S4 E7: Peter Todd on Hardware Wallets, Security & Proofmarshall

Intellectually speaking, Peter Todd has been a bitcoiner before Satoshi Nakamoto even emerged on the cypherpunk mailing list. As a cryptography and computer science enthusiast, he would try to solve the double-spending problem with Hal Finney and Adam Back when he was just fifteen. His work and credentials definitely qualify him as a cypherpunk, but it’s his relentless critical spirit and adversarial thinking that make him stand apart.

As a true iconoclast, Peter Todd is not afraid to ask the questions that defy canons and would definitely call out the emperor for his nakedness in spite of authoritarian pressures to recognize the existence of clothes.

For these reasons, Todd is the perfect critic of hardware wallets, and the right kind of person to explain how ideal security setups should function. Though he avoids giving specific advice, Peter Todd does promote the development of a critical thinking mechanism which adapts to threats and preemptively phases out possibly disastrous scenarios.

The inclusion of Todd in season 4 of the Bitcoin Takeover Podcast marks a significant shift in tone, as for the first time during the series the guest has absolutely no involvement in the hardware wallet or cold storage business. By having no skin in the game, he can be brutally honest.

Throughout this two-hour interview, the cypherpunk is candid and merciless when it comes to criticizing the lack of transparency that certain manufacturers show.

And when he doesn’t explain why hardware wallets are terrible and how cold storage is best maintained, Peter Todd also talks about his latest project: Proofmarshall. If you’re able to help build the project (also described during the podcast at 1:17:00) or would like to audit it, feel free to contribute on the public GitHub repository.

The episode is available on iTunes & Spotify.

If you’re not on iTunes or Spotify, use this YouTube video. No registration is required.

Time Stamps:

4:02 – Intro

5:24 – Hardware wallet physical security

6:10 – Buying hardware wallets on eBay?

7:04 – Toothbrush analogy

7:26 – Supply chain attacks

7:40 – Fake seed cards 

8:20 – Does Peter Todd use any hardware wallets?

9:10 – Hardware wallets as part of the Bitcoin lifestyle 

9:30 – Dealing with Bitcoin in the early days

10:40 – Peter Todd running Qubes and multiple virtual machines

11:29 – Advice for newbies

13:00 – The economics of hardware wallets

13:50 – Markets for Bitcoin transaction data 

15:00 – Are Electrum servers ran by Chainalysis?

16:30 – Chainalysis and Bitcoin exchanges

17:00 – Shapeshift’s KeepKey

18:31 – Does Peter Todd use a Coldcard?

20:22 – The issue of hardware wallet screens and checking addresses

21:55 – Packaging to discourage supply chain attacks

23:00 – Coldcard and PSBT

25:25 – Auditing trusted setups

26:10 – Which hardware wallet does Peter Todd recommend?

29:15 – Is the YubiKey better than a hardware wallet?

31:57 – Setting up a watch-only wallet for cold storage

32:58 – Is just using Bitcoin Core secure enough?

35:14 – The psychology of having a piece of hardware that makes you feel safe

36:36 – Ballet Crypto and trusted printing

37:45 – BitAddress dot org

39:00 – Generating randomness with a dice 

40:10 – Security is hard and complex

41:00 – Security theatre 

42:47 – Cryptography vs Applied Cryptography 

44:30 – How can Trezor and Ledger steal funds from hardware wallet owners?

46:41 – Liability for theft

49:40 – Can hardware wallet manufacturers steal $1 from each user?

51:00 – The perfect theft that hardware wallet manufacturers can coordinate

52:10 – Bluetooth on hardware wallets?

53:10 – RS 232 

55:20 – Faraday cages

57:20 – Practical advice for bitcoiners 

59:00 – Tiger rocks, locks, and lock pickers 

1:00:20 – Is multisig a good idea?

1:01:23 – Is memorizing your private key a good idea?

1:01:56 – Security from yourself

1:03:30 – Physical vs digital data security

1:05:20 – Does Peter Todd like weed?

1:06:16 – Bitcoin and drug sales

1:07:41 – Peter Todd’s prediction for Bitcoin’s success

1:09:50 – One day, Bitcoin will go to 0

1:10:00 – The US dollar will fail before Bitcoin

1:12:50 – David Gerard and stories that exist just because they have an audience

1:16:22 – Peter Todd’s Proofmarshall project 

1:17:10 – Practical applications of Open Timestamps and Proofmarshall

1:23:30 – Why Peter Todd thinks Bitcoin should have inflation

1:24:51 – Replace By Fee (RBF) according to Peter Todd’s initial design

1:27:00 – Why it’s profitable but disingenuous to sell tokens

1:28:00 – Ethereum’s marketing was a scam

1:30:20 – We can’t replicate Bitcoin

1:31:30 – Post-profitability Bitcoin mining

1:37:40 – Does Peter Todd think Bitcoin will be around in 40-50 years?

1:39:40 – Why is Peter Todd not Satoshi?

1:40:30 – Does Peter Todd have anti-Bitcoin ideas?

1:41:30 – Gold is inflationary

1:46:25 – Does Peter Todd like the HTC Exodus 1s full node phone?

1:48:30 – Android is messed up

1:48:15 – Are iPhones more secure?

1:50:00 – Is Tails OS really safe?

1:50:40 – Why it’s good to have dedicated devices

1:52:30 – The mobile operating system choices we have are terrible

1:54:00 – Tor on Blockstream Green iOS

1:55:10 – VPN, Tor, or both?

1:57:30 – Should we run Tor exit nodes?

1:58:30 – Closing notes

Special thanks to LXMI and Phemex for sponsoring this episode!

LXMI Ad:

“LXMI is a European Cryptocurrency exchange whose name is inspired by Lakshmi, the Hindu Goddess of Wealth, Good Fortune and Prosperity. It’s one of the regulated and legal Cryptocurrency exchange.

On LXMI you can buy bitcoins with most fiat currencies and you can also do the trading for top Altcoins. 

They follow the “Not your keys not your bitcoins” philosophy with their integrated non-custodial wallet which helps you manage your own private keys. So if you’re into trading, then you don’t have to worry about having your Crypto frozen by whatever political decisions, since you’re empowered to hold and move your coins around whenever you wish. 

It’s great to have new players like LXMI that respect your financial sovereignty.

LXMI is launching in 2020 for more information please check out – www.LXMI.IO/

If you’re not trading, it’s recommended to move your coins to a hardware wallet or some other form of cold storage, and in this episode, you’re about to find why.

Please keep in mind that this is just an ad for a sponsor of this show. It’s not meant to serve as financial advice, and you’re responsible to do your own research before buying anything and act according to your own decisions. Embrace your financial sovereignty with agency and precaution.

Phemex Ad:

“Phemex is a Bitcoin exchange with derivative trading options which focuses on speed, robustness, and maximum uptime. Built by former Morgan Stanley executives, it manages o bring simple and accessible Bitcoin trading. In 2020, Phemex will also add S&P 500 stocks, stock indexes, FOREX, commodities, and more. 

Sign up today at phemex.com/bonus and receive a bonus of up to $72.

Please keep in mind that this is just an ad for a sponsor of this show. It’s not meant to serve as financial advice, and you’re responsible to do your own research before buying anything and act according to your own decisions. Embrace your financial sovereignty with agency and precaution.”

Full Transcript:

Vlad Costea (00:00:11):

Hi there and welcome to Season 4 Episode 7 of the Bitcoin Takeover Podcast. I am Vlad and today my guest—and it’s very hard for me to compute that I’m having this kind of high-profile guest—but it’s Peter Todd who is a cryptography consultant nowadays. He used to be a Bitcoin core developer and if you look at the list of commits on GitHub, he is still one of the highest ranked in terms of activity, and nowadays he works on different projects and possibly he doesn’t want me to mention that he has also worked on that privacy cryptocurrency, which—whatever. Okay. He goes to conferences, he talks about dishonest developers and explains how ethically developers should conduct their activity. And also he writes interesting stuff on Twitter. Part of the reason why he is here is because he commented on the Trezor which got hacked very fast by the security team of Kraken, and that was quite a big debate on social media. And people have started asking questions and, essentially, I guess the main idea is that we should not trust hardware wallets for their physical security, right?

Peter Todd (00:05:26):

Yeah. I think there’s a range of threat models you might want to have. But the most important thing about a hardware wallet is that it’s not a pile of software on a compromised computer—not that it’s protecting you against ninjas who are breaking into your apartment.

Vlad Costea (00:05:46):

Maybe we should blame the marketing departments for making some claims about what hardware wallets do? One of the examples that comes to mind was one where one executive of a certain company said that you can basically buy one of their devices on eBay and it’s still safe.

Peter Todd (00:06:12):

Well which one? Because I think more than one company comes to mind there.

Vlad Costea (00:06:17):

Really? The one with the secure chip.

Peter Todd (00:06:22):

Which one? See I think you’re thinking of Ledger, but I’m pretty sure they’re not the only one who’s made silly claims like that.

Vlad Costea (00:06:30):

Really? I mean I spoke to Jonas and Douglas of ShiftCrypto—they do the BitBox—and they said it’s a bad idea. And their perspective on hardware wallets is that they should be like toothbrushes.

Peter Todd (00:06:47):

So you put them into your mouth and you move them back and forth and your teeth get cleaned?

Vlad Costea (00:06:54):

That can be a use-case, they can be [INAUDIBLE] sometimes.

Peter Todd (00:07:00):

I think the toothbrush brush analogy isn’t necessarily so good because sharing your hardware wallet isn’t necessarily so bad, but you really want to know where the hell you’re buying it. Whereas I’ll go buy toothbrushes about anywhere where you can find them.

Vlad Costea (00:07:16):

Yeah, that’s a good point. And one of the biggest criticisms of hardware wallets is that they can be subjected to supply chain attacks.

Peter Todd (00:07:26):

Absolutely. And not just can be, we have concrete examples of this, although the way that the attacks have gotten publicity, happened—is hilariously simple—which is you go and take out the little seed card that you’re supposed to go write down your seed on, and then just go pre-fill it. And that’s enough social engineering to go fool people into using that seed.

Vlad Costea (00:07:53):

So that worked, actually?

Peter Todd (00:07:56):

Yeah, apparently people have fallen for this.

Vlad Costea (00:07:59):

I would have expected people to implant chips and tracking—RFID stuff.

Peter Todd (00:08:09):

Well, why bother doing something complex when a simple attack will work.

Vlad Costea (00:08:15):

That’s a fair point. So do you personally use any hardware wallets?

Peter Todd (00:08:21):

No, actually I don’t. I mean I own some, but I don’t actually go use them. What I do instead is I just go run regular wallets when I need to securely store a fair amount of Bitcoin—I just go run a regular wallet on a computer that I don’t use for anything else.

Vlad Costea (00:08:42):

That’s something that a lot of old-time Bitcoiners say. And hardware wallets were not around until I think 2012-2013.

