RT @windley: Avoiding future identity catastrophes requires that we put technical and legal structures in place now to protect privacy and…

x-icon Wed Apr 01 20:28:22 +0000 2020


This is the release version of object capabilities/macaroons integration with the Lightning Network that we had as a discussion in the W3C-Credentials CG last month. Particularly useful for metered services. https://lightning.engineering/posts/2020-03-30-lsat/

x-icon Wed Apr 01 22:17:42 +0000 2020


Here is the transcript of the W3C-CCG meeting on the topic of LSATs https://w3c-ccg.github.io/meetings/2020-02-25/ We also discussed more generically Credentials & Capabilities a few weeks earlier https://w3c-ccg.github.io/meetings/2020-02-18/

x-icon Wed Apr 01 22:21:17 +0000 2020


One thing I’m interested in is the roadmap for LSATs or other ovaps to integrate newer cryptography forms like adapter signatures vs using mac hashing. @roasbeef, @Snyke @socrates1024, Andrew Poelstra?

x-icon Wed Apr 01 22:32:17 +0000 2020


” ’Big Brother is here,’ wrote Omer, a young father, on Facebook, minutes after he received a text message that he’d been close to a virus carrier the previous week.”

https://www.npr.org/2020/03/19/818327945/israel-begins-tracking-and-texting-those-possibly-exposed-to-the-coronavirus

x-icon Wed Apr 01 22:53:17 +0000 2020


…”Now people find out that the Shin Bet and the police know exactly where they are in any second. People are awakening and understanding the problem of giving too much power to the government when it comes to our privacy.”

x-icon Wed Apr 01 22:54:23 +0000 2020


👍“we propose 8 privacy questions that we would like app developers to answer. We hope these questions will help start a high-level discussion to systematically evaluate potential vulnerabilities and real risks in existing and future contact tracing apps.” https://cpg.doc.ic.ac.uk/blog/evaluating-contact-tracing-apps-here-are-8-privacy-questions-we-think-you-should-ask/

x-icon Thu Apr 02 16:00:57 +0000 2020


Replying to @yvesalexandre

I facilitated a meeting in the W3C Credentials CG on the topic of #LocationPrivacy this week. I would like to suggest W3C processes, starting with a new CG as way of collaborating internationally on this. Contact me if interested.

x-icon Thu Apr 02 16:06:32 +0000 2020


Replying to @yvesalexandre

https://twitter.com/christophera/status/1245476356768567296?s=21 https://twitter.com/ChristopherA/status/1245476356768567296

x-icon Thu Apr 02 16:08:23 +0000 2020


RT @roasbeef: @ChristopherA @Snyke @socrates1024 it depends on the exact use case, but it’s possible to embed arbitrary data in macaroon as…

x-icon Thu Apr 02 19:04:40 +0000 2020


RT @roasbeef: @ChristopherA @Snyke @socrates1024 one thing we don’t use atm are “third-party caveats”, which allow the backend servers to o…

x-icon Thu Apr 02 19:04:50 +0000 2020


Replying to @TheCryptoFool and @WayneVaughan

I’ve the Queen of Masks at home, so she saves only the best for me.

x-icon Fri Apr 03 02:50:12 +0000 2020


Replying to @WayneVaughan and @TheCryptoFool

A Rider of the Purple Sage!

x-icon Fri Apr 03 05:57:41 +0000 2020


We are pleased to announce #LetheKit, the newest project from @BlockchainComns. It is a #DIY platform & SDK for developing sensitive crypto apps on an offline/airgapped device without WiFi, Bluetooth, or local storage, which could leak information. https://github.com/blockchainCommons/bc-lethekit

x-icon Fri Apr 03 19:09:20 +0000 2020


Without local storage, when you turn #LetheKit off it forgets any sensitive data stored in RAM. Thus the name Lethe (“lee-thee”) from the mythological river of forgetfulness and oblivion. (Thank you to @eordano for suggesting the name!).

x-icon Fri Apr 03 19:10:52 +0000 2020


Led by software engineer and hardware hacker Ken Sedgwick @ksedgwic, #LetheKit leverages a ASMD51 “SparkFun Thing Plus” board with an AMD ATSAMD51J20 32-bit ARM Cortex-M4 processor, printable 3D CAD and assembly instructions & an example seedtool application.

x-icon Fri Apr 03 19:12:28 +0000 2020


The example seedtool app leverages other libraries under development at @BlockchainComns to help with #SmartCustody. It allows you to create a master cryptographic seed from dice, save or restore it from offline using #BIP39 words or shards of multiple #SLIP39 words using Shamir.

x-icon Fri Apr 03 19:13:38 +0000 2020


One of the goals of #LetheKit is that all of its functionality is completely inspectable & auditable. You can enter the same dice used for randomness into IanColeman’s popular javascript tools, or our forthcoming CLI tools, and compare the results.

x-icon Fri Apr 03 19:16:18 +0000 2020


#LetheKit leverages a number of new cryptographic libraries by Blockchain Commons, including bc-shamir & bc-slip39, C implementations of the #SLIP39 shamir secret sharing standard. They currently conform to the @Trezor reference code. https://github.com/satoshilabs/slips/blob/master/slip-0039.md

x-icon Fri Apr 03 19:16:53 +0000 2020


This is a late alpha of #LetheKit v0, so it should not be used for production tasks until it has had further testing and auditing. We need your help to review the implementation & test it before we send it out for formal security review.

x-icon Fri Apr 03 19:20:36 +0000 2020


Future plans for v0 of the seedtool include #BIP32 xprv, xpub & digital asset key derivation, output of QR codes to ease input into other devices, and other useful tools for an airgapped device. Other apps might include #zkproof support.

x-icon Fri Apr 03 19:21:11 +0000 2020


Based on the reactions to #LetheKit hardware, we are considering improvements beyond v0 to include various approaches of hardening the software, making the hardware tamper evident, adding a auto-focusing camera for reading dice or QR codes, new motherboards with HSM support, etc.

x-icon Fri Apr 03 19:21:32 +0000 2020


We would like to thank our financial contributors, project sponsors, sustaining patrons, and of course our volunteers for helping @BlockchainComns to be able do these kinds of blockchain and security infrastructure projects…

x-icon Fri Apr 03 19:22:00 +0000 2020


#LetheKit Blockchain Commons Sustaining Patrons: Sean Moss-Pultz @moskovitch of https://bitmark.com & Digital Contract Design. Project Sponsors: @unchainedcap. Individual Financial Sponsors: @aantonop @gwillen Alexandre Linhares @DarioUTXO @B__T__C Anonymous x4

x-icon Fri Apr 03 19:22:46 +0000 2020


Volunteers who helped with this project, either with advice, code or review include: @ksedgwic @howech @kanzure @dsp6s @WolfMcnally @pavolrusnak @MarkFriedenbach @yancyribbens @htcexodus @Appelcline

x-icon Fri Apr 03 19:35:55 +0000 2020


#LetheKit is a project by @BlockchainComns, a not-for-profit benefit organization supporting the open web. Our work is funded entirely by donations from people like you. Every donation will be spent on building open tools & technology for blockchain & security infrastructure.

x-icon Fri Apr 03 19:36:37 +0000 2020


To financially support further development of LetheKit# & our other projects, please consider becoming a ongoing patron of Blockchain Commons by sponsoring us through @GitHub; currently, they are matching the first $5k so please do consider this option. https://github.com/sponsors/BlockchainCommons

x-icon Fri Apr 03 19:37:17 +0000 2020


You can also support our projects by contributing Bitcoin to Blockchain Commons via our BTCPay Server: https://btcpay.blockchaincommons.com

x-icon Fri Apr 03 19:37:40 +0000 2020


Please share with us on Twitter your progress on making your own #DIY #LetheKit! Share photos of your experience! We welcome issues (even basic questions) and pull requests at our GitHub repository. https://github.com/blockchainCommons/bc-lethekit

x-icon Fri Apr 03 19:39:02 +0000 2020


Replying to @awilkinson

The new social isolation status symbol: Masks

x-icon Fri Apr 03 21:19:14 +0000 2020


All of a sudden I can’t seem to reply to a message in my Twitter thread, on either my iPhone, the Twitter client, or directly from a web page. Has anyone run into this before? Will this new tweet even post?

x-icon Sat Apr 04 01:07:16 +0000 2020


Replying to @BTCSocialist

We did mention that your project was our inspiration in the README for the project. We needed to keep the volunteer list to those that directly contributed to this project or the Shamir code. We are very open to PRs if you want to get added! 😀

x-icon Sat Apr 04 01:07:47 +0000 2020


Replying to @r0ckstardev, @BTCSocialist and @repoocsov

We already gave him a special mention as one of the inspirations for the project in the README in the repository.

x-icon Sat Apr 04 01:09:39 +0000 2020


Hmm, it appears to be that I had the file name README (.md) in the tweet. For some reason Twitter no longer likes mentioning that filename. Maybe because .md is a new domain now and it thinks when I connect the filename to the .md extension that is a domain name?

x-icon Sat Apr 04 01:11:28 +0000 2020


Replying to @Coinicarus, @r0ckstardev and @BTCSocialist

We did, his project is mentioned as in inspiration in the README.

x-icon Sat Apr 04 01:12:11 +0000 2020


Replying to @CryptoCloaks

To be clear, we did give Ben credit in the README in his own section as an inspiration for our project. For the record, this project at Blockchain Commons actually began as open source code for a better social secret recovery tool, which ultimately became folded into SLIP39.

x-icon Sat Apr 04 01:15:42 +0000 2020


Hmm🤔How does one today do a good unit test for a random number generator? One that would run on a linux device and would pass, but when we ran it on more limited device (say Arduino or in a Trust Zone) would properly fail if the randomness was bad? I should know best practices.

x-icon Sat Apr 04 01:25:15 +0000 2020


Replying to @hodlwave

Agreed, but you certainly can test for some of the more egregious errors. #LetheKit uses casino dice as a source of randomness for a reason, but a well written PRNG can be a pretty good solution PROVIDED that it is running on known hardware. It is the latter that I’d puzzling.

x-icon Sat Apr 04 01:50:29 +0000 2020


Replying to @joedecker, @bahstgwamt and @microluciano

In the early days of SSL, my firm was the only one in the world willing to do security reviews of other SSL implementations (I co-wrote the spec). We failed over 50% on randomness problems in <1 hr! Ultimately RSA stopped requiring reviews as we failed too many, slowing sales!

x-icon Sat Apr 04 01:54:55 +0000 2020


Replying to @bahstgwamt, @joedecker and @microluciano

I’d be satisfied if we could catch the most egregious oddball platform problems. But what level of unit testing in code and tests implementations is good enough meeting 2020 best practices?

x-icon Sat Apr 04 01:56:53 +0000 2020


Replying to @bahstgwamt, @joedecker and @microluciano

Terisa wasn’t doing security reviews when this started. At the time, Verisign (an RSA spin-off) would not allow servers to do server certificate requests without a review, and both RSA & Verisign sales teams had strong sales incentive. Ultimately allowed “self-reviews” instead.

x-icon Sat Apr 04 02:39:58 +0000 2020


Replying to @bahstgwamt, @joedecker and @microluciano

Terisa Systems in those early years was pushing another protocol, shttp, and only became active with the SSL/TLS protocol when it was clear it was going to be the winner. When they joined they did find & fix a number of protocol flaws, and were a good citizen in the community.

x-icon Sat Apr 04 02:49:57 +0000 2020


“Long after the last community transmitted case of this pandemic, my fear is that these surveillance mechanisms that are being pitched by unscrupulous companies like NSO will stay on our networks and continue to track our phones”—⁦@jsrailton⁩ https://www.vice.com/en_us/article/epg9jm/nso-covid-19-surveillance-tech-software-tracking-infected-privacy-experts-worried

x-icon Sat Apr 04 05:14:30 +0000 2020


Legacy technologies for these type of certificates also have big “phone home” problems that make their privacy problems even worse. Verifiable Credentials tries to address this, in particular with DIDs, helps address these problems. https://twitter.com/mayazi/status/1246387709620506624

x-icon Sat Apr 04 18:22:06 +0000 2020


Replying to @matt_odell

From a #SmartCustody risk analysis perspective (see free book http://bit.ly/SmartCustodyBookV101)) it is a tradeoff. Yes, privacy of sources of your UTXOs in cold storage in theory protect you from coercion attacks, but there are other ways to correlate you as a holder. Also process fatigue.

x-icon Sat Apr 04 18:39:29 +0000 2020


Replying to @marksammiller

Thank you Mark! Your endorsement means a lot to me!

x-icon Sat Apr 04 20:04:59 +0000 2020


RT @JWWeatherman_: .@ChristopherA important thing.

