S5 E4: Francis Pouliot on Bitcoin Security, P2EP & Why S2F Sucks

Canadian bitcoiner Francis Pouliot is a true iconoclast who enjoys doing his own research and is never afraid of speaking his mind.

As the founder and CEO of Bull Bitcoin, he operates the only exchange in the world which does CoinJoins for all transactions. And as an enthusiastic bitcoiner, he makes sure that his actions bring more value to the project and support innovation in the space.

In this episode, Pouliot talks about personal security, Pay to End Point (P2EP) and why he thinks Stock to Flow (S2F) is a terrible narrative.

The former Montreal Bitcoin Embassy Director expresses his appreciation for hardware wallets as instruments that support individual sovereignty, and also explains how he approaches personal security when going to conferences or public Bitcoin events. Part of the argument is that he takes the concept of citadels for bitcoiners really seriously and wants to surround himself with people whose intentions are pure and can be trusted.

In regards to Pay to End Point (P2EP), Pouliot is hopeful that this breakthrough will make Chainalysis (or blockchain analysis in general) obsolete. He explains how it works, suggests that Bull Bitcoin will be supporting it, and also highlights the importance of CoinJoins as privacy mechanisms. At the same time, he dunks on privacy coins by presenting the bullish case for Bitcoin.

Last but not least, Francis Pouliot voices his critical opinion on the Stock to Flow (S2F) model. In his view, S2F undermines the contributions of those who build Bitcoin code and services by putting emphasis on an event whose relevance fades in the absence of development. Also, the Canadian bitcoiner doesn’t seem too keen on the idea that past events are used as a way to predict patterns, and dislikes expectations in terms of price action.

Listen to Francis Pouliot on iTunes and Spotify!

Time Stamps:

01:00 – Introduction

2:24 – Bull Bitcoin is the only exchange which does CoinJoins by default

4:20 – Playing with Confidential Transactions on Liquid

5:10 – Pay to End Point (P2EP) is “Game Over” for Chainalysis

6:05 – Pieter Wuille’s brilliance

7:00 – Francis’ experience with Blockstream

8:30 – Who should you trust in the Bitcoin space?

10:04 – What is Pay to End Point (P2EP) and how is it different from a CoinJoin?

19:00 – How Bull Bitcoin helps Bitcoin

21:16 – Why Stock to Flow (S2F) is a terrible narrative

30:40 – What is the best way to secure bitcoins?

33:45 – Why multisig is overkill for most people

34:55 – Why hardware wallets are best for most users

39:15 – Keep it simple if you’re not a big target

40:15 – Personal security for bitcoiners who go to conferences and meet-ups 

45:50 – Bitcoin citadels 

51:20 – “Don’t trust verify”, trust, and reputation

59:00 – The pitfalls of clout chasing

Donate to Bitcoin Takeover!


50% of donations sent to this address will be redirected to support the development of a Bitcoin project. Francis Pouliot can choose it, or else it’s going to be BTCPay Server by default.

If you prefer Lightning, use Tippin.me and leave a note to let me know why you sent it. This way I’ll know to send 50% of the satoshis to BTCPay.

Full Transcript

Vlad Costea (00:00:47):

Bonjour monsieur Pouliot et bienvenue au podcast du Reprise de Bitcoin. Je m’appelle Vlad et je suis totallement enchante de ton presece. Do you say Bitcoin or Bitcoin? That’s actually a question that I had for a while.

Francis Pouliot (00:01:07):

We actually, we just say Bitcoin, it says pronounced pretty much the same. Exactly. Actually.

Vlad Costea (00:01:13):

Okay. So welcome Francis. This is the Bitcoin takeover podcast, season five, episode four. I’m flattered to have you here. And it’s quite an honor to talk to you because I look up to you as somebody who actually reads and does research, as opposed to all the others who follow orders and just comply with whoever they think is authoritative. You just, you know, read your own stuff. You have your own opinions. I don’t always agree with you, but at the same time, I respect you for what to do so welcome.

Francis Pouliot (00:01:46):

Thanks man. It’s it’s a real pleasure stuck to you again. We had a really good time. Last time we met in Riga, so pretty pretty happy to be back on your show.

Vlad Costea (00:01:56):

Oh yeah. Last time we spoke in Riga, it was actually for a Bitcoin magazine interview and you’re quite excited about both Bitcoin and what was going on with becoming a member of the liquid Federation and also how you were mixing all the Bitcoins coming to the exchange with coins. And I think to this day you are the only exchange which does this.

Francis Pouliot (00:02:23):

Yeah. I’m not I’m not exactly aware of anybody else doing that. It’s been, it’s been quite a crazy journey actually. Working with these privacy technologies kind of like a lot of the people working with lightning have been discovering all sorts of issues with it and all sorts of logistical problems. We kind of have this this journey of discovering the trade offs of CoinJoin having to build new tools, new solutions new logistical processes to make coins or in work. And it’s interesting because you know, there’s always trade offs in life to, to everything. And privacy is like, we’re very much discovering that there’s a lot of trade off between privacy, blockchain, efficiency and custody. Right? So it’s, it’s very hard to to be non-custodial and to have good privacy and to also have efficient use of the blockchain space.

Francis Pouliot (00:03:28):

So that’s been, it’s been cool to discover that and you know, on our end we’re kind of leaning more towards being non-custodial and being private and having inefficient use of the blockchain. So we’re definitely not the best I would say blockchain citizens in the sense that we like to put our own users first. So make a lot of transactions instead of batching them, for example, because that’s more private. But yeah, I mean, it’s been awesome trying to figure out, you know, how to increase privacy on the blockchain, because for some reason, like nobody wants to do that. And they’re somehow afraid that if they do that, they’re going to get in trouble, which is, you know, complete bullshit as far as I’m concerned. And also playing around with, you know, confidential transactions on liquid.

Francis Pouliot (00:04:23):

That’s been very informative at understanding, you know, what anonymity really means. There’s anonymity mean, you know, impossible to trace or does anonymity rather mean, you know, having a lot of plausible deniability that if someone thinks they’re doing something they might have a indication you’re doing something, but they can never prove it. I think that’s more appropriate than, you know, never being able to trace. And it’s been fun. Like we, we like to build these kind of advanced technologies that will Bitcoin, where a lot of developers were you know, we have a lot of fun building the app. And the next thing that we’re working on now, I guess, is going to be Pay to End Point (P2EP). That’s the next frontier. I think when, once the exchanges start to build stuff on Pay to End Point, really going to be game over for chain analysis. And I can’t wait for that to happen.