Peter Todd (00:08:53):

Yeah. Relatively recently, at least if you’re an old-timer.

Vlad Costea (00:08:58):

Yeah, you have been around at least since 2001 and it’s interesting that nowadays owning a hardware wallet is part of becoming a Bitcoiner. They have turned it into some kind of lifestyle. And to some people it’s impossible to conceive that you withdraw your coins from an exchange—where you buy them—on anything else except for hardware wallets. So my question to you is how were you people dealing with Bitcoins in the early days?

Peter Todd (00:09:33):

In the early days, people didn’t have that much money in Bitcoin. So all the standards are very different. But I think the more interesting thing is: what do you do these days? And first and foremost I’ll go point out: if you’re withdrawing your Bitcoins from an exchange, how do you even know that the withdrawal happened? Like where did you enter in the address to do the withdrawal? You get all kinds of questions but this, that can break your security long before it ever gets to the hardware wallet. Similarly, if you do have a hardware wallet, how is it exactly that you verify that there’s Bitcoins on it? The hardware wallet itself probably doesn’t have a full node.

Vlad Costea (00:10:17):

No, obviously. Some of them allow you to connect to a full node.

Peter Todd (00:10:24):

At which point, well what security are you really getting, over just running that full node on a separate computer by itself?

Vlad Costea (00:10:31):

That’s also a fair point.

Peter Todd (00:10:33):

Essentially on all my day-to-day use computers, I run Qubes. So I have multiple independent virtual machines I can just go and spin off and they’re all separated from each other and so on. So it’s very easy for me, for instance, to run a Bitcoin node for a wallet. And then you can have that virtual machine connect to a separate node that can also run as a firewall. There’s many options there.

Vlad Costea (00:11:05):

Yeah, if you’re able to do it, there’s no reason to not do it because you know exactly what’s going on there and you understand security. But what about somebody who has no idea what he’s doing or she’s doing and maybe just gets a hardware wallet. Do you have any kind of recommendations in regards to what they should be learning?

Peter Todd (00:11:29):

Honestly, the advice I’ve actually given people is just go and get an iPhone from a somewhat reputable source that couldn’t go and target you and just install a wallet on it, or get an Android phone, install a wallet on it and don’t use the phone for anything else. And that’s actually not that crazy advice, you know? And if I am going to tell them to go get a hardware wallet, frankly I’d actually trust Trezor more because they do have a design that is based on more off-the-shelf chips than other people do. The problem with something like the Ledger is—to get all these fancy security chips—you have to go sign NDAs and then people can’t easily reverse engineer your devices and figure out if they’re actually doing what they should be doing. You’re actually putting much more trust into the manufacturer than you are on a Trezor, or let alone a phone.

Vlad Costea (00:12:36):

Yeah. But to people who have been holding their coins on Coinbase or Kraken or whatever, sometimes it seems natural that they have to trust somebody and they’re going to say, Okay, I’m going to trust this company that they will provide the security that they provide. And they seem to be also pretty high up in terms of market ranking—Ledger is the bestseller right now.

Vlad Costea (00:13:06):

Remember, the economics of a hardware wallet is that they’re selling a device that costs money, which then gives them the ability to go and pay for marketing and people to go sit on podcasts and all kinds of things. That possible set of solutions is always going to have more support simply because they’re the ones who have the budget to actually go and push their solution. The unfortunate thing with regular wallets on software is that it’s actually hard to monetize them.

Vlad Costea (00:13:46):

Yeah. Also, I suppose there is the market for the data that gets generated when you’re using a hardware wallet, which connects to the servers of the company. They’re going to know your location, your e-mail address, your IP and possibly you also connect to your full node and they’re going to see all of your generated addresses and transaction history and there’s a market for all that data.

Peter Todd (00:14:12):

Yeah, that’s absolutely true. Although at least with a hardware wallet, there is a income stream in the form of the hardware. Other than that—see from that threat model a pure software wallet is actually more worrying, because they don’t have any other income stream, with exceptions like say, Blockstream’s Green Address/Green bits, where that’s just an add-on service to other things that they’re making money off of. But if you’re looking at a company whose only thing they’re doing is creating a wallet, well you gotta ask, well where’s the money coming from to actually do that?

Vlad Costea (00:14:54):

Yeah. I think we should ask this with Electrum, which is one of the most popular wallets.

Peter Todd (00:15:02):

Well, the Electrum developers, I’m pretty confident it’s just an open source project. But certainly the Electrum servers people run, chances are a lot of them are run by Chainlysis companies. Electrum’s model of having a bunch of servers that you pick at random—where you don’t know who they are—actually really worries me. You’re much better off—in a situation like that—actually having very centralized, well-known servers. This is the irony of it: decentralization for privacy doesn’t necessarily work, because of Sybil attacks.

Vlad Costea (00:15:39):

I’ve never really thought about this, but it makes a lot of sense. Just like how we spoke with @nopara73, who developed Wasabi wallet, and he told me that Coinbase is actually a very good mixer.

Peter Todd (00:15:53):

Well depending on your threat model, he’s not wrong. Most exchanges that have hot wallets, they’ll be very good mixers depending on your threat model. If your threat model is, I don’t want some guy off in Syria to go and be able to go figure out what my Bitcoins are, well that guy off in Syria is subject to sanctions and probably won’t be able to get Chainalysis to go pick up the phone. On the other hand, if my threat model is someone who can get a Chainalysis feed, well, chances are CoinDesk is just dumping their database right off to a Chainalysis database. I don’t think they ever actually denied that.

New Speaker (00:16:35):

I’ve seen evidence personally that Chainalysis probably is getting feeds from various Bitcoin exchanges. Whether or not that’s true now, it’s really hard to know. But it seems pretty damn likely to me based on the stuff I’ve seen.

Vlad Costea (00:17:03):

About hardware wallets, I’ve seen that Shapeshift is selling the KeepKey right now for about $20 and they even give it to you for $5 if you sign up to their exchange and you KYC, which is interesting because this only proves that they’re the market for your data and they can make enough money to sustain the operation, whereas the KeepKey used to cost $200 about two years ago.

Peter Todd (00:17:31):

But why do you think that shows that there’s a market for your data? Why wouldn’t that just be a marketing expense for Shapeshift?

Vlad Costea (00:17:40):

That’s a possibility. But you do sign up with your data.

Peter Todd (00:17:47):

Sure. But I’m saying Shapeshift probably would be doing this KYC no matter what. The point is—seeing the hardware wallet get added onto that—I wouldn’t necessarily read too much into it. To me that sounds like a marketing exercise as in, here’s how you go and get on to cryptocurrencies and have some security. I wouldn’t jump to the conclusion of that being malicious or anything. Having said that, depending on which servers your Shapeshift keys are going to, well, then they’d be able to get more data out of it. But I’d want to actually check details like that first.

Vlad Costea (00:18:31):

I think I read some comments on Twitter and somebody wanted to know if you are using a Coldcard and you said you’re not using any hardware wallets, so would you please disappoint?

Peter Todd (00:18:44):

Well I have a Coldcard, I played with it, but it’s not what I’m using to go and store my riches, to the extent I even have them. I’m just dubious about all these devices to be honest with you, and again, that comes out of the threat model. I’m not terribly worried about—well I shouldn’t quite say I’m not worried at all. But rather I think if someone gets to the point where they’ve physically broken into my apartment or my safes and stuff like that and have physical access to my wallets—a hell of a lot of stuff has probably gone wrong. And they could probably go and get my Bitcoins another way. Like once someone breaks into your apartment, they can also leave hidden cameras as an example.

New Speaker (00:19:45):

They can go and try to go get your backup seeds in other ways. It just doesn’t seem to be the threat I’m worried about compared to the much more benign threat of—well, you get some malicious software on the same device that you have your wallet on. Similarly, remember that the way you interact with all these wallets is not purely through the wallet. Like where do you get the Bitcoin address to actually send coins to? That comes off the device—it can also be compromised.

Vlad Costea (00:20:22):

Yeah. And sometimes these hardware wallets don’t even have large enough screens to fit that whole address so you can check it.

Peter Todd (00:20:31):

Yeah, exactly. There’s lots of issues like that.

Vlad Costea (00:20:34):

The display can be compromised if it’s not connected to the secure element or something.

Peter Todd (00:20:40):

Well Ledger has this issue and it’s doubly glaring with Ledger because they have marketed before saying, Well it’s okay that they go ship their devices without any tamper-resistant packaging, no tamper evidence at all. And that’s just crazy because anyone can go take a Ledger, take it out of this box, pop the case off and do whatever they want with it. It doesn’t matter that the keys are in a little secure element. All of your way of interacting with the device is insecure.

New Speaker (00:21:15):

I mean ironically with that regard Trezor is better because at least it’s a sealed case that’s ultrasonic welded if I remember correctly. Same thing with Coldcard. They ultrasonic weld their cases. So it’d be quite a lot of work to take a Coldard, tamper with it, then go put it back together. You’d have to invest in a bunch of tooling and stuff. On the other hand, by the time you’re intercepting packages to screw with Coldcards, well maybe making a new ultrasonic welded case isn’t actually that expensive.

Vlad Costea (00:21:52):

Yeah. Also Coldcard does something interesting with marking a number on the packaging. So when you open it up you see that number and when you boot up the device for the first time, it asks you to verify that the number on the screen corresponds with the one on the packaging.

Peter Todd (00:22:12):

But you realize how silly that is. You’re verifying it against the device that could have been compromised by the attacker. Yeah that doesn’t actually work.

Vlad Costea (00:22:26):

Yeah. Possibly.

Peter Todd (00:22:29):

The way you do that that would actually work is to verify a number against a signature checked by your computer after hooking up to the Coldcard. But if you’re going to have a system that actually works, that needs to be the default users do—just having people check a number on the packaging to a number on the chip is totally meaningless.

Vlad Costea (00:22:55):

I’ve also played with the latest Coldcard, the Mk3. And what’s different about it is that it uses PSBT.

Peter Todd (00:23:06):

Oh yeah, Partially-Signed Bitcoin Transactions. That’s a Multisig situation, which does change things.

Vlad Costea (00:23:23):

Yeah. I mean it’s different in the sense that you can just connect the Coldcard to a power supply and you’re never connected to your computer, but you do have to backup your data on an SD card and then put your SD card inside the computer.

Peter Todd (00:23:39):

Well let’s be clear: you are connecting it to your computer. You’re just doing it through a higher latency way. The other thing is the physical wires connecting it to your computer—they’re not the thing I’m worried about. The thing I’m more worried about is the fact it’s communicating to your computer at all, because the most likely exploit you would get there would be say a bug in their transaction parsing code where you can go and do a buffer overflow on the Coldcard. And saying it’s not connected to your computer doesn’t help that situation at all. I’d be perfectly happy to have a Coldcard-to-USB interface.