If you can toss him GitHub social proof with a Microsoft matched sponsor buck or two it…

x-icon Sat Apr 04 21:08:39 +0000 2020


Replying to @Leon_Vandenberg, @marksammiller and @christopera

Volunteers for @BlockchainComns related advocacy absolutely needed. And not only coders, but requirements, UI, testing, documentation, fund raising, foundation proposals, law & regulatory review, marketing, graphics, etc. thank you!

x-icon Sat Apr 04 21:11:34 +0000 2020


RT @Leon_Vandenberg: @marksammiller @ChristopherA #Agreed @ChristoperA and his friends/peers truly lead the pack on Policies #Wyoming #Neth…

x-icon Sat Apr 04 21:12:21 +0000 2020


RT @ChristopherA: @Leon_Vandenberg @marksammiller @christopera Volunteers for @BlockchainComns related advocacy absolutely needed. And not…

x-icon Sat Apr 04 21:12:27 +0000 2020


Replying to @PyVitor, @Leon_Vandenberg, @marksammiller, @christopera and @BlockchainComns

👍 The community repo for Blockchain Commons is woefully out of date, but that could be a good place to start. I’d prefer GitHub and markdown centric when possible. It is harder for non-devs but possible. Maybe post issues there? https://github.com/BlockchainCommons/BlockchainCommonsCommunity

x-icon Sat Apr 04 22:39:06 +0000 2020


Replying to @auryn_macmillan

We at @BlockchainComns have a number of ongoing open source projects: #SmartCustody, #LetheKit & social key recovery libraries, and much more. https://GitHub.com/BlockchainCommons

x-icon Sun Apr 05 05:38:57 +0000 2020


RT @RyanGamlin: As I drove home later that day, through the protective ring of equipment, I realized a fundamental difference between publi…

x-icon Sun Apr 05 05:58:12 +0000 2020


RT @ManningBooks: Self-Sovereign Identity provides insight into the problems of digital identity just when we desperately need to solve the…

x-icon Sun Apr 05 07:21:17 +0000 2020


RT @FullyNoded: Curious how FN2 works? Check out our recently updated ReadMe which covers important details. Also includes improved “build…

x-icon Sun Apr 05 17:40:01 +0000 2020


Replying to @rdonoghue and @miniver

It depends what you are looking for. Sortition is the method of creating a random but representative group (but in total # is a minority) to accurately gauge the majorities best judgment. Ideal size can very, but can vary to be quite small (juries are a form of sortition). …

x-icon Mon Apr 06 20:51:11 +0000 2020


Replying to @rdonoghue and @miniver

There are some completely separate thoughts on size of a “wisdom of the crowds” group, both in absolute minimum number and %. It may also only apply to specific domains: quantity estimation, general world knowledge, and spatial reasoning are known to work.

x-icon Mon Apr 06 21:04:08 +0000 2020


Replying to @rdonoghue and @miniver

There is a variant that seems to work well, known as “surprisingly popular” where people are asked they think the right answer is, and what they think popular opinion will be. The averaged difference between the two indicates the correct answer.

x-icon Mon Apr 06 21:05:25 +0000 2020


Replying to @rdonoghue and @miniver

On the majority side of the equation there are a lot of choices. See my “Spectrum of Consent” article: http://www.lifewithalacrity.com/2015/09/a-spectrum-of-consent.html

x-icon Mon Apr 06 21:07:34 +0000 2020


Replying to @rdonoghue and @miniver

Not knowing the domain or the scope of your question, @rdonoghue, makes this a pure guess, but there is something magic that happens at least a dozen people and fully representative 5% of the people. ៚

x-icon Mon Apr 06 21:12:43 +0000 2020


Replying to @miniver and @rdonoghue

There are actually at least three domains here. What deliberation is required to create consensus, how to groups make decisions when there is not consensus, and how to get information from small groups to inform good decisions.

x-icon Mon Apr 06 21:30:37 +0000 2020


Replying to @miniver

You should read two of my blog series: Systems for Collective Choice http://www.lifewithalacrity.com/2005/12/systems_for_col.html and…

x-icon Mon Apr 06 21:32:40 +0000 2020


Replying to @miniver

Community by the Numbers http://www.lifewithalacrity.com/tags/community-by-the-numbers/

x-icon Mon Apr 06 21:33:29 +0000 2020


Replying to @miniver

You may also be interested in: https://github.com/ParticipatoryOrgs/Participatory-Organizations-Overview-and-Taxonomy

x-icon Mon Apr 06 21:35:21 +0000 2020


Replying to @miniver

And of course chapters near end of my book @MeeplesTogether https://www.MeeplesTogether.com/about

x-icon Mon Apr 06 21:36:34 +0000 2020


Replying to @miniver and @MeeplesTogether

I really need to update all of these with newer research and my opinions have evolved a bit, but all I believe are still correct.

x-icon Mon Apr 06 21:38:32 +0000 2020


I’m not sure I’m ready to meet this standard for my Zoom calls 😅: https://youtu.be/DGwQZrDNLO8

x-icon Tue Apr 07 17:07:32 +0000 2020


RT @DeutscheBank: The COVID-19 pandemic is accelerating the rise of central bank #digitalcurrencies as many governments see the handling of…

x-icon Tue Apr 07 21:59:32 +0000 2020


Replying to @jorisvanhoboken

Show them this video on what good intentions in Dutch Civil Service caused before: https://youtu.be/isanNSDoSnE

x-icon Tue Apr 07 22:03:34 +0000 2020


Much of my research today on cooperation is learning how to harness it for creativity — how it connects to, and is supported by narrative & storytelling. This case study about #MicroscopeRPG was cut from our book @MeeplesTogether but the patterns I learned from it were profound. https://twitter.com/MeeplesTogether/status/1247659605229854722

x-icon Wed Apr 08 00:25:45 +0000 2020


RT @LuditeSam: The big reason Microscope makes players narrate independantly rather than the supposedly more cooperative “design-by-committ…

x-icon Wed Apr 08 00:27:37 +0000 2020


RT @markmackinnon: The “coronavirus coups.” It’s not just Hungary - authoritarian leaders around the world are using the pandemic to take n…

x-icon Wed Apr 08 16:52:03 +0000 2020


RT @PindarWong: T414) Really glad to see this initiative by @ChristopherA : we need this kind of thought leadership to complement intern…

x-icon Thu Apr 09 05:50:17 +0000 2020


Replying to @JimDabell, @FiloSottile and @zx2c4

We are very careful at @BlockchainComns with GPG provenance in our new cryptographic library repos. It is a PITA, but makes clear commitment of contributors not only to secure code but also to license. But what we hope to build is a replacement to GPG: #RebootingWebOfTrust.

x-icon Thu Apr 09 06:54:38 +0000 2020


I have been playing & writing #TTRPGs for over 4 decades! Here is my high school #DnD group from 1980. I didn’t realize until I was in college that having half the group being women was uncommon—was not #StrangerThings! Glad this has been changing for the better in recent years!

x-icon Thu Apr 09 14:34:15 +0000 2020


RT @ChristopherA: #qotd “Art celebrates beauty & the glory of mankind’s role in it—science’s job is to make us humble.”—Christopher Allen,…

x-icon Thu Apr 09 14:40:55 +0000 2020


RT @gameplaywright: “Fractally create an epic history” in the game that’s the fourth Meeples Together lost study. “Microscope places more f…

x-icon Fri Apr 10 00:10:52 +0000 2020


RT @FullyNoded: New logos 🖤 👀 Coming next update along with other improvements.

x-icon Fri Apr 10 17:21:20 +0000 2020


Diving into this #LocationPrivacy #ContactTtacing specification today. Comparable tech specs at this level or other references appreciated. https://twitter.com/hdevalence/status/1248661056622186496

x-icon Fri Apr 10 17:29:43 +0000 2020


RT @hdevalence: The key schedule is very simple: users have a root Tracing Key, deriving Daily Tracing Keys, which are used to generate Rol…

x-icon Fri Apr 10 17:29:59 +0000 2020


Replying to @hdevalence

“Run by Whom?” Is the key problem of a number of these #ContactTracing proposals. (’ve almost a dozen other proposals on my list but few have real technical details. As a co-inventor of the Decentralized Identifiers, I’d like my privacy preserving tech to avoid centralized nodes.

x-icon Fri Apr 10 17:56:36 +0000 2020


RT @ChristopherA: @hdevalence “Run by Whom?” Is the key problem of a number of these #ContactTracing proposals. (’ve almost a dozen other p…

x-icon Fri Apr 10 17:57:42 +0000 2020


RT @ncasenmare: To beat COVID-19, we need contact tracing apps. But does that mean sacrificing our right to privacy?

