HomeBusinessPersonal Security
Archive

Cryptography and cybersecurity are embedded in the fabric of blockchain technology. One of the main breakthroughs of blockchain tech is the way information is secured, authenticated, accessed, and transferred. This is different from

The development and enhancement of Decentralized Exchanges (DEXes) are essential for the survival of digital assets

On September 11, 1714, the Siege of Barcelona ended the War of Spanish Succession. Catalonia was to give up its autonomy to the hands of the Spanish. The name of Catalonia lived on for centuries in the hearts of the defeated, leading to an attempt to break away once again in 1939. But on January 26, 1939, Barcelona was once again captured by the Nationalist Army of Spain, and the left-leaning, anarchistic Catalonia Offensive was to submit once again to their conquerors. Yet to this day, the self-proclaimed autonomous state of Catalonia will not give up the fight to secede from Spain.

Hacker's Congress in Paralelni Polis saw speakers such as Peter Todd of Bitcoin Core and Amir Taaki discuss a range of topics from bitcoin technicalities to the applications of bitcoin on libertarian ecosystems.

This is re-published from Jonathan’s personal blog – last updated September 29th, 2017.

TL;DR

Coinomi doesn’t use SSL for their communication from their Android app to their backend servers. When you open the app, all of your wallet’s addresses are sent in plain text across the internet. Luke Childs noticed and pointed out the glaring security/privacy issue politely via GitHub. Coinomi refused to admit it was a problem. Twitter, Reddit, and GitHub hilarity ensued.

Screenshots

Coinomi appear to be in disaster recovery mode and are deleting public comments. Don’t worry though, Luke and I expected this, so we took screenshots of everything and made snapshots of the GitHub issue on the Wayback Machine , so you can see what was deleted so far and if they delete anything in the future.

Disclosure Timelines

All times in GMT

  • 16 September 2017 @ 19:30: Luke posts the issue on Coinomi’s Android repo with the title “Use SSL for Electrum nodes” (later changed by Luke to include “Security Vulnerability: “, and then by Coinomi to the title below):Initial GitHub Post
  • 18 September 2017 @ 10:27: After not hearing anything for over 24 hours, Luke directly tags Coinomi’s CEO and CTO in the GitHub issue (this generally sends a notification, but that can be disabled):GitHub Comment Tagging Contributors
  • 25 September 2017 @ 20:48: After still not hearing anything, Luke reaches out to Coinomi on Twitter.Tweet to Coinomi
  • 26 September @ 16:24: After waiting for 11 days with no response from Coinomi, Luke posted on Reddit to warn the general public that Coinomi is not using SSL to communicate from the Android application to their backend servers. That is, communication with the server is being sent in plain text:Initial Reddit PostGitHub Reddit Release Comment
  • 27 September @ 00:17: I post Luke’s Reddit thread on Twitter, again warning the general public that Coinomi wallets are insecure:Initial Twitter Post

