143 sats \ 0 replies \ @dhruv OP 4 Apr \ parent \ on: I'm Dhruv Bansal, co-founder of Unchained, AMA! AMA
I don't feel like I know enough to choose. I do know that the more I learn about molecular biology, genetics, &c. the more I realize how, well, "evolved" it all feels :) It's not as precise as Mendel's peas, fitness landscapes are dynamic, the information theory analogy is imprecise, and so on.
I will say that Kevin Kelly is always interesting and this article doesn't disappoint. Non-random evolution seems very natural if you're a pantheist, right? :)
You're right to frame bitcoin-powered Internet as creating a huge, new space of vulnerabilities. If lightning browsers uncritically call
payment(request_data)
then bad stuff will happen. People would have to develop rules to limit carefully what kinds of data they're willing to send and receive. Subversions of those rules, or the systems which enforce those rules, would immediately lead to costly and therefore quickly noticed attacks.Bugs which caused such subversions would not be zero days because they'd be exploited in the wild by their discoverer immediately upon discovery, not hoarded and privately sold in a darkweb market. After all, someone else could find that bug and start profiting from it, exposing it for all to see and squash. The economic incentive (of a blackhat) is to exploit a networking bug immediately before someone else does. This gets bugs fixed faster.
"Data in payments", to use your evocative framing, makes networking more secure by changing the economic incentives of attackers to shorten the lifecycle of bugs. I think this kind of pattern recurs in other areas such as distributed databases. Think of key-value sets and gets in some giant cloud database that is actually just a market. The same zero-day killing behavior will occur there, too. This is how I see a bitcoin-powered Internet emerging over time :)
Almost no technical differences at the level of bitcoin, or redeem scripts, or private keys. The difference is more at the application level, in terms of additional security features designed for groups of people (e.g. in-app approvals are available for businesses but not for individual vaults) as well as at the level of support from our teams :)
From an earlier response:
On the name "Unchained" -- we started the company because we say how much bitcoin "just sits around" in the HOLD waves. We wanted to "unchain" the value from these coins through financial services.
Also maybe just the idea of "unchaining" potential, human, digital, or otherwise :)
As a company, Unchained is centralized. But our clients can leave our platform at any time, we can't stop them, they have their own private keys and open source wallets exist (some of which we've written!) that let them pull all their bitcoin out with a single tx.
If this were true generically of all financial service providers I think the culture of finance and banking would be very different. Companies would, like Unchained does, be forced to create value and make their clients very happy in order to retain them.
Also, long-term, I don't know how important on and off ramps are...what are we moving on and off in 2060? Dollars? I don't know how relevant those will be at the time! Maybe people just stay within bitcoin by then :)
Great question, thanks for engaging me on these ideas -- I think the bitcoin & computer security connection is really interesting and I wish more people talked about it!
To your first question -- you're right, vulns today do lead to significant financial loss. But I think vulns on a bitcoin-powered Internet would lead to even larger and more immediate losses and I believe the difference is large enough to be a distinction.
I'm a bit confused by this point "If we wanted to include Lightning transactions via every single request, sure - everyone would have to follow best practices and completely isolate and lock down that specific service. But that would only mitigate a single kind of vulnerability, and does not guarantee ethical or competent developer behavior throughout the rest of the web service."
^ What do you mean by "that specific service"? In the bitcoin-powered Internet world, any software that can make a network request from your device is software that can be used to steal money from you, since you're directly paying for network requests -- perhaps directly to the source host you're pulling the data from! So if a vuln in my software lets attackers make 1x1 pixel image request to attacker-controlled servers, that's basically a leak of sats my users will suffer. And they'll quickly see it, because it will be exploited quickly, and I'll come to know about it quickly, and I'll have to fix it -- or they'll stop using my software!
RE: the dissolution of the market for zero days -- I'm not making the claim that there will be no bugs on the bitcoin-powered Internet, just that there will be no zero days! Bugs can and will still exist and manifest, but they'll either be unknown to everyone or known to everyone -- the intermediate state of "known to attackers but not known to defenders" (a zero day!) will not exist because as soon as an attacker knows about a bug, if it can lead to the stealing of sats (via, say, the above 1x1 pixel image request attack) then it will be used to attack. It will never be sat on for weeks or months while it gets sold to another attacker in a zero-day market on the dark web. This is not true today -- a vuln in (e.g.) MS Word or some Siemens industrial control software found by some warez blackhat doesn't immediately turn into money, it has to be weaponized somehow first. If web requests cost sats, then it's far easier to turn vulns into money, and therefore selling them on zero day markets doesn't make economic sense.
To your second question -- I totally agree, the current stack is actually very robust after years of engineering on it. If we move to a new stack, that puts data within payments (I like the way you phrased that!) then we will have a boatload of new vulns that we create. You're absolutely right about this. Yet...so what? If the first part of my thesis is true, then these vulns will be quickly exploited because they'll be able to be used to steal sats. So they'll get noticed quickly and can be fixed quickly -- they won't sit as zero days for untold periods of time :)
Rereading your post -- I think I may have misunderstood the first question. While we do have a mobile app, the mobile app and the device it runs on are not part of the multisig wallet that protects your bitcoin. This is different (IIRC) than the Casa solution :)
We do have an iOS app we just launched recently -- check it out!
Not 100% sure if your second sentence is earnest or sarcastic! But I'll take you as earnest and say that Unchained's motivation for launching a mobile app was not compliance-related but convenience-related. Clients kept asking us for a way to check their balances, receive a deposit, or buy bitcoin while they were on the go -- the mobile app provides these features :)
It's so hard to predict the time something happens by!
In 10 years bitcoin's price will be much higher and adoption will be much broader, that seems safe to say. I think payment nteworks such as lightning (or something else?) will have also grown a lot out of necessity -- L1 fees are expensive! My hope is that by 10 years from now these payment networks will have become robust enough to begin to bootstrap further decentralized markets, e.g. markets for the storage and delivery of data online, or bandwidth, or routing. If we can solve that problem -- decentralizing the Internet -- then I think a lot of cool things become possible!
I'm not sure I agree. I'd like to see the separation of money and state, but I think one of the roles of compliance (as I understand it) is to work with the state where it is today, with its current rules, which definitely regulate much about money.
I don't think Unchained has a subversive compliance strategy, I think we have a conservative one -- we comply with all relevant regulations and best practices. To not do so would be to invite scrutiny and create risk for our business, our employees, our investors, and most importantly, our clients.
I do think Unchained has subversive product strategy. Collaborative custody is much harder than "just being a custodian" but it's also the right strategy -- it's disruptive and scary to the financial powers that be and this makes it subversive.
Protecting and preserving our product strategy through compliance is one of the missions of our compliance team!
In the US we mostly market and strategize the same in all states (where we can legally operate and sell our products & services). International is exciting to me, but it's a much more complex and nuanced compliance regime, so will require a different strategy.
I recently looked over a fundraising deck that we'd prepared back in 2016 and was pleasantly surprised to see how much of what we were planning to do back then is what we're actually doing now.
One major difference is that we are bitcoin-only today. Back in 2016, bitcoin's market cap was <$10B, and we assumed we had to find other assets we could work with -- that's no longer true :)
I think Unchained and Casa offer very similar custody products and I often say "If you're not going to use Unchained, please use Casa" -- I'd rather have people using Casa than self-custodying with a single key and losing it, or not self-custodying at all.
With that said, Unchained has financial services such as lending, trading, retirement, &c. baked into our platform, while Casa only focuses on custody. I think it's mighty convenient not to have to change your custody just because you want to buy or sell bitcoin, for example -- Unchained lets you go direct to/from cold storage!
Since you're a Casa customer already, you can probably figure out the switch to Unchained on your own, but if you need help check out our concierge onboarding program -- you'll get a chance to experience our service as well.
I think you're asking two slightly different questions. The first is "How can people best accelerate bitcoin adoption?" and I think the answer is education and representation. Talk to as many people in your family, friend and peer groups as you can. Educate them about why bitcoin matters, how to safely buy and protect bitcoin, &c. The motto of bitcoiners is "Verify, don't trust" yet most bitcoiners got to where they are by trusting some friend or family member that helped them understand and onboard into bitcoin -- at least initially. Be this person for your friends and family!
The second question you're asking is "What would you build now?" -- not everyone is a builder of things, so this question has a narrower audience, but it's just as important. I tend to start technical companies at the early stages of the adoption curve of some technology. Bitcoin is still early overall, but a lot of areas have gotten mature (e.g. exchanges). I'd probably be working on Lightning, as it strikes me as both extremely early as well as poised for rapid growth!
Thanks for being a client! I could be snarky and say $250/yr is the same as a premium Netflix subscription...is a world-class key agent and collaborative custody platform worth as much to you as watching Netflix shows without ads? But that's not really fair because a lot of people probably have a similar worry as you do and, truly, I empathize. If you're at the beginning of your bitcoin journey, with not a lot of corn, or you're a young person early in your career when income is tight, every little bit of cash leaving your bank account hurts (and is less sats you can stack!).
With that said, Unchained's average clients have significant bitcoin holdings and, for them, this price is very reasonable -- some even say too cheap! It's challenging to build a monetization strategy that is reasonable for clients early in their journey with few assets as well as clients who have 1000s of coins. We do have some differently priced tiers now and will likely support more tiers in the future. Ideally we would be able to find a pricing model that worked for every client -- we're probably not there yet :)