HECK NO ✊

Here’s a c…

x-icon Fri Apr 10 18:39:27 +0000 2020


RT @drewharwell: Bluetooth is short-range, low-power, and more precise & private than GPS location data. But its effectiveness depends on m…

x-icon Fri Apr 10 19:39:45 +0000 2020


RT @errorinn: The adversary model for contact tracing apps isnt a bored cryptographer working alone with no resources; it’s a company nobod…

x-icon Fri Apr 10 19:41:37 +0000 2020


RT @JustinBrookman: Former FDA Commissioner @ScottGottliebMD issued a report earlier this week calling for far greater public health survei…

x-icon Fri Apr 10 19:42:06 +0000 2020


I use Twitter’s list feature while I’m doing research or diving into a topic. Using it keeps me from be distracted to another context. I just spent some time updating my “Privacy Tech & Advocacy” list, feel free to subscribe: https://twitter.com/i/lists/1068260260555579393

x-icon Fri Apr 10 19:52:19 +0000 2020


RT @lukOlejnik: Privacy preserving contact tracing. Looks really solid and privacy proofed. Hope someone will use it, though seems governme…

x-icon Fri Apr 10 20:05:38 +0000 2020


I too am skeptical about both the efficacy (because it is too late) & the #PrivacyByDesign (too centralized) of this first generation of #ContactTracing apps. That being said, I think it is worth the effort to learn best practices and make better choices for the next generation. https://twitter.com/fs0c131y/status/1248687857184772096

x-icon Fri Apr 10 20:12:54 +0000 2020


Replying to @madadric

Have you had thoughts on applying your Impulse Drive ideas to gmless approaches like Belonging Outside Belonging? I’m puzzling through similar territory in a rev of my late game Gate Watch and a new game Twilight Road.

x-icon Fri Apr 10 20:21:29 +0000 2020


Re: efficacy — https://twitter.com/MarkFriedenbach/status/1248705352998125569?s=20

x-icon Fri Apr 10 20:23:19 +0000 2020


“The way that we enable, administer and check the exceptional surveillance and social powers that each government exerts to contain COVID-19…will frame an important part of the future of state power in a world with increasing emergencies.” https://www.cigionline.org/articles/digital-response-outbreak-covid-19

x-icon Fri Apr 10 20:45:47 +0000 2020


“While the risks and harms associated with digital surveillance are often framed as related to privacy, there are significantly larger issues that apply during a pandemic, such as the escalation of government powers. “

x-icon Fri Apr 10 20:45:56 +0000 2020


There has some some discussion & collaboration in the #W3C Credentials CG on what a #Covid19 Immunity Credential might look like using the #VerifiableCredentials standard. Thread (long) starts at: https://lists.w3.org/Archives/Public/public-credentials/2020Apr/0052.html Example credential: https://github.com/w3c-ccg/vc-examples/tree/master/docs/covid-19

x-icon Fri Apr 10 20:53:50 +0000 2020


RT @ChristopherA: “While the risks and harms associated with digital surveillance are often framed as related to privacy, there are signifi…

x-icon Fri Apr 10 20:57:03 +0000 2020


Replying to @madadric

If you’d like to see what I’m up to there I’d be glad to do a zoom.

x-icon Sat Apr 11 01:02:32 +0000 2020


Replying to @madadric

DM me.

x-icon Sat Apr 11 01:04:35 +0000 2020


RT @moxie: First look at Apple/Google contact tracing framework:

1) Once a day, your device derives a new key (“daily tracing key”).

2) I…

x-icon Sat Apr 11 07:32:45 +0000 2020


Despite ever more immersive 3D games of today, my most visceral computer game experiences came from text games. From pre-microcomputer days of Adventure & Zork, my first authorship of an Eamon game on Apple ][, killing Kesmai dragons on CompuServe, many muds & ultimately Skotos. https://twitter.com/aaronareed/status/1249020133982396417

x-icon Sun Apr 12 10:21:31 +0000 2020


Some real problems in #ContactTracing: “The performance art people will tie a phone to a dog and let it run around the park; the Russians will use the app to run service-denial attacks and spread panic; & little Johnny will self-report symptoms to get the whole school sent home.” https://twitter.com/rossjanderson/status/1249286931911004161

x-icon Sun Apr 12 18:45:03 +0000 2020


👍“It is entirely possible to ensure that the ideals of Trustless Identity be implemented using the pragmatism of LESS Identity by combining thoughtful, careful design and architecture with technologies that are open, standards based and community driven.”—Anil John @aniltj #SSI https://twitter.com/aniltj/status/1249324837853696001

x-icon Sun Apr 12 18:51:31 +0000 2020


These are some key questions that I too have about the Apple/Google #ContactTracing proposal: https://twitter.com/benadida/status/1249067499628269568

x-icon Mon Apr 13 05:21:14 +0000 2020


“any decentralised scheme can be turned into a centralised scheme… By pushing a button on one phone, by reporting it as infected, all other phones that were recently in close proximity reveal themselves to the central server”—@xotoxot https://blog.xot.nl/2020/04/11/stop-the-apple-and-google-contact-tracing-platform-or-be-ready-to-ditch-your-smartphone/

x-icon Mon Apr 13 07:01:08 +0000 2020


Like many, John Conway’s “Game of Life” was one of my first programs. My obsession did lead me to some game credits with Will Wright @stupidfunwill which ultimately led me to my first investor in Consensus Development. So I owe my career to Conway. 😢 https://dailyvoice.com/new-jersey/mercer/obituaries/covid-19-kills-renowned-princeton-mathematician-game-of-life-inventor-john-conway-in-3-days/786461/

x-icon Mon Apr 13 07:32:56 +0000 2020


RT @PrivacyMatters: Product lead for Singapore’s TraceTogether app.

“If you ask me whether any Bluetooth contact tracing system deployed o…

x-icon Mon Apr 13 08:46:14 +0000 2020


China: “Co-ordination between different areas of the public sector…marred by bureaucratic rivalries…customers whose lives now revolve around a series of apps on their smartphones, many private sector companies are reluctant to be seen handing over data” https://www.ft.com/content/760142e6-740e-11ea-95fe-fcd274e920ca

x-icon Mon Apr 13 21:09:02 +0000 2020


…”Pandemic-tracking apps are now proliferating as local governments have started trying to gain access to phone GPS location data through the apps, which are more accurate than carrier location data.”…

x-icon Mon Apr 13 21:09:57 +0000 2020


…”The test version of the national government’s online services platform links to at least 12 provincial- or major city-level governments’ own health code apps, as well as providing a national-level app.”…

x-icon Mon Apr 13 21:10:18 +0000 2020


…”As is often the case when multiple bureaucracies collide, the health apps have overlapping coverage. On arriving back in Beijing from a trip out of the city, one FT reporter was told”…

x-icon Mon Apr 13 21:11:17 +0000 2020


…“by their district authority to ignore the Beijing municipal government’s app and register on another health app used by the district. “One person, six codes”, ran the headline of a local media feature lamenting the multiplication of district- and municipal-level apps.”

x-icon Mon Apr 13 21:11:38 +0000 2020


RT @MeeplesTogether: We referenced John Conway’s Game of Life in Meeples Together because its cellular automata model was a clear precursor…

x-icon Mon Apr 13 23:45:10 +0000 2020


New collaborative white paper from #RebootingWebOfTrust on the topic “Five Mental Models of Identity”. Team led by @JoeAndrieu w/ Nathan George, @IDIMAndrew, @cmacintosh & Antoine Rondelet https://github.com/WebOfTrustInfo/rwot7-toronto/blob/master/final-documents/mental-models.md

x-icon Tue Apr 14 06:45:14 +0000 2020


…”consider multiple mental models for better communication and better identity systems. Whatever your own goals, we believe you are more likely to achieve them if you can communicate clearly in terms others understand and can incorporate the needs of others into your own work.”

x-icon Tue Apr 14 06:46:40 +0000 2020


…”The question we are seeking to answer in this paper is the following: ‘When we are evaluating the evidence, what are we trying to determine?’. Each mental model approaches this differently.”

x-icon Tue Apr 14 06:47:48 +0000 2020


…”The space-time mental model sees identity as resolving the question of the physical continuity of an entity through space and time.

Does the physical body under evaluation have a continuous link through space and time to a known entity?”

x-icon Tue Apr 14 06:48:26 +0000 2020


…”The presentation mental model sees identity as how we present ourselves to society. This is the mental model behind Vendor Relationship Management [16], user-centric identity, and self-sovereign identity.

Is this how the subject chooses to be known?”

x-icon Tue Apr 14 06:48:54 +0000 2020


…”The attribute mental model sees identity as the set of attributes related to an entity as recorded in a specific system. Enshrined in ISO/IEC 24760-1…standard for identity management, this mental model is the primary focus for many engineers.

Who is this data about?”

x-icon Tue Apr 14 06:49:47 +0000 2020


…”The relationship model sees identity emerging through interactions and relationships with others. Our identity is not about what we are in isolation from others, but is rather defined by the relationships we have…Ubuntu…’I am because we are’.

How is this person related?”

x-icon Tue Apr 14 06:51:54 +0000 2020


…”The capability mental model pragmatically defines identity in terms of an individual’s actual capability to perform some task, including their physical ability now, in the past, or in the future…the inevitable approach for…an emergency.

What can the subject actually do?”

x-icon Tue Apr 14 06:53:33 +0000 2020


…”When two people discuss identity with different mental models, the conversation inevitably focuses on the intersection between those models, sometimes without either party realizing they are coming from different perspectives.”

x-icon Tue Apr 14 06:54:17 +0000 2020


The paper adds commentary on the intersections between these models, and the misunderstandings that each pair of different identity models might introduce to a collaboration.

x-icon Tue Apr 14 06:56:51 +0000 2020


A very interesting and thoughtful paper that is very worth while to dive deeply into to help you and your team broaden your shared language and models about digital identity. 👍

x-icon Tue Apr 14 06:58:42 +0000 2020


RT @hackylawyER: Spoke with @digitalprivacy re @Apple @Google’s #COVID19 app. TLDR: Ticks all the boxes at the app-level in terms of good #…

x-icon Tue Apr 14 22:06:27 +0000 2020


“As authoritarianism spreads, as emergency laws proliferate, as we sacrifice our rights, we also sacrifice our capability to arrest the slide into a less liberal and less free world. Do you truly believe…that these capabilities will not be kept?” https://www.vice.com/en_us/article/bvge5q/snowden-warns-governments-are-using-coronavirus-to-build-the-architecture-of-oppression

x-icon Wed Apr 15 03:59:45 +0000 2020


“CAP’s proposed air travel rules are instructive: ‘Airline passengers must download the Contact Tracing app, confirm no close proximity to a positive case, and pass a fever check or show documentation of immunity from a serological test.’” https://twitter.com/voxdotcom/status/1250151886256209920

x-icon Wed Apr 15 17:19:22 +0000 2020


“foresee a digital pandemic surveillance state in which virtually every American downloads an app to their phone that geotracks their movements, so if they come into contact with anyone who later is found to have Covid-19, they can be alerted and…quarantine can begin.” https://twitter.com/ezraklein/status/1248587310804930560

x-icon Wed Apr 15 17:27:08 +0000 2020


…”Similarly, people would scan QR codes when boarding mass transit or entering other high-risk public areas. And GPS tracking could be used to enforce quarantine on those who test positive with the disease, as is being done in Taiwan.”

x-icon Wed Apr 15 17:27:45 +0000 2020


@CoboVault We at @BlockchainComns would be interested in talking with you about open standards for Bitcoin-related airgap QR-code standards for keys, social recovery, identifiers, etc. for use with @FullyNoded 2 mobile wallet, #LetheKit, etc. Other companies are also involved.

x-icon Wed Apr 15 20:03:52 +0000 2020


Replying to @amirrajan, @VinayTaylor, @doublespeakgame and @continuities

“A Dark Room” is interesting as a text game, as it has a “real time” element to it that I’ve not seen before. @aaronareed (who is working on a book on history of text games), have you seen anything quite like this before? @continuities: have you used this idea elswhere?

