We are thrilled at @BlockchainComns to be working with @KeystoneWallet on developing new specifications for interoperability between wallets & unite the blockchain industry. Happy fourth anniversary, and many more! https://twitter.com/KeystoneWallet/status/1488547135679533060

Tue Feb 01 20:50:02 +0000 2022


@davewiner Have you looked Zavala yet? So many outliner apps come and gone, but I need one not solely web, able to work offline on Mac & iOS, and no service lock-in. And at least as good as MORE 🤘🤛 Thoughts? https://zavala.vincode.io/2022/01/31/2.0_Release.html

Tue Feb 01 21:11:19 +0000 2022


Mars stealer is malware that if you are hacked or tricked into installing, will leverage the fundamental insecurity of over 40 browser plugins for digital assets, passwords & 2FA, including the dominant #metamask. Don’t keep keys in your browser! Technical details at: https://twitter.com/3xp0rtblog/status/1488505225031917572

Wed Feb 02 17:51:23 +0000 2022


At @BlockchainComns we are researching towards an update to our #SmartCustody book on how to protect you ETH and digital assets like NFTs. However, there are real limitations in current metamask-style architectures. Ultimately needs to be thrown away and re-thought.

Wed Feb 02 17:54:30 +0000 2022


RT @ChristopherA: At @BlockchainComns we are researching towards an update to our #SmartCustody book on how to protect you ETH and digital…

Wed Feb 02 17:54:40 +0000 2022


If you are interested in accelerating this research and our updates to #SmartCustody best practices for protecting digital assets, please financially support us with monthly patronage at https://github.com/sponsors/BlockchainCommons

Wed Feb 02 17:57:38 +0000 2022


RT @ChristopherA: If you are interested in accelerating this research and our updates to #SmartCustody best practices for protecting digita…

Wed Feb 02 17:57:52 +0000 2022


RT @helen_garneau: This #Meetup with ⁦@heathercdahl⁩ @ChristopherA and Charlyn Ho from @PerkinsCoieLLP is going to be a masterclass in #SSI…

Sun Feb 06 06:50:57 +0000 2022


A tough design problem, in particular in this era of hidden centralities, perverse incentives, divisive actors taking advantage of human cognitive bias, dark patterns, and outright criminality. https://twitter.com/ChristopherA/status/827970059960086528

Sun Feb 06 20:09:59 +0000 2022


Question for twitter engineers: I’m puzzling with MTBF/R for SD & NFC cards. If the life expectancy of powered-off flash is 10 years, but you are sharing data using SSKR (our Shamir Secret Sharing technique) for 3 of 5 devices, you can expect 1 shard of those 5 to die in 2 years?

Tue Feb 08 00:26:36 +0000 2022


Replying to @adamshostack

Useful, but one challenge in puzzling this all out is that flash-based ssd drives, are also somewhat different powered-on and active vs powered-off. Flash is electrons in a volume of silicon, which will tunnel out if not refreshed. Denser flash, fewer electrons, more as % tunnel.

Tue Feb 08 01:21:45 +0000 2022


Replying to @adamshostack

I’m thinking about buying 100 flash-based NFC cards and testing 10 a year for 10 years.

Tue Feb 08 01:24:45 +0000 2022


Replying to @adamshostack

Maybe some way to crowdsource this? Buy a SD card, some zk-proof when initialize it with some test data, and some QR to report when if fails?

Tue Feb 08 01:29:54 +0000 2022


For the 2nd time in two months our @BtcpayServer is being invoice spammed, creating thousands of invoices, creating BTC addresses that break gap limits of most #btc wallets. Every web2 server can stop this, default docker install for BTCpay can’t: https://github.com/btcpayserver/btcpayserver/issues/3190

Tue Feb 08 01:45:12 +0000 2022


For a few years now @BlockchainComns has been talking about our Gordian Principles for self-sovereign control of digital assets & how to assure yourself of their #SmartCustody. We’re thrilled that wallet manufacturers & designers are beginning to follow these same ideals. [1/12]

Thu Feb 10 17:38:12 +0000 2022


As a result, we’ve been able to put together an initial set of case studies highlighting how @FOUNDATIONdvcs Passport and @SparrowWallet ensure resilient and personal control of your digital assets. [3/12] https://github.com/BlockchainCommons/SmartCustody/blob/master/Docs/Case-Studies-Overview.md

Thu Feb 10 17:38:14 +0000 2022


All of our @BlockchainComns wallet interoperability specifications are meant to support the four core Gordian Principles of independence, privacy, resilience, and openness—that put the user first and enable responsible key management. [2/12]