Coinomi Respond – Hilarity Ensues

Editor’s note: right click + open image in new tab to read text clearer

  • Rather than admit they made a mistake, thank Luke, and fix the problem, Coinomi go on the offensive. My response to their handling of the issue started out like “wat”, moved to “they can’t be serious”, and settled at “this is insanse – they’re committing PR suicide”:
  • Let’s start with the wat:Twitter 2
  • Then we move swiftly onto “they can’t be serious…”:Twitter 3Twitter 4Twitter 5Twitter 6
  • If you thought this was bad enough already, it gets worse. Coinomi say publicly that it’s not bad privacy to leak your wallet addresses:Twitter Privacy
  • They try to distract from the issue by saying it’s not all of their wallets that have this issue… just 87+. To quote Luke, “They weren’t even saying the ETH wallets didn’t have the issue, just that they weren’t running on ElectrumX on the backend. It was just a snarky remark that had nothing to do with the issue whatsover.”:Twitter Distract
  • They have the audacity to ask Luke for an apology. I’m still in my “they can’t be serious” stage by the way:Twitter Apology
  • Then they went full retard. This is the “they’re committing PR suicide phase”. They implied that Luke is “hating” and that he is a “shill”. Luke is super entrenched in the OSS world, doing the majority of his work for free. He’s the least shilly person I know. Luke’s response is great:Twitter Haters
  • And soon enough the public caught on to what Coinomi was doing after I posted a screenshot of the initial disclosure:Twitter HatersTwitter PublicTwitter PublicTwitter PublicTwitter PublicTwitter PublicTwitter PublicTwitter PublicTwitter PublicTwitter PublicTwitter PublicReddit PublicReddit PublicReddit Public
  • My personal favourte:Reddit Public
  • At some point along the way, I realised that Coinomi are based out of the UK, and had flashbacks to my data breach training at corporations whilst working there. I’m not 100% on this (I Am Not A Lawyer – IANAL), but I’m pretty sure in the UK that you have 24 hours from realising there’s been a security breach to report it to the UK’s ICO (Information Commissioner’s Office). Again, IANAL, but I think they might have refused to acknowledge this as a security concern for liability reasons. What adds evidence to this is that both myself and Luke were quite prompty blocked after this tweet:Twitter Data BreachTwitter Data Breach
  • Maybe because:Bugs Meme

There are more hilarious comments from both sides, but I’ll leave it at that because it provides more than enough context/background to continue. Let’s move on to why all of this matters from 3 perspectives: security/privacy, legal, and general corporate behaviour/image.

Security and Privacy Concerns

Cryptocurrency users have the right to keep their public addresses private. Due to the lack of SSL, all of your Coinomi wallet addresses are broadcast in plain text whenever you so much as open Coinomi on your phone. You can get around this by using a VPN, but you shouldn’t have to in the first place – the functionality needed to keep things private and secure is already integrated into the open source software that Coinomi is using on their backend servers. They literally just need to create a certificate and wire up the config settings. That they haven’t just done that is shocking! Any competent sysadmin/devops could have this resolved in under an hour. Again, the time and cost to fix this is infinitesimally small. As you can clearly see from the screenshots above, the people have spoken on this one – whether Coinomi want to admit it or not, this is a huge privacy and security concern for their users.

Legal Concerns

Disclaimer: I am not a lawyer. This is just my interpretation of things. Happy to edit if anything is wrong/misleading:

In the UK, when data has been leaked and it’s your company’s fault, you have to report it to the ICO (Information Commissioner’s Office). You generally have about 24 hours to report from the moment you realize that a “data breach” occurred. If Coinomi refuses to acknowledge the leak, they might be able to skirt around this law. Publicly admitting that data has been leaked would be quite a liability for them. I think this could be the reason that they acted so strangely about everything. Data protection laws in the UK are quite strict, and if you run afoul of them you end up in a whole heap of legal issues. Again, I’m not a lawyer, but I can’t think of anything else to explain their bizarre reaction to their community trying to make their platform more secure.

It’s worth noting that the ICO states SSL configuration issues are frequent in their data breach investigations:

ICO SSL

Corporate Behaviour Concerns

The Tweets speak for themselves. This is not how a responsible corporation deals with a security concern or treats their users generally. The Tweets they came out with came across to me and many others as extremely childish, which is not the attitude I want in a company that creates software that literally holds my money. Coinomi really need to clean up how they do deal with the public. The people that do it for them now are clearly not well trained enough for the job. They also have no way that I know of to report security vulnerabilities, which is a bit concerning considering the type of software they make.

As of writing (29 September 2017), Coinomi still haven’t admitted that this is a problem and have provided no ETA regarding when it will be fixed.

Open Source Concerns

Coinomi market themselves as an open-source wallet, but they are clearly not:

Google Open Source

HTML Open Source

The title of their site literally says Coinomi is an open-source wallet, but their Android source code hasn’t been updated in months (although newer versions of the app have been released on the Google Play Store):

  • Last Android Update

Even more worrying is their attitude towards OSS as a whole:Open Source Position of Coinomi

This is not how open source works. They also use open-source software to support their platform, and they may be running afoul of these products’ licenses. I’ve not had time to properly dig into this, as the main issue I have is with Coinomi’s handling of the SSL incident, but perhaps an open-source buff can take over the investigation on this front and see what else Coinomi have managed to make a mess out of? If you uncover anything and don’t have the time to write about it, feel free to pass the information over and I’ll make sure you get full credit for everything I publish about it (or not if you want to remain anonymous).