Vlad Costea (00:05:21):

It’s going to be a lot of fun. We will all have a blast and possibly eat cheese as we watch Chainalysis lay off all their employees and surrender to innovation.

Francis Pouliot (00:05:35):

Yeah, exactly. No, it’s the, the, the, the, the operational, I don’t know. I think it’s Pieter Wuille who said that it’s like the design objective of Bitcoin development right now is to make Chainalysis obsolete, like that’s the, that’s the, the goal of everything we do is to make these guys obsolete. And I have no that we will be feasting on their tears in the next couple of years.

Vlad Costea (00:06:01):

I mean, it’s going to be quite a ride. And just for the record, if you’re not aware and you’re listening to this Pieter, Wuille is one of the most proficient and prolific Bitcoin core developers. He is responsible for turning SegWit from an idea into an actual implementation in 2017. And that one actually turned out to be a game changer in a time when everyone was convinced that increasing the block sizes inevitable, he came up with SegWit, which did it without hard forking and also Pieter Wuille right now works on Schnorr signatures and lots of interesting stuff that is going to make Bitcoin much more private is going to keep transaction sizes small. And that also helps indirectly with some scalability.

Francis Pouliot (00:06:49):

Yeah, no, no, he’s great. And he’s one of the early Blockstream guys maybe even a cofounder of luxury or something like that. So I’ve had the opportunity to follow him and a bunch of the other guys at Blockstream actually for the last I don’t know, six years almost since they launched. Cause they actually initially they launched in Montreal. In fact, their office was literally like two minutes walk from the Bitcoin embassy, just as a pure coincidence. So it’s been really really awesome to connect with these guys. And I’ve been, you know, might not be a surprise to some of the listeners. Maybe some that don’t know me will not know this, but I I’ve been a, a known kind of blockchain shell my entire life. I’ve never worked for bloodstream or been paid by Blockstream or anything like that.

Francis Pouliot (00:07:42):

And just like a huge fan. And been working with them on the, see lightning is the implementation that we use been working with them on the satellites, the, the bloodstream satellite. We had the satellite that our office the last two offices actually that I had we, we were using the satellite and using liquid now. And then the next step is pay two end points, which they haven’t specifically like developed themselves, but they definitely came up with a bunch of their underlying concepts. So it’s been they’ve been instrumental in, I think my own personal journey and cause it’s hard, it’s hard to know, you know, in Bitcoin you say don’t trust, verify, right. But the reality is like, I don’t have a technical background at all. I had to learn from someone else and you can’t always make up your mind yourself, you know, you need some, some people to guide you.

Francis Pouliot (00:08:43):

So one of the things that I’ve, that I did a while back was okay, so who am I going to listen to in this space? Right. There’s so many different kinds of people that I could be listening to the time there was, you know, Gavin Andresen and, and Jeff Garzik and all sorts of Bitcoin experts. And you know, I just met a bunch of them. And then talking with a few of them, like the bloodstream guys were the ones that I saw had the best values and best ethics. So I listened to them early on and they really helped me with my own understanding. And now, you know, after a few years you can make up your own mind about topics, but I definitely owe a lot to, to these guys.

Vlad Costea (00:09:25):

Oh yeah. They’re great. Even though sometimes we tend to create a size them, especially for their markets and give liquid, at least that’s something that I do sometimes on Twitter, you know, because I disagree with what some, sometimes they claim to do because it’s not really decentralized and it’s not really, as they say, in terms of making Bitcoin faster, it doesn’t make your transactions that much faster, but you know, they have to market somehow. But other than that, they provide a lot of value to what is being built on top of Bitcoin. And I’m happy that you mentioned pay to endpoint (P2EP) because that’s a big discussion right now. And I don’t think I’ve had somebody on the podcast to explain it. So if you have any perspective on it, you don’t have to be technical, but what does it do and how is it different from the coinjoins?

Francis Pouliot (00:10:21):

Yeah. So it’s a huge difference in, in many respects. Okay. So I can speak to the point of view of someone who’s running a Bitcoin business and who wants to protect his users because that’s, I’m assuming that I’m not bullshitting and I actually want to do that. It’s just, this is my goal. So one of the things that you want to prevent is let’s say you’re running an exchange, you have a database of all of your users, right? You have their names, their personal info you have when they log in it’s, which and, and you also have all the transactions that they did. And you, you will have the Bitcoin addresses that they use, right? So that’s just the way that, you know, data structures work. And if you have people’s Bitcoin addresses at the same time as their identity, if someone for example, hacks that he can associate everyone’s real identity to the Bitcoin addresses.

Francis Pouliot (00:11:21):

And then from the Bitcoin addresses, you can do chain analysis and do what’s called cluster analysis. So he would look at from, if you have only, if you have, someone’s like one Bitcoin address, if you only have like one Bitcoin address that, you know, for sure belongs to someone, you can figure out a bunch of stuff, like how much money they had in the wallets. Where did it come from? How much money is there left now each other, etc. If you do coin join well, you know that the, you know, you can hide basically or obfuscates the movement of funds like after, right. The CoinJoin. So let’s say that I know you’re a Bitcoin address, lads, like you give me a, I know one of your Bitcoin addresses and you mix your Bitcoins with CoinJoin. Well, I can still see before you mix, like where they came from into that Bitcoin address.

Francis Pouliot (00:12:19):

And if they came from, if they, and if they were used to pay something else, maybe I can figure out that you did some stuff before you mixed. And even if, if, you know, after you mix you know, of course I lose the trail after that point, but I still I still can see stuff before you mixed. Whereas Pay to End Point (P2EP), there is no Bitcoin address on record. There’s just a, a URL. It’s, it’s very different. It’s like when, when a user for example says, Hey, send me money to, to my Bitcoin address. Instead of giving me a Bitcoin address for like withdrawal, right from the exchange, he was going to give me a pay to endpoint address. And like, that is not on the blockchain. There’s no, there’s no Bitcoin address there. It’s my node is going to connect to his server.