Thu Feb 10 17:38:14 +0000 2022


The @SparrowWallet, though useful as a stand-alone software wallet, we’ve found is quite powerful if used as a transaction coordinator for multiple hardware wallets. Here’s our case study for how it supports the Gordian Principles. [5/12] https://github.com/BlockchainCommons/SmartCustody/blob/master/Docs/Case-Study-Sparrow.md

Thu Feb 10 17:38:15 +0000 2022


Following the Gordian architecture, our case studies are broadly divided into seed vaults (typically, hardware wallets) and transaction coordinators (typically, traditional software wallets, but used without seeds). [4/12] https://github.com/BlockchainCommons/Gordian#overview-gordian-architectural-model

Thu Feb 10 17:38:15 +0000 2022


The @FOUNDATIONdvcs Passport is a robust second-generation hardware wallet that transmits QRs through airgaps or data via Micro SDs. Here’s how it stacks up. [7/12] https://github.com/BlockchainCommons/SmartCustody/blob/master/Docs/Case-Study-Passport.md

Thu Feb 10 17:38:16 +0000 2022


We’ve also produced a doc on how precisely to use @SparrowWallet in the transaction coordinator role with our reference signer, Gordian Seed Tool for iOS & Mac. [6/12] https://github.com/BlockchainCommons/GordianSeedTool-iOS/blob/master/Docs/Integration.md#using-sparrow-as-a-transaction-coordinator

Thu Feb 10 17:38:16 +0000 2022


Next on our list to review in the coming weeks is the attractive @KeystoneWallet airgapped hardware wallet. (It has two branches of firmware, so we’ve been muddling out the best way to talk about it) [9/12]

Thu Feb 10 17:38:17 +0000 2022


We also authored a case study for our own Gordian Seed Tool reference signer app for iOS & Mac, to discuss how we believe it exemplifies the Gordian Principles. [8/12] https://github.com/BlockchainCommons/SmartCustody/blob/master/Docs/Case-Study-SeedTool.md

Thu Feb 10 17:38:17 +0000 2022


If you’re interested in writing a case study of a device for us to edit & review, or supporting us to write a new case study about your favorite wallet, please submit a PR or contact us. [11/12] https://github.com/BlockchainCommons/SmartCustody/blob/master/Docs/Case-Studies-Overview.md#more-case-studies

Thu Feb 10 17:38:18 +0000 2022


We believe in these Gordian Principles of independence, privacy, resilience, and openness for the entire blockchain ecosystem. We’re thrilled that hardware manufacturers & software wallet developers are pursuing these same goals! [10/12]

Thu Feb 10 17:38:18 +0000 2022


Sponsor our continued efforts to teach #SmartCustody, support interoperability, and create open & interoperable, secure & compassionate digital infrastructure—become a monthly financial contributor to Blockchain Commons through @github. ៚ [12/12] https://github.com/sponsors/BlockchainCommons

Thu Feb 10 17:38:19 +0000 2022


Replying to @madhavanmalolan

We have been working as a coordination point between wallet developers at @BlockchainComns, initial for Bitcoin but we are working toward similar standards for Ethereum wallets. Two problems: ongoing funding for infrastructure is hard, and some past poor architecture choices.

Sun Feb 13 18:13:37 +0000 2022


Replying to @madhavanmalolan and @BlockchainComns

Take a look at our last report: https://twitter.com/ChristopherA/status/1491828864753930240

Sun Feb 13 18:14:07 +0000 2022


RT @madhavanmalolan: What if …
We just stop everything we are doing and just work on fixing wallets this year?

There are just not enough…

Sun Feb 13 18:14:31 +0000 2022


Replying to @plum_perfect

In my childhood (60s) the original tv remotes (50s) had a prominent loud “click” to press the buttons, which did some kind of non-modulated sound pulse on different frequencies that would turn on off or change the channel up or down. Thus “clicker”. https://www.theatlantic.com/technology/archive/2011/04/tech-etymology-tv-clicker/236965/

Mon Feb 14 20:15:04 +0000 2022


Unless QR software is corrupted, QR links are only as dangerous as any link on Twitter or in an email. Still some threats there, so we are investigating both hashlinks https://datatracker.ietf.org/doc/html/draft-sporny-hashlink and a signed version leveraging did:web did:onion & did:key. https://twitter.com/WellsLucasSanto/status/1493024571414302720

Mon Feb 14 20:24:53 +0000 2022


For some our current airgap wallet #SmartCustody interoperability standards and approaches see: https://github.com/BlockchainCommons/SmartCustody & https://github.com/BlockchainCommons/SmartCustody

