Why I worked on CoinValidation

If you’re unfamiliar with CoinValidation, that about sums it up... It was never clear to begin with. There are several reasons for why it’s not straight forward, and below I’ll attempt to sort it all out. First let me say the following:

CoinValidation.com was an attempt to innovate in what we thought may be the most controversial side of Bitcoin; the identity layer. It is not a specific technology, the idea of whitelisting/blacklisting/xlisting whatever is totally off-base and was a rumor. Here is what CV really is:

It’s a thinktank.

It was an attempt by a small group of people to solve one of Bitcoin’s largest problems: no one was creating new technology in the identity layer of Bitcoin. We did not specifically want to endorse or profit from some piece of tech like blockchain analysis or whitelisting, etc. We simply wanted to explore what was possible. We found some interesting things, like tech that could reduce the risk of privacy loss in the standard KYC model. But that all went unheard because people thought we were trying to hurt user privacy or to affect fungibility.

People thought that we were building a for-profit startup focused on selling tech and user data wholesale... In fact, we were trying to do the exact opposite of that. It could best be described as a thinktank for the KYC and regulatory side of Bitcoin - which we had become familiar with during our time at Bitinstant.

Some of the ideas we explored and want to continue to explore:

  • How can Bitcoin companies comply with US regulations from a legal/tech standpoint?
  • What can Bitcoin companies do differently vs. typical financial companies, but still be compliant?
  • What is possible with blockchain analysis?
  • How can Bitcoin companies communicate patterns of fraud to each other?
  • How can ownership of assets be proven?
  • Can something like the MIT PGP database exist for Bitcoin addresses?
  • Is it unethical to build technology that enables Bitcoin businesses to tie into legacy systems?
  • How sensitive is the Bitcoin community to a group of people experimenting with what’s possible?

Here are some of the realizations we’ve had in exploring the above questions:

  • We facilitated the first underwriting of a mortgage to a bank as a proof of concept.
  • Bitcoin companies can comply with the regulations, and yes it is very limiting.
  • There are sophisticated ways that Bitcoin companies can communicate fraud patterns to each other.
  • That kind of communication could prevent another Mt. Gox type of failure, which is inevitably going to happen because it is not being addressed.
  • Blockchain analysis can be really scary.
  • Bitcoin is not anonymous in most contexts.
  • We designed a new way of hashing KYC data so that five points of attack can be reduced to two.
  • We found ways for companies to satisfy BSA requirements without having to store or transmit user information.

We stopped working on exploring these concepts because

A) No profit model translates to no funding. B) The community tried to burn us at the stake, hence no funding. C) I realized that I am not the best at public relations, and it's hard to convey what I want to convey.

I continue to work on innovations on the regulatory front, but for obvious reasons - not at the level I probably should.

Still, here is what I believe is possible for companies:

  • Satisfy regulatory requirements here in the US if they want to.
  • Do it in a way that risks user privacy much less than what is currently in place in the Bitcoin ecosystem.
  • Have a system with less fraud, better consumer protection and AML, and less privacy loss than what exists in traditional financial AND current Bitcoinland.

Now the fact that it is possible  - doesn’t mean I’m endorsing it. Working with regulations here in the US is not some lofty philosophical decision for me. Businesses are going to work within that framework regardless of my thoughts on it because that is what the market will dictate. I’m simply trying to help navigate that landscape responsibly... Even though my personal philosophies are often in line with those of libertarianism.

People are going to buy their Bitcoins in the most efficient and effective way possible to them. The path the masses take to acquire and use Bitcoins will be the one which has the best user experience, closely parallels what they are used to, and costs the least. The masses don’t care about Ayn Rand or crypto anarchy.

We can push the boundaries of what is possible if we can stop fighting and solve real problems. Problems like this:

  • Why are users giving their KYC information to shady companies?
  • Why is the community trusting $700 million to one dude with an exchange written in PHP in Japan?
  • What is being done to prevent that from happening again?
  • Why is multi-sig not in full effect on every wallet valued greater than $1000?
  • Why is the community already satisfying most of the regulatory requirements, kicking and screaming that they exist, and then doing almost nothing to realistically change it?

Real change takes real work, and it’s not going to get done if the people innovating are ostracized for thinking outside the box. Creating real change is a massive undertaking. The challenge of navigating the Bitcoin legal landscape is going to take a lot of hard work and cooperation. Please feel free to comment with your questions about regulation here in the US - we have a lot of experience in this space and want to share what we’ve learned.