Francis Pouliot (00:13:10):

Like my software is going to connect to hit to his software, and they’re going to directly exchange some, some information. That’s not going to be within the application database. So I’m getting a little technical here, but basically it’s a way for Bitcoin wallets to talk to each other without having to directly exchange Bitcoin addresses which makes it really, really much more private. It’s also a way to have so it’s, it’s both a way to, to have payments without giving Bitcoin addresses and also a way to mix coins. So it’s, it’s really fantastic. Like all technologies, this one has a trade off, which is that you know, the, the, the participating wallets have to be online at the same time. It’s kinda like a kind of like, no, it’s not exactly like lightning, but it’s, you know, you can, you can think of lightning if you want where the two nodes have to be online to transact and route payments and stuff like that.

Francis Pouliot (00:14:10):

Or also like Grin, for example. And MimbleWimble technology like the tube, if you pay someone else in Mimble Wimble, like both participants need to be online to exchange information. So, I mean that makes it a little bit complicated to accept payments but to send, pay to end points is very easy. So right now there’s a a few implementations so that the challenge is to make them compatible with each other. There’s. So P2EP is more of a let’s call it a technique. And then there’s different ways to implement that technique. Currently there’s one in Join markets there’s another one in, Wasabi and BTCPay Sever. They’re not exactly compatible, but I think they’re working towards compatibility all, all three of them. And there’s another one in samurai which is not compatible with BTCPay.

Francis Pouliot (00:15:05):

And so all of these groups are building their implementations. Eventually. I think everything is going to be standardized. And you got the guys from BTCP server that are building software to make sure that all the Bitcoin wallets get integrated very easily. So it’s, it’s quite exciting because it’s, you know, this thing was, it was kind of like announced or thought of like a year ago. I think it was in January or February, 2019 that this idea came about with Adam back and no power from was that the wallets and maybe some others. And then a year later, I mean, it’s worked like, you know, it’s, it’s, it’s being implemented. So it’s kind of fantastic to see how quick this, this thing this thing happened. And it really, you know, it really kind of destroys all of these technologies are really kind of destroying the narrative of, to me in my mind, actually, the, the privacy coins, like Monero, Zcash and all these things where people say that, Oh, Bitcoin is not privates well, you know, the way that the coins developing is super interesting because the, the advantage of not having full anonymity is you can have easy auditability.

Francis Pouliot (00:16:25):

So, because, you know, because payments in Bitcoin are public, you can audit the amount of coins that are in circulation. There can not be any hidden inflation bug and stuff like that, but that’s a huge advantage. But you have the drawback, which is payments are easy to track but you have these kinds of like quote quotes, second layer solutions, or it’s called an application layer solutions, which provide you up in anonymity, either through mixing or through second layer of stuff like lightning or liquids. So you have kind of a big range of options. And for example, in the case of liquids sure. It’s it’s a less secure than a Bitcoin. But you have more privacy than Bitcoin. Definitely. And you do have a lot more speed also, but privacy is a huge plus as far as I’m concerned.

Francis Pouliot (00:17:20):

So it’s interesting because you can opt in to have a little bit less security and more privacy for a few payments and come back to the main chain to get back your security. And and that’s really interesting because it makes the use of Bitcoin flexible. Like not everyone in Bitcoin has the same risk tolerance. Not everyone in Bitcoin has the same preference regarding privacy or anonymity. So the fact that you can have both in different techniques is cool. And you know, the concept of coin join is also really amazing because it maintains the property of security and adaptability on the blockchain. But again, you have another trade off, which is the fees are higher with coin. Coin is expensive. You need to do a lot of transactions and there are very big transaction sizes and the coordinators most of the coordinators will take money but you don’t lose security compared to stuff like, for example, liquid.

Francis Pouliot (00:18:24):

And you have another set of technologies like lightning, lightning is very fast. It’s also very anonymous, but enlightening, you have liquidity issues. And so you need to have liquidity routing. You need to maybe lock some coins into some payment channels. That’s another trade off, right? So, so that’s, what’s amazing is you have all these different options that have different trade offs and everybody can kind of like find their own fit, but they’re all using the same monetary unit. They’re all using the Bitcoin value. You know, one lightning coin equals one Bitcoin equal equals one liquid coin. They all have the same exchange rate. There’s no exchange rate between between these truthers fees in and out, but there’s no exchange. They don’t fluctuate between one and another as compared to the coins, which have this huge currency fluctuation risk, which is why no one will accept Monero like for payments, because any way you need to switch back to Bitcoin, otherwise you’re exposed to the Bitcoin depressive Monero and no one wants to be exposed to the price of a shitcoin.

Francis Pouliot (00:19:26):

It’s already risky to be in Bitcoin. You don’t want to be on the wrong side of the network effect. So it’s been really fun to kind of see the narrative of Bishop points. The privacy should points just like collapse with, with these technologies and, you know, the, the goal of bull Bitcoin and me personally, I mean, really just to increase the value of Bitcoin, like as a Bitcoin entrepreneur, your number one objective is to accumulate Bitcoin, but to also to make your Bitcoin worth more, because contrary to popular belief, there is no magic algorithm, you know, like as to F ratio or whatever that increases the price of Bitcoin over time, like the having doesn’t increase the price of Bitcoin, you know, what increases the price of Bitcoin is infrastructure around it, which you know, facilitates creates demand and facilitates the demand for it.

Francis Pouliot (00:20:22):

So being part of building these kinds of solutions, which increase the end, like, because we all kind of know, I think that the main drawback to Bitcoin’s value proposition has always kind of been anonymity, has been always kind of like the Achilles heel of Bitcoin, I would say. So trying to solve that, having fun, doing it and increasing the value of our coins, it’s just kind of mind blowing that I’m able to do that on a daily basis. I mean, I can’t explain how amazing, you know, your life is when your number one goal every day and thing you do is just to make, you know, Bitcoin’s worth more by building cool shit. It’s really a very grateful for that opportunity,

Vlad Costea (00:21:05):

Quote you on that part about stock to flow (S2F), being irrelevant and not being some sort of magic algorithm, which just happens by itself after happenings. And it’s all about building stuff.

Francis Pouliot (00:21:17):

Yes, absolutely. I mean, that’s that’s been one of the things that, you know, there’s not a lot of, you know, I’m a very vocal guy on Twitter. Like I, I have very strong opinions on in person I’m much nicer, like people who meet me in person, they know that I’m a very funny and cool, cool person to hang out with on Twitter. I come out as a bit aggressive, but I’ve been, I’ve been very upset, I would say with the Stock to Flow narrative perhaps more than I should be. And there’s two reasons why the first reason is that a lot of people, they say, Oh, look at that, like, there’s this, there’s this inherent property of Bitcoin, which is the fact that it diminishes and supply increases the price. And the increase in price over time is caused by the diminishing supply, which is nonsense at all.

