Next Wednesday, March 27 is #Foremembrance Day. Join me here for a Livestream just before the sun sets over Amsterdam (11am PT, 2pm ET, 7pm CET). I'll be talking about the dangers of correlated identity, and some lessons from history. [1/11] twitter.com/i/broadcasts/1… Foremembrance Day marks the day in 1943 that the Resistance in the Netherlands tried to destroy the identity registry archives in Amsterdam, to protect the populace from the occupying Nazis. [2/12] annefrank.org/en/timeline/12…

At @BlockchainComns we believe that multisig offers superior #SmartCustody over using Shamir's Secret Sharing (which was recently implemented as part of @Ledger Recover). Unfortunately, there are few practical alternatives to sharding a seed, and multisig is complex. 🧵… [1/13]

https://twitter.com/ChristopherA/status/1659061319004454913

The first obstacle to multisig is that our experience is that they are too complex for normal usage. We know that even professionals using one of our well-tested secure scenarios find the hour it takes is too long. [2/13] github.com/BlockchainComm…

Perhaps my biggest problems with the @Ledger Recover program as it’s currently conceived are that it’s not open and it’s not independent. Users will be locked into decisions that Ledger made, for its own business reasons. [1/12]

https://twitter.com/ledger_support/status/1658824425192521728

The Gordian Principles from @BlockchainComns suggest that digital assets should be held in a way that’s independent, private, resilient, and open. Ledger Recover increases resilience, but that’s it. [2/12] github.com/BlockchainComm…

One of my concerns with the new @Ledger Recover service is that they appears to be sharding via Shamir’s Secret Sharing, but doing so in a proprietary way and possibly in a naive fashion. We don’t know, as it is not open source. [1/11]

https://twitter.com/ledger/status/1658518313083731974

Obviously, Shamir’s Secret Sharing has a long history and is widely used, but it also has real drawbacks. As we’ve written at @BlockchainComns, one of the biggest dangers comes in reconstruction. [2/11] github.com/BlockchainComm…

There's been a lot of controversy over @Ledger's new recovery service, which will shard your seed out to third-parties for storage. Why? In large part because we didn't expect seeds to ever leave the Ledger device. [1/11]

https://twitter.com/ledger/status/1658513310541545491

As it turns out (as all hardware wallet designers already know), all it requires is a signed firmware update, and seeds can go wherever they want. Why?… [2/11]

Today my article on the need to protect private keys from courts was published by @BitcoinMagazine. This may be the most important legal advocacy work @BlockchainComns has ever done! [1/10] bitcoinmagazine.com/legal/saving-b… The problem is that prosecutors & lawyers are asking courts to demand private keys as part of pre-trial discovery. This is wrong on so many levels! [2/10]

SSKR stands for Sharded Secret Key Reconstruction. It's a way for users to easily shard a cryptographic secret, giving you some options for seed reconstructions & and improved resilience against theft or loss. [1/15] Why? Because loss of a seed or private key is the easiest way to lose your Bitcoin or other cryptocurrency. SSKR safely backs up your seed by breaking it into shares which are only useful if combined back together. For details see our overview doc: [2/15] github.com/BlockchainComm…

Puzzling through if NFTs can be used to help fund trustless self-sovereign identity efforts, and open infrastructure tools & services. First experiment: opensea.io/assets/0x495f9… I'll try an auction tonight when the gas fees are lower, with the auction scheduled to end next week.

Five years ago, I published "The Path to Self-Sovereign Identity", which laid out the idea of a new sort of user-controlled identity, expanding on ideas from visionaries before me. [1/13] coindesk.com/path-self-sove… To celebrate that anniversary, I published a new article today that takes a look at where self-sovereign identity has gone in the five years since. [2/13]

https://twitter.com/CoinDesk/status/1386709198579322883?s=20

Bitcoin has quadrupled in value in the last year, which makes #SmartCustody more important than ever. Your holdings might now be worth more than you think. How secure are your digital assets? [1/10]

https://twitter.com/ChristopherA/status/1267560481855639553

You could choose to store your keys in hot wallets, which are directly connected to the internet, or in cold storage, which takes them offline. Each has its own advantages and limitations. [2/10]

