Share this page!

Seth Simmons Profile picture
Twitter logo
7 Apr, 23 tweets, 8 min read
1/ After a good bit of research and some back and forth on Twitter, I wanted to put out a thread with my thoughts on MobileCoin.

Tl;dr -- MobileCoin uses the Monero protocol to provide strong privacy for users, but sadly relies on Intel hardware guarantees and centralization.
2/ MobileCoin chose to build their protocol with the entire Monero protocol stack for privacy, while relying on Intel SGX for validation of transactions:

github.com/mobilecoinfoun…

This reliance means that Intel becomes a trusted participant in the network and assumes no backdoor
3/ Unfortunately, even though MobileCoin based their entire transaction protocol around Monero (rewritten in Rust, which is great!) they blatantly ignored the source of the protocol:

4/ The Monero project has been iterating and improving the Monero protocol for 7y, and though it was originally based on the Cryptonote protocol, it has evolved drastically and no longer shares many similarities.
5/ The Monero community always gives credit to the source of innovations, and many of the core pieces of the protocol stem from efforts to improve Bitcoin privacy that were never implemented there.

Examples of this are Confidential Transactions, Bulletproofs, and Dandelion++.
6/ The most interesting deviation from the Monero protocol is the deletion of rings post-validation and pre-inclusion:

github.com/mobilecoinfoun…

I’d love to hear more thoughts on how (if?) this could work for Monero.
7/ To top all of this intentional lack of credit to the Monero project, the lead engineer for MobileCoin took to Twitter to bash Monero’s codebase, obviously without understanding Monero or it’s history:



8/ Another core issue with MobileCoin is that there is no mining or fair issuance — all 250M coins have already been mined in 16 outputs, and are solely the property of MobileCoin and it’s VC investors to use/sell as they see fit:

raw.githubusercontent.com/UkoeHB/Mechani… (page 133)
9/ However, maybe the most troubling of all with MobileCoin is that they already explicitly censor and prevent US citizens (among many others) from using MobileCoin in any way:

github.com/mobilecoinfoun…
10/ Add to this their already explicit support of government surveillance and economic control, and you have something completely antithetical to “cryptocurrency”:



This is not censorship-resistant, it is already censored and heavily regulated.
11/ As for their design decisions:

They seem to have completely ignored the fact that mempool validation (0-conf) transactions are fine for the vast majority of mobile payments:



There is no need for all transactions to have multiple confs.
12/ In addition, transaction fees are already extremely high at ~$0.67 per transaction flat fee, far too much for this type of mobile-first micro-payment platform:

reddit.com/r/signal/comme…

This is drastically higher than the current $0.0037 TX fees in Monero.
13/ Note that there are no miners or validators to pay for security, so there is no need for high fees in any way.

I would expect this to be arbitrarily lowered and controlled by MobileCoin in the future, but seems like a serious design oversight on day one.
14/ All of this to say that MobileCoin screams “cash grab” and doesn’t seem to have any basis in technical merit or user-base.

MobileCoin has 0 existing user base, no exchange listings, and has been built from the ground up for VC-funding.
15/ As someone who has been pushing @signalapp for a while, I’m pretty upset by this move the more I learn about MobileCoin and the intentional disregard they’ve taken for crediting #Monero with their entire privacy protocol or building a censorship-resistant platform.
F/ To finish it off, here’s a great old thread that speak to the disconnect between cypherpunk ideals that seems to be rising in the space.

We can do better. We *must* do better.
More info on past and present SGX flaws/attacks that could compromise validation in MobileCoin:

arstechnica.com/information-te…

wccftech.com/intel-cpu-plun…

It’s unclear exactly what could be attacked via an SGX attack/backdoor:

github.com/mobilecoinfoun…
A good read with some shared thoughts:

tech.slashdot.org/story/21/04/07…

The most painful part of this is if Signal ceases to be a good platform to recommend (and all of this has shaken my faith) I’ve poured *many* hours into onboarding people to Signal.

Hard to change now.
A response (of sorts) from the CEO of MobileCoin on the launch:

news.ycombinator.com/item?id=267262…

Tl;dr — MobileCoin exists to fund Signal and the vast majority of coins will be sold off to do so. No community insight on sales or usage mentioned.
A response from the CEO of MobileCoin on “why not use/build on Monero”:

news.ycombinator.com/item?id=267325…

Completely ignores 0-conf being sufficient for mobile/micro payments and could have just built Fog on top of Monero AFAICT:

github.com/mobilecoinfoun…
“Speed” appears to be a sticking point for MobileCoin, but it’s important to note that confirmations *do not* mean trustworthy finality.

1 conf on a highly secure network every 2min is vastly better finality than 10 confs in 2min (for example) on a small and centralized network.
Monero is not faster than Bitcoin because it has confirmations/blocks every 2min instead of 10min.

It’s a design choice that does not necessarily imply security, but does provide some improvements to moderate finality for users.
Mirror the thoughts here quite closely:

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Seth Simmons

Seth Simmons Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @sethisimmons

Seth Simmons Profile picture
18 Feb
1/ @GrapheneOS crossed the line for the last time last night, and I now have to strongly recommend no one use their OS.

After weeks of reply spam, sockpuppet spam, and DMs, they reached out to *another* #Monero community member I respect via DM and slandered my reputation.
2/ While the OS itself may be fine (I know people using it without issues), I cannot in good conscience recommend something that is led and built by people that would stoop to these levels simply because I chose to use @CopperheadOS and recommend it based on my own experience.
3/ As of today I have removed any mentions of it from my blog, and will solely recommend people use @CopperheadOS or @calyxinstitute if they want to move to a de-Googled and more private mobile experience.

Enough is enough.
Read 5 tweets
Seth Simmons Profile picture
16 Feb
/1 @lmessenger pointed me to a PageSpeed analysis of my blog and provided some great pointers on speeding up my static site I'll share below:

developers.google.com/speed/pagespee…

These changes dropped average time to interact from ~4.5s to ~1.5s, a massive improvement in UX.
2/ The first change was to implement browser caching of static files following this guide:

digitalocean.com/community/tuto…

Simply adding the block in my NGINX conf file and adding a line to each server block gave a huge increase in load speed to repeat visitors/assets shared by pages.
3/ The second was to enable GZIP but use server-side pre-compression following this guide:

blog.llandsmeer.com/tech/2019/08/2…

See the following portion of my post on how I built sethsimmons.me for how I do the pre-compression:

sethsimmons.me/guides/buildin…
Read 4 tweets
Seth Simmons Profile picture
7 Jun 20
1/ Decided to finally take the leap and test out @SamouraiWallet w/ Dojo end-to-end.

I try to keep an open mind and keep testing out privacy tools outside of #Monero, and had not yet tested the Dojo portion of Samourai.

I’ll detail findings in this thread:
2/ Install was relatively easy for someone with a sysadmin background, but did require generation of *many* passwords and API keys.

Integration with my existing Tor relay/node was vague, need to look into how I can better integrate Dojo into my existing Tor setup.
3/ The actual installation took about ~10m, with the sync of the Bitcoin node kicking off after that.

Once the Bitcoin node syncs up, I’ll report back here in this thread 🙂

Should be ~4-6h from my previous testing!
Read 15 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @sethisimmons has new unrolls!

Check out other threads from @sethisimmons!

Read all threads by @sethisimmons