Francis Pouliot (00:22:07):

It’s complete nonsense because, you know, if you don’t have anybody that’s buying a bit going, like the fact that it’s more scarce over time, it doesn’t increase the price at all. Like what makes it more scarce is more people buying it and the amounts staying predictably the same. And it’s kind of a defeat to defeat this mentality to say, whatever happens, the price will increase because that really downplays the role and work of people like me, people like luxury and people like, you know, all the open source devs that have like literally been dedicating their entire lives, working basically full time. Like a lot of us have no life outside of Bitcoins to be honest. And it’s like, Oh, well, all of their work doesn’t matter. Like what matters is this algorithm? That’s been, to me that’s been very frustrating. And the other part of that is also the fact that the, the, the, the S2F ratio is used as a way to pump the price.

Francis Pouliot (00:23:12):

And as, and it’s, it’s, it’s a, it’s an intellectual shortcuts. It’s very convenient to show that to a beginner and say, Hey, look at that, there’s this, there’s this algorithm that proves that the price of Bitcoin will go up over time. You can see using this chart that it’s guaranteed to go up over time. And I just find that very disingenuous because it’s not a proof of anything, I think it’s and people say, Oh, but how about, what about the correlation? Look at the, of a sweat and, you know, for, for listeners that don’t know what S2F is as to have ratio is a, there’s two things about us. S2F is a concept called start to flow, which is the relative hardness of money over time, or how currency maintains its scarcity over time. And there’s the SOF price indicator which I’m talking about now developed by a Twitter user called plan B which attempts to predict the future price of Bitcoin based on the change of this doctor flourish over time.

Francis Pouliot (00:24:19):

And and the, the theory is that they’re correlated. So that’s when the housing happens automatically basically the price of Bitcoin will rise afterwards. But there’s only been two housings so far, right. There was the 2012 housing and the 2016 housing. And, you know, the, the 2016 housing for example also happened, right, when SegWit was being developed. Like, shouldn’t forget that, like, when that was when the scaling debates were starting to have a solution, right. And then that was also at the end of the deflation of the bubble of Mt. Gox, Because before Mt. Gox, The price was 200, it went to 1300 and that was an artificial fake bubble. And everyone knows that the, I mean, then everyone knows, but it’s well understood. At least in my circles that the, the pump of the price in 2013 was caused by liquidity crunches and trading bots and all sorts of shady stuff happening on Mt. Gox And other exchanges.

Francis Pouliot (00:25:28):

It wasn’t an organic raising the Bitcoin price. There was no more adoption during that time than before. And that bubble deflated, like just before the end of the, of the second housing, and then SegWit was created, just, you know pretty much at the time of the second having. So it’s not a coincidence that the price of Bitcoin went up after the second housing is because the conditions were just right, right. It was, well, it is, it is a coincidence that it fell into this. That’s what I mean, like, it is a coincidence that the conditions were right at this time as a halving. And you look at, you look at today, right? This second halving is coming as third halving is coming in two weeks, super exciting stuff. But I mean, I’m not particularly specifically excited about that in terms of the markets. I’m excited because it’s like the Bitcoin new year, and it’s going to be fun and we’re going to have a few parties, but the price is for sure, going to rise and people are gonna say again, that it’s caused by the housing, but no, I don’t think it’s caused by the housing.

Francis Pouliot (00:26:36):

First of all, you look at the the price over the moving average of Bitcoin. I mean, we’re at a very, very low price point generally, just because, right. It has nothing to do with that. Having is just the price dropped. So it’s a low price right now. So can really only go one way at this point like a, this is, you know, definitely financial advice, by the way. I really there’s been very few times where buying Bitcoin was such a good deal. It just objectively speaking in terms of price over moving average, you can look up an indicator called the or multiple. So that’s one and two, you have this huge marketing opportunity from, you know, the money printer the BRRRR money printer, you know, it’s happening right now at the same time as the, as the having.

Francis Pouliot (00:27:27):

And then you have all of these ETFs that have come out in the community. I’ve always things that are coming out. So I have no doubt that the price will rise after the second housing, and it’s also going to be a coincidence. So yeah, so there’s nothing magical about the price of Bitcoin rising is just people work hard to create value proposition, which increases demand. And people also work hard to make sure that that demand materializes into actual trades, because it doesn’t matter if people want to buy a Bitcoin, if it’s too hard for them to buy a Bitcoin, they don’t. So you also have to factor in like the exchanges, making easier to buy Bitcoin, all these dollar cost, averaging apps, making it easier to buy Bitcoin all of these financial products coming in. So yeah, so it’s kind of a long tangent there, but you really must not think that it’s this scarcity of Bitcoin doesn’t change over time. It’s like it’s factored in. Everybody knows it’s rare. Everybody knows that, you know, almost everyone knows that Bitcoin is scarce. Like that’s kind of like a given for almost every everyone. And think about yourself. Like, do you think Bitcoin personally is more valuable in two years? Or is it just undervalued now versus what you think is the value in the future? That’s, that’s how you have to think about this,

Vlad Costea (00:28:54):

Right. And it’s very nice that you mentioned the Mayer multiple Francss, because Chris Mayer is so canceled right now. And just because she’s still the shitcoin, we’re not supposed to use anything smart that he ever came up with. Anyway, other than that, I think that stock to flow is wrong. For two basic reasons. It creates unrealistic expectations about where Bitcoin should go. Maybe it will never go to a hundred thousand. I don’t know, I’m just speculating, but if it doesn’t according to that plan and it fails, I mean, a lot of people who get in for the reason that they believed in this are going to get out or possibly look into shit coins and rebel against this whole movement, which deceived them. So it’s kind of dangerous. It’s kind of like walking on thin ice. And other than that, it, it basically suggests that there’s some sort of coordination because every four years this happens, right? So they assume that miners and Bitcoin whales and some sort of obscure forces pumping money into Bitcoin are doing this at this specific time to fulfill something, which I think is nothing more than a self fulfilling prophecy. And I think this idea kind of counters the whole idea of decentralization.

