Web 3.0 and what that means for developers with Corey Petty - Episode 65
What the Dev?
Web 3.0 has been on the horizon for a couple of years, but what is it and what does it mean to developers? In this episode, we talk to Corey Petty, head of security for Status, about the changes developers should expect and how to educate end users.
Base Layer Episode 153: Corey Petty from Status on striving to be a secure communication tool that upholds human rights.
Corey joins me on Base Layer to discuss Status which has a mission to "to be a secure communication tool that upholds human rights. Designed to enable the free flow of information, protect the right to private, secure conversations, and promote the sovereignty of individuals." We also discuss "Waku" which is their peer-to-peer (p2p) messaging protocol that removes centralized choke points from your messages. By removing centralized third parties, your messages are your own and more private and secure. We learn how this is different than some P2P messaging platforms like Telegram. We also discuss secure browsing: "When browsing Web3, end user data and browsing information is not accessible by any third parties without consent. Any transactions made while using the Status browser implement the same security standards and best practices used in the Status wallet." In relation to Brave we had a great chat here.
Technology & Encryption: The Cat is out of the Bag - Corey Petty
End of the Chain
About this episodeUnrest, riots and pandemics are a springboard to greater erosion of privacy rights. Corey Petty joins this episode of the End of the Chain to talk about the war on encryption and what Status is doing to fight it. Dr. Corey Petty is the Chief Security Officer of Status and started his blockchain focused research around 2012 as a personal hobby while doing his PhD candidacy at Texas Tech University in Computational Chemical Physics. He then went on to co-found The Bitcoin Podcast Network and still serves as a host on the flagship The Bitcoin Podcast and a more technical show Hashing It Out. Corey left academia and entered the data science/blockchain security industry for a few years attempting to fix vulnerabilities in ICS/SCADA networks before finding his fit as the head of security at Status.im where he remains today.Corey's LinksLinkedin | TwitterStatus' HomepageWhere to find the showiTunes | Spotify | Stitcher | Youtube | RSS FeedWhat to listen forHow the current unrest in America is the perfect excuse to clamp down on freedom and privacy in the name of security.Why further thinking does not happen in response to solving a problem right now, and this results in people using rules in unforeseen ways.How the EARN IT Act could result in a backdoor into message encryption and increase the amount of surveillance longer term.Why Status’ position is that Web 3.0 should not reduce privacy and security in the name of government control.Why Status believes that the underlying protocol, the network of messages, must always remain unconstrained and unreadable, even if you were able to see inside the infrastructure they built.How technology has let the cat out of the bag and why giving up your privacy in the name of security or convenience should not be our future.Why the recent gas price spikes are the lesson of crypto-kitties that Ethereum did not learn and why these conversations about on-chain business and business logic need to happen now.Why Layer 2 solutions create “walled gardens” off-chain but give end-users choices to opt-out and to choose the level of security that they need.Why gaming on the blockchain is testing creative technological innovation and different types of economic situations before applying them to real-world enterprises.Why for Corey thinks blockchains and smart contracts are the first time we have been able to ‘play’ with actual economics and see the relationships between value and exchange.SUPPORT THE SHOWIf you like End of the Chain you can help support the show by doing one of the following:Help keep this show going by sending us $5Make a Tip - Send me an email after so I can mention you on the show.Bitcoin: USE THIS LINK FOR ADDRESS REUSEEthereum: 0xDAb148614f22dDa800cF006Be7932eeEB75AC644Leave a Review on iTunesShare an episode with family and friendsFollow me on Twitter | YoutubeIf you are interested in sponsoring the show please send me an email.Show TranscriptionHello, and welcome to the end of the chain. I am your host, Samuel McCullough. I’m joined again by Corey Petty. We said that we would have him back for another episode and he’s back to talk about Status and also Ethereum Gas prices. It was a fun conversation, to say the least. I hope you enjoy it. Make sure to leave five stars and make sure to subscribe to this podcast. Share it with your friends. Everybody else. All right. Let’s jump into the episode.Corey, welcome back to the End of the Chain. It is great to have you back. I would say that things are overall better in the world than the last time that we spoke.Corey: Arguably.Samuel: Actually, I’m really surprised how much has happened in the past five weeks. So we spoke on April 22nd of last month, and during that time, apparently, we all forgot about the coronavirus and have moved on to other issues concerning police violence and other racial issues inside the United States. It feels like everybody was just bored at home for months and months and months. All of a sudden, this internal need to break out of the house and break some things has kind of taken over the American populace.Corey: Yeah, it’s interesting times we’re living in. I think what you just said. People staying at home cooped up, not really knowing how to react. A lot of uncertainty probably bled into that kind of explosion of getting out and doing stuff. Unfortunately, it seems as though it’s doing it in a negative way.Samuel: Well, where are you?Corey: I’m in Maryland. I live in the woods, so I tend to keep going for most people most of the time.Samuel: I know. I live in the suburbs, and I’m kind of happy I live in the suburbs and not in the city anymore because even living in Moscow, previously there’s protests and police and things. But, I guess, at this point, I would much rather live out in the woods somewhere. My wife wouldn’t. She would she’d kill me if I took her out to the country, but it’s something that I think about going forward.Corey: It’s something I’ve always wanted. My wife was reluctant at first and came into it pretty quickly after we moved. And, I think we’ll probably never go back plus, you know, having things like dogs and stuff, it’s nice to have your own space and not really worry about boundaries around you too much.Samuel: During these protests, there’s been a lot of coordination. Through either social media or different messenger platforms to direct a lot of the protests or violent response towards businesses and other property and other government buildings across the country.I know that, just recently, Trump came out and declared ANTIFA a domestic terrorist organization which there’s a really great article by Preston Bren who wrote quite a bit about what it means to be a domestic versus foreign terrorist organization and how they are treated by different businesses, how they’re able to exist within different institutions, banking structures and things, but the ability for them to coordinate their meetings with Facebook and other messengers like Twitter has really been brought to the forefront and, you know, it’s worrying really that a lot of the time you have a strong response by the government towards who they claim are either terrorists, violent protesters or other people; and then they use that as an excuse to curtail the rights of everyone and to place increased restrictions on the companies, providing those communication services to the general public. I think that, even though I may not agree with what a lot of these groups are