New Speaker (00:24:25):

I think the added security of the SD card isn’t that much. Now one thing you can do with an SD card, which is kind of nice, is you can go and—for really high security stuff—you can go audit it. The way you do that is you write to two SD cards. And then you put one aside, use the other one to then do the communication, and now you have a record of what actually went into the device and can go and have some attempt to auditing it. But you’d really need on the Coldcard side—I don’t think their firmware does it—to have the option of writing the transactions to separate SD cards as well.

Vlad Costea (00:25:07):

Interesting. And just for the record, PSBT is BIP 174 because I know somebody will try to correct me and I said 157.

Peter Todd (00:25:22):

When I was involved in the Zcash trusted setup there was that same kind of auditing consideration where the trusted setup scheme was designed to leave an audit trail of all the communication that actually happened with the compute notes and that audit trail was done in the form of burnt DVDs. Although again, you had the same problem where people think DVDs are write-once and they’re actually not, because even if you close out the session, you can still modify the data on them at a low level. So in theory, it didn’t actually meet that requirement, but again, that’s the idea: leave that audit trail.

Vlad Costea (00:26:09):

Yeah. I was about to ask you, you said you recommend to people to just get an old phone that they can wipe and install some sort of wallet. But if you were to recommend just one hardware wallet, which one would it be? The Trezor?

Peter Todd (00:26:29):

Probably, yeah. Because they’re the ones whose overall design and marketing seems like the least voodoo silliness. There’s nothing about Trezor that makes me want to correct them. Look at Ledger, where the marketing of, You can just go and get this without tamper-resistant packaging is just wrong, or Coldcard, where this initial number setup thing just doesn’t make sense. Whereas Trezor—there’s nothing like that I can go point and say, All right that doesn’t make sense. Trezor is a fairly straightforward design and it has its limitations, but I think from what I’ve seen it’s reasonably well understood and I would trust it in the scenario where I wasn’t expecting it to be physically secure, which I think is fine. If you really want the physical security part of it, use a passphrase with it.

Vlad Costea (00:27:33):

Yeah. That’s a fair criticism and I’m happy I got you because you are a big critic of the whole concept of hardware wallets, which is awesome. I got so much positive input in regards to how they work and possibly I think when I first started doing this whole season—which is going to be 10 episodes just about hardware wallets and cold storage—I thought I would make it easier for people to decide what they want to buy when they get a hardware wallet. But now I think I just made it a lot more difficult. But that’s for the better.

Peter Todd (00:28:10):

And I think what would make it even more difficult is having more hardware wallets support PSBT and also more software on the computer side as well. Because Multisig does change things with this and it changes what you’re actually using it for. Like when all the key is in one place, it’s effectively like, that’s the security model using. Whereas when things are Multisig, you get much more nuanced control over what exactly your security model is. Also, to point out, there’s a difference between security with intent of avoiding loss and security with the intent of auditing and figuring out how you lost something. In corporate environments for instance, a lot of security is actually about auditing: you accept that someone might go break in, but you’re much more concerned about understanding how the break can happen, so you can go stop it.

Vlad Costea (00:29:11):

I’ve heard some people who say they store private keys on devices like the YubiKey, which is a small flash drive which stores any kind of passwords from e-mail to whatever kind of accounts you might be having. And you just put it in your USB and I think it has some sort of fingerprint scanner and that’s how you authenticate with the device.

Peter Todd (00:29:35):

Yeah that’s not what they are. The YubiKey is effectively a smart card in a different form factor. And the password thing you’re thinking of I think is—well first of all, the YubiKey can store a very limited number of passwords, which is an older style authentication mechanism, but the thing that they’re more used for these days is Fido and UTF where, on the YubiKey there’s an ECC key that then—similar to actually how Bitcoin addresses get derived in hierarchical wallets—you do the ECC maths then derive the key for a particular website that then gets used to sign on an authentication token. So that acts as a second factor to your login and they’re quite useful. I have one that’s sitting on my keychain right now. Okay, five of them—for various reasons—but I use one day-to-day for login and I think they work great. But in the context of Bitcoin they don’t understand the Bitcoin transactions. All they’re useful for there is auditing.

Vlad Costea (00:30:55):

Okay. So they’re not friendly with people who are newbies and have no idea what they’re doing?

Peter Todd (00:31:03):

No, I wouldn’t say that. I’d say they’re very friendly, it’s just they offer very little security in the context of Bitcoin. They’re great for securing your Kraken account, and I do use YubiKey to store the 2FA for my Kraken account, but because they don’t have a user interface, they can’t really help that much in protecting your actual Bitcoin. Putting a private key on a YubiKey for your Bitcoins doesn’t really make that much sense.

Vlad Costea (00:31:38):

Yeah. I think there was somebody who was actually asking in regards to this idea that any kind of Bitcoins you’re holding should be associated with a full node. And he asked if it’s possible to set up a watch-only wallet with a pruned node for hardware wallets?

Peter Todd (00:32:01):

I’m not too familiar with how much software exists for that, but certainly that’s possible to do. Bitcoin Core is an example: it does have watch-only features, so it’s very easy to—at least at the API level—to have watch-only wallets on Bitcoin Core. As an example, some of the CoinJoin wallets actually use this like JoinMarket—that’s just how they manage their wallets. Joinmarket then keeps all of its private keys separately.

New Speaker (00:32:35):

I’ve also seen exchanges do this too where in their internal wallet implementation they’ll use this watch-only wallet by Bitcoin Core but then do private key managements in some totally other way, like maybe an HSM.

Vlad Costea (00:32:55):

So what do you say to people who only use Bitcoin Core, which is essentially a hot wallet on a computer that’s connected to the Internet?

Peter Todd (00:33:07):

Well, I mean I’m not necessarily that worried about it. The thing with Bitcoin Core is there’s a ton of people looking at that codebase and auditing it, which is one of the big worries I have actually about a lot of hardware wallets especially non-Multisig ones where you’ve got to ask, How many people are actually looking at that codebase? How many people are reviewing changes to prevent mistakes? We’ve had people lose plenty of Bitcoins just because their Bitcoin wallet screwed up and, say, sent Bitcoins to an unspendable address or something like that. That might actually be the bigger threat overall. So in that regard, Bitcoin Core doesn’t look so bad anymore. Also again, it’s not that hot of a wallet if you do something like run two Bitcoin Core nodes and then have one firewalled by the other. Similarly, if you have a wallet, a good advice is: run your Bitcoin Core node over Tor. So it’s very difficult for anyone to actually go target you.

Vlad Costea (00:34:18):

Yeah, that’s fair. And actually in two weeks I will be interviewing Slush. And his argument for using hardware wallets is that he has seen so many people lose their coins in the early days. That, to most people, it’s just a lot more convenient to have one device where you store it and you have a piece of paper or possibly a metal plate where you engrave your seed words.

Peter Todd (00:34:49):

Well, I mean that argument isn’t unique to hardware wallets. Just to give an example: I use Eclair with Lightning. Eclair, for the non-Lightning part does have a seed that you go write down and that’s exactly what I did when I set it up. That said, there is something to be said for the psychology of having a piece of hardware that you know to go keep safe. That may be something that helps some people.

Vlad Costea (00:35:22):

Okay. You actually reminded me about something I’ve heard from Douglas Bakkum from BitBox when he said that a lot of the stuff going on with security in the hardware wallet space is just theatrics—they’re doing it just to make you feel safe, but in reality it doesn’t make much of a difference.

Peter Todd (00:35:46):

Yeah. Like I say, the entire hardware wallet industry, it’s a weird one because it’s a unique way to go make money by creating a wallet. So right there you’re going to have more focus on hardware wallets than is probably actually strictly necessary, just because it’s a way to go make money. It’s like the ICO market where everyone wanted to go and create protocols and have tokens. Well why did they do that? Because that’s the only way to make money off of creating new protocols. It doesn’t necessarily mean it’s good idea, and it’s not to say it’s never a good idea, but there’s certainly going to be more focus on it then is really necessary.

Vlad Costea (00:36:27):

Yeah, that’s a fair point. For example, there are some terrible cold storage solutions like, I’m not sure if you heard about Ballet? It’s created by Bobby Lee and it has the shape of a credit card and it’s basically just a card with a pre-printed private key. Half of it is printed in China, the other half is printed in the United States.

Peter Todd (00:37:01):

Yeah. A particularly bad example that I saw was where some existing high-security government printer that would normally be printing paper notes and so on. They’ve decided to get into the Bitcoin business and of course they did what they know, which was to go and pre-print private keys on high-security paper. You’re basically better off just doing this by hand on your printer at home. Again this is driven by what they’re able to do, regardless of how much sense it makes security-wise. Similarly, if you want your really bad version you go to a bitaddress.org—I don’t know if they’re still around—but it was just a simple website with some Javascript allegedly running where you’d go to it and print out private keys. Of course if anyone goes and hacks into the server, they can do whatever they want with it.

Vlad Costea (00:38:06):

Oh yeah, I remember this. You just run your mouse cursor around the screen and it’s generated.

Peter Todd (00:38:14):

But see you go talk about the mouse cursor bit and that was probably the most secure part of it. Moving your mouse cursor around is probably a pretty decent way to go generate keys. That’s not actually the issue. The issue is you’re downloading source code every time you go to it, off some not-very-secure server.

Vlad Costea (00:38:39):

Yeah, that’s a fair criticism. I just generated a new key. I’m not particularly happy with this legacy address, but other than that it was fun. It reminded me of what they did with the Coldcard that you get a dice and you roll a dice and input different values as many times as you want to generate more randomness.

Peter Todd (00:39:03):

Yeah. I don’t know. Randomness generation is another one of those things where there’s so much gimmicky stuff up there. In certain cases for instance, generating them with dice and stuff like that makes sense but only where people are actually auditing how these systems go work. This came up again with Zcash trusted set up where what you’d like to do is have a system where you can audit the full chain of entropy input to public key output. So in that environment, entering in some dices can make sense, because in theory someone can go in, generate a set of die numbers, enter them in and then double-check that the calculation was done correctly. But that only makes sense if all of that is documented and easy for someone to go replicate.

Vlad Costea (00:40:11):

I mean security is such a complex topic and I think there are various stages in somebody’s life when they discover something that’s out there, in terms of threats and how to overcome them. And it’s just like, I suppose owning a house at first you don’t worry much about what’s going on and you say you’re in the nice neighborhood and then as time goes by you see someone scratching your door and you’re going to have to find ways to prevent something more severe from happening.

Peter Todd (00:40:46):

And eventually start yelling at kids to Get off my lawn.

Vlad Costea (00:40:49):

Yeah, sure. The most advanced stage of security—when you don’t trust anyone.

Peter Todd (00:40:55):

Yeah the Get off my lawn stage.

Vlad Costea (00:40:58):

And the NIMBY, not in my backyard.