Francis Pouliot (00:30:18):

Yeah. I ran both points and actually regarding the the unrealistic expectation that that is what annoys me with price prediction

Vlad Costea (00:30:26):

Francis, the recurring theme of the season is security. And I have asked different people, different questions about what security is and how they secure their own Bitcoins. And I think to this question, you have two dimensions. You have the security of your Bitcoins per se, and the security of yourself as an individual who must stay alive to be able to enjoy the Bitcoins and possibly pass them on or spend them or whatever, but you have to take care of yourself and of your Bitcoins. And what kind of advice do you have in these two situations? What do you use?

Francis Pouliot (00:31:04):

Yeah, that’s a super good question. So, I mean, I have a, have a very cool perspective on that because between like 2013, late 2013, and like 2017, I was operating a business or like a nonprofit actually called the Bitcoin embassy was a physical place where people would come and we would help them, you know, set them up with Bitcoin and wallets and that kind of stuff. And I’ve met thousands of people, like face to face. Like, and it’s not an exaggeration. Like you can imagine over four years, like multiple thousands of people I’ve helped them install wallets and stuff like that. And, you know, no, one’s, I’ve never seen someone’s phone while it get hacked. I’m not saying phone while it’s just safe at all. I’m just saying like objectively, this is a fact like no one has ever come to me and told me that their phone wallets got hacked.

Francis Pouliot (00:31:57):

Not a lot of people get their actual wallets hacked unless it’s a, it’s a online web wallets or an exchange wallets and they lose their passphrases. So I started to develop this, this more like this, this principle, which is that for the average normie and sorry. And then, but a lot of people lose their Bitcoins. A lot of people lose their, their backups or they don’t back up their phones and they lose their phones or they forget their pins and they don’t have the mnemonic, or they have them mnemonic and the passphrase, but they forgot the past res. So generally overwhelmingly

Francis Pouliot (00:32:40):

Normies and beginners, they will lose their Bitcoins, but not get hacked. So if, if you’re, if, if, if you know, you have to be, you know, reasonable and sensible, okay. So if you’re not like a known bit corner, first of all you have lower chances of getting hacked. Second of all, if you don’t have Bitcoins on an exchange you have much lower chances of getting out. And if no one in your family or your friends knows you have Bitcoin and even have fewer chances of getting hacked, more people, the people don’t get their big ones stolen. Usually it’s going to be from a friend and family from within your house, from within your group of friends, from within your company from a, a lot of people will get their Bitcoins stolen are from their technical friends. We help them install the wallets these kinds of things.

Francis Pouliot (00:33:34):

Okay. So again, not to say that you shouldn’t secure a Bitcoins at all, I’m saying is that sometimes when you go with hardcore security, you increase your chance of losing the Bitcoin. And for example, if you have like a multisig, right? So if you have, if you’re securing your Bitcoins with a multisig, like your own multisig, you have to have three. And so you have one key in your house and you have one key at your parents’ place and you have one kid the bank, right. Well, you know, you can lose three things instead of losing one backup, right? So you need to be careful with that. Like I personally do not recommend using a multisig as your own personal individual cold storage, if it’s your own coins, multisig in my mind is more of a mechanism for smart contracts, right? Like lightning network, like all sorts of things that use multisig for smart contracts, multisig is very useful.

Francis Pouliot (00:34:35):

If you have multiple people who have ownership of the coins, like a company or a trust, or th this kind of a system where you need to have governance in place, but as an individual stacking, you’re holding your own stash of coins multisig is not particularly I think the best way to go. So what is the best way to go? I mean, very simple stuff. It’s a hardware wallet with a passphrase. It’s as simple as that, right? So the concept of the hardware wallets is that the key is generated on a device that is not compromised. So that’s the first part of security is generating the key itself. So the, the, the mathematics involved in the generation of the key needs to be random. And it needs to be, yeah, the device where there’s no malware that will affect the generation of the key, or keep a copy of that.

Francis Pouliot (00:35:30):

So I personally really like cold card. I’ve been, I’ve been a user of Trezor my entire life. And so we were simply, I switched to cold card. You know, the truth is very safe, right. But at some point, if you’re a person like me, who is perhaps a bigger target and potentially also like a target of, you know, who knows maybe States attackers state-level attackers then the cold card is definitely like a level above in terms of security. But you know, I think genuinely Trezor is, is very, very good and regular people should, you know, should go with whatever they feel is a more user friendly. And and the the better experience, I think Trezor and postcard are both really good devices. And with the passphrase, of course, the best reason to pass for is you keep it in your head.

Francis Pouliot (00:36:29):

So the and the seeds, right. So get, get a hardware wallets. First of all the investment is well worth. It’s like I’ve been sleeping and very, very well my whole life knowing that my Bitcoins are safe on a hardware wallet. Second is the backup, right? So definitely make a backup in a place that is physically like waterproof or like doesn’t need to be fireproof necessarily because there’s not many things that are fireproof, but for example, a good way to make a backup is use a vacuum sealer. You write it on a piece of paper and like you fold like a black like, I don’t know, or a birthday card is basically over a piece of paper so that you can’t see through it. And you vacuum steal that because you want to make sure that someone isn’t like looking inside it and memorizing your seat or something, or taking a photo of your scene.

Francis Pouliot (00:37:27):

And you want to know if someone tried to do it basically tries to tamper with your seeds and then add a passphrase and the passphrase don’t write it down, keep it in your head. And if you have a family and that’s easy to say when you’re a guy like me, and I don’t mean I don’t have a I don’t have a will, right. I don’t have kids. And, you know, if I die, well, no, one’s getting my coins. They’re, they’re going into the Satoshi pile. They’re getting lost until I have kids, you know, I’ll worry about that later. But if you don’t have a, I mean, it’s a trade off obviously, but keeping the passphrase to coin in your head is definitely, you know the most secure way. And if you need to write it down for your, your will, your family, or I want to give them to a charity after your dying or something like that then get, get a notary set up right with that.

