I just received this DM from an iota-focused outlet (@tangleblog) threatening to "write an article about me & my deeds" intended to compromise my job & professional relationships (oh no!) unless I address questions about iota "in an open and scientific way"
So let's science...
@tangleblog I'm going to put aside every single past iota problem (the demonstrably flawed cryptography, that time they couldn't encrypt the number 13, and I'm even going to ignore the general conduct of their fan base), let's pretend all of those don't exist, and focus on co-ordicide.
@tangleblog This is science, so we start with a hypothesis. IOTA's ostensible hypothesis is there exists a system that is fundamentally decentralized in nature (all interactions are between local entities) but that can reach global consensus, in a secure manner, in a reasonable time frame.
@tangleblog This presents us, the scientists, with a problem. Given an arbitrary transaction from a local peer (alice buys a coffee) we have to determine if the transaction is valid within the overall context of the network, ideally before the coffee goes cold (poor bitcoin coffee drinkers)
@tangleblog This problem has a long history, too much to cover in a tweetstorm so I will skip the what scientists call a "literature review" and please just replace this tweet with a number of gushing references to Leslie Lamport, and maybe shoutout to James Mickens's The Saddest Moment.
@tangleblog OK so, in the middle of that literature review, Bitcoin came along and was like "I've solved sybils, let's just increase the total energy use of the planet by .1%-.5%" and everyone was like "woah, that's amazing"
But everyone's coffee is still cold.
@tangleblog That's because even with all that energy use, consensus still takes the same amount of time because we have to delicately balance the incentives to attack the bitcoin network with the cost to do so.
This has everyone looking for another way. Now back to iota.
@tangleblog IOTAs -current- tangle is fundamentally dependent on something called a coordinator, The coordinators job is to sit on the network and create milestones which reference transactions. This allows IOTA's current system to reach consensus in the presence of malicious actors.
@tangleblog Centralization! I hear you cry. Yes, without those milestones very bad things would happen very quickly, and IOTAs would be double spent all over the place (if iota had any actual value or liquidity)
So this year, the foundation finally presented a plan to fix it. Coordicide!
@tangleblog The plan proposes a proof-of-stake inspired mechanism where each transaction iota generates "mana" or "reputation" & can be assigned to trustworthy nodes.
Thus, nodes can stake mana during transactions, and consensus is weighted on reputation.
So, Sybil protection, right?
@tangleblog The astute among you, likely those of you who got my Mickens reference without googling, will have noticed a small flaw in that plan.
The reputation flow, flows over the same network that transactions do. It is also subject to byzantine faults.
@tangleblog But, dear reader, not to fear. All we need is some globally verifiable randomness, and a complete list of iota nodes and we can use an algorithm to wash away those faults....
It's not like those are fundamentally hard problems in distributed systems or anything, right?
@tangleblog Ok first we need a complete list of iota nodes. We could have everyone ping a centralized node every time they come online (hmm we want to be decentralized), what if we hardcoded a list in the source code? (ah damn same problem), what if we multicast across the internet?! (hmm)
@tangleblog I've been informed by the iota community that the solution to this is "gossiping", and at this point in my paper I'm going to assume you didn't read my literature review on gossiping.
@tangleblog So, gossiping....I could link you to this review (cs.cornell.edu/projects/Quick…) or you could go literally any distributed systems paper - but what you need to understand before we progress is this:
Gossips are as secure as the consensus mechanism. Not the other way around.
@tangleblog If you have a secure consensus mechanism you can build a robust gossiping protocol that minimizes malicious distribution.
You can't build a secure consensus mechanism from a gossip network...because...say it with me...
You need to agree on the number of nodes!
@tangleblog Why is agreeing on # of nodes important? Because if you don't agree on the number of nodes, then you have no basis on which to trust a) the total size of the network b) the distribution of conflicting information to verify against c) your security parameters.
@tangleblog Every other claim in the iota coordicide paper, extends from this implicit assumption.
If you have a complete list of nodes, you can build some amazingly secure & fast systems.
The challenge is in doing that in a decentralized manner.
@tangleblog I want be nice to iota, and turn to another facet of the system - we are going to assume that a complete list of nodes is magically available. Is the iota system sound given this, admittedly huge, assumption?
@tangleblog Let's do another science thing, a Gedankenexperiment or "thought experiment", and return to Alice buying her coffee from a coffee shop. Except this time it is her girlfriend Mallory, who is an anti-capitalist and would like some free coffee.
@tangleblog Mallory creates two iota transactions, one for buying the coffee, and another where she sends the same funds to herself (Mallory doesn't care about her private key).
Can Mallory position herself within the network such that she can distort or delay consensus (& get free coffee)
@tangleblog Mallory doesn't care about your network, and will happily block packets, hijack bgp routes and otherwise disrupt communications - but that doesn't matter right, because we are decentralized? We can make local decisions without the rest of the network?
