About this episode
What does it mean to have communication privacy? Who is responsible for free speech? Dr. Corey Petty, Chief Security Officer of Status joins the podcast to discuss his role at the company, how he is securing the rights of others and the role of messaging networks in the 21st century.
Dr. Corey Petty is the Chief Security Officer of Status and started his blockchain focused research around 2012 as a personal hobby while doing his PhD candidacy at Texas Tech University in Computational Chemical Physics. He then went on to co-found The Bitcoin Podcast Network and still serves as a host on the flagship The Bitcoin Podcast and a more technical show Hashing It Out. Corey left academia and entered the data science/blockchain security industry for a few years attempting to fix vulnerabilities in ICS/SCADA networks before finding his fit as the head of security at Status.im where he remains today.
Where to find the show
What to listen for
- What interested Corey about working at Status and how he ended up there after academia.
- Would Satoshi have created Bitcoin differently today to build privacy into the network given what we know now?
- How Status built privacy and security into their messaging protocol app.
- How Web 3.0 companies can compete against big tech whose goal is to monitor and surveillance users to make money.
- Why there are a plethora of new ways to capture what users want without compromising their privacy or security through careful protocol building.
- Why Bitcoin technology will get better (it’s not there yet) and why eventually data on the network will be obfuscated.
- Why Status is decentralised by design and will work regardless of whether or not Status exists as a company.
- Why our society needs to have more situational awareness on the internet when interacting online and make users responsible for their conduct, not companies.
- Why Sam thinks we need more freedom, not less.
- Why Status has a responsibility to build good software that people can use it in the way they want to; but the responsibility for conduct should lie with the end-user, not a central control structure like Facebook.
- How Status fits with the three-part purpose of the Ethereum network and achieves its goal of on-chain messaging.
SUPPORT THE SHOW
If you like End of the Chain you can help support the show by doing one of the following:
- Help keep this show going by sending us $5
- Make a Tip - Send me an email after so I can mention you on the show.
Bitcoin: USE THIS LINK FOR ADDRESS REUSE
- Leave a Review on iTunes
- Share an episode with family and friends
- Follow me on Twitter | YoutubeIf you are interested in sponsoring the show please send me an email.
Dr Corey Petty, the Chief Security Officer at Status.im, he is more than just a security officer. He is also the co-founder and co-host of the Bitcoin podcast. He has some really interesting views on communications and what it actually means to be building out a network like Bitcoin or some of the other networks that have been created afterwards, such as Ethereum or Status that focus more on the communications aspect and how that propagation of Data allows for greater freedoms and evolving society in this ever more surveillance age.
What is it about working at Status and how you ended up there? You have only been there for the last two years and they have done some amazing stuff in that time. It has been serendipitous. I left academia after finishing my PhD and doing some work in computational chemistry to pursue a blockchain career to leverage the skills I had gained during my PhD which was very data-sciencey. I have always been fascinated and heavily involved in computers from a technical perspective my whole life. When I left, I found a couple jobs in the government consulting area basically leveraging blockchain and making sure people knew what they were talking about and technical education. My goal was to make sure that governments and regulators were looking into these things. And they didn’t have a lot of good quality resources to make good decisions about these things. My goal was to help them with this process. The bureaucracy and how organisations work was not quite my level. I had built some hobby projects doing analysis of very large projects in the space in Ethereum; how tokens were distributed in some of the really large early ICOs and one of these was Status and I talked with Jared Carl and became friends. One day I was talking with Jared on a very different community-based project. He asked what I did and I applied for the job and got it. It has been a wonderful trip working with Status. It is exactly where I wanted to be when I left academia. I have been very fortunate in my experience.
I was never cleared or went through any of the security clearance interviews. I did not want to go through the process or be beholden by the promises you make doing those things. It is great for job security but I wanted to maintain my freedom in pursuing whatever I wanted to pursue and being able to say what I wanted to say it in a timely fashion. I am pretty happy I did not go through the process.
In the military it is a whole different life. It took me two years. I’ve been out since 2008 and I lost my clearance. I was amazed by the job security it gives you. You will basically have a high paying job for the rest of your life if you want it. The second thing is the growth of these consulting/contracting companies out of Hamilton that have a huge responsibility outside the beltway. I learned a lot about security but working in such an organisation was not my bag. I have been out of DC for five years.
It is really interesting to see the growth of these consulting companies and how much the government relies on them. The fact that Bose Allen has a senior blockchain specialist was that a position you carved out for yourself or were they just wanting someone who could call themselves blockchain developers? My opinion is partly my own perspective and partly my experiences of working there. I know that a lot of contracts were looking for bitcoin expertise. When I did educational things I was doing broad scope educational initiatives and then when I moved to Bose Allen was specially carved out around me and my team. We need to say we have some skin in the game. We were incredibly efficient in getting things done.
I just spoke with Alexander from Beam, he talked about the privacy functions embedded in Bitcoin. He said that if Satoshi had been building something today he would have built something closer to Monero, ZCash or one of the protocols that has privacy built into it. The open database that Bitcoin gives you is too much of a honeypot for intelligence agencies or any other foreign government agency that wants to track all on-chain transactions and be able to identify money flows across the network.
Where do you stand on this privacy issue? I agree with Alexander in a sense and if I had to prognosticate about what Satoshi would do today; he would be incorporating a lot of the technology that has been developed and funded directly because of what he built. He build something that solved a computational consensus problem and then as it grew, it became a data mine for financial information because everything is public and included. As a response to that publicicty and lack of privacy, we have been able to fund a lot of the cryptography that wasn’t quite getting the focus that it needed to fix these problems. In many ways he has enabled a lot of that research and development of that cryptography that we have today. As it stands today there are solutions in the pipeline that help address these privacy concerns for Bitcoin and Ethereum, that obliviates some of the information. But if you want real privacy in my opinion, then there are things like zero knowledge proofs. In applications like Status, the most un-private thing we have is when people interact with the blockchain and that is not a reflection on us but rather just the way the technology works at this point.
How do you bake that into a product like Status? How do you identify those privacy concerns and address these in a private messaging app that is both private and secure? That is the million-dollar question. It starts in my opinion with using the available technology appropriately and setting appropriate defaults that lean toward the side of privacy and security for the user. Then you provide users with options of changing those available levers so they can change these; but in an informed manner, they can make the decisions affecting their privacy and protects their data. The only way to really build products that allow users to maintain their privacy and security is to give them all the options you possibly can and defaulting towards private and secure and then allowing them to change it but in an informed way. The business model of What’s App, in theory, it should exist outside of Facebook. Facebook bought What’s App for $2 billion dollars a decade ago. The original founder left because of Facebook’s plans. They wanted to better understand user behaviour and linguistics. That intrusion into user privacy and messaging has allowed them to grow to billions of dollars. This is the same as any other major tech company today.
When we talk about Web 3.0, we are talking about companies that are trying to buck the trend of using people’s data and taking their privacy to sell this information to third party companies—using the information from their user base to generate more revenue. How does a company like Status compete against a company whose goal is to monitor and survey their customers? Our goal is to give people the option if they want it. I think it would be useful for everyone. I am not sure what it is going to be until we have reached the level of convenience. They are able to do what they do because they have all the information.
How does a more decentralised product (that is not spying on its users to use that data to increase their revenues) how can they compete with the FAANGS? I am not sure. My intuition tells me that we have a vast unexplored space of what a social network looks like. If we look at what information is provided in any blockchain network, it represents a value transfer. We do not see that 80 or 90 per cent is communication. If we can capture that value, there are a plethora of new ways to capture what users want and what they want to do without compromising their privacy or security by participating in that network. I think this is my personal vision if we are able to push forward this idealised view of Web 3.0, but it is still early days. Bitcoin is the beginning, and it is only a decade old.
Sam thinks think the shift will happen slowly and then all of a sudden. Bitcoin is boring, and there is not much to develop on. A lot of people have set its past present and future. It is just a not if but when. Corey thinks there is still hope for Bitcoin to develop other use cases. Bitcoin does some things well, but other networks like Ethereum do it better. Some of the potential technologies that could find its way into the base layer drastically expand what you can do with it, and for the time being, Corey does want to spend his time there.
Ethereum is the best place as it stands today to be building. What you can do with this technology and what you can build on top of it is very interesting. Because this technology is so early, I am not comfortable naming what is going to be useful in five years or what we are going to call Web 3.0 or blockchain. There is so much room for expansion because we have to be able to start thinking about what we can do with it or build with it. We are starting to think about how to build stuff this way.
The Big 4 versus Web 3.0 issue is something Sam thinks about quite a lot. We have been trained to be desensitised to how much data we give up every day. I worked with systems that were at the NSA and the hoard of metadata that this creates. You can build a near-perfect picture of everything with metadata. I talked to a police officer – once they are on the Bitcoin, everything is visible because there is this perfect data trail that can be used by law enforcement. When Sam came to Bitcoin what interested him was the metadata to be exploited by companies. The technology will get better, but it’s not there yet. Eventually, everything will be obfuscated.
How does that apply to Status? What sort of data do your users give up? Status is completely open about what we do. It is very hard to see what anyone is sharing or unless you have broken encryption. We use signals whispers encryption to make things very secure. Even if Status dies, the technology stays and remains open. You don’t need any personally identifiable information to set up an account. If you use the Blockchain, you are going to disclose information about yourself and leave a trail behind you. We inform you when you use ENS username then you secure a sub-domain ENS record. You are staking this, and this makes your account public and the wallet attached to it. OR make another account that is not public. You become discoverable you need to put something out there.
Sam is a heavy Telegram user. They have built an interesting product. But because of its origins and the code itself, there are a lot of questions he has about its privacy and security. There is still this veil of obtusification around Telegram as to whether they are private and secure with user information. Even when Sam is trying to have private conversations, he is looking forward to the release of Status. Can it be a good replacement for Telegram? That is what Sam wants to know. How can you trust Telegram when you cannot see the code or know how their privacy and security work?
The ultimate goal, if we do things correctly, is that you won’t need Status. The network will work regardless of our existence, but the question is, how do we build network value while still having a job? Since 2016, we have seen the growth of disinformation across social media and social networks in the hopes of converting peoples opinions or changing the hearts and minds of people using content.
Do you think that these decentralised systems are more open to exploitation or there are other ways that Status can address these issues? In a more general system that is less controlled or constrained is more susceptible to people saying to things that are true because that control does not exist. There are things that we as a company we can do and things we can do as a society. In my option, these are necessary for the future. At Status, as a company, we can build tools that give you more situational awareness; so you know who is saying what and how much we know about that person in terms of trusting their content. Like ENS Usernames – if you have gone through trusting to someone you are talking to that it cannot be faked. It is hard to fake an ENS Username. These are very strong fundamental guarantees that the person who owns the private keys is the person you are talking to. We need to allow people to attest to who they are and attach it to private keys so you can be more confident that you are talking to who you think you – so you cannot be manipulated and/or phished.
As a society, it is about how we conduct ourselves on the internet and having more situational awareness. Thinking about whether or not you are talking to the person who you think you are talking to. That is a terrible way to run a society or the internet that you give over responsibility to people whose whole goal is to make money off you through their system. We need a social shift to ask is this the person I am talking to? We need an attestation – or an identification system. Identifying core contributors on Status – this might be a way to go. We want to build it in a way that we are not necessary for it to work.
Does Status have a responsibility to protect its users? We have a responsibility to build good software that people can use it in the way they want to. The responsibility lies with the end-user to conduct themselves appropriately. If you relinquish control, then it ends up with the user. Facebook has become a political body and polices its network and its content. Misinformation campaigns and other negative reasons have used their platform.
What can be done to stop misinformation? Would Status have to become political to address misinformation? The protocols we are building are completely open. Like Ethereum – to craft a valid transaction that gets processed. We as Status can make political decisions, but it is not going to stop anyone from doing it because we cannot make the protocol do it. We can’t see who is talking to who about what. The network will always be open. What will we do as a platform when people are using our platform but not for the greater good? That is an internal conversation we are going to have to have with any modicum of success. There are going to be people who use it to do things we do not like.
The argument I am making is that I believe in more freedom. The line for me is criminal activity. You do not need a highly intrusive surveillance system to address this criminality. While they may be able to hide online, it is harder to hide offline. If there is something to see that is wrong, then I would report it. The government argument is that we need access to your system to crack down on this activity. It is the wrong framing. It turns the communication provider liable for providing that data, which is what the government uses. Most people do not use encryption even if they think they are using it. I think it is a shift back to the user to control what they disclose.
Sam thinks that owning your own data is the wrong phrase. It means people are trying to steal more data from you. Giving up that data in the first place is what I don’t agree with. There is no on/off switch. Ring doorbell is another great surveillance network; with zero liabilities. This data surveillance economy is too complex for anyone to engage with it or not. GDPR opens this up, but no one asks about it or requests it. Sam doesn’t know where we go from here as a user or a society. We need to move toward a default of encryption and privacy – you have to give explicit consent for someone to take your data and then go use it. Sam doesn’t know how we get there.
There are several roads. It starts with giving people who really want it the ability to have it, and that means that you may be catering to a small group of people then you can then start expanding that audience. You also can co-opt a bunch of people who are using it without knowing they are using it. Status has a lot more functionality than a communications protocol. It is better than WeChat natively. We are a blockchain-enabled communications protocol and application. If people can start using an app with great privacy and security without even realising it, and we give it to people who really need it and want to opt-out of the system as it is. I want everyone to communicate with me only through Status. Building a protocol is a really hard thing to do and takes a lot of time and care. If you are not careful, you can get your priorities skewed. We try to build a future protocol that adheres to our principles and build features afterwards.
For Sam, Status fits in with the three-part purpose of Ethereum: On-chain logic, supported file storage and on-chain messaging. You are right that it does fall into line with what is being built on the Ethereum network. You can see the growth of on-chain logic in the growth of decentralised financial applications. This would be a great network for transacting value freely and provide secure communication across an entire distributed global network.
In my opinion, Value transfer is a form of communication that resides on the blockchain. There is a permanent record of it. The meat of the context of that communication is usually ephemeral. That is really the only way to capture all that communication and have communication storage. Price is just an outcome. Communication is what transacts value.