Peter Todd (00:41:02):

But, the Get off my lawn thing. That’s security theater. Those neighborhood kids being on your front lawn doesn’t matter. It’s much more important to go worry about other threats.

Vlad Costea (00:41:19):

That’s fair. But sometimes when you’re inviting some non-threats, you’re basically giving away some information about yourself and you might seem more open to actual threats of which you may not be aware.

Peter Todd (00:41:38):

Nah. Being the crotchety old neighbor who yells at all the kids to get off your lawn, just makes you look like a target. Besides the kids on your lawn, they might go and notice a real threat.

Vlad Costea (00:41:54):

That’s a good point. That’s why I like you Peter, because you have this adversarial type of thinking. Maybe you’re doing this just for the sake of playing devil’s advocate, but it’s never void of substance.

Peter Todd (00:42:12):

Or maybe I actually have a secret consulting contract where someone wants to figure out how to go in and protect their lawn from neighborhood kids most effectively.

Vlad Costea (00:42:21):

I mean I wouldn’t judge you if you did, but I suppose you could do something more productive.

Peter Todd (00:42:35):

Hey, if someone wants to go and pay me my usual fee for that, I’m all for it.

Vlad Costea (00:42:41):

I mean that’s not quite cryptography consultancy, but—

Peter Todd (00:42:46):

Well, the funny thing about all this is I don’t do cryptography consultancy per se. I do applied cryptography. What I do is figure out how to apply cryptography to your problem. And that’s actually not that related to cryptography. Cryptography is like the math of creating all these fancy schemes, which usually once you get into academic cryptography where the schemes don’t even have to go work.

Vlad Costea (00:43:17):

I feel like I’ve learned something new just here right now. I mean, I wouldn’t have thought about the difference between applied cryptography and cryptography. In my mind it was just, Oh, you take cryptography and you put it into practice.

Peter Todd (00:43:33):

Yeah, that’s surprisingly hard. I’ve helped clients do quite a few interviews with candidates and it’s quite sobering when you realize how many people with cryptography degrees do not understand how to go apply their cryptography to any real problem. One of the interview questions I come up with where you keep seeing people fail at is basically, Well, all right, how would you go and design a simple PGP? How does the PGP web of trust work, right? These should be very simple questions, but they’re actually hard for people to grasp because they’re not really mathematical. They’re much more about, Well, what does crypto actually mean in the real world? And that’s surprisingly hard for people to figure out.

Vlad Costea (00:44:28):

Yeah. Also I forgot to ask objectively the best question that I received on Twitter: Which steps would you take if you’re the top dog of dev ops for Trezor or Ledger and wanted to steal Bitcoins from people’s hardware wallets?

Peter Todd (00:44:48):

I hate to say this, but this would be a very easy thing. All I would be worried about is getting caught. If my goal is purely to go steal the Bitcoins, you’d just go push your software update that backdoors the random number generator for instance, or backdoors the signing algorithms so it creates broken signatures. Now the real question is, Well, can I do this and not get caught? And that really comes down to how exactly is source code managed at these companies. And I’ve never actually looked at that into too much detail. I’ve looked at it in detail for clients, but not as in how those companies actually do it, and if you want to defend you against that you basically have to have individual programmers signing code commits and so on. And chances are your most likely way to get away with that would be to quite literally go walk up to one of your coworkers’ computers when they’re not looking or something and then backdoor it and then get their computer to go in and check in a code commit under their digital signature—assuming this is even used at all—so that they’re the one with their name on it. And I suspect what I just told to you is kind of fanciful in that you wouldn’t even need to go that far.

Vlad Costea (00:46:10):

So you think it’s easy to do, but it’s hard to get away with it.

Peter Todd (00:46:17):

I think it’s easy to do and probably easy to get away with it too. But remember, we’re talking about criminal charges here, so if I was in that position to actually try to do that, I would be quite careful about not having my name on the code. But frankly, even if my name was on the code that resulted in a big Bitcoin loss, these days, you wouldn’t necessarily get much liability. Your issue there would be figuring out how to essentially launder the earnings that you got—which probably wouldn’t be that hard—make sure the Bitcoins eventually get back to you over time. And I think what this really says is source control tends to be really terrible at companies. And I’ve seen this in my consulting where, to give a somewhat anonymized exampleI did some consulting for a company that held a very large amount of Bitcoins for other people and I realized quite quickly that their Git Repos weren’t signed and they were hosted on the same infrastructure where the rest of the system was, which all happen to go feed their Multisig scheme.

New Speaker (00:47:32):

This is the sort of thing that happens, and unfortunately, modern software development just isn’t up to the task of this. And it’s the same issue, like why are we running source code? Why are we running the code—compiles from our source code—in the same security environments as we’re editing the code? Because the moment you do that—if you run Git Pull and review a code change and then run that code—if you don’t catch a security flaw, someone will go backdoor your development environment and then commit whatever the hell they want. Most software developers just don’t protect against these attacks. I’ll be honest, I don’t protect against them that well myself because none of the toolings are set up for this. At least I have different virtual machines for different projects. But most people do a really bad job of this.

Vlad Costea (00:48:26):

The last time I felt like this—and I recall it—was when my parents told me there is no Santa Claus.

Peter Todd (00:48:37):

Well, funny enough I was the one who figured out that there was no Santa Claus and I told my parents, I thought Santa Claus sounded ridiculous. Apparently I was 6 or 7. Obviously I was destined to be security engineer.

Vlad Costea (00:48:55):

I had these moments myself, but they would always find some kind of arguments and say, Yeah, but there’s something magical about this and I would give it the benefit of the doubt. It’s presents. Why would you bother to think too much about it? You get them.

Peter Todd (00:49:15):

I was a very skeptical kid. I didn’t believe in magic.

Vlad Costea (00:49:22):

I’m happy that you ended up doing this because your insights are actually useful. And one idea that I got while you’re explaining how you can basically steal people’s Bitcoins—if you’re Trezor or Ledger—was that if you have 1 million users you can roll out an update and just take the equivalent of $1 from each user and it’s very unlikely that they will know this and it’s even more unlikely that they will proceed with some sort of legal charges.

Peter Todd (00:49:56):

No, that’s a terrible idea, I think. You’re much better off taking everything from one user. Because if every user loses a little bit of money, that’s incredibly suspicious. The common factor is the software. Whereas if one user loses a ton of money, the common factor—well there isn’t one. I mean maybe the user just screwed up.

Vlad Costea (00:50:26):

Yeah, that’s also fair. But when you said they can steal the funds from users, I was thinking they can liquidate all the accounts of all their users. Like if they have a million users and the average user holds about say $200 of Bitcoin, they can just take everything and just run away.

Peter Todd (00:50:49):

But again, from a point of view of getting away with it, you’re much better off when the number of victims is small and they lose everything. They may be very pissed off, but it’ll be harder for them—depending on how you go pull off the attack—to actually notice anything’s wrong. Your ideal situation is to lock out and get one user with a ton of money on their device who isn’t very technically savvy.

Vlad Costea (00:51:23):

Yeah. That’s kind of scary now that I think about it. And there is a lot of trust that we put into these developers.

Peter Todd (00:51:34):

Well like, first of all, who’s checking that the source code actually matches the binaries that wind up on these devices? Indeed. And some of them, like—how can you even check that? Because these devices are unsecured hardware, there is no easy way to even dump the firmware on a lot of them. Like secure chips are not designed to let you just hook up a programmer and dump the firmware. That’s not the goal, usually. Which unfortunately is exactly the opposite of what you actually want for real security.

Vlad Costea (00:52:10):

So what do you think about using Bluetooth on certain hardware wallets?

Peter Todd (00:52:18):

Bluetooth isn’t inherently bad. The real issue there is a chance that you’ll have a Bluetooth implementation that’s very complex and running on the same environments—same CPU, same microcontrollers as an example—as your wallet code. And if your Bluetooth implementation came from a microprocessor vendor—which it probably did—it’s not going to be very secure. On the other hand, say you had a separate microcontroller that then communicates to the real one over a simple serial interface, that’s not so bad. But overall, if I really wanted the most secure hardware wallet, I would probably put an RS-232 interface on it, because RS-232 is so simple that anyone can go dump a full log of what’s happening over that device. And this is actually easy to do because USB-to-RS-232 adapters are easy to get.

Vlad Costea (00:53:27):

So I had to look up RS-232. I know what this is, I’ve seen it before. I haven’t used it much. Is that a kind of—

Peter Todd (00:53:37):

Yeah it’s fast enough. It’s a very, very, very old interface, but it’s simple. It works. I used to use it all the time when I was doing microprocessor development. I used to do electronics and RS-232 is just the standard.

Vlad Costea (00:54:01):

So is it faster than USB or why would anyone use it?

Peter Todd (00:54:08):

It can be faster than USB 1.0, but basically any modern USB it’s far slower. On the other hand, hardware wallets don’t need much speed. The amount of data that they’re passing from the wallet itself to the computer is minuscule. So it doesn’t matter. As for why you’d use it—because it’s dead simple and very easy to go audit. Like you can literally buy RS-232 adapters that have three ports on them—input, output and then tap—and then the tap, electrically, is totally isolated from everything else. It can’t communicate but it can get you a full dump of everything that goes on. That’s great. That’s exactly what you want for auditing.

Vlad Costea (00:54:53):

I feel like we should be having a larger discussion about this type of security as there are some people who recommend, even when you’re running Bitcoin Core on a computer that never gets connected to the Internet—and they keep their private keys there—that they also use Faraday cages, that way all of the connection ports, anything that can be compromised—

Peter Todd (00:55:30):

If they’re running Bitcoin Core and it’s not ever connected to the Internet, what the heck are they actually doing? You need somehow to get blocks into your Bitcoin Core to actually do something useful. So you’d want to look at the details of a setup like that, see if it actually made any sense.

Vlad Costea (00:55:52):

I think I put it the wrong way. So the whole idea is to just store your keys on cold storage, on a device that isn’t connected to the Internet.

Peter Todd (00:56:03):

Yeah, but remember, keys themselves are not enough to actually verify Bitcoin transactions. You need to go use those keys to verify transactions and sign transactions. You will need to communicate to the Internet somehow. You can go do it in better and worse ways such as very auditable communication like we did the Zcash trusted setup or potentially like RS-232, but the point is setups like that, where you’re starting to use extreme measures like Faraday cages—very rarely are those measures the low-hanging fruit. Now in some cases, they could be, in theory, like again the Zcash trusted setup: if they had botched software, the Faraday cage I used on the compute node would have actually made sense. Unfortunately it wasn’t, because as usual it was actually software that was the low-hanging fruit and they botched that software.

Vlad Costea (00:57:17):

If you were to make a list of advice that you’d give to Bitcoiners, what would that include? To only use, for example, cables for Internet connection and not WiFi, and wired keyboards and stuff like that?