A Personal Note About Luke

Luke is one of the biggest OSS buffs I know. Just check out his GitHub, it speaks for itself. For example here’s his PR to add RFC-compliant caching to an OSS project that gets 8 million downloads per month. These are not small, insignificant things he’s doing. He genuinely cares about OSS projects, and often fixes issues in projects himself, but in this instance he couldn’t because Coinomi’s code isn’t open source. He cares not only about the code he writes, but also the community that uses that code as a whole. That is why he responsibly reported this issue to Coinomi, and is also why we later pushed the issue after getting no response. There has to be people like Luke out there checking that things are actually done securely and follow best practices. Luke should be thanked for that by Coinomi and the community as a whole. We need more people like Luke. He spends the vast majority of his time working for free. He didn’t ask for me to put this in here, but I think we should all show him our support in order to encourage this behaviour in others and to thank him for bringing this to our attention. Here’s one of his public Bitcoin addresses: 1FT2kF87rWxn2mvQViW14BvuXFb1MSyRAR. When I asked him for it, he literally said, “oh… I didn’t even think of that.” That’s who Luke is.

Although the majority of Luke’s time is spent on open-source projects, he does occasionally do freelance work so he can buy food and pay his rent. If you’re interested, you can contact him here for work requests: lukechilds123 {at} gmail com.

Contact Me / Follow Luke

Luke uncovered this and did all the real work, so let’s put him first. If you like what he did and want to show your support, feel free to follow him on Twitter.

Like the post? Follow me on Twitter to hear about when I post more stuff. Do you disagree with any of my sentiments? I’m always willing to listen to counterarguments. Feel free to either Tweet me publicly or DM me privately.

Hacking and cyber-attacks are an issue more than ever.

Almost everywhere you turn in the papers, you read about a hacking event against some major corporation.

Half of the US population was compromised in the Equifax hack, the SEC is admitting  to a massive EDGAR breach in 2016, and Deloitte’s recent hack now appears far worse than initially though.

As hackers continue to make inroads into most security platforms, and costs for services like DDoS mitigation and CDN hosting continue to increase, it seems that the internet world is in need a of a new and better solution, and blockchain may be the answer.

Yes, in blockchain we’ll trust when it comes to the future of cyber security.

Problems abound

One very effective hacking process is called a distributed denial-of-service (DDoS). During a DDoS attack, a pool of compromised computer systems attack a single server or network. The compromised source machines inundate the victim with requests and packets which eventually overwhelm the processor. The ensuing shut down results in a denial of service to legitimate consumers.

Traditional software platforms for stopping DDoS attacks are often unable to cope with the massive amount of data since, after one system is breached, others will follow quickly. Traditional DDoS platforms are forced to control the massive data stream from an increasing number of machines and therefore often get overwhelmed.

Additionally, CDN services can be very costly and often glitchy. Traditional systems are limited in their approach and feasibility, and can be incredibly expensive, depending on service quality.

Most services provide companies with location-specific servers globally, in order for access to the site from any machine can be relative quick. These traditional platforms can be extremely costly because of today’s data-rich website expectations, since such services charge per GB. Large web traffic can cost companies millions in hours.

Enter blockchain

Blockchain technology is creating a new way to stop DDoS attacks, while at the same time changing the way CDN services are offered. This is being done through decentralization – or the process of moving information onto many participating machines within a connected database environment.

There’s no question that blockchain technology is disrupting industries, and the next one might be cyber.

Gladius, a blockchain-based cyber security platform operating out of the US, is preparing to offer this type of decentralized system. The aim is to pool unused bandwidth among participants, creating a decentralized CDN and DDoS mitigation system.

The company will use underutilized bandwidth to end DDoS attacks and accelerate websites. In other words, users will be able to rent out their bandwidth, get paid for it and help protect and accelerate websites.

