It goes beyond the usual issue with cryptocurrencies. Let's assume that they integrated with Bitcoin or Litecoin or some "mainstream" CC, would it still be a good idea? You can already send wallet addresses over signal if you care to do it.
I'm willing to give the Signal devs the benefit of the doubt and assume that they meant well and aren't actively trying to benefit from the move (even though I'm not completely dismissing this possibility) but at the very least it's just showcases a very strange way to lead the project and prioritize issues. I can think of a dozen things out of the top that would do more to drive Signal adoption than integrating with some "literally what?" cryptocoin.
This is going to drive the adoption of this niche cryptocoin, it's not going to do anything at all for Signal.
The perceived advantage of Signal over Telegram is LITERALLY not having an option for a cloud-synced chat and ONLY having end to end encrypted chats. That's all.
You give up of usability to get that advantage. Explain to your mom why she has to give up Telegram to get basically the same functionality as Telegram secret chats.
Signals crypto is used by Facebook and was sponsored by the US Govt. Before you believe "OMG Telegram crypto is bad!" FUD, do 15 minutes of research.
Signal doesn't even have a web app. They have a desktop app that works great and that I use every day, all day long for all kinds of communication. On my desktop and laptop.
The problem is entirely that its cryptography was sketchy and just plain weird to begin with. It wasn't wrong, per se, but raised some eyebrows. And then some of the questionable choices were silently fixed removing the ability to MITM, etc, but with no real notice.
It's not FUD.
Because there isn't anything to meaningfully attack. Chats and chat backups are not encrypted by default.
Shouldn't we have the same standard for all claims?
> Shouldn't we have the same standard for all claims?
Huh? Telegram's protocol has been criticized by cryptographers for making specific "odd" cryptographic choices (see See https://crypto.stackexchange.com/questions/31418/signal-vs-t...). It's not FUD to bring that up.
However, it is FUD to imply something concrete based for vague, indirect reasons.
We either consider the funding of both and decide how the funding COULD ultimately impact the product, or we could look at the source code of the applications and the cryptographic theory supporting them and talk about that. If crypto experts aren't finding holes in Signal's protocols , I don't think random people on the internet yelling "bUt It WaS fUnDeD bY ..." will make it less secure.
>Signals crypto is used by Facebook and was sponsored by the US Govt
Funny that you're talking about FUD.
OWS was financed by Open Technology Fund, to the tune of almost $3M, during the years 2013-2016. See here: https://www.opentech.fund/results/supported-projects/open-wh...
What is Open Technology Fund? It is a program of Radio Free Asia, which run by US Agency for Global Media, funded by US Congress.
I recognize that you'd basically just be taking my word for it, but literally all they did was take an application from us, approve it after doing their diligence, and paying Cure53 for an assessment. There was no other involvement or, as you're implying, interference.
Just my experience, but I'm publishing this because the fud breaks my heart. OTF does good work.
But that doesn't really matter. Even by doing that. these two are associated. Imagine, if there was a non-profit, that took money from some Kremlin or Fobidden City development program, using exactly the same procedure. Would be that non-profit trustworthy going forward, given their association?
So this one is the same, just with red and white stripes. Definitely not FUD, they did take money from US Gov agency.
Kinda depends. If the money was authorized by a parliamentary body (with clear legal text around who's receiving funding, what the conditions are, etc), I wouldn't be so worried. If it was authorized by an executive as a disbursement from a random pot, I'd be more worried about strings.
Ergo my comfort with US congressional funding v. a DARPA grant or In-Q-Tel investment.
As long as the product is proprietary, no.
But the simple fact is that for most people the security profile of Telegram is good enough and its UI is miles ahead of Signal.
I've already complained about that in the past but the fact that the desktop client still won't let me set the spellchecking language is baffling to me. It's an application that's meant mainly for exchanging text, and it won't let me configure the spellchecking, and let's not even talk about formatting options.
It amused me when in the announcement they said that the reason for testing the payments in the UK was that they were English speaking. You can tell that this is an application developed my monolinguals...
I'd appreciate however if everyone who has been saying ugly things about the alternatives would take a step back now and consider if there is more to security than E2E-encryption.
E2E-encryption is a seriously nice and useful property of a messaging system, but in the long run it is only one of many important details, and while E2E-encryption is always a good thing for end users as far as I can see other useful properties are often directly at odds with each other:
- incentives and funding. Free to give everyone the ability to use it or paid to align incentives?