Peter Todd (00:57:34):

I think that would be part of it. But honestly, the biggest piece of advice I’d give you is: actually learn how the stuff works and how to go think about security and what this means. Unfortunately Idon’t have any easy answer there, but understanding that may actually be the most important thing people do. And maybe the most important part of that type of security is really how to think about threats. What could the attacks be? Can you go draw a diagram of what attacks could happen on your wallet? What are the scenarios? That’s probably the most important bit of advice. Canned things like Don’t use WiFi or only use cables or whatever. I don’t know if that’s as important as just understanding what your threats actually are and what you’re trying to prevent.

Vlad Costea (00:58:26):

Yeah, because usually we get security advice but we have no idea what they are for and we don’t associate any practical usecase with them. We are being told don’t do that and we will take it for granted. And this doesn’t just happen with private keys, it’s all over.

Peter Todd (00:58:48):

Yeah. Well, security’s a lemon market. Most people buying security in the various forms you can get it have no way of verifying they’re actually getting what they paid for.

Vlad Costea (00:59:04):

That’s a mindblower. So when you buy pretty much anything that pretends to be secure, you have to trust somebody that they’re being honest to you.

Peter Todd (00:59:16):

Well, it’s the anti-tiger rock. This rock protects you against tigers. Look, there’s no tigers around.

Vlad Costea (00:59:27):

Even when you buy a lock, right? You have to trust the locksmith.

Peter Todd (00:59:33):

Have you ever looked at YouTube’s lock-picking section? Locks are the most hilariously bad example of security. There’s YouTubers who basically—their whole channels is lock-picking videos. And for the ones who are half-decent at it, the locks that they say are really good, they go and lock-pick in real-time on YouTube in like a minute. Lock-Picking something in a minute is considered to be a really good lock. We can do better with computer security fortunately. But yeah, locks happen to be a particularly bad example of this.

Vlad Costea (01:00:21):

So how should one store their keys? Is Multisig a good idea?

Peter Todd (01:00:27):

If you actually use it. Again, my canned advice to people is just set up another computing device of some kind, stick a wallet on it and don’t use it for anything else. And think about where you’re getting your payments info from, because if you log into Kraken on a compromised computer, that computer has full control over everything you’re going to do there. For instance it can go and rewrite the addresses that you see on screen. So when you send your $10,000 worth of Bitcoin to go buy a new jacuzzi or something, that address may not be the one you think it is.

Speaker 8 (01:01:16):

So @isnotgood asks you, How should he secure his private key apart from writing it down or memorizing it and is memorizing your private key a good idea at all?

Peter Todd (01:01:29):

People are terrible at memorization. If you actually try memorizing that, there’s a decent chance you’ll find out that you’re actually not good enough to do it. People can memorize 128 bit keys, but only if they actually practice it, and most people aren’t going to do that. I’d suggest writing it down and keeping that piece of paper somewhere safe.

Vlad Costea (01:01:53):

I suppose one side of security is to protect yourself from your own mistakes, right?

Peter Todd (01:02:01):

Well you’ve got to look at security holistically. It’s not just about attackers, it’s also about mistakes.

Vlad Costea (01:02:09):

So you can compromise your whole setup yourself if you’re not able to replicate the security model.

Peter Todd (01:02:18):

Yeah, quite simply, if you do such a good job of protecting your private keys that you lose them, what was the point?

Vlad Costea (01:02:29):

I also like to think that in the situation where God forbid you get tortured and you have the private key memorized, I mean it’s kind of easy to extract. I’m not sure you should be risking your life for money.

Peter Todd (01:02:45):

Well, again that gets to threat modeling. If that’s the type of threat you have, chances are your Bitcoins aren’t actually the thing you should be worried about. Of course, the flip side of that is if that’s the kind of threat you have in your area, there may be no way to protect yourself. Because if you go give up your keys, how do they know that you gave up the full set? And this is why key disclosure laws in general, it’s just so insane because the way crypto works is that you can’t prove that you gave up keys to things.

Vlad Costea (01:03:25):

Yeah, when you give away a key to your car, I guess you can prove that there is no other, one way or the other. But in terms of cryptography—

Peter Todd (01:03:36):

Well the point is you can only do that because a car is a physical thing that is limited number, right? When you’re talking about giving up decryption keys for data—because encrypted data is random stuff, there’s no good way to go prove it. And the second part that really makes it ugly with the key disclosure laws is it’s so easy for cops to go and just plant encrypted hard drives, say in your apartment. It’s effectively the equivalent of planting drugs and you just get an encrypted hard drive full of random data, stick it off in your apartment and say, Well why did you do crypto? We found it in your apartment. What’s the key for it? Of course you don’t know and then you wind up in jail for it.

New Speaker (01:04:20):

And it’s just one of these very, very obvious threats. And you can get microSD cards the size of your thumbnail that have capacities of half a terabyte, it’s just so trivial for cops to just stick a microSD card in their pocket and then go drop it on a scene. It’s just something that you cannot have in a free society. It’s too easy to abuse it and we can’t trust the police. We know that they could plant drugs on people. They’ve been caught on their own police cams, and every time you find a case like that, remember there’s probably another hundred that didn’t get caught. It’s just a very ugly thing. But I think the Bitcoin relevance of that is, if that is the type of threat you’re worried about it, there may be nothing you can go do.

Vlad Costea (01:05:16):

Yeah. Speaking of drugs, @[INAUDIBLE] wants to know if you like weed.

Peter Todd (01:05:20):

Well I like being able to get into the US so, uh, no comment.

Vlad Costea (01:05:28):

And that’s the best way of replying to that.

Peter Todd (01:05:32):

Remember, even now, even though it’s legalized, if you admit to ever using weed, you can get banned from the US for life.

Vlad Costea (01:05:39):

Really?

Peter Todd (01:05:39):

Yeah. In Canada, completely legal. I can literally go to an Ontario government website and order weed with my credit card, yet if the US finds out I can get banned for life. And especially crazy, remember when I ordered it with my credit card, that information goes through a US server. The Ontario government really should be accepting Bitcoin for this.

Vlad Costea (01:06:12):

Yeah. I suppose that’s one of the use cases that was initially very popular for Bitcoin. There might be a return to this.

Peter Todd (01:06:23):

It probably still is really, maybe not. The numbers I’ve heard which is taken with a grain of salt is probably like 1% of Bitcoin transactions are related to drug sales, or like 0.5%. That’s the kind of numbers Chainalysis throws around.

Vlad Costea (01:06:41):

Which isn’t that bad, right? I mean, with cash, maybe it’s not 1%—

Peter Todd (01:06:47):

Hang on. When you say, “that bad,” what would be bad? What’s wrong with people getting drugs that they want to, if they’re not harming anyone other than themselves. I’m fully for legalization.

Vlad Costea (01:07:02):

They cannot just claim that it’s being used for illegal stuff in the majority of cases.

Peter Todd (01:07:10):

Just because it’s illegal doesn’t mean that it’s bad.

Vlad Costea (01:07:12):

No, obviously, but when you’re trying to frame Bitcoin as something for criminals, you’re going to point out to drugs and to prostitution and whatever else is illegal and possibly immoral in the views of some.

Peter Todd (01:07:26):

A whole bunch of people who want to keep the money flowing to their law enforcement jobs for victimless crimes. But that’s a whole other issue.

Vlad Costea (01:07:38):

Yeah. I feel like we should go back to Bitcoin for a moment because @hodl_american, and I’m not sure if you know his meme, but he recommends people to HODL 6.15 BTC and he has—

Peter Todd (01:07:52):

That’s a very specific number.

Vlad Costea (01:07:55):

Yeah. And it’s tied to the size of his dick, apparently.

Peter Todd (01:08:02):

I can assure you it isn’t, because the units don’t match up. Bitcoin’s a unitless number and the size of his dick would involve either length or volume, maybe weight. I did enough physics to know this just doesn’t make sense.

Vlad Costea (01:08:21):

I mean, I’m pretty sure he uses the Imperial system, possibly. If it’s the metric system, then that’s bad, man. That’s like two inches. But anyway, he says that @TheBlueMatt has upped his Bitcoin success prediction from 5% to 50%. Do you have any prediction in terms of percentage for success?

Peter Todd (01:08:44):

What’s his definition of success in the first place?

Vlad Costea (01:08:47):

Exactly! Somebody like @hodlwave said he’d probably say it depends on how we’re defining success.

Peter Todd (01:08:52):

Yup. That’d be a good prediction.

Vlad Costea (01:08:56):

So let’s say that—hyperbitcoinization—this means adoption on a very large scale. Maybe even governmental.

Peter Todd (01:09:06):

What does large mean? Gold is adopted on a very large scale, but on the other hand is also barely used at all.

Vlad Costea (01:09:14):

That’s a fair point. But even if it got to the point of gold, in my book—given its humble beginnings—it would be a success.

Peter Todd (01:09:25):

Well, the point I always like to make is Bitcoin can mean critical success just by forcing the rest of the world to do better things. Like if Bitcoin forces PayPal to more reasonable policies, Bitcoin’s a success, even if it doesn’t actually get used that much.

Vlad Costea (01:09:46):

That’s also a good point.

Peter Todd (01:09:49):

That’s really more my definition of success. And at the same time, I also like to point out how, in the long run, everything goes back to zero. One day Bitcoin will go to zero. It will eventually fail. Like everything else—in the really long run—one day the last populated Bitcoin blockchain will get deleted.

Vlad Costea (01:10:14):

That’s a grim thought. And that’s a very, very, very unpopular opinion.

Peter Todd (01:10:21):

It’s just reality. All these things are temporary. Now I think where I would say Bitcoin is a success is I couldn’t tell you whether it’s the US dollar that will fail first or Bitcoin. I don’t have a sense for what the probability for those two are. And I think either one could happen, whereas if you’d asked me that maybe at the very beginning, I’d be more dubious. But certainly at this point, it’s totally plausible Bitcoin could outlast the US dollar.

Vlad Costea (01:11:00):

So I would say you’re pretty optimistic because the US dollar has such a—it’s quite a catch phrase nowadays to call it a network effect.

Peter Todd (01:11:13):

Have you seen the history of fiat currencies? They often do just fine till they fail. All it would take is the US to elect some crazy president who does something particularly stupid. So far Trump isn’t sufficiently crazy and stupid enough to get the US into that situation. But that’s the kind of thing that can go happen. If you’d ask people 15 years agohow well Venezuela was doing, they’d probably say, Just great, look at all this oil money.

Vlad Costea (01:11:51):

Yeah, but Venezuela does not hold the reserve currency of the world.

Peter Todd (01:11:58):

Well, it changes the probabilities, but that can change. Lots of people predicting China’s currency will become the reserve currency. Equally, people who would have said, Oh yeah, China’s going to do well. I mean, that may also be false. It’s not that predictable. But I think what we can say is, it’s certainly plausible for Bitcoin to outlast these. But even if it does, I mean eventually it’s still going to fail. Just take enough time.