Mon Feb 14 20:34:26 +0000 2022


RT @ChristopherA: Unless QR software is corrupted, QR links are only as dangerous as any link on Twitter or in an email. Still some threats…

Mon Feb 14 21:18:07 +0000 2022


RT @IndicioID: Indicio CEO @heathercdahl is sitting down with @ChristopherA and @charlynling1 to discuss the expectations, reality, and pos…

Tue Feb 15 04:04:56 +0000 2022


Replying to @WebDevLaw

Related: https://twitter.com/ChristopherA/status/1243434431903219712

Wed Feb 16 21:20:01 +0000 2022


RT @WebDevLaw: Then he and his team engaged in - if not invented - ethical hacking. They physically hacked their IBM punch card machines so…

Wed Feb 16 21:35:21 +0000 2022


RT @ChristopherA: Today at 19:06 CET (sunset in Amsterdam) is the 77th Anniversary of the attempt by The Resistance to bomb the Dutch Civil…

Wed Feb 16 21:38:03 +0000 2022


Inspired by today’s @RWOTEvents visioning event “Out of the Box 2052” one of my visions/wish list items for 2052 can be summarized as “Collective wisdom without collective bias”.

Thu Feb 17 17:24:18 +0000 2022


Artifact from my oldest visioning event (in 1988), of what I wanted by 2015. Today we together worked during a @RWOTEvents collaborative salon on a vision for 2052. More results to come. https://twitter.com/ChristopherA/status/642711322921160705

Thu Feb 17 20:07:36 +0000 2022


Artifact of another visioning event in 1995 as a collaboration toward a 2015 vision, created by all of our team at “Consensus Development” (we wrote the reference implementation of SSL 3.0 and TLS 1.0). Big goal: “People & computer agents that I can delegate trust to/from.”

Thu Feb 17 20:15:20 +0000 2022


And 6 years ago, at the 2nd #RebootingWebOfTrust design workshop, we did a visioning for 2032 that helped establish a future for decentralized identity that has inspired developments like the W3C DID standard. https://github.com/WebOfTrustInfo/rwot2-id2020/tree/master/event-documents/process

Thu Feb 17 20:21:05 +0000 2022


These 2016 @RWOTEvents “take-a-panels” were discussed in small team, and joint visions were created (at https://github.com/WebOfTrustInfo/rwot2-id2020/tree/master/event-documents/graphic-recording/Day-1-02-Take-A-Panel)) and the final report out:

Thu Feb 17 20:21:06 +0000 2022


Final commentary: Vision a positive future. Hold to your vision. Iterate on it. Make it happen!

Thu Feb 17 20:22:00 +0000 2022


RT @ChristopherA: Final commentary: Vision a positive future. Hold to your vision. Iterate on it. Make it happen!

Thu Feb 17 20:22:05 +0000 2022


RT @SSI_Ambassador: Join the @IndicioID Webinar about the expectations & reality of #SSI with @ChristopherA @heathercdahl and Charlyn Ho.…

Thu Feb 17 22:33:08 +0000 2022


RT @CaitlinLong_: THIS IS ONE of the 7 proposed bills from the #Wyoming #blockchain & Tech Select Committee this yr—it protects privacy of…

Sun Feb 20 02:57:46 +0000 2022


RT @CaitlinLong_: For #DAOs that choose to register there’s a race btwn using state cooperative laws vs state LLC laws. WY’s #DAO LLC law i…

Sun Feb 20 02:59:30 +0000 2022


Replying to @0xfoobar

I believe the architecture of Ethereum wallets have a fundamental problem in that they do not have functional separation of keys, much less a no-key-reuse policy. This results in a number of confused deputy problems. It can be solved, but legacy architecture likely needs to die.

Sun Feb 20 17:31:18 +0000 2022


Replying to @richerd

Have you seen the free #SmartCustody book from @BlockchainComns? https://github.com/BlockchainCommons/smartcustody We are seeking funding support & patronage to bring it’s approaches to the ETH & NFT community.

Sun Feb 20 18:17:11 +0000 2022


Replying to @sriramk, @punk6529, @donnie, @alive_eth, @nassyweazy and @eddylazzarin

https://twitter.com/christophera/status/1495462552809074691

Sun Feb 20 20:00:11 +0000 2022


RT @Melt_Dem: 1/ while the media tries to shift our attention on the looming threat of physical violence, the most prevalent form of violen…

Mon Feb 21 02:07:40 +0000 2022


Replying to @chelseakomlo

We are working on this now for Bitcoin, initially documenting it for our next release of the #SmartCustody book. Harder for single-signature blockchains like Ethereum, but we do have 2-level quorum secret sharing of seeds with SSKR available now in Gordian Seed Tool.