Gladius uses the most important aspects of traditional DDoS protection software—bandwidth and data management–while providing superior protection and CDN services at more reasonable rates.

How does it work?

Gladius has created specialized distributed platforms that serve dual functions.

First, protection is offered from DDoS attacks by functioning as a marketplace that provides the creation of programs suited to individual needs. Then, Gladius allows users to monetize their unused bandwidth to create massive bandwidth pools that are more than capable of handling the flood of requests and traffic that mark a DDoS hack.

In contrast to traditional platforms, Gladius provides direct contact with end users and internal developers meaning that those wanting protection can have customized security developed and managed within the platform.

Furthermore, since Gladius’ desktop app lets participants rent their unused bandwidth, rewarding them with Gladius tokens, users can pay these tokens for protection–or can instead begin to develop their own personal bandwidth pool. Blockchain technology means that every transaction within the ecosystem is a public record. Consumers can know immediately whether their purchase is fair.

Finally, Gladius allows users to see their web traffic real time. The source, volume, and speed of all data is displayed and can be analyzed. In this way, content can be easily controlled.

The flipside: pooling bandwidth for effective CDNs

The substantial number of consumers monetizing unused bandwidth within the platform allows the company to create CDN services through the network. Without the centralized hub, costs are far more aggressive and affordable.

Further, decentralization means objective pricing and simple interaction between buyer and seller in both service platforms. In traditional DDoS and CDN services, centralized corporations charge huge fees to keep their services maintained and functioning. These companies must maintain processors, storage, and bandwidth, and so they pass those high costs on to consumers along with profit margins rolled in. And even with these costs, results are spotty at best.

With a decentralized platform, though, costs can be distributed and services tailor made for each customer. Complete accountability creates a genuinely fair, free market platform for CDN services. Gladius’ sale launches officially on November 1st (presale is happening now) and will continue up to a month, depending on the first round results. The platform beta is scheduled to release Q1 2018, and the full release is scheduled for Q3 2018.

A $4,300,000 USD (1000 BTC) wager has formed between Charlie Lee and co. versus Roger Ver in an unprecedented event where both parties are putting money where their mouth is on the Segwit2x debate.

Background

For anyone out of the loop, the most contentious issue to date in Bitcoin politics is the Segwit2x hardfork that is looking to occur in November. To get further context on the scaling debate, you can read this summary titled “The What, Why, and Who of Segwit2X (for noobs)“.

As for my own perspective, you can read the words framed perfectly by Bitcoin developer John Newberry:

This is also the view of people who have spent more than a couple of hours educating themselves on Bitcoin’s unique value proposition (hint: “evolving” into Paypal 2.0 is not part of it).

With further developments, Crypto Insider aims to cover Segwit2x in more detail. But for now, let’s get to the multi-million dollar wager.

~$4.3M USD on the line

The wager began when Charlie Lee made a public call-out. The founder of the Litecoin project, and a major proponent against S2X , came up with an ingenious way to add some skin in the game:

This was perfectly timed. Up to this point public discussion across Twitter, Reddit and Bitcointalk was becoming increasingly muddied with useless noise from both sides of the debate. This wager offers an opportunity for the respective parties to add skin in the game and turn this debacle away from polemics and into action. What greater form of signaling exists than with your wallet?

If the respective mouthpieces are aligned to their causes, this is an easy wager. Jeff Garzik (arguably the sole publicly dentifiable developer pushing for Segwit2x) stated the following prior to Charlie’s challenge:

If this is his belief (and not a paltry attempt at spreading unsubstantiated FUD), then taking this trade would:

1. solidify public confidence in the S2X fork (or “upgrade” as they like to call it)

2. be incredibly profitable

However, there was no response to note from Garzik. Nor Voorhees and Silbert for that matter. Instead, we had a surprise entrance from Bcash proponent Roger Ver:

The vitriol was palatable from the normally diplomatic and smooth-talking Roger Ver. He claimed that only an “economically illiterate” (Roger’s words) person would support Bitcoin vs the irresponsible, rushed and centrally-decided “upgrade” that is S2X (my words).