@tangleblog So the coffee shop here has a couple of options. They can't seem to reach many of their verified random other parts of the tangle. There may even be a few transactions confirming Mallory's transaction, but it seems slower than usual.
Do they give Mallory the coffee?
@tangleblog I've written a fuller outline of the trade-offs involved with the above scenario here: fieldnotes.resistant.tech/dags-and-decen… tl;dr you either delegate trust to supernodes, or you wait a (long) while.
Or you can assume the network is untamperable. I'm not a cop, assume what you want.
@tangleblog Let us not forget that we skipped over the "no seriously, to build a robust gossip network you really need to know all the nodes in advance, you can't build sybil resistance from nothing"
So let's pop the stack, and conclude.
@tangleblog Have iota proposed any mechanism for building a robust -decentralized- gossip network given everything we know about byzantine faults and distributed consensus? No.
@tangleblog Do iota, and their "independent" associates, have a history of harassing researchers who point out flaws in their technology? Yes.
You can just go google this one.
@tangleblog Now, let me be serious, @tangleblog, please do publish that article about me, if only so that I recover the modicum of dignity I sacrificed to dance your jig to write a thread that will hopefully steer more people away from a miserable little scamcoin.
I'm secure in my integrity
@tangleblog If you like this thread, please consider donating to @OpenPriv to support our nonprofit, working with marginalized communities to build consentful tech.
We now have commemorative t-shirts to celebrate the time we helped destroy e-voting in Switerzland.
@tangleblog@OpenPriv Finally, I must address the threats. It's laughable for many reasons (the main one being that Open Privacy has no organizational supporters to threaten, no one will fund marginalized privacy anyway, all the support we get is independent), but in another way, it's disgusting.
@tangleblog@OpenPriv Throughout my life I've been threatened by bullies who sought to use whatever they considered a weakness of mine. I've been threatened with lawsuit oblivion by multi national corporations. I was once chased down a street for holding my partners hand.
@tangleblog@OpenPriv I've spent years of my life, shaping it such that my morals, my ethics and my work were aligned. I'm entirely happy in who I am and the decisions I made that got me here.
So understand that your threats ring hollow, but also understand that I won't stop until they cease to ring.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
* "De-identified" data doesn't actually mean de-identified.
* Organizations are explicitly allowed to subvert "de-identified" data in order to identify people "for testing".
* The commissioner can authorize organizations to de-identify data.
There is also a long list of exceptions that allow personal data to be disclosed to a huge number of organizations (including hospitals, schools and libraries) under the ridiculously broad category of "socially beneficial purposes"
A big fan of this hellish definition of "dispose" wherein organizations can just "anonymized" your data instead.
Really excited about the upcoming @cwtch_im 1.8 release.
So much work has gone into the UX over the last couple of years and it really feels like we are moving closer to the goal of usable metadata resistant tools.
Thinking back to where it all started, years ago, with just me hacking on a little extension to ricochet it really has come a ridiculously long way thanks to the work and dedication of so many people!
Last night I tested whether I could use the same antenna I use for GOES as a less-bulky hydrogen-line radio telescope. I swapped out the LNA and plugged it into the pipeline I wrote last year.
Turns out it works pretty well if you are looking for an off-the-shelf option.
Here is the spectrum chart from last night. I didn't both calibrating so there is way more noise here that could be easily removed.
Thread from last year with the same charts made from data taken from my home-built horn antenna:
If you want a vision of the future, imagine an endless line of do-nothing, jobsworth, bureaucrats demanding you use ever less secure forms of communication – forever.
I want to be very clear that there can be no compromise on this position. Any attempts at weakening end-to-end content encryption or demanding metadata surveillance must be seen clearly for what they are:
Attacks on democracy and free society.
You deserve a present and future where the technological extensions of yourself are under your control rather than agents subject to the bidding of meddling authoritarians
1) "We will not hand over data we collect" 2) "We cannot hand over data because we automatically delete it" 3) "We cannot hand over data because we never had it in the first place"
Only (3) is actually secure against a state.
That includes super-duper promises made in press statements and pinky-swears.
If you haven't yet worked out that policy promises made by tech companies regarding what data they give to state actors mean absolutely nothing I can only assume you have been living under a rock for the last several decades.
Begging crypto twitter to stop conflating the orders of a Canadian Provincial court based on well established legal procedures with potential impacts from Federal emergencies act invocation.
There is a lot to criticize and be concerned about, but conflation muddies the water.
I am very troubled by the invocation of the act - and more so with statements made by MPs to put forward legislation to make some of the powers relating to financial surveillance and/or censorship permanent.
While all extra-judicial freezing of assets is reprehensible I am very concerned with claims made in the house of commons this morning that Canadians who donated small amount of money are having their accounts frozen - if verified, those kinds of actions need intense scrutiny.