Of course CV failed at reaching minds with what we thought was very important information. But failing is how we learn sometimes, and I'm grateful that there are those in the community who see that what we work on is valuable. Thank you.

How Many Eyes Are on the Books?

Echoing the sentiment of Ryan Straus (Ridell Williams); the overarching issue at the forefront of Bitcoinland is that Bitcoiners place a lot of trust in individuals and organizations. That’s not to say placing trust in people and institutions is always a bad thing, but that trust needs to come with safeguards. The recent events at Mt. Gox are an articulate illustration of those challenges. For years, Mt. Gox was a mainstay of Bitcoin. Gox allowed many people to get involved in digital currency with ease and relative security. We can thank Gox for much of the early adoption and infrastructure of the community. Ultimately the trust was betrayed. We saw technical glitches, a lack of communication, and wild levels of volatility.

Most of this could have been prevented with solid tech, transparency, and outreach. Still, I subscribe to the idea that Mt. Gox has given us a great gift. We can learn from their shortcomings and reference their successes for the next level of Bitcoin infrastructure.

Having developed software for a while, my greatest lessons draws from moments of failure. There have been amazing tools developed purely from breakdowns in software. These tools help us prevent, detect, resolve, and communicate about technical issues which naturally and inevitably evolve. I believe 2014 is a year where we can build some of those tools for Bitcoin.

The tools the community most needs to focus on are:

Triple-entry accounting: While this term is somewhat vague, I envision it as a method for reconciling a company’s books. In essence, you could assign a Bitcoin address as the holder of funds for the traditional double-entry accounting verticals. Operating expenses, accounts receivable, salary, investments, etc. could have dedicated Bitcoin addresses for the inflow and outflow of funds. This would make it much easier to visualize funds flow both internally and from the perspective of an outside auditor.

Ledger transparency: This piggybacks off of the idea of triple-entry accounting. I half-jokingly tweeted that managers of the future will be able to crowdsource peer-review of their records. For many organizations, like non-profits and publicly traded companies, stakeholders want transparency but the presentation methods are fairly analog. The idea is to digitize all of an organization’s fund flows, and make it available on something like the blockchain - so that people who know the correspondent Bitcoin addresses could verify that financial statements are accurate.

The implications of this are far-reaching, and an understanding of how it would play out practically are to be determined. Many people would prefer to invest or donate to an organization where the financial representations were accurate. The existence of ledger transparency is inevitable simply due to the competitive advantage. The upside for the organization is increased efficiency and reduced cost for auditing, as well as a lower risk of financial inaccuracy. People want to know “How many eyes are on the books?” The answer could soon be “Everyone’s.”

Full-Reserve Bitcoin Banking: We have the technology to prevent fractional reserve of our assets. This is the cutting edge of Bitcoin security. It’s shiny, it works, and not enough people / organizations are using it. Existence and placement of assets can be cryptographically proven and movement can be restricted with extremely granular configurations (multi-sig.)

Insurance: When all else fails, there is insurance. A Bitcoin depository institution could have an extremely secure system of storage. Risk could then be calculated and deposits insured.

Modularization: In the financial industry, there is a great deal of modularization. It is imprudent to have a single entity act as a depository institution, clearinghouse, order-matching exchange, and auditor all at once. These tasks can be separated for increased efficiency, reduced risk, and greater scope-precision. This is important for three reasons:

  1. It is easier for business operators to build smaller-scope products.
  2. When one of those competing products fails, the entire system doesn’t halt - it is swiftly replaced.
  3. Maintenance of a module does not require system-wide downtime.

Granted, the financial community has had several hundred years to evolve to the point of efficient compartmentalization. Fortunately for Bitcoin, most of the work has been done and we simply have to parallel many of the models that exist. We can even step it up a notch with transparency and decentralization of trust.

It is important that we remember the spectrum of what we like in principle and what is possible today, this week, this year, etc. It is going to take some time to revolutionize finance with the power of cryptography. We are still waiting for sweeping changes to happen overnight. It’s been 5 years, and we’ve resigned to working on what is practically achievable in experience-based timeframes. The items discussed above are our goals for 2014. Our focus is on the option of transparency, importance of choice, and the obsoletion of coercive trust.

(1) “If I own several pounds of gold, I may not want to keep all of it in my home.” (2) CoinApex.com has taken initiative to implement TE accounting for one of their companies as a proof of concept. Research is ongoing and results will be shared by year-end.