Twenty years ago today I launched Castle Marrach to the public, my first multiplayer online game design. Unique in offering a #Bartle “socializer-dominant” interactive fiction experience, and a hybrid text & web interactive environment, it was novel for its time. [1/15] I had founded Skotos in 1999 with a goal of creating "multiplayer interactive fiction on the Internet". We wanted to make games that were more social, more dynamic, more interactive, more “real”, and in particular more story-focused than anything that had been seen before. [2/15]

#SmartCustody Adversary — Convenience

Our first adversay in category “Loss by Mistakes" is CONVENIENCE. It sounds, well, convenient, doesn't it? But it is a real adversary because focusing on it instead of safety or security can cause you to lose your digital assets. (1/8) CONVENIENCE is an error that arises from your decision to ignore your normal security procedures. Yet that decision might be for entirely good and pragmatic reasons. (2/8)

#SmartCustody Adversary — Disaster

DISASTER! Its motivation? "I want to destroy. I want to crumble and burn. I want to ruin with water, to blow things into the air. I am bombs, bullets, and explosions. I am sudden and unexpected but disastrous destruction." (1/9) This is the third adversary in my #SmartCustody book about protecting your cryptocurrency and other digital assets. And the motivations certainly explain the ways that you could lose your private keys. A house fire, a flood, a tornado, a war. (2/9)

#SmartCustody is an ongoing project of @BlockchainComns, a blockchain infrastructure support organization. In it we share the best practices for the use of advanced cryptographic tools in improving the care, maintenance, control, and protection of your digital assets. (1/14) In the 1st edition of #SmartCustody we detail best practices & default storage scenarios, offer an exercise for you to learn how to model digital asset flows, create a risk model, do an adversarial analysis, and use these tools to modify your personal storage scenario. (2/14)

Last night @BlockchainComns tagged our first release of bc-seedtool-cli, a Mac & Linux command line tool for for some emerging standards for cryptographic seeds. github.com/BlockchainComm… We believe this to be a stable and useful release. However, we have not done any formal security auditing — this release is intended for additional review by third-parties before requesting formal auditing.

New collaborative white paper from #RebootingWebOfTrust on the topic “Five Mental Models of Identity”. Team led by @JoeAndrieu w/ Nathan George, @IDIMAndrew, @cmacintosh & Antoine Rondelet github.com/WebOfTrustInfo… …”consider multiple mental models for better communication and better identity systems. Whatever your own goals, we believe you are more likely to achieve them if you can communicate clearly in terms others understand and can incorporate the needs of others into your own work.”

As we head in 2020 toward standards for encrypted data vaults (see overview github.com/WebOfTrustInfo…) I can't help but think of efforts in 1991 to add cryptography to the Xanadu Club system. I found some old Xanadu docs on this & scanned them for posterity: dropbox.com/s/qeyywxr9vk45… In modern day cryptographic terms, each Xanadu document is like an encrypted git commit (a point in time of a collaborative document). The Read Club has the decryption key to read the data. The Write Club can collaborate to sign future revisions of document.

Our new FREE book “#SmartCustody: The Use of Advanced Cryptographic Tools to Improve the Care, Maintenance, Control, and Protection of Digital Assets” published by @BlockchainComns written by myself & @Appelcline is available TODAY! bit.ly/SmartCustodyBo… Your digital assets are more vulnerable you might think. They could be stolen by hackers, extorted by the mob, expropriated by the government, or lost by you!

On the agenda for next week's Wyoming Legislative Blockchain Task Force is the topic of prohibiting being being compelled to produce a private key. You can still be compelled by courts to transfer a digital asset or prove control of an asset using a public key. #KeysAreNotAssets There is some prior discussion on this topic starting with my original thread on twitter:

https://twitter.com/ChristopherA/status/1121883628701544449

Here are the summaries for the remaining topic papers submitted to this week's #RWOT9 in Prague. We hope that the community has had an opportunity to scan all of the papers & read in detail the ones related to their own work, before we set our collaborative choices on Tuesday. The complete list of the suggested topics and advance readings for #RWPT9, as well as summary Primer documents are listed at: github.com/WebOfTrustInfo…

#RWOT9 begins in Prague on Tuesday, giving me 5 more days to share the rest of these quick summaries and my thoughts on the 50+ topics that have been shared as advance readings for our design workshop. github.com/WebOfTrustInfo… TOPIC Establishing level of assurance with verifiable credentials and the need for a human centered design exploration KEY CONCEPT Previous generations of digital identity systems relied on trusting a single issuer. What if we rely instead on many issuers? github.com/WebOfTrustInfo…