Vlad Costea (01:12:31):

I feel like this is still optimistic. I would say 50% if you think it will outlast US dollar.

Peter Todd (01:12:44):

That’s the sort of number I could imagine. See [INAUDIBLE] compare me is someone like David Gerard who has been saying Bitcoin will go fail since forever. And the only thing failing is really his predictions.

Vlad Costea (01:13:02):

I mean he has his audience and I suppose he makes a decent living expressing that view.

Peter Todd (01:13:11):

Well that might tell you something about why he has that view. I don’t think that view is really based on any [INAUDIBLE] analysis. I think it’s based on: he has an audience that likes that view. I think the same thing’s true with a lot of anti-Tesla analysis where, while certainly some parts of it are factual, it’s because of an audience and sure enough the audience for anti-Bitcoin and anti-Tesla actually seems to overlap a lot. Both of those audiences seem very annoyed that neither dies.

Vlad Costea (01:13:48):

This also tells us a lot about the media landscape in general and how you have some sort of opinion which gets propagated all the time just because it has an audience but has no scientific or factual grounds.

Peter Todd (01:14:07):

Absolutely. And I think it’s just as true of hardware wallets as it is of media. Why things become popular has got very little to do with how good they are sometimes.

Vlad Costea (01:14:22):

I feel like you have blown my mind quite a few times in this interview and there’s a lot to digest there. You get into this space and I’m not the most technical person—I don’t claim to be, but I’m not going to go debating people and having very strong opinions like McCormack while claiming not to be technical, but there’s a lot to be learned and really people like you don’t really go out giving advice randomly and selling courses and stuff like that because you have much more interesting stuff to do with your life. I suppose you’re actually successful in doing consultancy for applied cryptography, but you’re going to have people who apply this old saying about, “Those who cannot do, teach.” They’re going to sell you bad classes about security and teach you bad advice essentially.

Peter Todd (01:15:28):

Although keep in mind, their business model is not that different from my business model in consulting.

Vlad Costea (01:15:34):

Yeah. Basically you’re teaching people what they should be doing.

Peter Todd (01:15:38):

Exactly. Yeah that’s the hard thing about this saying, “Those who can’t do, teach,” there’s certainly value in teaching and teaching—especially in the form of consulting—can be a nice stable line of work with less risks that lets you go do more things and have more influence. If I can go and help 10 companies go do something, I may have a much bigger lever to go make changes to the world than if I’d gone and focused on my own project.

Vlad Costea (01:16:16):

Well, so what are you up to?

Peter Todd (01:16:23):

Well not sure if I have funding for it, but I have been working on my ProofMarshall stuff on and off lately. And of course there’s my Open Timestamps thing and both of the projects really boil down to making truthful statements about dataOpen Timestamps makes a very simple statement of proving something existed in the past. And then ProofMarshall extends that by saying, rather than just existence, we’ll go say it’s the only thing that existed in some category. And those two classes of statements turn out to be quite powerful.

Vlad Costea (01:17:07):

So what are the practical applications of these?

Peter Todd (01:17:10):

A really simple one is with digital signatures. Let’s suppose you have a digital signature on a document and the private key gets leaked. How do you verify the signature? Now the attacker could have made it. Well if you have a timestamp and you can go show that the timestamp proves that the document existed prior to the private key leak, you now can still verify the signature even though the key was compromised. That’s Open Timestamps. That’s probably the simplest use case for it. And as an example—Bitcoin core repo—there’s various committers to it who use Open Timestamps with their Git commits, so you have this constant timestamp of when code was added to Bitcoin Core and you can go back and go verify these signatures.

New Speaker (01:18:18):

You also see this in evidence in general, very often you can go rule out certain types of attacks by just saying it existed in the past. Maybe as an example, you have a contract with a company and when the contract was signed, there was no reason to do anything malicious about it. But after the fact someone finds that, hang on a second, we would have been in a much better position had say this clause being changed, say it’s a farming contract and you want to go back in time and go add a clause about damages due to bad weather. Of course, you don’t know that bad weather will exist in the past. But if you find out later, well suddenly you want to go change the contract and having that timestamp on that contract, amongst with other verification of it, can be quite valuable to say, hang on a sec. No, no, this is what actually existed. Now in that case, depending on the circumstances, you could go do something where you actually has two different versions of contracts. And you timestamp them both. That’s where ProofMarshall comes in, because it can go rule out the existence of conflicting versions of something.

Vlad Costea (01:19:36):

Hold up a minute, Peter. So you’re telling me that a Turing-complete smart contract doesn’t fix this?

Peter Todd (01:19:41):

Well, what I’m really telling you is that ProofMarshall lets you create those Turing-complete smart contracts using this much simpler primitive. See, most of the complexity of ProofMartial would actually be using it to create smart contracts. But the core primitive that it needs is just uniqueness. Once you have a unique set of actions and you can say, All right, that’s what happened. You can always run a program on those actions and then come to a conclusion about what your current status. For all this nonsense about Turing-completeness—that’s what Ethereum is: a big shared set of actions, a set of data that you run a program over and it comes to the same conclusion as everyone else’s. It’s just in Ethereum actually running that program’s really hard because Ethereum has hardly any full nodes that blowed up their blockchain and ProofMarshall can be much more scalable than that because you only need the data for your particular application. You don’t care about anyone else’s contracts.

Vlad Costea (01:20:53):

So I suppose this will not require to use anything related to blockchains and stuff, right?

Peter Todd (01:21:01):

Well, yes and no. One way to go put it would be to say it lets you create your own blockchains bootstrapped over other blockchains. Blockchain itself—a chain of blocks—is a very useful data structure. People have overloaded that term to go mean a whole bunch of other nonsense. But the idea of having a chain of blocks is really valuable. And my goal with ProofMarshall is in part to make it really easy to make chains of blocks when they make sense. Maybe you need an audit log for something—a chain of blocks would be very useful. And if you can make that chain of blocks be unique by tying it back to something like Bitcoin using something I call a single use seal—then that’s very valuable. But to get there you need a whole bunch of infrastructure. You need a whole bunch of software to write and so on. It’s a much harder thing to implement than say, Open Timestamps where timestamp proof is very simple by comparison.

Vlad Costea (01:22:07):

I can see that you have been working on this for at least four months.

Peter Todd (01:22:12):

Longer than I can admit without being a little embarrassed. I think I came up with the name ProofMarshall 3 years ago? So yeah, it’s taken a while.

Vlad Costea (01:22:30):

Are you looking for anyone to help you code this or for any kind of review?

Peter Todd (01:22:37):

Sure. I mean hell, it’s up on GitHub. Github.Com/Petertodd/Proofmarshal

Vlad Costea (01:22:43):

I’m not sure if I have the right kind of audience to find people who would be interested in helping you, but it’s worth giving it a shot.

Peter Todd (01:22:52):

Yeah, well you know what the URL is anyway.

Vlad Costea (01:22:58):

Anyway, it’s really interesting that you’re working on this and you’re not really stuck into the mainstream conversation about Bitcoin nowadays—you’re thinking outside of that box and that’s useful in itself.

Peter Todd (01:23:16):

Particularly this reflexive, you know, “Bitcoin not blockchain” thing that a lot of people have. I think it’s understandable given the craziness of the ICO space. It does sort of throw out the baby with the bath water.

Vlad Costea (01:23:36):

Yeah. Some people would argue that your talents would better be used in Bitcoin Core, but people criticize you for stuff like RBF—the idea that Bitcoin should have inflation and stuff like that. Unpopular opinions that you expressed.

Peter Todd (01:23:59):

Well I think the inflation one’s kind of funny because yeah, I I would say quite, you know, I would say quite concretely that Satoshi made a mistake there. On the other hand, the difference between zero inflation and a fixed 0.5% or something isn’t very big. After all the current Bitcoin inflation rate after the having it would be 2% or something? Obviously having inflation isn’t deadly to Bitcoin, but probably the really funny one is just the RBF nonsense. People forget that the type of RBF that actually got implemented in Bitcoin Core is not the type I wanted.

Vlad Costea (01:24:44):

Okay. Can you elaborate?

Peter Todd (01:24:47):

I argued for quite a long time—many many years—that replace-by-fee should just be: nodes accept whatever’s a higher fee transaction, end of story. What actually got implemented is an opt-in thing. So the previous zero-conf behavior of—Well there’s this vaguely, slightly secure thing that doesn’t actually work—does exist. And you always were able to create transactions that could be double-spent. You just do this by broadcasting a transaction with a low fee followed by a high fee and enough nodes will reject the low fee one—and ignore it—that the high fee one will probably get mined. I’ve got a blog post actually on this where I tested this prior to opt-in RBF getting widely implemented. And on top of that, at least when I tested that, wallets were so bad at handling double-spends that often, for instance, not even recognize the double-spend after being mined. This business about, Oh I screwed up zero-conf something just completely ignored reality of just how bad wallets actually work. I think where that really came from is just people who were lying to each other about what Bitcoin is good for.

Vlad Costea (01:26:12):

I think that also happened in 2014-2015?

Peter Todd (01:26:20):

Yeah. I think that’s about the right time period.

Vlad Costea (01:26:22):

And people were still stuck. Some people were still thinking of Bitcoin as a cheap way of transacting and they are the same kind of people who moved on to Bitcoin Cash afterwards.

Peter Todd (01:26:38):

Which, if anyone actually used it, would be an expensive way of transacting. The irony is nobody uses Bitcoin Cash. Anyone with a shred of common sense or technical chops would understand that Bitcoin Cash and BSV models don’t make sense. Bitcoin so obviously doesn’t scale. I think the problem we had in the Bitcoin space in the wider cryptocurrency space is: making things that actually work is hard, and it’s quite a bit harder to make them profitable by selling tokens. It’s much easier to sell the token when you have this unscalable shared consensus model.

New Speaker (01:27:22):

Selling a token for Lightning is kind of hard. It is hard to imagine Lightning with a made up token attached, other than of course Bitcoin itself, but you can’t bolt on another token to Lightning and have it make sense. So if you want to be a scammer and just make a bunch of money with an ICO, the type of architectures that work don’t make sense for you and you’re not going to push them. Proofmarshall is an example. It’s completely unimaginable how the hell I would add a token to it. Open Timestamps, same thing. How would I add a token to Open Timestamps? It makes no sense. Of course Tyrian did try to go do that and Tyrian was marketed as a scam, end of story.

Vlad Costea (01:28:06):

That’s a very direct opinion.

Peter Todd (01:28:12):

Well I wrote a blog post on this, like Tyrian’s marketing was a scam. They lied about what Tyrian could actually go do. This unfortunately is just a very, very clear cut thing. And it’s funny too because the way they lied about it, even went a little beyond the minimum they needed like one of the key things being, they compared it to Open Timestamps and saying they had lower latency than Open Timestamps, and they didn’t need to do this for the purpose of selling an ICO token. But I think part of this is, you’re in a mode where you’re going to lie about the necessity of your tokens, you also might as well go lie about the performance of your system.