x-icon Wed Apr 15 20:33:30 +0000 2020


Replying to @CryptoLixin, @ElectrumWallet and @wasabiwallet

We also have been working on QR formats, not only for PSBT & bitcoin wallet descriptors, but also for master entropy seeds (binary BIP39) with metadata (birthday, etc), two-level Shamir (binary SLIP39 plus encrypted metadata and public metadata), and more. cc/ @StepanSnigirev

x-icon Thu Apr 16 03:39:57 +0000 2020


Do anyone happen to know at what bit sizes the bech32 standard becomes less optimal? I know that @pwuille optimized for 40 bytes (320 bits) as that is what a segwit transaction is, so it is great for 32 byte keys & schnorr sigs. I think it is ok at 64 bytes for xpubs…

x-icon Thu Apr 16 04:28:28 +0000 2020


…but I vaguely recall you loose its BCH error correcting capabilities as you move to 80 bytes and more. But I’m not sure at what thresholds you lose them. I’d love to see a bech64 or bech128, even if not as optimum as @pwuille could do them.

x-icon Thu Apr 16 04:30:46 +0000 2020


Replying to @pwuille

Thank you! Am I correct that your optimization automated testing focused on 40 bytes (320 bit) scenario? Any advice if I was to try my hand at bech64?

x-icon Thu Apr 16 05:05:26 +0000 2020


Replying to @pwuille

Thanks. My initial focus is a good balance of error correction and detection at 128 bytes. In some ways error correction is now more important as this is a worst case scenario of over voice. Do you have a rough guess for how many amazon hours or $ were used in your ezbase32 sim?

x-icon Thu Apr 16 05:34:56 +0000 2020


Replying to @meshcollider and @pwuille

xpubs, wallet descriptors, etc. SMS & Voice are also cases.

x-icon Thu Apr 16 05:55:52 +0000 2020


Replying to @meshcollider and @pwuille

Other scenarios are an encrypted signed key or xpub, or a slip39 shard with sharded metadata (say lightning info).

x-icon Thu Apr 16 06:01:08 +0000 2020


Replying to @meshcollider and @pwuille

I’d like to be able to encode this base64 2 of 3 descriptor: wsh(multi(2,03a0434d9e47f3c86235477c7b1ae6ae5d3442d49b1943c2b752a68e2a47e247c7,03774ae7f858a9411e5ef4246b70c65aac5649980be5c17891bbec17895da008cb,03d01115d548e7561b15c38f004d734633687cf4419620095bc5b0f47070afe85a))

x-icon Thu Apr 16 06:03:45 +0000 2020


Replying to @meshcollider and @pwuille

So the queston that @pwuille asked is “how many errors you want to correct”. <3% errors is considered acceptable in typing but gross errors is >6%, so 4-8 for that scenario.

x-icon Thu Apr 16 06:16:56 +0000 2020


Replying to @meshcollider and @pwuille

I wish I knew what the historical expected error rate was for ham radio operators doing voice or morse code. 10%? If true that would be 13 errors. That is my worst case % — say for terrible censorship resistance scenario.

x-icon Thu Apr 16 06:18:31 +0000 2020


Replying to @meshcollider and @pwuille

I do believe anything beyond this point SMS size (140 characters) is infeasible for these type of communications. The reality is that I’m most interested are ECDH (with its embede pubkey) at ~75 bytes, the new Schorr signatures + pubkey at ~64 bytes, xpubs & xprv unencrypted.

x-icon Thu Apr 16 06:28:02 +0000 2020


Replying to @_drgo, @meshcollider, @pwuille and @nvk

I’ve also heard concern about transmitting xpubs in the clear, so that could be the 64 bytes of the xpub plus signature, which is ~128 bytes, thus the upper end of my size range.

x-icon Thu Apr 16 06:29:46 +0000 2020


I do believe that this is a great start for a proscriptive list for the EU to avoid some of the risks to human rights privacy of #ContactTracing. But I believe there should be more. For instance, will compliance by authorities to these standards be auditable? There is much more. https://twitter.com/SophieintVeld/status/1250437299491360768

x-icon Thu Apr 16 07:29:25 +0000 2020


A worrisome precedent towards #ImmunityCredentials #ImmunityPassport. Remember—we don’t even know the efficacy of these test are yet. “Dubai-based airline Emirates has begun carrying out Covid-19 blood tests on passengers at the airport prior to flights.” https://www.cnn.com/travel/article/emirates-passengers-blood-test-covid-19/index.html

x-icon Thu Apr 16 15:36:25 +0000 2020


RT @AriDavidPaul: Everyone complaining about US not giving you a covid19 test? Skip the hospital, don’t bother calling your state’s health…

x-icon Thu Apr 16 15:40:01 +0000 2020


Ten years later, still true, if not more so! https://twitter.com/ChristopherA/status/12301926688

x-icon Fri Apr 17 02:30:37 +0000 2020


A #SmartCustody scenario to restore a root master seed (in BIP39 or SLIP39 shards) from a titanium blank into the @BlockchainComns #LetheKit, which is then used to create a new child master seed on a hardware wallet to take home or sign a multisig PSBT. https://github.com/bitcoin/bips/pull/910#issuecomment-615045135

x-icon Fri Apr 17 05:16:46 +0000 2020


RT @FullyNoded: 🚨 Teaser alert 🚨

New halving countdown, mainnet capability, along with many improvements/fixes coming soon!!!! 👀

Greatl…

x-icon Fri Apr 17 08:03:36 +0000 2020


Replying to @henkvancann and @peterktodd

We don’t, and I don’t think they want us to know.

x-icon Sat Apr 18 04:18:37 +0000 2020


🤔“It is not hard to imagine nefarious use cases as well. A foreign operative who wished to sow chaos, an unscrupulous political operative who wished to dampen political participation, or a desperate business owner who sought to shut down the competition, all could…” https://twitter.com/rcalo/status/1248672673892159489

x-icon Sat Apr 18 05:47:17 +0000 2020


…”use self-reported instances of COVID-19 in an anonymous fashion to achieve their goals. The process of threat modeling apps that purport to trace the prevalence of coronavirus is limited or nonexistent.”

x-icon Sat Apr 18 05:47:45 +0000 2020


RT @IEthics: “This is not the time for #technology optimism or pessimism. It’s the time for technology realism, with the full understanding…

x-icon Sat Apr 18 06:07:51 +0000 2020


RT @rcalo: The demographics of COVID-19 apps are going to be messy. Adopters are likely to skew young, and hence disproportionately asympto…

x-icon Sat Apr 18 06:08:13 +0000 2020


“Although Google and Apple might win the public over by emphasizing that their contact tracing approach is voluntary, nothing guarantees this arrangement. In time, it might become not really voluntary. In order to secure the benefits…will be tempted to mandate the technology. “ https://twitter.com/GlobeOpinion/status/1251243925232398339

x-icon Sat Apr 18 06:15:08 +0000 2020


So far my research shows doubts on efficacy. “By emphasising efficacy as a first-order concern for determining whether to run a new surveillance programme or use new surveillance features during the crisis, we’re making the case that evidence-based considerations are fundamental” https://t.co/h4xSrHIZv2

x-icon Sat Apr 18 06:30:58 +0000 2020


A very good, country by county, look at #COVID19 proposals for #ContactTracing, #ImmunityCredentials & other #surveillance https://twitter.com/davegershgorn/status/1250515010301972480

x-icon Sat Apr 18 06:42:43 +0000 2020


“The EU has called on Apple to remove from the App Store contact tracing apps that don’t have appropriate privacy safeguards. Google should do the same with the Play Store…stating that fighting the coronavirus must not mean sacrificing rights of citizens. https://9to5mac.com/2020/04/16/contact-tracing-apps/

x-icon Sat Apr 18 06:47:26 +0000 2020


RT @Fonta1n3: This is why @FullyNoded always decodes, parses and displays each signed transaction’s input and output before asking you to b…

x-icon Sat Apr 18 17:03:40 +0000 2020


I’ve updated my #GPG key FDFE14A54ECB30FC5D2274EFF8D36C91357405ED’s expiration date to not expire for another year (2021, April 15), as I still don’t have good best practices for #PGP key rotation. This is the key I use to sign all my @GitHub commits. https://github.com/christophera.gpg

x-icon Sat Apr 18 23:28:30 +0000 2020


An observation today that is frustrating is that @KeybaseIO doesn’t seem to respect key expiration dates, nor does it seem to have any way to revoke keys. When I tried to import my updated key it rejected the update as it already had imported the key material & didn’t need it.

x-icon Sat Apr 18 23:31:10 +0000 2020


RT @ChristopherA: An observation today that is frustrating is that @KeybaseIO doesn’t seem to respect key expiration dates, nor does it see…

x-icon Sat Apr 18 23:31:18 +0000 2020


Vital infrastructure! “With most donors (users, the US government & the private sector) being focused on surviving the COVID-19 economic crisis themselves, the Tor team appears to be having issues raising funds to support itself through the pandemic.” https://www.zdnet.com/article/tor-project-lays-off-a-third-of-its-staff/

x-icon Sun Apr 19 07:27:14 +0000 2020


“There are very few protections out there for software developers to make sure that packages they install from these repositories are malware free…There is a huge gap in the market at the moment which is being exploited by malware authors.” https://arstechnica.com/information-technology/2020/04/725-bitcoin-stealing-apps-snuck-into-ruby-repository/

x-icon Sun Apr 19 07:46:37 +0000 2020


My organization @BlockchainComns not only supports @torproject financially, but also with infrastructure. For instance, we established a Tor exit node at @nycmesh & we are working on adding at least 2 more in other parts of the world. If your company relies on Tor, do the same!

x-icon Sun Apr 19 17:52:46 +0000 2020


Replying to @exiledsurfer

https://twitter.com/christophera/status/1251931761929359360?s=21 https://twitter.com/ChristopherA/status/1251931761929359360

x-icon Sun Apr 19 17:53:03 +0000 2020


RT @ChristopherA: My organization @BlockchainComns not only supports @torproject financially, but also with infrastructure. For instance, w…

x-icon Sun Apr 19 17:53:15 +0000 2020


I appreciate in this #ContactTracing architecture paper that the @PeppPt team is sharing their threat modeling & adversarial analysis. I wish everyone was doing that BEFORE starting desiging the code. And we should share these broadly as I’m sure we are all missing some threats. https://twitter.com/carmelatroncoso/status/1251931084843110401

x-icon Sun Apr 19 18:04:33 +0000 2020


I care about the #ContactTracing side of the problem, but I’m focused this week on threat modeling & adversarial analysis of #ImmunityCredentials, as I’m co-chair of W3C Credentials CG I have a bully pulpit to stand on to try to get people to think carefully first.

x-icon Sun Apr 19 18:13:03 +0000 2020


I’m collecting, organizing, annotating, and curating links on #ImmunityCredentials (aka #ImmunityBadges #ImmunityPassports) here https://github.com/ChristopherA/Lists-of-High-Signal-Low-Noise-Links/blob/master/ImmunityCredentials-VerifiableClaims-COVID19.md Still relatively loosely organized but useful. Threat modeling & adversarial analysis next.

x-icon Sun Apr 19 18:17:34 +0000 2020


RT @ChristopherA: I care about the #ContactTracing side of the problem, but I’m focused this week on threat modeling & adversarial analysis…

x-icon Sun Apr 19 18:17:42 +0000 2020


RT @ChristopherA: I’m collecting, organizing, annotating, and curating links on #ImmunityCredentials (aka #ImmunityBadges #ImmunityPassport…

x-icon Sun Apr 19 18:17:45 +0000 2020


Replying to @alececere and @lopp

We have #BitcoinStandup scripts for Linux & Linode & a Mac app to make it easy to install bitcoin full nodes with Tor v3 available now in our community repos. They work now but we need some volunteers to help make them better—better docs, windows app, ++ https://github.com/BlockchainCommons

x-icon Sun Apr 19 19:49:55 +0000 2020


I really don’t want 2019 to be “peak human”. https://twitter.com/ChristopherA/status/722530295790997505

x-icon Mon Apr 20 16:51:13 +0000 2020


Part of me just wants to drop what I’m doing & design a new collaborative game for #ZoomJam, a contest for best 500 word game that can be played on Zoom. Submissions end on April 24th. I suspect I have too many commitments but may try to squeeze it in! https://zoomjam.org/

x-icon Mon Apr 20 17:31:29 +0000 2020


RT @MeeplesTogether: If you’ve bought our book “Meeples Together: How and Why Cooperative Board Games Work” the authors challenge you to ap…

x-icon Mon Apr 20 18:40:59 +0000 2020


RT @degregat: We started to map out the high level building blocks from the different privacy preserving contact tracing proposals here: ht…

x-icon Mon Apr 20 21:51:28 +0000 2020


Replying to @degregat

I’m currently working on something similar for #ImmunityCredentials (aka #ImmunityPassports, #ImmunityBadges, #ImmunityCertificates).