Charlie’s response:

In addition to the initial rapport between Charlie and Ver, others reportedly joined in to make it a 1000 BTC (~$4,300,000 USD total) bet.

Here’s the summary posted by Ver:

Segwit2x gamble

Screenshot captured on Sep 30th, 15h30 GMT

Kudos to Ver for stepping up and taking the trade, but all this shows is intent. An attempt to turn what would be a PR disaster for anti-Bitcoin proponents (Bcash and S2X) into something positive.

This also leads to some questions on where the intentions of Ver and co. lie. What function does Bcash serve if the S2X coin relieves the commonly-held argument of fee pressure (for the time-being at least)? The more interesting question is: do Bcash and S2X serve the same function (attempts to “take control of the network. take control of the name Bitcoin“). That’s for another post though!

Back to the topic at hand, ultimately the wager is meaningless until intent is codified and made binding. Let’s get this show on the road – put the wager into a smart contract with smart dispute resolution. Or do it with a cryptographically enforcible atomic swap. (don’t ask me about the technicalities, just do it!).

Until then, there’s only the reputation of public figures on the line, and that doesn’t mean much with how quickly previous misdeeds are forgotten by parts of the community.

Edit Sep 30th, 21h40 GMT: 

Trace Mayer, major Bitcoin investor, wants to up the ante. He feels that 1000 BTC doesn’t represent a significant enough portion of Roger Ver’s holdings to constitute as skin in the game. He’s looking to raise the stakes 25x to make it a “cool” 25,000 BTC (~$108M USD). 

Edit #2 Sep. 30th, 22h00 GMT:

Roger Ver begins to establish plausible deniability for backing out of the escalating bet. He calls the idea of using atomic swaps to make the wager binding in code “retarded”. 

Keep watching this space to see how it continues to unfolds!

Author’s preface: This became much longer than I originally planned. There’s a lot of information here that is definitely worth reading, especially if you’re new to the community. Whether you already agree with me or not, I recommend reading this so you can pass it on to future members of the community. They are the most important ones that need to see everything I’ve referenced below. Not us. Because this won’t end. #NO2X

Re-published from Medium.


“I don’t post on Reddit” was my unofficial motto while browsing Reddit, until one day I was compelled into lecturing some person over why our grandmas won’t be securing their own private keys.

“I don’t post on Medium” wasn’t even a motto of mine. Developers post on Medium… right? People ‘involved’ in this space post on Medium, and I’m nobody… right? I don’t code, I don’t have a name, I don’t have a following, and I constantly make mistakes attempting to understand or explain the protocol to other people. I’m just a user

“Wait, hold on, what is he talking about? What is ‘posting on Medium’ even supposed to mean?”

Everyone

You’re right. The fact that I’m posting on Medium means nothing. It’s just the name of a website, with features that allow me to represent myself in the way I wish to be represented in this moment. Therein lies the underlying topic at hand. I said “Medium” but what I meant was the avenue that Medium happens to provide for me at this moment.

“Why is this significant?”

Probably Everyone

Allow me to reiterate: said Bitcoin, but what I meant was the avenue that the current state of the protocol many of us refer to as Bitcoin happens to provide for me… as a user.

We’ll get back to that later. Anyway…

Bitcoin maximalists will say Bitcoin only works if most people run full-nodes.”

It’s a great endeavor, and I wish them the best of luck, but I personally don’t see our grandmas running full-nodes. What percent of the total population are grandmas? By the time they’re all running full-nodes we’ll all be assimilated into the singularity running our spinal-tapped full-nodes over a wireless decentralized global Internet. Sounds like fun.

 

This picture serves no purpose other than to not dump you with a big wall of text.

Can you personally envision a world where most people run a full-node? Elaborate on the intricacies of your mother’s day-to-day life while she runs a full-node. Tell me everything she did in a single day, and where was the full-node in these situations? Did she bring it with her to go shopping? What is “most people”? 51% of 7 billion? 90%? Are we including children in the total percent? Does this, or does this not count all the automated robots that will be walking around with their own full-nodes built into their [bio?]mechanical bodies? The most plausible scenario for the near future circa the “mass-adoption tipping-point” is one on every persons phone. Is that really secure? Who’s building those clients? Will Apple have their own built-in-walled-garden hardware version? Will they point all those built in clients to a seed node on their server? What implications would that have? Is it really even plausible?