Mon Feb 21 18:27:10 +0000 2022


Replying to @chelseakomlo

For Bitcoin, you can see a hint/preview of some of our approaches to multisig and social key recovery (much more to come): https://github.com/BlockchainCommons/SmartCustody/blob/master/Docs/Multisig.md

Mon Feb 21 18:28:56 +0000 2022


Replying to @chelseakomlo

For all blockchains that don’t use true multisig, but that use seeds, you can learn from our SSKR work: https://github.com/BlockchainCommons/SmartCustody/blob/master/Docs/SSKR-Sharing.md

Mon Feb 21 18:29:59 +0000 2022


Replying to @chelseakomlo

Be ware with any secret sharing (including our SSKR) there are things you have to be very careful about: https://github.com/BlockchainCommons/SmartCustody/blob/master/Docs/SSKR-Dangers.md

Mon Feb 21 18:30:57 +0000 2022


Replying to @chelseakomlo

There are also interesting hybrids of both multisig and SSKR possible, and new cryptography (VSS, FROST) that can help. But part of the problem is that the wallets following the Metamask model may be fundamentally architecturally broken. It maybe possible to iteratively fix…

Mon Feb 21 18:33:19 +0000 2022


Replying to @chelseakomlo

But the essential problem is the overuse use of a single key, the account private key, to do everything. This violates long-standing principles of limiting key reuse, generation of new keys, different keys for different key purpose, etc.

Mon Feb 21 18:35:03 +0000 2022


Replying to @chelseakomlo

We have some ideas of how to maybe leverage a major revision of Wallet Connect 2.0 (3.0? some other name) that may solve some of these problems, but there has been insufficient will in the ecosystem to fund to support such a radical architecture so far.

Mon Feb 21 18:36:45 +0000 2022


Replying to @chelseakomlo

Individual people and organizations can show their support toward these efforts by becoming a monthly project or sustaining sponsor of @BlockchainComns. These are the signals that we use to prioritize our infrastructure standards efforts. https://github.com/sponsors/BlockchainCommons

Mon Feb 21 18:38:36 +0000 2022


Replying to @chelseakomlo

Absolutely agree! This is why our work on the Bitcoin side of the ecosystem is focused on Taproot Schnorr and toward Musig2 and Frost. However, there is still a place for slightly better than basic Shamir SS (such as 2-level Schnorr). Also, a VSS is a subpart part of Musig2.

Mon Feb 21 18:41:03 +0000 2022


Replying to @chelseakomlo

Again, true. This is why I help architect a design for key rotation in the W3C DID (Decentralized Identity) standards. (This feature is, unfortunately, is not mandatory in the spec). There are a number of approaches. Most are hard in the Ethereum/Metamask architecture though.

Mon Feb 21 18:43:30 +0000 2022


Replying to @chelseakomlo

Two issues. You are technically correct, but also incorrect. Musig2 has in its early round a VSS that is used to generate the final keys. You could do a one-party generation of this value, share, and those parties can sign things. Multiple Musig2 in a taproot tree can do quorum.

Mon Feb 21 18:46:25 +0000 2022


Replying to @chelseakomlo

I apologize, I am simplifying. The vast majority (of blockchain transactions (also by market cap) use ECDSA or 25519 with broken multisig. True threshold signatures typically use Schnorr (with secpk1 taproot or ristretto) but legacy bitcoin & Ethereum clones can’t use it.

Mon Feb 21 18:50:42 +0000 2022


@davewiner I’ve seen a number of apps with export OPML to markdown, but is are there any outliners that will import markdown to OPML? I’ve a lot text in markdown various places that I’d like to organize.

Mon Feb 21 19:15:20 +0000 2022


Paste of markdown into Electric Drummer seems to half of it correctly, the outline. However, it doesn’t format the links.

Mon Feb 21 19:37:45 +0000 2022


Paste of markdown into the Zavala app just makes it a single entry. It fails both the break up the indents into outline or format the links.

Mon Feb 21 19:40:36 +0000 2022


Paste of markdown into Logseq comes closest to useful as it makes each line a separate outline entry and does the link formatting, but looses the hierarchy.