- anonymity or verified identies? Both have significant advantages.
- repudiation or non repudiation? Depends on if you agreed on a contract or discussed something that the new regime doesn't approve of.
- backups? or ephemeral? Again, depends on if you are sharing family photos in a group or or sharing something that should stay between you and the recipient
Edit to add: As for solutions I think healthy competition is one of the best ways to ensure every messaging system tries to be tje best they can be.
I just recently got a new phone, and used the new feature to do this (uses wi-fi direct) and I have to say it seemed like it would be easy enough for non-techy users to use.
It's 2021, I don't want to be platform locked and none of the other popular messaging apps have that issue.
I'm not sure why you are being downvoted. Whatsapp backups are still platform locked to this day. But that may change soon.
Also video calls still don't synchronize orientation. It's very hard not to stoop down to use more vulgar language to express my feelings about this.
This is insanely annoying in real life.
Unfortunately day-to-day my issue is more with syncing the desktop to the phone client's history and as far as I know it still won't let me do that.
An other super convenient feature of Whatsapp and Telegram is that they offer a pure web interface with basic functionality which is super convenient if you're in a pinch and don't want to/can't install the standalone desktop application.
How many "benefit of the doubt" cards do they have left by now?
* First Oblivious RAM implementation, "fog", so that transacting parties cannot be revealed
* Their Rust codebase is really nice
* Instant transfers with little computing power (CO2 emissions)
* Moxie and Josh Goldbard hold no MOB, along with the employees. The Mobilecoin foundation has some awesome partners, e.g. the Long Now Foundation.
* Mining is not ethical, it pollutes the planet and is just bad. The only alternative is a "pre-mine" given to an independent org, ie Mobilecoin Foundation
* The US's laws are not clear on what is allowable with privacy coins, so Mobilecoin has played it conservatively by saying US residents can't own the coins.
In summary, the critiques of Mobilecoin (in any of its incarnations, foundation, moxie, etc.) are assuming the agents involved have a financial interest in MOB being expensive -- I contend that is not the case. Please show your evidence.
PS. I am assuming good faith and honesty in statements, eg "Marlinspike notes, however, that neither he nor Signal own any MobileCoins." https://www.wired.com/story/signal-mobilecoin-payments-messa...
PPS. Some direct responses:
>Let's assume that they integrated with Bitcoin or Litecoin or some "mainstream" CC, would it still be a good idea?
No, not private. Also slow. Also pollutes planet. Monero is close on the privacy front, but takes 3 minutes to send (very stressful). It's possible a coin with the proper attributes could be made on stellar, but that raises questions towards ownership of Lumens (and pumping them) and their stellar reimplementation in Rust is likely more secure.
nit: MOB has a top 15 market cap with 250m coins in distribution. Though I would hesitate to compare to other cryptocurrencies which are almost entirely scammy, polluting garbage.
Right, the foundation sells the premined crypto-currency at a pumped up price. The foundation pays Goldbard and Moxie for their work. Employees are paid from the VC. No one connected has to hold any of it, nor will they want to after the dump.
Could you provide a concrete link please? There's a bewildering array of officials looking websites with zero information. And a widely shared white paper (among others linked from Wikipedia) that Josh claims isn't the whitepaper he originally wrote. It's hard to know what's what.
It works (FSVO "works") for small levels of transaction, but does not scale to "a substantial fraction of humanity uses it for payment" (low-end, imagine 2.5 billion people trying to make on average 3 economic transactions per day, you'd need to be able to sustain about 80k transactions per second; now note that I low-balled bot the number of economic transactions AND the global population).
Moxie, this is seriously disappointing.
I'm not sure why you find Monero's confirmation any more stressful than instant-like blockchains, most wallets will show pending transactions as soon as they enter the mempool.
I am sure that Signal could implement the same peer-to-peer sync scheme with full end-to-end encryption without any secrecy compromises.
There was a tiny period, somewhere in 2006, when many services were XMPP, maybe even federated, but due to the lack of good clients - compared to skype -, it never manifested as good as it should have.
There are now many nice XMPP clients, but the big players now all moved into proprietary territory.
Unfortunately you only eliminate it by being your own server owner _and_ your recipient being their own server owner. Take a look at email: I might not want to use e2ee because I self-host, but the second I send an email to a friend hosted on gmail, Google gets all the content.
I think federation does have its place (for different reasons) but it unfortunately isn't enough for privacy.