doing, it’s still worrying for me to see what the response will be to these types of actions over the next few months. It’s good then that Status has its ability to remain encrypted and remain decentralized; Status really can stay above it all.Corey: Oh, absolutely. I mean, there’s no way for us to inject authority into other people’s conversations based on how we built it, we could, of course, change the application that we distribute and we built from open source, but that is only a layer on top of the protocol. Anyone else can just choose to not use our application and build their own abusing the protocol to get around any type of maybe decision we choose to do.We didn’t have any real intention at this moment to do anything like that, but it’s always a possibility. Right but we’ve made it in such a way that, if someone doesn’t like the decisions we make, they have the freedom to go and build their own. Do it the way they feel it should be done. I think you’re right, even though we may not agree with all the things that are happening, and why they’re happening or have conjectured about why they’re happening; I guess history has shown that decisions that are made to curtail these things by government bodies tend to never be given back after that power is taken to curtail whatever they’re trying to get rid of, and that usually means giving up privacy and security to the jurisdictions that control in exchange for the ability to do that type of stuff.I mean, from my perspective, it’s usually done in the name of terrible acts; we’re trying to protect you from these bad guys. Name the bad guys. Make it so heinous that no one’s ever going to argue with you. In the process of saying, yeah, let’s stop those bad guys. A lot more control is taken into the things that people use every day.Look at the EARN IT Act, as an example of this, and we recently had a Forbes article that kind of dove into how this process happens in the name of being wary of the consequences, in the process of actual trauma and triage happening. Don’t get me wrong, the stuff that’s happening in the United States right now is traumatic, and other things that are happening across the globe were also traumatic. They need to be addressed somehow by the governing bodies that oversee the people who live there.But you have to be cognizant of when that stuff happens, if they’re changing regulation and the rules are making backdoors into encryption, or further increasing the amount of surveillance on the people so that they can try and find the stuff. When the problem has gone, the ability remains, and if it’s still there, people may at least have the option to choose it in a way that it wasn’t intended for in the first place. I don’t think people quite think about that when they’re quick to try and solve a problem that’s happening right now. That further thinking I don’t think happens because of the potential heinousness or unsavoury aspect of what’s going on at the moment.Samuel: Coming back to the EARN IT Act, that was a bill put forward recently in January that would give the Senate committee the ability to make wide-sweeping reforms and rules for online platforms. Would that cover a platform like Status as well, too?Corey: I think it remains to be seen, whether it covers a platform like Status, the way I understood it, they were never specific about what they would do, but it definitely opened the door to introducing back doors, and the person who put it forward has been notorious for looking for encryption backdoors and not liking strong encryption. It made a selection of best practices for online bodies to follow pretty much mandatory by not giving them the ability to have a lot of the regulatory safety measures that are allowed to them unless they did these best practices, so it made a suggested set into a mandatory set.Then the ability to change what that set is, which could potentially turn into something to introduce a backdoor to your encryption algorithm so that we always have access if we need it. At least that’s my interpretation of what the whole bill was about, or the act was about, and that’s one of those situations where they did it in the name of heinous things that no one’s going to agree with, like child pornography, but the broad sweeping consequences of what that can do and the control that gives to the government is drastically larger than that. In my opinion, the scope of what they really wanted to do was probably dressed larger than what they’re trying to advertise it as.I think that’s just one instance of a history of attempts to have more easily accessible power when you need if you look at the way large government bodies act in accordance with one another across, not with just their own jurisdiction, but also across the globe, it’s a constant vie for the advantageous position wherever you can possibly have it so that when you need to use it, you have surgical precision to do so. The lengths that people will go to get the position I think it has no limit. It doesn’t mean that it’s going to be done or be used, but it’s a constant jockeying position, and the more you ease up on the technologies that you use and like introducing backdoors of encryption, the more you allow that limit to be pushed further and further. As a company Status maintains a hard position that we’re not going to introduce those things and the new web should be built in such a way where it’s not even possible to do certain types of things so that this constant battle for jockeying can’t push certain boundaries. It’s always going to be trained somewhere, at least in terms of the technology being used.Samuel: I think looking back on it, in the wake of 9/11, I think the government probably felt it had been caught flatfooted on the intelligence side, while most of the changes that they made to prevent another 9/11 from happening happened actually on the physical security of going through the airports and getting checked and also adding locks to the planes as well too, probably had a bigger impact.The ability of the intelligence agencies post-9/11 was second-guessed and then ramped up to meet a foe, which they thought they knew, but was outsmarted really by a couple of guys with box cutters. They probably had all the information, but they just overlooked it.I see now that, you know, 20 years on they probably feel that they never want to be in that place again, to be outwitted and not to have any sort of idea of an attack of that scaled happening inside the United States again, whether it means they overstep their bounds in protecting the security of the American state and also protecting it from foreign enemies. It’s really a debate that’s not happening publicly. I’m sure there’s a lot of back and forth between Google and Facebook and other companies and Intelligence and American government when you have programs like Signal and Status. I think there is a threat that they see in the unknown of what could be done and the ability for them to be caught flatfooted again.I think it scares them a lot and there’s also this backlash that’s happening right now, what’s happening on the front pages. I think it’s more of a way to distract people from what’s going on with Covid-19 with the whole Section 230, but that’s also closely tied in with the Urnet Act as well of reducing or removing the liability of social media platforms and other online platforms when it comes to user-generated content.It’s kind of all tied in together because if a platform like Status is responsible for the type of content that’s passed between its users, there can be no security then because there has to be a group, some sort of machine or something that’s maintaining acceptable speech on the platform. While a company like Facebook, or maybe even a Google can do these things because of their ability to survey their users and then also have the machine learning capabilities to read those texts and, and understand