Mon Feb 21 19:45:19 +0000 2022


It turns out pasting markdown into Logseq is more useful than I thought, but it doesn’t know the difference between a body paragraph and a L1 indent, and creates a redundant line. See GitHub issue: https://github.com/logseq/logseq/issues/4333

Mon Feb 21 20:07:54 +0000 2022


Replying to @davewiner, @logseq and @obsdmd

Thanks @DaveWiner — In this case, I’m trying to paste, not import. I have a really nice safari plugin tool that copies groups of bookmarks to markdown preserving its hierarchy onto clipboard. But it doesn’t support OPML to clipboard or save markdown (or OPML) to files, only HTML.

Mon Feb 21 20:10:40 +0000 2022


Replying to @DaveWiner

Here is a better test reference with Electric Drummer (the one I used in the Logseq bug issue report). You do the indented list of lists , but like Logseq are adding a line & the body line is at same level as first list. I’m also expecting the links to be formatted.

Mon Feb 21 20:16:16 +0000 2022


Replying to @davewiner

I’ve posted a feature request at https://github.com/scripting/drummerSupport/issues/155

Mon Feb 21 20:21:39 +0000 2022


/cc @vincode_io https://github.com/vincode-io/Zavala/issues/147

Mon Feb 21 21:25:11 +0000 2022


Going live in a couple of minutes. You can join anytime! https://twitter.com/IndicioID/status/1496161582312988674

Tue Feb 22 16:59:53 +0000 2022


RT @ChristopherA: “We must rebel against our evolutionary objectives, w/o giving an evolutionary advantage to those who refuse to do the sa…

Tue Feb 22 22:41:43 +0000 2022


This morning I spoke at an @IndicioID meetup, along with @charlynling1, on the topic of “Self-Sovereign Identity: Expectations & Reality”. In it we discuss some history of #SSI, revising the principles, LESS (Legally Enabled Self-Sovereign) Identity, ++ https://www.youtube.com/watch?v=JAeNQsCFgBg

Tue Feb 22 22:46:37 +0000 2022


Replying to @Lambo and @LilithWittmann

BTW, there are several different forms of this. Redacted signatures, where I in my presentation of the credential “redact” fields unnecessary for the business purpose or possible threats, and a variety of zk proofs that also prevent correlation, but are more complex.

Tue Feb 22 22:54:21 +0000 2022


Replying to @Lambo and @LilithWittmann

I’d like to see redactable signatures on verifiable credentials become the standard, as they are easy & minimize sharing. This proposal is VERY outdated, but gives the idea (I also want to support CBOR): https://w3c-ccg.github.io/lds-redaction2016/

Tue Feb 22 22:56:20 +0000 2022


Replying to @Lambo and @LilithWittmann

Here is one of the zero-knowledge cryptography based selective disclosure proposals. This one is more current and I believe there is more than one implementation. https://w3c-ccg.github.io/ldp-bbs2020/

Tue Feb 22 23:01:54 +0000 2022


Replying to @LilithWittmann, @Bindestriche and @lontrachen

I don’t buy this interpretation of what is #SSI. The principles focus on offering user choices, which include not to provide credentials, or in a redacted form.

Tue Feb 22 23:06:12 +0000 2022


Replying to @LilithWittmann, @Bindestriche and @lontrachen

I do agree with Georgy Ishmaev that #SSI by itself still needs a deeper examination of ethics. He has another paper out that does a better job than I to describe what and why the concept of “sovereignty” is in the identity equation: https://link.springer.com/article/10.1007/s10676-020-09563-x

Tue Feb 22 23:09:49 +0000 2022


Replying to @LilithWittmann, @Bindestriche and @lontrachen

“The call to reconsider the source of this right aims to reframe the procedure of an identification not as an obligation or duty of citizens to be identified derived from the sovereign right of a state…

Tue Feb 22 23:10:41 +0000 2022


Replying to @LilithWittmann, @Bindestriche and @lontrachen

“… but as a natural right of an individual to be represented via mediating role of institutions of identity.” — Georgy Ishmaev

Tue Feb 22 23:11:01 +0000 2022


Replying to @LilithWittmann, @Bindestriche and @lontrachen

“There are then compelling reasons to consider the right to be a ‘self-sovereign’ source of power to construe one’s own identity. Not just a right for the choice of attributes relevant for the presentation of one’s own identity to others, but also…

Tue Feb 22 23:11:33 +0000 2022


Replying to @LilithWittmann, @Bindestriche and @lontrachen

“… a right not to have one’s identity be permanently fixated in the externally imposed normative framework. The foundation of this right can be traced back to Lockean arguments on the limits of powers and rights in a free society.” — Georgy Ishmaev

Tue Feb 22 23:11:48 +0000 2022


Replying to @Lambo and @LilithWittmann

Here is a nice overview that started as an #RWOT paper, and is now in W3C CCG work item “Engineering Privacy for Verified Credentials: In Which We Describe Data Minimization, Selective Disclosure, and Progressive Trust”: https://w3c-ccg.github.io/data-minimization/

Tue Feb 22 23:15:30 +0000 2022


Replying to @LilithWittmann and @Lambo

I don’t want over-identification (or over-authentication even) either. At least LESS Identity is better than the status quo. Where I can I push for exactly what I believe you are sayin you want.