What if I don't have and don't want my own server?
The nice thing about client-side/end-to-end security is that the service provider matters less.
Also, $2/month is $2 more than many people would be willing to pay for private messaging, and I can't message people on a network they're not on, no matter how much I pay.
And if you're privacy is worth less than $2/month, just use Telegram. It works way better than these messenges obsessed with privacy, precisely because it does not have encryption for most messages
That looks a lot like a server hosted by somebody else in a data center.
It's also way more hassle than almost all of my contacts would be willing to go through, and if only I self-host but they don't, it'll be Gmail all over. (Almost all emails go through Gmail because that's what at least one of the parties in an exchange is likely using.)
Point-to-point encryption is not enough for messaging in today's network topology.
> just use Telegram
No thanks, I'll continue using one actually spending some effort on not being able to read the messages their users send.
Fortunately most people in my country do. Ironically it's only a couple of people in my circle of friends worried about the privacy of said messenger switching to Telegram "because it's encrypted"...
What's preventing the client from dumping all the messages to a single file, encrypt it with a public key of the other running instance of Signal logged in to the same account, and send it, so that your other device can decrypt the file and import all the messages?
iMessage (and soon WhatsApp) would beg to differ.
It is much more difficult, yes, but definitely not impossible.
The whole blockchain industry is just too mixed with scams that I feel comfortable to have my non-tech relatives dealing with it. It's enough that I have to educate them on 'investments' in random coins (it's gambling) and cure their FOMO regarding NFTs. Now the technology will be integrated into the messaging app that I endorsed, well-packed together with the smelly involvement of Moxie with the currency.
If they can get the onboarding process on Element to be just a little bit easier, maybe a phone number based default, I'll be dumping Signal in a heartbeat.
My understanding is that is a part of the amateur 'security' community, not the professional or expert one?
>> My understanding is that is a part of the amateur 'security' community, not the professional or expert one?
> Why would you think that? And what is the amateur 'security' community?
Hi - I think that because IME federation and open source are heavily emphasized by amateurs, and much less so by professionals.
By amateur 'security' community, I mean nothing more than it sounds - non-professionals who focus on security, among a constellation of other issues.
My point is that the arsome's comment (the first one) uses "traditional security and privacy community", and I want to clarify what that means. Among professionals, Moxie is much more traditional than the amateurs are, as I understand things.
I've been highly impressed with the UX for quite some time, but have refrained from pushing it (and the likes) onto friends. My family and friends seems to have slowly drifted towards signal, and I haven't bothered affecting that, but if I would go from a pure UX, I'd suggest telegram. So, I'm genuinely curious to know others' thoughts on it. I have only limited knowledge, just vague recollections of Russian developers (?), which might or might not have distanced themselves from political pressure (?), as well as the app itself being somewhat open sourced (?), based on the same protocol as signal (?).
As it stands, it’s not E2E by default and it’s E2E scheme is homegrown- which is usually not recommended (though IMO was not a dealbreaker), the big issue there was that there were flaws in the original design of the encryption scheme which makes it harder to look passed the fact it’s homegrown.
Telegram can intercept most messages on the platform, however, ultimately I trust them more than Facebook; so I’m less concerned.
Additionally, since Facebook controls _both_ ends of whatsapp _and_ does not support third party programs, then even though WhatsApp is E2E there’s little preventing Facebook from pushing an update to your phone which backs up all your chats to their cloud.
Yes, and enabling E2E "secret chats" on Telegram actually hurts user experience, so most non-tech-savvy users avoid it. Additionally, your address book is continuously synced to Telegram servers.
> there’s little preventing Facebook from pushing an update to your phone which backs up all your chats to their cloud
Just to add to your point- WhatsApp currently backs up your chat history to Google Drive or iCloud unencrypted. It requires opt-in but they nudge you frequently.
It doesn't even need access to contacts to run, and it happily runs on machines that don't even have address books (and, might I add, has the best UX there as well).
What you do need, at least for initial signup, is the ability to receive SMS, like you do with Signal. I wish all of them would just stop that nonsense.
Also, Telegram is not federated. It is just another vendor lock-in.
Contrast that to email. Even if gmail.com bans you or shuts down, you can still use a different email vendor or self-host. (You lose your old email address if you don't own a domain, but you can still communicate with others.) The only good IM that has this characteristic seems Matrix.