it and quickly retaliate and ban people who are engaging in non-acceptable behaviour that doesn’t meet their platform rules.They’re able to do it, but it’s smaller platforms who don’t have these or platforms that have full encryption like yours which would suffer. They have the ability to comply by adding different text reading features. They can read all their messages by all their users and look at all the pictures and have these huge content moderation teams that are picking out different types of images or content or video and then banning it. They can also make sure that no other type of content is being shared on their platform that would not meet their terms of service, but a smaller platform may have more problems.Corey: Yep. That’s generally true. The way I kind of see it, it depends on what you’re focused on as an organization. We’re going to spend a good portion of our focus and priority and resources on building open protocols that don’t belong to us and much to the way like TCP IP, how we use the internet today and the protocols that deliver information to each other across the globe and in a myriad of contexts is used. That doesn’t really belong to anyone, but those who build on top of it, then have the ability to change things as needed.In that sense, in an end to end encrypted scheme for messaging, where can you censor? How deep in the stack can you possibly go to change something? What we’re trying to do is make it so that the only people that can change the things are the people who are reading the messages and maybe the application that they use that talks with the underlying protocol. For instance, at Status, we as an organization could change at the application, like the actual mobile application or desktop application, when that’s ready to use machine learning to look for certain types of cues or certain types of content or conversations that happen in certain types of channels and selectively choose to block that, or just not render it when someone a message runs through the pipeline, but the underlying protocol, it’s completely open. It’s just a bunch of dumb pipes. You just can’t see inside the pipes; they’re completely opaque.If you were to be able to see inside the pipes, you wouldn’t be able to differentiate between all the different stuff running through them. It’s very important that those pipes, the underlying protocol, the network of message passing through them, stays unconstrained. If something happens, people who can maybe come at Status, they can maybe ask us to do something to comply with a certain jurisdiction or try and get us to understand like what’s going on based on whatever metadata we can pull from those pipes. That’s a reasonable solution, but we as a company should not have control over something that should be used a protocol that should be used on how you communicate with others securely and privately. We, as a company, should only be involved to have access to the applications we distribute that leverage those things.That’s why we spend most of our resources on making sure that those pipes are really good, the infrastructure, the ability to do that and those can provide a potential functionality as an application for others to do what they need to do with available technology and we’ll build something that uses them.When you look at the people who generally have broad access that’s not the mentality that they have, they want to own from top to bottom as far wide and as far horizontally as they can go, because that gives them full complete control of everything; and if they have that, then they can do whatever they want. Then they have an obligation to not do bad things or to comply with fixing things in whatever jurisdiction they provide service to, and we don’t want that power. That doesn’t belong to us.Samuel: I would stress that a lot of companies want encryption and a lot of companies want to be able to securely encrypt their data, but there seem to be certain sectors of our online life, which the government says, okay, well, these people can have encryption and should have it. If you’re running a company and need to send encrypted emails, especially if you’re in the defence industry or something like that, you would never have back doors built into your messaging platform. You would want an extremely secure messaging platform to be able to handle emails and texts and other things in case that there’s some sort of foreign government that would be listening in, but at the same point, there’s almost this double standard where if you’re not a government-supported industry, that you have to give up your privacy in the name of safety. Yeah, it’s really strange.Corey: I would agree. I feel like that exchange you just mentioned giving something up in the name for security, giving up your privacy in the name of security or convenience is a relic of how we’ve built things in the past. I really do hope that the ideals of Web 3.0 and how we build it are done in such a way that’s no longer the case.It’s not an implicit exchange, and you have to find some balance in between. You should still have the convenience with full security and privacy because let’s be honest, the technology is there, it exists the cat’s out of the bag. If we don’t develop strong standards, strong infrastructure and a very common knowledge of what’s capable and what is used based on the nonstop increase in the power of our technology, someone’s going to use it, and there’s not going to be enough people with enough information to stop them in the ways that they can. Let’s take the example of nuclear power, once that’s out of the bag, it’s a tool, it’s something that exists that anyone can use with the appropriate resources that you can’t undo. You can’t put it back. It’s one of those situations where it can be used for incredibly good things that have helped people’s lives in a lot of ways and progress civilization and humanity, or incredibly bad things and do the exact opposite. If you pretend it doesn’t exist, the people who want to do bad things don’t really care.They’re just going to keep doing it. They’re going to try to gain those resources. If you have a full understanding, you can then see what it looks like too. Get to the point where you become a problem, how resources are gained, where they exist, all the peripheral things around the technology, but you can’t stop the technology.We haven’t made that transition with digital technology and the overwhelming power it gives the defender that doesn’t exist anywhere else. In my opinion, you need to build things and let them be freely accessible, so you’re not trying to use a hammer to do a job that a hammer isn’t good for because that’s what people are doing when they try to say, Oh, you know, we need to introduce back doors into encryption so that we can maintain this power we’ve always had. That’s not how it works.The technology is out of the bag; your ability to do those types of things is not going to go away. If you try and enforce it on the people that you control, the people you’re trying to stop won’t care. They’re going to go around and use it anyway because the technology exists and it is open source, and it’s going to get better.I think it’s just a terrible way to try to move forward because you’re ultimately shooting yourself in the foot because you’re going to remain ignorant on how things actually work or the things you’re trying to stop.Samuel: I want to move on to the next topic for today, which has been the Ethereum network has been extremely congested for the past couple months. It’s been because of several Ponzi schemes, which have been operating on top of Ethereum. Most notably there’s one called TripleM, which has been spending thousands of ETH worth of gas every single month to power their Ponzi smart contract, and it really sucks.Corey: That’s a good way to put it.Samuel: Yeah, it’s terrible. When gas prices are in the twenties