All of those questions are legitimate questions, but while they are legitimate, they are a distraction, because having as many full-nodes as possible is imperative to Bitcoin, and focusing on the numbers completely misses that point.

Well, actually… no it’s not. It’s imperative to me, it’s imperative to most of community, and it’s imperative to most of the developers paving the way for this technology right now. The Bitcoin doesn’t care.

Clearly it’s not imperative to some people. Not to a select few developers, or to some of the people who invested early and already got rich, or those who happen to be successful at marketing themselves out to be important. It’s also not imperative to the Ethereum community, but let’s hold off on that until later…

See how they attempt to differentiate between full-nodes that mine and those that don’t? Through misinformation, and use of the tactics I used in the earlier paragraph (asking legitimate, but redirecting questions), they’ve been successful at garnering a following, and full-nodes are not imperative to that group that follows them either. We’ve all heard the Satoshi datacenter quote ad-nauseam. Have you heard it yet?

I’m sorry, but Satoshi isn’t a god, and nobody is perfect. It’s easy to quote an individual for your cause when you know they can’t clarify their opinions in an updated context. Satoshi didn’t predict turning all nodes into a payment channel network (although he touched on the subject in correspondence with Mike Hearn). Every major cryptocurrency is adopting payment channel technology, but you still see these propaganda pushers try to knock down the technology in the name of The Bitcoin:

Can anyone source this? I tried, I can’t. Maybe it was paraphrased to fit 140 characters, maybe Vitalik said something else and Ver molded it into something he never even meant. Maybe Vitalik deleted it. Even if he did, maybe he changed his mind:

Notice the dates on those posts? Roger Ver knows full well about the Raiden Network (Ethereum’s Lightning Network) and Vitalik’s support for it, yet he still uses quotes older than (presumably) 1.5 years ago, to instill this nonsense into the minds of the constantly growing set of new & uninformed people joining this community. This type of propaganda isn’t going to go away. Did you notice the ‘Pro Bitcoin Unlimited’ tag I have for the user in the old Bitcoin-XT subreddit? Same campaign, different flag: Take control of the network. Take control of the name Bitcoin.

This is an ongoing propaganda campaign that needs to constantly be shot down. New people coming into the community don’t know the history, they don’t know the ideology, and they don’t know about the reoccurring tactics these groups use.

Here’s a great one from the famous “I’m Satoshi” fraud:

Like the caption says, he made that picture. He went on a Twitter spree that day with screenshots of random arbitrary charts, you can go look for yourself. Here’s his Twitter, and here’s an actual image of the current Satellite coverage Blockstream’s satellite network has, that they just launched:

Much different, specifically: This one wasn’t hand drawn by a fraud to make it look like China was exclusively “blocked”, and permanently for that matter…

If they wanted no block-size they could’ve went to Ethereum, if they don’t care about the average users ability to run a node diminishing over time, they could go to Ethereum. Or they could go to Bitcoin Cash… but somehow they still push Segwit2x after already getting their fork.

ProTip: It’s because they don’t really want Bitcoin to succeed. They are dividing, and attempting to conquer.

If you still for some reason want no limit to the block size, here’s a real world example of a chain that doesn’t have one. The Ethereum data directory size is growing exponentially for them because of the absent cap, but they just don’t care, and that’s totally fine because they aren’t trying to hijack oursystem:

For reference, here’s the two links /u/senzheng provided: 12.

The issue is mentalities like these bleed over into the Bitcoin community and cause divides that lead to an obvious fallout: Chain splits, and the fight over the title of The Bitcoin.

