I'm the CEO of MobileCoin. If anyone has any questions please feel free to ask here. We've been working on this project for four years and it has been a labor of love. There's a lot of new technology here.
We exist in a highly regulated space so it's possible some questions will require reaching out to lawyers to make sure we answer them in a way that's compliant so please don't feel offended if a response takes a while to come back.
The best set of docs for how the whole thing fits together is our book "The Mechanics of MobileCoin"[0].
We'll be around here and on our forums [1] to answer questions. Please also check out our foundation website[2]. The github[3] is also a lot of fun, especially the section on Fog[4].
Cloudflare lets you create custom error pages [1]. I would recommend making one for any geo-restricted pages. The benefit is that you can emulate your site theme and have an opportunity to explain the reasoning for the geographic restrictions.
Why do you feel the need to geofence it outside of the US? Where is the foundation based/registered? Where is the for-profit that you are the CEO of registered? How much is Signal getting for this?
Can late MobileCoin adopters buy the same amount of coin for the same price as early adopters or is it a multi-level marketing pyramid scheme like the rest of the crypto“currency” greed and spam inducing cesspool?
MobileCoin is already liquid on multiple exchanges so the coins would just be purchased at whatever the market price is. It also doesn't make sense for late adopters to get the same price because there's a lot more risk associated with being an early adopter than a late adopter. This works both ways — if something bad happens to MobileCoin that tanks the price late adopters would be able to buy at a cheaper price because the new information gets priced in.
>“It also doesn't make sense for late adopters to get the same price because there's a lot more risk associated with being an early adopter than a late adopter.”
Often repeated but false. Early adopters mine or buy large proportions at negligible prices while late adopters mine or buy negligible proportions at large prices.
> It also doesn't make sense for late adopters to get the same price because there's a lot more risk associated with being an early adopter than a late adopter.
Other way of saying it, is that early participants in a pyramid scheme don’t have guarantees that they’ll find enough people for the scheme to be successful.
Hi,
I still have to read the docs more thoroughly, but given that these HN threads die out quickly, I'd rather ask now that I have the chance, so forgive me if some of these are answered in the docs:
1. how does MobileCoin make money?
2. how many coins do you / does MobileCoin own?
3. related to that, are there mechanisms in place to prove that this is not a pump and dump? Or simply, how do I know it's not one and it's here for the long-term?
4. what's the threat model of the blockchain you're using? E.g. for Bitcoin, the chain is compromised once 51% of the hashing rate belongs to collaborative evil miners (as a rough approximation). What about MobileCoin? When would something bad happen? How is it prevented?
5. how does MobileCoin compare with privacy-oriented cryptocurrencies such as Monero?
P.S.: you might wanna add a F.A.Q. section somewhere for the questions I've mentioned and the others in this HN thread, right now we either have to blindly trust the claims on https://www.mobilecoin.com/ or going through the 133 pages of https://github.com/UkoeHB/Mechanics-of-MobileCoin, there should be some intermediate tech documentation (or does it exist already?)
I think the more pertinent question is how much of a stake Signal has in MobileCoin and why the details of this relationship are not being disclosed.
MobileCoin isn't even on the list of cryptocurrencies you can make a donation in.. which makes this seem more like a cash grab rather than something that was thought out.
1) MobileCoin will build a payments ecosystem around the protocol.
2) I have to check with the lawyers on whether we can disclose exact amounts, but our intention is to own a small minority of coins over the long term. We want the supply to circulate.
3) I don’t know how to prove this other than to tell you that MobileCoin is here to stay. You’ll know us by our deeds.
4) the threat model is 100% of nodes being compromised with an active attack against SGX. If there is even a single honest machine, the network will scream on any fault.
5) MobileCoin is fast and privacy-protecting (and it works on mobile without consuming tons of energy). There aren’t any other cryptocurrencies that presently fit that bill.
The correct answer to (1) was: "by selling the coins we pre-mined (85% of current float) at a high price, after using the popularity of Signal to pump the price further".
I don't run anything related to the protocol. The protocol governed by the MobileCoin Foundation, an independent board of directors. The foundation makes recommendations about how the network might behave, but ultimately it's up to the node operators to decide what code they run.
If that is true, what is it that makes it inaccessible to US individuals? My understanding is that a “real” decentralized cryptocurrency not misrepresented by the issuers will not fall under regulation like that.
Assuming an attacker fully compromises SGX for machines under his physical control (e.g. can execute arbitrary code inside an attested enclave), what can the attacker do/what security properties of MobileCoin break?
I know Moxie seems to put near-complete trust in SGX, but many security professionals don't.
My question, to both you and (especially) Moxie: Why do you trust Intel SGX so much (for Signal but now also MobileCoin)? Why are you not worried about vulnerabilities? As you're surely aware, even Matt Green who is/used to be(?) the biggest fan of Signal[0] is very concerned[1] about SGX. I don't question your intentions but the fact that Signal as an organization has stayed completely silent about this is… worrisome and at the very least taints its reputation of openness and trustworthiness. With MobileCoin now relying on it, too (more or less), this only seems to be getting worse.
Thanks for answering questions, it's nice to see that MobileCoin shares so many similarities with Monero with changes that seems to make decent tradeoffs for usability. I have a few questions:
What is the identity and distribution behind the current mobilecoin nodes? What are the requirements for running a node? Since there is no node rewards how will nodes funded in the long term (10+ years)?
Does mobilecoin employ something similar to Dandelion++? What prevents nodes or those running fog from performing timing based attacks? Is mobilecoin suseptable to any other attacks (e.g. Poisoned output, subaddress association)?
How will the mobilecoin foundation and continued development be funded in the long term (10+ years)?
If SGX is found to be vulnerable/no longer fit for purpose is there a mitigation plan?
Elsewhere[1] in the thread it's been claimed your organization owns 85% of the total market cap of this coin. Can you speak to this? Is it true or not? If not true, what is the correct percentage? How much is left?
Hi Josh! Why does nothing, in plain English, explain why MobileCoin should be used over another decentralized digital currency that exists? For example, if I look at your GitHub [0], the first FAQ item is about Intel SGX, and the overview is just...a blockchain overview.
Why does it make sense to integrate MobileCoin into anything? Why not use Monero or zCash? Sure, you can definitely explain this to me, but nothing explains that to general people on your GitHub page. Same thing on your foundation page, which simply has logos and "Private Payments for everyone" [1].
I've spent a lot of time working on blockchain and perceptually, it feels like you're trying to sell snake oil here. For example, the mechanics paper [2] starts with "Cryptography. It may seem like only mathematicians and computer scientists have access to this obscure, esoteric, powerful, elegant topic." Cryptography is a tool. What's obscure about it? People are using it right this second. Why is it esoteric?
The paper then continues with a brief overview of 'blockchains' (why the scare quotes?). In the same paragraph, it states that the purpose of blockchains is that "no piece of money can be duplicated or created at will" but this is only one of many points of the entire point of a blockchain. Why does it not explore other facets of blockchains if the goal is to be introductory?
Then, in the fifth paragraph, the paper remembers that people may not be reading this for the first time with no experience, and suddenly jumps up to 11, with this paragraph. Note, this paragraph is one single 91-word jargon-filled sentence:
> MobileCoin is a standard one-dimensional directed acyclic graph (DAG) cryptocurrency blockchain, where blocks are consensuated with an implementation of the Stellar Consensus Protocol, transactions are validated in SGX secure enclaves and are based on elliptic curve cryptography using the Ristretto abstraction on curve E25519, transaction inputs are shown to exist in the blockchain with Merkle proofs of membership and are signed with Schnorr-style multilayered linkable spontaneous anonymous group signatures (MLSAG), and output amounts (communicated to recipients via ECDH) are concealed with Pedersen commitments and proven in a legitimate range with Bulletproofs.
While I want to assume good faith here, I find that the blockchain community often has a history of attempting to "smooth over problems" with lots of jargon and hoping for the best. This sentence, when run through Hemingway [3], gives it a post-graduate reading level. But that's not anything about the cryptography: the paragraph/sentence is simply unreadable to most people. It serves no purpose in the middle of this section.
While I'm sure you'll mention that this is a preview document, you're pointing people to it as the primary resource for people to learn "how the whole thing fits together."
Other warning signs that make me wary are everywhere.
The foundation about page has the Intel, Azure, and IBM logos under a "powered by" footer [4]. The meaning is ambiguous, and the intent is clear: you want to use these big tech company logos, because they're recognized. Yet, this is the exact same thing companies do when they're sponsored by other companies. To the untrained eye, these are indistinguishable things. Is MobileCoin sponsored by Intel, IBM, or Azure? If not, you should remove the logos. It feels like a "trust play." You're not linking to any sites or providing any information as to your relationships with these companies, but it seems like you just have cloud services with Azure and IBM, and use Intel SGX.
There's a typo on the "Foundation Trusted Nodes" page (two words slammed together): "MobileCoin Consensus is built on trust relationships between individuals and organizations who are running MobileCoin Consensus Validator Nodes.Determining" [5].
We wanted more guarantees around safety. Stellar isn't written in Rust and Rust has some very nice safety properties that we felt were valuable enough for a full-on rewrite. We also wanted to be able to hand-tune the performance of the system, and the only way we could really get to that level of control was to do it ourselves.
Finally, we wanted to perform consensus on encrypted values so that the nodes wouldn't be able to censor transactions.
Imagine I have a private key to an address with 10 coins. Imagine I spend the same amount of money (10 coins) on Mars and Earth at the same time. There is a 10-lightminute gap between Mars and Earth. Assume Mars and Earth have a similar number of Stellar nodes. What happens in Stellar Consensus?
Stellar actually does nothing to prevent double-spends as it is the consensus layer and not the ledger. The ledger prevents double spends in mobilecoin by using a proof called a "key image" which is part of CryptoNote (https://bytecoin.org/old/whitepaper.pdf). Essentially, a ring signature is produced by the user which says "one of these N transactions belong to me" and the key image proves that one of the members of the set is a valid transaction without revealing which transaction was valid (and preventing future reuse of the valid input).
If you can find a way to do ZK-proofs that work in the time constraints that we have (1-3 seconds end to end transaction completion and finality), then we'll switch to them. Right now this is the only way we could get the performance we wanted.
As someone who works on ZKPs, that's very doable :)
In a Zcash-style spend circuit, the bottleneck is typically the Merkle inclusion proof, which takes say 32 hashes (assuming a limit of 2^32 note commitments). If we're comfortable with using one of the newer arithmetic hashes like Poseidon, that's about 10k constraints. Any of the modern argument systems (Groth16, Plonk, STARKs, etc.) can give proof times well under a second with a circuit of that size. If we want to optimize further, we can get proof times down to around 10-20ms (single-threaded) by using an arithmetization that's carefully tailored to our circuit's bottlenecks.
If we stick with traditional primitives like SHA-256, the circuit becomes substantially larger, but with modern techniques we can at least get proof times under a second. Happy to talk through the options if it would be useful.
> The MobileCoin Consensus Protocol solves the Byzantine Agreement Problem by requiring each user to specify a set of peers that they trust, called a quorum. Quorums are based on the real-life trust relationships between individuals, businesses, and other organizations that compose the MobileCoin Network.
How does this solve network splits or honest disagreements?
Stellar is essentially a liquid democracy system similar to DNS. The core proof at the heart of David Mazieres paper is that in a densely interwoven graph, any set of nodes in a quorum slice reaching consensus is graph consensus. Regarding Sybil, nodes define their own trust relationships, so membership is open but not automatic.
> Regarding Sybil, nodes define their own trust relationships, so membership is open but not automatic.
Thanks for clarifying!
So you're expecting people to
- manually add peers to be able to use the network.
- manually monitor the said peers for if they do malicious transactions, and manually ban them if yes.
Right?
How is this supposed to work considering that:
- most users won't care about manually adding peers. They'll just add EVERYONE who offers to be added so they can be done with it and use the system.
- most users probably won't even understand what a malicious transaction is in the first place.
- the few who do will for sure not have the time to monitor a network which does dozens or in the future even thousands of transactions per second.
This seems just humanly impossible, there's by no means sufficient human time available to manually monitor a P2P network's content if the said content is super boring and complex.
If it were a distributed social network you could expect people to e.g. manually flag spam because using a social network implies reading the posts contained in it.
But manually reviewing money which strangers send to each other is boring as hell, who will do this?
As far as I can tell, "nodes define their own trust relationships" is true only when considering the protocol at an abstract level, or if you're building the code yourself. As a concrete end user using the Signal client, you don't actually get to define your own trust relationships; the app is just hardcoded to trust a specific list of servers, albeit somewhat protected by SGX. Please correct me if I'm wrong.
MobileCoin looks fantastic! Seems to solve the major pain points of Bitcoin: fast transactions, low transaction fees, private and no massive environmental impact with mining. Any ETA on when this will come to the USA?
”Running MobileCoin in an SGX enclave allows nodes to securely manage keys for users. A client can perform remote attestation to its MobileCoin node before transmitting its keys into the remote enclave along with a short recovery PIN. The MobileCoin node can then rate limit authenticated access to the keys, while the enclave prevents the node operator or anyone who compromises the node from circumventing the software and attempting to brute force access to the keys directly. In this way, user keys can reside safely in a node and survive across application reinstalls or lost devices, without having to trust the node operator or the security of the node computer, and without having to memorize or safely store extremely long recovery passphrases.”
> 5. Will I need to put my keys on a remote server to scan the blockchain for incoming transactions?
> Keys will never leave your mobile device. This is a challenging problem and we are very excited to share our solution when we release our mobile SDK software.
SGX is only used for an extra layer of privacy, beyond what any other currency offers. SGX is not used for the security of the currency. This criticism has been answered countless times.
Why does the FAQ 2. say i have to run consensus-service with intel SGX to participate with other validation nodes ? Doesn't that imply the consensus is dependent on SGX ?
MobileCoin isn't the only fast privacy coin in town - particl has most of the same features if not more, including a private ebay-style marketplace which should be ready for prime time in just over a month (all being well). And you can buy it on US exchanges today.
In practice, sure you can. You have to be careful about getting it back into the normal banking system if you want to do that; but you aren't going to be raided by the secret service for handing someone 30k in a parking lot (something I have done before)
No updates in the repo for over a year and no answers from the team. The whole crypto currency thing is also a red flag for me. Matrix seems to be the better option by now...
Just what are they trying to do? They are a non-profit which would make a money grab somewhat impractical. Are they worried they are going to get successfully forked or something?
Their unquestioned faith in Intel SGX is somewhat pathetic to be fair.
XMPP has issues on Android and iOS: the app needs to be running and connected to the server at all times to fetch new messages. iOS explicitly disallows this from what I understand, and on Android you are at the mercy of your OEM's battery optimizations unless you specifically keep the app running by pinning it or if the app has persistent notifications. Either way, not something that is easy to explain to normal users, meaning pain points arise very soon.
Matrix is a little more promising, but Element (at least on matrix.org servers) is slow, especially at scale.
Any chat app would have issues with battery optimizations. Solution is usually to use the mobile OS vendors push notification infrastructure. Work on that in XMPP started around 2015 and most popular clients and servers should have some support by now. It's tricky to make something nice while the platform is working against you tho, especially while those push notification systems use/d XMPP themselves.
This is either the mandela effect (I know for a fact that the server was stuck on "April 2020" for at least 6 months), or Signal intentionally hid development and then revealed it all when they realized it was bad PR.
I saw that not too long ago myself. Purely speculation here, but perhaps they opted not to publish any commits until they had a chance to have their MobileCoin implementation audited? Just wish they had been more forthcoming about why they were not pushing commits.
The UK already has faster payments in all major banks. I can send and receive money instantly from app or Web. Will yours be as fast as that?
The UK has a problem with authorised push payment fraud. Banks can recover funds which have been sent as a result of phishing / fraud. How can I reverse a payment on your platform if it was fraudulent?
The UK also has receiver verification. If I try to send to an account and it doesn't match the name I'm sending to, my bank will warn me. How do you stop impersonation?
There's no cost to sending payments on most mainstream banks. How much do you charge?
Most banks let the user block receiving payments from specific accounts. How do you stop harassers sending unwanted money?
>>The UK already has faster payments in all major banks. I can send and receive money instantly from app or Web. Will yours be as fast as that?
A: MobileCoin is as fast (or faster in some cases) than a bank payment in the UK with greater privacy. As far as settling back to Fiat, if that's what you're asking about, the velocity of that depends on on-ramp and off-ramp integrations which will come over time (but it looks like there's no reason MobileCoin can't help developers deliver payments at the same speed as banks).
>>The UK has a problem with authorised push payment fraud. Banks can recover funds which have been sent as a result of phishing / fraud. How can I reverse a payment on your platform if it was fraudulent?
A: Payments on MobileCoin cannot be reversed at the protocol level. If you want escrow and reversibility, you should use a wallet or payment service that supports those primitives. We believe that developers will build such services on top of the foundation of the MobileCoin protocol.
>>The UK also has receiver verification. If I try to send to an account and it doesn't match the name I'm sending to, my bank will warn me. How do you stop impersonation?
A: Signal relies on phone numbers for identities. Other apps that integrate MobileCoin may have a higher threshold for identification.
>>There's no cost to sending payments on most mainstream banks. How much do you charge?
A: Fees are set by the foundation (which has a stated goal of keeping transaction fees to around $.04 when the network isn't congested). Currently fees are higher as they need to be adjusted by a foundation vote.
>>Most banks let the user block receiving payments from specific accounts. How do you stop harassers sending unwanted money?
A: Signal doesn't allow people you haven't keypaired with to send you funds. If you have accepted a message request from someone, they can send you money.
Heads up, it would be useful on HN if you were to disclose your affiliations / interests when posting, especially about something like a cryptocurrency you helped design.
It gives readers a better sense of your ability to answer the questions accurately, in addition to letting people make assessments based on the potential conflict of interest.
Also, responding here and inviting discussion on a technical level is possibly the best thing you can do for perception of Mob, because this is a forum where those questions are likely to get asked.
Edit: I see you've done that in another post on this thread. Since we don't have anything like flair it would also help people who don't read the whole thread.
Yes, this originally was a child comment to the thread where I identified myself as the MobileCoin CEO. Dang merged two threads and this got separated from the top-level comment.
Who is in the foundation and what does the governance look like? Is there a plan to expand governance to the community?
I know the next question is signal specific but do you have any details on how they'll maintain privacy for pegging which is likely just to require an on/off ramp. Surely this is just no better if the majority of transactions have an associated log on an exchange?
This was my question too. I don’t really understand why the U.K. was chosen as the initial market. At least in the U.S. people are used to venmo and suchlike being services they might use. My guess is that either the cryptocurrency people are based in the U.K. or that whoever is in charge is viewing the country as something like America but easier to get started (anglophone but smaller market for testing or easier regulations or less competition) however I don’t think the U.K. is a good substitute for America in this case.
The one venmo-like thing people do use a lot in the U.K. is probably something like revolut for dealing with different currencies and international transfers (either for travel in Europe or for migrant workers sending earnings abroad for family or retirement). But a service that’s only available in the U.K. isn’t much use for that.
I also personally don’t really see the privacy use. I think I’m willing to give up a reasonably large amount of private information about the people on either side of a transaction if it is effective at reducing fraud and making transactions reversible.
America has AML and KYC and running an exchange that allows trades which dodge those requirements is a great path to men in black suits knocking on your door.
> Most banks let the user block receiving payments from specific accounts. How do you stop harassers sending unwanted money?
First time I read about that, how does this work in practice? A person regularly sends you small amounts such that all you see is their name whenever you log into your bank account?
Amongst other things it's a way to set up a narrative regarding some other fraudulent activity.
If you were regularly recieving money from someone, then it looks like you're in business with them - and you'd have a hard time pricing you're not if they then staged some other activities (i.e. shipping you stolen goods, which they then have stolen from your doorstep by an associate).
Not really. Someone steals money, sends them to you, your are having lots of trouble proving you are not an accomplice. If you are a government official, you can be framed as receiving a bribe.
In russia government can send your organisation money from abroad via an agent and then shut you down as a 'foreign agent'.
> In russia government can send your organisation money from abroad via an agent and then shut you down as a 'foreign agent'.
They could do this with traditional banking systems as well. Presumably the Russian government has a high degree of surveillance with regard to their domestic banks like every other nation in the world has. Creating a false financial trail is made slightly easier with crypto currencies, but for a nation state it's not hard to do with traditional banking systems.
Creating a false trail is far more difficult than asking some scoundrel send 100 euro while vacationing in Italy or Spain. Also, for a FSB operative it is an opportunity to go to spain to 'supervise' the operation, lol.
Think again. A criminal sends you a known amount of money, then you are seized and phone is searched, and you receive the exact amount of money a criminal had sent you.
Accepting unwanted money from someone can have serious consequences in many cases. In some cases it is illegal - for example, accepting certain types of political donations.
In cases where you've been sent unwanted money your obligation is typically to return it, but that specific type of use-case is often not considered when people design things. If you end up in a situation where anyone can send you money and you can't return it, you're in big trouble because the sender might be causing you to unintentionally get involved in a violation of the law and leave you without any method to undo it.
They basically only work if I'm on a great Wifi and the other side is too. As long as the connection isn't perfect, the only way to continue the conversation is on Whatsapp (or Zoom).
Everything on the internet is being corrupted with adding cryptocurrency scams where they absolutely don't belong, it turns Signal from an obvious recommendation into something that makes me hesitate. There's something to be said for focusing on doing one thing well, and that doesn't mean turning a communication platform into a kitchen sink.
Signal is competing against some big players in the messaging space, at least some of which have money transfers. As long as they abide by their principles and none of these features impact privacy, I don't see how it wouldn't be viewed as a win.
A case could be made for it being bloat, but most consumers don't care, and for Signal (or any messaging app) to be successful, it needs to appeal to the common denominator.
And frankly, if this means I can send money to a friend without Google getting yet more data about me, then even better.
Signal needs to be reliable, safe and have a low barrier of entry to achieve its goals of allowing widespread private communication. I thought that when I recommended that my peer group use it (at this point, all of my normal contacts use it extensively), I could trust that it would remain clearly focused on its mission- now I'll need to recommend it with a caveat to just click through the scam marketing, ICO offers and "airdrops".
You’re being really cynical in a way that doesn’t reflect the reality of the situation. This doesn’t entail scam marketing, ICO offers, and airdrops just because that’s something that happens in a lot of the rest of cryptocurrency space.
You missed the point. Even if Signal doesn't do the typical cryptocurrency scam behaviour, I now somehow need to try to explain to people why it is different to every other thing in the space that does act like that. On the face of it, if we assume that the inclusion of MobileCoin in Signal is completely benign, it's something that's never happened before.
Smoking causes cancer, but smoking these specific cigarettes won't. Do you see the problem with trying to describe such an absurd situation to somebody?
You're making a different point now though, you're saying that people will associate it with scams which will hurt adoption. You initially wrote that the UX would be so bad that you'd have to convince users to bear with it anyway.
I don't know how they implemented it on the client side, but it's possible they kept it light, as they've been doing since the beginning. We'll see soon enough.
In terms of reputation, this is a long-term battle. Signal used to be quite unreliable in a lot of aspects, and hurt adoption. Now it's much better, making the migration from other messengers way smoother. If they're able to implement safe, private and convenient payments, that's one feature other messengers won't have to lure users away from signal.
> You initially wrote that the UX would be so bad that you'd have to convince users to bear with it anyway. I don't know how they implemented it on the client side, but it's possible they kept it light, as they've been doing since the beginning. We'll see soon enough.
I think you're confusing UI and UX. Yes, the UI could be kept light but the user experience can still be confusing because a payments feature is… surprising. Why would a messaging app come with a payments feature if not to make money and exploit the user?
Not saying that this is happening here but this is what people think, i.e. the emotional experience.
> just click through the scam marketing, ICO offers and "airdrops"
That's what I meant by UX.
> user experience can still be confusing because a payments feature is… surprising
Everything new is "surprising", that's a low bar. Chat apps in China have had this feature for years now, and it's also a feature in WhatsApp, a direct Signal competitor.
If you're that concerned about third party processors, most banks and credit unions provide their customers a way to send money between people fairly simply.
Signal providing this functionality is scope creep.
Scope creep? Perhaps. But then so are voice calls, video calls, sending pictures, GIFs, etc. None of those things are core to the experience of sending "lol" to a friend. Despite the very correct statement that there already exist services which do those things.
Yet, those features have almost become synonymous with messaging apps. The market and consumers seem to want these services combined, so here we are. My point was that sending money is a feature that more and more messaging services have. Hangouts (or whatever the hell it is called these days), Whatsapp, Telegram, etc.
Personally, I would have liked it more if this wasn't tied to some no-name cryptocurrency, but oh well.
> Scope creep? Perhaps. But then so are voice calls, video calls, sending pictures, GIFs, etc. None of those things are core to the experience of sending "lol" to a friend. Despite the very correct statement that there already exist services which do those things.
I think those would all be considered in scope for a chat platform--theyre all various ways to share and communicate.
But they're not adding a "money" transfer option, they're adding a "MobileCoin" transfer option! For the overwhelming part of society, these are not interchangeable terms.
When people want to send "money" to other people, they usually imply that they want to send units of the local currency, like USD or EUR. And they usually imply that the value of these units should stay the same during transfer. If I want to pay my share of a restaurant visit to my friend who covered the check, I'd like the 30$ I'm sending to still hold enough value when they arrive in his bank account to actually cover my share. A cryptocurrency intermediate that swings +/- 20% in value within minutes (and that we both have to pay conversion fees in order to acquire/redeem for $) is of exactly no use at all for such a use case.
If they didn't use some random 'coin' no one has heard of I'd be on board. They're trying to compete in a bad way. They should simply just use Stripe and be done with it. People want an alternative to facebook messaging and PayPal. They don't want superfluous cryptos.
If they weren't using this as an opportunity to pump some shitcoin, this might make sense. Bitcoin Lightning integration would be much less suspect, for example, because A) it's already well established B) they're not going to make a quick buck off it.
Before you label MobileCoin a scam, I would encourage you to take a look at the Github. I think you'll see that we've made a lot of very carefully considered choices on how to deliver a great payments experience without many of the compromises other cryptocurrencies have chosen. Of note, the speed of transactions, much greener energy design, privacy-protections, and mobile-first UX are differentiators. Many cryptocurrencies have some of these features, but I don't know of any other that has all of them.
Believe me, I have a lot of feelings about how absurd cryptocurrency has become in the last decade. At its core, I still believe that there is something beautiful in decentralized ledgers and I think that this is the way that the world will settle debts over the next hundred years. Signal chose MobileCoin because nothing else met their performance and privacy standards. In order to meet those goals we wrote a lot of new technology that is fundamentally different from how other cryptocurrencies are architected today (check out our oblivious RAM implementation, for example: https://github.com/mobilecoinfoundation/fog).
I love Signal and I started MobileCoin to help fund their work. For me, a world with Signal in it is a better place.
> Signal chose MobileCoin because nothing else met their performance and privacy standards.
Signal has obvious financial connections to MobileCoin, something that frankly nobody else has ever heard of before today. I find it really difficult to believe that MobileCoin paying Moxie (which you've acknowledged), and Signal/Moxie happening to choose MobileCoin for inclusion in Signal when nobody wanted it was a coincidence. It's insulting to the intelligence of the reader to even make that claim.
> Before you label MobileCoin a scam, I would encourage you to take a look at the Github.
That's significant in this space, because it implies that he does not benefit directly[0] from speculation on MOB, and so has less incentives to get involved in a pump and dump.
What I would still like to see for more transparency:
- legal commitment from the Signal Foundation that no employee owns any MOB
- disclosure of money transfers between MobileCoin and any Signal Foundation employee
Maybe some of this information could already be extracted given the statuses of the entities involved?
[0]: he benefits indirectly because if MobileCoin stays up, he'll probably stay as a technical advisor
The article says “Marlinspike has served as a paid technical adviser for the project since its inception” in the same paragraph, so I would say the article is quite clear on the financial relationship.
The problem here is not that people think that MobileCoin is not a useful technology or is not innovative. From what you are describing it actually seems like a good combination of features that are particularly suited for the messaging use-case.
The problem is in the way the coins were pre-mined. It seems (we don't really know from the outside) that the knowledge that Signal would be using MobileCoin has been known early on. With that knowledge it is very easy to make money by pre-mining coins. The proper analogy here is insider trading. It is immoral and that is why people are calling this a scam.
Agree. It would be OK to make Signal able to integrate payment systems and make this thing compatible with that or with any other comm that implements the interface. Tying them together is pernicious.
Anyway Signal is itself pernicious by being tied to a phone number and to Google Play services, and by being very choosy about who gets ports.
I had high hopes for Matrix, once they got E2EE, but they have flubbed that by requiring a very heavyweight bounce server that won't fit on (e.g.) your typical home router or super-cheap cloud VM. Matrix should enable a place to keep your message archive independent of the bounce server, and allow gatewaying a non-public storage service via the lightweight bounce service.
But Element.io's business model is tied to heavy-weight bounce service.
Mastodon, Matrix and others suffer that issue greatly. You can't really run single-user instances without running a gigantic installation, when a minimal implementation of their protocols should have no footprint to speak of.
That was the case a few years ago. Matrix' server software has improved a lot since then. It doesn't use much resources anymore. Though there still is a large CPU spike when I join a really large room (500+ users) for the first time.
Just as a quick note, I run Synapse (the heavyweight server, not Dendrite the light-weight one!) for myself and a few friends on a modest 1GB of RAM VPS with a few bridges and have no problems. Looking forward to Dendrite getting feature-parity and swapping over to be even lighter.
speaking as CEO of Element, our business model is really not tied to Synapse being heavyweight at all - just the opposite. We provide Synapse hosting starting at $2/user/month, and so it's critical that running a server (including sysadmin) costs us as little as possible in order to be above water. We're not competing against self-hosters, but catering to folks who aren't sysadmins and so want us to host for them.
And as others have said, Synapse really isn't that heavyweight these days (thanks in part to the performance improvements driven by Element!)
> Anyway Signal is itself pernicious by being tied to a phone number and to Google Play services
It's not tied to Google Play Services, you can download a standalone version from signal.org. As for phone numbers, the developers have been working on getting rid of them for a while now – there's already a good amount of code on GitHub.
With all due respect your comment seems to be coming from an extremely privileged position. In many parts of the world, people do not have the luxury of basic banking, where storing and sending money is fraught with risk due to corruption and a lack of infrastructure. Take a look at M-PESA [1] for a "last-gen" solution using SMS.
I think what Signal is doing with MOB is pretty important work for many non-western countries, and I wish them all the best.
Crypto currencies don’t really solve the problems with a lack of banking infrastructure. Usually people need some way to get actual physical cash (remember, we’re talking about places where people don’t really have access to modern banking systems, not places where most people have bank accounts and credit cards) in and out of the system. It’s a nice idea if everything magically happens in your digital system but I don’t think that can happen without a credible way to bootstrap it involving lots of moving physical cash first. I don’t think it’s credible to hope for third party exchanges or tiny local businesses to provide these services, and I also don’t think it is credible to expect people living in these underdeveloped places to take on the risk of price volatility in some random cryptocurrency.
Cryptocurrencies don't solve third world banking, at all. You still get paid in fiat, which you then have to convert to crypto (using a bank), and you will never be able to have most people get paid in crypto because then the government can't get taxes reliably (thus they will ban it).
"Please don't post shallow dismissals, especially of other people's work. A good critical comment teaches us something."
"When disagreeing, please reply to the argument instead of calling names. 'That is idiotic; 1 + 1 is 2, not 3' can be shortened to '1 + 1 is 2, not 3.'"
I don't think Signal has any plans to scan your driver's license. What they've built is a non-custodial wallet (IE, they can't help you if you lose your keys, and they have no ability to authorize or deny a payment on your behalf).
In my opinion a lot of the spicy regulatory issues around coins with private transactions are still not fully realized because none of them have mainstream adoption. The problem here is that Signal's goal to succeed as a mainstream encrypted messaging client could have the unpleasant side effect of bringing this technology under regulatory scrutiny.
Hopefully things won't come to that, of course...
And they need to exhaustively verify who is really buying these to be sure they really aren’t in the US so they don’t end up in a Bitmex style situation.
The larger problem here for Signal is US legal claims could nuke it off the (very) centralized Apple App Stores and Google Play Store. Then what?
> To try to tame that volatility problem, Marlinspike and Goldbard say they imagine adding a feature in the future that will automatically exchange users' payments in dollars or another more stable currency for MobileCoin only when they make a payment, and then exchange it back on the recipient's side—though it's not yet clear if those trades could be made without leaving a trail that might identify the user.
Then why use Signal at all? You had to have KYC to get a phone number in most countries which you had to give to Signal which could expose your location etc via tower pings to anyone you communicate with unless you port it to a VoIP number (how many know how to do that?)
You also had to provide a phone number to get a Google or Apple account to install Signal because anonymous signed install methods are not supported, which moxie says is intentional to collect analytics.
Signal may have end to end encryption but being anonymous is a clear non goal.
>You also had to provide a phone number to get a Google or Apple account to install Signal because anonymous signed install methods are not supported, which moxie says is intentional to collect analytics.
Signal distributes a standalone APK for android, which does function without google play services.
Yes it functions, like on my de-Googled Pixel 3a running GrapheneOS. But it's not particularly reliable in my experience, especially if you don't have the gapps services.
You must turn on Untrusted Sources which disables meaningful signature verification.
Now you must hope you don't get MITMed every time you update.
It is a joke they seriously expect people to sideload.
They need to provide a deterministic and easily auditable F-Deoid repo or let the F-Droid team compile/sign it for them.
Neither will happen though because moxie has been very open about the fact he wants the analytics that comes with google/apple tracked installs, user privacy be damned.
Not entirely true. On recent versions of Android, you are asked to give "install untrusted apps" permission on a per-source basis (e.g. I downloaded an apk from Chrome, now I have to allow Chrome to be a source of installable apks).
Also, it doesn't disable signature verification at all -- it just changes to what is essentially a TOFU model. You can verify this by installing, say, NewPipe from vanilla Fdroid, then adding the NewPipe repo and installing a build from there. It will fail unless you completely remove the original app (from all the profiles on the device!) and install the new one afterwards. This is due to different signatures between repos.
In any case, I agree with your wider point about Signal's rather concerning distribution strategy. I would like to see inclusion in Fdroid, or at least a custom third-party repository. Unlikely though.
You don't need to KYC as it's just a mobile wallet — same with all the other crypto wallets out there. I'd be surprised if Signal integrated features in the future that require KYC.
You already need KYC in form of a phone number that can receive SMS. In many countries, that is not possible without government ID and being a resident.
In my country it’s actually easier to legally open a verified trading account on a local cryptocurrency exchange than it is to get a voice/SMS SIM if you’re not a registered local resident.
Moxie, as an individual, is a paid technical advisor to MobileCoin but the reality is that we could never pay Moxie what his time is worth. I am thankful that he has chosen to help make this project a reality.
And a reason surfaced to continue to connect users to their phone numbers...
>>The UK also has receiver verification. If I try to send to an account and it doesn't match the name I'm sending to, my bank will warn me. How do you stop impersonation?
A: Signal relies on phone numbers for identities. Other apps that integrate MobileCoin may have a higher threshold for identification.
Signal is entirely centralized and Moxie runs the organization.
For all intents and purposes Moxie is 100% in control of the Signal network and could shut it down or release a malicious update that plaintexts messages at any time.
I've been a longtime signal user (since the textsecure/redphone days).
I've always given moxie a pass on his controversial decisions (no federalisation, no 3rd party clients, no fdroid repo, relying on Google play services, being slow to release serverside source code) because the team was small and obviously had to cut corners somewhere.
But learning that they spent their time adding support for a (premined?) cryptocurrency just because it's Moxie's pet project is disheartening.
What are the odds that this would've been merged into the project if it had been a merge request opened by someone from the outside?
What are your (you guys) opinions on Session (https://getsession.org/), the Signal clone that uses Tor, and no phone numbers? Any significant downsides? Anybody know the team there and can speak on their trustworthiness, longer term intentions etc? What about the code they've added? Anybody review that? At a quick glance it looks like a decent but less user friendly alternative (no phone numbers - good for privacy, bad for grandma's to be able to adopt it easily). Thanks.
According to coinmarketcap, MobileCoin's "Fully Diluted Market Cap is $15,638,578,369.65". If we take a conservative assumption of a 1% advisor grant (which would be very conservative for a system that has been pitching signal integration as its primary feature for years), then that would put the value of the integration at around $150 million today (or tens of millions a few weeks ago).
I am incredibly disappointed in the Signal team. I don't want cryptocurrencies (or even any payments!) in my primary text app. Crypto/blockchain is fine, but if I want to use it I'll download a different app.
I'm finding this announcement creates some uncertainty in my head about Signal's long-term future.
> Signal Foundation is a 501c3 nonprofit. We’re proud of that designation and we’re out to prove that a nonprofit can innovate and scale as well as any business driven by a profit motive.
Yep, that is one option, though that doesn't seem like the route Moxie wants to take from what I've seen. He seems to think that you need a cohesive centralized platform if you want to be competitive (2016)[1].
At this point if you want federated it probably makes more sense to just use Matrix.
IMO Signal/Moxie "advises" this project, so to me this seems like their way of cashing out (I'm assuming they hold the majority of coins), given that Signal itself is a not-for-profit organization. At least that's what I'd do if I were Moxie.
There are 250 million units of mobilecoin, and majority of them are owned by the founders. Only 37.5 million have been distributed. With current price ($65), they're worth $14B already. This makes the project a scam and impossible for it to work as a reliable money that holds value. Bitcoin had no pre-mine and has been fairly distributed from the start.
On the other hand, these comments are only met with responses indicating that the source for that is an old whitepaper without any more information. While the person replying is the MobileCoin CEO. So they at least try to embellish the current situation in some way. Which doesn't tell me much good.
I don't know if crypto is good or bad, but I can't imagine this feature driving Signal uptake. It would be better to focus on allowing ordinary payments in GBP via Signal. Even if the payments themselves weren't private, the messages still would be.
I can't wait till we stop sprinkling bitcoin over everything. At least when we go back to ads we'll stop getting the spam from bots trying to claim their free $0.00003 in cryptocoin of the week
On some level, they can't prevent you from just using the backend. Unfortunately just maintaining a fork with different branding is essentially a full time job, I used to do this so that I could use a work and personal number in two instances of the app but it was too much effort to be worthwhile.
>>Those outputs contain the entire original supply of MobileCoin (250 million MOB)[1]
Is the entire supply of 250M MOB available for sale on FTX, or is only a restricted number of MOB tokens available for sale to UK residents? Is it fair to assume that the MobileCoin Foundation has no plans for an airdrop (unlike Stellar)?
A majority of the supply of MobileCoins is available for purchase at https://www.buymobilecoin.com. We have many plans for how to help users get coins but none that we are prepared to disclose today beyond the aforementioned website.
> MobileCoin also remains even more volatile than older cryptocurrencies, with constant price swings that will significantly change the balances in a user's Signal wallet over the course of days or even hours—hardly the sort of issue that Venmo users have to deal with. (Since March 27, MobileCoin's value has shot up nearly 600 percent, possibly due to rumors of the impending Signal integration or possibly the result of a "short-squeeze.")
> To try to tame that volatility problem, Marlinspike and Goldbard say they imagine adding a feature in the future that will automatically exchange users' payments in dollars or another more stable currency for MobileCoin only when they make a payment, and then exchange it back on the recipient's side—though it's not yet clear if those trades could be made without leaving a trail that might identify the user. "There's a world where maybe when you receive money, it can optionally just automatically settle into a pegged thing," Marlinspike says. "And then when you send money it converts back out."
The project is brand-new, what do you expect? In any case, the end-game is to use MOB for the transaction and instantly convert to fiat, so volatility would not be of concern to the end-user
Exactly. Inside MobileCoin, transaction amounts are disguised. But if every MobileCoin transaction is preceded and succeeded by conversion into national currency at a centralized exchange (to whom you are not anonymous) then using MobileCoin becomes completely pointless.
Are there any tax implications of sending someone cryptocurrency that has appreciated? Say you owned 1 million in mobilecoin a month ago that is now 6 million, can you just send it to someone and avoid the capital gains tax? And if not, do apps like Signal have to report these earnings on transfer from mobilecoin to USD? (since signal plans to facilitate it in some way)
This is going to vary from country to country. Sometimes, only the conversion to fiat is taxed. I think that generally any transfer to another person is taxed too ?
The arguments against federation would also apply to this solution. Given that they don't like federation, it's logical that they also reject this approach for their payment solution.
664 comments
[ 3.1 ms ] story [ 586 ms ] threadI'm the CEO of MobileCoin. If anyone has any questions please feel free to ask here. We've been working on this project for four years and it has been a labor of love. There's a lot of new technology here.
We exist in a highly regulated space so it's possible some questions will require reaching out to lawyers to make sure we answer them in a way that's compliant so please don't feel offended if a response takes a while to come back.
The best set of docs for how the whole thing fits together is our book "The Mechanics of MobileCoin"[0].
We'll be around here and on our forums [1] to answer questions. Please also check out our foundation website[2]. The github[3] is also a lot of fun, especially the section on Fog[4].
[0]https://github.com/UkoeHB/Mechanics-of-MobileCoin/blob/maste...
[1]https://community.mobilecoin.foundation
[2]https://mobilecoin.foundation
[3]https://github.com/mobilecoinfoundation/mobilecoin
[4]https://github.com/mobilecoinfoundation/fog
[1] https://support.cloudflare.com/hc/en-us/articles/200172706-C...
https://www.cynicusrex.com/file/cryptocultscience.html
Often repeated but false. Early adopters mine or buy large proportions at negligible prices while late adopters mine or buy negligible proportions at large prices.
The same is true for stocks, gold, and pretty much anything else you can invest in.
In retrospect it would have been a good deal to buy AAPL for $1.50 in 2005, but what can you do. That doesn't make Apple a ponzi scheme.
Other way of saying it, is that early participants in a pyramid scheme don’t have guarantees that they’ll find enough people for the scheme to be successful.
1. how does MobileCoin make money?
2. how many coins do you / does MobileCoin own?
3. related to that, are there mechanisms in place to prove that this is not a pump and dump? Or simply, how do I know it's not one and it's here for the long-term?
4. what's the threat model of the blockchain you're using? E.g. for Bitcoin, the chain is compromised once 51% of the hashing rate belongs to collaborative evil miners (as a rough approximation). What about MobileCoin? When would something bad happen? How is it prevented?
5. how does MobileCoin compare with privacy-oriented cryptocurrencies such as Monero?
P.S.: you might wanna add a F.A.Q. section somewhere for the questions I've mentioned and the others in this HN thread, right now we either have to blindly trust the claims on https://www.mobilecoin.com/ or going through the 133 pages of https://github.com/UkoeHB/Mechanics-of-MobileCoin, there should be some intermediate tech documentation (or does it exist already?)
MobileCoin pre-mined the coins and is selling them to users. According to other comments, they hold 85% of the coins.
The CEO is commenting in this thread with a link to buy the coins. They make money by selling these coins.
MobileCoin isn't even on the list of cryptocurrencies you can make a donation in.. which makes this seem more like a cash grab rather than something that was thought out.
2) I have to check with the lawyers on whether we can disclose exact amounts, but our intention is to own a small minority of coins over the long term. We want the supply to circulate.
3) I don’t know how to prove this other than to tell you that MobileCoin is here to stay. You’ll know us by our deeds.
4) the threat model is 100% of nodes being compromised with an active attack against SGX. If there is even a single honest machine, the network will scream on any fault.
5) MobileCoin is fast and privacy-protecting (and it works on mobile without consuming tons of energy). There aren’t any other cryptocurrencies that presently fit that bill.
Shameful.
This smells of centralisation.
I know Moxie seems to put near-complete trust in SGX, but many security professionals don't.
My question, to both you and (especially) Moxie: Why do you trust Intel SGX so much (for Signal but now also MobileCoin)? Why are you not worried about vulnerabilities? As you're surely aware, even Matt Green who is/used to be(?) the biggest fan of Signal[0] is very concerned[1] about SGX. I don't question your intentions but the fact that Signal as an organization has stayed completely silent about this is… worrisome and at the very least taints its reputation of openness and trustworthiness. With MobileCoin now relying on it, too (more or less), this only seems to be getting worse.
[0]: http://web.archive.org/web/20200201112751/https://signal.org...
[1]: https://blog.cryptographyengineering.com/2020/07/10/a-few-th...
What is the identity and distribution behind the current mobilecoin nodes? What are the requirements for running a node? Since there is no node rewards how will nodes funded in the long term (10+ years)?
Does mobilecoin employ something similar to Dandelion++? What prevents nodes or those running fog from performing timing based attacks? Is mobilecoin suseptable to any other attacks (e.g. Poisoned output, subaddress association)?
How will the mobilecoin foundation and continued development be funded in the long term (10+ years)?
If SGX is found to be vulnerable/no longer fit for purpose is there a mitigation plan?
1: https://news.ycombinator.com/item?id=26715348
Why does it make sense to integrate MobileCoin into anything? Why not use Monero or zCash? Sure, you can definitely explain this to me, but nothing explains that to general people on your GitHub page. Same thing on your foundation page, which simply has logos and "Private Payments for everyone" [1].
I've spent a lot of time working on blockchain and perceptually, it feels like you're trying to sell snake oil here. For example, the mechanics paper [2] starts with "Cryptography. It may seem like only mathematicians and computer scientists have access to this obscure, esoteric, powerful, elegant topic." Cryptography is a tool. What's obscure about it? People are using it right this second. Why is it esoteric?
The paper then continues with a brief overview of 'blockchains' (why the scare quotes?). In the same paragraph, it states that the purpose of blockchains is that "no piece of money can be duplicated or created at will" but this is only one of many points of the entire point of a blockchain. Why does it not explore other facets of blockchains if the goal is to be introductory?
Then, in the fifth paragraph, the paper remembers that people may not be reading this for the first time with no experience, and suddenly jumps up to 11, with this paragraph. Note, this paragraph is one single 91-word jargon-filled sentence:
> MobileCoin is a standard one-dimensional directed acyclic graph (DAG) cryptocurrency blockchain, where blocks are consensuated with an implementation of the Stellar Consensus Protocol, transactions are validated in SGX secure enclaves and are based on elliptic curve cryptography using the Ristretto abstraction on curve E25519, transaction inputs are shown to exist in the blockchain with Merkle proofs of membership and are signed with Schnorr-style multilayered linkable spontaneous anonymous group signatures (MLSAG), and output amounts (communicated to recipients via ECDH) are concealed with Pedersen commitments and proven in a legitimate range with Bulletproofs.
While I want to assume good faith here, I find that the blockchain community often has a history of attempting to "smooth over problems" with lots of jargon and hoping for the best. This sentence, when run through Hemingway [3], gives it a post-graduate reading level. But that's not anything about the cryptography: the paragraph/sentence is simply unreadable to most people. It serves no purpose in the middle of this section.
While I'm sure you'll mention that this is a preview document, you're pointing people to it as the primary resource for people to learn "how the whole thing fits together."
Other warning signs that make me wary are everywhere.
The foundation about page has the Intel, Azure, and IBM logos under a "powered by" footer [4]. The meaning is ambiguous, and the intent is clear: you want to use these big tech company logos, because they're recognized. Yet, this is the exact same thing companies do when they're sponsored by other companies. To the untrained eye, these are indistinguishable things. Is MobileCoin sponsored by Intel, IBM, or Azure? If not, you should remove the logos. It feels like a "trust play." You're not linking to any sites or providing any information as to your relationships with these companies, but it seems like you just have cloud services with Azure and IBM, and use Intel SGX.
There's a typo on the "Foundation Trusted Nodes" page (two words slammed together): "MobileCoin Consensus is built on trust relationships between individuals and organizations who are running MobileCoin Consensus Validator Nodes.Determining" [5].
So, I suppose, if I had a question, it's...
There's a missing reference on p. 61 (physical page 68)
> ...Chapter ?? discusses how enclaves fit into the broader picture of consensuating transactions and growing the MobileCoin blockchain.
I assume it means chapter 10.
https://github.com/UkoeHB/Mechanics-of-MobileCoin/blob/maste... << Page 81 is where you want to go.
Or did you modify it to fit a different use case?
(thanks for answering questions!)
Finally, we wanted to perform consensus on encrypted values so that the nodes wouldn't be able to censor transactions.
Imagine I have a private key to an address with 10 coins. Imagine I spend the same amount of money (10 coins) on Mars and Earth at the same time. There is a 10-lightminute gap between Mars and Earth. Assume Mars and Earth have a similar number of Stellar nodes. What happens in Stellar Consensus?
In a Zcash-style spend circuit, the bottleneck is typically the Merkle inclusion proof, which takes say 32 hashes (assuming a limit of 2^32 note commitments). If we're comfortable with using one of the newer arithmetic hashes like Poseidon, that's about 10k constraints. Any of the modern argument systems (Groth16, Plonk, STARKs, etc.) can give proof times well under a second with a circuit of that size. If we want to optimize further, we can get proof times down to around 10-20ms (single-threaded) by using an arithmetization that's carefully tailored to our circuit's bottlenecks.
If we stick with traditional primitives like SHA-256, the circuit becomes substantially larger, but with modern techniques we can at least get proof times under a second. Happy to talk through the options if it would be useful.
1) Creating a backup of their wallet on disk.
2) Sending their coins somewhere, but not broadcasting the transaction to the network, instead storing it in a file.
3) Restoring from the backup
4) Sending the coins to a different address = double spending them.
5) Broadcasting the transactions in a very close timespan to conduct the double-spend.
The network needs to prevent this by storing, in an non-forge-able fashion such as PoW, which transaction happened first.
How does your system guarantee that?
https://github.com/mobilecoinfoundation/mobilecoin/tree/mast...
How does this solve network splits or honest disagreements?
How do you prevent the sybil attack then if there is no scarcity?
I.e. what prevents an individual from spinning up 10 million nodes to get more voting power?
Thanks for clarifying!
So you're expecting people to
- manually add peers to be able to use the network.
- manually monitor the said peers for if they do malicious transactions, and manually ban them if yes.
Right?
How is this supposed to work considering that:
- most users won't care about manually adding peers. They'll just add EVERYONE who offers to be added so they can be done with it and use the system.
- most users probably won't even understand what a malicious transaction is in the first place.
- the few who do will for sure not have the time to monitor a network which does dozens or in the future even thousands of transactions per second.
This seems just humanly impossible, there's by no means sufficient human time available to manually monitor a P2P network's content if the said content is super boring and complex.
If it were a distributed social network you could expect people to e.g. manually flag spam because using a social network implies reading the posts contained in it.
But manually reviewing money which strangers send to each other is boring as hell, who will do this?
Storing keys in SGX and using attestation to ensure only valid nodes access them is significantly more secure than not using the SGX.
Using SGX gives a Signal user’s phone the same level of security as using a hardware wallet like Ledger Nano.
”Running MobileCoin in an SGX enclave allows nodes to securely manage keys for users. A client can perform remote attestation to its MobileCoin node before transmitting its keys into the remote enclave along with a short recovery PIN. The MobileCoin node can then rate limit authenticated access to the keys, while the enclave prevents the node operator or anyone who compromises the node from circumventing the software and attempting to brute force access to the keys directly. In this way, user keys can reside safely in a node and survive across application reinstalls or lost devices, without having to trust the node operator or the security of the node computer, and without having to memorize or safely store extremely long recovery passphrases.”
https://mixin.one/assets/MobileCoin-Whitepaper-EN_FINAL.pdf
> 5. Will I need to put my keys on a remote server to scan the blockchain for incoming transactions?
> Keys will never leave your mobile device. This is a challenging problem and we are very excited to share our solution when we release our mobile SDK software.
[1] particl.io
Because I can get bank notes from an ATM and pay anyone in cash without having an intermediary verify my identity when money changes hands.
Haven’t seen the git updated in a while.
No updates in the repo for over a year and no answers from the team. The whole crypto currency thing is also a red flag for me. Matrix seems to be the better option by now...
Their unquestioned faith in Intel SGX is somewhat pathetic to be fair.
Matrix is a little more promising, but Element (at least on matrix.org servers) is slow, especially at scale.
Wayback Machine for March 11: http://web.archive.org/web/20210311053716/https://github.com...
The UK has a problem with authorised push payment fraud. Banks can recover funds which have been sent as a result of phishing / fraud. How can I reverse a payment on your platform if it was fraudulent?
The UK also has receiver verification. If I try to send to an account and it doesn't match the name I'm sending to, my bank will warn me. How do you stop impersonation?
There's no cost to sending payments on most mainstream banks. How much do you charge?
Most banks let the user block receiving payments from specific accounts. How do you stop harassers sending unwanted money?
Thanks!
A: MobileCoin is as fast (or faster in some cases) than a bank payment in the UK with greater privacy. As far as settling back to Fiat, if that's what you're asking about, the velocity of that depends on on-ramp and off-ramp integrations which will come over time (but it looks like there's no reason MobileCoin can't help developers deliver payments at the same speed as banks).
>>The UK has a problem with authorised push payment fraud. Banks can recover funds which have been sent as a result of phishing / fraud. How can I reverse a payment on your platform if it was fraudulent?
A: Payments on MobileCoin cannot be reversed at the protocol level. If you want escrow and reversibility, you should use a wallet or payment service that supports those primitives. We believe that developers will build such services on top of the foundation of the MobileCoin protocol.
>>The UK also has receiver verification. If I try to send to an account and it doesn't match the name I'm sending to, my bank will warn me. How do you stop impersonation?
A: Signal relies on phone numbers for identities. Other apps that integrate MobileCoin may have a higher threshold for identification.
>>There's no cost to sending payments on most mainstream banks. How much do you charge?
A: Fees are set by the foundation (which has a stated goal of keeping transaction fees to around $.04 when the network isn't congested). Currently fees are higher as they need to be adjusted by a foundation vote.
>>Most banks let the user block receiving payments from specific accounts. How do you stop harassers sending unwanted money?
A: Signal doesn't allow people you haven't keypaired with to send you funds. If you have accepted a message request from someone, they can send you money.
It gives readers a better sense of your ability to answer the questions accurately, in addition to letting people make assessments based on the potential conflict of interest.
Also, responding here and inviting discussion on a technical level is possibly the best thing you can do for perception of Mob, because this is a forum where those questions are likely to get asked.
Edit: I see you've done that in another post on this thread. Since we don't have anything like flair it would also help people who don't read the whole thread.
I know the next question is signal specific but do you have any details on how they'll maintain privacy for pegging which is likely just to require an on/off ramp. Surely this is just no better if the majority of transactions have an associated log on an exchange?
The one venmo-like thing people do use a lot in the U.K. is probably something like revolut for dealing with different currencies and international transfers (either for travel in Europe or for migrant workers sending earnings abroad for family or retirement). But a service that’s only available in the U.K. isn’t much use for that.
I also personally don’t really see the privacy use. I think I’m willing to give up a reasonably large amount of private information about the people on either side of a transaction if it is effective at reducing fraud and making transactions reversible.
First time I read about that, how does this work in practice? A person regularly sends you small amounts such that all you see is their name whenever you log into your bank account?
If you were regularly recieving money from someone, then it looks like you're in business with them - and you'd have a hard time pricing you're not if they then staged some other activities (i.e. shipping you stolen goods, which they then have stolen from your doorstep by an associate).
Imagine getting a dozen messages saying
£0.01 From: Your Stalker Ex. Ref: I just want you back!
Or similar. It's a real problem.
idk, but this sounds like a great problem to have.
I myself will take all the spam you can send at 50 cents per message. ( I already sort about $200 worth of free spam daily at that rate)
I can imagine some other folks could set them at min 5 dollars per attached message and get use of such a thing.
Now wonders if an email layer can be added to transactions with this coin and a reply that can serve other digital assets..
patreon without the fees? onlyfans without the (insert their cut plus visa/mc cut here) - email with little to no spam..
I'm ready to help make this a thing.
In russia government can send your organisation money from abroad via an agent and then shut you down as a 'foreign agent'.
They could do this with traditional banking systems as well. Presumably the Russian government has a high degree of surveillance with regard to their domestic banks like every other nation in the world has. Creating a false financial trail is made slightly easier with crypto currencies, but for a nation state it's not hard to do with traditional banking systems.
In cases where you've been sent unwanted money your obligation is typically to return it, but that specific type of use-case is often not considered when people design things. If you end up in a situation where anyone can send you money and you can't return it, you're in big trouble because the sender might be causing you to unintentionally get involved in a violation of the law and leave you without any method to undo it.
If so, maybe make that more clear or prominent?
Everything on the internet is being corrupted with adding cryptocurrency scams where they absolutely don't belong, it turns Signal from an obvious recommendation into something that makes me hesitate. There's something to be said for focusing on doing one thing well, and that doesn't mean turning a communication platform into a kitchen sink.
A case could be made for it being bloat, but most consumers don't care, and for Signal (or any messaging app) to be successful, it needs to appeal to the common denominator.
And frankly, if this means I can send money to a friend without Google getting yet more data about me, then even better.
Smoking causes cancer, but smoking these specific cigarettes won't. Do you see the problem with trying to describe such an absurd situation to somebody?
You're making a different point now though, you're saying that people will associate it with scams which will hurt adoption. You initially wrote that the UX would be so bad that you'd have to convince users to bear with it anyway.
I don't know how they implemented it on the client side, but it's possible they kept it light, as they've been doing since the beginning. We'll see soon enough.
In terms of reputation, this is a long-term battle. Signal used to be quite unreliable in a lot of aspects, and hurt adoption. Now it's much better, making the migration from other messengers way smoother. If they're able to implement safe, private and convenient payments, that's one feature other messengers won't have to lure users away from signal.
I think you're confusing UI and UX. Yes, the UI could be kept light but the user experience can still be confusing because a payments feature is… surprising. Why would a messaging app come with a payments feature if not to make money and exploit the user?
Not saying that this is happening here but this is what people think, i.e. the emotional experience.
> just click through the scam marketing, ICO offers and "airdrops"
That's what I meant by UX.
> user experience can still be confusing because a payments feature is… surprising
Everything new is "surprising", that's a low bar. Chat apps in China have had this feature for years now, and it's also a feature in WhatsApp, a direct Signal competitor.
Signal providing this functionality is scope creep.
Yet, those features have almost become synonymous with messaging apps. The market and consumers seem to want these services combined, so here we are. My point was that sending money is a feature that more and more messaging services have. Hangouts (or whatever the hell it is called these days), Whatsapp, Telegram, etc.
Personally, I would have liked it more if this wasn't tied to some no-name cryptocurrency, but oh well.
I think those would all be considered in scope for a chat platform--theyre all various ways to share and communicate.
When people want to send "money" to other people, they usually imply that they want to send units of the local currency, like USD or EUR. And they usually imply that the value of these units should stay the same during transfer. If I want to pay my share of a restaurant visit to my friend who covered the check, I'd like the 30$ I'm sending to still hold enough value when they arrive in his bank account to actually cover my share. A cryptocurrency intermediate that swings +/- 20% in value within minutes (and that we both have to pay conversion fees in order to acquire/redeem for $) is of exactly no use at all for such a use case.
The founder of Signal actually created MobileCoin.
https://www.wired.com/story/mobilecoin-cryptocurrency/
Before you label MobileCoin a scam, I would encourage you to take a look at the Github. I think you'll see that we've made a lot of very carefully considered choices on how to deliver a great payments experience without many of the compromises other cryptocurrencies have chosen. Of note, the speed of transactions, much greener energy design, privacy-protections, and mobile-first UX are differentiators. Many cryptocurrencies have some of these features, but I don't know of any other that has all of them.
Believe me, I have a lot of feelings about how absurd cryptocurrency has become in the last decade. At its core, I still believe that there is something beautiful in decentralized ledgers and I think that this is the way that the world will settle debts over the next hundred years. Signal chose MobileCoin because nothing else met their performance and privacy standards. In order to meet those goals we wrote a lot of new technology that is fundamentally different from how other cryptocurrencies are architected today (check out our oblivious RAM implementation, for example: https://github.com/mobilecoinfoundation/fog).
I love Signal and I started MobileCoin to help fund their work. For me, a world with Signal in it is a better place.
Signal has obvious financial connections to MobileCoin, something that frankly nobody else has ever heard of before today. I find it really difficult to believe that MobileCoin paying Moxie (which you've acknowledged), and Signal/Moxie happening to choose MobileCoin for inclusion in Signal when nobody wanted it was a coincidence. It's insulting to the intelligence of the reader to even make that claim.
> Before you label MobileCoin a scam, I would encourage you to take a look at the Github.
What would that tell me?
https://news.ycombinator.com/item?id=26715013
This seems incompatible with the spirit of the quote in the article.
What I would still like to see for more transparency:
- legal commitment from the Signal Foundation that no employee owns any MOB
- disclosure of money transfers between MobileCoin and any Signal Foundation employee
Maybe some of this information could already be extracted given the statuses of the entities involved?
[0]: he benefits indirectly because if MobileCoin stays up, he'll probably stay as a technical advisor
What about the LLC?
https://en.wikipedia.org/wiki/Signal_Foundation
I don't care about your cryptocurrency. I don't care about your cryptocurrency being offered in my messenger.
Let me put it plain and simple. You bring nothing to the table for me but liability.
Nothing. But. Liability.
Signal's one and only feature is security. This feature is a joke, and devalues Signal.
The post went off HN's front page because it set off the flamewar detector.
The problem here is not that people think that MobileCoin is not a useful technology or is not innovative. From what you are describing it actually seems like a good combination of features that are particularly suited for the messaging use-case.
The problem is in the way the coins were pre-mined. It seems (we don't really know from the outside) that the knowledge that Signal would be using MobileCoin has been known early on. With that knowledge it is very easy to make money by pre-mining coins. The proper analogy here is insider trading. It is immoral and that is why people are calling this a scam.
https://twitter.com/fluffypony/status/1379559273504641025
I guess the whitepaper mentions it, but that isn't suprising considering koe wrote it.
Anyway Signal is itself pernicious by being tied to a phone number and to Google Play services, and by being very choosy about who gets ports.
I had high hopes for Matrix, once they got E2EE, but they have flubbed that by requiring a very heavyweight bounce server that won't fit on (e.g.) your typical home router or super-cheap cloud VM. Matrix should enable a place to keep your message archive independent of the bounce server, and allow gatewaying a non-public storage service via the lightweight bounce service.
But Element.io's business model is tied to heavy-weight bounce service.
Also anyone can run their own servers, and Dendrite can run on very modest hardware like a Raspi.
And as others have said, Synapse really isn't that heavyweight these days (thanks in part to the performance improvements driven by Element!)
It's not tied to Google Play Services, you can download a standalone version from signal.org. As for phone numbers, the developers have been working on getting rid of them for a while now – there's already a good amount of code on GitHub.
I think what Signal is doing with MOB is pretty important work for many non-western countries, and I wish them all the best.
[1] https://en.wikipedia.org/wiki/M-Pesa
Cryptocurrencies don't solve third world banking, at all. You still get paid in fiat, which you then have to convert to crypto (using a bank), and you will never be able to have most people get paid in crypto because then the government can't get taxes reliably (thus they will ban it).
"When disagreeing, please reply to the argument instead of calling names. 'That is idiotic; 1 + 1 is 2, not 3' can be shortened to '1 + 1 is 2, not 3.'"
https://news.ycombinator.com/newsguidelines.html
The larger problem here for Signal is US legal claims could nuke it off the (very) centralized Apple App Stores and Google Play Store. Then what?
This would have to involve KYC or harsh limits.
You also had to provide a phone number to get a Google or Apple account to install Signal because anonymous signed install methods are not supported, which moxie says is intentional to collect analytics.
Signal may have end to end encryption but being anonymous is a clear non goal.
Signal distributes a standalone APK for android, which does function without google play services.
https://signal.org/android/apk/
You must turn on Untrusted Sources which disables meaningful signature verification.
Now you must hope you don't get MITMed every time you update.
It is a joke they seriously expect people to sideload.
They need to provide a deterministic and easily auditable F-Deoid repo or let the F-Droid team compile/sign it for them.
Neither will happen though because moxie has been very open about the fact he wants the analytics that comes with google/apple tracked installs, user privacy be damned.
Also, it doesn't disable signature verification at all -- it just changes to what is essentially a TOFU model. You can verify this by installing, say, NewPipe from vanilla Fdroid, then adding the NewPipe repo and installing a build from there. It will fail unless you completely remove the original app (from all the profiles on the device!) and install the new one afterwards. This is due to different signatures between repos.
In any case, I agree with your wider point about Signal's rather concerning distribution strategy. I would like to see inclusion in Fdroid, or at least a custom third-party repository. Unlikely though.
In my country it’s actually easier to legally open a verified trading account on a local cryptocurrency exchange than it is to get a voice/SMS SIM if you’re not a registered local resident.
What wonders will Intel's Signal subdivision offer next?
We believe in Signal's mission and we think that the world is a better place with Signal in it.
Moxie, as an individual, is a paid technical advisor to MobileCoin but the reality is that we could never pay Moxie what his time is worth. I am thankful that he has chosen to help make this project a reality.
[1] https://www.platformer.news/p/-the-battle-inside-signal
>Moxie advises MobileCoin
>MobileCoin gets integrated into Signal
Hm, yes, must just be one large coincidence that this "integration" happened.
>>The UK also has receiver verification. If I try to send to an account and it doesn't match the name I'm sending to, my bank will warn me. How do you stop impersonation?
A: Signal relies on phone numbers for identities. Other apps that integrate MobileCoin may have a higher threshold for identification.
For all intents and purposes Moxie is 100% in control of the Signal network and could shut it down or release a malicious update that plaintexts messages at any time.
I've been a longtime signal user (since the textsecure/redphone days). I've always given moxie a pass on his controversial decisions (no federalisation, no 3rd party clients, no fdroid repo, relying on Google play services, being slow to release serverside source code) because the team was small and obviously had to cut corners somewhere.
But learning that they spent their time adding support for a (premined?) cryptocurrency just because it's Moxie's pet project is disheartening. What are the odds that this would've been merged into the project if it had been a merge request opened by someone from the outside?
Want to run signal with no payments integration or with a Bitcoin wallet instead? Too bad.
I wish there was a way to decentralize that value :-P
I'm finding this announcement creates some uncertainty in my head about Signal's long-term future.
https://signalfoundation.org/
Sell turn key servers for people that lack the time or interest to run their own.
Federated and ethical.
At this point if you want federated it probably makes more sense to just use Matrix.
[1] https://signal.org/blog/the-ecosystem-is-moving/
Geee 1 hour ago | unvote [–]
There are 250 million units of mobilecoin, and majority of them are owned by the founders. Only 37.5 million have been distributed. With current price ($65), they're worth $14B already. This makes the project a scam and impossible for it to work as a reliable money that holds value. Bitcoin had no pre-mine and has been fairly distributed from the start.
I can't wait till we stop sprinkling bitcoin over everything. At least when we go back to ads we'll stop getting the spam from bots trying to claim their free $0.00003 in cryptocoin of the week
I thought Signal was already financially secure.
>>Those outputs contain the entire original supply of MobileCoin (250 million MOB)[1]
Is the entire supply of 250M MOB available for sale on FTX, or is only a restricted number of MOB tokens available for sale to UK residents? Is it fair to assume that the MobileCoin Foundation has no plans for an airdrop (unlike Stellar)?
[1] "Mechanics of MobileCoin", v0.0.39, pg. 133
> MobileCoin also remains even more volatile than older cryptocurrencies, with constant price swings that will significantly change the balances in a user's Signal wallet over the course of days or even hours—hardly the sort of issue that Venmo users have to deal with. (Since March 27, MobileCoin's value has shot up nearly 600 percent, possibly due to rumors of the impending Signal integration or possibly the result of a "short-squeeze.")
> To try to tame that volatility problem, Marlinspike and Goldbard say they imagine adding a feature in the future that will automatically exchange users' payments in dollars or another more stable currency for MobileCoin only when they make a payment, and then exchange it back on the recipient's side—though it's not yet clear if those trades could be made without leaving a trail that might identify the user. "There's a world where maybe when you receive money, it can optionally just automatically settle into a pegged thing," Marlinspike says. "And then when you send money it converts back out."
https://www.wired.com/story/signal-mobilecoin-payments-messa...
https://www.gov.uk/government/publications/tax-on-cryptoasse...
I think the article might be inaccurate. According to this, there's at least four exchanges currently:
https://www.coingecko.com/en/coins/mobilecoin#markets
Add the feature, but come up with a solution that is currency agnostic.