Vlad Costea (01:28:57):

I didn’t know about this, but it makes a lot of sense.

Peter Todd (01:29:02):

Well this is how you get $25 million.

Vlad Costea (01:29:05):

Vitalik—I know you were friends with him or something because he’s also from Canada and for awhile—

Peter Todd (01:29:11):

I wouldn’t say I was ever friends with him. I met him quite early on, but I never really liked the guy. He always seem dubious to me. He always gave the impression of being dishonest.

Vlad Costea (01:29:28):

I mean it’s very hard to get clear signals from him because he’s so awkward.

Peter Todd (01:29:35):

Well I think that’s actually put-on thing to try to distract people from—the times he’s marketed Ethereum with lies as an example. They keep on having to go pivot to new variants of Ethereum precisely because they were never able to admit, Well yeah, Ethereum doesn’t scale and we don’t know how to make it scale. That’s just not how it was advertised in the beginning. And that was a lie. They knew damn well that it didn’t scale and they had no path forward for that. But this is how you go and sell ICO tokens.

New Speaker (01:30:09):

Look at it this way, when you’re committing securities fraud, and the SEC could throw you in jail for it, lying about the details of how your system works—that’s a really technical thing that not many people understand—you might as well do that too. The additional bit isn’t going to get you in much more trouble than you’re already risking.

Vlad Costea (01:30:39):

Yeah, that’s why I don’t think we can replicate Bitcoin at this point.

Peter Todd (01:30:47):

Well, yeah. It’s not good for society if Bitcoin gets replicated a ton of times, you only needed to create one made-up token out of thin air to do what Bitcoin needs to do and there’s some minor things that I would want to see change. My big one is, I think Bitcoin should have a small bit of inflation and the difference between—my argument only becomes relevant maybe another 20 years anyway, so it doesn’t really matter that much right now.

Vlad Costea (01:31:18):

Yeah. It’s going to be interesting to see how the security is going to be maintained. Sometimes I think that mining will no longer be profitable at some point and the developments of ASICs is going to stagnate and people will do it because it’s a hobby.

Peter Todd (01:31:36):

Well hang on, it’s okay if the development of ASICs stagnates, that’s probably a good thing for us. The issue is really a tax, based on there not being enough money going into mining. And if mining isn’t very profitable that’s okay too. All that matters is, there enough money being spent on proof-of-work for Bitcoin to be secure? And in a system where your inflation reward eventually goes down to zero, you’re now relying on transaction fees and there aren’t good reasons to think they actually will work out. Yes, you certainly could pay for security with transaction fees, but there’s all kinds of weird game-theoretical stuff about, Well maybe I won’t mine a block now, we’ll wait later, and so on. It’s just a much simpler, easier to analyze system if there’s always an inflation reward. Relying only on transaction fees is a dangerous thing.

Vlad Costea (01:32:43):

I guess we’re going to have this debate, as you said 20 years from now, but do you think that at some point mining will be much more decentralized if adoption grows? So for example, sometimes I think there’ll be a return to that initial one CPU, one vote model and people will just run a mining rig under regular computers.

Peter Todd (01:33:06):

Why? What is their incentive?

Vlad Costea (01:33:12):

That’s a good point. But what is people’s incentives to run a node? So why don’t they also run a mining node on the same computer?

Peter Todd (01:33:22):

Their incentive to run a node is, if they don’t run a node, they can go be attacked by the person who they go trust to run a node for them. Now that’s a very simple, clear-cut thing and if you make running a node to be cheap enough, then it’s makes sense to go and do that rather than risk that attack. That’s what it comes down to. A lot of people don’t run nodes and they risk that attack. Running the node, and actually using it.

New Speaker (01:33:48):

Keep in mind, just running the node isn’t enough. If you run a node off in a corner of your apartment but don’t actually use it, you might as well not be running a node. But if you run a node and use it for your wallet, then you’re protecting yourself against attack. Whereas mining doesn’t really protect yourself against attack. It just uses up energy to maybe create a block once in a while—there’s no direct benefit to you other than the profitability of it. Now maybe if you need the waste heat, then it could make sense. But the question there is do you need the waste heat and is the equipment to do mining cheap enough to make that a good economic argument?

Vlad Costea (01:34:35):

Yeah, so my dream of decentralizing mining is not really—

Peter Todd (01:34:40):

Well mining will always wind up being fairly decentralized because cheap power is inherently relatively decentralized. Mining is a race to the bottom and the cheapest power is available in relatively small amounts spread the world. That’s just the nature of cheap opportunities for power. And part of cheap means also being able to get rid of the waste heat and do something useful for it. That inherently doesn’t lend well to centralization. It’s much cheaper to get rid of a megawatt of heat, than a hundred megawatts of heat, because a megawatt of heat—first of all, you can probably go do something useful with it, maybe warm a greenhouse or something—and secondly, like just basic physics: it is easier to get rid of a small amount of heat than a large amount. Similarly, getting a megawatt of cheap electricity, that’s going to be easier than getting a hundred megawatts of cheap electricity, all things being equal. Because if a hundred megawatts of cheap electricity existed, someone will go use it for something else.

New Speaker (01:35:53):

This is why Bitcoin mining tends to be done in weird locations with somewhat stranded hydro resources. Particularly stranded in a regulatory sense. There’s rules for what you can go use power for, where you can go connect things and—Oh, well there’s few megawatts there for some hydro plant that really should have never been built in the first place. Well, how do you use it? You go stick a mining rig next to it.

New Speaker (01:36:24):

China did happen to have a ton of that because China’s communists central planning and geography meant there’s a whole ton of hydro-power in all kinds of weird locations. It didn’t really make much sense. And you’re seeing some of that happen again in other places. You’re also seeing things like doing Bitcoin mining with flared gas from oil rigs and so on.

Vlad Costea (01:36:55):

So where do you see Bitcoin in more than 20 years? Do you believe that we’ll still be around in 30-40 years?

Peter Todd (01:37:03):

I’d give it a high chance, probably like your 50/50 type of thing. But all this stuff’s hard to predict. Like human civilization might not be around that long if we fuck it up enough.

Vlad Costea (01:37:21):

That’s also fair. There are a lot of people denying our effect on the environment and ourselves.

Peter Todd (01:37:32):

Well we’re not likely to screw up the environment that quickly, but you certainly could imagine nuclear war breaking out, and it would not take much nuclear war to really screw up most of humanity. And this is not to say that we would actually be extinct, but if in 40 years civilization doesn’t exist as we know it, I could certainly imagine that. It would take like one nuclear war to do that. The problem we have is industrial supply chains are just so diverse and they span the planet and they’re really hard to replace. It wouldn’t take that many countries going to war with each other to screw all that up. Who knows, maybe we’ll see a bit of this in miniature as this coronavirus stuff progresses.

Vlad Costea (01:38:28):

Yeah. That’s going to be interesting to see how it plays out. Here in Romania I already see people wearing masks in public, which is kind of excessive.

Peter Todd (01:38:43):

Yeah, I mean it’s probably not at a harmful thing. Probably good in terms of face recognition. I think more wearing of masks would probably be good for society. Certainly things like shutting down borders is probably the right move. And part of the issue there is, we don’t really have a good handle on what’s really going on, because China lies. The Chinese government is an authoritative dictatorship.

Vlad Costea (01:39:21):

Yeah. I think I have two more questions for you. And we have been going on for almost two hours and I’m not sure if listeners have gotten up to this point. I hope they will. And if you do just tag us on Twitter and say, Hey, I have heard that part. One of the questions that come to mind when you talk to somebody who has been around for such a long time and obviously you’re a talented person in security and coding—why are you not Satoshi?What is your general reply to that?

Peter Todd (01:39:56):

Well, I am Satoshi.

Vlad Costea (01:39:58):

We are all Satoshi. But why are you not in particular? What is your—

Peter Todd (01:40:04):

No, I am Satoshi, and in this grand tradition of Craig Wright, I will give you absolutely no evidence to suggest that’s true. If it’s good enough for Craig Wright, obviously I’m Satoshi. Also, I’m Craig Wright. Just to be clear about this. That other Craig Wright is a total scammer pretending to be me.

Vlad Costea (01:40:24):

I mean, I could see that too, but I have to check with my lawyer.

Peter Todd (01:40:31):

Yeah. I don’t think Craig Wright is going to sue me anytime soon.

Vlad Costea (01:40:35):

I mean he slandered Greg Maxwell quite a lot.

Peter Todd (01:40:40):

Right. He slandered me too. But like, Craig’s in so much legal trouble. I can’t imagine he wants to add another jurisdiction to it.

Vlad Costea (01:40:49):

Possibly. But seriously though, you have quite some points of contention and some ideas that are very anti-Bitcoin, like inflation. But if you’re Satoshi, that would be the perfect cover-up, right?

Peter Todd (01:41:05):

Well why do you think they’re anti-Bitcoin? I think Bitcoin needs inflation. Thus my idea of inflation is pro-Bitcoin.

Vlad Costea (01:41:14):

I think that’s something we have in common—economist fathers. I also tried to explain Bitcoin to my father and was like, What’s the point of having a fixed supply?

Peter Todd (01:41:28):

No, no, no. With my dad it was totally different. It was more, Oh well obviously this is going to be valuable. He didn’t need much convincing. The digital gold argument is a very simple one. Of course, keep in mind—gold is inflationary.

Vlad Costea (01:41:49):

Of course you find new sources all the time.

Peter Todd (01:41:52):

Yeah. And gold has the problem that the supply isn’t bounded. As an example, if you took all the gold on the earth and transported it to the surface, it would cover the entire planet in a layer, if I remember correctly, about a meter and a half thick. There is a lot of gold out there. Far more than we have access to right now and we don’t know how much gold technology will be able to mine in the future. Maybe we’ll find a gold asteroid somewhere. Gold does not have a strictly limited supply.

Vlad Costea (01:42:34):

I agree with that and it’s going to be interesting to see how our civilization ends up perceiving money in the end because in the last 40 plus years—50 it’s been that long—since ’71, almost 50, 49, we have had a different model which is based on consumption and excess and a lot of development around the world has happened because of this. Just because they had the power to print more money and give it to develop—

Peter Todd (01:43:08):

Well I wouldn’t talk about that in terms of consumption and excess. The way I’d go talk about it is very simple. You are taxed on savings and you are forced to invest. That’s not the same thing as consumption.

Vlad Costea (01:43:27):

Yeah, that’s a fair point. But in my country, more than 50% of the GDP is generated by internal consumption. So if people start saving at some point and they say, I don’t need to buy the latest iPhone, I don’t need to buy that. Why don’t I just save the money? The whole system is going to collapse under its own weight.