Tue Feb 22 23:20:38 +0000 2022


Replying to @LilithWittmann and @Lambo

This goes a long way back to my 2004 post on “Progressive Trust”. Start trust small and simple, increase as needed, and stop when is more than necessary. Binary “Trusted/Not-Trust” is an anti-pattern. Real human trust is progressive. http://www.lifewithalacrity.com/2004/08/progressive_tru.html

Tue Feb 22 23:23:13 +0000 2022


RT @Lambo: Happy to see my remarks on self-sovereign ID led to some meaningful exchange here between @LilithWittmann and SSI’s inventor @Ch…

Wed Feb 23 01:10:30 +0000 2022


RT @Lambo: And (assuming you’re interested in SSI for science and education, like us), have a close look at @SWITCH_ch in the next few mont…

Wed Feb 23 01:10:33 +0000 2022


#QotD: “A poet knows he has achieved perfection not when there is nothing left to add, but when there is nothing left to take away.” ⇒ Leonardo da Vinci.

I need to keep that nearer to the top of my mind when designing software, protocols & architecture.

Wed Feb 23 18:06:44 +0000 2022


Have you been wanting to get involved in the development of Bitcoin, blockchain tech, and human-rights identity? @BlockchainComns has announced its 2022 VIRTUAL internship program, kicking off this summer! [1/10] https://github.com/BlockchainCommons/Community/discussions/74

Thu Feb 24 18:17:55 +0000 2022


We love programs like @summerofbitcoin. If you are looking for a full-time paid technical internship, that’s the way to go. But, our Blockchain Commons internship is set up differently to offer some specific advantages [2/11]

Thu Feb 24 18:17:56 +0000 2022


One of our favorite features is our weekly office hours. We’ll not just give you the opportunity to talk with us and each other, but also guest speakers from places such as Bitcoin Core, @Blockstream, @EFF, @HRF, @W3C and more. [5/11]

Thu Feb 24 18:17:57 +0000 2022


We ask for a commitment of 40 hours toward virtual project work over the summer and we offer a small honorarium. We encourage interns to work collaboratively together and we teach them how to function in the open-source ecosystem. [4/11]

Thu Feb 24 18:17:57 +0000 2022


For one, Blockchain Commons is about more than just software & hardware engineering. We’re also looking to nurture pre-law students, technical writers, library science, and other people who might help us advocate for secure & compassionate digital infrastructure. [3/11]

Thu Feb 24 18:17:57 +0000 2022


Our past interns have been featured in Coindesk and have gone on to actual careers in the blockchain field. [7/11] https://www.coindesk.com/tech/2020/09/23/blockchain-commons-internship-introduces-new-developers-to-open-source/

Thu Feb 24 18:17:58 +0000 2022


Past internship projects have included our Spotbit pricing server, our Mori-cli app for Bitcoin inheritance, and a pseudonymity guide. What are you interested in offering to the blockchain world? [6/11] https://spotbit.info/spotbit/

Thu Feb 24 18:17:58 +0000 2022


We look forward to working with these aspiring students. To have them join with us to create an open & interoperable, secure & compassionate digital infrastructure. To support human dignity and enable people to control their own digital destiny. [10/11] https://www.blockchaincommons.com/vision.html

Thu Feb 24 18:17:59 +0000 2022


The forty hours of work (plus office hours & educational opportunities) will occur this summer from May 23, to August 15, 2022. Since it’s a virtual program, you can of course be anywhere in the world. One of the best parts is collaborating internationally! [9/11]

Thu Feb 24 18:17:59 +0000 2022


To apply for this year’s internships, just email us a CV with some additional info as described in this year’s call for interns. The deadline is April 22nd. [8/11] https://github.com/BlockchainCommons/Community/discussions/74

Thu Feb 24 18:17:59 +0000 2022


We thank @HRF for their continuing grant to support our internship programs. If you are interested in supporting Blockchain Commons financially to be able to offer more of these programs, reach out to us, or become one of our Github sponsors: https://github.com/sponsor/blockchaincommons [12/12] ៚