There are other considerations too, like that fact that I often got notifications that someone joined Telegram but that person was a friend of a friend and not in my personal contact list. One of my friends works for an actor's agency and then I got notifications when some of his clients joined the platform. I'm pretty sure they weren't aware of it and from a privacy standpoint this is very questionalbe and left a very sour taste. I always feared that I missed a privacy setting and am exposed the same way.
If you're in someone else's contacts, they'll get a notification when you sign up too.
Contact information gets uploaded (Name, Email, Phone Number) so that they can generate "rich" push notifications, as the server issuing the push has to produce the message (no code can run client side).
More info here, though could be outdated (2013): https://news.ycombinator.com/item?id=6915194
Transport encryption has been the default for almost all internet traffic for some years so it's no longer something that you can reasonably not have.
I interviewed at signal a while back, and none of their recent mishaps surprise me. At first, they had me talk to Brian Acton on the phone for about an hour, who seemed to think I was already getting an offer, and he was there to sell me on it. He was cool to talk to, so I didn't mind, but I was surprised at this level of confusion for a company that small.
Next, I was given a lengthy take home project (which I was warned not to do in a language other than Java, because Moxie would reject candidates if they didn't pick a language he liked). After I finished it, they disappeared for a month.
Apparently I passed. They said I was basically the only one out of 200 people they sent it to that did pass. I assumed this meant I would be getting an offer, but they then wanted me to do a full onsite. The "onsite" weirdly consisted of another take home, but shorter, and a live interview. After not hearing back again for a while, I got an email titled: "Hello from Signal!". Great! I opened it, excited: it was a rejection.
I tried to get feedback on why I was rejected but never heard back. The best thing I can come up with: in the system design interview, as a solution to a postgres node being overloaded, I didn't come up with the solution of having a SPOF redis node with a full key scan every 10 minutes acting as an intermediate data store before transferring to postgres. I was told this is how they actually do things.
Take this with a grain of salt, since I'm obviously still irked by the experience, but it's all true.
Obviously that is bad architecture smell.
But if you didn't already know; redis supports high availability through "sentinel".
...and none of those change the fundamental durability/performance tradeoff of the system, nor do they replace a proper scaling strategy for an RDBMS.
On the one hand, oof.
On the other hand, the number of massive software architectures on extremely well-known platforms held together by exactly that system (not an equivalent one, exactly Redis-in-front-of-RDBMS-with-cronjob-flush, no RDB backups, AOF, Sentinel or anything either) I've seen is also depressingly high.
By comparison, Element is much more like a chat program than a phone messenger. It's good for "I want to connect with that person from GitHub" instead of "messaging the cute girl I met last night" or "messaging my grandpa". And yet, it feels to me like Matrix/Element is the platform less likely to pull something like this. Then again, Keybase seemed that way as well...
Element is what messaging should have been from the START: a federated service just like email, where you register an account with your provider of choice, just like email, and start adding/chatting other people after getting to know their address, just like email. So, instead of asking that cute girl her phone number or her email address, you would ask her her element address.
Whatsapp spoiled this approach years ago, so now we are basically screwed because everyone is used to the central approach and it's almost impossible to move away from it. But TODAY's implementation of Element and their shiny clients 12 years ago, would have been a great success just like WhatsApp was (whishful thinking at its finest, I know).
I feel like Element works better as a competitor to Slack or IRC than as a competitor to Signal or Whatsapp.
To me it's a competitor to Keybase. "I want to send my co-worker/client an API key that I don't want exposed to the public" is about the only use for Keybase I've had. I have like 5 contacts on there for this reason. Slack/IRC is much more usable for getting shit done, but not being E2E I wouldn't send anything sensitive over them. Element is currently a "this is a mildly nicer experience over PGP + Email/Slack.
I know very little about the intricacies of cryptography, but part of me wonders if there's some way of doing a federated "key synchronization" service similar to keybase.
1. You need to keep your private key very private, which is incompatible with the idea that you might have several devices you normally use. GPG itself does not provide you with a mechanism to sync your private keys between devices because this is a super insecure thing to do without some serious work.
2. GPG requires that you and another person verify each others' public keys out of band. I need to meet you in a parking lot to validate your key fingerprint while you validate mine.
3. GPG's web of trust relies on attaching public keys to real world identities. You are asked to validate government documents when verifying public keys. That's incompatible with how a lot of us want to work. Note that this isn't a built-in requirement, but GPG itself provides no guidance on how to validate user123 on GitHub, just User Onetwothree Jr in real life.