for days and days, and then like spiking up into the fifties and sixties for a couple of hours at a time, it really renders the network almost useless, and especially for dealing with smart contracts and higher or more complex, more gas-intensive computations that need to take place on-chain. It’s horrible. I’ve really been having to rethink how a business would operate on top of Ethereum. In the past couple of weeks, simply because the gas fees are so unpredictable in this case that if you’re budgeting for one to seven gas fees and all of a sudden you’re paying like 20 and then sometimes 50 to have normal business operations, it just can’t continue. It just eats into your revenue and eats into your profits and kills your margins.How does a company that’s supposed to grow and thrive in an environment like that? And especially for smart contract developers who test their contracts, they need to put them on-chain and spend maybe hundreds of dollars to pay for gas fees, to do the dev work. You know, how is a company supposed to survive in that kind of environment?Corey: It’s kind of multifold here. I’m not the best at smart contract development, but I’ve certainly understood that the architecture and foundations of how these things are built and the consequences. It’s very new. We’re just learning how to do this properly, and we’re fumbling our way through on how to really build an incentivized peer to peer networks. It’s very hard to predict these things, I think, it’s cause it’s one of those situations where you can build a bucket and that bucket may have holes in it, but you’re really not going to know about those holes. So you fill the bucket up, and we saw that happen with Bitcoin. You saw what happened with Bitcoin and we realized like how the fee structure and congestion of the network changes with demand, and then you saw a lot of the solutions turn to the second layer which offloads some of that requirement for certain types of transactions to be on-chain.Most circumstances, you don’t need to buy coffee with a globally secured permissionless auditable forever network. It makes you wonder what a blockchain is good for. When we first introduced the concept of permissionless global ledgers, it was one of the situations where let’s just make everything permissionless; this is a better way of doing it. Then we went full swing to one side, and there’s a lot of stuff that isn’t really amenable to this type of technology in reality. It’s somewhere in the middle, depending on what you’re doing and what risk is associated with it, or how much trust you have and the parties involved, etc. or what kind of time sensitivity it may have for how much you can project into the future in terms of costs and stuff like that? That’s one real side of this. This technology is new. We’re learning as we go. It takes a while for us to learn some lessons because it requires a certain amount of activity and value for like these things that come to light, to find that hole in the bucket that leaks. And secondly, we’re starting to become a little better realizing what types of applications and types of business logic belong on-chain. What should you be doing this stuff with? And then in the circumstances where it’s not really appropriate for blockchain, how do you tie one in? How do you root yourself into it?We’re just now starting to see different types of concepts in how you route certain types of business logic into a blockchain that leverages the things that it’s good for. On the other hand, people are getting smarter about how they do their businesses or because it’s starting to develop best practices around how to optimize gas, how to make smart contracts that do what you want them to do but aren’t inefficient. What are the security catch-alls? How do you make it so that you can upgrade them when something like this happens? How do you potentially offload gas, buy it when it’s low and use it when it’s high? The whole concept of meta-transactions was like, you know, we can use the security of the blockchain, but not actually spend any gas for certain types of activities.We’re still playing with that stuff too, so as we keep learning these different ways of operating our business and changing it to deal with these issues that we’re having, as well as building the infrastructure in a way that has a lot of different tools that you can mix and match to do what you need to do for your business. We are learning a lot of lessons, and we have a long way to go.The fact that one business’ activities can affect the entire network is maybe a lesson learned that we didn’t see coming. To the extent that a Ponzi scheme can basically cripple the network, we saw it with crypto kitties, but we’re still learning. We haven’t scaled any from crypto kitties and the naivety of the people who are doing TripleM or whatever scams that are currently pushing out fees, this ruins it for everyone and so that architectural decision probably isn’t a good one. We need to find a better way to do it.I think those conversations are being had now. How do we make this work better in the future? If someone does drastically raise fees, the community benefits from fees that are generated somehow, like that redistribution of the costs that company is paying are equitable to the community or make it so they can’t do it.I guess this would be one shard doesn’t affect other shards or other platforms, or you have a separation of state and consensus. I think these are conversations to be had that we need to learn from because we’re so young and I don’t have the solution for it. I can just see where the problems exist.Samuel: Would Status have any of these scaling issues?Corey: We’re affected by it, but not to the extent that most blockchain applications are. We have features that allow you to do certain things. Let me give you a perspective of Status, right? We’re a company that allows like you to have a wallet interact with decentralized applications and chat.The chat itself has nothing to do with Ethereum. It’s completely separated. It’s a completely separate message-passing network that has nothing to do with Ethereum. We say it uses Ethereum because it was built off of one of the three prongs of the Ethereum trifecta, which was data blockchain storage, blockchain and messaging, but the messaging was called whisper. We built on entire messaging, passing a network, separate from Ethereum, leveraging that software and that protocol, and then we built from there. We give access to Ethereum by allowing you to access these centralized applications from our wallet you use the same type of cryptography.It’s very easy to kind of add that functionality over time and then have like feature ads within the application that make the chat experience more fun. For instance, like ENS usernames, you can choose to purchase a username or stake 10 SNT. It’s not even purchasing. You’re staking SNT for a unique username that allows you to be more discoverable and have an easier to find username in the chat context.A feature like that, which costs a certain amount of gas starts to become kind of difficult to use when the price of purchasing it is vastly more expensive than the value add to the network, right? And so that’s what DApps kind of experience they have like, Oh, we kind of planned out this feature or this functionality, it should cost this amount to do; it actually adds value back into the network by this much. When fees rise, its economic understanding and balance are completely skewed, and it becomes intractable to do certain types of things. We’re gonna have to come up with a better solution to add the same functionality and a Layer 2 or off-chain or something else that provides a very similar user experience. It’s very similar security and privacy experience but doesn’t require you to go directly on-chain because maybe that’s not a good use of being directly on-chain.Samuel: I would say