Hashing It Out
Hashing It Out

Episode 99 · 1 year ago

Hashing It Out #99- Taylor Monahan

ABOUT THIS EPISODE

Welcome to hashing it out, a podcast where we talked to the tech innovators behind blocked in infrastructure and decentralized networks. We dive into the weeds to get at why and how people build this technology, the problems they face along the way. Come listen and learn from the best in the business so you can join their ranks. So, kicking off our new subseries or something, I'm doing some video content where I'd take more of a personal approach, one on ones with individuals, not necessarily like diving into projects like we do normally do it hashing it out, but more like just talking to individuals and getting a sense of who they are, where they come from, what they care about. And Yeah, so today, Taylor Monahan, welcome to the show. Hello, hello, well, I'm sure we'll get into what you do at some point, but like to start off like I want to like. I think that like the engaging question that I want to start off with this like, what do you care about? Oh God, m Haha, I think that's such a hard question. While I care about my daughter and my family and my wellbeing, like I'm a selfish person, I guess, but I guess like more broadly or like what's my passion in life? I think it's a lot of like I want to do something meaningful. I want to help people do things that are meaningful to them. Like I don't necessarily have one thing that like one like subject or topic or something that I care about more than another, so long as whatever it is is productive and meaningful and sort of an overall capacity towards like the global situation or your self is situation or whatever the situation maybe. HMM. I asked a question because I think it's like, I think what people care about motivates what they end up doing with their time, like where they spend their attention and their time and their efforts and what they learn and like it. And it's interesting to maybe ask the just abruptly ask that question to see, like what is it that you care about that's motivating like you to spend the time doing all this work that you're doing. Yeah, no, it's it's a very it's a crazy question because it seems like a should be an easy question, like Oh, I care about all these things. But yeah, when you ask it abruptly, I definitely am like, well, I care about things, I care about why am I doing this. We think. Let's take the stake. You, for an example, right like your I would say, relatively well known, and this ecosystem and the blockchain ecosystem or web three, whatever you want to call it, for someone who cares about security. But it's security from the perspective of not screwing over users, trying to give them the right context to make the right decisions for themselves, and what you should be doing from a developers perspective to help facilitate that right right because, at the end of the day, like my passion and the reason I spend so much time doing security stuff and thinking about security stuff is not necessarily because I care that things are secure. It's because people came to my product. People come to my product...

...to accomplish something, whether that's it used to be in two thousand and seventeen it was they wanted to get rich, they wanted to get in lie CEO, they wanted to do whatever it was, and then they would lose all their money, and so it's sort of like the solution to that is security, or one of the parts of the solutions to that is security in Crypto. All a lot of the problems, like they can't entirely be solved by better security, but it's usually an aspect of it. Almost always. Yeah, it's certainly true. It's like it's almost like a selfpreservation tactic of like I have to care about security so I don't have to handle these support tickets. Yeah, so I can like build a product rather than answering tickets. And it's also interesting. So from an individual's perspective, like I want to get rich and now I'm poor, so I can't use your product right, like you're narrowing the market every time someone gets racked. But then from like a company's perspective as well, like companies have to be secure, because dodio companies have to especially be secure, and then these new defy quote unquote companies. You know where to security and where does the I guess, the responsibility of security lie with those right? Is it on the easer? Is it on the larger community, because this thing is decentralized, or is it on what's traditionally called the company, but it's like the product or the the Dow or the anonymous developer on twitter or whatever? You know what I mean. Where does the Fall Guy Lie? Because, like, as as we keep I don't know if we just continue along the lines of the original ideals, which is you don't offload responsibility and risk to someone else as much as possible, then the lines get really blurred on who to blame when something goes wrong. Right. So, I don't know if you know this, but my like guilty pleasures like true crime podcasts. Oh No, I didn't. I think we may have talked about that. It's some other like if I need to get out of Crypto and like I just need to put something on that's like, you know whatever. It's almost always like a true crime podcast. But there's a really interesting conversation where they're talking about the reasons for like criminal punishment in the context, of course, of like gruesome murder. But I think it's really interesting to tie that back into like what you're talking about with blame. Because, okay, so here's the reasons. You have the concept of like protecting society, right. So, like you have a rapist or a murderer on the street and you throw them in prison because you want to protect society, you don't want other people to be murdered or raped. Then you have like the concept of like rehabilitation, which we're not super keen on here in the United States, but in Europe they're much more keen on that. And then you have retribution, which is like, as humans, like we desire things to be fair and like, if you do something wrong, you should be punished for it, like it's just happening. Yeah, yeah, and it is right. It's throughout all time and history and culture, like eye for an eye was how it used to be. Now we consider ourselves involved, but it really is like, I don't know, it's a core reason that we punish people, right. And then you have very similar to that. You have prostitution, which is like if it's if it's like a financial crime, then they can pay it back. Eye for an eye actually false sort of into this. And then was that five baby? Sure,...