So what happens when there’s an ideological split among the community? Other protocol implementations that are used to muddy the waters and sway public opinion are well known: block-size cap, total supply cap, miner version-bit signaling. What happens when a group of people decide that they want The Bitcoin to remove (not just increase) the “arbitrary” limitation on block size? Is anyone for removing the 21 million coin cap? No? Don’t be surprised when that becomes a target too. Ethereum already took both of those away…

How much weight do your ideologies really hold against the 7 billion people who have no idea what we’re even talking about right now? 7 billion people who are easily influenced by misinformation. Are you prepared to publicly make the claim that 7 billion people don’t know what they’re talking about, and that they should be listening to you?

So what exactly does the name ‘Bitcoin’ mean?

What does it mean to be an American?

Scholastic

“It is great to be an American. We get to play sports and eat lots of food. We get lots of toys, all because we are free — the best thing of all.”

Austin B., 11, Wisconsin

Do you think Austin knew about the USA Patriot Act that Congress signed into law less than a year from when Scholastic asked children to send their opinions in?

Also notice how Austin said “America”, but what he meant was the avenue that the current state of his country provides for him as a citizen to play sports and eat lots of food? Not really, but do you get the point?

Sparing any 1984 analogies, what happens to the definition of America should sports and excess food no longer be an option for Austin? What happens to the title his ideology currently goes by? What will represent freedom in 500 years? What does it mean to be a Roman?

This is what really drove me to Medium, because a Reddit response isn’t sufficient enough to address these reoccurring debates that meddle with my ideology, in the name of The Bitcoin, which props up in a variety of ways from many different perspectives. Here’s one:

First and foremost let’s actually address the technicalities of the above argument: Chain reorganizations are not protocol changes, and the phrase “longest valid chain” refers to the former, not the latter.

Even then, the size of the ‘difficulty sum’ of all blocks in a chain determines validity in re-orgs, not block height:

Using the ‘LVC’ argument to try and justify why the fork you’re backing should/will hold the title of The Bitcoin is a fallacy akin to justifying why you skipped out on school today with the excuse “I couldn’t find my schoolbag”, as if breaking your normal morning protocol somehow renders school itself useless:

Bitcoin = [wake up→shower→grab schoolbag→walk to school]

*Queue the analogy Nazis.*

“I’m glad we cleared all of that up, now I finally get it. So that’s all, right? The longest chain measured by the sum of the difficulty of all the blocks is Bitcoin, correct?” 

BTC-101 Student / GMTH-203 Student

Nope.

See what I did there? I mirrored the response of someone who either didn’t get the point (don’t worry, we’ll get there), or is ignoring it and just trying to leverage their argument for the fork of their choice with arbitrary technical merit. Yes, arbitrary technical merit. I could name some Core developers who wouldn’t be too happy with that statement, despite the fact that I’m on their side, but I don’t care because it is arbitrary, given the overarching point.

Let me make this clear: It doesn’t matter what stance you take on any proposal, if you do this you either don’t get it or you are being deceptive.

In other words: Technicalities don’t define The Bitcoin. Social consensus does, because language is an inherently social construct. Furthermore, my ideology doesn’t define The Bitcoin either, because social consensus may not always align with what I currently want out of all of this, or my ideology might change in the future.

This a blatant admission of my point about deceptive tactics. Using the block size to spur division among the community when the reality is they want to take control away from the developers. On top of all of this, Vinny is a proponent of Ethereum and the CEO & co-founder of a company with a token on the Ethereum network. Can you guess where his incentives align? Don’t you think he would be better off if Ethereum was successful and the Bitcoin community was divided?

To be fair, Vinny’s response to that leaked email was to share more emails, here’s an excerpt:

So basically, he’s still (or was in August) in support of SegWit2X going ahead with it’s dead in the water chain split, because if Bitcoin works as planned, it won’t matter… While other companies continue to back out of the agreement they originally signed with the intent to keep everyone together, but now because of Bitcoin Cash, the whole agreement is moot.

Tangentially, 1 CPU / 1 Vote was a phrase used when everyone actually mined with CPUs while running their nodes. Another famous Satoshi quote that can’t be defended because he’s effectively out of the equation. The entire environment is different now. How you can even justify using that line is beyond me when a single entity controls (conservative estimates) ~20+% of all the hashing power, continues to mine empty blocks but complain about not enough space, created Bitcoin Cash and forced the network to fork once already…

… Moving on…

The following is an example of a person who gets it, but tries to leverage the technicalities of the protocol while ignoring the broader scope of the argument with Charlie. Deceptively conflating client reorganization with protocol change/upgrades, and claiming UASF’s have no effect on The Network (see what I did there?) by using technicalities as leverage for their argument:

Other Realities: Civil war, peaceful secession.