Francis Pouliot (00:38:24):

So really, so just to summarize, it’s like get a hardware wallets backup here, mnemonic correctly, and use what’s called the a 30th pass race, which is that if someone finds your mnemonic, they won’t be able to spend the coins. They need the mnemonic and your passphrase. The mnemonics, you will not be able to remember it. So you have to write it down for sure. And if you write it down, you put it in multiple copies. That’s fine. It’s multiple copies of the same thing. You have one, your place, one on your parents’ house, one in your bank vault. You know, not a joke, like just barely one in the forest, like with GPS coordinates, if you want. As long as you have a relatively long and complicated task res on top of them demonic, like people won’t be able to figure coins if they find them mnemonic. So the more complicated you get in your setup, the more chances you have of losing a part of your setup and losing access to your coins, that’s the, that’s the general idea. So if you’re not a big target you know, the biggest threat I think, is yourself losing it or someone in your family finding access to your, your back up or something like that.

Vlad Costea (00:39:44):

Yeah. And I agree that to some extent, yes, you should also consider security against herself because we are all human. And sometimes our memory can fade or our abilities to do stuff can fail just like in the case of how Finny, because I guess nobody expected this marathon runner to be able to, to not be able anymore, to walk and do basic stuff. So that’s something that we should all think about sooner or later, but what about when you go to conferences and maybe that you have exposed your full name on Twitter, so people know who you are, they know that’s your own Bitcoins and possibly they can follow you to the hotel room. They can follow you home and you go to meet ups. I mean, this is the kind of Fisher that I have in my mind. I know that Bitcoiners tend to be nice, but you never know who shows up.

Francis Pouliot (00:40:38):

No, you’re, you’re, you’re correct. I mean, and obviously this is something that scares the shit out of me, of course, because I’m I have the blue checkmark, like I have 50,000 followers. People in like just last night, I was coming back from a hiking. I went to a, a place to go buy some cheese, and then someone’s like, Hey, your house is like, you know, I follow you on Twitter. And I’m just like, this. Isn’t like my cheese store next to my house, you know? And the guy is like, okay, he could have just followed me and see where I live. I’m sure he’s a nice guy. He looked super happy to see me. He looked like a fan, but obviously that scares the shit out of me. Same thing with conferences. Obviously, if you go to a Bitcoin conference, like don’t bring Bitcoins in, that’s for sure do not do that.

Francis Pouliot (00:41:30):

You know, if you’re going to break, pick one conference, like bring a little of coin, done your phone wallets, just, you know, if you want to pay, there’s always opportunity to pay for beer with Bitcoin or something like that at a conference. But like just, you know, bring like a hundred bucks or something like don’t, don’t bring, don’t bring anything compromising, because there’s for sure going to be state attackers there, there’s going to be hackers there. And there’s going to be people, people attempted to steal from you to be honest, that’s a, that’s something you can’t really solve, like, because, okay. So, you know, you have all sorts of mechanisms that are like, OK. Like Coldcard, for example, has what’s called a “break me” pin, which is a, a special pin that you put on your coldcard. And that will destroy the coins like this.

Francis Pouliot (00:42:18):

One of the cool part is actually like, so you need to have a backup before they will make the call card useless. So even some kidnaps you and he’s like, give me your coins. Like, okay, you put your pin and it destroys the device. Well, you know, they might just kill you if you do that. What happens? So, you know, if they’re going to kidnap you and force you at gunpoint to give you the money, if you like refuse to give the money, you tell them, Hey, I physically can’t access because they have a multisig. They’re gonna say, well, okay, we’re just going to go to the other place where your other multi sticky is. Oh, well, no, I can’t do that. So the notary, well, you know, called an artery and tell him to come over here. Otherwise we’re just going to shoot you in the head, you know?

Francis Pouliot (00:43:05):

So it’s like, how can you stop that from happening? It doesn’t matter if you have a super complicated setup, you know, the bad guy, if he has a gun, he has a gun. So what you can do is you can, you can make it, you can only delay them. Right. So the idea is like, okay, so if you if you have, you know, that’s why people say multisig is good because, okay, you can delay the physical attack or, well, sure. I mean, you can delay the guy, but you still have to find a way to escape in the meantime. And then at some point it’s like, if he, again, if he’s threatening your life to give you to take the money from you, like you basically have to either give the money or fight to this, honestly, like, what are the options is there or escape.

Francis Pouliot (00:43:52):

So but you know, at the same time, like, okay, I love people have doxed themselves, physical attack on Bitcoiners do happen, but you know, robberies happen all the time for a lot of stuff. Right. people get robbed all the time. Like big corners. I think don’t get robbed more than regular people. That’s as far as I can tell. But it’s like the only way to solve this problem is by solving personal security generally. I mean, owning a gun not telling people where you live, like in my case, for example, like I’m going to be moving away from where I live currently. Right. I’m going to, everybody knows I live in Canada, I’m from Montreal. Everybody knows that. And I don’t feel particularly happy with that. The fact that everybody knows generally where I live or which area of the city I live in.

Francis Pouliot (00:44:50):

So I’m just going to move. Right. because I was actually scared when the lockdown, the coroner virus logged down happens. I actually got a little scared at that time because I was thinking, okay, if someone knows where I live and they’ve been waiting for the opportunity to Rob me, you know, the chaos of a log down might be the perfect opportunity for them to rob me. So I actually did get a little paranoid in the beginnings of the lockdown. Cause I was assuming that if it could get much worse, it would have, and there was a lot of chaos. It would have been a pretty good opportunity to Rob it corners at that time. I fortunately figured that didn’t happen, but, you know, I really don’t know what to say by that. I mean, because it’s a really good question and it’s always been the problem of a Bitcoin, which is space, you know, it’s like, yeah, of course like our wealth is secured in cyberspace, but we’re always gonna be vulnerable in, in, in meat space.

Francis Pouliot (00:45:45):

And which brings us to the idea of the Citadel, which, I mean, I don’t know if we want to talk about that, but you know, just really quickly, I mean, I don’t think it’s a silly idea at all. I take it extremely seriously. I think actually, you know, you know, I’ve been working on bull Bitcoin and bills for the last like five years, almost going to be five years in June. You know, the business is going well, I’m starting to have a lot more free time. I want to focus my energy on the, on the Citadel. And this is the concept of this. The Citadel is not some like magical fortress that’s you know in the middle of the sea or anything like crazy like that. But it’s just having a physical compounds somewhere in a jurisdiction where you feel protected from the government and you have physical security from outside attackers.