In the meantime you might find these “high-signal low-noise” resources useful…

x-icon Mon Apr 20 21:53:45 +0000 2020


Replying to @degregat

Annotated list of opinionated, high-signal but low-noise links about #LocationPrivacy #ContactTracing #PublicHealthVsPrivacy #COVID19 https://github.com/ChristopherA/Lists-of-High-Signal-Low-Noise-Links/blob/master/LocationPrivacy-ContractTracing-PublicHealthVsPrivacy-COVID19.md

x-icon Mon Apr 20 21:55:20 +0000 2020


Replying to @degregat

Annotated list of opinionated, high-signal but low-noise links about #ImmunityCredentials #VerifiableClaims #COVID19 https://github.com/ChristopherA/Lists-of-High-Signal-Low-Noise-Links/blob/master/ImmunityCredentials-VerifiableClaims-COVID19.md

x-icon Mon Apr 20 21:56:22 +0000 2020


Replying to @degregat, @robvank, @jaromil and @SarahJamieLewis

I would really like to see @SarahJamieLewis contributions here. I’m pulling together a list of vulnerabilities, threats into a #ImmunityCredential risk model, but she knows more about risks to a number of important vulnerable populations than I do. We’ve also asked her to speak.

x-icon Tue Apr 21 00:53:40 +0000 2020


Agreed! There is also some past history here, such as this paper about New Orleans #ImmunityPrivilege in the era of Yellow Fever. https://academic.oup.com/ahr/article/124/2/425/5426380 https://twitter.com/degregat/status/1252362605412286465

x-icon Tue Apr 21 00:58:23 +0000 2020


…and this one from the AMA Journal of Ethics on history of stigma and disease https://academic.oup.com/ahr/article/124/2/425/5426380

x-icon Tue Apr 21 00:59:52 +0000 2020


Today I learned that there is no BIP or SLIP docs specifying how the m/48’ HD derivation works for bitcoin multisig. This was apparently agreed upon by @ElectrumWallet , @Ledger , @Trezor & Copay and now used by @COLDCARDwallet & others. But many important details missing!

x-icon Tue Apr 21 03:16:48 +0000 2020


I’ve already had a couple of people already report that they were unable in the past find any docs and that they’ve had to reverse engineer the details themselves. This is not best practices of open development!

x-icon Tue Apr 21 03:32:09 +0000 2020


Replying to @mflaxman and @Coinsurenz

To be clear, you only need 2 devices. The third cay be an offline key (say BIP39 on titanium or xprv). For @FullyNoded 2 the devices for multisig are your home computer (or VPS if you really want), your phone & then BIP39 offline. I can also be two phones, which many people have.

x-icon Tue Apr 21 03:39:42 +0000 2020


My best guess that the idea was that by using m/48’ for multisig paths, you’d never need to check a single signature bitcoin address for balance from those derived keys, and you’l never reuse a derived key that will be used for a single-signature wallet and also multisig wallet.

x-icon Tue Apr 21 04:48:23 +0000 2020


One of the challenges without m/48’ docs is that apparently legacy, nested segwit & native segwit all use the same m/48’ root, a different approach then separate roots for single signatures. It also isn’t clear to me how accounts work, and which portions of path are hardened.

x-icon Tue Apr 21 04:55:35 +0000 2020


I’ve started a HackMD markdown document with my notes for now, but with the goal of a BIP quality document to submit either a future BIP or SLIP document in the future. DM me if you want added for access, but I’ll make a GitHub repo for it soon.

x-icon Tue Apr 21 04:57:33 +0000 2020


Replying to @hodlwave

I agree with your problem statement, but I’m not sure about your answer, but that is fine. But an open development process should have allowed these type of ideas to be floated.

x-icon Tue Apr 21 04:59:22 +0000 2020


Replying to @hodlwave

For now I’ll be satisfied with documenting m/84’, but longer term there are some assumptions in our designs that one hardware wallet has exactly on hd master seed, but that isn’t necessarily true. @FullyNoded 2 can have several HD seeds & future airgapped like #LetheKit will to.

x-icon Tue Apr 21 05:00:42 +0000 2020


If there are devs / technical writers who would like to help document m/48’ multisig usage properly, contact me via DM - I’ve got a temporary HackMD collaborative document started, which I’ll move to @BlockchainComns repo when we have acceptable draft, for ultimate submit as BIP.

x-icon Tue Apr 21 19:53:41 +0000 2020


Though @drummondreed‘s wallet metaphor as described here by @RuffTimo has its weaknesses, it is the best I know of to introduce people to #SSI who come from the identity mental model of “Capability” https://github.com/WebOfTrustInfo/rwot7-toronto/blob/master/final-documents/mental-models.md#capability aka “What can the subject actually do?” cc/@JoeAndrieu https://twitter.com/DigitalTrustVC/status/1252392036881149954

x-icon Tue Apr 21 21:58:10 +0000 2020


We do need a good ethical models for the benefits vs risks in the area of public health commons vs human rights. Even consent has its limitations—their are forms of coercion to get consent that are subtle & unconscious; yet no consent is required if harm to public is too large. https://twitter.com/taoeffect/status/1252648508781244416

x-icon Tue Apr 21 22:04:33 +0000 2020


Best I’ve got for an ethical model is what I taught my “Using the Social Web for Social Change” when I taught in an MBA for Sustainable Systems. https://twitter.com/christophera/status/895765368228134914?s=21 https://twitter.com/ChristopherA/status/895765368228134914

x-icon Tue Apr 21 22:13:51 +0000 2020


My whole presentation on “Tactics of Persuasion & Influence” are at https://www.slideshare.net/ChristopherA/tactics-of-persuasion-influence-bgiedu A key point in my class is that though we may not use coercion or power in our influence designs, these tactics only make it less risky, but if we are not careful can still be unethical.

x-icon Tue Apr 21 22:18:54 +0000 2020


Replying to @FullyNoded, @B__T__C and @BlockchainComns

It would be helpful to know which specific model of iPhone this corrupted QR is coming from. I’ve only seen this before on an iPod Touch.

x-icon Wed Apr 22 04:44:35 +0000 2020


RT @VTeagueAus: 1/4: In the absence of any source code for the #covid19au tracing app, I decided to pull the TraceTogether code and start l…

x-icon Wed Apr 22 04:47:40 +0000 2020


Replying to @hackylawyER and @aniltj

“They cite from the same hymn sheet of SSI Principles by Christopher Allen. In the past we have cited these too, but in the future we question whether it is wise to do so.” I have reaching out to people to collaborate on update for 2020 but events have intervened. Collaborate?

x-icon Thu Apr 23 02:41:55 +0000 2020


Replying to @hackylawyER and @aniltj

The #SSI principals were always intended as a first draft. My #SSI article ended at “This article seeks to begin a dialogue on that topic, by offering up a definition and a set of principles as a starting point”

x-icon Thu Apr 23 02:44:13 +0000 2020


Replying to @hackylawyER and @aniltj

We tried to start a collaboration on GitHub to revise principal one about “control” but fell into a rat-trap you know of that some people wanted to base on property-law principals. https://github.com/WebOfTrustInfo/self-sovereign-identity/issues/8 We should not have started with #1. Pick another easier one as first?

x-icon Thu Apr 23 02:47:29 +0000 2020


Replying to @hackylawyER and @aniltj

Another hard one to revise is #2, “Existence” https://github.com/WebOfTrustInfo/self-sovereign-identity/issues

x-icon Thu Apr 23 02:48:46 +0000 2020


Replying to @hackylawyER and @aniltj

May be should start with #6 “Portability”? These principles are 6 years old next month. The 2015 set are at https://github.com/WebOfTrustInfo/self-sovereign-identity/blob/master/self-sovereign-identity-principles.md — help us update for 2020!

x-icon Thu Apr 23 02:52:15 +0000 2020


RT @ChristopherA: @hackylawyER @aniltj “They cite from the same hymn sheet of SSI Principles by Christopher Allen. In the past we have cite…

x-icon Thu Apr 23 02:55:55 +0000 2020


RT @ChristopherA: @hackylawyER @aniltj The #SSI principals were always intended as a first draft. My #SSI article ended at “This article s…

x-icon Thu Apr 23 02:55:58 +0000 2020


RT @ChristopherA: @hackylawyER @aniltj We tried to start a collaboration on GitHub to revise principal one about “control” but fell into a…

x-icon Thu Apr 23 02:56:03 +0000 2020


RT @ChristopherA: @hackylawyER @aniltj Another hard one to revise is #2, “Existence” https://github.com/WebOfTrustInfo/self-sovereign-identity/issues

x-icon Thu Apr 23 02:56:08 +0000 2020


RT @ChristopherA: @hackylawyER @aniltj May be should start with #6 “Portability”? These principles are 6 years old next month. The 2015 set…

x-icon Thu Apr 23 02:56:12 +0000 2020


Replying to @hackylawyER and @aniltj

I’ve started an issue on revising #SSI principle #6 on “Portability. Information and services about identity must be transportable.” with some initial comments from other people. Please add yours, plus any easy wins like getting rid of word “user”. https://github.com/WebOfTrustInfo/self-sovereign-identity/issues/13

x-icon Thu Apr 23 03:13:58 +0000 2020


Replying to @hackylawyER, @aniltj and @hackylawyER

@Emily_Fry_ @JoeAndrieu @kimdhamilton @trbouma @rufftimo @LeahHoustonMD @IdentityWoman @MalJayaram @alex_giann

x-icon Thu Apr 23 03:21:43 +0000 2020


I like this viral #COVID19 Venn diagram meme that is going around, but I support this modified version more.

Any meme-artists up to turning it into a more appealing version?