Much further down this thread, after some work, this person admitted to not caring what the masses eventually called The Bitcoin, claiming it doesn’t matter. It was the only thing we agreed on, and renders the whole conversation they had with Charlie moot, but readers don’t know that if they don’t follow through with the entire dialogue. The initial top level comment is all that matters because it gets the most visibility.

To reiterate, chain reorganizations are not protocol changes, conflating the two for argumentative benefits is deceptive, and if you still don’t get it here’s a few examples:

  • When Bitcoin activated SegWit, it was a protocol change, not a re-org.
  • Bitcoin Cash was a protocol change, not a re-org.
  • If Jeff Garzik’s baby-child SegWit2x actually gets off the ground and forks away, it will be a protocol change, not a re-org.
  • Ethereum was a protocol change (that happened to involve creating an entirely new transaction database)… …not a re-org.

“Re-org-shme-org! SEMANTICS!”

Craig Wright, Boy Genius / Not Satoshi

No, not really. Re-orgs happen all the time without any change to the protocol. It’s a built in client mechanism that has nothing to do with upgrades, or claim to the title of The Bitcoin. The key is understanding that some protocol upgrades try to leverage re-orgs (soft-forks), while other protocol upgrades attempt to supersede re-orgs (hard-forks), and that neither of them are intrinsically bad for le Bitcoin, they just have their own use cases.

Hopefully by now you’re starting to catch on here. Protocol upgrades are inherently social in nature. The naming conventions assigned to those changes are also inherently social in nature. Re-orgs are inherently not social in nature, or whatever the silly term is for network logic. I could look it up, but not doing so helps drive the point even closer to home, it doesn’t matterProtocols don’t evolve on their own, and a billion re-orgs wouldn’t change a single line of code, so using it to justify your fork is a fallacy.

So where am I really going with this all of this?

Well, for starters, if you share my ideology, you need to share this post. The community will keep growing until everyone is the community. Education will never end. You can’t get frustrated, you need to learn how to properly source, reference posts & quotes, and ask the same basic thought provoking questions without being rude and saying/thinking “not this again”. Everybody is new to the community at some point, and this won’t end. Ever. Period. Will you tell your kids “not this again, just look at the github”? No.

I don’t expect everyone to do this. I don’t expect everyone to have the time or the energy. That’s one of the reasons I put this post together and sourced a bunch of quotes from various members of the community. The least you could do is reference this when someone asks you “what do you mean” by misinformation and lies.

Equally important, and the original underlying theme this post was supposed to have, is understanding that at some point, Bitcoin might not represent itself in a way that aligns with your ideology. If these misinformation tactics prove to be successful, they’ll own the name Bitcoin. The developers are gone if that happens, they’ve all been pretty vocal about it too, either by moving on to a different projecting or continuing to support the chain that wasn’t stolen from us by the corporations, whatever name it winds up getting called (I’ll be calling it Bitcoin).

Screenshots courtesy of John Newbery, Bitcoin Dev:

Reddit thread.

Twitter chain.

Bitcoin Core Blog Post.

I don’t know what’s going to happen if the network splits again, but I know that if we lose the name Bitcoin (because that’s what this whole propaganda campaign is about) it won’t be good. Maybe I’m over concerned, maybe not. The only thing I can suggest is you take a look at what Bitcoin Cash’s most prominent miner said about the recent chain BCash split:

Bitcoin Cash is not Bitcoin
England = Bitcoin
America = Bitcoin Cash

Now take a look at what Bitcoin Cash’s most vocal user said about the recent chain split:

Bitcoin Cash is Bitcoin

England = Bitcoin Cash

America = ???

Did that help clear things up for you? They can’t even agree between themselves, because all they care about is stealing the name or dividing the community.

/