj

“They cite from the same hymn sheet of SSI Principles by Christopher Allen. In the past we have cited these too, but in the future we question whether it is wise to do so.” I have reaching out to people to collaborate on update for 2020 but events have intervened. Collaborate?

Thu Apr 23 02:41:55 +0000 2020

Replying to @hackylawyER and @aniltj

The #SSI principals were always intended as a first draft. My #SSI article ended at “This article seeks to begin a dialogue on that topic, by offering up a definition and a set of principles as a starting point”

Thu Apr 23 02:44:13 +0000 2020

Replying to @hackylawyER and @aniltj

We tried to start a collaboration on GitHub to revise principal one about “control” but fell into a rat-trap you know of that some people wanted to base on property-law principals. https://github.com/WebOfTrustInfo/self-sovereign-identity/issues/8 We should not have started with #1. Pick another easier one as first?

Thu Apr 23 02:47:29 +0000 2020

Replying to @hackylawyER and @aniltj

Another hard one to revise is #2, “Existence” https://github.com/WebOfTrustInfo/self-sovereign-identity/issues

Thu Apr 23 02:48:46 +0000 2020

Replying to @hackylawyER and @aniltj

May be should start with #6 “Portability”? These principles are 6 years old next month. The 2015 set are at https://github.com/WebOfTrustInfo/self-sovereign-identity/blob/master/self-sovereign-identity-principles.md — help us update for 2020!

Thu Apr 23 02:52:15 +0000 2020

RT @ChristopherA: @hackylawyER @aniltj “They cite from the same hymn sheet of SSI Principles by Christopher Allen. In the past we have cite…

Thu Apr 23 02:55:55 +0000 2020

RT @ChristopherA: @hackylawyER @aniltj The #SSI principals were always intended as a first draft. My #SSI article ended at “This article s…

Thu Apr 23 02:55:58 +0000 2020

RT @ChristopherA: @hackylawyER @aniltj We tried to start a collaboration on GitHub to revise principal one about “control” but fell into a…

Thu Apr 23 02:56:03 +0000 2020

RT @ChristopherA: @hackylawyER @aniltj Another hard one to revise is #2, “Existence” https://github.com/WebOfTrustInfo/self-sovereign-identity/issues

Thu Apr 23 02:56:08 +0000 2020

RT @ChristopherA: @hackylawyER @aniltj May be should start with #6 “Portability”? These principles are 6 years old next month. The 2015 set…

Thu Apr 23 02:56:12 +0000 2020

Replying to @hackylawyER and @aniltj

I’ve started an issue on revising #SSI principle #6 on “Portability. Information and services about identity must be transportable.” with some initial comments from other people. Please add yours, plus any easy wins like getting rid of word “user”. https://github.com/WebOfTrustInfo/self-sovereign-identity/issues/13

Thu Apr 23 03:13:58 +0000 2020

Replying to @hackylawyER, @aniltj and @hackylawyER

@Emily_Fry_ @JoeAndrieu @kimdhamilton @trbouma @rufftimo @LeahHoustonMD @IdentityWoman @MalJayaram @alex_giann

Thu Apr 23 03:21:43 +0000 2020

I like this viral #COVID19 Venn diagram meme that is going around, but I support this modified version more.

Any meme-artists up to turning it into a more appealing version?

(I believe the latter is from @marcolam053)

Thu Apr 23 04:12:49 +0000 2020

Hmm, it may be attributable to different Marco Lam – not sure! https://www.facebook.com/marco.lam.12

Thu Apr 23 04:15:20 +0000 2020

RT @trbouma: “We cannot solve a pandemic by coding the perfect app. Hard societal problems are not solved by magical technology, among othe…

Thu Apr 23 16:28:46 +0000 2020

RT @kimdhamilton: Join the @w3c_ccg Verifiable Credentials for EDU task force this Monday for an exciting topic! Mike Lodder will discuss c…

Thu Apr 23 23:23:22 +0000 2020

RT @TheOperaGeek: The Player’s Handbook states “An improvised weapon includes any object you can wield in one or two hands, such as broken…

Thu Apr 23 23:30:12 +0000 2020

I’m pleased that the Netherlands government had their attorney general take a serious look at these proposals: “attorney general Reimer Veldhuis was asked to assess the final seven contenders for compliance with privacy laws—and found all seven lacking.”

