1. "Notice how Bitcoin has a minimal-to-nonexistent cryptographic pedigree".
2. "Here are many criticisms of the system ranging from 'it is difficult to scale' to 'it is completely meaningless as a currency', many of them from cryptographers who have studied cryptocurrencies for over a decade".
3. "Notice how Bitcoin is currently popular".
4. "Therefore, Bitcoin is worse-is-better".
It helps at this point to understand that "worse-is-better" --- a casual essay by Richard Gabriel --- describes how Unix took over the world not based on merit but on its viral characteristics. By implication, this article suggests that Bitcoin is also poised to take over the world virally.
The issue here is that Unix was also a functioning operating system. Nobody criticizes Unix as "completely unworkable"; they just think it's inelegant.
Gwen recognizes this, and uses "elegance" as a straw-man argument to bucket Bitcoin critiques into and to make it fit the pattern of "worse-is-better". But the most damning criticisms of Bitcoin --- criticisms he himself cites in this very article --- aren't that it's inelegant.
Instead, the most damning critiques of Bitcoin are instead that it almost totally fails to achieve its security objectives, that it exploits a misperception about anonymity to handwave away the fact that for most users it is not anonymous, that it is reliant on centralized infrastructure ("Bitcoin is peer to peer in the sense of the British Peerage System"), and (most importantly) that it is meaningless as a currency: "I have taken $100 and set it on fire; I will sell you a certificate representing the smoke for $101".
These aren't elegance critiques. This isn't "worse-is-better"; to make a similar argument fly, you have to come up with "worthless-is-better". Unfortunately, the greater fool theory floats that argument too, at least until Esquire writes the postmortem on Bitcoin and all the fools who lost money to it.
But obviously I differ about the elegance and following. Elegance is not optional; elegance is useful; elegance has important practical consequences.
Go back to rpg's original paper and one of his examples - the difference between ITS and Unix in system calls was not one of mere aesthetic elegance, but a case where Unix programs were incorrect and could, and did, fail! Like freeing memory in memory management, it's easy to omit the check whether the system call failed.
This applies to each of your points:
- the anonymous vs pseudonymous distinction - you can build anonymity on top of the pseudonymity (I spent a couple links and cites establishing this with the mix material!) but you can easily not succeed in getting the anonymity you wanted. Just like you can easily not check system call success on Unix.
- the centralized infrastructure: anyone who wants to be a full miner peer can... they just have to buy the GPU power. Like writing a secure & bug-free Unix C program, it'll cost you. (One in money, the other in time & skill.)
- meaningless as currency: I am actually not sure how elegance plays into that at all, so I have no cute analogy to rpg's Unix/ITS system calls. The wasted computing power is inherent to the system of avoiding double-spending (I also spent some time discussing this), but that's not related to Bitcoin being worthless or not as a currency. Any damn thing can be currency, after all; currencies are as currencies do.
The point is that a $101 certificate for the smoke from $100 in burnt five dollar bills isn't worth $101. Or $100. Or $5. Or $0.01.
You can declare by fiat that as a proof of effort, the smoke certificate is worth something. You can try to convince people that certificates representing smoke function as a medium of exchange. But as a medium of exchange, it must reside on a continuum with all the other media of exchange, ranked by the certitude that it will in the long run be convertible to other media. And in that ranking, "smoke from burnt dollar bills" fares poorly.
There are obviously many types of Bitcoin advocates. The ones we see most often on HN are of the nerd clade. Nerdly Bitcoin advocates are fixated on the fact that "any damn thing can be a currency". This fixation presupposes that being a currency is interesting. The problem is, it isn't interesting. Toenails can be a currency. Belly button lint can be a currency. Burnt dollar bill certificates can be a currency. What's interesting is, what are good currencies.
Here the nerdly Bitcoin advocate handwaves around the fact that we actually have notions of what it means to be a "good" or "bad" currency. Dollar bills are highly liquid and have a relatively predictable valuation over time. To a lesser extent, so does gold. Bitcoin does not. It's volatilee, it has illusory liquidity (it is liquid only so long as the "exchanges" on which it trades decide to keep trading Bitcoins --- or decide not to succumb to their numerous security flaws), and it is in no place a native medium of exchange, such that some person somewhere will ever need it to e.g. pay their taxes.
To all that, add the critiques you sourced of Bitcoin; that while it has impressive virality, it largely fails at its security goal by making the cost to defend transaction integrity greater than the cost of attacking it; that it largely fails at its anonymity goal by requiring a complete audit log be made available to everyone simply in order to function; that it largely fails at its decentralization goal by requiring resources comparable to that of a Visa or a Mastercard just to scale.
What are you left with? Colorless, odorless tulips.
> To all that, add the critiques you sourced of Bitcoin; that while it has impressive virality, it largely fails at its security goal by making the cost to defend transaction integrity greater than the cost of attacking it; that it largely fails at its anonymity goal by requiring a complete audit log be made available to everyone simply in order to function; that it largely fails at its decentralization goal by requiring resources comparable to that of a Visa or a Mastercard just to scale.
It's true that the cost of defense is similar to attack, the audit log is public, and the scaling story is not good. But does it fail? That's the question, and so far it seems to bumble along, with all the major problems being in things surrounding Bitcoin (MtGox, MyBitcoin, that Polish exchange) but not actually Bitcoin. Bitcoin fails on a lot of properties, but it's still there. Unix failed at a lot of things too, but somehow it's still around.
