Can DAG-based cryptocurrencies like IOTA scale better than the blockchain?

Some people claim that DAG (directed acyclic graph) technologies like the IOTA’s Tangle or Byteball will be able to scale (process large transaction volumes) better than blockchain-based technologies like Bitcoin and Ethereum.

Let me start by saying that only a few people in the world are qualified to offer an expert opinion on the question of whether a blockchain or DAG perform better. They make a great deal of money, and their time is generally too valuable to comment on Internet forums. This is why you see a lot of DAG advocates claim that it is superior without informed counterpoints.

I will admit that I’m not qualified to offer an expert opinion on this either.

However, the claim that a DAG scales better than Blockchain should not be accepted at face value. A number of people smarter than I have said that validating a DAG is far more labor intensive than a block.

There no magic solution to the problem of keeping thousands or millions of nodes synchronized, and DAG based networks like IOTA actually rely on a single Coordinator node which keeps the network from fragmenting. This is the very thing that cryptocurrencies were created to avoid!

While some see the need to put transactions in a block as a negative, the blockchain is actually a very efficient, market-driven way for the users of a network to bid on processing capacity. Transaction fees ensure that the network is always capable of processing the most valuable transactions, whereas a DAG-based network may be overwhelmed and fail if load gets too high. Centralized “coordinator” nodes may solve this problem, but if so, DAG advocates cannot claim that they are necessarily more distributed and scalable than Bitcoin.

Furthermore, with second-layer technologies like Lightning Network, Bitcoin has explicit and unlimited scaling options. The scaling potential of coordinator/master node model in DAG-based currencies is far less clear.

Is the value of Bitcoin based solely on speculation?

Is the value of Bitcoin based solely on speculation?

No. Bitcoin has a use value which would exist even if all the speculators vanished.

I know a Latin American company that pays their employees in Bitcoin – not because they think its value will go up, but because it’s cheaper than the transaction costs involved in fiat-denominated payments. I know a lady in Zimbabwe who is using Bitcoin because she does not have access to a sound currency.

These people are not speculators: they may prefer to trade their Bitcoin for a fiat currency at the first chance. However, their ongoing usage provides a demand for Bitcoin and thus establishes a price floor. The price of Bitcoin is the combination of current non-speculative usage and expectations for future non-speculative use cases for the Bitcoin network. This is different from a purely speculative asset like rare stamps or baseball cards, which have no practical use value.

With time, there will be more and more business cases where Bitcoin provides a superior business model. Bitcoin is like an iceberg which is slowly emerging from the water: we can already see the very limited applications where it already the best currency, but we can only imagine its potential after the crypto asset ecosystem matures and cryptocurrencies become a superior option for the majority of financial transactions.

Like any startup company, the valuation of Bitcoin today is driven mostly by the expectation of future market share. The difference is that the profit will be captured by the network’s users, and not by any central entity.

Bitcoin is still the most innovative crypto asset

I’ve heard an assumption that because many alt-coins do “more” than Bitcoin and have a higher combined market cap, their technology must be more advanced, and therefore Bitcoin will be left behind in value and market share.

I disagree for two reasons:

First, the fact that an asset such as Ethereum does “more”, does not mean that the market will value its feature set higher.
The potential market value of any given cryptoasset depends on the value proposition it offers to individuals times its potential market share. It remains to be seen whether Ethereum will be able to create meaningful products for individuals and how big the “smart contract” market will be in the near to medium future. Likewise for Blockchain-based lending, eSports, prediction markets, or organic banana crypto assets. Currency is a more universal need than smart contracts, so even if Ethereum provides a lot of value to autonomous corporations, the Bitcoin market may be much larger.

Second, the market cap of crypto assets is not an indication of the pace of technical innovation. Bitcoin is worth less than 35% of the 400 billion + crypto market cap, but that does not mean that it has 35% of the resources. According to analysts at JP Morgan, the ratio of money invested to market value for crypto assets is about 50/1. In other words, there has only been a few billion dollars invested in crypto, not $400+. That’s why the price fluctuates so wildly. ICO’s and altcoins are even more overvalued than Bitcoin given how fast their price has shot up. Altcoins have far fewer resources at their disposal than the price would suggest because their price would rapidly drop if the founders sold their share to pay for innovation. The vast majority have only a few people (if any) actively doing development. Bitcoin and Ethereum have the largest development teams by far. I suspect Ethereum has more contributors, but it also has a far larger feature set, so core functionality gets a lot less attention than core Bitcoin functionality.

The fact is, the vast majority of ICO’s and cryptocurrencies are doing very little technical innovation compared to the resources invested in Bitcoin Core. This is not at all to dismiss the value of experimentation and innovation, just to put it in context. As an analogy, it’s great that Bugatti and McLaren are innovating in supercars, but Honda and Toyota invest far more in technology that is practical to the vast majority of drivers and therefore are worth far more. Honda’s work in automatic accident mitigation/prevention is far more important than shaving 1/10th second from your 0-60 time. Likewise, Bitcoin Core’s work in implementing fast and stable large-scale networks (with Segwit and Lightning Network) is more important than the latest exotic token.

I believe that the market will eventually correct the imbalance between the fundamental value of Bitcoin and the hype over altcoins. It is also possible that some other asset has or will come up with a genuine valuable technical innovation, overcome Bitcoin’s network effects, and gain dominance. Presumably, that hope is why Bitcoin is down to 35% market share. However, I have not seen the evidence for it yet, and I would not dilute my portfolio over 1000+ assets (as some friends have) in the hope that one of them will hit the crypto jackpot.

11 Essential Security Practices to Keep Your Bitcoin Safe

The recent explosion in the price of Bitcoin and other cryptocurrencies has inspired me to start a new hobby: helping people recover lost Bitcoin wallets.

As might be expected of early adopters in an anonymous Internet cryptocurrency, many of my customers are information security professionals. It seems that many of them set up so many security measures that they locked themselves out of their Bitcoin. On the other hand, I’ve also heard from many more people who lost their Bitcoin or had it stolen because they either did not follow basic security practices or followed them without understanding their implications and also lost their coins. The inherent balance in information security is that you need walls in place to protect against threats, but the walls you put up to protect yourself can lock you out if you forget your way in.

I, therefore, want to suggest a list of steps that you can take right now to secure your crypto stash. These measures should be both comprehensive enough to keep you safe without being so complicated that you will be locked out of it, or tempted to disable security altogether.

1: Store your wallet seed somewhere safe.

People come to me when they lose their Bitcoins any number of ways, but the one common element in their stories is that they failed to save their recovery seed. Most modern wallets ask you to save your recovery seed/mnemonic phrase somewhere safe when you set up your wallet. You can keep it in a safe place (such as an actual safe) or an encrypted flash drive (I use Veracrypt). Triple-check both the words and the word order, as one person I worked with wrote down his seed incorrectly and lost all of his coins.

2: Use a hardware wallet — or a strongly encrypted software wallet.

A hardware wallet (an electronic device dedicated to storing Bitcoin) such as a Trezor or Ledger is the safest place for your Bitcoin. Read my Trezor review on Amazon to understand the pros and cons of using one.

If you don’t use a hardware wallet, use a wallet which supports strong encryption. The JAXX wallet, for example, can be easily hacked and your coins stolen. I use the Electrum wallet, which allows me to encrypt my wallet file.

3: Encrypt your hard drive.

Encrypting your whole hard drive is essential if you don’t want anyone with physical or virtual access to your computer to be able to extract all of your data. Modern versions of Windows and Apple iOS make this easy.

If you have a Mac, encrypt your hard drive with FileVault. If you have Windows, you can use BitLocker to do the same thing. Personally, I do not use Windows to make any Bitcoin transactions because securing the operating system is too cumbersome, specifically because of the steps below.

4: Set a firmware password.

Apple computers allow you to set a firmware password which prevents your computer from being accessed without your password or using an external device. This is an additional security measure which makes your computer a lot less useful to thieves as it requires a visit to an Apple store and a proof of purchase to reset it. While older Apple computers had some simple workarounds to disable the firmware lock, modern ones are much more difficult for criminals to unlock.

5: Automatically lock your computer when you’re away.

Hard drive encryption will not help you if someone installs a keylogger when you’re away from your keyboard. Set your computer to auto-lock after a few minutes AFK.  Mine is set to auto-lock after five minutes

Here are instructions for Windows and Mac. I also have a “panic button” via a Touch Bar customization which locks my screen on command. I use it whenever I walk away to get coffee, go to the bathroom, etc.

6: Disable automatic login.

Locking does no good if your computer logs in as you when you turn it on. Make sure auto login is disabled.

7: Use a password manager.

I use the password manager LastPass to store the over 600 passwords of every service I use. I generate a new, strong password for each service I use it with it.

LastPass will offer to suck in and audit all your passwords. My score is not great because, like everyone else, before LastPass, I used the same password for most sites before I started using a password manager. LastPass passwords are encrypted using a master password, which for me is a quasi-random list of words which I don’t use for any other purpose.

However, even if someone gained access to my LastPass credentials, they would not access any of my important services because I also use the following step.

8: Enable multi-factor access.

I use LastPass Authenticator in combination with other passwords to access all my important accounts. The LastPass Authenticator iPhone app works with the LastPass Chrome extension to auto-enter credentials for many sites. Multi-factor authentication apps work by cycling a code every 30 seconds which must be entered in addition to the password to access a service. For some services, I also have a physical security token (my Trezor wallet does this, but most people use a YubiKey) which must be physically plugged into my computer to access a site.

9: Keep your computer up to date.

Mac OS had a nasty root access bug a few weeks ago. Keep your OS up to date to protect against the latest threats.

10: Use private, offline mode for sensitive operations.

I occasionally need to create a paper wallet or perform other sensitive operations in my web browser. This has two risks:

  1. The web page may have malicious code which leaks my keys.
  2. One of my browser extensions may have malicious code (this happened to me a few month ago).

To work around both of these issues, I perform security-critical operations in an Incognito Chrome window. Incognito disables extensions unless you specifically whitelist them.

Furthermore, I perform any paper wallet operations with ethernet/Wifi disabled. This prevents malicious code in the wallet from secretly sending your Bitcoin keys to a third party. I then completely quit my web browser before going back online. I also download any browser-based crypto software directly from GitHub rather than random websites.

11: Setup automatic backups.

I’ve set up my MacBook for triple-redundant encrypted hourly backups with Apple Time Machine. This is not nearly as easy with Windows. CrashPlan (available on Windows and Mac) allows encrypted backup to local storage devices. Windows has a built-in backup app, but it’s not nearly as simple or powerful as Time Machine.

While this is not strictly security advice, automating your backups is important from a security perspective. I’ve noticed that people who are not 100% confident in their backups tend to backup important files over flash drives, work computers, email, DropBox, and other services where it is at risk of theft. Some of my clients thought they’d backed up their wallet, but couldn’t figure out which of the 10 flash drives they had actually held their Bitcoins years later. A complete system backup will allow you to restore both the wallet file and the software you used to open it.

Reposted from Vellum Capital

Why I’m betting on the future of Bitcoin

Five years of living in China spoiled me in terms of financial transactions. Most people don’t use debit or credit: they either use cash or more commonly, send money electronically via mobile apps. Mobile wallet apps are often used for large payments, and your landlord or utility company is just as likely to accept them as the friend you’re splitting lunch with.  You can login to your bank’s website or ATM and send someone a million dollars as easily as a few bucks.

Then I moved back to the U.S.

I owe several thousand dollars to a friend. At first, I tried to find a way to send the money electronically through my bank. You need a business bank account to send via ACH transfer. I could do a wire transfer, but my bank charges the sender $30 and the recipient $15, and requires a lot of information about the recipient’s bank account. I tried this thing called “Zelle” — a new payment network that most major banks have introduced. Much as we tried, we could not get a $5 test transaction to reach my friend. Zelle also has a $2000 daily limit. I looked into Venmo – the daily limits are too low. PayPal charges 2.9% of each transaction.

Dejectedly, I wrote a check. A check is a piece of paper dating back to the ancient Roman empire on which you — get this — just write down the amount to be transferred to someone else’s bank account. In theory, only the recipient of the check can cash it, but there are exceptions, and not all financial institutions are strict about this.

I thought that was the end of the story until my friend informed me that he had not received my check. Actually, before that, my letter bounced back to me because the stamp somehow fell or was detached. Apparently, I did not apply enough of my saliva to last to its destination. I occasionally have my emails bounced, but at least I don’t need to worry about expending sufficient bodily fluids for my messages to reach their independent recipient.

Anyway, we now have a real mess. A check lost in the mail means one of four things:

1: The United State Post Office lost the letter.
2: The letter was delivered, but someone had taken it from the mailbox (my friend was on vacation at the time it was delivered)
3: The sender lied about sending the check.
4: The recipient lied about receiving the check.

Now, I’d like to think that my friend is trustworthy, but how well do I really know him? And how well does he know me? And what about the teenager that he asked to watch his house while he was away? A single failure in our payment system has thrown our whole relationship into doubt.  And what about the USPS? I just learned that you’re supposed to wrap checks in a sheet of paper so USPS workers don’t steal your money. Since when do I need to worry about the US Government stealing my money? (Don’t answer that.)

So here is what I did next: first I drove to my bank to put a stop payment on the check ($30 fee).  Then I drove to a UPS store and send another check via certified mail (another $10).  After hours of lost productivity and $40 in fees, I need to wait another week to see if we can put this behind us.   That’s not the end of the story.  Banks are required to report all transactions over $10,000 to the U.S. government, and if the FinCEN or the IRS finds my transaction record suspicious, I may be investigated.  That’s the real reason why financial transactions are outdated, expensive, and buggy — a massive amount of government regulation deters innovation in the Western financial system.  While politicians claim to do this in the name of safety, it’s really all about preserving tax revenue.  Countries like Hong Kong, Luxembourg, and Singapore with the fewest financial regulations also have simple tax systems with low rates. Politicians want their cut, and they have no problem forcing us to use an expensive and unreliable financial system to get it.

What if we used Bitcoin instead? My friend could send me a payment request with his address.  I open it and click “Send” and we’re done. I can be absolutely certain that the transaction was successfully sent to the intended recipient, and the recipient can be certain that the funds are irreversibly his.  It costs the same (under a dollar) and works equally well for $5, $50, or $5 billion dollars.  If done properly, the transaction can be completely anonymous.  Can you imagine if the entire finance sector worked like this?  Many people are working to make this happen.