(I believe the latter is from @marcolam053)

x-icon Thu Apr 23 04:12:49 +0000 2020


Hmm, it may be attributable to different Marco Lam – not sure! https://www.facebook.com/marco.lam.12

x-icon Thu Apr 23 04:15:20 +0000 2020


RT @trbouma: “We cannot solve a pandemic by coding the perfect app. Hard societal problems are not solved by magical technology, among othe…

x-icon Thu Apr 23 16:28:46 +0000 2020


RT @kimdhamilton: Join the @w3c_ccg Verifiable Credentials for EDU task force this Monday for an exciting topic! Mike Lodder will discuss c…

x-icon Thu Apr 23 23:23:22 +0000 2020


RT @TheOperaGeek: The Player’s Handbook states “An improvised weapon includes any object you can wield in one or two hands, such as broken…

x-icon Thu Apr 23 23:30:12 +0000 2020


I’m pleased that the Netherlands government had their attorney general take a serious look at these proposals: “attorney general Reimer Veldhuis was asked to assess the final seven contenders for compliance with privacy laws—and found all seven lacking.”
https://www.irishtimes.com/news/world/europe/netherlands-abandons-initial-plan-to-develop-covid-19-tracing-app-1.4236355

x-icon Thu Apr 23 23:37:12 +0000 2020


“can envision a scenario in which the government proposes “a Patriot Act for pandemic monitoring and control”—a reference to the law enacted after 9/11 that gave the government more powers to fight terrorism while also laying the groundwork for sprawling new surveillance.” https://twitter.com/EFF/status/1253359112504500228

x-icon Fri Apr 24 00:01:25 +0000 2020


Replying to @aniltj

Anil, we should still use dueling blogs posts, tweets, etc. However, I haven’t found these forms of deliberation lead to consensus. Instead, we should use the tools we use to create consensus for standards. A GitHub issue is just a mailing list, you don’t need to be a dev to use.

x-icon Fri Apr 24 00:54:01 +0000 2020


Replying to @aniltj

These consensus building tools are getting easier for non-devs to use. GitHub has released some new apps that are much more accessible. In fact, there is a whole generation of young lawyers that are looking at git as a replacement for Word-based tracking changes.

x-icon Fri Apr 24 01:06:29 +0000 2020


Replying to @aniltj

Any other deliberation system to built consent would require at least some of the parties to learn new best practices. As the final result is guidance to technologists to think broader & to do the right thing, GitHub feels a good & well understood place for building consensus.

x-icon Fri Apr 24 01:14:06 +0000 2020


One of the best things I’ve read this week on the topic of #COVID19 #ContactTracing is this article by @harper that argues that we should call it “Exposure Alerting” and that many of our design problems come from naming it incorrectly. https://harper.blog/2020/04/22/digital-contact-tracing-and-alerting-vs-exposure-alerting/

x-icon Fri Apr 24 01:37:59 +0000 2020


Replying to @darrello, @aniltj and @drummondreed

Have you tried the the new GitHub app? Combined with the web interface it can help a lot. The Atom editor & Typora app on the Mac helps. Many have found they work nicely without going to command-line at all.

Our community needs to write up a tutorial and FAQ here for non-devs.

x-icon Fri Apr 24 01:44:17 +0000 2020


What we really need for our @FullyNoded 2 users is a BTC/USD price feed behind a reliable Tor onion address. This is one of our critical path items for our mainnet beta. https://twitter.com/teo_leibowitz/status/1253339608667979784

x-icon Fri Apr 24 02:23:06 +0000 2020


Replying to @lightcoin

FullyNoded2 does all communication to the net exclusively through Tor so that your cafe, company, isp or country does not know you are a Bitcoin holder. We could do all payments purely in bitcoin easily, but our users also want the current $ equivalent price for payments.

x-icon Fri Apr 24 04:58:08 +0000 2020


Very true. When I taught online in green MBA at least 4-5 hours of planning went into the design of each 1-1/2 hour class. My TA later said that I designed classes like I designed a game, with the goal of creating an experience. Please no more ‘sage on a stage’—we can do better! https://twitter.com/NicoleLazzaro/status/1253552362511163392

x-icon Fri Apr 24 05:52:11 +0000 2020


RT @MeeplesTogether: We always considered Matt Leacock’s Pandemic to be an educational game that warned about the future of pandemics if…

x-icon Fri Apr 24 16:13:32 +0000 2020


Replying to @darrello, @twshelton, @aniltj and @drummondreed

Both are much easier now with these new tools, including when there are merge conflicts. Do remember that track changes merging in Word isn’t very easy either.

x-icon Fri Apr 24 16:16:05 +0000 2020


Replying to @trbouma and @aniltj

Do you have a suggestion for another deliberation and consensus building platform?

x-icon Fri Apr 24 16:17:43 +0000 2020


An excellent deep dive into #SSI (Self-Sovereign Identity) legal integration with #eIDAS (#EUs Electronic Identification, Authentication and Trust Services) written by @NachoAlamillo & published by the EU Commission, makes 38 recommendations for changes: https://joinup.ec.europa.eu/collection/ssi-eidas-bridge/document/ssi-eidas-legal-report

x-icon Fri Apr 24 16:35:23 +0000 2020


Replying to @trbouma and @aniltj

I will say that as much as I appreciate and value those mediums as back channels, that without being paired with a deliberation system to build consensus that they can be divisive. I could argue many of our problems of today are due to lack of development in deliberation systems.

x-icon Fri Apr 24 16:42:02 +0000 2020


Replying to @trbouma and @aniltj

Part of the reason I have been studying consensus and collaboration building in works like my book @MeeplesTogether and upcoming works is to help catch up deliberation systems to the vast increase in amplification of informal voice systems like social media. We need both.

x-icon Fri Apr 24 16:45:44 +0000 2020


We’ve been investigating in the larger wallet community (both cryptocurrency wallets but also self-sovereign identity #SSI wallets) the use of some form of bech32 for encoding cryptographic values (seeds, hd keys, shards, public keys, signatures, etc) See: https://lists.w3.org/Archives/Public/public-credentials/2020Apr/0240.html

x-icon Fri Apr 24 20:40:12 +0000 2020


RT @hackylawyER: “Wearing a bracelet or waving a piece of paper to show your immune status might sound like the plot of a dystopian novel,…

x-icon Fri Apr 24 21:02:15 +0000 2020


RT @lnbits: We’re very pleased to release #LNbits v0.1!
The free and open-source bitcoin #lightningnetwork wallet/accounts system
-#LND +…

x-icon Fri Apr 24 22:00:29 +0000 2020


A question to the http://itch.io community: @aaronareed & I have been collaborating together on a card-based gmless storygame inspired by #GateWatch & #BelongingOutsideBelonging. What are best examples of using the devlog & comments features to create a following? Risks?

x-icon Sat Apr 25 01:00:19 +0000 2020


We are making great progress in being able to sign Bitcoin multisig across multiple wallets. An important design decision is coming up for airgap QR support on how we encode transactions larger than that which fits in a QR. There are a variety of approaches including animated. https://twitter.com/FullyNoded/status/1253974101267410948

x-icon Sat Apr 25 16:38:08 +0000 2020


RT @bitgeiniog: @ChristopherA @marcolam053

x-icon Sat Apr 25 16:38:34 +0000 2020


“Solarpunk encourages us to accept the reality of the present and move forward by focusing on solutions to the problems at hand.” In many ways I believe this subgenre is more difficult to write (or play) than dystopian & post-apocalyptic stories, yet often more powerful & moving. https://twitter.com/_rileyio/status/1250793015104483329

x-icon Sat Apr 25 17:10:55 +0000 2020


Parts of this piece disturb me but I also appreciate the out-of-the box thinking here, including if liability insurance should play an role in #ImmunityCredentials. But we need to be careful as liability law & courts are slow & expensive, and lives as wergild are often unjust. https://twitter.com/robinhanson/status/1253854174049157121

x-icon Sat Apr 25 17:33:39 +0000 2020


The editors of @TheEconomist have clearly not learned the #Foremembrance story of how 75% of Dutch Jews lost their lives in the Holocaust nor connect it to the rise of the right today. This is why Northern Europe has a privacy “religion”. After 75 years is becoming forgotten. 😢 https://twitter.com/TheEconomist/status/1254107950211371008

x-icon Sat Apr 25 18:33:59 +0000 2020


If @TheEconomist editors are listening, this my #foremembrance video that describes how efficient collection of Dutch data for good purposes during the Depression was used by Nazi’s in WWII to kill the largest percentage of Jews of any nation. https://youtu.be/isanNSDoSnE

x-icon Sat Apr 25 18:39:01 +0000 2020


👆Hoping for some ideas from http://itch.io storygame community. Also puzzled on how to setup community copies of #GateWatch @roswellwrites @lackingceremony @SeaExcursion @SeanNittner @koboldtime @passerines @NightlingBug @jdragsky @cartweel @MothLands @Q_Game_Design

x-icon Sat Apr 25 19:26:06 +0000 2020


Replying to @DeePennyway and @mrfb

Thanks, very helpful. That feature was not obvious and there was no help available on the itch website on how to offer this.

x-icon Sat Apr 25 19:48:34 +0000 2020


Thanks for the help on setting up Community Copies, I’ve added 10 copies my #GateWatch collaborative storygame: https://dyvershands.itch.io/gate-watch

x-icon Sat Apr 25 19:51:06 +0000 2020


Any great examples of use of devlogs over time in a gmless collaborative storygame? Most I follow on itch don’t seem to use them.

x-icon Sat Apr 25 19:56:20 +0000 2020


Wow, another QR standards esoterica I’ve never heard of before:

ECC 200 Structured Append, for max 16 QR codes. http://www.keepautomation.com/tips/data_matrix/ecc_200_data_matrix_features.html

I wonder if this is already supported in any of the native QR code readers like iOS and Android offer? Has anyone leveraged these before?

x-icon Sat Apr 25 20:18:16 +0000 2020


RT @ChristopherA: Wow, another QR standards esoterica I’ve never heard of before:

ECC 200 Structured Append, for max 16 QR codes. https:/…

x-icon Sat Apr 25 20:18:28 +0000 2020


Replying to @wmclaxton

So far into my deep dive this week into #ImmunityCredentials (links: https://github.com/ChristopherA/Lists-of-High-Signal-Low-Noise-Links/blob/master/ImmunityCredentials-VerifiableClaims-COVID19.md risk model: in progress), I see no good solutions, especially given questions on the efficacy of the immunity testing in general. But clearly Govs are going to do it anyhow. Least evil?

x-icon Sun Apr 26 03:28:41 +0000 2020


Replying to @bobhilt and @wmclaxton

Partly. My bigger concern is that the perceived benefits of #ImmunityCredentials may backfire. People may spread if incorrect, cause people to seek becoming infected, or take advantage of multiple tests to get a false-positive, or immuno-privilege becoming a new norm.

x-icon Sun Apr 26 05:38:55 +0000 2020


👍👏 Government of Canada says: ”Privacy protection isn’t just a set of technical rules and regulations, but rather represents a continuing imperative to preserve fundamental human rights and democratic values, even in exceptional circumstances.“… https://twitter.com/trbouma/status/1254252178107236358

x-icon Sun Apr 26 08:59:02 +0000 2020


…”Government institutions should still apply the principles of necessity and proportionality, whether in applying existing measures or in deciding on new actions to address the current crisis.” A good example for other governments to follow!

x-icon Sun Apr 26 09:00:11 +0000 2020


RT @FullyNoded: New guide to using collaborative multisig and psbt’s with @ElectrumWallet!