Peter Todd (01:44:00):

No, I would say no. And the reason why I say no is it’s quite possible to go put that money into investing. It’s not so simple to say that we have to have consumption like the standard economic arguments about this are actually about investment. You want to go tax unproductive savings and then stick them off into investing, where do they go do something productive and push society forward. I think the bigger issue is just we’ve pushed interest rates so incredibly low that they might as well be zero and all this stuff gets out of whack.

New Speaker (01:44:43):

The other aspect of that is, inflation is incredibly regressive in that it doesn’t affect the rich because the rich can go park their money in investments that aren’t affected by inflation at all. Inflation is much more about the poor.

Vlad Costea (01:44:59):

I’ve never really thought about it in these terms, like inflation is about the poor, but it does make sense. I mean, it’s kind of a system which preserved the establishment.

Peter Todd (01:45:18):

Well, again, I wouldn’t talk about in terms of preserving the class establishment or any of that. A lot of that’s just, it’s kind of inherent. The moment you have a complex economy, you’re going to wind up with classes because achievements are hereditary to some extent, and the curves on your return on investment of achievement are just so extreme. It’s structurally unthinkable to get rid of that. I think the more interesting thing is just really, I’d say issues of fairness. The simple reality is if you have a system where there is no way to invest your money other than investments in the standard way, you’re really narrowing your choices for people. Like you can’t go and save money in a piggy bank the way you used to be able to.

Vlad Costea (01:46:21):

I feel like for the last question, I should get back to the initial topic and I remember in Berlin, you saw the new HTC phone One S, and I wrote a review about it. I wasn’t happy about what I discovered. I feel like the full node is kind of gimmicky and there’s nothing you can do with it outside of their native wallet. So what is your opinion on the phone. You tested it, right? You bought one?

Peter Todd (01:46:55):

Yeah looked at it a bit and honestly the very fact that the case back has got a laser-printed Bitcoin logo type thing. I mean, to me that already screams gimmick, and I think part of the issue here is it’s just like other hardware wallet stuff, only by a less reputable manufacturer, and I say less reputable, not because HTC in general is less reputable, but obviously they don’t have much expertise doing hardware wallet stuff. So why would I trust them with it?

Vlad Costea (01:47:36):

I’m not even sure if they partnered with some sort of reputed hardware wallet manufacturer or they just developed their own system.

Peter Todd (01:47:45):

Well, the fact that you’re not even sure about that I think answers your question. Regardless of the answer to that, that the answer isn’t clear is part of the trust problem.

Vlad Costea (01:47:58):

So I reckon you don’t recommend this phone to anyone.

Peter Todd (01:48:03):

No. No. I only got one because I thought it would be a neat thing to go have and be able to go take a look at, and I had a nice excuse to do a big Lightning purchase with it, which incidentally the Lightning transaction works just fine.

Vlad Costea (01:48:21):

Yeah. I mean it’s a decent phone. I suppose it’s priced fairly but it has old specs and runs an old operating system, which I don’t think gets any updates.

Peter Todd (01:48:35):

Yeah. Now Android in general is a mess that way. The way Android really should have worked is like Windows or Linux on normal PC hardware where everyone just does an open standard, and you just install the software. But unfortunately that’s not what happened. There’s no easy way to just load a standard phone distribution if you will, where you would on a PC.

Vlad Costea (01:49:05):

Is that why the first recommendation that you give to people to install wallets is that they should buy an iPhone, because it has more security updates?

Peter Todd (01:49:17):

Exactly. Yeah. And it’s unfortunate because there’s a lot of reasons to not trust Apple, but overall you’d probably have a little more good luck with Apple than Android. The other possibility there is to go and buy Google Pixel. But that recommendation is out of practicality really. The one I would recommend maybe even before that is get a ThinkPad and go install a Linux distribution on it then go put a wallet on it. Or you know, use TEOS. But the audience for that is a bit more narrow than just a very generic recommendation that anyone can do.

Vlad Costea (01:50:01):

But is TEOS really safe because as far as I know, it connects to the Internet all the time.

Peter Todd (01:50:08):

Well, I mean I don’t think that that threat is what I’m worried about as much. Like to use Bitcoin in general, you have to go use the Internet. For a variety of reasons I just don’t think that’s the biggest threat I’m worried about for your basic advice. Now the more important thing is just don’t use the computer for very much, don’t go off using it to run games and stuff like that.

Vlad Costea (01:50:36):

Yeah. And this makes a lot of sense to have dedicated devices. We seem to have forgotten in this era where you get one device that can do anything.

Peter Todd (01:50:47):

The fact that you have to give that advice is a massive failure of computer security. You know, we shouldn’t have to give that advice. It’s a bit ridiculous really. But because we’ve done such a terrible job at computer security, if I had a more sophisticated audience, I would say install Qubes, but for that very generic advice, yeah, Apple phone is probably a decent option. It’s advice I’ve given to some friends and family who were very nontechnical. There aren’t good options here. And again, remember, the issue with all of this is how do you actually go use your Bitcoin? The moment you log into Kraken you have this compromised device issue anyway.

Vlad Costea (01:51:41):

There’s not much development going on in Ubuntu for mobile, right?

Peter Todd (01:51:47):

Not that I know of.

Vlad Costea (01:51:49):

I remember it was supposed to be huge but it didn’t do much.

Peter Todd (01:51:55):

Mobile is a very tough thing to develop for because so much effort needs to be put onto good UI design. It is tough to make good touchscreen interfaces and companies like Google and Apple put a ton of research into it and a ton of money. It’s much easier to write a command line application.

Vlad Costea (01:52:23):

It’s also interesting that in this space where the buzzword for such a long time has been, Let’s decentralize, even though it doesn’t make sense most of the times, but we recommend companies that have a good record for security like Apple and also have a more ethical collection of private data.

Peter Todd (01:52:45):

But don’t think that’s saying that centralization is good. That’s just saying that overall, the choices we have are so terrible that that still winds up being the best for some classic users. Like my more sophisticated advice for more technical people is very decentralized. It’s get a PC and install a Linux operating system on it. Like that’s a very decentralized type of advice made possible by the very decentralized PC market. But unfortunately, you know, because of lack of investment and so on, that market is kind of getting pushed out. Also it’s partly a monopoly thing. Apple and Google would love if PCs stopped existing,

Vlad Costea (01:53:33):

They’re even trying to replace them and I think Google has opened the [INAUDIBLE] with the Chromebooks.

Peter Todd (01:53:41):

Look how on iOS, there is no easy way to write programs for it without Apple permission. That’s an incredibly locked down environment, but there aren’t good answers.

Vlad Costea (01:53:59):

Yeah, that’s still good. And I know for a fact that even for Bitcoin wallets, it’s very hard to add features. I know that Blockstream has had to work for months to be able to implement Tor. I think right now Green Address is called Blockstream Green, but they did manage the implement Tor and they are the only ones that were able to do it.

Peter Todd (01:54:28):

Well on Android you couldn’t run anything through Tor actually with the Orbot proxy. Again this comes down to choices in your operating systems. It’s so easy for Google to go shut this down and if I remember correctly, Apple doesn’t make it possible to write Orbot at all, which is ridiculous, but you know, what can you do about it? These devices are just so locked down these days, there aren’t good alternatives to this and that’s unfortunately a type of thing where government regulation is probably one of the few options. Ultimately this is an anti-trust issue.

Vlad Costea (01:55:08):

Okay. One last question and I wouldn’t have made this so long if I didn’t enjoy it because I feel like I have learned a lot and this was maybe selfish, but there is a lot of discussion in regards to the difference between VPN and Tor and sometimes people recommend that you should use both at the same time. What is your take?

Peter Todd (01:55:36):

It depends on your threat model, but certainly using both can be the more secure option. Tor has a different type of threat model than VPNs. It also depends a lot on like what VPN you use. I personally use a Mullvad because I’ve personally met the people behind Mullvad and I’ve talked to them about their philosophy and their business model and it’s reasonably convincing to me that their business probably is just being a VPN and selling privacy. Whereas like a lot of other VPNs, probably their real business model is—especially anyone that’s free for example—their real business model is very likely to be selling logs.

New Speaker (01:56:26):

Tor has this issue. All the architecture’s different because Tor is run by a nonprofit, ultimately a large part funded by the US government. And at least if your threat isn’t the US government, for a lot of reasons, Tor is probably pretty trustworthy. And even if your threat is the US government Tor seems to work pretty well.

Vlad Costea (01:56:49):

I’ve actually heard about embassies running Tor which is interesting.

Peter Todd (01:56:57):

Yeah. Remember the US government needs Tor to exist for a variety of reasons. Part of it’s regime change, part of it’s for their own internal people use it. And for all these reasons, having Tor actually work and actually get used by a ton of people helps them out. So it’s really no surprise that you get that funding source and it’s not exactly a hidden thing. I mean, they’re quite open about it and it’s been true for ages, but I think the bigger one is more just the VPN market where it’s pretty clear that a lot of VPN services are really sketchy. It’s just the nature of the thing. Like you can undercut your competitors on price by making money selling logs.

Vlad Costea (01:57:45):

Do you think that we should be running Tor exit nodes, just like we run Bitcoin nodes?

Peter Todd (01:57:50):

Well in theory, yes. But have fun doing that. The unfortunate thing is, depending on your jurisdiction, you can get in a lot of trouble for running the Tor exit node. Tor has a good set of guidelines to try to do it, but it’s the kind of thing where it’s not something you really want to recommend people do just willy-nilly. On the other hand, running Tor routing nodes, that is not the exit nodes, but the inner nodes, that’s totally fine nearly anywhere. I’d recommend people do that. I’ve done that before myself quite a few times. Plus you don’t need exit nodes to use Tor. Like Tor has Bitcoin support as an example. It doesn’t need exit nodes to work. So having more bandwidth on the Tor network for inner routing nodes helps everyone.

Vlad Costea (01:58:42):

Okay. That’s good to know really.

Peter Todd (01:58:44):

Well, thank you.

Vlad Costea (01:58:47):

So thank you for doing this interview. I know you don’t do a lot of podcasts. I know it’s pretty difficult to get you and I’m happy and fortunate to have you for these two hours.

Peter Todd (01:59:01):

Well, it’s easy to try. Just send me an e-mail. Whether or not I respond, we’ll see.

Vlad Costea (01:59:05):

And I suppose I will be seeing you in Romania hopefully this year.

Peter Todd (01:59:11):

Yeah, I hope to go back to the Transylvania conference.

Vlad Costea (01:59:16):

It’s was a lot of fun last year. Thank you very much, Peter. Do you have any closing words or anything that you want to promote?

Vlad Costea (01:59:27):

No, just a thank you. Okay. I’ll send you this when I finished editing.

Peter Todd (01:59:37):

All right, thanks.


Vlad Costea

I'm here for the freedom, censorship-resistance, and unconfiscatability. What about you?

So, what do you think?

Follow Me