Thu Apr 23 23:37:12 +0000 2020

“can envision a scenario in which the government proposes “a Patriot Act for pandemic monitoring and control”—a reference to the law enacted after 9/11 that gave the government more powers to fight terrorism while also laying the groundwork for sprawling new surveillance.” https://twitter.com/EFF/status/1253359112504500228

Fri Apr 24 00:01:25 +0000 2020

Replying to @aniltj

Anil, we should still use dueling blogs posts, tweets, etc. However, I haven’t found these forms of deliberation lead to consensus. Instead, we should use the tools we use to create consensus for standards. A GitHub issue is just a mailing list, you don’t need to be a dev to use.

Fri Apr 24 00:54:01 +0000 2020

Replying to @aniltj

These consensus building tools are getting easier for non-devs to use. GitHub has released some new apps that are much more accessible. In fact, there is a whole generation of young lawyers that are looking at git as a replacement for Word-based tracking changes.

Fri Apr 24 01:06:29 +0000 2020

Replying to @aniltj

Any other deliberation system to built consent would require at least some of the parties to learn new best practices. As the final result is guidance to technologists to think broader & to do the right thing, GitHub feels a good & well understood place for building consensus.

Fri Apr 24 01:14:06 +0000 2020

One of the best things I’ve read this week on the topic of #COVID19 #ContactTracing is this article by @harper that argues that we should call it “Exposure Alerting” and that many of our design problems come from naming it incorrectly. https://harper.blog/2020/04/22/digital-contact-tracing-and-alerting-vs-exposure-alerting/

Fri Apr 24 01:37:59 +0000 2020

Replying to @darrello, @aniltj and @drummondreed

Have you tried the the new GitHub app? Combined with the web interface it can help a lot. The Atom editor & Typora app on the Mac helps. Many have found they work nicely without going to command-line at all.

Our community needs to write up a tutorial and FAQ here for non-devs.

Fri Apr 24 01:44:17 +0000 2020

What we really need for our @FullyNoded 2 users is a BTC/USD price feed behind a reliable Tor onion address. This is one of our critical path items for our mainnet beta. https://twitter.com/teo_leibowitz/status/1253339608667979784

Fri Apr 24 02:23:06 +0000 2020

Replying to @lightcoin

FullyNoded2 does all communication to the net exclusively through Tor so that your cafe, company, isp or country does not know you are a Bitcoin holder. We could do all payments purely in bitcoin easily, but our users also want the current $ equivalent price for payments.

Fri Apr 24 04:58:08 +0000 2020

Very true. When I taught online in green MBA at least 4-5 hours of planning went into the design of each 1-1/2 hour class. My TA later said that I designed classes like I designed a game, with the goal of creating an experience. Please no more ‘sage on a stage’—we can do better! https://twitter.com/NicoleLazzaro/status/1253552362511163392

Fri Apr 24 05:52:11 +0000 2020

RT @MeeplesTogether: We always considered Matt Leacock’s Pandemic to be an educational game that warned about the future of pandemics if…

Fri Apr 24 16:13:32 +0000 2020

Replying to @darrello, @twshelton, @aniltj and @drummondreed

Both are much easier now with these new tools, including when there are merge conflicts. Do remember that track changes merging in Word isn’t very easy either.

Fri Apr 24 16:16:05 +0000 2020

Replying to @trbouma and @aniltj

Do you have a suggestion for another deliberation and consensus building platform?

Fri Apr 24 16:17:43 +0000 2020

An excellent deep dive into #SSI (Self-Sovereign Identity) legal integration with #eIDAS (#EUs Electronic Identification, Authentication and Trust Services) written by @NachoAlamillo & published by the EU Commission, makes 38 recommendations for changes: https://joinup.ec.europa.eu/collection/ssi-eidas-bridge/document/ssi-eidas-legal-report

Fri Apr 24 16:35:23 +0000 2020

Replying to @trbouma and @aniltj

I will say that as much as I appreciate and value those mediums as back channels, that without being paired with a deliberation system to build consensus that they can be divisive. I could argue many of our problems of today are due to lack of development in deliberation systems.

Fri Apr 24 16:42:02 +0000 2020

Replying to @trbouma and @aniltj

Part of the reason I have been studying consensus and collaboration building in works like my book @MeeplesTogether and upcoming works is to help catch up deliberation systems to the vast increase in amplification of informal voice systems like social media. We need both.

Fri Apr 24 16:45:44 +0000 2020

We’ve been investigating in the larger wallet community (both cryptocurrency wallets but also self-sovereign identity #SSI wallets) the use of some form of bech32 for encoding cryptographic values (seeds, hd keys, shards, public keys, signatures, etc) See: https://lists.w3.org/Archives/Public/public-credentials/2020Apr/0240.html

Fri Apr 24 20:40:12 +0000 2020

RT @hackylawyER: “Wearing a bracelet or waving a piece of paper to show your immune status might sound like the plot of a dystopian novel,…

Fri Apr 24 21:02:15 +0000 2020

RT @lnbits: We’re very pleased to release #LNbits v0.1!
The free and open-source bitcoin #lightningnetwork wallet/accounts system
-#LND +…

Fri Apr 24 22:00:29 +0000 2020

A question to the http://itch.io community: @aaronareed & I have been collaborating together on a card-based gmless storygame inspired by #GateWatch & #BelongingOutsideBelonging. What are best examples of using the devlog & comments features to create a following? Risks?

Sat Apr 25 01:00:19 +0000 2020

We are making great progress in being able to sign Bitcoin multisig across multiple wallets. An important design decision is coming up for airgap QR support on how we encode transactions larger than that which fits in a QR. There are a variety of approaches including animated. https://twitter.com/FullyNoded/status/1253974101267410948

Sat Apr 25 16:38:08 +0000 2020

RT @bitgeiniog: @ChristopherA @marcolam053

Sat Apr 25 16:38:34 +0000 2020

“Solarpunk encourages us to accept the reality of the present and move forward by focusing on solutions to the problems at hand.” In many ways I believe this subgenre is more difficult to write (or play) than dystopian & post-apocalyptic stories, yet often more powerful & moving. https://twitter.com/_rileyio/status/1250793015104483329

Sat Apr 25 17:10:55 +0000 2020

Parts of this piece disturb me but I also appreciate the out-of-the box thinking here, including if liability insurance should play an role in #ImmunityCredentials. But we need to be careful as liability law & courts are slow & expensive, and lives as wergild are often unjust. https://twitter.com/robinhanson/status/1253854174049157121

Sat Apr 25 17:33:39 +0000 2020

The editors of @TheEconomist have clearly not learned the #Foremembrance story of how 75% of Dutch Jews lost their lives in the Holocaust nor connect it to the rise of the right today. This is why Northern Europe has a privacy “religion”. After 75 years is becoming forgotten. 😢 https://twitter.com/TheEconomist/status/1254107950211371008

Sat Apr 25 18:33:59 +0000 2020

If @TheEconomist editors are listening, this my #foremembrance video that describes how efficient collection of Dutch data for good purposes during the Depression was used by Nazi’s in WWII to kill the largest percentage of Jews of any nation. https://youtu.be/isanNSDoSnE

Sat Apr 25 18:39:01 +0000 2020

👆Hoping for some ideas from http://itch.io storygame community. Also puzzled on how to setup community copies of #GateWatch @roswellwrites @lackingceremony @SeaExcursion @SeanNittner @koboldtime @passerines @NightlingBug @jdragsky @cartweel @MothLands @Q_Game_Design

Sat Apr 25 19:26:06 +0000 2020

Replying to @DeePennyway and @mrfb

Thanks, very helpful. That feature was not obvious and there was no help available on the itch website on how to offer this.

Sat Apr 25 19:48:34 +0000 2020

Thanks for the help on setting up Community Copies, I’ve added 10 copies my #GateWatch collaborative storygame: https://dyvershands.itch.io/gate-watch

Sat Apr 25 19:51:06 +0000 2020

Any great examples of use of devlogs over time in a gmless collaborative storygame? Most I follow on itch don’t seem to use them.

Sat Apr 25 19:56:20 +0000 2020

Wow, another QR standards esoterica I’ve never heard of before:

ECC 200 Structured Append, for max 16 QR codes. http://www.keepautomation.com/tips/data_matrix/ecc_200_data_matrix_features.html

I wonder if this is already supported in any of the native QR code readers like iOS and Android offer? Has anyone leveraged these before?

Sat Apr 25 20:18:16 +0000 2020

RT @ChristopherA: Wow, another QR standards esoterica I’ve never heard of before:

ECC 200 Structured Append, for max 16 QR codes. https:/…

Sat Apr 25 20:18:28 +0000 2020

Replying to @wmclaxton

So far into my deep dive this week into #ImmunityCredentials (links: https://github.com/ChristopherA/Lists-of-High-Signal-Low-Noise-Links/blob/master/ImmunityCredentials-VerifiableClaims-COVID19.md risk model: in progress), I see no good solutions, especially given questions on the efficacy of the immunity testing in general. But clearly Govs are going to do it anyhow. Least evil?

Sun Apr 26 03:28:41 +0000 2020

Replying to @bobhilt and @wmclaxton

Partly. My bigger concern is that the perceived benefits of #ImmunityCredentials may backfire. People may spread if incorrect, cause people to seek becoming infected, or take advantage of multiple tests to get a false-positive, or immuno-privilege becoming a new norm.

Sun Apr 26 05:38:55 +0000 2020

👍👏 Government of Canada says: ”Privacy protection isn’t just a set of technical rules and regulations, but rather represents a continuing imperative to preserve fundamental human rights and democratic values, even in exceptional circumstances.“… https://twitter.com/trbouma/status/1254252178107236358

Sun Apr 26 08:59:02 +0000 2020

…”Government institutions should still apply the principles of necessity and proportionality, whether in applying existing measures or in deciding on new actions to address the current crisis.” A good example for other governments to follow!

Sun Apr 26 09:00:11 +0000 2020

RT @FullyNoded: New guide to using collaborative multisig and psbt’s with @ElectrumWallet!


Latest testflight v0.…

Sun Apr 26 09:05:13 +0000 2020

F2F tech events at risk: “These parties, funerals, religious meet-ups and business networking sessions all seem to have involved the same type of behaviour: extended, close-range, face-to-face conversation—typically in crowded, socially animated spaces.” https://quillette.com/2020/04/23/covid-19-superspreader-events-in-28-countries-critical-patterns-and-lessons/

Sun Apr 26 18:20:34 +0000 2020

RT @hackylawyER: The pandemic is driving home the vast & dangerous divide between technologists who view “privacy” as a technical exercise…

Sun Apr 26 18:34:45 +0000 2020

RT @ChristopherA: @bobhilt @wmclaxton Partly. My bigger concern is that the perceived benefits of #ImmunityCredentials may backfire. People…

Sun Apr 26 18:35:02 +0000 2020

RT @PeterHebly: @hackylawyER @ChristopherA @marleenstikker Obviously, ‘technologists’ create the actual reality of privacy in people’s live…

Sun Apr 26 22:55:45 +0000 2020

As we build cross-wallet standards for multisig Bitcoin & with our desire to make these available to less technical people, one of the challenges of multisig is that it is not sufficient to store BIP39 of each key (say on titanium as we recommend in the free #SmartCustody book)…

Sun Apr 26 23:27:34 +0000 2020

…You must also store the public key descriptors for all the other keys along with the master seed. It isn’t that hard to put 12-24 words in steel or titanium (hour or so) but xpub descriptors are quite large (equivalent to 24 words each). …

Sun Apr 26 23:29:41 +0000 2020

…There are some ideas about printing just the public key descriptors as a QR codes to accompany each master seed being stored (presuming all might not be burned in same fire), or some other airgap recovery approaches using QR-Vault apps and devices…

Sun Apr 26 23:32:47 +0000 2020

…I’ve found it hard to get people to spend the <1 hour to put 12-24 words on titanium, much less something bigger. I fear bitrot with solely using hardware keys. So far no brilliant solutions. If you have ideas, reply to issue https://github.com/BlockchainCommons/AirgappedSigning/issues/3

Sun Apr 26 23:35:15 +0000 2020

Replying to @mschoening

Have the GitHub mobile app take over all http://github.com URLs by default.

(It is a really bad idea but you are already doing it. I had to delete my GitHub mobile app because of it, despite otherwise appreciating. This behavior broke too many of my workflows)

Mon Apr 27 00:25:11 +0000 2020

Sabriel, by Garth Nix, is easily is in my top 10 YA fantasy books of all time, and likely in my top 20 fantasy books. Though there are sequels it stands alone well. At .99 for the eBook it is a steal. https://twitter.com/sfsignal/status/1254229000555298817

Mon Apr 27 00:30:08 +0000 2020

One of the wonderful things about the architecture of our @FullyNoded 2 iOS Bitcoin wallet is the tight integration with bitcoin-core. This means that we can take swift advantage when major new features are released (and start testing when they are merged): https://twitter.com/jonatack/status/1254567794823303169

Mon Apr 27 01:30:06 +0000 2020

RT @FullyNoded: Another day another guide!

This time it shows you how to use Specter with FN2. Replicating a FN2 2of3 in Specter, creating…

Mon Apr 27 16:28:24 +0000 2020

Replying to @aaronareed

All of our Skotos games are web-based, what we call “text dominant”. It has been a challenge to keep up with we tech—new client out now. Though this review is negative about the particular game play there, it is positive and describes well the interface. https://www.rpg.net/reviews/archive/classic/rev_6274.phtml

Tue Apr 28 17:30:56 +0000 2020

Replying to @aaronareed

Castle Marrach has a peculiar rule that might interest you. There is a function that can optionally pop up a window when you “examine <object>”. But game limits you to only representational objects like paintings, drawings, sculptures. Not items in game. Mostly player content.

Tue Apr 28 17:35:33 +0000 2020

RT @ChristopherA: “Standard efforts don’t run out of money or time, they just run out of patience.” — @Justin__Richer

Tue Apr 28 17:36:57 +0000 2020

This air-gapped wallet definitely looks interesting. I’m interested in in their bitcoin-only mode & a “cypherpunk edition” where we can put our own root key & code on them. This team has recently joined discussions PSBT QR codes with @BlockchainComns so I anticipate good things! https://twitter.com/BitcoinLixin/status/1255149801508704259

Tue Apr 28 18:05:52 +0000 2020

Replying to @iamzatoshi, @CryptoLixin and @matt_odell

Ellipal works, but no open source, and has not been responsive to questions. @BlockchainComns did a dive into its air-gapped protocol, and found very little we wanted to emulate in our standards. https://docs.google.com/presentation/d/1IJGL1QjMjGL1o1JHgTA4BPQYtBPhkZqHNSb_lLQDSaQ/edit

Tue Apr 28 18:12:57 +0000 2020

Not the parties I want to see as guardians of our human rights. 👎 “at least eight surveillance and cyber-intelligence companies attempting to sell repurposed spy and law enforcement tools to track the virus and enforce quarantines“ https://www.reuters.com/article/us-health-coronavirus-spy-specialreport-idUSKCN22A2G1

Tue Apr 28 22:35:02 +0000 2020

RT @La__Cuen: Many crypto companies made considerable profits in March. So I hope to write more stories like this. Funding open source deve…

Tue Apr 28 22:49:23 +0000 2020

Replying to @BitMEXResearch and @BitMEXResearch

I’m not sure how you classify @BlockchainComns — we have not contributed directly to bitcoin-core, but we work on digital asset #SmartCustody best practices, support infrastructure like Tor, low level libraries like SLIP39, cross-wallet PSBT standards, and more!

Tue Apr 28 22:55:27 +0000 2020

If this alternative to Schnorr holds up it may extend the life of legacy ECDSA sigs a little longer: “Sig gen 4 rounds…3 of these rounds can take place in a preprocessing stage before the signed message is known, lending to the first non-interactive threshold ECDSA protocol.“ https://twitter.com/IACRePrint/status/1255112723236556800

Tue Apr 28 23:03:37 +0000 2020

This isn’t the only worst case. Mistrust in system, deliberate infection, and immuno-privilege yellow-fever style is. “In a worst case scenario, communities that exhibit higher cases of the coronavirus infection can be subjected to geofencing by public health officials” https://twitter.com/BrookingsInst/status/1254908689053618176

Tue Apr 28 23:13:06 +0000 2020

👍 “We have serious doubts that voluntary, anonymous contact tracing through smartphone apps—as Apple, Google, and faculty at a number of academic institutions all propose—can free Americans of the terrible choice between staying home or risking exposure.“— @CT_Bergstrom https://twitter.com/CT_Bergstrom/status/1254856359201239042

Tue Apr 28 23:16:56 +0000 2020

Part of me says “Oh no! Yet another curve”, but as I can’t seem to find my way to fully support 25519 standards due to its limitations of being a non-prime order Edward’s curve & secp256k1 not being supported by the HSM chips, this curve, if standardized, has some attractiveness. https://twitter.com/NCCsecurityUS/status/1255149136447279106

Wed Apr 29 19:57:07 +0000 2020

RT @FullyNoded: New wallet template UI in latest FN2 update.

Hot: single sig, device holds seed.

Warm: 2 of 3, 1 seed on device, 1 priv…

Wed Apr 29 19:59:46 +0000 2020

As we move toward a number of multisig scenarios for Bitcoin, making them easier to understand by non-technical users has become increasingly an issue. Here is our first pass at reducing the complexity. Much more to do. https://twitter.com/FullyNoded/status/1255494478602829826

Wed Apr 29 20:02:11 +0000 2020

Presuming a best-of-class iOS Bitcoin wallet with multisig & PSBT support, how would you want to financially support it? If your choice not in this list, add your suggestions as a reply:

Thu Apr 30 00:25:46 +0000 2020

Replying to @FlamingCode

That is a basic assumption of any “best-in-class” Bitcoin wallet.

Thu Apr 30 04:06:25 +0000 2020

“There are many other companies and teams involved who all desire to make multisig easier, more standard, and allow you to choose different approaches or implementations knowing that you are not locked into a single solution.”—@ChristopherA https://twitter.com/CoinDesk/status/1255897448138055682

Thu Apr 30 17:34:36 +0000 2020

“Rather than focus on distributing output, focus on distributing opportunities” —Raghuram Rajan https://qz.com/india/1848551/raghuram-rajan-rahul-gandhi-discuss-indias-coronavirus-crisis/

Thu Apr 30 18:34:25 +0000 2020

RT @ChristopherA: Presuming a best-of-class iOS Bitcoin wallet with multisig & PSBT support, how would you want to financially support it?…

Thu Apr 30 18:41:26 +0000 2020

Replying to @christroutner

Doing it for each transaction isn’t economical. However, we have thought about having the wallet track how much you paid miners in transaction fees over time & once the total is economical asking the holder to consider matching as donation back to us. Isn’t much but a good point.

Thu Apr 30 18:45:34 +0000 2020

RT @ChristopherA: @christroutner Doing it for each transaction isn’t economical. However, we have thought about having the wallet track how…

Thu Apr 30 18:46:02 +0000 2020

Replying to @VeroCEG

That is a good question. Most iOS apps with one-time purchase get minor updates free, but at some point for a major version will ask for brand new payment every year or two, sometimes discounting for first few weeks for previous users. How does that affect your vote?

Thu Apr 30 18:50:56 +0000 2020

Replying to @StevieJarosz

So what is basic use? A single-signature wallet? Ability to export invoice & payment notes to .csv? Should a basic 2 of 3 wallet be an upgrade? Ability to participate in a multisig as a joint signer? Use of time-lock account template? How would you expect these to be priced?

Thu Apr 30 18:57:14 +0000 2020

Replying to @_naveenmishra and @matt_odell

Thanks—trying to think your idea through. Pay for the wallet in bitcoin after first successful transaction? I presume out as in is uncensorable. What if there is too little initial balance to pay for wallet? Always allow a free sweep out to new wallet?

Thu Apr 30 19:04:09 +0000 2020

Replying to @jasonmsteele

We need funding to also make a best-in-class Android wallet to our standards (which are high).

Thu Apr 30 19:05:59 +0000 2020

Replying to @bluedroplet

I’ve thought through some wallet gamification ideas, but all require some communication back to us. One of the best-in-class features is that all communications are through Tor, and none are back to us, and any communication back to mobile platform company is normal activity.

Thu Apr 30 19:09:18 +0000 2020

Replying to @maverickdotdev and @matt_odell

https://twitter.com/christophera/status/1255934253956648960?s=21 https://twitter.com/ChristopherA/status/1255934253956648960

Thu Apr 30 19:09:50 +0000 2020

RT @ChristopherA: @VeroCEG That is a good question. Most iOS apps with one-time purchase get minor updates free, but at some point for a ma…

Thu Apr 30 19:10:20 +0000 2020

RT @ChristopherA: @StevieJarosz So what is basic use? A single-signature wallet? Ability to export invoice & payment notes to .csv? Should…

Thu Apr 30 19:10:27 +0000 2020

RT @ChristopherA: @_naveenmishra @matt_odell Thanks—trying to think your idea through. Pay for the wallet in bitcoin after first successful…

Thu Apr 30 19:10:34 +0000 2020

RT @ChristopherA: @jasonmsteele We need funding to also make a best-in-class Android wallet to our standards (which are high).

Thu Apr 30 19:10:41 +0000 2020

RT @ChristopherA: @bluedroplet I’ve thought through some wallet gamification ideas, but all require some communication back to us. One of t…

Thu Apr 30 19:10:47 +0000 2020

Replying to @hodlwave, @wsheap and @matt_odell

I absolutely believe that for full self-sovereignty the source of a digital asset wallet must be available. No lock-in allowed—it needs to be YOUR wallet. What you are paying for is availability, convenience & support. A harder question for all mobile app biz model are upgrades.

Thu Apr 30 19:16:13 +0000 2020

RT @ChristopherA: @hodlwave @wsheap @matt_odell I absolutely believe that for full self-sovereignty the source of a digital asset wallet mu…

Thu Apr 30 19:16:23 +0000 2020

Replying to @denverbitcoin and @matt_odell

We have considered this, but we want co-signing to have an open / no lock-in architecture as well. A co-signer can be a spouse or colleague, a collaborative custody company like @unchainedcap or @CasaHODL or a service like @GreenAddress. Maybe even @AvantiBT or another bank.

Thu Apr 30 19:21:24 +0000 2020

RT @ChristopherA: @denverbitcoin @matt_odell We have considered this, but we want co-signing to have an open / no lock-in architecture as w…

Thu Apr 30 19:21:30 +0000 2020

Replying to @NickLTC, @MarkFriedenbach and @BrianLockhart

Questions for you? How often do we nag? When is nagging too much? Once you’ve paid some, do we keep nagging until you reach a threshold? If you’ve paid, can we nag you again for a major upgrade? I dislike nagging but it may be our best option, but what are best practices?

Thu Apr 30 19:25:39 +0000 2020

RT @ChristopherA: @NickLTC @MarkFriedenbach @BrianLockhart Questions for you? How often do we nag? When is nagging too much? Once you’ve pa…

Thu Apr 30 19:25:43 +0000 2020

Replying to @oh_kurrrrt and @matt_odell

We have several kinds of coin-control in mind. First to be implemented is basic, a switch “don’t spend from change”. Next you can see list of UTXO and click “spend next”. Payjoin? Then we hope to have an protocol for option to sent all change to a mixer wallet (say @wasabiwallet)

Thu Apr 30 20:00:38 +0000 2020

RT @ChristopherA: @oh_kurrrrt @matt_odell We have several kinds of coin-control in mind. First to be implemented is basic, a switch “don’t…

Thu Apr 30 20:01:15 +0000 2020

Replying to @dstadulis and @christroutner

We definitely want to support lightning at some point, which allows for more micro transaction business models, but unlikely for v1.

Thu Apr 30 20:04:11 +0000 2020

Replying to @hodlwave, @wsheap and @matt_odell

Not at this point, but I investigated this (for the third time) a few years ago. The problem is that the app is signed by Apple for final distribution. So we have write a tool to ignore that signature (and maybe other signatures).

Thu Apr 30 20:07:36 +0000 2020

RT @ChristopherA: @hodlwave @wsheap @matt_odell Not at this point, but I investigated this (for the third time) a few years ago. The proble…

Thu Apr 30 20:07:43 +0000 2020

Replying to @hodlwave, @wsheap and @matt_odell

We (@mcclow & I) wrote a tool for verification of Mac applications that ignored signatures & other mutable metadata ~1993, first named VeriSign. But they decided to name the company that name, so it became SignaFile. Should have taken stock not contract! 🤷🏻‍♂️

Thu Apr 30 20:16:02 +0000 2020

RT @ChristopherA: @hodlwave @wsheap @matt_odell We (@mcclow & I) wrote a tool for verification of Mac applications that ignored signatures…

Thu Apr 30 20:16:28 +0000 2020

Replying to @jasonmsteele

We are doing iOS 1st for security concerns. I was VP of the Blackphone Android startup 6-years ago. It is much harder to build a secure app on Android (expensive but not impossible) especially given Google’s API requirements (ask @SamouraiWallet) & bad actors in their ecosystem.

Thu Apr 30 20:25:34 +0000 2020

Replying to @6102bitcoin

Most (not all) mobile wallets that are independent are funded either by alt-coins or token companies paying for access, a direct ICO, by an currency exchange seeking preferential usage, or relationship with a tech company to leverage the wallet for their new tech. Unsustainable.

Thu Apr 30 20:40:20 +0000 2020

RT @ChristopherA: @6102bitcoin Most (not all) mobile wallets that are independent are funded either by alt-coins or token companies paying…

Thu Apr 30 20:40:32 +0000 2020

Replying to @jonatack

What if we set it up so that if you build from source (not that hard but requires an paid Apple developer contract) it asks for bitcoin, but fiat if you buy it from Apple or pay for in-app upgrade?

Thu Apr 30 20:52:36 +0000 2020

Replying to @henkvancann

I’m so far not happy with the security, architecture & UI compromises required by the multiplatform packages. Very difficult to offer best-in-class features. Focus is on cross-wallet data & protocols. One reason we chose iOS first is that can also offer a macOS app version soon.

Thu Apr 30 21:32:58 +0000 2020

RT @ChristopherA: @henkvancann I’m so far not happy with the security, architecture & UI compromises required by the multiplatform packages…

Thu Apr 30 21:33:02 +0000 2020

Replying to @6102bitcoin

Most people don’t realize that with Bitcoin multisig having master seeds is not enough. We are working on @BlockchainComns an emerging standard we call an “Account Map” with all the xpub and wallet descriptor info, to be printed as QR on waterproof paper to saved with every seed.

Thu Apr 30 21:40:14 +0000 2020

RT @ChristopherA: @6102bitcoin Most people don’t realize that with Bitcoin multisig having master seeds is not enough. We are working on @B…

Thu Apr 30 21:40:19 +0000 2020

Replying to @hodlwave and @6102bitcoin

https://twitter.com/christophera/status/1255975272425242625?s=21 https://twitter.com/ChristopherA/status/1255975272425242625

Thu Apr 30 21:41:15 +0000 2020

Replying to @adam3us and @6102bitcoin

https://twitter.com/christophera/status/1255975272425242625?s=21 https://twitter.com/ChristopherA/status/1255975272425242625

Thu Apr 30 21:41:34 +0000 2020

Results so far in my poll on how an independent mobile wallet should be funded. Thread also has some interesting material. I’m in particular concerned about how to offer long-term support & avoid moral hazard, and yet avoid customer lock-in. Poll closes in 23 hours. Vote now! https://twitter.com/ChristopherA/status/1255654540986265600

Thu Apr 30 22:35:08 +0000 2020

Replying to @miniver and @strasa

I’m intrigued with various GM tool best practices from the vantage point of tools for gmless (or gmfull) games. Puzzling this week if interactive pdf forms can help, especially given story games via zoom.

Thu Apr 30 22:43:59 +0000 2020

Replying to @citlayik and @real_or_random

We use Tor v3 between your own @FullyNoded 2 bitcoin mobile wallet and a full node under your control. I wonder what we can do to mitigate this kind of analysis, especially for the full-node’s P2P network.

Thu Apr 30 22:49:11 +0000 2020

We have been working on something similar that we are calling an “Account Map” with only xpubs, wallet descriptor & some metadata, but more compact to print on QR code to lock up with each seed on titanium. Collaborate? cc/@FullyNoded @COLDCARDwallet @StepanSnigirev @CryptoLixin https://twitter.com/COLDCARDwallet/status/1255922997866700800

Thu Apr 30 22:58:13 +0000 2020

I have added this topic regarding the opportunity to create a cross-wallet standard for these Account Maps as a new issue on GitHub. cc/@COLDCARDwallet https://github.com/BlockchainCommons/AirgappedSigning/issues/6

Thu Apr 30 23:12:53 +0000 2020

Replying to @jonatack

I sympathize—I still seek open security chips on phones & have been puzzling with parties like @philchen913 of @htcexodus, @CryptoLixin of @CoboVault, @Trezor, @Risc_V and others on how to get there. But after failure of Blackphone 5 years ago (where I was VP) it is difficult.

Thu Apr 30 23:21:00 +0000 2020

RT @paulg: Weird potential idea: competence tourism.

E.g. Goldman Sachs has a bunch of people who really need to work in an office togeth…

Thu Apr 30 23:56:52 +0000 2020

Replying to @hodlwave, @6102bitcoin and @BlockchainComns

Just a QR of the public descriptor is where we started, but you may have more account stored for use with one per seed. You may have a birthday for the account, some path to seed details, and other metadata. https://twitter.com/ChristopherA/status/1255998586703147009?s=20 https://twitter.com/ChristopherA/status/1255998586703147009

Fri May 01 00:11:21 +0000 2020

Are there any VCs others interested in infrastructure investments? Reid Hoffman invested in Blockstream not for 20x return, but to increase the value of the Bitcoin he bought at <$35. He got lot more than 20x.

Fri May 01 00:37:23 +0000 2020

Blockchain Commons is a “not-for-profit” benefit corporation. We are not offering equity but are open to revenue-backed investment instruments for pojects like @FullyNoded—these will not give 20x return, but as we focus on ecosystems you can win through value to whole ecosystem…

Fri May 01 00:40:46 +0000 2020

In the meantime, we invite your support as a sponsor of our infrastructure projects like #SmartCustody, #LetheKIT, self-Sovereign Decentralized Identity, and much more with monthly contributors through https://GitHub.com/sponsors/BlockchainCommons or bitcoin donations through https://btcpay.blockchaincommons.com

Fri May 01 00:45:54 +0000 2020

Here is an example of an possible compact Account Map. Other items we are considering is some form of label to distinguish it from other accounts, but @COLDCARDwallet I believed stores more. https://github.com/BlockchainCommons/AirgappedSigning/issues/6#issuecomment-622189404

Fri May 01 00:50:11 +0000 2020

Interesting network map of America, based on economic analysis, shows the true metropolitan regions. Also applicable when thinking about social distancing & travel quarantines. https://www.atlasobscura.com/articles/here-are-the-real-boundaries-of-american-metropolises-decided-by-an-algorithm

Fri May 01 03:14:50 +0000 2020