https://github.com/Fonta1n3/FullyNoded-2/blob/0.1.1/Docs/Electrum-guide.md

Latest testflight v0.…

x-icon Sun Apr 26 09:05:13 +0000 2020


F2F tech events at risk: “These parties, funerals, religious meet-ups and business networking sessions all seem to have involved the same type of behaviour: extended, close-range, face-to-face conversation—typically in crowded, socially animated spaces.” https://quillette.com/2020/04/23/covid-19-superspreader-events-in-28-countries-critical-patterns-and-lessons/

x-icon Sun Apr 26 18:20:34 +0000 2020


RT @hackylawyER: The pandemic is driving home the vast & dangerous divide between technologists who view “privacy” as a technical exercise…

x-icon Sun Apr 26 18:34:45 +0000 2020


RT @ChristopherA: @bobhilt @wmclaxton Partly. My bigger concern is that the perceived benefits of #ImmunityCredentials may backfire. People…

x-icon Sun Apr 26 18:35:02 +0000 2020


RT @PeterHebly: @hackylawyER @ChristopherA @marleenstikker Obviously, ‘technologists’ create the actual reality of privacy in people’s live…

x-icon Sun Apr 26 22:55:45 +0000 2020


As we build cross-wallet standards for multisig Bitcoin & with our desire to make these available to less technical people, one of the challenges of multisig is that it is not sufficient to store BIP39 of each key (say on titanium as we recommend in the free #SmartCustody book)…

x-icon Sun Apr 26 23:27:34 +0000 2020


…You must also store the public key descriptors for all the other keys along with the master seed. It isn’t that hard to put 12-24 words in steel or titanium (hour or so) but xpub descriptors are quite large (equivalent to 24 words each). …

x-icon Sun Apr 26 23:29:41 +0000 2020


…There are some ideas about printing just the public key descriptors as a QR codes to accompany each master seed being stored (presuming all might not be burned in same fire), or some other airgap recovery approaches using QR-Vault apps and devices…

x-icon Sun Apr 26 23:32:47 +0000 2020


…I’ve found it hard to get people to spend the <1 hour to put 12-24 words on titanium, much less something bigger. I fear bitrot with solely using hardware keys. So far no brilliant solutions. If you have ideas, reply to issue https://github.com/BlockchainCommons/AirgappedSigning/issues/3

x-icon Sun Apr 26 23:35:15 +0000 2020


Replying to @mschoening

Have the GitHub mobile app take over all http://github.com URLs by default.

(It is a really bad idea but you are already doing it. I had to delete my GitHub mobile app because of it, despite otherwise appreciating. This behavior broke too many of my workflows)

x-icon Mon Apr 27 00:25:11 +0000 2020


Sabriel, by Garth Nix, is easily is in my top 10 YA fantasy books of all time, and likely in my top 20 fantasy books. Though there are sequels it stands alone well. At .99 for the eBook it is a steal. https://twitter.com/sfsignal/status/1254229000555298817

x-icon Mon Apr 27 00:30:08 +0000 2020


One of the wonderful things about the architecture of our @FullyNoded 2 iOS Bitcoin wallet is the tight integration with bitcoin-core. This means that we can take swift advantage when major new features are released (and start testing when they are merged): https://twitter.com/jonatack/status/1254567794823303169

x-icon Mon Apr 27 01:30:06 +0000 2020


RT @FullyNoded: Another day another guide!

This time it shows you how to use Specter with FN2. Replicating a FN2 2of3 in Specter, creating…

x-icon Mon Apr 27 16:28:24 +0000 2020


Replying to @aaronareed

All of our Skotos games are web-based, what we call “text dominant”. It has been a challenge to keep up with we tech—new client out now. Though this review is negative about the particular game play there, it is positive and describes well the interface. https://www.rpg.net/reviews/archive/classic/rev_6274.phtml

x-icon Tue Apr 28 17:30:56 +0000 2020


Replying to @aaronareed

Castle Marrach has a peculiar rule that might interest you. There is a function that can optionally pop up a window when you “examine <object>”. But game limits you to only representational objects like paintings, drawings, sculptures. Not items in game. Mostly player content.

x-icon Tue Apr 28 17:35:33 +0000 2020


RT @ChristopherA: “Standard efforts don’t run out of money or time, they just run out of patience.” — @Justin__Richer

x-icon Tue Apr 28 17:36:57 +0000 2020


This air-gapped wallet definitely looks interesting. I’m interested in in their bitcoin-only mode & a “cypherpunk edition” where we can put our own root key & code on them. This team has recently joined discussions PSBT QR codes with @BlockchainComns so I anticipate good things! https://twitter.com/BitcoinLixin/status/1255149801508704259

x-icon Tue Apr 28 18:05:52 +0000 2020


Replying to @iamzatoshi, @CryptoLixin and @matt_odell

Ellipal works, but no open source, and has not been responsive to questions. @BlockchainComns did a dive into its air-gapped protocol, and found very little we wanted to emulate in our standards. https://docs.google.com/presentation/d/1IJGL1QjMjGL1o1JHgTA4BPQYtBPhkZqHNSb_lLQDSaQ/edit

x-icon Tue Apr 28 18:12:57 +0000 2020


Not the parties I want to see as guardians of our human rights. 👎 “at least eight surveillance and cyber-intelligence companies attempting to sell repurposed spy and law enforcement tools to track the virus and enforce quarantines“ https://www.reuters.com/article/us-health-coronavirus-spy-specialreport-idUSKCN22A2G1

x-icon Tue Apr 28 22:35:02 +0000 2020


RT @La__Cuen: Many crypto companies made considerable profits in March. So I hope to write more stories like this. Funding open source deve…

x-icon Tue Apr 28 22:49:23 +0000 2020


Replying to @BitMEXResearch and @BitMEXResearch

I’m not sure how you classify @BlockchainComns — we have not contributed directly to bitcoin-core, but we work on digital asset #SmartCustody best practices, support infrastructure like Tor, low level libraries like SLIP39, cross-wallet PSBT standards, and more!

x-icon Tue Apr 28 22:55:27 +0000 2020


If this alternative to Schnorr holds up it may extend the life of legacy ECDSA sigs a little longer: “Sig gen 4 rounds…3 of these rounds can take place in a preprocessing stage before the signed message is known, lending to the first non-interactive threshold ECDSA protocol.“ https://twitter.com/IACRePrint/status/1255112723236556800

x-icon Tue Apr 28 23:03:37 +0000 2020


This isn’t the only worst case. Mistrust in system, deliberate infection, and immuno-privilege yellow-fever style is. “In a worst case scenario, communities that exhibit higher cases of the coronavirus infection can be subjected to geofencing by public health officials” https://twitter.com/BrookingsInst/status/1254908689053618176

x-icon Tue Apr 28 23:13:06 +0000 2020


👍 “We have serious doubts that voluntary, anonymous contact tracing through smartphone apps—as Apple, Google, and faculty at a number of academic institutions all propose—can free Americans of the terrible choice between staying home or risking exposure.“— @CT_Bergstrom https://twitter.com/CT_Bergstrom/status/1254856359201239042

x-icon Tue Apr 28 23:16:56 +0000 2020


Part of me says “Oh no! Yet another curve”, but as I can’t seem to find my way to fully support 25519 standards due to its limitations of being a non-prime order Edward’s curve & secp256k1 not being supported by the HSM chips, this curve, if standardized, has some attractiveness. https://twitter.com/NCCsecurityUS/status/1255149136447279106

x-icon Wed Apr 29 19:57:07 +0000 2020


RT @FullyNoded: New wallet template UI in latest FN2 update.

Hot: single sig, device holds seed.

Warm: 2 of 3, 1 seed on device, 1 priv…

x-icon Wed Apr 29 19:59:46 +0000 2020


As we move toward a number of multisig scenarios for Bitcoin, making them easier to understand by non-technical users has become increasingly an issue. Here is our first pass at reducing the complexity. Much more to do. https://twitter.com/FullyNoded/status/1255494478602829826

x-icon Wed Apr 29 20:02:11 +0000 2020


Presuming a best-of-class iOS Bitcoin wallet with multisig & PSBT support, how would you want to financially support it? If your choice not in this list, add your suggestions as a reply:

x-icon Thu Apr 30 00:25:46 +0000 2020


Replying to @FlamingCode

That is a basic assumption of any “best-in-class” Bitcoin wallet.

x-icon Thu Apr 30 04:06:25 +0000 2020


“There are many other companies and teams involved who all desire to make multisig easier, more standard, and allow you to choose different approaches or implementations knowing that you are not locked into a single solution.”—@ChristopherA https://twitter.com/CoinDesk/status/1255897448138055682

x-icon Thu Apr 30 17:34:36 +0000 2020


“Rather than focus on distributing output, focus on distributing opportunities” —Raghuram Rajan https://qz.com/india/1848551/raghuram-rajan-rahul-gandhi-discuss-indias-coronavirus-crisis/

x-icon Thu Apr 30 18:34:25 +0000 2020


RT @ChristopherA: Presuming a best-of-class iOS Bitcoin wallet with multisig & PSBT support, how would you want to financially support it?…

x-icon Thu Apr 30 18:41:26 +0000 2020


Replying to @christroutner

Doing it for each transaction isn’t economical. However, we have thought about having the wallet track how much you paid miners in transaction fees over time & once the total is economical asking the holder to consider matching as donation back to us. Isn’t much but a good point.

x-icon Thu Apr 30 18:45:34 +0000 2020


RT @ChristopherA: @christroutner Doing it for each transaction isn’t economical. However, we have thought about having the wallet track how…

x-icon Thu Apr 30 18:46:02 +0000 2020


Replying to @VeroCEG

That is a good question. Most iOS apps with one-time purchase get minor updates free, but at some point for a major version will ask for brand new payment every year or two, sometimes discounting for first few weeks for previous users. How does that affect your vote?

x-icon Thu Apr 30 18:50:56 +0000 2020


Replying to @StevieJarosz

So what is basic use? A single-signature wallet? Ability to export invoice & payment notes to .csv? Should a basic 2 of 3 wallet be an upgrade? Ability to participate in a multisig as a joint signer? Use of time-lock account template? How would you expect these to be priced?

x-icon Thu Apr 30 18:57:14 +0000 2020


Replying to @_naveenmishra and @matt_odell

Thanks—trying to think your idea through. Pay for the wallet in bitcoin after first successful transaction? I presume out as in is uncensorable. What if there is too little initial balance to pay for wallet? Always allow a free sweep out to new wallet?

x-icon Thu Apr 30 19:04:09 +0000 2020


Replying to @jasonmsteele

We need funding to also make a best-in-class Android wallet to our standards (which are high).

x-icon Thu Apr 30 19:05:59 +0000 2020


Replying to @bluedroplet

I’ve thought through some wallet gamification ideas, but all require some communication back to us. One of the best-in-class features is that all communications are through Tor, and none are back to us, and any communication back to mobile platform company is normal activity.