Francis Pouliot (00:46:43):

And just generally like the concept of the Citadel is just, okay, secure physical security is expensive. That’s why we have States the nation States, right? We have the nations state because it’s a way to pool our resources to provide for police and military. Generally, that’s the general idea of the governments and wants to protect the citizens because it’s very expensive and onerous and resource intensive to do that. But what happens if you don’t trust your government? Well, you need to trust other people at some point, right? We can’t all defend ourselves against the band of robbers. We need to pull our energy. So I think that the Bitcoiners teaming up together in the physical world, by for example, buying lands together and the sharing, the cost of hiring private security on their lands and sharing the expense of surveillance, sharing the expense of fencing and walls and that kind of stuff. I think that’s the way to go because we’re never going to be safe because they’re never going to be safe. As, as you said, as long as our bodies and our physical presence is not safe, it’s just, there’s no magic solution to securing Bitcoin. If you’re vulnerable to a physical attack.

Vlad Costea (00:48:02):

I think even in the situation of a Citadel, basically you have to trust that the people who live with you are peaceful and only have the best of intentions. And how can you actually verify that over time? Everyone seems nice and you know, agreeable in the beginning and they will share the same values and play by your rules. But if something goes wrong, I mean, I guess both of us are at the age when we know that living together with somebody in the same space is difficult, be it with a partner or with neighbors. And they all seem nice in the beginning, but after that, it can get nasty.

Francis Pouliot (00:48:41):

Well, we’re going to have to, we have to trust people. I mean, the don’t trust verify aspect of Bitcoin is really, it must not. In my mind, it must not be interpreted as being a universal principle for all areas of life. We need to trust our neighbors. We need to, there’s no choice. There’s no choice, right? You can opt out of trusting anyone, but at what cost, the cost of being a hermit, being a living in a pod, basically social isolation a huge personal cost to, for just expenses of your own security. I mean, that’s, what’s interesting about the idea of the Citadel is that you will choose who’s your neighbor, right? You will not, you will not move to a place because you’re likely to place. And then, Oh, well, you’re gonna find a random neighbor. You will team up with people and decide together to become neighbors, right?

Francis Pouliot (00:49:42):

So it’s not the geography that’s going to determine who you trust. It’s not chance who’s going to determine who to trust. It’s a, it’s a set of values and principles. It’s like it’s like the Knights Templar in medieval Europe, as that’s the way I see it. Like you need to, we need to create a sense of brotherhood, a sense of initiation, a sense of ritual S sense of community, really. And, but, you know, we’re all very good at, at, I mean, I think everybody is pretty good generally at having intuition about who to trust or who not to trust. I mean, I am pretty confident. I am, I’m good at knowing which trust and who I should not trust. And I’ve just come with, come to terms with

Francis Pouliot (00:50:28):

The idea that I’m going to need to trust people. And you know, people trust me, I know people trust me and I know people in my circles, my big horn circles, trust me, perhaps some of them trust me where their lives and I trust some people with my life. I mean, of course I do. There’s a bit corners in Montreal that I’m very, very close to. There’s big corners over the world. I’m very close to, and we’re just not, we, at some point you don’t have a choice. You have to trust someone, right. And the idea is to trust the fewest people possible, but you still, I mean, you’re still gonna have to trust people at the end of the day. I think

Vlad Costea (00:51:05):

No, it has to be the fewest, but the best of people, because I think I’ve had a similar situation or a similar conversation, but in a different context where a guest from episode two of the same season, his name is Leo and he’s a software developer for myCellium wallet. And I asked him, where do you draw the line between don’t trust, verify, and actually trust some sort of developer or evaluator because we don’t all have the technical endowments to be able to verify everything. And even if we don’t have the physical time to actually deal with everything, getting verified every piece of software before we install it. So there has to be a threshold where we decide that this can be trusted and this cannot, and the only maybe criteria that we have has to do with reputation, and you have to look at people’s backgrounds and their activity in the field and the record of what they have been doing, and assume that they will keep on doing the same and not have any sort of slip ridges or changes of character. So it’s always difficult. And I think the problem of trust as possibly Nick Szabo and people before him have said as possibly the greatest of human issues that we have, and if we are able to fix trust, we can actually scale as a society and develop.

Francis Pouliot (00:52:36):

Yeah, absolutely reputation is key, but even reputation is more of a tool because you know, so am I going to have a reputation, but he can exit scam reputation, right? That’s the, that’s always been, the big problem with reputation is what happens if someone is building your reputation in order to cash it out one day and screw people over which is something that we’ve discovered, for example, with darknets, there is no police on the darkness. There’s only reputation on the dark net, but the vendors of the drugs on the dark net and all of these darknets up at marketplace that have a great reputation, you know, on a long enough timeline, everybody exits scams, basically. So I think that that seemed to lab has found a really good way to to solve this problem reputation and in his book skin in the game, which is, you know, localism, right?

Francis Pouliot (00:53:30):

So and in physics, that’s why I like the concept of this Citadel, the physical elements, which is if, if you are surrounded by, by people, you know and you have to live with the consequences of your actions physically, right? Or else you’re forced to physically move, you need to impose a big costs essentially on breaking trust and breaking your reputation. What I like to do also personally, is to try to, I mean, maybe it’s hard for, for a lot of people to do that. I think I’ve been relatively good at doing that, which is identify the motivation of people and like why they’re doing what they’re doing. So that’s kind of like how I decide who I trust. And I trust a lot of people in this industry and I distressed it out of people, but the people who I trust usually are the people that I can see, the biggest pain, the biggest suffering or costs that you can impose on them is for them to lose their integrity.

Francis Pouliot (00:54:30):

Like if someone is driven by ideology, for example, I tend to trust it, which is a dangerous thing because it’s easy, it’s easy to, it has been easy in the past to screw me over. Like people have screwed me over by pretending to be cypherpunks and libertarians that it has happened. Like if someone’s decipher point, like that’s not a mistake. I did many times I don’t do that anymore. But if a few years ago, if someone was a libertarian and a cypherpunk, I would kind of instantly trust them. And it was easy to pretend to be that, to gain my trust. But generally I try to see like what motivates the person, if, you know, if it’s money that for sure, I’m not going to trust you. Right. If you’re motivated by money, I’m not going to trust. I’m sorry. I mean, I might trust you for another reason, but just based on that, I’m not going to trust you.

