Bitcoin, Scams, and Everything in between: In Conversation with Peter Todd
Peter Todd has been one of the most vocal developers in the Bitcoin space and for good reason. The 33-year-old Canadian software engineer has been fiddling with the pioneer cryptocurrency for some time now, and when perusing his blog, much of this work has also shaped much of the crypto narrative.
Surrounding this has been a few notable Twitter quarrels with Ethereum co-founder Vitalik Buterin, his work with OpenTimestamps, and reflections on the “hard sci-fi” of mining bitcoin in space. In the following conversation held at the Hacker’s Congress 2018 in Prague, Czech Republic, BTCManager sat down with the coding whiz to go over some of the major topics in crypto.
Q & A with Peter Todd
My first question is about what you were doing before you were a Bitcoin developer and if it was also open source work.
It was very much not open source work. A zillion NDAs covered it. It was actually an analog electronics designer and a geophysics startup. Essentially, my job was to design the electronics that connected to the physical hardware itself and then condition those signals for digital. It was right at that transition zone.
Could you compare the two? Do you prefer working with open source code or with closed?
Yup, definitely open source. I mean, there’s only one way to do software.
You feel this strongly about it?
No, closed source code is bullshit. Especially when security is involved. I mean open source, in general, just makes sense, but in software, and the economics of it are just so clearly pro-open source. The correction cost is zero. The economics are dominated by actually building it, and it’s the cheapest to build it so you can see everything.
Do you think these kinds of economic models are under threat by people like Microsoft, IBM, and those kinds of companies? For instance, Microsoft just bought GitHub a little while back.
I would say it’s actually the reverse.
You think they’re under attack?
I think that Microsoft’s previous business model completely failed them. Microsoft has just had to accept the reality that closed source isn’t the way to go. Their cloud computing offering Azure, for instance, is currently running Linux, not Windows, on the majority of instances. And that’s Microsoft’s own offering. They started off Windows-only in the early days, and they had to give that up very quickly because Windows just can’t compete. When I do consulting, like security consulting, if a client proposes we be using a closed source component in their system, I just say “no.” That’s just unacceptable. How do you know what it’s doing?
Are there things about Bitcoin that attracted you when you first got started and that now you’re kind of like “this is no longer an interesting thing,” or “this has been debunked,” or “this is too much of a cliché?”
Nothing that comes to mind.
Fair enough. What do you think the greatest pitfalls at the moment are for Bitcoin from a software perspective, and also from a community perspective?
I think the community stuff is much more important than the software. There are far more risks involved there. Software, you can work around problems relatively easily. If you build layers up top, and Bitcoin, of course, doesn’t scale at the core layer, but we found ways to scale on top.
Do you feel confident about these solutions?
Reasonably confident. They’ll be fine for another ten years. And by that time in another ten years who knows what people will have come up with. Plus, what matters is not Bitcoin per se, but rather freed digital currency. That’s what matters. And if Bitcoin’s architecture proves to not quite work right, well other things can come along later.
If a more free Bitcoin were to arrive, would you be more aligned with that?
Bitcoin is as free as it gets in terms of freedom. But if it’s something that was technologically better, if that genuinely came around…but currently I don’t see anything that is with all things considered.
Would you say at the moment you’re focusing most on layer two solutions?
The community is focusing mostly on layer two stuff. I’m focusing on completely different stuff. Right now, I’m not contributing actively to Bitcoin core. I’m doing stuff around it.
Do you mind if I ask what is it that you’re doing?
The most public one that’s actually in production is OpenTimestamps, which proves how old data is. The analogy is that it’s kind of like carbon data where you want to show that some data existed in the far past. If it existed in the past, well the bad guys don’t have time machines. If they don’t have time machines, then you know that the attack can only happen in the present and then you can rule out the attack. That’s often very valuable.
Do you think this recent CVE bug that threatened double-spending this threat of a DDOS attack was over-stressed? Was it made into too big of a deal or do you think there were legitimate concerns?
You can say simultaneously both are true. Pure downtime in Bitcoin is incredibly expensive. Minor revenue alone is, I’ll probably wind up giving you the wrong number, but certainly on the order of like millions a day. You don’t want to be there.
And the businesses on top of that, again, very expensive and so on. But for that to go and kill the currency, a lot of other things would have had to go wrong. Now, that doesn’t mean it’s not serious. Airplane disasters, for instance, use the Swiss cheese model in how they discuss the situation. A disaster happens when all the holes in the Swiss cheese lineup. So, we had one big hole in the Swiss cheese, but we had other things that were not holes.
(Source: Aviation Safety Journal)
A good example of that is, yes, you could have double spent, but enough people are watching the chain in various ways that they probably would have noticed that something had gone wrong because various implementations and auditing stuff would have kicked offline. And once that notice happens, then people can start raising the alarm. And Twitter alone; you can go from an audience of zero to an audience of a million in minutes.
It would have taken very little time for that bug to be fixed, and most likely in that scenario, you would have rolled back the chain maybe a dozen blocks or something and gone on from there. It’s not the end of the world. It’s expensive, but this isn’t a long-term disaster.
On the other hand, in a different scenario like where Ethereum is headed. They have far fewer people actually watching the chain.
Can you define exactly what you mean by the different ways of “watching?”
Actually, having a copy of the chain.
Because everyone is running light nodes.
Exactly. In Ethereum very few people have full nodes, and the full node implementations don’t work very well. And because of that, if you can’t monitor it, you’re not going to notice this stuff, or maybe you might notice after three days.
After three days, do you roll back the chain or do you just accept that someone made a bunch of money out of thin air? It becomes a lot more dubious. It also makes it a lot more profitable to attack. If you tried to attack Bitcoin with this bug, you’ve got to spend a ton of money to create an invalid block, and then after you’ve spent that money you’ve got to go make it back by defrauding people.
You have to put in a bunch of investment, and your return is uncertain. The most likely scenario is where it gets noticed and gets fixed relatively quickly. The chances are you wouldn’t make a cent, because how do you get your money after?
That’s kind of like a business-model attack that you have to consider.
This is kind of why I advise clients. I mean, if they’re accepting big bitcoin deposits on the path of clients, they should strongly consider waiting a day before actually considering them as valid. Because if you wait that time period, waiting a day means, well, did you defraud us? No. Okay, we’ll accept it now. If yes, well, we’re just not going to give you your money back. The chain got rolled back. Your transaction never existed.
Do you think there would ever be a group of developers who would be exclusively thinking about these kinds of attacks or do you think it’s kind of like a sub-priority for every developer no matter what they’re doing?
Probably a bit of both.
Like a security super team or something.
I’m sure there are critics of Bitcoin who would be watching this stuff all the time.
Yeah, that’s true.
And that’s a good thing. It’s good to have those people looking. Also, things like Bitcoin monitoring services. Blockchain.info got their start just showing the transactions, the stats, and so on. These people wind up re-implementing things, and that’s always an opportunity to put in sanity checks. That’s where all the supply of Bitcoin increases when it shouldn’t, that’s either a bug in your code, or it’s a bug in the Bitcoin protocol.
And when you see that, naturally it raises alarms and you start asking why is your site giving bogus results. Well, maybe it’s because something is actually really broken, it’s not just your site.
There are lots of people who do things like that.
Moving away from Bitcoin a little bit, in an October 1, 2018 tweet, you referred to a Reuter’s article that described how blockchain would help the Irish border problem during Brexit, and you proposed that they should use a block mesh instead of a blockchain. Were you being serious or…
Very, very satirical. I hope you noticed the photo on that, which was a literal block mesh. It’s a better joke if you’d actually see that image. I think that that’s a very good example of people just saying “blockchain” when they’re just trying make it sound like they’re doing something to solve a problem.
I guess there’s no real genius there.
Nope. On the other hand, I mean you could certainly find use cases for blockchain in basically anything. A blockchain is just a chain of blocks. That’s the definition I use, and a chain of blocks can be useful in all kinds of things.
Your file system in your computer has roughly that same technology. With blockchain, though, you can now verify that the contents have changed unexpectedly. If a speck of dust lands on your hard drive that’ll wipe out some data, and you want the same kind of technology as blockchain technology to determine, did that data change since the last time we hashed it? That’s how simple Bitcoin ultimately is.
Nic Carter recently wrote an article in which he described blockchain is a “semantic wasteland,” and we should think of new ways to describe what a blockchain is. Do you think this is necessary or do you think it’s overused? Do you think it’s used in the wrong places or do you think there’s another way we could think about it?
I don’t entirely agree with his article.
He’s right in the sense that the semantics is a wasteland, but I’m not sure the solution is just to say “we’ll come up with entirely new terminology.”
For starters, entirely new terminology would probably have the same semantic problems after a year or two anyway. This doesn’t stem from people’s misunderstandings. A lot of this stems from straight up fraud. Ethereum is an example. It got its start in part from fraud, from people making up use-cases that would obviously never work and advertising it to gullible investors. If you think of Vitalik, prior to Ethereum, he was off shilling a quantum computing scam.
Gregory Maxwell commenting on Buterin’s quantum computing operation prior to Ethereum.
Yeah. His excuse was he was 18, and he didn’t know what he was doing. Of course, it gets portrayed as if he was a young teenager, which isn’t true, he was an adult. He was in college at the time, or I should say university at the time for North American terminology, and it’s just so dubious. He knew what he was doing; he’s not dumb.
I’ve seen you guys bump heads a few times on Twitter actually, and do you think that-
Well, you notice how that’s happened less frequently? I think he realized he can’t win those kinds of debates. He’s much better off just insulating himself with like-minded people. He doesn’t debate people that much.
Do you think that this crypto Twitter phenomenon, this kind of huge open media source of people constantly commenting, is helpful or negative? Or do you think it’s a bit of both?
Probably a bit of both. It can be very helpful at raising alarms and uncovering stuff very quickly. But, like media in general, it isn’t necessarily that effective. Most of the problems really stem from this big chunk of people who would otherwise be reasonably honest, but they’re willing to tolerate scams.
To name a concrete example, one guy I used to respect more was Christopher Allen. He wanted a good time stamping protocol to exist and, long story short, I had OpenTimestamps on and off for a while. I actually got it to the point where it was working and roughly around the same time another competitor came onto the scene and started doing their time stamping stuff. A little after that, they launched an ICO and lied about what their system could do relative to my system.
Christopher Allen and a few other people came and said “you know we should talk about this in private,” and “don’t make a big fuss, et cetera, et cetera.” Well, I’m sorry, that’s just dishonest. You know damn well Tierion lied about what their product did. There’s no reason to sugarcoat this. They lied about it, and they should be treated very harshly for this.
The right outcome is for them to apologize and take the stuff down. Of course, they’re not going to do that because they materially lied to investors. They dug themselves into a hole. And what does Christopher Allen do? He later takes a pile of money from these people to fund one of his own projects. You can see what the motivations are there.
Even if not intentional, you just being kind of nice to people, and you get rewarded for that. But it’s just not good for the public.
Twitter is good for resolving this kind of thing. It spreads like wildfire.
I’ve noticed in general the people who argue most strongly to be civil, they’re usually the ones in bed with scammers. Which is really sad, because, in any other field, you would want to be all over this. This sort of crypto finance, in general, is a very special case because you make a ton of money by scamming people.
If I were in say programming language design, it would be a completely different discussion, because there’s just not these opportunities to make money by scammers. No one makes money by introducing a new program. At least not on the level that you do by scamming people in ICO.
The assumption in those fields should be “we’ll assume honesty.” Bend over backward to assume good intent. That’s not true in crypto finance. In crypto finance, it’s much more likely that the guy is saying something that’s misleading. He’s probably lying to go make money.
Final question: Stable coins, overrated or underrated?
Well, you have to ask what type. The algorithmic stable coins, which that don’t have things backing them, they’re probably downright dangerous. There’s good reason to think that they all could fail if the market parameters get out of whack, but the more boring stable coins, which actually have something backing them, they’re reasonable enough.
And the crazy thing about it is even something as dubious as Tether still hasn’t done proper audits. From the point of view of an investor who just wants to buy some Tether to move some money around, they can make a lot of sense even if the backing doesn’t exist, which is kind of insane. But you’d hope the market would eventually then get better alternatives.
Do you think people are too eager for this kind of thing?
I think the obsession is they’re a good narrative to investors. It’s not about it being useful; it’s about it being a good narrative to investors. They come out of this sort of Tierion side of thing, where lying to investors is relatively accepted. I wouldn’t be surprised if a lot of them aren’t really going to work, and they’re going to fail, and a whole ton of money will be lost.
You kind of stack them in with shit coins.
I mean, I wish I didn’t have to.
None of them have really impressed you in any kind of way?
Well, the ones that impressed me are the technologically simpler ones, which are just, “we got our ducks in a row, and we figured out the regulations, and here’s this offering.”
I think I could be misremembering, but I think Coinbase, or one of the major well-known companies, they recently announced that they’re going to do one, and that’s the kind of thing that’s reasonable. It will just be a boring coin. There’s no fancy tech involved. It’s easy to evaluate, whereas things that are algorithmic, we know that they will fail.
It just takes a bit of time for the parameters to get out of whack and it ultimately implodes. We’ve seen them fail before.
The Gemini Dollar market valuation from October 14 to October 19, 2018.
Lastly, do you have any suggestions for reading or ideas to pursue in general?
Well, of course, I’ll promote my own blog, which is at PeterTodd.org. And the standard advice I often give people is read Bruce Schneier’s book Cryptography Engineering. The reason is, it’s just a simple intro to crypto, and unless you understand the basics, you’re sort of swimming in the deep end.
Thanks to Peter Todd for taking the time for this interview. BTCManager wishes him all the best in his future endeavors.