Tuesday, March 20, 2018

How resistant is Bitcoin to government regulation?

Excavated from the drafts folder. I composed this in December 2017 (although I can't prove it) and I am publishing it now because recent news has rendered the postscript timely.

Bitcoin depends on the following three types of infrastructure:

  • Semiconductor fabrication plants.
  • Electric power plants.
  • Transoceanic fiber-optic Internet cables.

It depends on the first two of these to an unusual extent; the third simply comes along for the ride because Bitcoin is a global Internet-connected system.

You can't access these things, or the stuff that comes out of them, when governments really don't want you to, because they are big, expensive works of physical infrastructure. A government, or coalition of governments, with sufficient motivation and resources could introduce regulation upstream or downstream of any of these choke points that simply makes further Bitcoin mining non-viable.

"The Internet interprets censorship as damage, and routes around it" is true only up to a point. It is instructive to compare Bitcoin with child porn, a category of online activity that most governments are already highly motivated to stop. Governments have mostly succeeded in eliminating it from the non-darknet parts of the Internet; even sites like 4chan, which revel in their own transgressiveness, aggressively police child porn, because these sites run on servers that sit in datacenters in the physical world that are governed by laws just like everything else. Those servers are hooked up to the power grid and connected to the Internet by physical wires that belong to some utility. To maintain these connections, money changes hands, and a paper trail is generated that ultimately leads to the server operators. If you decide to be a badass rebel and distribute child porn under these conditions, you are looking forward to jail time.

It is true that child porn exchange still occurs online, but it occurs mostly on obscure systems that are specifically designed to be censorship-resistant at the expense of widespread availability. Bitcoin could be shut down or marginalized just as easily (where "marginalized" simply means that it is used as a transaction processing system only in highly unusual circumstances, rather than as a pillar of the economy).

In fact, it could be shut down much more easily. The resource cost to produce and distribute child pornography is nearly fixed: the size of a collection of digital imagery is essentially constant, and can be produced and distributed with extremely modest equipment. Basically, individual criminals can sustain a cottage industry indefinitely. By contrast, the exponentially increasing computational power demands of Bitcoin make it particularly vulnerable to regulation. If you cannot get your hands on an ever-increasing supply of semiconductor chips and electricity, you cannot mine Bitcoin, at least not at the scale that today's largest miners operate. Bitcoin mining is not a cottage industry; it is a large-scale industrial process, with datacenters as the factories. Large capital equipment is inherently easy to regulate. And replacing all of today's gigantic mining operators with small-scale, individual miners suffers from economic and engineering problems similar to those that you'd confront if you tried to replace a Google datacenter with ten million mobile phones (let alone trying to do that while dodging mining regulations).

Bitcoin has not been regulated because governments mostly do not care enough to regulate it (yet). The starry-eyed anarchist fever dreams of the most anti-statist libertarian early Bitcoin proponents were always total fantasies. If Bitcoin does not fail completely, then either it will be tamed into just another boring part of the existing world financial system, or else governments will wake up and cripple it.

p.s. Incidentally, since it is possible to encode data on the Bitcoin blockchain, an attacker with sufficient motivation and resources could save an instance of child pornography on the blockchain. Since every node maintains a copy of the entire blockchain, and Bitcoin lacks the ability to erase transactions, the entire Bitcoin network would be transformed at a single stroke into a child porn distribution system, rendering all Bitcoin node operators criminals. This might cost an incredible amount of money — millions of dollars to stash a single image of a few KB — but once done, it would irrevocably taint Bitcoin forever. This is an aspect of Bitcoin that is obvious on inspection, yet almost never discussed.

p.p.s. It happened.

This post closed to comments because Bitcoin attracts an unusually high ratio of vocal kooks.

Friday, January 19, 2018

The evolution of players in the American constitutional game

Another looming threat of Federal government shutdown prompts Timothy B. Lee to concur with the Yglesian view that American constitutional democracy is doomed — or, at least, in need of major structural changes:

The hour-by-hour style of conventional news coverage tends to obscure the big picture: the perpetual crises the US government has suffered over the last decade are a symptom of America’s deeply flawed constitutional system. This isn’t a new insight on my part. You can read Matt Yglesias’s classic 2015 write-up of the argument, which in turn draws on a large body of political science literature.

The basic issue is that the American system of checks and balances was designed for a nation without ideologically polarized parties. . . . The problem is compounded by the fact that it’s so hard to remove a bad president from office.

One seemingly-strong rebuttal to these arguments is that American democracy has survived for a long time, so probably the system is fine. The last Civil War veterans died in the 1950s; unlike most nations on Earth, America has no living citizens with a firsthand memory of existential risk to its constitution. This history of recent stability is probably the main reason that most Americans instinctively reject arguments, no matter how logically sound, that America's constitutional system is fundamentally flawed.

But this rebuttal has less force than it seems. The American constitution is a game, and political actors are players. When people play a game, it takes time to explore the available strategies. Partly this is because, even for relatively simple games, the space of strategies can be immense, requiring time to explore; partly this is because external forces, such as social norms, may prevent players from using optimal strategies initially. However, once a stronger strategy is discovered, it is difficult to stuff the genie back into the bottle; rewards accumulate for those who ruthlessly exploit the most lucrative methods of play, and those who use less optimal strategies are driven out.

A nice illustration of this dynamic can be seen in Google's training of its chess-playing program AlphaZero chess — openings such as the French Defense and Caro-Kann Defense appeared strong to the program while it was training itself, but eventually it abandons these almost entirely in favor of strategies that are inherently stronger, such as the English Opening.

In other words, every nontrivial game is also an optimization process, where the set of players explores the landscape of available strategies over time. In such a process, it is entirely possible for the most prevalent strategies to shift dramatically and even discontinuously; the past is not necessarily a guide to the future.

If you had been taught to play chess by the version of AlphaZero that existed two hours into its training, you might have learned that the French Defense was the "normal" way to win at chess; if I showed you a single later game using the Queens Gambit, you might view that as a temporary aberration. You would be wrong. Likewise, if you came of age in the 20th century, you might view electoral politics as practiced back then as "normal", and the current era, where the government walks up to the brink of shutdown or debt ceiling default every year or two, as a temporary aberration. I suppose it's possible, but the persistence of this observed behavior suggests that it is simply a stronger way for political parties to play the game.

Lee and Yglesias, and the political scientists whose work they draw upon, point to increasing partisan polarization as the cause of the shift in American electoral politics in recent decades. This is fine as far as it goes, but it is important also to realize that the constitutional game itself has always had, encoded within its rules, the possibility of the current configuration of power. The numerous veto points of the American system have always had the potential to be used to hold one policy objective or another hostage. The division of electoral authority between the President and Congress has always had the potential to allow both to dodge accountability for outcomes. It has always been possible for ideologically united parties to gridlock against each other. Accidental features of the American political landscape prevented these strategies from being exploited, but now the players are playing at this level, and thereby evidently beating those who would play differently. There are now only two possible avenues to change: either some novel strategy emerges to beat these strategies, or the rules must be revised.

Incidentally, this general idea — that a ruleset and the actors who interact with it coevolve — recurs across many fields:

  • It is at the heart of the concept of regulatory capture in public choice theory.
  • Designers of multiplayer computer games understand that a game's rules must be periodically patched for "balance" as players discover dominant strategies which render the game trivial or un-fun.
  • Security researchers are, of course, dreadfully familiar with the fact that every nontrivial system has unknown exploitable vulnerabilities. Once a vulnerability has been found, they would laugh at the notion that you could simply convince attackers not to behave that way, which is the analogue of hoping that American political parties won't use the toxic tactics currently available to them.

You'll find many other places to apply this concept once you have it in your toolkit.

(I've actually been meaning to write a longer essay on this idea and its implications for a while now, but haven't done so for the usual reasons, so this post will have to do for now. Well, this, and my Pinboard tag on the subject)

Monday, December 04, 2017

Two ways ISPs can do content-based filtering of encrypted traffic

Vaguely a propos of the revived net neutrality debate, a while back I saw someone on Twitter claim that it is technically not possible for ISPs to do content-based (as opposed to destination-based) filtering of SSL traffic. This statement seems initially plausible, but is false. I can think of two technical mechanisms to do content-based filtering.

First, it is possible to identify encrypted content via traffic analysis. ISPs could compile a database of traffic signatures which they wish to throttle (e.g., for videos that are available from their own video streaming services) and throttle any traffic matching that signature.

Second, ISPs can require that users add a trusted SSL root cert owned by the ISP, thus allowing the ISP to man-in-the-middle all SSL traffic. Obviously, content-based filtering then becomes trivial.

You might object that this second measure would be unacceptably onerous, and would be rejected by the market. In the near future, a middle-class American family of four may own ten or twenty Internet-connected devices, running a half-dozen operating systems, and demanding that users install a root cert on all of them would cause unbelievable inconvenience and outcry. This might be true, but without even trying very hard I can think of numerous ways that ISPs could try to acclimate users to this bitter pill:

  • Of course, the software package would be named something relatively innocuous, like "Comcast Internet Security Accelerator" or some such nonsense.
  • The MITM cert might only be required for devices that wish to access the "fast lane" — in other words, the ISP would simply throttle any SSL connection that it does not MITM. All the household's devices would be functional even if you didn't jump through this hoop, but the ones that need the fastest connections — say, the PC that streams HD VR video — would require the MITM cert installation.
  • The ISP could distribute web browsers and other apps that embed the trusted cert — for example, Comcast could provide a custom build of Chromium — and require their use for the "fast lane". Again, you wouldn't need this app for casual web browsing, only for sites that are sensitive to speed.
  • ISPs could strike distribution deals with mobile carriers to install root certs on phones. The most obnoxious way to do this would be to ship the phone's ROM with the MITM cert baked in; this would probably cause massive outcry, akin to the eDellRoot debacle. A sneakier way to do it would be to ship a carrier-branded app that has the ability to update the trusted cert store (by itself this is arguably innocuous), along with an ISP-branded app that (a) nags the user for consent when it detects that the phone is on the ISP's network, something like "Welcome to Comcast! Do you want to enable Comcast Fast Lane[TM]?", and (b) when the user "consents", installs the MITM root cert by delegating to the carrier's app.
  • ISPs could embed a web browser connected to a virtualized display in the set-top box. The set-top box, of course, would already trust the MITM cert. Then, instead of browsing directly to https://www.youtube.com/ or whatever, you would first browse to http://xfinity.local/, which would present you with a web app that is itself a browser running via remote desktop protocol. Then you would type https://www.youtube.com/ into the address bar of this web browser. The ISP could even "helpfully" set up its DNS to perform this redirection automatically (if you type youtube.com without the https).

These are just the ideas that occur to me in about twenty minutes of thinking. If these seem farfetched to you, there may be other ways to boil this frog. Companies can be rather creative when there are billions of dollars of rents to be extracted. The result does not have to be low-cost or seamless for the user; local broadband ISPs in the United States are subject to practically no competition and whatever they implement just has to be marginally less painful than waiting for your content to download over the cellular network.

Friday, September 29, 2017

Tentpole sponsors: an idea for improving paid service virality

Ad-supported communication platforms like Facebook have many structural advantages over hypothetical competitors that charge users money directly. One advantage is that a purely ad-supported service can spread virally, from user to user, at a vastly greater rate than a service that demands direct monetary payment.

For most users, the unpredictable, frequently unmeasurable harms of losing privacy and control over their social identity are less tangible than the direct time and money cost of signing up for a paid software subscription [0]. Thus free services which strip-mine your privacy and lock you into their prison spread like wildfire, while paid services that respect their users barely get off the ground. It seems that every large social networking service on the Internet has been hammered on the anvil of this seemingly inescapable logic and beaten into a Facebook-like shape.

However, user preferences vary. One can conjecture that within any social network subgraph of size N (for some N), there exists at least one user who cares an unusual amount about privacy and control. This user might be willing to subsidize a large subset of their local subgraph. Let R be the ratio of the local neighborhood of size N that such a user is willing to subsidize.

If N and R have the right values, a possible hack for the virality problem is to charge money to these special users — call them "tentpole users" — and allow them to sponsor the addition and ongoing use of the users around them. Most users will not be tentpoles; but given enough poles, positioned appropriately, the tent may be lifted over the entire addressable user population.

In the most basic form, you can imagine that a paid subscription gives every user a certain number of tokens, which they can use to sponsor accounts for their friends and family. When a new user is invited, some tokens would be allocated to them — one to support that user, and optionally some extra tokens gifted so that they could invite more users in turn. A non-sponsor user who wants additional invitations beyond their starter set would purchase more, thereby becoming a sponsor, or ask their network for some spare tokens. Sponsorship would be fungible — that is, users would be able to change their sponsor at any time — but every user would be either a sponsor or a beneficiary or both.

In principle, with proper tuning, most users could be beneficiaries, and pay nothing. A service engineered this way would be closer in virality to an ad-supported one. (It's still not quite as viral; for one thing, there is still some real friction at the edge of the "sponsorship radius", the distance from a sponsor at which users run out of tokens for further invitations. This needs further thought.)

Another model would allow all users to join free of charge, but grant additional privileges to sponsored users. This works, economically, as long as the aggregate cost of free-riding users is less than the total revenue from sponsors. This "tentpole freemium" model resembles an ordinary freemium model (where only the sponsors themselves pay [1]); arguably it is simply a freemium model where one of the premium benefits is improved amenities for one's contacts.

When I mentioned these ideas to a colleague a few months ago, he immediately pointed out that tentpoling leads to a situation where sponsored users are socially indebted to their sponsors. This has at least two effects. First, debt potentially causes social awkwardness, and this risk must be navigated (c.f. V. A. Zelizer). Second, users may feel a sense of precarity because sponsorship could end (for example, if their sponsor cancels their subscription), and thus would be reluctant to adopt the platform. These are definitely challenges, but it may be possible to overcome them.

Social awkwardness may be amenable to psychological hacks which obfuscate the transactionality of the interaction. To invent a silly example, one can imagine a social network where your profile picture can be decorated with a virtual hat, which degrades over time. You can only remain on the service if your profile has a hat; sponsors receive a certain number of hat credits, which they can use to purchase various hats and gift them to their peers. Lastly, any user can trade or gift a hat that they possess. The combination of these mechanics makes the act of "wearing" a hat expressive, not merely pecuniary; wearing a hat that one of your friends obtained and gave to you can be construed as a fun social act which strengthens your friendship, rather than a purely financial necessity. By adjusting the number of hat credits that sponsors get, you can create enough liquidity in the system that most active users have multiple hats. Therefore, it is possible to beg your friends for a particular hat without disclosing that you just don't feel like buying any hats — for example, a user who doesn't want to pay for the service might ask "Hey, anybody got a spare blue knit cap? My last one is expiring next week." A certain degree of strategic ambiguity is preserved.

This example is crude and probably too nakedly gamified to work, but I hope it illustrates that there is a gigantic space of possibilities for designing the social character of sponsorship. Somewhere in that space, I conjecture that there is a point where people are comfortable with sponsor-beneficiary relations in a social network.

Precarity may also be amenable to engineering solutions. For example, one could allow and encourage users to be sponsored by multiple people, and then grant enough tokens to sponsors that their "radius of influence" would, in practice, always overlap with other sponsors'. Then, in steady state, most users would feel secure, because they would be sponsored by more than one person. And in a tentpole freemium model, users would always continue to have access to their identity even when sponsorships expire, reducing the downside even if one were to lose all of one's sponsors.

Have there been examples of tentpole sponsorship as a business model in the wild? I have trouble thinking of them.

Anecdotally, one sometimes hears of people buying paid Slack workspaces to socialize or organize activities that are not part of their day job. I assume that there are usually free riders in this arrangement. So, Slack may have stumbled on this model without intending to (obviously, Slack's primary revenue stream is charging businesses for employee accounts, which is socially a very different scenario, although arguably isomorphic to tentpole sponsorship in some ways).

Alternatively, one could argue that whenever a highly technical user sets up a custom email domain for their family, rather than just signing everyone up for Gmail, they are tentpoling the base protocols of the Internet. The difference, I guess, is that sponsorship is not fungible: if you set up a domain for your family, your child cannot change their sponsor later in life without migrating to another domain, which incurs various transition costs.

The last example I can think of is in gaming. In some multiplayer games like Lineage, players can organize into clans, and clans can purchase in-game collective goods. I've never played Lineage, but I assume that players within a clan differ in their level of contribution, and thus the most committed players are effectively sponsoring the rest.

Overall, however, I think the idea of tentpole sponsorship has seen little use, and this seems like a space that is ripe for experimentation.

Having read this, your reaction might be (probably should be!), "Talk is cheap. Ideas are cheap. What are you gonna do about it?"

Alas, I have to admit that the answer is very little.

To really pursue this idea would be multi-year effort, and there are all kinds of reasons that this does not seem like the thing that I want to spend the next few years building. (For one thing, a half-hermit misanthrope like me is probably one of the worst people in the world to try building a social network.) So, instead, I'm throwing this post out there in a sort of cry to the universe, both to get it out of my head, and also in the vague hope that it infinitesimally increases the probability that somebody will figure out how to make it work.

This may be the dumbest theory of change that's ever been written down, but it's about what I can muster at this point in my life. On the other hand, if you back up and squint, in 2009 I predicted (sort of) both the business model of Patreon and Jeff Bezos's purchase of the Washington Post, so maybe the universe will again cough up something resembling my half-baked ideas.

Bonus thought: once you have the idea of tentpoling in your mental toolkit, you will begin to see echoes of it in many places. For example, nearly every software package is sometimes hard to use. But some users have the inclination and capability to become expert in that software, and then spend effort helping others cope with it. These helpful experts are technical (rather than financial) tentpoles, paying the cost of onboarding and support for users in some radius around them. Every geek who serves as tech support for their parents' devices is holding up the tent of Microsoft or Apple or Google or whatever over their family.

In fact, many instances of free riding can be thought of as tentpoling on some level. I suppose the difference between the concept of tentpoling and free-riding in general is that tentpoling is voluntary and has a significant dimension of locality in the social graph.

[0] Arguably, there is also a market in lemons for software services that offer users privacy and control. This is a separate issue and much too big to tackle in this post.

[1] On a vaguely related note, observe that Maciej Ceglowski has repeatedly suggested that Twitter should adopt an ordinary-freemium model where users just pay money for additional features. It is an interesting thought puzzle to contemplate why Twitter has never even experimented with doing this. There seems to be a real organizational dynamic in business that once a company settles on an advertising-supported revenue model, this sucks up all the oxygen necessary for alternate revenue models to breathe, and I do not entirely understand why. Consider how long it took for YouTube to offer YouTube Red; although this is also a case which proves that it is not impossible for the alternative model to break through.

Monday, September 25, 2017

What's the point of Facebook alternatives?

It is clear at this point that Facebook has a monopoly on online human-to-human interaction that no private forces, market or otherwise, will break in the foreseeable future. The network effects from a billion users are unsurmountably large. If we take Metcalfe's Law literally, even a social network that accumulates a hundred million users will be a hundred times less powerful than Facebook.[0] In fact, you're probably confused by the title of this post: What Facebook alternatives?

Facebook is furthermore unlike the other American technology giants in that it alone locks up all its users' interactions inside its walled garden. Apple, Alphabet, Amazon, and Microsoft are, to greater or lesser degree, porous at the edges — you can use an iPhone to chat with people who don't have iPhones; you can use Gmail to email people who don't have Gmail; buying things from Amazon doesn't prevent you from buying other stuff elsewhere; even Microsoft has realized belatedly that it is not the center of the universe & its products have started playing nice with others. But Facebook locks up your posts, locks up your photos, locks up your entire social identity inside its prison. There simply is no way to interact with Facebook users except by creating a Facebook account yourself and creating content that further entrenches Facebook's monopoly.

The gradual decay of open Internet protocols as human interaction disappears down the black hole of Facebook's ever-expanding digestive tract has been one of the great disappointments of my lifetime. In the end, AOL seems to have beaten the Internet after all.

I have opted for only de minimis engagement with Facebook, and more or less refuse to communicate via its platform. This has probably attenuated some of my relationships with people in a regrettable way (if you're somehow reading this and you wish this hadn't happened between us, send me email! it still works!) but the actions of conscientious objectors like me have not made the tiniest scratch on Facebook's dominance.

It is only a matter of time before governments realize that this entity must be regulated, whether under antitrust law or otherwise. The question is what will happen then.

In my opinion, it is clear what the ideal outcome would be: forcing Facebook to adopt open APIs that give users transparency, portability, and interoperability. Users should be able to see the data that Facebook has stored about them. Users should be able to export that data in toto to competing platforms. And users should be able to interoperate between Facebook and other social networks — a future version of Diaspora*, for example, should be able to see and interact with Facebook content generated by that Diaspora* user's social network, and vice versa; interactions between users across platforms should be reflected accurately on both sides. A user would thus be able to leave Facebook without severing their ties to the users they have left behind.

In a world where these APIs existed, users would have a way to reject Facebook's toxic business model and questionable privacy practices without exiling themselves from their social life. In Hirschmanian terms, users would have the option of exit, not just voice, as a way of signaling dissatisfaction. Facebook would probably even get healthier, as a product, as a result of the opportunity for meaningful competition.

This outcome is exceptionally unlikely. Government regulation of Facebook, although likely inevitable, is also likely to be ham-fisted and ineffective, simply because governments are terrible at understanding technology and rarely have the political will to impose effective solutions even if they knew of them. The last time the U.S. government, for example, used antitrust law against a technology monopolist, it basically bogged down the company in red tape for a decade but did little to meaningfully give its competitors an opening in the allegedly monopolized market. Windows is still by far the most widely used desktop operating system and the web browser that finally dethroned Internet Explorer on Windows did so through incredibly aggressive Internet marketing, not by using the remedies forced on Microsoft by antitrust law.

However, there is one thing that technologists might be able to do to make the desirable outcome marginally more likely, and that is to develop the protocols, and plausible implementations thereof, that would allow effective federated social networking to be mandated by government decree. Diaspora* may have made a significant dent in a subset of the technical problems, but there are significant open challenges inherent to federated social networking that I suspect have not been solved.

Critics of Diaspora*, Mastodon, etc. thus misstep when they observe that organic growth of these platforms is limited. The ultimate destiny of a successful federated social networking protocol, if one ever arises, will be to stock the toolkit of a future regulator, not to overtake Facebook via organic growth.

There is enormous inertia—a tyranny of the status quo—in private and especially governmental arrangements. Only a crisis—actual or perceived—produces real change. When that crisis occurs, the actions that are taken depend on the ideas that are lying around. That, I believe, is our basic function: to develop alternatives to existing policies, to keep them alive and available until the politically impossible becomes politically inevitable.

Milton Friedman, Capitalism and Freedom

[0] 100M is, to an order-of-magnitude approximation, the size of Snapchat's active user population. Observers who think Snapchat is a credible challenger to Facebook are off by a factor of a hundred, not a factor of ten.