Thu Feb 24 18:18:00 +0000 2022


“As a lethal pandemic, economic and physical insecurity, and violent conflict ravaged the world, democracy’s defenders sustained heavy new losses in their struggle against authoritarian foes, shifting the international balance in favor of tyranny.” https://freedomhouse.org/report/freedom-world/2021/democracy-under-siege

Fri Feb 25 01:27:51 +0000 2022


RT @evernym: eIDAS 2.0 brings enormous opportunities to introduce digital credentials to all of Europe, but there are a few potential barri…

Fri Feb 25 06:58:09 +0000 2022


For details on the French identity civil hackers see: https://twitter.com/WebDevLaw/status/957256426392494080

Fri Feb 25 19:52:06 +0000 2022


For details on the Netherlands WWII story see https://youtu.be/isanNSDoSnE or… https://twitter.com/ChristopherA/status/1243434431903219712

Fri Feb 25 19:52:06 +0000 2022


One possible hidden tragedy in this Russian invasion is that they don’t need to capture the Dutch civil archives like the Nazis did. New civil hackers like 🇳🇱 Arondias who burned archives or 🇫🇷 Carmille who punched holes in all the cards can’t as Russians already have the data!

Fri Feb 25 19:52:06 +0000 2022


Just because you trust your government today does not mean that you can tomorrow. Civil service leaders must design for threats of regime change. How does Taiwan protect its citizens worldwide if invaded next? #LESSidentity #Foremembrance

Fri Feb 25 19:52:07 +0000 2022


Replying to @thegrugq, @UK_Daniel_Card, @mlowdi, @SwiftOnSecurity, @nycandre, @elonmusk, @moxie and @pressfreedom

At one point you could run multiple encrypted versions of the OS in the #blackphone. I fought to have one be duress invisible and only function if the right pin was used to launch one of the others. Unfortunately wasn’t easy as it was a layer violation so it didn’t happen.

Sat Feb 26 01:06:04 +0000 2022


RT @LALeVasseur: Maybe what we’re really calling for is more (and deliberate) ephemerality built into technology, more forgetfulness. reass…

Sat Feb 26 01:14:11 +0000 2022


RT @LALeVasseur: This also relates to the Me2B principle of Identification Minimization. Do this instead: “this [info/signal] applies here…

Sat Feb 26 01:14:26 +0000 2022


#QotD (quote of the day): https://twitter.com/DavidVorick/status/1496966414858600449

Sat Feb 26 01:15:23 +0000 2022


Replying to @dcwoodruff

If it continues, contact @EFF — they’ve been known to help with DMCA attacks against fair-use, offer to defend or threaten SLAPP. Here is one case where I suggested anonymous blogger @spockosbrain contact them: https://www.eff.org/deeplinks/2007/01/spocko-ksfo-and-blogospheres-allergy-copyright-thuggery

Sat Feb 26 02:19:31 +0000 2022


Replying to @matthewdif

Not the same threat model, but you may find some useful tips in here: https://github.com/BlockchainCommons/Pseudonymity-Guide

Sat Feb 26 02:24:31 +0000 2022


RT @evacide: This is important because so much of Russian civil society’s organizing happens on Facebook. I point this out every time someo…

Sat Feb 26 02:26:35 +0000 2022


Replying to @cmdoerfler

We try to at @BlockchainComns.

Sat Feb 26 03:51:36 +0000 2022


Replying to @BrianG416

I’m saying they don’t need to. We already know that Russian supported hackers have been scraping Facebook and other social networks, and have targeted Ukrainian services for at least a half-decade. They likely already have the data. And we gave it away.

Sat Feb 26 06:12:30 +0000 2022


Replying to @kimdhamilton, @wycdd, @chrismessina, @Obstropolos, @SpruceID, @openid, @bluesky, @willnorris, @selfissued and @justin__richer

My big security concern lately is the MetaMask-style & Wallet Connect 1 & 2 binding to a single key used for everything from login auth, displaying balances & NFTs, and asset transfers. Severe “confused deputy” problems. If this EIP just fixes key separation & rotation, then 👍.

Tue Mar 01 04:33:18 +0000 2022


Replying to @chrismessina, @kimdhamilton, @wycdd, @Obstropolos, @SpruceID, @openid, @bluesky, @willnorris, @selfissued and @justin__richer

The Confused Deputy problem is when an entity is inappropriately authorized to do something minor (say login) but that auth reused, tricked or coerced to do something major (say transfer an asset) that they did not intend. Very common attack vector right now with ETH & friends.