that with Layer 2, there’s a lot of systemic risks because you’re moving users away from making trusted transactions. The further they get away from layer one, the less they’re incorporated into using all of the things that make the base layer so great. The further they getaway, they may not. They may not get access to those same level of features and trust and security, and that would deprive them of the abilities and the characteristics that make the layer on-chain so great.Corey: I may want to push back on that a little bit. You’re right. Anytime you change or move away, you definitely change the risk structure. There’s always something you’re giving up, particularly something you’re also adding, and it has heavily to do with the implementation of whatever you’re doing. Each Layer 2 solution is not the same in any way, shape or form. In some cases, they add a tremendous amount of benefit, for instance, zero-knowledge proofs.Samuel: But you’re moving into a walled garden when you go into these Layer 2 solutions where you’re no longer able to interact with the rest of the network, in the same way, is that you’re stuck in this small little Layer 2 area where you can do one specific thing. If you do want to come back and interact with the network, you have to come back on-chain.Corey: Yeah, right. That’s always going to be the case, and maybe eventually that barrier to flow through Layer 2 to Layer 1 to another Layer 2 is more efficient and minimize so that it happens almost as seamlessly as just using the base layer itself. I don’t know where the technology is going to go that allows that type of communication. Think about shard to shard communication on Layer 2, that’s going to be difficult. It’s not as similar as operating on the same shard and any sharded experience. Layer 2 is no different; plasma is a very similar situation, but maybe it’s useful in the context of whatever you need to do.You’ll use the chain when you need to use the chain because you still have that option. That’s the main thing that I think we’re providing different options for technology and always the ability to opt-out. That’s the main thing here that in a previous circumstance, in traditional web, you don’t have the option to opt-out if you don’t like it.You can always do the same stuff on-chain. It just may cost you more if you need that security or trustlessness, but most relationships are not trustless. You can build “walled gardens” or reduced trust and privacy, but it’s still tremendously better than previous applications if it works. I guess that’s the difficulty of the application developers and organizations that are building things that provide services to end-users. They need to balance these things and come up with something that people agree with, so when they do something, it’s operated the way they want it to. If they don’t, they can opt-out, but it’s still economically feasible to do so or feasible in whatever privacy and security demand they need, but they have options.Samuel: You would choose the level of security that you would need, whether it’s full on-chain trustless security or operating within your own private structure, and then you’re just writing data, writing hashes, to the main chain, or it’s the Layer 1 chain to ensure that the data that you’re putting forth in your private network matches what’s being written on the Layer 1.Corey: Let me give you an example of this in practice. As it currently stands today, within the blockchain ecosystem, gaming with blockchain technology is introducing the concept of actually generating real-world value from human effort into a game, but the difficulty that they face is scale. You can’t operate most games directly on-chain and have any type of real-world user experience that can be on par with regular games and people are going to play them. It has stickiness, and people invest their time and get involved.You can’t have that right now. The technology just can’t do it. We’re not there yet. We will be, but we’re not there yet. So what they ended up doing is they virtualized that environment on top. It’s basically a layer two. In a walled garden, but it operates by the exact same rules just within a walled garden.What happens is that you end up playing the game. It’s fun, and it’s enjoyable. You’re having a good time. You get invested in it. You invest a lot of your human hours into it, and you end up developing still scarce resources within that walled garden. Once they get to a certain value, I don’t want to take this off.I’m done playing the game. I want to take this money out and sell it. That’s when you take it on-chain. She can sell it in an open market; that’s something you could never do before. That’s really awesome. Until the open and permissionless technology gets to the point where you don’t need that virtualization, it’s a really good way to do it, because it’s still changing what you could do in the past and allowing people to opt-out and take their value that they’ve generated and earn somewhere else, not within a walled garden.Samuel: Yeah. I mean, this is a really great example. I like that.Corey: Yeah, then if you think about gaming in general, that’s the real playground for technological innovation, that’s where you are able to experiment with different types of economic situations and rules and games and how people interact with them and how they can gain them, the interplay between mechanism design and game theory, right?You’re able to do this, and it’s less risky valuable situations that allow you to develop really robust methods and tried and true ways of doing something that has real outcomes because people really want to do these things, over time, which builds standards for more game-changing, world-impacting enterprises to take that stuff and run with it.For instance, I think the supply chain is going to take a lot of what we’ve learned from gaming and FTs and implement it into ways to making like how we track sourcing to moving, to building, to manufacturing, to delivering things and make it incredibly more efficient and auditable and easy for us to understand what we’re using and where it came from and who put effort into that process. But that came from the fact that we were able to kind of play around with the stuff and figured out how to do it. We’re still playing around with it.Samuel: There’s a lot of creativity that goes into game design and the ability to have these like sandbox environments where you can design certain structures, rules for people to operate in, and then you can take those ideas and then transition it back towards more real-world examples.Corey: I guess I’ve always found that concept really interesting. I think that like blockchains and smart contracts is this the first time we’ve been able to play and experiment with actual economics and where the value lies and what the exchange rate is between various types of human effort and relationships and value, and then how you exchange it for other types and a lot of ways like the decentralized exchanges and the things we’re building on top are like giving us an emergent behaviour of what that looks like.Samuel: I think it’s probably a good place to wrap up on, cause I, I really liked that point and, I really liked the idea of bringing game structures into bigger financial applications and having a small sandbox to develop into bigger ideas, and fine-tune them for actual use.Corey: if you’re interested in what we do, you can always download Status and your app store from the website and then get on and ask questions and find us. Come ask me questions, and we’re here to help.Samuel: When is desktop application coming for Status?Corey: It’s a work in progress. We’ve been playing around with kind of what tech stack we want to use to build it so that we have good security guarantees of the technology that we rely on. It’s actively being developed and worked on. I can’t give you a date.
