Tomorrow there is scheduled to be a hard fork of the Bitcoin blockchain and network. There’s a fair amount of uncertainty over what will happen. The hashrate is unknowable until the fork occurs. The price seems to be around 10% of the price of Bitcoin. However, there aren’t too many exchanges that will be accepting this currency, and there are even fewer places you can actually spend it.
I’m going to make some predictions about it to put on record what I think is going to occur and to see how correct or incorrect I end up being.
There will be a Bitcoin Cash block mined before 12 AM August 2, US Eastern time: 80%
The price of Bitcoin Cash at 12 AM August 2, US Eastern time will be <10% of Bitcoin’s price: 70%
The price of Bitcoin Cash on August 5 will be < 10% of Bitcoin’s price: 90%
The price of Bitcoin Cash on September 1 will be < 10% of Bitcoin’s price: 90%
The value of all transactions of Bitcoin Cash around September 1 (maybe averaged over a week?) will be < 10% of the value of all transactions in Bitcoin: 95%
I have mixed hopes for the success of Bitcoin Cash. On the one hand, I wrote previously that if the two factions in Bitcoin split, we could have a competitive market showing which rules were better. However, due to network effects, I still don’t think it could happen and be very successful. Supposing it did succeed though (had a pretty high market price), what would that mean? I suppose it would mean forks would become more common. That might be better for competition, but not for stability of the currency.
Ultimately, the idea that it would be fairly easy to make a successful hard fork of Bitcoin would be pretty devastating to Bitcoin’s health. It would mean consensus doesn’t mean much, it would mean the Bitcoin community could splinter pretty easily, which would therefore mean Bitcoin’s usefulness as a currency decreases as each part of the community would be using their own forked blockchain and coin. Something like sidechains seems like a much better implementation of this idea.
I should probably also disclose that I do not have much faith in the current governance model of Bitcoin Cash, and that does concern me a bit as well. I hope that hasn’t clouded my judgment of the actual technological and economic implications, but only time will tell if my predictions are true.
I have discussed this idea in the past, but normally I’ve only gotten excitement about encrypted communication from my fellow libertarians and netsec friends. But with the current Presidential situation, there seems to be more interest in communicating without being overheard by the government, even among my government-loving left-wing friends. And this is excellent! Even if you don’t need privacy, by communicating securely all the time, you make it less notable when you do have to communicate securely, and you create more encrypted traffic that other government targets of surveillance can blend into.
First, let’s go over a very quick summary of encryption. If you’re already familiar with encryption, skip down past this section and the pictures to the list.
Public Key Encryption in 5 Minutes
An encryption algorithm takes information, like text, numbers, picture data (it’s all just 0s and 1s to computers) and outputs different text on the other side. A good encryption algorithm will output text that looks randomly generated so that no information can be gained about the source text. That output is then sent out in the clear (over the internet, where people might be spying) to the recipient. The recipient then reverses the process, decrypting the message and getting the original text, numbers, picture data, etc. However, if an algorithm always created the same output data from the same inputs, bad guys could figure out what you were saying pretty quickly. This introduces the idea of keys. A key is a number the algorithm uses to change the output in a predictable way. If both the sender and the recipient have a secret key, they can use their keys and the algorithm to send messages that only they can read (without the right key, the algorithm won’t reverse the encryption):
But we can do better! In our previous scenario, we need to somehow communicate the secret key separately from our message. That’s a problem, since we likely are using encryption precisely because we can’t communicate openly. The solution is something called public key encryption. In this system, each person has two keys, one public and one private. To send someone a message, you can encrypt the message with their public key, and then send it to them. Then only they alone can decrypt the message with their private key.
The reality of the mathematics is slightly more complicated, but for our purposes, what matters is how the public and private keys exist in each messaging app. Messing with these keys is difficult and confusing for users, but loss of the private key means communication is unsecured. Therefore, when using encrypted messaging, it’s important to be aware of how the app uses and manages the keys.
The Best Apps
The following is my ranked order of preferred secure communication:
1. Signal. This the gold standard encrypted communication app. It’s open source, free, has group chat, works on mobile and desktop, and of course is end-to-end encrypted. It even has encrypted voice calls. The one significant drawback is that it requires a phone number. It uses your phone number to distribute your public key to everyone that needs to contact you. Because of this, it offers excellent encryption (requiring no security knowledge!), but no anonymity. If you want that, check the next entry.
2. PGP Encrypted email. So this one is a bit complicated. OpenPGP (stands for Pretty Good Privacy) is an open protocol for sending encrypted messages. Unlike the other apps on this list, PGP isn’t an app and therefore requires you to produce and manage your own keys. The tools you can find at the link will allow you to produce a private and public key pair. To send a message to someone else, you will have to obtain that person’s public key from them, use the software to encrypt the message with their public key, and then send it to them. Because it is so much work, I have this method second on the list, but there is no better way to communicate securely and anonymously. To better distribute your public key, I recommend keybase.io (use that link to send use encrypted emails!). The good thing about PGP is that it can be used with any email, or really any other method of insecure communication. Additionally, it’s open source, free, and very encrypted.
Both Signal and PGP are very secure methods of communication. The following apps are good, but they are not open source and thus are not as provably secure. They are still better than just using unencrypted methods like SMS text, email, etc.