4. GPG's UI is almost as arcane as tar :)
Keybase solved this by:
1. Providing a secure way to manage private keys across devices.
2. Outsourcing proof of identity to other providers. Its use case is validating the identity of user123 on GitHub, which happens to also work fairly well for CelebrityName on Twitter, or FriendName on Facebook.
3. See #2: social proof means you can attach that proof to any kind of identity.
4. GUI + nice TUI works better.
Where Keybase fell short was that a non-techie will not understand much about "social proof" and the only kind of social proof they have access to is limited to Twitter, Facebook, and Instagram.
Signal's solution to this was simpler: you have a QR code/set of numbers that represent your fingerprint right in the app. You show me yours, I'll show you mine. We get connected by phone number or email. That's it. If Signal was built on a federated platform it'd be perfect and nothing about it from what I understand prevents that.
Maybe a similar thing could be built on top of it?
Agree, I've been using Matrix/Element, and it's a bit slower/buggy but seems like it'll be around for longer.
However the comparison between this and signal falls flat due to the metadata that needs to be stored on matrix servers due to its federated setup.
They are less likely to do this kind of secretive development, but they could go that direction. They have considered cryptocurrency in the past, see https://matrix.org/blog/2017/08/22/thoughts-on-cryptocurrenc.... They are open, but still driven by a single company which could change direction at any time.
They also surprised their community multiple times with renames of their app and weird redesigns (remember the horizontally-scrollable unordered bubbles for room selection?)
Element is none of those things. It's name is so forgettable and so generic that people often don't even know whether it's an app, a library, a website, etc. The mobile app is yet another chat app with nobody on it until I do the legwork of pulling them in. It's just not usable on day one after I already spent the time to figure out which app I need. In the meantime, Signal can become your default messenger on Android within a few minutes and do everything you used to be able to do but more and better.
I am the CEO of MobileCoin.
A few points:
1) I started MobileCoin to fund Signal. That’s it. I believe that a world with a well-funded signal is a better place. In order for signal to compete in the 21st century with messaging apps around the world they need a payment story. MobileCoin is the only thing ever built that is both privacy protecting and fast that meets the standards of data retention signal requires.
2) MobileCoin Inc. intends to maintain an extreme minority of the coins once the dust settles.
3) This is designed to be used as a payment rail, which requires us getting coins in the hands of users. As you might imagine, navigating the regulatory waters of how to do that with compliance to how governments want us to behave is non-trivial. It’s important for us to move with correctness over speed.
4) this project is 4 years of my life building real technology. This is not a pump and dump scam. We have been very careful in the design, operation, and development of this system to give it the best chance at surviving in the world of cryptocurrency projects. It is non-trivial to deliver a coin that is useful for payments (the requirements are speed, privacy, low-energy footprint, and operation in resource-constrained mobile environments).
Let me put it simply, I love signal and we intentionally designed this currency to be as oblivious as possible with respect to user data so that signal could maintain their relationship with their users, one of retaining as little information as possible without compromising on the user experience. Nothing else in cryptocurrency, or payments, comes close to the level of privacy and performance that MobileCoin has achieved.
I welcome any questions I am able to answer. Note that some questions revolve around tightly regulated areas of concern and may take longer to answer as I must check with outside counsel before replying.
a.k.a. we intend to sell all of our vast stacks of pre-mined coins onto gullible users. This is exactly how a pump and dump scam works.
There are multiple different things to consider here: 1) regulatory, 2) economic system design, 3) usability, and 4) user-first commerce.
In short, it’s much more important for us to be correct than it is to move quickly. When all is said and done, users of MobileCoin will have obtained coins many ways: through giveaways, sales, and commerce activities. Making sure we do these things correctly is the only way the ecosystem will be able to operate long term.
MobileCoin also needs some amount of money to operate, some of which will come from the sale of coins, but our balance sheet of coins is quite limited. We would prefer to minimize those sales as much as possible.
Does that answer your question?
The crypto world is full of scams and misinformation. Technical people are unlikely to trust the coin if transparency and oversight stay so vague.
Scanning through this discussion, quite a few red flags have been raised by users. I assume your intentions are good at the outset. But when the money comes rolling in, even the most pure plans can be corrupted.
Sell your token at overinflated prices (in a similar way as other ICO scams) and funnel money into pockets of whoever is running this specific scam, with some minor amounts put toward claimed goals.
Thank you for helping me to understand what you're looking for; we will go back to our counsel and ask them for more advice with this in mind.