Francis Pouliot (00:55:19):

I’m going to be skeptical of you in the beginning, but if you’re motivated by, you know, the struggle for freedom or something of that nature and I, and it’s sincere then or if you’re motivated by a desire to be remembered as a good guy, there are a lot of people who are generally driven by the desire to be a hero, right. In this modern world, there’s a lot of them. And it’s that, that’s one of the things that I use personally when I decide who to trust is like, what motivates them. And if they decide to screw me over, for example, what are they going to lose? Is there, what are the repetition for? Because if you, if you have reputation to make more money, you know, if you’re like a celebrity, whatever, or if you’re a podcaster and you derive your income from having a lot of views then not fucking about you talking about other people, but for example, if your reputation is, is only a tool for you to make more

Francis Pouliot (00:56:24):

Advertising revenue, then if you can exit scam your reputation for more money than you get from the advertising revenue, then clearly I’m not going to trust you. There’s, there’s an incentive for you to sell to reputation at some point. But, you know, I hope that people believe me that I’m genuine, where for example, in my case, like to lose my reputation would be the biggest costs to me. I would rather genuinely lose everything I have than lose my integrity, because ultimately what I like the most in the world is to sleep well. And I know it’s silly, but I really, really enjoy a good night’s sleep. I like to sleep in in the morning and I like to fall asleep at night. I really enjoy it. And if I’m stressed out, if I feel bad, if I feel guilty, I don’t sleep well. And I don’t, I don’t have a relax.

Francis Pouliot (00:57:19):

So that’s, what’s the most important to me. And I guess that’s this hard to tell. It’s hard to tell, but I agree with is I, but when you, and the problem of trust is the most difficult problem in the world, but ultimately, maybe it’s one that can be solved and we should just live to accept the risk of trust. And honestly just rely on our instincts, like the human homosapiens species evolved in a tribal nature, trusting each other. And you know, of course it is being the, an incalculable amount of backstabs and betrayals in human history, but still, I mean, it’s part of our human nature to trust each other and we have every good instinct. So I think we should, you know, sometimes just trust our instincts a little bit and stop being too intellectual about trust. Sometimes

Vlad Costea (00:58:12):

I can agree with this. And I think I particularly like what you said about people who like being heroes. I tend to be that yet. Sometimes I try to be too, you know, a modern day, you know, American character from the 1930s, like James Stewart or something. And it’s a wonderful life. I don’t care much about losing stuff. I just care about feeling right about what I’m doing. And I ended up being on the full side because people usually take advantage of you when you do that. So I tend to bite back sometimes, but I also think that in the Bitcoin space we tend to sometimes have, and you have taken a shot at somebody. I’m not going to mention who, but generally I think that it’s interesting how people who get a huge following and are not able to deliver content, to educate and rely basically on other guests. And it’s a slippery slope because if we want Bitcoin to actually advance, we need not necessarily leaders, but knowledgeable people who need to take charge of their position and actually educate others in useful ways and in constructive ways. And we don’t get that. We have people with hundreds of thousands of followers who basically do nothing, but try to generate much more engagement for themselves and that’s it.

Francis Pouliot (00:59:38):

But time is the great Redeemer. So time, you know, repetition is it’s hard to gain and it’s quick to lose. And you know, over time, these things inevitably kind of unfolds. So that’s the thing with trust and reputation. It’s like, that’s why it’s so important to keep it and to work very hard at keeping it and to, to invest. You have to invest in your reputation, you know, it’s, you need to, you need to actively invest in it. Usually you invest in your reputation by having opportunity costs, not to make money by breaking your reputation. So the money that you don’t make by losing your reputation is an investment in reputation. And I think it’s people should really, really think a lot about investing in their reputation because once you lose it, it’s pretty much gone forever. And, you know, there’s bad things and good things about internet based reputation and trust.

Francis Pouliot (01:00:36):

But one thing is that the internet never forgets. So if you lose your reputation of the era of the internet, the consequences, the grades, you will not get it back and people will not forgive and forget. That’s for sure. So, and it’s like time preference, you know, the concept of time preference and Bitcoin, it’s really the same thing. As you know, you should forego immediate and quick benefits, impulsive, you know, pleasures and rewards in order to maintain something that will bring you value in the future and a bunch better value in the future, which is your reputation.

Vlad Costea (01:01:16):

Oh yeah, I agree. And I feel like you have brought quite an interesting dimension to the conversation about security. So I thank you very much, Francis, as a closing note, you should follow Francis Pouliot on Twitter at, let me check it’s Francis P O U L I O U T. And there’s an underscore.

Francis Pouliot (01:01:38):

Yeah, yeah, exactly. And fortunately I have the blue check Mark, so just, you know, type Francis Pouliot in Twitter. And I’m the one with the, the Twitter approved the check Mark.

Vlad Costea (01:01:51):

Yeah. And if you’re in Canada, you should definitely use bill Bitcoin because it’s the only exchange that coin joins. And that’s not just I who says that there is a huge amount of happy customers, and now I’m not even sponsored. I have no idea why I’m showing your product, but I think it’s pretty great. And you’re doing something that should be followed by others. I mean, it’s a great example and I have no idea why so many Bitcoin services don’t do

Francis Pouliot (01:02:20):

It. It’s hard, man. That’s just, that’s just it. And because the customer doesn’t notice or care. So another discussion maybe might be that because the customers, they don’t care about that. But we do it because feels good and maybe one day it’ll it’ll pay off. But and also if you’re coming to Canada join the Montreal meetup group we have a very active meetup and you know, if you’re coming in town and you there’s no meetup, just tell us and we’ll organize a meetup. We can usually make a meetup every week, every two weeks, something like that. Then we have a pretty close group of Bitcoiners here that know each other that are friends in real life though. We, we meet each other and in real life all the time. So don’t be shy, just drop us a message. And we’re always very happy to help Bitcoiners who moved to Montreal, get to involved in their community and make some new friends. And you guys speak both French and English. So that’s a huge advantage. Yeah. Yeah, absolutely. Okay. Well Vida was great. Pleasure to be on your show.

Francis Pouliot (01:03:44):

No, we should. Absolutely. We should absolutely do that. All right. Let’s let’s, let’s, let’s do that again soon for sure. One of the most fascinating and interesting topics I think in Bitcoin right now, so it’s okay. Okay. Bye. Thanks for listening everyone.

Vlad Costea

I'm here for the freedom, censorship-resistance, and unconfiscatability. What about you?

So, what do you think?

Follow Me