3. Whatsapp. WhatsApp is pretty good. It’s free, widely used, implements Signal protocol (and requires a phone number), works on mobile and desktop, has group chat and encrypted phone calls, and is encrypted by default. Moxie Marlinspike, the guy who made Signal, the number one app on this list, actually implemented the same Signal protocol on WhatsApp. That’s great, but unfortunately, WhatsApp isn’t open source, so while Moxie vouches for WhatsApp now, we don’t know what could happen in the future. WhatsApp could push out an update that does sneaky, but bad things, like turning off defaults. It’s also important to acknowledge that WhatsApp’s implementation already isn’t perfect, but it’s not broken. If you use WhatsApp, it’s important to make sure the notifications are turned on for key changes. Otherwise, it’s an excellent, widely used texting substitute.
4. Threema. Threema has an advantage in that it isn’t based in U.S., and it’s more security focused than Whatsapp. Threema is fairly feature rich, including group chat, but it isn’t free, it’s limited to mobile, and it isn’t open source. Threema uses the open source library NaCl, and they have a validation procedure which provides some comfort, although I haven’t looked at it in depth and can’t tell if it proves the cryptography was done perfectly. This paper seems to indicate that there’s nothing obviously wrong with their implementation. Nonetheless, it cannot be higher on this list while still being closed source.
5. FB Messenger secret conversations. Facebook Messenger is a free app and when using its secret conversations options, the Signal protocol is used. The app is also widely used but it takes effort to switch the conversations to secret. An encrypted app that isn’t encrypted by default doesn’t do much good. FB Messenger does let you look at your keys, but it isn’t as easy to check as it is in WhatsApp, and since it isn’t open source, keys could be managed wrong or defaults changed without us knowing. It also doesn’t have other features like group chat or desktop versions.
6. iMessage. Apple has done a good job with an excellent secure protocol for iMessage. It’s also feature rich, with group chat and more, but it’s only “free” if you are willing to shell out for Apple products. While Apple does a good job documenting their protocols, iMessage is not open source, which means we can’t verify how the protocol was implemented. Moreover, we cannot view our own keys on the app, so we don’t know if they change, and we don’t know how Apple manages those keys. It is therefore possible that Apple could either loop government spying into their system (by encrypting all messages with an extra master key) or simply turn over specific keys to the government. The amount you are willing to use iMessage to communicate securely should be determined by the amount you trust Apple can withstand government attempts to access their security system, both legal and technological.
Don’t use Telegram. They created their own “homemade” crypto library which you should NEVER EVER DO. Their protocol is insecure and their encryption is not on by default. In fact, there are at least two known vulnerabilities.
At least two states, New York and California, have introduced legislation that would ban smartphones sold in those states if those smartphones could not be searched under request from law enforcement. This would likely mean no phones would be sold with unbreakable encryption, although I suppose Apple or Samsung could manufacture two types of phones and then just sell all the encrypted ones from New Hampshire or something. These bills are still somewhat controversial, and as it has gotten press coverage, there has been a House bill introduced that would prevent state legislation like those bills introduced in New York and California. Continue reading Banning Unbreakable Smartphone Encryption is Stupid
In my previous blog, I used to compile lists of interesting links. I’ll start doing that here on an irregular basis.
Scott Alexander has a new post in the “Slate Star Codex critiques social justice” series. It discusses a study which looked at the effects of coder gender on Github pull request approval. It looks like the study had fairly neutral results but was widely reported by the scientific press as proving sexism in tech. As someone who works in the tech industry, all I learned was that I need to contribute more to open source projects. If you want to get fully paranoid about social justice, read Scott’s long comment on the social justice movement on the same post (reposted to reddit).
Justice Scalia passed away this weekend. He was a big deal, whether people liked him or not, and now there’s a big political fight on whether the Republican Senate will allow Obama to appoint a nominee. I’m pretty certain (90%) that Obama will nominate someone, even if congressional Republicans say they don’t want to confirm anyone. I have no idea what the chances are of a person being confirmed. Michael Cannon at Cato says the Senate has the power to deny a nomination until next year. I bet a lot of progressives would be horrified and yell about how Obama won the election in 2012, but I think the claim is pretty solid; Congress is supposed to be the most powerful branch after all. Senators were all elected as well, and court appointees are required to have input from both the President and Senate.
Great introductory crypto video for public key cryptography. It discusses the discrete logarithm problem and a Diffie Hellman key exchange. That channel actually has a lot of good videos concerning encryption, although nothing explaining exactly how elliptic curve crypto works. It’s obviously dark magic.
Scott Sumner mentions a comment by Eliezer Yudkowsky on EconLog. The post is a fairly complex way of discussing the issues the Fed is facing in trying to jumpstart the economy, but it has a cool reference to Newcomb’s Paradox.
I haven’t mentioned it before on this blog, but I really hate Daylight Savings Time. It’s just so dumb. The Washington Post has an interesting article about a proposal to get rid of all timezones. It would take a huge amount of getting used to, but it seems possible. For example, in China, the entire country is on Beijing time; people out west just wake up and go to sleep later…which I’m sure they were doing already, but now they don’t need to worry about time changes across the country. I like it, but mostly because it would end Daylight Savings Time.