x-icon Thu Apr 30 19:09:18 +0000 2020


Replying to @maverickdotdev and @matt_odell

https://twitter.com/christophera/status/1255934253956648960?s=21 https://twitter.com/ChristopherA/status/1255934253956648960

x-icon Thu Apr 30 19:09:50 +0000 2020


RT @ChristopherA: @VeroCEG That is a good question. Most iOS apps with one-time purchase get minor updates free, but at some point for a ma…

x-icon Thu Apr 30 19:10:20 +0000 2020


RT @ChristopherA: @StevieJarosz So what is basic use? A single-signature wallet? Ability to export invoice & payment notes to .csv? Should…

x-icon Thu Apr 30 19:10:27 +0000 2020


RT @ChristopherA: @_naveenmishra @matt_odell Thanks—trying to think your idea through. Pay for the wallet in bitcoin after first successful…

x-icon Thu Apr 30 19:10:34 +0000 2020


RT @ChristopherA: @jasonmsteele We need funding to also make a best-in-class Android wallet to our standards (which are high).

x-icon Thu Apr 30 19:10:41 +0000 2020


RT @ChristopherA: @bluedroplet I’ve thought through some wallet gamification ideas, but all require some communication back to us. One of t…

x-icon Thu Apr 30 19:10:47 +0000 2020


Replying to @hodlwave, @wsheap and @matt_odell

I absolutely believe that for full self-sovereignty the source of a digital asset wallet must be available. No lock-in allowed—it needs to be YOUR wallet. What you are paying for is availability, convenience & support. A harder question for all mobile app biz model are upgrades.

x-icon Thu Apr 30 19:16:13 +0000 2020


RT @ChristopherA: @hodlwave @wsheap @matt_odell I absolutely believe that for full self-sovereignty the source of a digital asset wallet mu…

x-icon Thu Apr 30 19:16:23 +0000 2020


Replying to @denverbitcoin and @matt_odell

We have considered this, but we want co-signing to have an open / no lock-in architecture as well. A co-signer can be a spouse or colleague, a collaborative custody company like @unchainedcap or @CasaHODL or a service like @GreenAddress. Maybe even @AvantiBT or another bank.

x-icon Thu Apr 30 19:21:24 +0000 2020


RT @ChristopherA: @denverbitcoin @matt_odell We have considered this, but we want co-signing to have an open / no lock-in architecture as w…

x-icon Thu Apr 30 19:21:30 +0000 2020


Replying to @NickLTC, @MarkFriedenbach and @BrianLockhart

Questions for you? How often do we nag? When is nagging too much? Once you’ve paid some, do we keep nagging until you reach a threshold? If you’ve paid, can we nag you again for a major upgrade? I dislike nagging but it may be our best option, but what are best practices?

x-icon Thu Apr 30 19:25:39 +0000 2020


RT @ChristopherA: @NickLTC @MarkFriedenbach @BrianLockhart Questions for you? How often do we nag? When is nagging too much? Once you’ve pa…

x-icon Thu Apr 30 19:25:43 +0000 2020


Replying to @oh_kurrrrt and @matt_odell

We have several kinds of coin-control in mind. First to be implemented is basic, a switch “don’t spend from change”. Next you can see list of UTXO and click “spend next”. Payjoin? Then we hope to have an protocol for option to sent all change to a mixer wallet (say @wasabiwallet)

x-icon Thu Apr 30 20:00:38 +0000 2020


RT @ChristopherA: @oh_kurrrrt @matt_odell We have several kinds of coin-control in mind. First to be implemented is basic, a switch “don’t…

x-icon Thu Apr 30 20:01:15 +0000 2020


Replying to @dstadulis and @christroutner

We definitely want to support lightning at some point, which allows for more micro transaction business models, but unlikely for v1.

x-icon Thu Apr 30 20:04:11 +0000 2020


Replying to @hodlwave, @wsheap and @matt_odell

Not at this point, but I investigated this (for the third time) a few years ago. The problem is that the app is signed by Apple for final distribution. So we have write a tool to ignore that signature (and maybe other signatures).

x-icon Thu Apr 30 20:07:36 +0000 2020


RT @ChristopherA: @hodlwave @wsheap @matt_odell Not at this point, but I investigated this (for the third time) a few years ago. The proble…

x-icon Thu Apr 30 20:07:43 +0000 2020


Replying to @hodlwave, @wsheap and @matt_odell

We (@mcclow & I) wrote a tool for verification of Mac applications that ignored signatures & other mutable metadata ~1993, first named VeriSign. But they decided to name the company that name, so it became SignaFile. Should have taken stock not contract! 🤷🏻‍♂️

x-icon Thu Apr 30 20:16:02 +0000 2020


RT @ChristopherA: @hodlwave @wsheap @matt_odell We (@mcclow & I) wrote a tool for verification of Mac applications that ignored signatures…

x-icon Thu Apr 30 20:16:28 +0000 2020


Replying to @jasonmsteele

We are doing iOS 1st for security concerns. I was VP of the Blackphone Android startup 6-years ago. It is much harder to build a secure app on Android (expensive but not impossible) especially given Google’s API requirements (ask @SamouraiWallet) & bad actors in their ecosystem.

x-icon Thu Apr 30 20:25:34 +0000 2020


Replying to @6102bitcoin

Most (not all) mobile wallets that are independent are funded either by alt-coins or token companies paying for access, a direct ICO, by an currency exchange seeking preferential usage, or relationship with a tech company to leverage the wallet for their new tech. Unsustainable.

x-icon Thu Apr 30 20:40:20 +0000 2020


RT @ChristopherA: @6102bitcoin Most (not all) mobile wallets that are independent are funded either by alt-coins or token companies paying…

x-icon Thu Apr 30 20:40:32 +0000 2020


Replying to @jonatack

What if we set it up so that if you build from source (not that hard but requires an paid Apple developer contract) it asks for bitcoin, but fiat if you buy it from Apple or pay for in-app upgrade?

x-icon Thu Apr 30 20:52:36 +0000 2020


Replying to @henkvancann

I’m so far not happy with the security, architecture & UI compromises required by the multiplatform packages. Very difficult to offer best-in-class features. Focus is on cross-wallet data & protocols. One reason we chose iOS first is that can also offer a macOS app version soon.

x-icon Thu Apr 30 21:32:58 +0000 2020


RT @ChristopherA: @henkvancann I’m so far not happy with the security, architecture & UI compromises required by the multiplatform packages…

x-icon Thu Apr 30 21:33:02 +0000 2020


Replying to @6102bitcoin

Most people don’t realize that with Bitcoin multisig having master seeds is not enough. We are working on @BlockchainComns an emerging standard we call an “Account Map” with all the xpub and wallet descriptor info, to be printed as QR on waterproof paper to saved with every seed.

x-icon Thu Apr 30 21:40:14 +0000 2020


RT @ChristopherA: @6102bitcoin Most people don’t realize that with Bitcoin multisig having master seeds is not enough. We are working on @B…

x-icon Thu Apr 30 21:40:19 +0000 2020


Replying to @hodlwave and @6102bitcoin

https://twitter.com/christophera/status/1255975272425242625?s=21 https://twitter.com/ChristopherA/status/1255975272425242625

x-icon Thu Apr 30 21:41:15 +0000 2020


Replying to @adam3us and @6102bitcoin

https://twitter.com/christophera/status/1255975272425242625?s=21 https://twitter.com/ChristopherA/status/1255975272425242625

x-icon Thu Apr 30 21:41:34 +0000 2020


Results so far in my poll on how an independent mobile wallet should be funded. Thread also has some interesting material. I’m in particular concerned about how to offer long-term support & avoid moral hazard, and yet avoid customer lock-in. Poll closes in 23 hours. Vote now! https://twitter.com/ChristopherA/status/1255654540986265600

x-icon Thu Apr 30 22:35:08 +0000 2020


Replying to @miniver and @strasa

I’m intrigued with various GM tool best practices from the vantage point of tools for gmless (or gmfull) games. Puzzling this week if interactive pdf forms can help, especially given story games via zoom.

x-icon Thu Apr 30 22:43:59 +0000 2020


Replying to @citlayik and @real_or_random

We use Tor v3 between your own @FullyNoded 2 bitcoin mobile wallet and a full node under your control. I wonder what we can do to mitigate this kind of analysis, especially for the full-node’s P2P network.

x-icon Thu Apr 30 22:49:11 +0000 2020


We have been working on something similar that we are calling an “Account Map” with only xpubs, wallet descriptor & some metadata, but more compact to print on QR code to lock up with each seed on titanium. Collaborate? cc/@FullyNoded @COLDCARDwallet @StepanSnigirev @CryptoLixin https://twitter.com/COLDCARDwallet/status/1255922997866700800

x-icon Thu Apr 30 22:58:13 +0000 2020


I have added this topic regarding the opportunity to create a cross-wallet standard for these Account Maps as a new issue on GitHub. cc/@COLDCARDwallet https://github.com/BlockchainCommons/AirgappedSigning/issues/6

x-icon Thu Apr 30 23:12:53 +0000 2020


Replying to @jonatack

I sympathize—I still seek open security chips on phones & have been puzzling with parties like @philchen913 of @htcexodus, @CryptoLixin of @CoboVault, @Trezor, @Risc_V and others on how to get there. But after failure of Blackphone 5 years ago (where I was VP) it is difficult.

x-icon Thu Apr 30 23:21:00 +0000 2020


RT @paulg: Weird potential idea: competence tourism.

E.g. Goldman Sachs has a bunch of people who really need to work in an office togeth…

x-icon Thu Apr 30 23:56:52 +0000 2020


Replying to @hodlwave, @6102bitcoin and @BlockchainComns

Just a QR of the public descriptor is where we started, but you may have more account stored for use with one per seed. You may have a birthday for the account, some path to seed details, and other metadata. https://twitter.com/ChristopherA/status/1255998586703147009?s=20 https://twitter.com/ChristopherA/status/1255998586703147009

x-icon Fri May 01 00:11:21 +0000 2020


Are there any VCs others interested in infrastructure investments? Reid Hoffman invested in Blockstream not for 20x return, but to increase the value of the Bitcoin he bought at <$35. He got lot more than 20x.
https://twitter.com/a16z/status/1255853918942363651

x-icon Fri May 01 00:37:23 +0000 2020


Blockchain Commons is a “not-for-profit” benefit corporation. We are not offering equity but are open to revenue-backed investment instruments for pojects like @FullyNoded—these will not give 20x return, but as we focus on ecosystems you can win through value to whole ecosystem…

x-icon Fri May 01 00:40:46 +0000 2020


In the meantime, we invite your support as a sponsor of our infrastructure projects like #SmartCustody, #LetheKIT, self-Sovereign Decentralized Identity, and much more with monthly contributors through https://GitHub.com/sponsors/BlockchainCommons or bitcoin donations through https://btcpay.blockchaincommons.com

x-icon Fri May 01 00:45:54 +0000 2020


Here is an example of an possible compact Account Map. Other items we are considering is some form of label to distinguish it from other accounts, but @COLDCARDwallet I believed stores more. https://github.com/BlockchainCommons/AirgappedSigning/issues/6#issuecomment-622189404

x-icon Fri May 01 00:50:11 +0000 2020


Interesting network map of America, based on economic analysis, shows the true metropolitan regions. Also applicable when thinking about social distancing & travel quarantines. https://www.atlasobscura.com/articles/here-are-the-real-boundaries-of-american-metropolises-decided-by-an-algorithm

x-icon Fri May 01 03:14:50 +0000 2020

Updated: