Notice the vague treatment of actual cryptocurrency applications. There are lots of predictions about startup activity, "flippenings" and venture capital, but little about the goods and services customers will actually be buying, or what specifically startups will be building.

It's this kind of thinking that leads people into the dark thicket that is "tokens": digital instruments bought and sold largely for speculative purposes. It's understandable. The ability to print money is a fantasy of many people from a young age.

The last two years have seem a solid refutation of this notion. Almost every token has lost value against Bitcoin. It seems reasonable to conclude that the carnage will continue.

So the money printing press ship has sailed. It's going to come as a shock for many people (some with economics degrees), but bootstrapping censorship-resistant money is a one-time deal. Any attempt to profit from the undertaking harms the credibility of the founders. Only the genuine scammers are left to continue the exercise.

Here's a vision for the future of Bitcoin. Bitcoin will extend its role as a refuge from the growing foreign and domestic militarization of money. It will become an indispensable weapon against civil asset forfeiture, international sanctions, deplatforming, and mass surveillance.

That's your application for Bitcoin in the '20s. And it's a doozy. It places Bitcoin on the side of personal freedom and on a collision course with some of the world's biggest governments, including the US. There will be many attempts to "ban" Bitcoin.

Startups will play a marginal role at best because their ultimate aim of monopolization flies in the face of what Bitcoin was designed to do.

It's not, the majority of hash power is in China. That means the Chinese government could start censoring bitcoin transactions in a week if they wanted to - by orphaning non-compliant blocks. Regardless of anything else, this centralization alone makes bitcoin a failed experiment.

https://cointelegraph.com/news/study-chinas-btc-miners-contr...

Second, I don't think we can conclude what would happen if China tried to censor.

China certainly has 51% attack capability against Bitcoin, but the only implication that of that which is clear to me is that they could potentially execute double-spends. Using 51% attack capability to orphan transactions is different.

With a double spend, there's two transactions, both signed with the same key, and no way to determine which is valid (which came first). There's no source of truth for that information.

With an orphaned block, there's only one transaction signed with the key, so you have a single source of truth. You know the transaction exists, and at some point (i.e. after a certain number of blocks), if the transaction isn't included in the chain, you can conclude with reasonable certainty that the transaction is being intentionally orphaned. This allows you to reject the chain that doesn't include the transaction as invalid, and choose the longest chain that does include it. We already don't blindly follow the longest chain: for example, blocks that are improperly formatted are already rejected.

This would, of course, having different criteria for what is considered a valid block would cause fork in the currency. There would be the Chinese censored branch and the uncensored branch everyone else is using. But for a lot of reasons, I think people would be unwilling to trade as much traditional currency for the Chinese censored currency as they would for uncensored Bitcoin.

Every fork is vulnerable to the same attack, which is why such a switch doesn't make sense. There's no way to prevent Chinese miners from mining on the "Western" bitcoin if it's the more profitable option. The censorship can be easily made reactive: first, all Chinese miners have to register and report their hash power. If the total hash power for any specific network is below X (eg. 65%) they don't have to censor. The moment they do, they start orphaning blocks that don't comply with the Chinese law. Note it also increases their profits!

The same forces (lots of cheap electricity) that resulted in the concentration of sha256 hashing in China also work for any other PoW; switching to a GPU-based PoW would at best only prolong the inevitable. Most likely GPU PoW is also China-dominated.

Proof of work has infinite economies of scale and the winner can take all property. The second property makes it profitable for the majority of hash power to cartelize and exclude others. If the cartel was smartly set by the Chinese government - allowing access to all Chinese miners and making it illegal to create smaller cartels - everyone in China would join and after a while it would be enough to mine with only ~20% of the available hash power. That's a 5x increase in revenue per watt hour!

Why? Initially, Chinese miners can mine with >65% of global power, excluding competitors. They do it until everyone else goes bankrupt, giving them 100%. Then, each individual miner can start mining with only 20% of their total power. To prevent fraud, it's enough to make everyone mine with 100% for one hour every week, all at once, to prove their total individual hash power. If some foolish foreign competitor arrives with more than 20% of the Chinese hash power, every Chinese miner turns everything on. This monopoly would be almost impossible to defeat.

However, even if you assume someone defeats it somehow - the only way to defeat it is to have an even bigger centralized entity! All that happened is a new monopoly, not decentralization.

All of this means bitcoin can never become "refuge from the growing foreign and domestic militarization of money. [..] an indispensable weapon against civil asset forfeiture, international sanctions, deplatforming, and mass surveillance" to any noticeable degree. It's currently left alone only because it's irrelevant except as a speculative toy.

But you corrected your assumption in the other comment thread, so I'll continue the conversation there.

No, it wouldn't. I don't think you're understanding the solution I'm proposing. There isn't an amount of computing power that allows you to submit invalid blocks.

>you know the transaction exists, and at some point (i.e. after a certain number of blocks), if the transaction isn't included in the chain, you can conclude with reasonable certainty that the transaction is being intentionally orphaned. This allows you to reject the chain that doesn't include the transaction as invalid

as what would happen is nodes that were online and observed the situation would follow one chain, but everyone else that joins later wouldn't be able to confirm that censorship actually happened, and follow another. If you have a solution that solves it, you solved the fundamental problem - absolute order - some other way and PoW becomes completely superfluous.

Then there's a problem of: what happens when there are contradictory transactions on two different chains at once? How do you decide which one is valid? This gets complex very fast.

If you want to try tackling the censorship issue in an automated way, you have to move away from PoW to a more typical consensus algorithm with online identities. In the simplest case, if all (ever - no new ones) network participants are online all the time, the problem becomes trivial and something close to your solution would work.

> I assumed you meant manually. This method isn't possible to automate under PoW, because any such actions require global time, but PoW is what provides time itself, creating a contradiction. What this means in practice is network splits.

I don't think you need global time to do this. More on this later in this post.

> as what would happen is nodes that were online and observed the situation would follow one chain, but everyone else that joins later wouldn't be able to confirm that censorship actually happened, and follow another. If you have a solution that solves it, you solved the fundamental problem - absolute order - some other way and PoW becomes completely superfluous.

This situation resolves itself naturally via the mechanism I proposed.

Let's follow the scenario you propose and see how it resolves. The following events happen in this order:

1. The Chinese government decides to censor transactions from a certain address, refusing to accept blocks which include transactions from that address.

2. A transaction from that address is broadcasted.

3. Chinese miners mine 5 blocks that don't contain the transaction. Nodes which have been on the network the whole time notice the censored transaction, and go to the next-longest chain, creating a fork.

4. A new node joins the network. From the new node's perspective, there are two chains, but the Chinese one is longer so you go with that. However, you still have the signed transactions from the shorter chain, and your node notices that the Chinese chain doesn't contain some of those transactions. At the time of joining, as far as you know, that transaction simply hasn't been included in the longest chain yet.

5. Chinese miners mine 5 more blocks that don't contain the transaction. The newly-added node now notices the censored transaction, rendering the current chain invalid, and goes to the longest valid chain, which is the one everyone else was on. Consistency achieved.

The implication of this solution is that when you join the network, you now have to wait for 5 confirmations to ensure none of the transactions you have are being censored in the longest chain (i.e. it takes 5 confirmations to know that the longest chain is valid). Which is certainly an important implication!

Note that absolute order doesn't matter here. We don't have to know the order of the transaction, only that it has existed for some number of blocks without being included in the chain.

> Then there's a problem of: what happens when there are contradictory transactions on two different chains at once? How do you decide which one is valid? This gets complex very fast.

The way you've worded it, that's not really all that complex--that's the same as a double spend, and it's resolved the same way any other contradictory transaction is resolved: follow the longest (valid) chain (where part of the definition is "valid" is "containing all transactions I've had for 5 confirmations").

However, I think you might have left out part of what you meant here, so I'll try to explain what I think you're hinting at. There's a sophisticated way for China to hide their attack. It works like this:

1. The Chinese government decides to censor transactions from a certain address, refusing to accept blocks which include transactions from that address.

2. A transaction from that address is broadcasted. We'll call this the censored transaction.

3. Non-Chinese miners mine a block that includes the censored transaction. This becomes the root of what we'll call the censored branch.

4. Chinese miners ignore the mined block that includes the censored transaction, and mine a block which doesn't contain the transaction. This block becomes the root of a branch we'll call the red herring branch. In that block, they include a transaction which they never broadcasted to the network. We'll call this the red herring transaction.

5. Due to superior Chinese mining capability, the red herring chain quickly becomes longer. However, after 5 confirmations, the network notices the censored transaction isn't being included in the red herring chain. So they invalidate the red herring chain and go to the longest valid chain, which is the censored chain.

6. 4 more blocks are mined on the censored chain.

7. A new node joins the network.

8. At this point, the censored branch doesn't include the red herring transaction, and the red herring branch doesn't include the censored transaction. So our previous resolution strategy doesn't work, because we don't know whether it's the red herring transaction or the censored transaction that's being censored.

First, I want to say, this is a really sophisticated attack and I want to congratulate you for coming up with it.

Second, I think this problem can be solved by sweeping up ALL the transactions in EVERY block you receive, even if they are in blocks which haven't been confirmed, and treat them as if they were broadcast to you on the network. This way, the red herring transaction gets included into the censored branch. This gives us a new resolution:

1. The Chinese government decides to censor transactions from a certain address, refusing to accept blocks which include transactions from that address.

2. A transaction from that address is broadcasted. We'll call this the censored transaction.

3. Non-Chinese miners mine a block that includes the censored transaction. This becomes the root of what we'll call the censored branch.

4. Chinese miners ignore the mined block that includes the censored transaction, and mine a block which doesn't contain the transaction. This block becomes the root of a branch we'll call the red herring branch. In that block, they include a transaction which they never broadcasted to the network. We'll call this the red herring transaction.

5. Due to superior Chinese mining capability, the red herring chain quickly becomes longer. However, after 5 confirmations, the network notices the censored transaction isn't being included in the red herring chain. So they invalidate the red herring chain and go to the longest valid chain, which is the censored chain.

6. A new block is mined on the censored chain. Since we've swept up all the transactions from the red herring chain, this block includes the red herring transaction.

7. A new node joins the network and assumes the red herring chain is the longest valid chain.

8. After 5 blocks, the new node sees the red herring chain does not contain the censored transaction, invalidates the red herring chain, and goes to the longest valid chain, which is the censored chain. Consistency achieved.

- Chinese miners (the network doesn't know that) publish a normal transaction.

- they don't include it for 30 blocks. Western nodes have already switched to a minority uncensored chain after 5 blocks, as they consider the transaction censored.

- Chinese miners include it in 31st block.

A new node joins. It follows the Chinese chain indefinitely.

The core of the problem is lack of objective time (or at least ordering): there's no way to prove to the new node that a transaction was actually censored in the past. From its perspective, the minority chain might have been created after the Chinese block with the transaction was published. As long as there's no external objective time, it's always possible to invent some attack scenario that splits the network for new nodes.

Last but not least, every minority chain is by definition vulnerable to 51% attacks, so even if a solution to censorship could exist in PoW, the minority chain could get intentionally killed this way, constantly generating double spends until people stop using it.

Only if China decides to hamper the speed of their miners by pointlessly trying unsuccessfully to censor transactions.

> - Chinese miners (the network doesn't know that) publish a normal transaction.

> - they don't include it for 30 blocks. Western nodes have already switched to a minority uncensored chain after 5 blocks, as they consider the transaction censored.

> - Chinese miners include it in 31st block.

> A new node joins. It follows the Chinese chain indefinitely.

Okay, yes. And so does the entire rest of the network, because now the blocks are valid. Yes, this is very bad, because anyone who spent money in the shorter chain can now re-spend their coins.

But critically, nothing was censored here. This is a transaction reordering, not a censorship attack.

China can do the exact same thing with fewer steps. All they have to do is go back 30 blocks, and start mining blocks with the transactions in whatever order they want. Eventually their branch will be ahead and everyone will switch to it.

So you are going to reorg after many blocks (enough to be sure a transaction is being censored). This sounds extremely undesirable as it kills finality. Today you can very reasonably be sure that after say, 6 blocks, a transaction is irreversible. That's not the case with this new rule.

With a perfect network where everyone receives all transactions immediately, and where transactions are prioritizes for inclusion by transaction fee first, and order received second, we can conclude after ONE block whether a transaction with a high enough transaction fee is being excluded. But the network isn't perfect. There's some network analysis to be done here to gather probabilities, but for the sake of simplicity, let's say the network is reliable enough that we can reasonably conclude whether a transaction is being excluded in 5 blocks (I think the number is actually lower, but let's go with 5 to be safe).

So basically, what we're saying here is that if we reject the fifth block that doesn't contain a transaction after we see it, then we're forcing a reorg.

The attack you're describing happens when someone waits for China to start ignoring a transaction, then attempts to use the resulting reorg to execute a double spend.

Last time I checked, the recommendation was to wait for 6 confirmations to prevent double spends, because it would be unreasonable for an attacker to attempt to catch up to the main block chain when the main blockchain has a 6-block head start. But if China forces a reorg after 5 blocks, then the attacker attempting to execute the double spend only needs to catch up 1 block.

Trivially, all this means is that we have to wait for 5+6 = 11 confirmations to achieve the same level of confidence that we got from 6 confirmations when China couldn't force a reorg.

But wait: China actually can't force a reorg that quickly with 100% probability. In order to force this reorg, China has to mine 5 blocks in a row. China only has 66% of hashing power, so the probability of China mining a given block is P=0.66. The chances of China mining N blocks in a row is P=0.66^N. So the probability of China even being able to force this reorg is P=0.66^5=0.13.

That's not nothing, but that's a lot of effort for China to put in just for a 13% chance of delaying a transaction. Given China can't actually censor the transaction, only delay it, why would they spend all those hashing cycles to do this? The incentives don't line up.

Followup question: how does a node coming online know not to trust China's (longer, censoring) chain? It wasn't online to have the transaction in its mempool, so it doesn't know to check for it in the longest chain.

I think it would need to check all candidate blocks with lower heights to see if their chains contain any transactions that aren't in a longer chain.

What happens if I mine off of a very old block and include my own transaction in it, and present it to you... how do you distinguish between what I just did vs the longer chain having censored the transaction this whole time?

> I think it would need to check all candidate blocks with lower heights to see if their chains contain any transactions that aren't in a longer chain.

Yes. You wouldn't need to store all these, though, you just sweep them up once you find the transactions included in the longest chain.

> What happens if I mine off of a very old block and include my own transaction in it, and present it to you... how do you distinguish between what I just did vs the longer chain having censored the transaction this whole time?

Broadcast all transactions you have which aren't already in the longest chain to the network, and wait for them to include them.

I'm not 100% sure, but I think transactions get rebroadcast automatically already until they're included.

> Startups will play a marginal role at best because their ultimate aim of monopolization flies in the face of what Bitcoin was designed to do.

I'd go further with this and say that decentralization is an active impediment to startups trying to create monopolies in the crypto space.

I think there's still room for development, but it will be hard for it to be motivated by profit. Particularly, a better-executed namecoin could be revolutionary if people started building infrastructure around it (i.e. as usernames, or a DNS replacement).

And until and unless you can use it to purchase the goods and services needed for daily life, and the military and police forces needed to secure the supplies lines of those, it will be at best a theoretical form of personal freedom.

Even if Bitcoin doesn't rely on trust, the rest of the functions of human society do.

States stop the exchange of goods within, into, or out of their jurisdiction of types or in manners not sanctioned by the state all the time, it's called “law enforcement”, and either the military or paramilitary police forces or both are often involved in it. It's never airtight, but it doesn't have to be to have a big effect.

But anyways, isn't that pretty much the anarcho-capitalist vs statist conflict that cryptocurrencies are ultimately trying to aim us towards?

Sorry if I'm completely misunderstanding your argument, but having trouble reading it in a different way.

The state will take over the entire supply chain to ensure that it transacts in a currency that it controls, crypto or otherwise.

Without that, the shared physical and legal infrastructure that supply chain depends on would cease to exist, and with it the supply chain.

Individuals, or the small communes that act financially as individuals in the crypto based trading system would have to trade in the simplest raw materials and finished products would be all have to be made hyper locally. Otherwise what entity would secure the transit of high value finished goods from supplier to customer?

I understand that it's a vision of the future that many people relish for its "freedom" from the state (but not so much from the local tribe). But universal crypto based transactions are not a drop in replacement for what we have now that keeps everything else the same. They come with their own radically different future-primitive vision for the world.

Another aspect of crypto is the ability to simply leave the oppressor's territory, taking your money with you.

I'm absolutely not saying this is a perfect solution, or that government is powerless in this situation, but it seems hand wavey to say they'll just seize control of every economic transaction. That's a VERY difficult thing to do.

And it's unnecessary. Black markets exist today and always will. The state would need to merely take over the major suppliers of raw inputs to all products, and major finished products, and that will be enough to keep crypto only relevant on the margins. If black markets become a problem due to crime (i.e. the mafia) they can be dealt with using law enforcement action.

> Another aspect of crypto is the ability to simply leave the oppressor's territory, taking your money with you.

I agree, and you will also leave behind many of the benefits that come from societies that have centralized organization, like i.e. roads and a justice system. No territory with a state that provides infrastructure is going to allow you to operate there indefinitely without paying for the privilege of using that infrastructure.

You will have to find a place with effectively no state, and provide the basics for yourself. But it would be hard, and it's not something that can scale to our current society's scale or prosperity, though.

Very hard bordering on impossible

> You will have to find a place with effectively no state

Why no state? I'm sure plenty of states would be happy to let you transact in crypto as long as you're willing to pay taxes. In fact, transacting in crypto isn't even necessary, all you need is the ability to convert crypto to local currency periodically.

What is the point of cryptocurrency if your freedom can be impinged upon by being compelled to pay taxes? What's the point of it isn't the primary medium of exchange? If it's not that, then it's just a deflationary store of value, functioning like gold, which nobody uses for daily transactions, therefore of limited value.

Why would that state accommodate your ability to convert crypto into local currency that they ultimately control? The only rationale would be to hurt their presumptive rival: the state you fled.

And more importantly, even if that works at the individual level for you and a few others who work that kind of deal with a state, how does that model scale to populations of multiple 10s of millions?

Another state may allow a few people to make that personal optimization in their territory, but they won't negotiate such agreements with millions of people. If you are a rare wealthy person able to strike such a deal with a state, you are then effectively an oligarch, and part of the state power structure.

States are made of people, and people only trust other people who they believe have skin in the game.

I think you're moving the goalpost from "crypto grants me more financial freedom" to "crypto makes me literally untouchable by governments". Nobody here is claiming the latter. I have no idea where you even got the tax evasion angle from anything I said.

Why do you think that the state that accepts you would give you anything like the market exchange rate for the cryptocurrency to their currency?

The only way would be if they had a competitive internal market for purchase of cryptocurrency, but it's not at all clear that would be the case, since in this situation, you would need asylum (a service they would be providing to you) more than they need your cryptocurrency. That would come at a price.

You could try to play these countries off one another to get the best possible exchange rate, but really, you'd have to be stupendously wealthy in crypto before those countries would begin to care enough to offer you any kind of deal.

Do you know what asylum is? I can permanently move to plenty of countries without asylum, I think you're getting a bit off track..

Maybe you don't know what it is for. People that are sane like Mr. Armstrong and Satoshi Nakamoto intended it to be used as a currency. If Satoshi is still alive I'm sure he was quite disappointed when Bitcoin decided to not scale past its blistering 7 transactions per second.

"Bitcoin can already scale much larger than that with existing hardware for a fraction of the cost. It never really hits a scale ceiling." -Satoshi Nakamoto

https://steemit.com/bitcoin/@cryptodailyuk/bitcoin-broke-coi...

Inevitably that hamstrings permissible opinions.

Not only that, the purpose of his company is to profit from cryptocurrency in a specific way, whether or not that's the 'right thing' for the space or not.

Their business model basically falls apart, for example, if people stop using fiat currencies and atomic swaps allow trades to happen without a clearing house.

All over this thread you can see waffle about money laundering or whatever else; which Coinbase cannot sidestep because they're forced to interface with banks that will cut them off, governments that don't like it if you don't do what they say, etc.

Increasing block size utilization has series tradeoffs for decentralization, privacy and reliability. Each year we learn and understand those tradeoffs better. Pro block-size increase people never seem to directly address them though, just talk around them and imply they don't matter. They do matter, a great deal.

The current system where every user is a network node is not the intended configuration for large scale. That would be like every Usenet user runs their own NNTP server. The design supports letting users just be users. The more burden it is to run a node, the fewer nodes there will be. Those few nodes will be big server farms. The rest will be client nodes that only do transactions and don't generate. https://bitcointalk.org/index.php?topic=532.msg6306#msg6306

The client nodes have to validate in addition to only doing transactions. Satoshi doesn't say that in his comment. But the faster the block size growth, the faster it gets to "every Usenet user runs their own NNTP server", and the fewer and fewer run full validating nodes.

His comment is self-contradictory.

It's funny you say that pro block-size increase people don't understand the decentralization, privacy and reliability trade-off, while the people against a block-size increase have never defined or quantified these trade-offs. And very often they also have the notion that "everyone must run a full node" that implies they don't have a good understanding of Bitcoin at all.

“Everyone must run a full node” is aspirational but not realistic. It’s nevertheless extremely valuable to continue working on ways of reducing the expense of running full nodes. MimbleWimble, Coda and others are doing a good job of exploring that problem space, as are some projects in Bitcoin that may take longer deploy.

When HN first started discussing Bitcoin almost a decade ago, the smartest skeptics here main objection was the obvious one that a distributed database where all the data is replicated across every node and which grows infinitely is likely not viable. They were right then and right now, it’s a hard problem and arguably the main existential risk to Bitcoin.

Throwing caution to wind so Bitcoin can have fast payments Now at the expense of failing at sound money later is short-sighted and irresponsible.

And nobody will claim otherwise. But there's always a trade-off, and focusing only on reducing the expense is severely misguided.

> Throwing caution to wind so Bitcoin can have fast payments Now at the expense of failing at sound money later is short-sighted and irresponsible.

The funny thing is, the inaction of the Bitcoin devs have made it fail at one of the core features of money. You cannot consider it to be acceptable, as fees are so expensive they price out a lot of people. Money should be easy to move around, and you should be able to buy large and small things with it.

Yet this is somehow preferable, because doing otherwise would make Bitcoin "fail at sound money", whatever that means.

That's conventional wisdom and applicable in lots of other places, but not in cryptosystem design. People have to accept that cryptosystems in general and cryptocurrency in particular are different domain from most other software engineering they're used to.

Any single error or bug can result in the complete compromise and failure of the entire system. The old rules of calculating acceptability of risk and errors based on whether they enable more value creation than they put at risk, no longer apply, because any/every error can result in total loss.

I believe different world views on this issue is one of the root causes of the schism in Bitcoin.

>The funny thing is, the inaction of the Bitcoin devs have made it fail at one of the core features of money. You cannot consider it to be acceptable, as fees are so expensive they price out a lot of people. Money should be easy to move around, and you should be able to buy large and small things with it.

That's a "nice to have" for sure, but not at the risk of a Global Financial Crisis style event happening to Bitcoin itself. The prudence of the Bitcoin devs has made it succeed at avoiding that so far.

>Yet this is somehow preferable, because doing otherwise would make Bitcoin "fail at sound money", whatever that means.

There's no need to be confused about that term, it has a simple, clear and easy to understand meaning. Sound money is money whose supply and value is both transparent and un-manipulatable.

When you choose to store savings in that currency, you know how it works, and you know it can't be changed in the future (to either your detriment or benefit). Sound money is a social contract that can't be broken or reneged.

By way of counter-example, in the GFC, the US Fed pumped up the money supply to prevent the failure of the banking system, risking devaluation of dollar-based savings and hyperinflation to the detriment of everyone else.

For another counter-example, the US Govt's inability to control its deficit and debt may one day result in it having to monetize the debt (print more dollars to pay for it), devaluing the dollar and dollar-based savings, and harming global confidence in the dollar as a reserve asset.

Cryptocurrency as sound money is a hedge against that, and that's the ultimate killer app. But if you lose enough decentralization, you lose this characteristic of it. Then its worthless, regardless how good of a payment system it makes.

And it will never be better than Paypal and other centralized payments services at merely transferring money quickly and cheaply, so if it has no other value proposition like sound money then its worthless.

This entire model does not sit comfortably with a permissionless, even anarchic construction like Bitcoin. Partially because it puts you in constant conflict with regulators whose relationship is your business. Secondly because if Bitcoin becomes a major currency in its own right, your role as an onramp is no longer necessary, or at least far more competitive.

And as every other exchange discovered, the real money is in offering a blistering array of coins and taking a percentage on trade between them.

Thus, it might be disappointing to cypherpunks that Coinbase is only a reluctant proponent of Bitcoin, but it's also quite predictable.

I'm not super familiar with Bitcoin's tech, but that seems sensible to me. The blockchain is already 250 GB at 7 transactions per second. If you multiplied that by 100, you still have orders of magnitude less transactions per second than credit card processors, but the hardware requirements are now high enough that few individuals could afford to run full nodes.

Fact is that each LN "channel" needs a committed amount of Bitcoin that can only be withdrawn by closing the channel. If you want your Bitcoins "secured" in you wallet, you need to close the channel. Otherwise you will - by design - have to constantly monitor the LN for malicious actors trying to withdraw you funds from your channels - which by the way is also only possible with an extremely reliable internet connection. Ultimately it's only possible to "secure" your funds against malicious actors by closing the channel. This leads to nice DoS attack vectors, see below.

Opening and closing a channel requires an on-chain transaction. This means when you only calculate with the US population, you need at least ~700 million on-chain transactions per month, assuming people get paid once a month, which is absolutely underestimating reality. Also assuming business don't trade with each other.

Assuming 7 transactions per second for the Bitcoin network (which in reality is much closer to 3 by the way), you get 7×60×60×24×30 = 18,144,000 transactions per month. So LN cannot even serve 5% of the US.

Reading the LN white paper should give you an idea on how bad it is when you compare it to reality and how people are actually using money.

There are probably going to be some big entities in the Lightning Network ("lightning service providers") that average users use to open channels in exchange for a fee. These LSPs need to closely monitor for malicious transactions, but the average user doesn't have to. The average user would only get ripped off if their LSP broadcast an invalid transaction. In that case, they could prove it to the network and everyone would leave the LSP. Eventually there will be long-standing LSPs with good reputation. People can open long-running payment channels with them. If on-chain transaction fees get really high, they could be set to timeout after a year. That gives both parties plenty of time to notice an invalid transaction. If they're paranoid about DoS or timing attack, they can close the channel a few days before it times out.

That's my understanding only from reading a few articles about how Lightning Network works, so what I'm saying might be ridiculous and I could be completely wrong.

But even if there was a way to identify bad actors, what you describe as "big entities" already exists. They are called banks, just you described one with more steps and that's a lot more complicated.

From where I sit, it seems like BTC was designed to be a currency that would free us from financial regulation, it has failed on both counts, and crypto enthusiasts are trying to turn it into an over-elaborate debit card because the alternative is for it to become a historical curiosity.

> Which can be be reneged on if one party is malicious, meaning they'll only occur between trusted parties?

This is not correct. My understanding is essentially each party is tying up Bitcoin as being between them on the blockchain, then trading cryptographically verifiable assertions of each other off-chain about what the latest status of the ongoing "tab" is between them. Either of them can close the tab at any time and reconcile to the blockchain.

They don't really need to trust each other, although this does introduce a dependency on some entity (whether the user's own server or a third party) to publish the latest version of the "tab" if the other guy maliciously tries to publish an older version of the "tab." And of course, that means you need some redundant storage / handling of those cryptographic assertions from the other guy about what the status of the latest "tab" is. But that doesn't require trust--you'd want to do it even if you trust the other party.

Or at least that's my understanding of it. I like the conceptual idea of LN but some of these details seem like dealbreakers to me.

That's the Lightning Network.

That's how two finserv companies would transact off-chain with each other, but when I go to buy a cup of coffee with a bitcoin, I'm not opening up a payment channel with them for one transaction, that would defeat the whole point. The coffee shop will use a payment processor, who isn't going to deal with me off-chain unless I'm the KYC'd customer of them or some other finserv they trust. (please correct me if I'm wrong here)

You won't want to open up a payment channel to them, but you don't need to. You just need an already open payment channel to someone who is, or (more importantly) there is some route of payment channels between you and them through any number of intermediaries.

There won't be a way to enforce KYC on the network itself, and you don't need trust for this to work.

But because of the inherent cost / time / complexity reduction benefits of just maintaining big channels between large entities, normal people and businesses will inevitably be incentivized to just work through banks to do this. The banks can just hold all their money and handle keeping the channels between themselves open and funded.

And that's where I think you're correct. It leads to a world where KYC can be required easily because the vast majority of legitimate use cases will be through centralized endpoints.

However, 250 GB is approximately 25 GB per year (since Bitcoin started in 2009), which, if you multiply it by 100, is 2.5 TB per year. That means it will take about 6.4 years to fill a 16 TB hard drive, which should cost less than $600:

https://www.techradar.com/uk/news/worlds-largest-hard-disk-d...

It's not hard to imagine someone paying under $100 per year to run a full node, whereas on the day that TechRadar article was published, the average price of a bitcoin transaction was $4.58 as seen here:

https://bitinfocharts.com/comparison/bitcoin-transactionfees...

1) have centralisation

2) assume storage space will expand exponentially since the entire point of bitcoin is many many copies of its ledger

3) come up with a new method more secure than PoW but still decentralised

Good luck with (3). (1) and (2) are not good choices. So they moved it off the chain into lightning network.

https://www.youtube.com/watch?v=agppUdX9YvI&feature=youtu.be...

An actual market-powered mechanism for data-pruning. As the price of new transactions rise, the amount paid by old (rebroadcast) transactions rise more. Network hits equilibrium where data in == data out.

Would you say that the credit card network, or PayPal, has exponentially increasing storage requirements? It's possible for Bitcoin (for example) to be decentralised and useful to the world and only require linearly increasing storage space.

Fortunately it seems that storage technology will continue to scale linearly over the coming years too:

https://images.anandtech.com/doci/15064/seagate-roadmap.png

> (ignoring things like High Frequency Trading)

HFT is not a blockchain transaction. They are off blockchain transactions entirely because they trade money between bitcoin / other cryptos and dollars.

> there is only a limited number of potential active crypto-currency users

My entire point is that this limits them from growing. If the blockchain is kept from exploding, it helps to onboard more users.

> Would you say that the credit card network, or PayPal, has exponentially increasing storage requirements?

Indeed not. But their user base is now standardised. So they have a predictable number of transactions every second. However, their storage requirements are still obviously industrial grade server farms. The point of bitcoin is that everyone should have a copy of every transaction (excluding lightning network transactions). You see the connection? Not all of us can have our own server farms. If we all wants to store every transaction in the way the parent of my previous comment alluded to (increase block size), each of us will need our own mini server farm i.e. exponential storage growth.

> It's possible for Bitcoin (for example) to be decentralised and useful to the world and only require linearly increasing storage space.

Yes. It'll level off at some point. But we are far, faaar away from that point. So it'll take quite a while before it levels off.

Is that the point of bitcoin? Satoshi said:

> Long before the network gets anywhere near as large as that, it would be safe for users to use Simplified Payment Verification (section 8) to check for double spending, which only requires having the chain of block headers, or about 12KB per day. Only people trying to create new coins would need to run network nodes.

https://satoshi.nakamotoinstitute.org/emails/cryptography/2/

(He also didn't say anything about "lightning network transactions".)

> If we all wants to store every transaction in the way the parent of my previous comment alluded to (increase block size), each of us will need our own mini server farm i.e. exponential storage growth.

The BTC blockchain is currently 250 GB. If blocks had been 10 times bigger, the blockchain would still be less than 3 TB, and blocks would almost never be full, which would reduce transaction fees and help to onboard more users. I don't think that storing 3 TB of data requires a server farm.

Correct. I'm not going by what Satoshi said, but by what development the bitcoin core team is aiming to create now.

> If blocks had been 10 times bigger, the blockchain would still be less than 3 TB

Correct. The aim of the project is to keep it as small as possible. 3 TB may not seem prohibitive today, but that's because there's hardly been any usage of the network compared to what the real world looks like. If bitcoin truly competed with Visa / Mastercard, both of those numbers will start looking a lot bigger. If the compressed version was 3TB, the bigger blocks version now becomes 30TB - suddenly far out of consumer grade storage for a normal person.

To give an analogy, it's like saying that there should be a law limiting people to only buying 5 books, because if there wasn't a limit then someone could buy a quadrillion books, which would require cutting down all the trees in the world. You're trying to prevent a problem that won't exist, by introducing a restriction that causes a very real problem instead.

I don't think so. That also requires a faster cycling of transactions than the current 10 minute round. But yes, obv a larger number of transactions can fit into the block so throughput will increase.

> 30 TB blockchain (which would fit on two hard drives, which many consumers have)

1) I don't know if you understand who "consumers" are. 30 TB is far, faaaaaar away from what a normal consumer has. Most of us have a laptop at most and that limits us to 1 TB storage. I personally have a lot of cloud storage, but I'm not the average consumer. I'm highly tech savvy compared to the normal person. So go out and talk to people not in tech and see what their tech specs look like. If they can't match up to you, they still need to be able to process transactions.

2) I didn't say it doesn't need a 30TB blockchain. You're completely misunderstanding my point. I'm saying your glib observation of "oh it's 300GB now, it can scale up to 3TB if it's bigger" is highly ill informed. If you push it only 1 order of magnitude, you're going from 3TB to 30TB and it becomes untenable. Now instead if it was 10KB and scaled to 10MB, it obv makes no difference even with 3 orders of magnitude.

3) You're also not understanding the larger picture. If all transactions in history have to be stored in the blockchain, it requires scaling to become less than linear (or at max, linear) to keep up with consumer storage expectations. It doesn't matter what the size of the blockchain is now (as long as it's within say 1TB that the average consumer can access). It matters how big it gets when there are billions of transactions flowing through it every day. So by that account, even 250GB is a very big number because once we hit billions of transactions, unless the relationship is inverse exponential, we'll breach limits long before touching that point.

> You're trying to prevent a problem that won't exist

The problem that won't exist of billions of transactions passing through the blockchain? Possibly if we had off chain solutions, yes. Which we do in very early stages. If not, the problem is very very real.

Why does it have to fit on a laptop? Only miners influence which tx get into a block, not people on laptops.

>The problem that won't exist of billions of transactions?

Visa does 1 trillion tx/yr. Bitcoin tx is ~500 bytes That's just 500 TB/year. Miners with today's hardware can store that easily. A pruned observer node could run with just a few hundred dollars of hard drives even at Visa scale!

The bottom line is that Satoshi and others thought about this and no one saw it as a problem until Blockstream and other VC funded startups began pushing sidechains that they could profit from.

The very fact that you guys are not recognising this means that you still don't understand the concept of decentralisation and want to settle with the altcoin route of making up the word as you go along and if it fits your narrative. If your entire chain was at the mercy of a few large mining corporations, you are dead in the water. The attack vector is easily compromised and you have no leg to stand on.

Each node would need to download 1.4 TB of data per day (500TB / 365) to keep up, and the UTXO set would presumably expand dramatically with a volume increase of that magnitude, making it impracticable to store even a pruned state on a consumer hard drive.

And it needs 3TB?? Cmon, that's not lot of gain for a lot of loss of control by the average.

"Decentralization" is a means to an end. Not everyone have to run a full node, as long as there's enough.

It's amusing that LN is touted as a solution, since decentralized routing is an unsolved problem, meaning that LN will be more centralized than what it's supposed to solve.

Quite cool approaches. The problem is that you can't attach data to transactions, so only useful for a subset of applications, those unlikely to create much bloat in the first place.

Bitcoin will definitely singularly emerge as the new common 'numéraire' in the near to mid-term (5 to 10 years). I love that you specifically call out the omnipresent crypto scams, because they are what disappointed me from the whole endeavor once they emerged in the ICO craze. Once 1 bitcoin has price of 500,000 to a few million in USD per individual 'bitcoin' UXTO, it'll be obvious for governments to just start using it, and create dual money systems that are just layers on top of the (maybe single, maybe not) existing, working blockchain, despite its slowness. China is pursuing this now, even in anticipation of large price increases.

IMO Bitcoin is definitely the numeraire of the future, and it is certainly not a sure thing right now but I am extremely certain of this. It then becomes so trivial to do aggregate balance of payments calculations without so much sketchy behavior by fraudulent sovereigns that want to represent their own vision of 'real trade' for various purposes, such as economic warfare.

For non-finance people, numeraire is a representative abstraction of a 'unit of exchange', used to simplify things. You can then idealize situations like having riskless borrowing, which simplifies many formulae. But this is not an accurate portrayal of reality, (look up sovereign defaults, as one example. Greece, Spain, Italy, some Asian countries at different times, Argentina, Venezuela, etc.) So having a numeraire that isn't sovereign would be really impactful in making all economic participants way more honest, outside of the immediate smaller-scale effects of allowing people to get their cryptos ropped by unscrupulous people on the darknet.

From Wiki: "The numéraire is a basic standard by which value is computed. In mathematical economics it is a tradable economic entity in terms of whose price the relative prices of all other tradables are expressed"

Anyways, the Bitcoin protocol could definitely fail, for any number of a few different reasons, but at present barring some kind of major technological paradigm shift that breaks existing cryptography (maybe QC, maybe something different) it is uniquely positioned to become the de-facto standard for all balance of payments activity internationally. Scalability issues are definitely a factor, but hey, the mempool is working its hardest until they rewrite the underlying consensus mechanisms to work at larger scale. But as a settlement system and a darknet unit of exchange, it is extremely clear that this is the first hard asset that won't just vanish at the mercy of sovereigns. Very powerful new technology.

My guess is that governments will more and more realize that the main utility of blockchains is money laundering and speculation. As has been remarked over and over again, they don't solve any above board problem more efficiently or with lower expense than existing technologies. I predict we'll see growing regulation increased amounts of crackdowns on cryptocurrency and its applications going forward.

I've commented in the past here that the use of public blockchains to automate the functions of clearinghouses and escrow services will be a huge cost reduction for many industries such as finance. The technology as of today is not ready to handle that use case, but with the developments currently in the pipeline for Ethereum v2, progress is being made in that direction.

If you look at what MakerDAO is doing with the Dai stablecoin, they've proven that it's possible to create a synthetic asset closely pegged to the dollar purely through financial incentives, and they did it all just using Ethereum v1. A holder of Dai can earn 4% APY through a Dai Savings Account, and a vote is currently in place to raise the rate to 6%.

I personally find it incredible that an asset exists on the blockchain that's equivalent in value to USD, with a higher APY than you can get from any US bank. And because everything is on the blockchain, there's a public ledger of exactly how much is being collected in interest from those who are collateralizing their Ether for a Dai loan, how much of that interest is being paid to savings account holders, and how much is being collected by the system as surplus. It's the closest thing we have right now to a decentralized bank.

Whether or not you buy into the technology, it's improving by the day and more and more use cases and applications are being tried out and built. If all you see in blockchain is money laundering and speculation, you haven't been paying attention.

I also find this “incredible”, but in the old sense of the meaning as “not believable”.

[1] https://community-development.makerdao.com/makerdao-mcd-faqs

[2] https://docs.makerdao.com/

The problem with bad financial instruments is not that they don't work at all, but that they work fine for a period of time and then blow up.

I think the point your parent was trying to make is that the long term interest rate of any security has an upper bound of the growth rate of the economy.

I don't know of anyone who things the US economy has a real growth rate of 6%.

This is incorrect. Economists won't need it explained, but you're probably not one. Think about it like this - the growth of the economy is a weighted average of the growth of many different assets. By definition, a few of them will have higher rates of growth a few will have lower rates of growth.

What you should've said is that the higher rate ones are typically higher risk. So at the lowest possible risk, you probably cap out at the economic growth rate (also not a truism, but somewhat closer).

The 6% Dai savings rate is not static. Overtime, both the interest rate charged to those taking loans and the savings interest rate will need to be adjusted in response to economic conditions in order to maintain the peg. These adjustments have occurred many times and are part of the normal operation of the system.

That being said, MakerDAO has considered these scenarios and in the event that the peg can't be maintained, an emergency shutdown procedure occurs that gracefully shuts down the system. There's a separate token called MKR, and holders of the MKR token are the lenders of last resort. In the event of an emergency shutdown, MKR token is printed and auctioned off to settle debts in the system, devaluing the MKR token. Similarly, when a loan holder pays off their debts to the system, they pay that in MKR token and the MKR they paid is burned, creating scarcity of the token to reward MKR holders.

The risk adjusted return on whatever that crazy contraption is is almost certainly negative, and probably incalculably so.

The idea that any sane financial instrument could increase its return by two points by the holders of it voting to do so is... I haven't the words.

Raising the savings rate will also raise the interest rate that those holding loans must pay. If a loan holder doesn't agree with the new interest rate, they are free to close out their loan.

It's true that the interest rate can be arbitrarily voted up. Despite this, 1.46% of all existing Ether (currently valued at $210,036,816) is staked as collateral in the system, so it's not accurate to say nobody would do this.

Isn't this just a revolving credit line?

The people who built "that crazy contraption" are pioneers in an industry that is going to help lift hundreds of millions out of poverty via cheap, non-predatory financial services and create trillions in wealth by further unifying the global market.

I am somebody who spends hundreds of hours per year reading about Ethereum and blockchain. I could stop doing this whenever I want, I'm not bound by my employer or anything.

I keep at it because the underlying technology and things being built with it are amazing and valuable.

If you take one thing away from this thread, let it be that Bitcoin is the "Ask Jeeves" of cryptocurrency and the future is actively being built on Ethereum.

A 6% interest rate on USD would be a red flag, but Dai isn't USD. As far as I know, no banks allow you to use Ether as collateral for a USD loan, so the comparison isn't apples to apples.

Is this written in their documentation? Cos this is where the smart money gets out. The DAI competes against the USD. So all their transactions have to be in USD. No vendor for your products is accepting these magical tokens. No one in the economy except vanishingly small fractions accept digital tokens for trade.

Also, this is how the economy functions. All they've done is create a bank and sprinkled the fairy dust of "tokens" on it so the Fed stays away.

MakerDAO has a list of vendors who accept Dai today [1]. The list also contains a number of payment processors that enable businesses to accept Dai. It's true that it's not widely used now, but every product has to start somewhere. I don't think I'm going to be getting paychecks in Dai within my lifetime, but that's no reason to discourage its growth.

> All they've done is create a bank and sprinkled the fairy dust of "tokens" on it so the Fed stays away.

You say that as if creating an automated decentralized bank that generates an asset pegged to the US dollar is something that just anybody could do. Regardless of how Dai is ultimately used, creating the system and deploying it to the public is a successful proof of concept in itself.

[1] https://github.com/makerdao/awesome-makerdao#spend-dai

Fair enough. If it grows, it grows.

> You say that as if creating an automated decentralized bank that generates an asset pegged to the US dollar is something that just anybody could do.

If you have 100% collateralised loan, yes, anybody could do it in this day and age. Money can actually grow in an automated fashion without a central authority if we accept the inevitability of economic crashes and depressions.

Here's my thought experiment - say DAI suddenly overnight replaces the dollar. I don't know enough about the system, but I know finance very well. Next, say the day after the economy starts crashing. Manufacturers cannot see any orders coming in, consumers don't want to spend money etc etc. Run of the mill crash. What would DAI do?

I'll tell you how this works out in an uncontrolled money system - the crash goes on for more than a couple of years. People lose jobs, companies close etc. The federal reserve's one and only job (the regulation part is hogwash, they can't regulate for shit) is to cushion such an economic crash. What happens without it? Will the benevolent DAI system controllers step in?

With that in mind, accepting cryptocurrencies is just a technicality and doesn't reflect any acceptance of it as a real currency.

Are there any vendors who actually price their products in a cryptocurrency?

As a currency sure, but it reflects acceptance as a means of exchange. There are actually big segments of the crypto community who find the latter much more important

As I said it seems like most of the DAI borrowing is being done by people taking out margin loans to speculate on crypto. Perhaps this might make sense for the limited use case of people trading cryptocurrency (which is its most popular yet pointless application), but I don't see it being useful or economically viable for general purpose loans.

EDIT: upon further thought since the loan has to be secured with crypto assets, its not comparable to a personal loan. The equivalent regular finance product would be for a portfolio line of credit. Those have much lower interest rates, fed funds + 1-3% depending on the source.

I agree with that entire paragraph, so the rest of your comment is moot in terms of debate. However, I was just saying that on its face, 6% inside the USA is a good rate for loans.

In the event that the value of their collateral doesn't cover the debt, the Maker system has a surplus account that would cover the difference. In the event that the surplus can't cover the remainder of the debt, MKR token is created and auctioned off to to cover it.

Since this devalues MKR, holders of MKR token are incentivized to ensure that the system always runs at a sufficient surplus to cover these events and that loans are liquidated early enough to prevent having to dip into the surplus.

In addition to this, interest on loans are paid in MKR token and destroyed when the loan is closed, which also incentivizes holding MKR.

> If you sell the Ether, you no longer have the Ether. If while you're holding the loan the price of Ether goes up, you benefit from that. Of course, if the price of Ether goes down, you're at risk of having your loan liquidated, but that's a requirement imposed by the system to maintain the Dai peg.

Their governance calls are open, you can join and watch them be money scientists.

Here's the link to the most recent governance call https://forum.makerdao.com/t/agenda-discussion-scientific-go...

Not necessarily. Our equivalent to a savings account (caderneta de poupança) had a return above 6% per year until a couple of years ago (it's down to slightly above 4% per year now). It's very easy to beat that (for instance, the 5-year prefixed federal government bond has a return of 6,39% per year at this moment). So a return of 6% per year would be considered normal around here, not a red flag.

This level of transparency is the very opposite of Madoff.

[1] https://daistats.com/

But we don't want financial transactions to be fully automated and immutable. We want escrow services to be subject to laws, we want a judicial undo and modify button. So if you remove the whole "no one can change history" bit because it's an anti-feature, it is unclear why we need blockchain in the first place.

I'll redily accept that my understanding of blockchain is limited, so I'm open to being told why I'm wrong. Consider this a strong opinion weakly held.

I don't know enough about the financial industry to know if a real actual problem is being solved here. I do assume that any bank in this industry is already required by law to keep a record of all transactions, and that it's all digitally processed and stored. You'd have to hire an auditor to verify the blockchain software too, and even on the ongoing basis, to audit the infrastructure to make sure it hasn't been improperly modified.

This is true, but it's not necessarily organized in a straightforward way, and standards can differ from organization to organization despite everyone attempting to follow GAAP. This is why entire firms exist to audit large corporations.

> You'd have to hire an auditor to verify the blockchain software too, and even on the ongoing basis, to audit the infrastructure to make sure it hasn't been improperly modified.

Not necessarily. Each transaction on the blockchain is cryptographically signed, so all you would need to audit for each transaction is that the claimed signatures verify. It's not possible, even through a bug, to forge a signature if you don't hold the private key.

No. You wouldn't.

And cryptocurrency does not provide immutability anyway. Remember the DAO Ethereum fiasco where they lost a bunch of money and decided to roll it back.

What did happen was a superset of users decided to create a new ledger to run in parallel, containing transactions up until but not including the loss.

The market determined the new ledger to be more valuable

[1] https://www.cnbc.com/2017/11/08/accidental-bug-may-have-froz...

pegged decentralized synthetic digital bearer assets.

That's a mouthful. Each word has a purpose and together they describe a hugely innovative and valuable technology. It is my belief that there are very, very few people who have an understanding of how important this innovation is.

And too few people understand the importance of the more simple digital bearer asset, of which bitcoin is the prime example. This still surprises me, especially amongst HN readers, who are certainly more insightful than the average bear when it comes to most existing and emerging technologies...

Surprises me. but also gives me hope.

There is so much room to grow. Long road. Massive upside.

We are seeing a flourishing system of financial experiments being built as truly anything goes in this new digital worldwide ecosystem. Not all of the experiments will work but at least they will be tried and the market will decide whether or not they are useful and valuable to this digital society.

https://www.forbes.com/sites/benjessel/2020/01/06/ernst--you...

https://www.ey.com/Publication/vwLUAssets/ey-total-cost-of-o...

Why not just vote to make it a million percent?

I also expect that the fashion for it in VC investment, already waning, will totally fade by the end of the 2020s. And that regulators like the SEC will have ended the various its-not-equity equity investments, cutting off the other major source of funds.

[1] E.g.: https://www.nytimes.com/2018/04/16/nyregion/new-york-today-l...

[2] For "significant" contrast it with M-PESA, which is also digital money and launched around the same time: https://en.wikipedia.org/wiki/M-Pesa

or hasn't tried to fund their IRA via an ACH transfer but their bank won't allow it bcs rules..

or hasn't wanted to wire money (or receive a wire) for a fraction of the price (and hassle) of a wire transfer.

I have sent hundreds of bitcoin transactions. And I admit that it's not perfect. There's lots of room for improvement. But even given bitcoin's flaws, there are times where bitcoin is massively, gobsmackingly better than the traditional US banking system.

And the US financial system has been around 10x+ as long...

So much expectation born of such ignorance. It's a common problem for bitcoin. But not new. And it hasn't stopped bitcoin yet. and I doubt it will.

I believe we're on the cusp of a state change in the world of digital bearer assets. It's not that bitcoin will simply survive, it's more that programmable digital assets and digital bearer assets will steadily win over most other forms of value.

Unfortunately this isn't the kind of conversation that's likely to change minds - forum chats just don't tend to move the needle for most people who are entrenched in their positions. If we were to have a face to face conversation, I suspect we'd be able to find more common ground.

Oh well, I've watched the tide steadily turn over the last 7yrs. And I'll gladly watch opinion continue to shift over the next decade.

Real cash usage is gradually declining, but approximately zero of that difference has been taken up by Bitcoin: https://www.frbsf.org/cash/publications/fed-notes/2018/novem...

Merchant adoption is not just stagnating, it's in reverse: https://www.bloomberg.com/news/articles/2017-07-12/bitcoin-a...

If you contrast this with the speedy rise of M-Pesa, it's obviously a failure as digital cash. It's also a failure as compared with things like Venmo, which are all popular with people doing cash-like things: https://money.com/venmo-cash-app-zelle-better/

So if it's not good for the stated purpose, what's it now good for? No speculation about the future please. Just name a specific, significant group of users, state their problem, explain how Bitcoin solves it better than alternatives (better on their terms, not yours), and link to statistics showing sustained, rising adoption.

The best resource is financial twitter (fintwit). The news breaks there, the discussion happens there, and loads of meme-ing also takes place (which is always a nice to-have in a serious place). The only drawback is that most of them lean exactly the way I do. So I can bear the place, but I miss out on a bunch of opposing opinions and it's always a challenge finding someone on the opposite side of the fence.

Do existing approaches have problems, especially the legacy ones? Sure. Nobody denies that. But Bitcoin needs to be better in practice, not just in theory.

I'm sure you do believe that Bitcoin is on the cusp of change. But Bitcoin has been on the cusp of change for 10 years. It's the same routine some Christians have been running for 2000 years: Jesus is coming back any day now. When they predict a specific date, they always turn out to be wrong, but that does not change things: https://twitter.com/williampietri/status/1071833726294749184

I was very interested when Bitcoin appeared a decade ago. It's an interesting idea backed by interesting technology. Of course, so was 3D TV. In both cases, however much the respective fan groups are sure it's superior, in practice the great majority of humanity turns out not to care because the other options turn out to be as good or better for their actual needs.

I know this is a crime, but it's not a financial crime: cryptocurrency has HUGE advantages over alternative tech for buying drugs online.

Slight nitpick: Cryptocurrencies have demonstrable advantages over existing solutions (pseudo-anonymity, decentralization, inflation-proof, etc) but consumers don't care about these advantages enough to make the switch.

I'll grant those can be characteristics of cryptocurrencies, but they're only advantages to people who need those things. And they're only advantages on net if what goes with those characteristics ends up being net beneficial to somebody. E.g., the "inflation-proof" bit is a nice line, but most of the world had good reason for getting rid of fixed currencies after the collapse of Bretton Woods. And being "inflation-proof" implies a degree of value stability that Bitcoin most certainly does not have in practice.

I'll also grant that pseudo-anonymity and decentralization are useful to a very small set of people, but I think that's pretty well covered under the first part of my sentence. There are also some people who like those things for theoretical, quasi-religious reasons, but I don't think satisfying that counts as any sort of practical advantage.

And, more importantly, governments see those attributes as a downside, and would no doubt clamp down hard on crypto on-ramps in the event that they ever started getting significant uptake.

Uber broke every taxi law on the books until popular support made those monopolistic laws unenforceable. The political actors working against Bitcoin own quite similar and quite unpopular state-backed monopolies of their own.

Further, the downsides to the rise of ridesharing were very modest for governments. Increased congestion, regulatory uncertainty, and the eventual need for new laws and regulations. But governments have a very strong interest in preventing money laundering because a) tax evasion means less money for the government, and b) serious, sustained crime requires money laundering to survive.

So even if Bitcoin were to become more popular, governments would still crack down on it, and people would happily go back to using things like Visa, Paypal, Venmo, etc.

You've picked two arbitrary criteria, which certainly don't cover the entire range of useful properties that anybody in the world might want. And even still, you're only right about one of them. Cryptocurrency is very inefficient from a power consumption standpoint, no denying that. Not sure what you mean about lower expense though, sending money internationally (in a perfectly above-board way, like placing an order or supporting relatives in another country) can be a lot cheaper via bitcoin than alternatives like Western Union. It's also useful as a store of value that's not tied to a single government, so similar to gold in its intrinsic value but with the benefit that it doesn't take up physical space and can be sent and received much more easily.

I'm still quite bullish on bitcoin itself, for these properties alone, I see these properties as basically a floor on the value that it can provide and even just for for this use there's room for a lot of growth. If Ethereum-style contracts/apps and all the other kinds of things discussed in the post also gain wide adoption (which certainly seem like far from a sure thing at this point, but also not completely crazy), that's just a bonus.

If you mean by that, it's possible to have a fiat currency with no dilution, that is true.

Crypto currencies are fundamentally a political innovation; it is much more politically expensive to force dilution onto a crypto-currency than a fiat one. Whether that's valuable enough, I suppose we'll see.

if a regime is threatened with removal of a sovereign power (issuance of currency), i'm sure they will forcifully retake that power by outlawing the means of doing so. Bitcoin is of no exception. political problems can only be solved with political tools, not technological tools.

Yes and no. Some technology changes the balance of power.

One of the best examples is the innovation of gunpowder weapons and the rise of democracy. It's not the case that the invention of the musket and cannon was solely responsible for the fall of monarchy and the rise of democracy. But it certainly helped.

Is crypto-currency that sort of innovation? I guess we'll find out.

Also crypto currencies, are not currencies. They are commodities. It is far more accurate, conceptually to think about them the same as precious metals and grains, not dollars.

There are few people who are interested in crypto-currency and have not heard this argument in many forms. Crypto-currency fans generally either don't care or don't think it's true.

No they are not.

Can people please stop and think for a second before they vomit everything on their minds onto the keyboard and hit enter as fast as they possibly can in an attempt to make themselves heard in the noise?

See what that looks like? Think about these things before you write them. Physical laws are immutable. If they not, they aren't a law. Economics is entire a human endeavour. The laws are what we want them to be.

Now I'm not justifying anything crypto related with that statement. I'm just saying you need to think before you type.

no, that's just wishful thinking. Laws of economics are a description of human behaviour, and unless the human condition changes, it will always reflect self-interest and greed. Physical laws aren't "laws" in the same sense as human laws, but descriptions. Economic laws are the same; they describe what people would do under different incentivization schemes.

In this case, despite the proponents of crypto wanting it to be a currency, it has still languished as a commodity. This is due to the economics of using it, the interactions of it with the wider economy, and various other factors that i've termed under the umbrella of 'law of economics'.

This is not true. We have simply adopted a system where it is a feature. We did not have steady enforced inflation until the 1950s. There are entire schools of economics that believe the concept of controlled inflation should be relegated to the past, and replaced with market ruled inflation / deflation.

I'm not saying I understand how such a fictional world will work (and I am a finance professional so I understand this very well already), but people always saying "inflation is necessary" are people with no imagination who don't look at history.

Greenspan thought we'd solved the problem when he realised he could just keep lowering interest rates and growth will keep on happening. Turns out Bretton Woods withdrawal and the stagflation of late 70s gave enough cushion for him to test his hare brained schemes on the world and lead to the explosion of growth that came afterward. And then 2008 happened. Turns out Mr.Yes-Market was wrong all along.

2008 happened because of bad debt. That the bad debt was cheap debt certainly poured fuel on the fire, yet the fundamental issue was deregulation and high risk lending practices that followed from that deregulation.

All of this is wrong. Inflation is a supply / demand problem plain and simple. It has nothing to do with money. What money does have to do with it is when the fed devalues the dollar to drive up inflation. It is not natural. It is clearly controlled. If the fed didn't exist, we'd face both inflation and deflation only based on supply and demand. So we'd never have a steady increase in prices (unless the royal mint of our fantasy land was really opening up the spigots, in which case they're the same as the fed).

> 2008 happened because of bad debt.

Yes. But what people don't see is the sequence of events that led to it. If you're in finance, it's blatantly obvious, but outside it, it's shrouded in mist because no one famous will put it in an understandable form.

2008 happened primarily because of Alan Greenspan. What people don't realise is that none of the world leaders since the 1980s have done anything of consequence compared to what Greenspan did. His policy of "let's just keep the pumps open" have inflated markets and literally powered this exponential tech growth we're seeing now. My conjecture is that it'll stall out. Money doesn't grow on trees however much we may want it to.

2008 was the culmination of this 3 decade long money pump. But what did the fed do when it realised 2008 was happening? Oh that's right - it pumped even more money. But that's a topic for another time.

I agree with you in general, but also: The reason it's not that many is because the ones who see further growth, gets a interest into it, maybe even vested interest. So, not a good argument.

So 90% of this post's accuracy is unchanged whether the CEO of Coinbase was the CEO of Coinbase or not. Lets look at some of the points:

People are working on removing the surveillance aspect of cryptocurrencies. thats a truth that has nothing to do with adoption.

People are working on making them faster. that's a truth that has nothing to do with adoption.

The Chinese Government has said they will a central bank digital asset for currency. that's a truth that has nothing to do with bagholding other cryptocurrencies

Every industry experiences consolidation, it doesn't really take a soothsayer with a conflicting interest in to tell you that.

and so on

https://www.deeds.com/articles/the-real-estate-deal-declutte...

This involves state and county governments recognizing a current problem that is easily solved with blockchain technology. In this particular use case, blockchain is used to prevent fraud and provide a more efficient process.

Where did you get the data that justifies that assertion?

In any case, don't bother with cryptocurrencies. I'd recommend that you keep all your wealth anchored in US Dollars for the next 3-5 years.

This literally already happened for a hot second, did you not notice the everyone doing their own ICO when bitcoin was 20k? Are you saying it will happen again?

I don't think that's what they're saying. I suspect it'll be more like support for existing major cryptocurrencies like Ethereum and Bitcoin. Either for payments or smart contracts, or other decentralized book-keeping.

I'm not convinced about "almost every tech startup", but I do think it'll become more mainstream.

[1] https://torrentfreak.com/filesharing-and-vpn-traffic-grow-ex...

https://defipulse.com - 3m ETH locked so far as of today (1 year ago = 1.9m ETH, 2 years ago = 63k ETH)

This space is difficult, after the last years there's some stigma and trust-levels towards and within the crypto-community are super low (similar to the porn space) and I decided for myself, this sector is over. Main reason is: distributed DBs are hard, publicly distributed DBs are even harder, there are so little use cases that justify the effort involved (except currency & fund raising).

Maybe I am wrong.

Tech-focused projects, like Ethereum 2, Algorand, won't be successful. Decentralized coins, Libra, corporate coins, government coins will be.

For decentralized coins, I think the market needs to find a way to incorporate inflationary economics into the system. Bitcoin needs an inflating parallel blockchain. It's all about money. I put my focus there.

I wrote a post on the topic: Emerging Markets of Cryptocurrencies

https://bitflate.org/post/2019/11/10/emerging-markets-of-cry...

Not much people using it though. Seems like best selling items are gift cards.

So either this is a way for crypto to be "used" for purchases at popular stores, or it's being used for money laundering. (those gift cards are easily sold on eBay and other marketplaces for fiat; this is how you'd take payment in mostly untraceable crypto and cash out without having to subject yourself to exchange KYC/AML)

This misses a key piece of information. They take the price as an an assumption for their argument, but that is insufficient to draw this conclusion. When Bitcoin reaches $200,000 is also a factor.

The worlds existing billionaires will not sit still. If it takes 70 years then it would be pretty easy to make better money elsewhere. I have no idea if or when it will happen. I'm inclined to think on average it will increase at a decreasing rate.

Perhaps one day, the tech community will understand that some problems require a political solution and simply cannot be solved by technological means alone.

The value of our public goods however is not being captured by any financial asset, and is a huge market that can be addressed by cryptocurrencies. This is something I'm quite passionate about and have put a lot of time into thinking through how they might work (see link below). As an example, AirCarbon (https://www.aircarbon.co) is a Singapore exchange being built on an Ethereum token and will tokenize CORSIA-certified carbon credits for the airline industry. This is a fantastic example of a huge market ($100+ billion) that is right now extremely inefficient, and will benefit greatly from moving onto a globally accessible and permissionless ledger. It'll provide everyone in the world the ability to invest in the reduction of carbon dioxide emissions, and even better, since the tokens also work as stores of value, investors can sell their tokens in the future.

This type of financial asset has enormous potential.

"Tokenized Goods - A New Store of Value": https://medium.com/@tpgwhitepaper/tokenized-public-goods-a-n...

Crypto is not money and company like coinbase thrive on that information asymmetry because a normal person do not understand that cryptocurrency is not really a money,but a network of computers trying to fix some arbitrary value to a sequence of string which are worthless in themselves if not widely used for exchange of goods and services.

Hopefully in 2020 peer to peer exchange of good and services evolve and companies like coinbase don’t need to exist (this was the true purpose of distributed currency to get rid of companies like coinbase and being hold hostage by them by keeping wallets under their supervision without liability unlike the way bank maintains account with liability and protection).

As I understand it Bitcoin has some problems in this regard, but others have solved it.

I just can’t find it hard to believe we get to 2030 without a way to buy things anonymously online.

Nope. Bitcoin and others don't solve this at all. They're a literal permanent ledger of every single transaction you've ever made. Other coins might be better at anonymity, but BTC and its derivatives are certainly not.

The work around for this is what they call a coin tumbler - it takes your coins and those of say 5 more people, mixes them up real nice by moving them around a couple of wallets in many complicated transactions and then hands them back to a wallet you want from thousands of these mixed up addresses.

In the end, it might depend on a chain becoming popular first before people want to use privacy features on top of it, like using Ernst & Young's Nightfall protocol that's built on top of Ethereum.

ZCash uses zksnarks which are a pseudo homomorphic encryption strategy to hide payments whereas monero is using linkable ring signatures.

Generally speaking, the blockchain community has really advanced the crypto field

Other options such as Monero are better for this.

Obviously every transaction can not be processed and stored by everyone. That much is clear even to casual observers. There has been two or three main ways people have tried to achieve this during the past decade.

The obvious thing to try would be to shard the blockchain like you would a database. This turns out to be hard to do in a trustless way since shards would need to interact. This realization and the contracts required to securely swap assets between otherwise separate chains leads naturally to:

Full on separate blockchains that run in parallel to the main one, checkpointing when needed (rootstock, drivechains). These are not limited by the main chain and can be specialized for custom use cases. The parallel chains are only interoperable by way of the main chain and need not know about each other, which helps scaling out.

Payment channels by the way of time locked contracts. Satoshi sketched out an initial implementation that turned out to be flawed. This has since been improved on and made bidirectional and made into a standard which is now the Lightning network. It has a number of real world limitations but the general idea is that only the parties involved in a transaction needs to know about it. An added benefit of this is that finality among these parties is immediate.

There have also been some work squashing a large number of transactions into a large transaction. This has the added benefit of obfuscating the flow of individual transactions, which otherwise makes everyone's holdings transparent (mimblewimble, grin). This requires new signature schemes and is hard to retrofit to existing blockchains and make security guarantees about.

There used to be ideas about Chaum like schemes on top of blockchains, but most of that interest probably went on into separate blockchain schemes.

Those are some of the ideas that have been tried, most have shown some promise but are more or less still at the research stage. Don't expect radical changes overnight.

Most mobile wallets are light wallets, that query servers for the information on demand. It works great, but you have the risk of the server lying to you.

So the next level up is SPV wallets, which verify that transactions are included in blocks and that the proof-of-work is valid. So the cheat them you need to reproduce POW, which is very expensive, and also very secure.

This notion that everyone needs to run a full node is simply false. SPV security, and even light wallets security, is enough for almost everyone. Exchanges, payment processors and the paranoid few can still run full nodes.

The other easy way is to do what either win (ETH) did and change the average time between blocks from 10 minutes to say 10 seconds or so.

I've become very pessimistic around cryptocurrency after a year of chasing coins.

Wake me up when Turtlecoin hits $10.

I think bitcoin is a really innovative idea (and kicking myself for not acting on my initial instincts when I read about it on HN in 2010 - when mining software said "please don't use your GPU"!) but I don't buy this "people laughed at the internet too, so bitcoin must be important!" line.

Why? Really, I would like to know why you think this. Append-only data structures have existed almost since the dawn of computing. Making it distributed and trustless doesn't seem to solve any real problems, which is why over a decade since they entered the public consciousness they are used for almost nothing interesting, and nothing that couldn't be done better in a centralised system.

Tell that to all the people that are either denied bank accounts, denied loans, have had their Paypal accounts frozen or funds held for apparently no reason, etc.

> which is why over a decade since they entered the public consciousness they are used for almost nothing interesting, and nothing that couldn't be done better in a centralised system

The infrastructure and tools are being developed. And please don't say you've been hearing that for 10 years. Literally everything needs to be recreated from the ground up for a new protocol and financial system. This takes a lot of discussion on proposals, development, and testing. Not to mention that all improvements are being done on a live system so everything needs to be backwards compatible.

If you don't see the current monetary systems as a problem, then I guess you don't really have a way to understand Bitcoin.

I think it's one of the most important innovations of our civilization; a 'next step', if you will.

Personally, it solves my problem of storing value of my work indefinitely.

When a business receives a loan it shows up as an asset to them in the form of a bank deposit. The business then usually uses that demand deposit to purchase goods and services, so people who don't owe debt to the bank get those deposits in their accounts, and spend the deposits, etc., etc. So effectively, private banks create money.

Let's say Bank A loans $1000 to a customer. It creates a $1000 bank deposit in that customer's account. On the balance sheet it looks like this:

Bank A:

(Asset) Loan to customer of $1000

(Liability) Bank deposit in account of customer $1000

Bank A created the $1000 at will out of thin air. This is how it happens most of the time.

That's not to say there are none, but a fuck ton of people have tried to come up with cool ideas and approximately zero worked out, like at all.