Syndicated from http://hub.playerauctions.com/alex_waters-bitcoin-eyes-on-the-books - on March 7th, 2014

Bitcoin is just the beginning

4:50am Saturday June 7th 2014

It’s been about 5 years since I first heard about Bitcoin. I was recently asked how I fell into Bitcoin, and I thought for a moment - can I remember?

It was vivid. I read the white paper, sat for a few moments and read it again. After finishing the second time, I paused. Because I had realized the simplicity and sheer power of a new concept. A concept where I was surprised for humans having not invented it earlier.

Here is - in my opinion - the entire premise of Bitcoin:

  • Pretend a town has one cart that people borrow to move things.
  • There is a piece of paper in the middle of town where the last person to have the cart has to write down who they give it to.
  • The piece of paper serves as a record of who possessed the cart at a given point of time, who they received it from, and who they gave it to. It also shows the creator of the cart, and the last person to hold it.

This allows the town to keep track of the cart, so that if it goes missing, or a piece is broken, there is a record of who is responsible.

With Bitcoin, we can facilitate this piece of paper on the internet. Except that the town is the world, the cart is a representation of all things which have value, and the person is everyone who wants to participate (including, maybe, the robots.)

We have explored the power of this concept over the past 5 years, and it has led to an 8.5 billion dollar ecosystem.


What’s remarkable is that the ‘Bitcoin’ people are familiar with (the one we hear about on the news) is just the first experiment. It’s the first interesting thing we tried doing with the above simple but powerful concept.

There’s a great deal more to come... instead of the cart representing cash, it could represents votes. It could represent identity, data, friendship, cars, pickles, vaccines, ideas…

At any time anyone with internet access could see how their government was spending taxes. They could see this without giving away their personal privacy. People could vote and it would matter. They can vote to require governments and corporations to reveal themselves perhaps without individuals needing to do so. They will enforce those votes because the natural course of this new system is to give control back to distributed consensus.

Digital currency allows me to purchase yogurt from an autonomous yogurt shop. The yogurt shop has no one owning it, it is a piece of code. It can buy supplies, repairs, ingredients, and pay its taxes without human involvement. It can buy additional property and replicate itself if it is profitable.

What if this future is inevitable and it is our generation's job to reduce the amount of time it takes to reach fruition.

The decentralized public ledger solves one of the ancient problems. The problem of how a community organizes itself past a size of ~150 individuals.  Keep an open mind, we may have just solved it. And don’t worry, it’s not some orwellian or huxley future. It’s not terminator 2 with us vs. the robots. It’s a force which decimates centralization through competitive advantage and redistributes value to the masses. It’s math, it’s beautiful, and I’m up until 5am writing about it.

Check out getkelvin.com
My Twitter: https://twitter.com/watersNYC
Ethereum: https://www.ethereum.org
Bitcoin Reddit: http://www.reddit.com/r/Bitcoin


Getting back into code

It's surprising how quickly I forget how to move around in code. It is nothing like riding a bike (which I also don't do as much as I should.) After spending a few months away from PHP - I suddenly have two projects where I am working exclusively in it. There's something magical about sitting in some new code, solving problems and listening to good music.

I have a lot of catching up to do. I learned about latent static bindings a year or so ago but I totally forgot how to use them. I literally have an empty database_object include in all of my projects. #wishfulthinking

Not to mention, 5.4 being released and I haven't even checked out the changelog.

Another tidbit of "entrepreneurial freedom" aka I don't have a corporate job right now:

I  have been catching up on the free crypto class I missed earlier this year. Dan Boneh has put together an excellent course on cryptography - you can find it either on Youtube or at the Coursera site (requiring a free sign-up). Some of the topics and explanations are math-intensive. Although, even the novice mathematician can follow the over-arching theories and bird's eye explanations.

One advantage to taking the Coursera class (as opposed to YouTube) is that it pauses for the Q/A section of every lesson. It's such a good feeling to get correct answers on such a complex topic - especially when you haven't touched discrete probability in over 5 years.

I can't take credit for getting the correct answers though. Prof. Boneh does such a good job of explaining the material. It's easy enough to get a few answers right. A lot of the notation escapes me, but Prof. Boneh waters some of that down to plain text.

If you're mildly interested in cryptography but don't need a Stanford-level education in it, at least check out this one video on crypto history:

If anyone is interested in taking the course and wants to discuss some of the topics - please let me know. The YouTube comment section is surprisingly vacant.

Edit: I forgot to mention that (redacted) is in the process of becoming an LLC (finally) and I can officially call it (redacted). This is a very exciting milestone for me - but is probably meaningless to all other humans.

Having an identity online is hard and the fear of being exposed is in your head.