...sure, anyways. So when we look at that and then we talk about blaming people right, like it's I think in this space a lot of times we're like, okay, we are evolved and we're decentralized and it's all individuals and it's the individuals responsibility to do everything, and if they get ragged or if they lose their money or if they have their money stolen, is their problem. It's their fault, it's there to blame. They shouldn't have aped into this, so they shouldn't have done this, or they should have done security better or whatever. But like one were not evolved, like we're still humans and to that's not how the world works. Like people aren't just individuals, they are individuals as part of a community, as part of a society, as part of a larger world. And just like pretending that everything is only for the individual person and therefore is only the fault of the individual person, like it doesn't work, because it's never worked, as not in our nature. We're social beings. So I don't know, when I look at Crypto, I think that's one of the things that I fight against the most, is is the blaming of the individual for getting wrecked. Well, like you think about first off, like as we push responsibility and risk to the edges, like the end users, by having the menage their own data, their own private keys, etc. There's a they're not the ones who are building the tooling. That's that's facilitating that, right, and how you built that and the options you give them, the options you surface to them, how you what you call those options? The security implications of whether or not it does the thing you say it does. All of that is not on them, has a severe impact, in like a huge and how they conduct themselves and what they're capable of doing and how they make decisions right, and that's the that's one of my biggest sort of like, I think, fundamental issues with crypto over the years and like when I get burnt out, it's almost always because I see like the notion that it's like it's it's not me, it's that, or I don't have a responsibility for this, or I couldn't have done this, or I couldn't have foreseen this, or they shouldn't have done that, they shouldn't have risk their money, they shouldn't like no, no, like it's not a hundred percent on the reader, but it's also not a hundred percent on the user. And, most importantly, again, we are social beings, like we're individuals, part of the community, part of the larger society, like it's not just the individual and it's not just like the company or the Creator, but it's also the culture of the whole that has a huge impact. So when you see these pervasive notions of like not being secure, like not having any basically like rebelling against US security practices that are not that hard implement. That has an impact on everything that comes from it, and so I think all in this case, like those three all share blame. And then there's obviously like other things as well, but all three of them share blame. Not One of them not to it. I'm like all, everyone can be better. What's an example of like the repelling? It gives best practices. Oh, just, I mean like just like throwing something on mainet Bomo marketing it up. Like, I mean the entirety by summer was this. And you know, there is an argument to be made that it's valuable experimentation, that their warnings and that there was this and there was that and nobody expected it. Well, well, like yes, but also, did you even do this on test nap for like a day, right, like the you know, the Yams thing? I thought it was it was cool at the beginning that I got huge and I was like, oh no, and then what like twelve hours and people are like, Oh, there's this very basic math are that would have been...

...caught with a I would say, running running on test now for a week a day, sorry, a day, just going through the process on something that doesn't have vailure. Does it work right? Because it wasn't. You know, the issue with that one wasn't necessarily that it was some complex thing that had interactions with other things and that this perfect edge case scenarios mashed up to create this situation like no, it's just the code. HMM. Yeah. And then, I mean it gets more complex because when things are relying on other things, so when DFI protocol number one is relying on dpy protocol number two, and if I protocol number choose relying on number three, but they're relying on the prices from this guy over here. You know, there's just there's an infinite number of like potential mashups and potential things that could go wrong. You can't necessarily foresee them. You can't necessarily foresee them exactly like the the exact steps right, and you certainly can't like detect it with a with a basic audit either. Yeah, the tooling around, how you handle composability like that like that, the pre term we use for that concept is lacking. It's so like how you reason about exact for it's like flash loans, for instance, as an example, and how like the maker issue happened because of no like real spark contract vulnerability, but because they made assumptions when they deployed contracts based on rational actors of a given value size, so like what a person who's using that much money would do, or like whoever has access to that kind of money would act a specific way. And the concept of a flash loan, which is a reasonable, like a very valid technical thing, blew that assumption away and thus, like any security, is implications that came from it. And that's not something you really get from tooling. No, it's not, and I think makers actually a good example of they're a complex system in themselves, and then they're relying on all these external forces and then all these external forces are interacting with them and and their entire sort of security model or threat modeling can be disrupted by like all of a launching. So I found this I've been talking with a buddy of mine trees like ask me kind of deep philosophical questions about what the point of Crypto is. I want to try to explain it. A lot of it tends swords like experimentation and do economic models and like real like community building with value at the foundation. It's not all. It's not, you know, fake Internet points, like most of the value flow of these networks is real and substantial and so potent. So, like what came up from those conversations was the fact that it's very, very, very difficult to model and prepare for emergent phenomenon based on like relatively like systems, is, relatively simple things, and it's never, it's never been in like the in the security one hundred and one has never said, imagine your scenario where the attacker or the threat has unlimited money. Like that's not like it's in the same bucket as like, you know, imagine your situation if aliens came down from the sky, like you don't throat model against that, because it's a lot likely. And by the time that you are, like say, a target of like a nation's date or something, which is was traditionally the only actor that could have, quote...

...unquote, on limited money, you would be in a different position and you have to handle it. But, like, I mean, these defy things. Yeah, like all my launches and that's suddenly a real threat. Like aliens are not a threat. Go Fix Yourself, go reassess what you've done. Yeah, from the ground up. Everything you've made is wrong. That's crazy. It's just going to start rights like this is just like if any of will say is true, or like, if anything the stuff that we've done and pushed for and worked on over the past decade or so has real potential, then these things are here to stay and it's just beginning right, and I don't have like I don't know what the answer is, but I feel like there's really smart people in the world that are not part of crypto that probably have insights into how to like manage risk in really complex systems. It probably has to do with like building resilient systems and adaptable systems, which the resilience runs up against the experimentation. Like it's very hard to just the throw money around and experiment with things while also prioritizing being extremely resilient and then being adaptable or being reactionary or being flexible or being able to like react very, very quickly to a new threat. That often runs up with like the core tenets of decentralization and authority. So because the it's sorry, because the easiest way to like adapt something is to have someone press a button and if the thing's completely decentralized, right, and this is what we saw with with them. Situation as well, was like it very quickly turned into like a social coordination game where, you know, everyone, myself included, were being reached out to go down the list the influencers and see if they can signal booses so that people don't get racked. That's a that's a fundamental consequence of what happens when you distribute power, and it's like, and that's not necessarily bad, it's just something you have to take into account and if there's that's something you want to be a part of your system. And what's more important, and I don't think those, are those like risk assessments. Ever happens, like like, Oh, this happens now, what is the what is the like plan the scenario of actually fixing this thing, and what is the odd like how does that change as we distribute power across things? And so right, and we started. I don't need to start it, like I mean your your spot on right, like nobody's thinking about this. It's not that we haven't perfected the balance right, like we haven't even adjusted it at all. Part of that, my opinion, which is a qualm that I've had so far is a lack of like monitoring. Yeah, y'all do a good job of this at my crypto, but like there's the the amount of effort and money and development work that goes into watching value after it's been accumulated is minuscule and compared to the amount of work that goes into trying to build the things that are grew value. Yes, and so like all this work. If you look at all the like prep stuff for had a STELC, like secure software development life cycle stuff, right, whatever the hell's called, is like how do you prepare tests and so on and so forth to deploy? And the none of that. They just stops and it's like so all I could know, how do you watch to make sure the thing you deployed is doing what you think it does? Because, like, because you have limited power in your ability to stop things, the time in which you know and something's going on is crucial. But we're not looking at no, you're just like hoping that someone will notice. Yeah, so we we cripple ourselves...

...in our ability to stop things and then we did. Haven't done the other other part of that, which is like figure out it's happening. Before it gets too late. Yeah, I mean this was most evident, and I because I was so close to the situation. But the parody multisig where. So they hacked one of them, I can't remember. It's the third one that I don't remember the name of. Always the cause, you know, one or whatever. The hacker got those funds and then like eight hours later or something, they did eternity and then swarm city, and then hours after that, storm city happened to see the balance of their account was zero. How does like, how does twelve hours pass in your entire tread injury like and nobody, nobody noticed, except for the Hecker. That's what those situations were like. You don't? You assume secure and then, based on how often you use those funds and like the more thick Itsi and a lot of instances, a lot of those types of funds were supposed to be used that often, and so, like, you don't. You don't. People don't monitor them or look at what's happening on the blockchain. Is people try to do stuff exactly the one. The the problem with that argument is that these were all ICO funds. So in theory the investor should have noticed before I mean the teams diouldn't notice first, but if the team didn't notice, you would think that the investors who invested into this company would notice, because that's their money. And like one of the hugest issues in this space, besides a lack of security, is also a lack of diligence, and so a lot of these seems to just run off with the money, like exit scamming is hugely fact, it's a problem, and so that was like also like the whole other thing I don't like. So it turns out that these seems weren't malicious, but nobody would have noticed if they were. Yeah, don't, like, don't, don't be so quick to assume or to like assign something with a maliciousness if it can be attributed to ignorance, like really, you know? So that I mean that. And and by the way, the most remarkable thing about that situation was the fact that then a group of people got on a skype call, hacked the rest of the multisigs and then return the money. Before I think there might have been like a maybe one black hat that got like some little ones or something, but the white hat group and then also at least one other white hat hacker, who is now part of the white hat group, drained all the rest of the multisigs and then return the money like. So it's especially hard, and we see this in you by two, that that we're not punished for the stupid shit that we do. Well, it's right. Well, you have to watch the contract, you don't notice the money is missing. Then when the money's miss everyone scrambles around and then somehow, like generally speaking, in the broad scope of things, everything ends up okay. You can't be too mad because, like, okay, let's think of it this way, like, well, maybe, excuse me, maybe a bit of perspective on why that is. It's because, like it's green field for potentials of what you can build, a new things you can do in the secret system, because it's so young and everyone's excited and focused on the cool thing that they can do that no one's done, instead of actively looking at the things that we've done and making sure it works. And I think that there's like as in a balance right there. That the pool of things you can do to potentially like really innovate something or build something. That's that's that's a that's a substantial value or alter...

...the current the current financial system in such a way where like the power gap is less in a lot of like the original ideals of Crypto is so large in comparison to like let's make sure we did it okay, for the things that we've done it learn. There's like people who have like decades of experience se hearing complex systems, right, like what did they let's learn from them, and we're like, no, that's the old system. Nah. Well, to be fair, trying to trying to be fair here. We've only now, only now, maybe just got to the point where like we've reached this threshold of legitimacy, where people who have those skills are willing to spend time contributing or like right, yeah, think sous. That's no, it is true. And and I don't know, the one question that I've asked myself again and again is, like how does crypto or how does defy specifically, but even, you know, going back to the parody hack, would fall into this like how do we keep getting so lucky where these really potentially detrimental things like somehow it's like we just like, instead of just getting completely wrapped me, just like skirt around it. Right. Um, I don't think how exper Divi the amount lost is miniscule. So they mount stolen, which is minuscule compared to the amount that should have been lost or soul in that's insane. Maybe we still got a pretty good balance of good people to assholes. I mean, that's the only thing I come up with. Is that is that at the end of the day, even, especially a d by right, even the hackers, are in this ecosystem enough to like not want to fully destroy it, like they want money, but they don't want to like actually screw up. That's kind of a point, right, is to build systems where like it's within your best interests to contribute in a good way to the community, then to try and break it. And we try to limit the emergent pooling of large, large pools of value so that, like there aren't these really, really awesome targets to steal money from. We try, and it's that you're always going to do it something, some sense, some extent, and and I and I think that if we do that, then we end up creating this community of developers and people who do things where that's that's it's always going to be the case. We're always going to have more good people than bad people, because, like, this is why this is something that I was recently talking with I forgot someone else about, and then is like that's there's always that argument. Right, we're not, because we work it status, we do privacy like it's it's. So people like, well, what do you would if, like, people use your tool for something bad and you can't do anything about it? Right, people always say, like well, Bitcoin is bad because it people buy drugs of it and you can't do anything about it, and so like. And by argument to this, and this is the best one that I've come up with so far, is whenever someone creates a tool that can be used for good and evil or, you know, bad and good bye community standards, like it's going to be done always like someone's going to use it for whatever possibly way they can if it benefits what they're trying to do it, regardless of they're good or evil person by whatever metrics communities have for good and evil. I think it's important that the people who build these systems and these tools are doing it from the most ethical places possible, because in the indie eventuality, that's something bad happens. Those people exist that can help mitigate the issue as best as possible it, whereas if you look at the other way around, if, like, you choose not to build it because bad people can use...

...it, there's an eviduality that bad people will build it and those good people who understand a system aren't there. Right, yes, and there's also like the so if you build something and it does good for the world and then it gets like, let's say, Co opted for evil, at least there was good that came from it. If you assume that the other potential outcome is that someone evil builds it and it's only is for evil. Right, like option one is is, from that perspective, objectively better, because something good rite you hadn't in both of ustions you have peovil, but this one you have some good too, and you have like maybe a fighting chance. You have people who can make it less evil, for example, right like the people leading, the people leading the sphere of understanding, like, if you think about, like all the people who understand the technology and its applications, there's a larger portion of people who want to use it for good if they're the ones that created it, which means that in the event in the virtuality. That's something bad happens. There's a larger pool of people that have eighty intuition about what to do about it or any like care. Right, like is, if it was truly only used for evil, or even, like, for drug dealing, then I probably wouldn't be here right and that happened, starting about anything, and I wouldn't be you know what I mean? Yeah, there's there's someone like you here to shout about it and write it's. So when people ask me that question, because with like the within the concept of privacy, I say no, I you can't get that information anymore, but you can't do these things. Yeah, because of this, this and this, you could. This is wherere your new focus needs to be, because traditional ways of doing things aren't going to work anymore, so stop wasting resources on it. This is where you need to be looking and and those types of conversations have to be have to be had, because it those people need to exist to be able to end like an inform those who would like to stop bad, whatever the hell that means. Yeah, I think the biggest problem with almost all of the sort of the things that get coopted for evil, though, is the fact that the builders often have not even considered the fact that it could be right. Like there is this huge, huge ignorance about the fact that what both about the fact that they could build something and and something could go wrong and therefore bad things, like there, their thing, could impact people negatively, but also that the technology, that the whatever could be used by someone bad for a bad reason. You don't think you can think about that? I mean so, have you read mine, effuct Christopher Wiley's, the Cambridge Analytica whistle lower story? Okay, he has this quote in there where he goes because basically, like the original attack and like the data minname was being used. God, what was it to be? Being used to understand like voting demographics and emerging economies and like small islands and these very, like very tiny little things, but they were very quickly, like able to determine the likelihood that someone would vote, for example, and this little tiny like sample size, and then they just like scaled it up hugely to manipulate the entire world. But he has this quote in there where he goes like yeah, I just never realize that what we...

...were we were doing, like if we could do this here, that someone else could do it against what we believed in. And I was like how did you not know that? Like, you're from the US, you have Democrats and Republicans, like today you're on this side, you're building for this team. Of course the other team can do the exact same thing to you. But also, how do you sit there and say that that what you'll, you are doing is right and then say that they're what they're doing is wrong? Like you can't have it both ways. You don't have to answer that. Yeah, like that seems a still like the question of, like what is this look like in the in the potential that this is successful, like how does this scale or what does it means? So that, from a societal standpoint, is never asked, right, or if it's asked, it's to happen, it happens to light. Yeah, and it's just never. It's just never. Yeah, it's like it's just never considered. So that's what so, very early on, someone, someone asked me like but if I'm if I'm monitoring like the balance of my address and all my funds get Stul and like all my funds got soul, and so why does it matter? And I was like, Oh, okay, that's an argument. Right. Yeah, I guess then don't monitor your account balances, like, don't get a notification for your account down. The answer to that question is set your account, but set your accounts half with such a way where they can't just be stolen without things happening. But you can see. It was like I was just such a perplexing way of looking at it. Right, right, yeah, it's like it's like what's the point? The kids? I'm like just, I mean, what's the point of reading a book? What's the point? Don't like thinking with your brain, like knowledge and information, and it influences everything, like you can't not know, right. Yeah, it's a it's such a strange thing, like if you don't have the information, you can't you can't make decisions right, or you're making I'm like, you're like if you don't know that your balance is zero and then you make in a decision based on the fact that you have a hundred million dollars, only to learn that you don't like you've made a very bad decision. HMM. Well, I guess the decision may not be bad, but your decision making processes shit, because you could have information and then you will fully ignore it. Well, that's that's like a I think this is something that I'm one of the really more the reasons why I like this, this ECO system, is that it's forcing people to start thinking about risk. It had a had a manage it, or, as like previously, like I've said it a few times, like the the the tendency and traditional infrastructure and finances to offload responsibility of risk to somebody else. So like you don't need to Monter something because someone else is doing it and you assume that they're doing it in a way where they they can, they can manage things in case something bad happens, and then they don't because they're ye, well, like it doesn't matter because we're they're like the individual isn't thinking about it. Yeah, yeah, yeah, I mean that's that's I think most of the problems in the space in terms of users. I think you can put them out like almost a hundred percent in in the category of like just complete, not ignorance in a bad way, but just like complete and utter ignorance, right, and some of that we're taught. Yeah, because your entire life you put your money in a bank and everything's fine and your parents did your grandparents did, and your boss and your co workers like you watch that, but also like, I mean even down to like Gmail, spam, filtering everything,...

...like people don't even like. If you don't see spam, you can't you can't become resilient against it. You don't like build up the skill the like question what you're reading and be like, Oh, that might not be true. Hmm Right, and that's why I think, I honestly think that like less grandmother's fell for ICO or like general, like today, I guess, but not. I seeos with they're just like a different flavor. I genuinely I think that less grandmother's fell for those than like Gen z's and millennials, because I don't think a Gen Z has ever seen like our true like scam, spam email, because it's just autunfiltered out of their life. That's possible and and that's that's important, is that that skill needs to be cultivated because as you as you have this increasing trend of moving risk and responsibility to the end user as opposed to like centralized powers having it over them. They're forced to have to understand how to mitigate it, yeah, and make decisions with the right assumptions. Yeah, you need to do you need to be thinking about this a little bit. And granted, it's it's the developers responsibility and part to try and provide them with the right tools to make those assumptions and make those decisions and act accordingly. But like, it's, in my opinion, better for society if people are spending more time thinking about where their value lies in their life and how it's accessed and or like in if you think about it from like financial investment terms, what is my money doing for me right which is in something like financial education, you get from traditional financially until you're like, like, it's that's not a poor person's mentality. Yeah, it's never it's. Yeah, that's I mean that's probably one of the number one reasons for for the gap just growing larger and larger, because it's not just that you have this financial gap. You also have, like, I mean, it's everything. It's your experience, it's your ability to question, it's your it's it's like the entitlement that comes with that. You need to build those skills over time and you need the things that you do in your day to day life have to kind of reinforce you needing to make those decisions right, and that's why I win. Like a like a someone who like a VC or like a longtime investor who, like you know, was a kind of normal person and then they somehow got an immense access to financial knowledge and also money, usually other people's money. Whenever they say things like like nobody wants to manage their own money or nobody can manage their own money, I don't even manage my own money. I let so and so manage it. Right, like I invest it was so andso. I put it in this fun I'm like right, but you're you're still making that decision responsibly because you have the knowledge and experience to be able to make that decision, where if you say that nobody can and nobody wants to, they will never have that skill, they'll never have that experience. You had that experience. Now you made that decision. I'm not saying that like holding your like everyone must hold their private key because that's the best decision for them. I'm saying that, like you have to create a system that where each person decides how they're going to hold their money or who's going to hold their money for them. That has to be made, like they have to have all the information to be able to make that decisions soundly. Right. It's like if you didn't know your account balance is empty and then you made like a decision. Think you hands, you know, like you. It's not not necessarily that you made the wrong decisions, that you your decisionmaking process was flawed. We never...

...had the opportunity to make it right. And that's the thing, is that we're not setting people up for success, to like to level up, I guess right. Like how does someone to day who gets into Crypto, how do they level up? Right, because, like when I got into Crypto in whatever the two thousand and eleven, two thousand and twelve, sorry, not two thousand, two thousand and thirteen. That run up right. When I got into Trypto, like I don't know it was. There was the culture and and what people talked about, when people cared about like it was. So it was everything right, like the privacy, the little the the crypto libertarian anarchism, like you know what I mean. And then I was the main that was the mainstay of why people look. For the majority of people who got into it, that was why I got into it. It was a vehicle for expressing those those things. Right, but I got into it because I heard about this bitcoin thing from a smart person and although the money thing, you know what I mean. But then I turned into not turn into but like then my views were shaped by the community and by that culture, and then I leveled up. But I think everyone did RTE, like, even if you were already, say, like an anarchist, I think your views evolved and like, you know, more nuance, the just they had to get more nuance. Yeah, but today, like I'm not sure that we're doing anything to help that evolution in any sense. Right, like, not necessarily, like, oh, we need we need to instill the crypto anarchism in the NOUBS, like no, not like anything, you know, like whether it has to do with security, whether it has to do with like the General Culture or privacy or self reliance or whenever, like I don't know. It's just I feel like people just don't talk about it as much. Like maybe. I mean I try to. You try to. Yeah, Oh, yeah, yeah, you've been screaming from the mountain tops for years now, but part of that maybe due to the fact that you can't really do anything on atherium right now or like where a lot of these projects are outside of like defy and so like. The attention based on transactional volume is on things that don't tend to look the stuff because they're like things are happening so fast, people are making so much money that they don't care because they need to focus on something else. And you have a limited sumited attention span. Ye, now, that's that's not sustainable, but it's how it seems to be. Yeah, and that help. And if there was a larger, thriving ecosystem that wasn't basically shouldered out by the fees of the fee structure, which is risen, because that's all you can do on this ecosystem, like that's the only economical thing to do right now, at least within etherium. Yeah, the the stuff that would normally push that narrative or try to experiment with that type of stuff has to kind of go elsewhere. Yeah. Or if there's nothing going on, then we could talk about art, politics and personal beliefs and religious beliefs, whatever you want to call them. They anarchism. Right, if there's nothing to do, we could talk about that all day. But when they're stuff to do, yeah, there's when they're stuff to do, but it's a limited it's limited to these. Really, I don't even know how to explain like what you have to have to get to be profitable and defy besides like a pile of money and a pile of my watch. I don't I don't know. It's thanks or damn sure, I honestly I don't. Yeah, I don't know. You have to have a crap little money be making money in dfy right now.

These really right? I don't know, I don't know. May like the the Bitcoin podcast lactics seems to do a pretty good job, and the defy channel of like doing good things and making reasonable profits with the stuff they're doing. So that's that's the other question I had was you see people supposedly making money, but are they making money? That's not much. That where my that's not where my attention is, it seems as though because they're all happy and they okay. So my friend Mark said we're talking about a similar thing. He said it's like the casino where you walk into the Casino with Twozeros and then you spend all night there and you get drunk and you have a blast and then you walk out of the casino with like five hundred dollars, thinking that you won five hundred. That's like, okay, that's not what I don't think that's what's happening. Like I've cashed out a few times, like just from F I stuff. Thought, no, you cash out on your long term molding. Yeah, definitely, but like I know other people who have cashed out on defy stuff. Yeah, that's what I'm wondering, I guess, like for the defy stuff, like if they I don't even know, because if you like take your thing to stake your thing and then you get another thing over here because you staked it here, because all these needs, I don't understand it. All the new dfy protocols will do like an air drop based on your activity on other DFI protocols. Right thanks you to swap. It's Jordan's like Yo, to go check your badgers, and I'm like what? And then I literally like type in whatever word dot finance and like it's an actual thing and I like connect with my metamouse and so, as if I ever words, and I'm just like a lot of Badger folks and that they're quite podcast. Like I don't understand it. Neither why, but all I know is that it seems like you're making money because whatever you did, you get that initial a lotment of badgers is so far removed from the badgers. Right there's a truck. I'm going to have some folks on the Bitcoin podcast talk about that, because I don't know and I need to ask those questions. Ask them if they have actually like see, and this is thing, I don't think that there's. If you were to ask them, how do you know that you've liked made money, like when you you know, when you say that you're like up on badgers or whatever, how do you know that you make money? They're going to say, well, I didn't have badgers and then I had badgers and then I sold the Badgress for thousand dollars. So I have a thousand dollars, but they didn't just like. I'll cut holes in that argument all day long. Yeah, because you had to claim the badgers. You to do something to even get in a lotment of badgers. It cost you gas to claim them and then you're to like stake them and then you're to unstake them. Well, it's for this way, based on what you just said, because I'm pretty agreed about it. Regular people are going to do this. So it's moving in a direction that I don't really care about. Uh Yeah, I mean I I can't keep up with it, but I don't care to keep up with it, like I'm not bothered by the fact that I can't keep up with it. Once we got on a call with my whole team and I asked them what's going on and they try to explain something to me and I feel like the eight part in the room and they're like, Taylor, just go to badger top Pointians, you know, and I'm like what is this? Okay, should it just tell me that my thing? Oh, there's a claim, let me click the button. And then I click it and like Meta math lags out and then the Uis different than the met a mask and the micro transaction won't get mine and I'm just like, how the hell are you guys doing this and how what's anyone that that could benefit from this doing?...

Yeah, here's so that that's it's maybe it's good as an experimentation of like playing with the stuff so that eventually the the friction that exists now gets key worked out, so that doing interesting financial things is available to people who want to do it later on down the line. But like what I think about. Sorry, if we learn how to learn for more precessors. That's what I so this is where I was going to get to go. I was going to go for it, like like you have to kind of wrap up, because I know I have a meaning coming up. Something that you've experienced firsthand is we've created a technology that gives potentially gives people value or a lot more control over their value. And then as we watch them fumble with the with the interaction, the user experience of doing this thing, and then we watch it kind of blow up in value, we see a tremendous amount of opportunities for people to come in and take advantage of those of those both those frictions by like trying to trick the user through a lot of traditional methods like fishing. HMM, okay, like every single step introduces points in which people can come in to trick the user, to steal their money. Yeah, or user could just screw up. or in my case, like if I and I feel like for the first time, maybe I'm sort of more of a user perspective with the defy stuff, I don't understand badgers, but someone told me to like go check this thing and when I was having that conversation it seemed riskless, right, because like you're just claiming them, you can't nothing can go wrong, right, like you're not doing anything, you're not making a bet, you're not betting that the badger price is going to go up, like all you're doing is just claiming this thing that they gave you for something that you did in the past. But that precedent of just doing whatever they tell me and not questioning it and not and and truly believing like, oh, nothing, there's no risk here because I already don't have my badgers and if I don't have my badgers in the future, I'm still at like the same state. Or hit a badgers. So that's an upstate, but there's no like down state. But when you start establishing that, I don't know when that becomes the norm, even with quote unquote, legitimate projects, it's so much easier for malicious people to sort of like like do the same thing and like push people in that same pattern, except now that the people now people do have like a negative state, I. Down State. Right, like they're taking an action they think is riskless because everything else that respect people told them to do is riskless. Oh, but now it's not. You know, now there's a risk. Or now now I'm just going through the flow and I don't really understand it. Some I'm clicking the button, I click the button and then I send all my money to the to the hacker. Oops, you know. And so like the patterns, the patterns that we're setting, the like, like the autopilot type things that we just do, the culture, the questioning, like I think those are the areas that are that are so complicated and so nuanced, but could have a huge one if we, if we actually address the issues and like become aware of them, it could have a huge positive effect on the community. And I don't think we even realize the negative effect that it's happened, that the that is happening right in the same way that like, like when we launched me in the early days and like put private keys on the web, like at no point was I like, Oh, yeah, I'm just going...

...to blow up into a huge product and we're going to set this horrible precedent of people copying and pass in their private keys and or website nothing could go wrong. Like I literally didn't think that whatsoever, but that's what we did. And then the fishers get along. We're like hey, just hoping, beach, you're probably cut this website to get your ear job. And then people just did it. Yeah, yeah, and it's a person like I mean, but this people also built something that was that was that was needed at the time. And good, right, you did it, you did it quickly and maybe you did it based on like ignorance at these security best but you've learned a lot about security along away from the mistakes that you've made. Yeah, because I legit, by the way, I legit. Thought the reason they don't use a Web Wall it was at the web wall a creators would take your money and since like I was the web all at creators, like well, yeah, I can't take my money and like I can't take my best friends money, you know what I mean? Like at that in the early days it was just like basically there's me and Coles La mark was using it and then like we posted on read it and I think about like half dozen upboats. I use it like it was just it was so it was so small. And again, that's why I say, I don't think product creators, if you're a long term because, like I wasn't thinking about it right. Yeah, it's interesting because, like that's not something that you would I would think you would get from traditional security background of F because value wasn't so quickly access digitally. Yeah, the implications of doing things like that weren't nearly as bad. And so, like the like general breast practices, the intuition that kind of stems off of those general best practice semmunity didn't exist for that type of thing because it was less likely that you put something on a web wallet or on a Web on a web AP and all your money's gone. Right, and that's the thing is that the auditors said so, like the first, not the first auditors, but like the first security people that we talked to. Everyone told us like no, you needed like private keys, can't be on the web. But that was like, by the way, this is like mid two thousand and seventeen, like we already knew that, but are surprised that of like the various security people we talked to, they all said it, but only the auditors that we actually went with, care fifty three, actually gave the real reason. All the rest just said, yeah, it's a private key, you can't put that in a website because that's a secret. You know what I mean? HMM, like it's just it's a secret and it's you shouldn't do that. Like it. They just like somehow fundamentally like we're like that's bad, but they didn't necessarily understand that. One. It's controlling in cements value, that you couldn't rotate the keys right, like, hmm. If I'd called it something besides a private key, I don't know that they would have necess sarely recommended against it. Yeah, yeah, that's really I don't know. That's really interesting, but it's also terrifying and I still think that the the real damage was not like it had such trickle down effects. I like the fishing sites were bad. Fishing sites got a lot of money, but I think also like every air drop site that commenced people to just like mindlessly pace their private key like that was bad. I think all the other sites that then like supported private keys on the web that then ax to scammed or hacked or like had some bowl. Like those losses are also like a trickle down like got a...

...little more or lessons to learn, but I think we've come somewhere. From the start, like and and there's, you know, murmurings of security communities with an ecosystem trying to build and build like General, General Best Practices that are differentiated from Traditional Security and so I hope that over time we can build those things and not, yeah, screw people over so much we're like give them the technology that gives them the potential to screw themselves so easily. Yeah, I think the biggest thing, I mean I think like we can do best practice is a day. I think that will make a major impact, because we're not doing it right now. I ideally, though, I think the best thing would be if, like all the builders were just generally like more like more questioning or more skeptical or more aware or like seeking out the unhappy paths, right, because like we focus so much on like we're going to build this thing and everyone's going to use it and we're going to thank the I'm banking to and we're all going to be rich day yet and like nobody's like, oh, but if this goes wrong, you know, or like watching what's happening in frontother face, right, because if I hadn't, if I hadn't if I just ignored every support box question or if I just victim blamed and the like. Well, they shouldn't have entered their key on the fucking fishing site. Then I wouldn't have learned any of this. I would have just like it wouldn't have come into me. I would just like shoved it out and I'd be the same person I was four years ago. So I don't know, that's like the seeking out of like information and realizing that like nothing that we're building. No, no, decision we made four years ago, like you should probably be unhappy with most of the decisions that you made four years ago, because you should be a vastly smarter person today. All right, so if you don't hate yourself, your your four year old for years in the past self, you're doing something wrong, because that that that's a lesson for today. Yeah, I mean right. There's things that, like, I read tweets that I wrote, wrote like a six months ago around like you ignorant little child. Yeah, but I also read stuff that I wrote a long time ago and I'm like fuck, yeah, man, good chop. Yeah, there's there's yeah, Oh, if you haven't re read it and while my future, the future of a Theorem, doesn't have wallets. Article from like two thousand and eighteen, I think. I just reread it randomly. It's so good not to tell. I will try and remember to add it to the description for those who would like to read it. But it's good because I was ignorant. Good disclaimer. All right, Taylor, you want to shout out or say anything before you leave? MMM, just think more, just like, seek out knowledge more, seek out information more question like. Just ask yourself, like, what could go wrong? That's all, and then follow us on twitter at my Crypto, and then we're actually like launching a product. Right now. It's in slow rollout mode. So if you haven't been using Beta dot my cryptocom so far, you will be ordered hours gratulations. But it's super cool and I hope you, I hope everyone likes it. I love it. Changes Hard, though, so we are expecting the normal bath flash. Well, congratulations and thanks for coming on. Yeah, thanks for having me. Yeah,.

In-Stream Audio Search

NEW

Search across all episodes within this podcast

Episodes (119)