Communication is Value Transfer - Corey Petty - Status
End of the Chain
About this episodeWhat does it mean to have communication privacy? Who is responsible for free speech? Dr. Corey Petty, Chief Security Officer of Status joins the podcast to discuss his role at the company, how he is securing the rights of others and the role of messaging networks in the 21st century. Dr. Corey Petty is the Chief Security Officer of Status and started his blockchain focused research around 2012 as a personal hobby while doing his PhD candidacy at Texas Tech University in Computational Chemical Physics. He then went on to co-found The Bitcoin Podcast Network and still serves as a host on the flagship The Bitcoin Podcast and a more technical show Hashing It Out. Corey left academia and entered the data science/blockchain security industry for a few years attempting to fix vulnerabilities in ICS/SCADA networks before finding his fit as the head of security at Status.im where he remains today.Corey's LinksLinkedin | TwitterStatus' HomepageWhere to find the showiTunes | Spotify | Stitcher | Youtube | RSS FeedWhat to listen forWhat interested Corey about working at Status and how he ended up there after academia.Would Satoshi have created Bitcoin differently today to build privacy into the network given what we know now?How Status built privacy and security into their messaging protocol app.How Web 3.0 companies can compete against big tech whose goal is to monitor and surveillance users to make money.Why there are a plethora of new ways to capture what users want without compromising their privacy or security through careful protocol building.Why Bitcoin technology will get better (it’s not there yet) and why eventually data on the network will be obfuscated.Why Status is decentralised by design and will work regardless of whether or not Status exists as a company.Why our society needs to have more situational awareness on the internet when interacting online and make users responsible for their conduct, not companies.Why Sam thinks we need more freedom, not less.Why Status has a responsibility to build good software that people can use it in the way they want to; but the responsibility for conduct should lie with the end-user, not a central control structure like Facebook.How Status fits with the three-part purpose of the Ethereum network and achieves its goal of on-chain messaging.SUPPORT THE SHOWIf you like End of the Chain you can help support the show by doing one of the following:Help keep this show going by sending us $5Make a Tip - Send me an email after so I can mention you on the show.Bitcoin: USE THIS LINK FOR ADDRESS REUSEEthereum: 0xDAb148614f22dDa800cF006Be7932eeEB75AC644Leave a Review on iTunesShare an episode with family and friendsFollow me on Twitter | YoutubeIf you are interested in sponsoring the show please send me an email.Show NotesDr Corey Petty, the Chief Security Officer at Status.im, he is more than just a security officer. He is also the co-founder and co-host of the Bitcoin podcast. He has some really interesting views on communications and what it actually means to be building out a network like Bitcoin or some of the other networks that have been created afterwards, such as Ethereum or Status that focus more on the communications aspect and how that propagation of Data allows for greater freedoms and evolving society in this ever more surveillance age.What is it about working at Status and how you ended up there? You have only been there for the last two years and they have done some amazing stuff in that time. It has been serendipitous. I left academia after finishing my PhD and doing some work in computational chemistry to pursue a blockchain career to leverage the skills I had gained during my PhD which was very data-sciencey. I have always been fascinated and heavily involved in computers from a technical perspective my whole life. When I left, I found a couple jobs in the government consulting area basically leveraging blockchain and making sure people knew what they were talking about and technical education. My goal was to make sure that governments and regulators were looking into these things. And they didn’t have a lot of good quality resources to make good decisions about these things. My goal was to help them with this process. The bureaucracy and how organisations work was not quite my level. I had built some hobby projects doing analysis of very large projects in the space in Ethereum; how tokens were distributed in some of the really large early ICOs and one of these was Status and I talked with Jared Carl and became friends. One day I was talking with Jared on a very different community-based project. He asked what I did and I applied for the job and got it. It has been a wonderful trip working with Status. It is exactly where I wanted to be when I left academia. I have been very fortunate in my experience.I was never cleared or went through any of the security clearance interviews. I did not want to go through the process or be beholden by the promises you make doing those things. It is great for job security but I wanted to maintain my freedom in pursuing whatever I wanted to pursue and being able to say what I wanted to say it in a timely fashion. I am pretty happy I did not go through the process.In the military it is a whole different life. It took me two years. I’ve been out since 2008 and I lost my clearance. I was amazed by the job security it gives you. You will basically have a high paying job for the rest of your life if you want it. The second thing is the growth of these consulting/contracting companies out of Hamilton that have a huge responsibility outside the beltway. I learned a lot about security but working in such an organisation was not my bag. I have been out of DC for five years.It is really interesting to see the growth of these consulting companies and how much the government relies on them. The fact that Bose Allen has a senior blockchain specialist was that a position you carved out for yourself or were they just wanting someone who could call themselves blockchain developers? My opinion is partly my own perspective and partly my experiences of working there. I know that a lot of contracts were looking for bitcoin expertise. When I did educational things I was doing broad scope educational initiatives and then when I moved to Bose Allen was specially carved out around me and my team. We need to say we have some skin in the game. We were incredibly efficient in getting things done.I just spoke with Alexander from Beam, he talked about the privacy functions embedded in Bitcoin. He said that if Satoshi had been building something today he would have built something closer to Monero, ZCash or one of the protocols that has privacy built into it. The open database that Bitcoin gives you is too much of a honeypot for intelligence agencies or any other foreign government agency that wants to track all on-chain transactions and be able to identify money flows across the network.Where do you stand on this privacy issue? I agree with Alexander in a sense and if I had to prognosticate about what Satoshi would do today; he would be incorporating a lot of the technology that has been developed and funded directly because of what he built. He build something that solved a computational consensus problem and then as it grew, it became a data mine for financial information because everything is public and included. As a response to that publicicty and lack of privacy, we have been able to fund a lot of the cryptography that wasn’t quite getting the focus that it needed to fix these problems. In many ways he has enabled a lot of that research and development of that cryptography that we have today. As it stands today there are solutions in the pipeline that help address these privacy concerns for Bitcoin and Ethereum, that obliviates some of the information. But if you want real privacy in my opinion, then there are things like zero knowledge proofs. In applications like Status, the most un-private thing we have is when people interact with the blockchain and that is not a reflection on us but rather just the way the technology works at this point.How do you bake that into a product like Status? How do you identify those privacy concerns and address these in a private messaging app that is both private and secure? That is the million-dollar question. It starts in my opinion with using the available technology appropriately and setting appropriate defaults that lean toward the side of privacy and security for the user. Then you provide users with options of changing those available levers so they can change these; but in an informed manner, they can make the decisions affecting their privacy and protects their data. The only way to really build products that allow users to maintain their privacy and security is to give them all the options you possibly can and defaulting towards private and secure and then allowing them to change it but in an informed way. The business model of What’s App, in theory, it should exist outside of Facebook. Facebook bought What’s App for $2 billion dollars a decade ago. The original founder left because of Facebook’s plans. They wanted to better understand user behaviour and linguistics. That intrusion into user privacy and messaging has allowed them to grow to billions of dollars. This is the same as any other major tech company today.When we talk about Web 3.0, we are talking about companies that are trying to buck the trend of using people’s data and taking their privacy to sell this information to third party companies—using the information from their user base to generate more revenue. How does a company like Status compete against a company whose goal is to monitor and survey their customers? Our goal is to give people the option if they want it. I think it would be useful for everyone. I am not sure what it is going to be until we have reached the level of convenience. They are able to do what they do because they have all the information. How does a more decentralised product (that is not spying on its users to use that data to increase their revenues) how can they compete with the FAANGS? I am not sure. My intuition tells me that we have a vast unexplored space of what a social network looks like. If we look at what information is provided in any blockchain network, it represents a value transfer. We do not see that 80 or 90 per cent is communication. If we can capture that value, there are a plethora of new ways to capture what users want and what they want to do without compromising their privacy or security by participating in that network. I think this is my personal vision if we are able to push forward this idealised view of Web 3.0, but it is still early days. Bitcoin is the beginning, and it is only a decade old.Sam thinks think the shift will happen slowly and then all of a sudden. Bitcoin is boring, and there is not much to develop on. A lot of people have set its past present and future. It is just a not if but when. Corey thinks there is still hope for Bitcoin to develop other use cases. Bitcoin does some things well, but other networks like Ethereum do it better. Some of the potential technologies that could find its way into the base layer drastically expand what you can do with it, and for the time being, Corey does want to spend his time there.Ethereum is the best place as it stands today to be building. What you can do with this technology and what you can build on top of it is very interesting. Because this technology is so early, I am not comfortable naming what is going to be useful in five years or what we are going to call Web 3.0 or blockchain. There is so much room for expansion because we have to be able to start thinking about what we can do with it or build with it. We are starting to think about how to build stuff this way.The Big 4 versus Web 3.0 issue is something Sam thinks about quite a lot. We have been trained to be desensitised to how much data we give up every day. I worked with systems that were at the NSA and the hoard of metadata that this creates. You can build a near-perfect picture of everything with metadata. I talked to a police officer – once they are on the Bitcoin, everything is visible because there is this perfect data trail that can be used by law enforcement. When Sam came to Bitcoin what interested him was the metadata to be exploited by companies. The technology will get better, but it’s not there yet. Eventually, everything will be obfuscated.How does that apply to Status? What sort of data do your users give up? Status is completely open about what we do. It is very hard to see what anyone is sharing or unless you have broken encryption. We use signals whispers encryption to make things very secure. Even if Status dies, the technology stays and remains open. You don’t need any personally identifiable information to set up an account. If you use the Blockchain, you are going to disclose information about yourself and leave a trail behind you. We inform you when you use ENS username then you secure a sub-domain ENS record. You are staking this, and this makes your account public and the wallet attached to it. OR make another account that is not public. You become discoverable you need to put something out there.Sam is a heavy Telegram user. They have built an interesting product. But because of its origins and the code itself, there are a lot of questions he has about its privacy and security. There is still this veil of obtusification around Telegram as to whether they are private and secure with user information. Even when Sam is trying to have private conversations, he is looking forward to the release of Status. Can it be a good replacement for Telegram? That is what Sam wants to know. How can you trust Telegram when you cannot see the code or know how their privacy and security work?The ultimate goal, if we do things correctly, is that you won’t need Status. The network will work regardless of our existence, but the question is, how do we build network value while still having a job? Since 2016, we have seen the growth of disinformation across social media and social networks in the hopes of converting peoples opinions or changing the hearts and minds of people using content.Do you think that these decentralised systems are more open to exploitation or there are other ways that Status can address these issues? In a more general system that is less controlled or constrained is more susceptible to people saying to things that are true because that control does not exist. There are things that we as a company we can do and things we can do as a society. In my option, these are necessary for the future. At Status, as a company, we can build tools that give you more situational awareness; so you know who is saying what and how much we know about that person in terms of trusting their content. Like ENS Usernames – if you have gone through trusting to someone you are talking to that it cannot be faked. It is hard to fake an ENS Username. These are very strong fundamental guarantees that the person who owns the private keys is the person you are talking to. We need to allow people to attest to who they are and attach it to private keys so you can be more confident that you are talking to who you think you – so you cannot be manipulated and/or phished.As a society, it is about how we conduct ourselves on the internet and having more situational awareness. Thinking about whether or not you are talking to the person who you think you are talking to. That is a terrible way to run a society or the internet that you give over responsibility to people whose whole goal is to make money off you through their system. We need a social shift to ask is this the person I am talking to? We need an attestation – or an identification system. Identifying core contributors on Status – this might be a way to go. We want to build it in a way that we are not necessary for it to work.Does Status have a responsibility to protect its users? We have a responsibility to build good software that people can use it in the way they want to. The responsibility lies with the end-user to conduct themselves appropriately. If you relinquish control, then it ends up with the user. Facebook has become a political body and polices its network and its content. Misinformation campaigns and other negative reasons have used their platform.What can be done to stop misinformation? Would Status have to become political to address misinformation? The protocols we are building are completely open. Like Ethereum – to craft a valid transaction that gets processed. We as Status can make political decisions, but it is not going to stop anyone from doing it because we cannot make the protocol do it. We can’t see who is talking to who about what. The network will always be open. What will we do as a platform when people are using our platform but not for the greater good? That is an internal conversation we are going to have to have with any modicum of success. There are going to be people who use it to do things we do not like.The argument I am making is that I believe in more freedom. The line for me is criminal activity. You do not need a highly intrusive surveillance system to address this criminality. While they may be able to hide online, it is harder to hide offline. If there is something to see that is wrong, then I would report it. The government argument is that we need access to your system to crack down on this activity. It is the wrong framing. It turns the communication provider liable for providing that data, which is what the government uses. Most people do not use encryption even if they think they are using it. I think it is a shift back to the user to control what they disclose.Sam thinks that owning your own data is the wrong phrase. It means people are trying to steal more data from you. Giving up that data in the first place is what I don’t agree with. There is no on/off switch. Ring doorbell is another great surveillance network; with zero liabilities. This data surveillance economy is too complex for anyone to engage with it or not. GDPR opens this up, but no one asks about it or requests it. Sam doesn’t know where we go from here as a user or a society. We need to move toward a default of encryption and privacy – you have to give explicit consent for someone to take your data and then go use it. Sam doesn’t know how we get there.There are several roads. It starts with giving people who really want it the ability to have it, and that means that you may be catering to a small group of people then you can then start expanding that audience. You also can co-opt a bunch of people who are using it without knowing they are using it. Status has a lot more functionality than a communications protocol. It is better than WeChat natively. We are a blockchain-enabled communications protocol and application. If people can start using an app with great privacy and security without even realising it, and we give it to people who really need it and want to opt-out of the system as it is. I want everyone to communicate with me only through Status. Building a protocol is a really hard thing to do and takes a lot of time and care. If you are not careful, you can get your priorities skewed. We try to build a future protocol that adheres to our principles and build features afterwards.For Sam, Status fits in with the three-part purpose of Ethereum: On-chain logic, supported file storage and on-chain messaging. You are right that it does fall into line with what is being built on the Ethereum network. You can see the growth of on-chain logic in the growth of decentralised financial applications. This would be a great network for transacting value freely and provide secure communication across an entire distributed global network.In my opinion, Value transfer is a form of communication that resides on the blockchain. There is a permanent record of it. The meat of the context of that communication is usually ephemeral. That is really the only way to capture all that communication and have communication storage. Price is just an outcome. Communication is what transacts value.
An interview with Corey Petty, Head Engineer of Status — an open-source project building an encrypted messenger, crypto wallet and a Web3 browser.During our conversation, Corey tells us more about the Status network and some of the main challenges the industry faces. Furthermore, we ask him about Ethereum 2.0, Sharding, Quantum Computing and Zk-Snarks.To find out more about Status, visit their website — https://status.im/You can also follow Status on Twitter @ethstatus