TLDR; I give my experience with online identity and ideas as to where it is headed. Over the years I have held several monikers on the Internet. Not only is it easy to conceal an identity but it is seemingly encouraged by various registration forms. The simple absence of Your full name: as a hard requirement panders to people's creative expression.

Until recently, the masked Internet was thriving and mainstream. I say until recently with reluctance. There is still a thriving anonymous community but the majority of people (on Facebook, Twitter, Google) are using their real names to identify themselves.

People going by their real names online used to be rare, especially in online social interaction. The concept of using your real name online wasn't bad - it just wasn't necessary.

For many of the pre-social network internet inhabitants (irc, aol, usenet, hackers, 3l33t, etc.), having an identity online tied to 'real-life' was an offense. When social networks embraced and required the use of real names, there was somewhat of an outcry.  It was an affront on one of the core positives of the Internet; the freedom to express oneself.

Having a username like th3j35t3r or TimBL up to 2004 almost guaranteed anonymity. It was fairly easy to sterilize one's online identity from the day-to-day family and social life. If you said something controversial online, it didn't echo out into reality.

The computer was essentially a black box where anyone could be and say whatever they wanted, with no consequence. A passionate secret for the technically inclined and a preservation of self. For many it was 1984's hidden notebook.

That snapshot has changed, and online identity is now a complex and mysterious subject.

For the majority of people, having an anonymous identity is emotionally rewarding. It isn't a serious security precaution or a preventative measure arising from paranoia. It's a luxury pair of sunglasses and not a Kevlar vest.

I wear those sunglasses and occasionally I see people wearing the vest. (I have also tried to wear that vest but the weight of it is annoying when I know my head's still exposed.)

Having a purely anonymous identity online is harder because tracking people is easier. A relatively inexperienced geek can find out who someone is without writing a single line of code. Root passwords to secure systems can be obtained via social engineering. Cookies, analytics, cross-site tracking, persistent multi-site sessions, etc. have made it incredibly difficult to have any control over who you are online. It sounds pretty bad for securing information, let alone identities.

Being anonymous was great, until I wanted to do some online banking...

This isn't a doomsday manifesto. Today, being controversial or outspoken is fortunately passé. Facebook has made us all a little more accepting of everyone else's crazy.

As much as we're losing anonymous, we're gaining acceptance of transparency.

So there you have it, a glimpse into my conscience - online and transparent. Fortunately for me, no one reads it - so I don't fear being judged. (I track my readership with Google analytics)

As for the people that wore Kevlar vests: they've just had to spend a lot more time building better vests. They now build and sell the vests. My point is that if you want your  pseudo-identity to be really secure these days; you had better devote your career to it or pay someone that has.

We could also accept that there is no such thing as an unbreakable safe and that most people don't care to read our diary anyway. We're too busy reading Aldous Huxley's wiki.

How to: Dropbox

So I just uploaded a video to show people how to download and install Dropbox:

I just wanted to add a post to my blog to cover some additional information that people might find useful. So here are some key points I wanted to make:

-It's free to use and easy to install. -Dropbox can be used to share and sync files between two or more computers. -Files can be added to the Dropbox/public folder to make them public. Right clicking on the file, and selecting Dropbox->Copy public link will give you a link to the file (which you can give to anyone wanting to download the file.) -It's supported on Linux, Windows, Mac OSX, Android, and iPhone/iPad.

So this is my first software how-to video, and I plan to do many more. I'm going to try to knock off the easy ones first. This way my video editing/voice over techniques will be up to snuff by the time I do the advanced videos.

Here is a selection of some of the videos I am planning (there are many more in my lists):

Software -How to: Sync your keepass across multiple computers -How to: Install virtual box with Ubuntu natty -How to: use Google Analytics -How to: use Google Plus -How to: use Git

Hardware -How to: install RAM -How to: apply thermal paste to a GPU -How to: replace a hard drive in a laptop

If you have recommendations for additional how-to videos, please feel free to comment here or on my YouTube.

Geocities - so many memories

Probably one of the earliest catalysts to my development as a web development professional, Geocities has finally come to pass. Hearing this news feels like I just threw away the training wheels I kept in my attic for the past 17 years (I don't). Geocities began its adventures in 1994 and quickly became the first place for internet users to have their own "webpage". The blogosphere is probably the 4th or 5th evolution from those humble beginnings.

I get nostalgic remembering my first lessons in HTML and how I had no idea that today I would be blogging in my underwear surrounded by empty caffeine vessels.

Geocities, I'll miss you old friend.