That's kind of the essence of Worse is Better - maybe those security properties or software properties are not as important and valuable as people judging the elegance thought that they were.
Like we had notions of what it means to be a "good" or "bad" encyclopedia before Wikipedia came out. Saying that Bitcoin is bad as a traditional currency does not prove that it is useless.
I still do not understand. Bitcoin's value is not based on making smokes.
It would be great if tptacek actually explained what he means. It seems to be a muddled economic argument. I do not understand "meaningless as currencies goes".
Please explain to me why my Flitcoin is inferior to your Bitcoin.
As you do so, note that all the world's Bitcoin software is trivially upgradable to Flitcoin; in fact, it requires less than 10 lines of code to do so.
Actually, I believe that Bitcoin's (possibly short-lived) fame has created some sort of value in the sense that there would probably be, for quite some time, people interested in hoarding Bitcoins just as a kind of souvenir ("hey, remember, people used to get excited over this"); not so with Flitcoin. I am not saying that this is something reasonable to base a currency on, just that it is wrong to assume that Bitcoin and Flitcoin are strictly equivalent.
Less snarkily: why are people using Bitcoin? What's the intrinsic value they see in Bitcoin? Based on what evidence can they predict that Bitcoins purchased today will be convertible to gold, dollars, or even toenails at any valuation? You've begged the question.
The tools to do this are currently in the pipeline or are really not that hard to devise. This is what bitcoin offers that others don't. Forget anonymity or libertarian arguments, 0 transaction costs are extremely disruptive.
Gold for instance, seems to be a fool's buy, because there are few truly-useful non-technical things to do with it (you can't eat it) but actually works well as a basis for some value transfers. In a crash your bitcoins would depreciate wildly because nobody would part with anything of value for some bits - or a piece of paper - or some shiny metal.
This is just inherent in trading - there has to be a difference in value or the trade wouldn't happen, and if there's a difference in value the values may not relatively correspond at all points.
To some people, at some times, a token may be a useful marker in trade, as cash is now. With World of Warcraft healthy, there can be a good market in magic swords. With a healthy world economy, cash can be useful. When either fails, current holders will suffer. Gold will suffer differently, it won't be counterfeit or lost, but it won't be liquid. Ditto for BTC, they just become irrelevant relative to food.
Gold is anonymous, but can't practically be traded that way in large quantities. Cash is only pseudonymous like BTC as usually used - bills are scanned when dispensed and deposited. It's not globally visible, just to the most likely and well funded enemy - your own government.
It really seems like you should be harshing on representational value systems in general, or something.
No, you just asked a different question.
>What's the intrinsic value they see in Bitcoin?
Well, free transfers, for one, and not being subject to having your money frozen by online payment companies (e.g. Paypal).
What's the intrinsic value? Why is Bitcoin unlikely to be worth $0 in 10 years? Because it is spectacularly unlikely that gold will be worth $0 in 10 years, and similarly unlikely that a dollar will be. Virtually any trader in the world would take the other side of that bet.
>What's the intrinsic value? Why is Bitcoin unlikely to be worth $0 in 10 years?
Why does a currency require a value as anything other than a currency to be expect to have value?
Bitcoin offers a useful service. There's is no reason to believe this service will stop being useful in 10 years. Therefore, it's reasonable to expect a demand for Bitcoin in 10 years, making it worth more than $0.
>Because it is spectacularly unlikely that gold will be worth $0 in 10 years
Isn't most of gold's value based on its demand as a currency? If people stopped buying gold just to trade and store value, wouldn't current gold owners lose immensely?
it almost totally fails to achieve its security objectives, that it exploits a misperception about anonymity to handwave away the fact that for most users it is not anonymous
Are these the same -- both referring to the mere pseudonymity of addresses?
it is reliant on centralized infrastructure
How so? My understanding is that anyone can generate a new block, it's just (linearly) more likely to be you the more CPU you have.
and (most importantly) that it is meaningless as a currency
This seems like the weakest criticism. There are many conventions that work simply because they are conventions. In other words, they are self-supporting. Bitcoin has bootstrapped to the point where such a convention exists, and people are productively using it as a currency. This may not be the level of rigor you're used to in your work, but it seems plausible that a convention like Bitcoin could last for a significant period of time before collapsing.
Make no mistake, bitcoin is a very complicated system. Not for a piece of software, but for a cryptographic system.
One that aims to replace the fundaments of our economic system. With such ambition, "it seems to work," is not good enough.
As someone who has spend some time hacking the bitcoin code, I have little confidence. Although I have not found any outright errors, the quality of the code shocked me. The code does nothing to provide structure and/or insight to the already complicated protocol. Basic protocol is mixed with parsing of messages and parallelism of the code. I for one, fully expect major and near fatal errors to be found in bitcoin.
There are a lot of differing opinions on this. I quoted Kaminsky at length as someone with major security credentials who is saying the opposite of you.
I hope to make the starburst of applicable points that follow from this by implication instead of explicit argument.
(A similar point applies to time-lock puzzles: http://www.gwern.net/Self-decrypting%20files Why were Rivest/Shamir/Wagner unhappy with brute-force decrypting? Because it's so amenable to hardware optimization. Why were subsequent researchers unhappy with successive squaring and looked for memory-bound hashes? Because squaring is still implementable in hardware.)