Form your post above RE selling coins at inflated prices to the public, you said “This is hard because we don’t control the price”
Umm, you could give away the coins. You claimed that Stellar gave away coins but the coins didn’t end up being used by end users. How does selling the coins at hyper-inflated prices to end-users change this? Why will they use the coins if they are sold them vs given they?
It would be great to know the timing, amounts and prices of coins that have been sold to either investors or the public.
Your reputation and Signals are hanging on a thread here. We’d all appreciate some transparency.
How many coins will Mobilecoin sell and over what time period? You and Mobilecoin currently control about 212.5M coins which is $8.5 Billion created out of thin air. The price was recently inflated with a suspiciously perfect timed short squeeze, likely orchestrated by one of your investors looking to pump their bags.
What is a "payment story" and why do messaging apps need it? Signal should be secure SMS with a better UI, nothing more.
It looks to me like either there's a lot of selling out going on here or there's a lot of great examples of how not to market a good thing to reasonable, aware, suspicious people (which is, in short, pretty much the core market demographic of privacy software users).
As for me, I'm starting to wonder whether Session is much better than Signal, and I think that if you want privacy in a cryptocurrency you're probably better off with Monero.
Or they want to become WeChat.
You could have avoided most of the criticisms if you had a clear explanation of why you pre-mined. Saying that you intend to sell it is not as reassuring as you seem to think it is.
If not, it's useless. I'm a chat app user, not a Forex trader.
Seems your early investors certainly have a large chunk
We're all doing our best to work within the constraints.
We want to make sure we operate out of an abundance of caution. Correctness is more important than speed.
I see risk exposure increasing greatly across the board, for Signal operations, users, and everyone involved from your side due to this merging of services.
So I think that's the base of what people are upset with. Signal suddenly essentially became a for-profit (it decided to prop up a for-profit company which would in turn fund it as a revenue model). Now a lot of people that donated to and promoted what they considered to be a non-profit project feel cheated.
If there's some way this can be explained away by MobileCoin people, I think it'll make a great story, because there seems to be a lot of stuff there that doesn't look explainable.
Clearly this would prevent the "get rich from pre-mine" benefit, but also remove 99% of the criticisms related to greed, centralization, geographic limitations, etc.
I don't see how MobileCoin can be censorship-resistant, neutral or permissionless in the long run. Are those goals of the project?
1) tx settlement time is ~3 seconds on mobilecoin, p99 latency right now with single block finality. Eth and Btc are great but they aren’t that fast (for payments speed really matters).
2) with respect to privacy, the key innovation of MobileCoin is that when all of the systems are operational, there is no transaction graph stored in the ledger. The links between transactions are known only to the counter parties to those transactions. In the event of a failure of the Secure Enclave, links between transactions degrade to probabilistic links between transactions (and forward secrecy can be restored upon recovery of the enclave).
The effect is a payment system that is both fast and privacy-protecting with no central authority, a quality not present in any other payments system I am aware of today.
Oh, last and perhaps most important, because of our consensus design, we don’t use a ton of energy like btc and eth.
Given that setting up the "systems" requires a huge effort, I assume that the architecture assumes a single central entity is running all these core systems, right? If yes, does the system rely on these core components to be up? If yes, how does it not rely on a central authority?
Another aspect I don't yet understand: Traditional cryptocurrencies solve the distributed consensus problem through mechanisms like proof-of-work or proof-of-stake. What does MobileCoin use as a consensus mechanism?
Grin is a lightweight privacy cryptocurrency using MimbleWimble. It uses a fair distribution (no pre-mine), with an emission of 1 GRIN per second:
Grin also doesn't meet our standard of <5 second blocktime.
And no, speed is not the most important. As long as the user can see the payment incoming, it's trivial UX to say "Payment received. Will be confirmed and available for use in 3 minutes."
edit: it appears MobileCoin is (allegedly) built on a combination of XMR + the Stellar consensus protocol? If true that's a slightly better scenario than I previously thought
Don't get me wrong, we stand on the shoulders of giants, but there's a lot of new tech here.
Given your description it sounds like governance is whatever the MobileCoin foundation and its partners dictates. Unlike the consensus in this thread I think there's a lot to like and explore for a privacy token that chooses a different set of tradeoffs but the opaque governance, token holder distribution/circulating supply and lack of acknowledgement to the Monero project really sets it back.
The governance is actually quite simple: a set of decentralized nodes individually choose what software to run and who to peer with. Consensus is an emergent property of that trust graph.
No, it does not.
There are two distinct groups of people using Signal. None of these groups needs MobileCoin-based payments.
Group one is probably the biggest and consists of "normal" users which use Signal because it's the free messenger that is NOT affiliated to Facebook and has a good reputation with regard to privacy and data protection. There's another messenger with similarly good reputation, Threema, but that one costs money, hence Signal is the more popular choice. These users may indeed find a simple payment solution through their messenger a useful feature, but they want to send each other "money", not "MobileCoins". Those are not interchangeable for this kind of user; they expect to send whatever is their local currency, USD or EUR or whatever, and they expect the entirety of the money they send to arrive at the target - having 20% crypto market swings within minutes eradicate 20% of their share of last week's restaurant check while they're transferring it to their friend is a non-starter for this group. So are exchange fees for USD-MOB/EUR-MOB exchanges before and after sending money, even if the exchange execution itself may be automatically run in the background. This is true especially since there are already well-known and established solutions out there specifically targeting this particular need - PayPal Friends and the Cash App for example. Sure, it would be nice to have messenger integration, but if the only way to get that is to transact in MOB instead of USD and always send 10% more value than you intend to pay just to ensure the receiver gets "enough", the established out-of-band solutions which don't have those problems will simply be used. Also, this group doesn't really have strict anonymity requirements, because they usually send money (and messages) to people they know in real life as well. Whether your awesome crypto coin is more anonymous than PayPal thus doesn't matter at all for these guys.
Group two consists of those that actually depend on Signal's security, privacy and anonymity features because they need exactly that in a messenger. Think whistleblowers, journalists, people doing stuff that's illegal where they live. A lot of these want to send information to their contacts, not monetary value, and don't have any use for a payment option in a messenger. And even those that do want to transfer monetary value won't exactly be enticed by a one-click crypto transfer feature in their secure messenger, since they can be assumed to be technically competent enough to utilize the already-existing cryptocurrencies (especially those with a much longer history of privacy protection, such as Monero) and crypto exchanges to perform whatever monetary exchange they want to do. I would even say that these people would explicitly NOT want to use a messenger-integrated cryptocurrency, because that limits them in their choice of cryptocurrency and fiat on/off-ramps, which are crucial decisions to be made carefully if you want to preserve your anonymity. And the entire idea that these guys would switch from Signal to WeChat just because "WeChat has a money sending function" is blatantly absurd.
I do not see any sufficiently large group of people that might get any value out of this MobileCoin-Signal-integration feature. Hence I predict this feature to ultimately fail due to lack of user interest. But that will only become clear AFTER a lot of good-will from tech- and privacy-minded people has been burnt by this unnecessary stunt, as can be seen for example here in the HN comments.
Presumably you've come across this question in your four years of development and would have exact numbers (perhaps not for my chosen value of tx/sec) already at hand. The fact that we're three comments deep into this, leads me to believe you are dancing around the question.
At this point I think it's perfectly fair to start with the assumption that a new Crypto is a scam and it needs to do the legwork to show that it isn't. To claim that a blockchain (the most ludicrously inefficient data-structure ever devised) can scale to a billion users is an outrageous claim. The technical means they found overcome this problem should be front and center in their documentation.
The question becomes: what is tx throughput at N billion users? What are the scaling strategies that will get us there? It is zk-rollups (or zk-zk rollups)? Is it sharding? Is it moving to custom hardware circuits? I suspect it will be some combination of all of the above.
We don't know what the answer is yet and we will devote tremendous resources to figuring it out. I don't want to give the impression that MobileCoin as it is written today will scale to Alipay levels of tx throughput, but I do believe there is a path to get there that requires a ton of work.
Your privacy belongs to Signal which stores your data,MOB is a centralized,premine ,hidden ico.
Overall the adoption of these systems is too difficult. Something that could be overcome with signal/mobilecoin.
Democracy earth is just an example application. Overall I would appreciate to own my data and have it secure (like signal provides), when it comes to the whole ecosystem of the future for: social media, voting, contracts, etc.
In other words, cha-ching! then what?
To be fair I don't think that the slowness and complexity is being put forward as an example of why Matrix is "bad", but rather as an example of why it can't compete with Signal for "normal" users — and if you want to create something that competes with Messenger, Whatsapp or Snapchat, you need to put "normal" users first, it can't be an afterthought.
Is it that all such producers plan to do something evil once they have enough users locked in, which an open protocol like Matrix would impede?
Or is it that the protocol is not yet mature enough? In which case, a deliberate approach to evolving the spec may be for the best so long as it eventually gets to where it needs to be?
A couple years ago the Riot client was unusable on Mac. Now Element seems to be fine. Why won't it continue to get better?
Normal users primarily want what their peers already use for communication. Hence a power user who is able to use two messengers and switch between them has a disproportionately big market impact. /s
Lets imagine, theoretically, some three letter agency in the US has forced signal to backdoor their platform somehow, and so signal stops posting source code to the clients, and everyone just keeps on using it for a year even though the authors thought that maybe this would be a big red "DANGER" signal to the users (who they're not legally allowed to inform, or shutdown the platform for any more) then how else could you try and mitigate this?
Pushing a shitcoin onto a largely tech user base may do the trick eh?
Or maybe I just put on my tinfoil hat this morning..
Signal's tying encrypted messages and phone numbers to a publicly available ledge of transactions?
It’s like how you can’t charge someone with possession of cocaine because there’s cocaine on the US dollar bills in their pocket: there’s actually trace amounts of cocaine on every US dollar bill.
The problem is that transacting with a darknet market will still bring your illicit output % above average. Right now monero has 10 decoy outputs per transaction. If the proportion of illicit addresses to legitimate addresses were 50%-50%, then a legitimate transaction would have an average of 5 illicit outputs but a illicit transaction would have an average of 6 illicit outputs. The same applies to inputs. The difference between 5 and 6 might be small enough to be indistinguishable from background noise, but that result is heavily dependent on the proportion of illicit vs legitimate address. If the proportion is something like 95%-5%, then the difference would be 0.5 vs 1.5, which is significant. I won't bother to do the probability calculations for this, but I'm going to estimate you can get to 95% certainty within 10 transactions.
>It’s like how you can’t charge someone with possession of cocaine because there’s cocaine on the US dollar bills in their pocket: there’s actually trace amounts of cocaine on every US dollar bill.
The interesting bit is that they don't have to charge you based on that alone. If they're 80% sure you bought illegal drugs, they'll either get a warrant to search your house or perform surveillance on you and wait for you to slip up.
Though also, you’re assuming a constant “your account” in the above. If you mix 100% of your holdings every time you transact, setting it so that a set amount goes to a darknet market, and the rest goes back to a newly-created public-key-hash that you just generated the keypair for — and then when you want to use money from that address, you fully consume it to mix it again — then nobody ever gets the opportunity to fingerprint “your” traffic. There’s no stable “you.”
(I have a theory that this is the goal Satoshi was aiming at with Bitcoin UXTOs, but never finished that element of the design, and launched it half-baked.)
This also means that the mixer gets to eat a percentage fee off of your complete holdings every transaction, so it kind of sucks, but what can you do.
It says that no particular individual made a Bad Guy payment, but that all of them facilitated it by providing cover noise.
(This is basically what already happens if you do a “network version upgrade” on a Cosmos-based network: everyone keeps their balances, but just in the form of a new genesis block that all the nodes from the previous generation of the network separately deterministically generated from the state, but which new nodes have to just trust. If you join the network during the new generation, you just download the new genesis, and so can’t “see back” past that point.)
Just make the whole network do an automatic “network upgrade” every block — and keep all the state in-memory in the meantime — and now you’ve got a blockchain with forward secrecy.
(To be clear: nobody’s done this yet.)
Think about physical replication in a DBMS: you only need to transact with the master. Physical replication receivers don’t see logical TXs; they just see the new state (= WAL segments) that the master decided on.
Of course, in a Proof-of-Work network, the quorum could be anybody, so your OPSEC is “leaky” — it’s like having forward-secrecy enabled on a public chatroom that anyone can enter and sit in listening/recording.
But in a Proof-of-Stake or Proof-of-Authority network, the quorum only consists of the stakeholders. So, as long as the stakeholders all intentionally discard transactions, then there’s nobody to recover the data from. It’s very similar to private corporations whose service involves intentionally discaring (or avoiding logging) user interactions, e.g. “private” / “anonymous” email services. Just scaled into a federated, “open-but-audited membership” system. In such a system, network governance would likely declare that new stakeholders must have their infrastructure setup security-audited by auditors chosen by the existing stakeholders, at the new stakeholder’s expense, before being allowed to run as a validator for the network.