Tue Mar 01 05:00:04 +0000 2022


Replying to @chrismessina, @kimdhamilton, @wycdd, @Obstropolos, @SpruceID, @openid, @bluesky, @willnorris, @selfissued and @justin__richer

The best way to avoid this is to use different keys for different purposes. Another useful approach is a “Key Rotation” architecture, as supported by some DIDs, which allows you to keep the identifier but change the keys it uses (and deprecate the old ones).

Tue Mar 01 05:03:30 +0000 2022


Replying to @chrismessina, @kimdhamilton, @wycdd, @Obstropolos, @SpruceID, @openid, @bluesky, @willnorris, @selfissued and @justin__richer

I looked over EIP-4361 and it still appears to be single-key, single account focused, and also does not add privacy nor is rotatable. I really can’t recommend it even though it has improvements over existing wallet login methods. I believe we can and should do much better.

Tue Mar 01 06:52:36 +0000 2022


Replying to @chrismessina, @kimdhamilton, @wycdd, @Obstropolos, @SpruceID, @openid, @bluesky, @willnorris, @selfissued and @justin__richer

We (@BlockchainComns) are currently investigating how to apply the Gordian Principles for #SmartCustody for the Eth & friends wallet ecosystem. Currently seeing if there is interest by our Patrons to fund. One preliminary DRAFT on the issues is at https://hackmd.io/rEcjDqAlS3OS1bwojFiEnA

Tue Mar 01 07:00:02 +0000 2022


Replying to @chrismessina, @kimdhamilton, @wycdd, @Obstropolos, @SpruceID, @openid, @bluesky, @willnorris, @selfissued, @justin__richer and @BlockchainComns

This isn’t a problem with Ethereum blockchain itself, but a real problem with how the architecture of the ETH wallet ecosystem evolved. I’m not confident it is incrementally fixable. Maybe we can, but sometimes you just need a fundamental reboot and start over.

Tue Mar 01 07:05:55 +0000 2022


Replying to @wycdd, @chrismessina, @kimdhamilton, @Obstropolos, @SpruceID, @openid, @bluesky, @willnorris, @selfissued, @justin__richer and @BlockchainComns

Yes, that’s the flaw of a radically more secure design — we likely would have to abandon legacy wallets (and some common contracts!). Thus we don’t want to dive in without more evidence from our Patrons & partners that there is financial support for the long haul to do it right.

Tue Mar 01 07:12:54 +0000 2022


Replying to @wycdd, @chrismessina, @kimdhamilton, @Obstropolos, @SpruceID, @openid, @bluesky, @willnorris, @selfissued, @justin__richer and @BlockchainComns

We might start instead by doing responsible key management wallet architectures with DAO treasury wallets, or some other subset of well-funded groups of users first, rather than replace wallets for individual investors.

Tue Mar 01 07:16:04 +0000 2022


Replying to @wycdd, @chrismessina, @kimdhamilton, @Obstropolos, @SpruceID, @openid, @bluesky, @willnorris, @selfissued, @justin__richer and @BlockchainComns

I’m beginning to get signals that the market may be fed up with current architecture. But I’m not committing without more financial patrons committed to working together on it.

Tue Mar 01 07:17:58 +0000 2022


“note that our attacks on the higher-level cryptographic protocols work on new devices due to subtle attacks arising from their composability with the lower-level key-encryption…These issues further motivate the need for an open and standardized cryptographic design.” 👍 https://twitter.com/matthew_d_green/status/1495935700545454084

Tue Mar 01 07:27:58 +0000 2022


RT @bmann: @wycdd @ChristopherA @chrismessina @kimdhamilton @Obstropolos @SpruceID @openid @bluesky @willnorris @selfissued @justin__richer…

Tue Mar 01 07:29:00 +0000 2022


Replying to @bmann, @wycdd, @chrismessina, @kimdhamilton, @Obstropolos, @SpruceID, @openid, @bluesky, @willnorris, @selfissued, @justin__richer, @BlockchainComns and @WalletConnect

We have been also working on better Bitcoin wallet architectures, with what I believe are some really innovative approaches to understand threats & adversaries, eliminating single points of compromise (SPOC) & failure (SPOF). We want to expand to Ethereum: https://github.com/BlockchainCommons/SmartCustody#smartcustody-tools

Tue Mar 01 07:39:50 +0000 2022


Replying to @bmann, @wycdd, @chrismessina, @kimdhamilton, @Obstropolos, @SpruceID, @openid, @bluesky, @willnorris, @selfissued, @justin__richer, @BlockchainComns and @WalletConnect

We have some more papers with new bitcoin multisig-centric wallet scenarios & cold/airgap reference code coming out this week & next.

Tue Mar 01 07:41:54 +0000 2022

Updated: