Hashing It Out
Hashing It Out

Episode 99 · 10 months ago

Hashing It Out #99- Taylor Monahan

ABOUT THIS EPISODE

Welcome to hashing it out, apodcast where we talked to the tech innovators behind blocked in infrastructure and decentralized networks. We dive into the weeds to get at why and how people build thistechnology, the problems they face along the way. Come listen and learn fromthe best in the business so you can join their ranks. So, kickingoff our new subseries or something, I'm doing some video content where I'd takemore of a personal approach, one on ones with individuals, not necessarily likediving into projects like we do normally do it hashing it out, but morelike just talking to individuals and getting a sense of who they are, wherethey come from, what they care about. And Yeah, so today, TaylorMonahan, welcome to the show. Hello, hello, well, I'msure we'll get into what you do at some point, but like to startoff like I want to like. I think that like the engaging question thatI want to start off with this like, what do you care about? OhGod, m Haha, I think that's such a hard question. WhileI care about my daughter and my family and my wellbeing, like I'm aselfish person, I guess, but I guess like more broadly or like what'smy passion in life? I think it's a lot of like I want todo something meaningful. I want to help people do things that are meaningful tothem. Like I don't necessarily have one thing that like one like subject ortopic or something that I care about more than another, so long as whateverit is is productive and meaningful and sort of an overall capacity towards like theglobal situation or your self is situation or whatever the situation maybe. HMM.I asked a question because I think it's like, I think what people careabout motivates what they end up doing with their time, like where they spendtheir attention and their time and their efforts and what they learn and like it. And it's interesting to maybe ask the just abruptly ask that question to see, like what is it that you care about that's motivating like you to spendthe time doing all this work that you're doing. Yeah, no, it'sit's a very it's a crazy question because it seems like a should be aneasy question, like Oh, I care about all these things. But yeah, when you ask it abruptly, I definitely am like, well, Icare about things, I care about why am I doing this. We think. Let's take the stake. You, for an example, right like yourI would say, relatively well known, and this ecosystem and the blockchain ecosystemor web three, whatever you want to call it, for someone who caresabout security. But it's security from the perspective of not screwing over users,trying to give them the right context to make the right decisions for themselves,and what you should be doing from a developers perspective to help facilitate that rightright because, at the end of the day, like my passion and thereason I spend so much time doing security stuff and thinking about security stuff isnot necessarily because I care that things are secure. It's because people came tomy product. People come to my product...

...to accomplish something, whether that's itused to be in two thousand and seventeen it was they wanted to get rich, they wanted to get in lie CEO, they wanted to do whatever it was, and then they would lose all their money, and so it's sortof like the solution to that is security, or one of the parts of thesolutions to that is security in Crypto. All a lot of the problems,like they can't entirely be solved by better security, but it's usually anaspect of it. Almost always. Yeah, it's certainly true. It's like it'salmost like a selfpreservation tactic of like I have to care about security soI don't have to handle these support tickets. Yeah, so I can like builda product rather than answering tickets. And it's also interesting. So froman individual's perspective, like I want to get rich and now I'm poor,so I can't use your product right, like you're narrowing the market every timesomeone gets racked. But then from like a company's perspective as well, likecompanies have to be secure, because dodio companies have to especially be secure,and then these new defy quote unquote companies. You know where to security and wheredoes the I guess, the responsibility of security lie with those right?Is it on the easer? Is it on the larger community, because thisthing is decentralized, or is it on what's traditionally called the company, butit's like the product or the the Dow or the anonymous developer on twitter orwhatever? You know what I mean. Where does the Fall Guy Lie?Because, like, as as we keep I don't know if we just continuealong the lines of the original ideals, which is you don't offload responsibility andrisk to someone else as much as possible, then the lines get really blurred onwho to blame when something goes wrong. Right. So, I don't knowif you know this, but my like guilty pleasures like true crime podcasts. Oh No, I didn't. I think we may have talked about that. It's some other like if I need to get out of Crypto and likeI just need to put something on that's like, you know whatever. It'salmost always like a true crime podcast. But there's a really interesting conversation wherethey're talking about the reasons for like criminal punishment in the context, of course, of like gruesome murder. But I think it's really interesting to tie thatback into like what you're talking about with blame. Because, okay, sohere's the reasons. You have the concept of like protecting society, right.So, like you have a rapist or a murderer on the street and youthrow them in prison because you want to protect society, you don't want otherpeople to be murdered or raped. Then you have like the concept of likerehabilitation, which we're not super keen on here in the United States, butin Europe they're much more keen on that. And then you have retribution, whichis like, as humans, like we desire things to be fair andlike, if you do something wrong, you should be punished for it,like it's just happening. Yeah, yeah, and it is right. It's throughoutall time and history and culture, like eye for an eye was howit used to be. Now we consider ourselves involved, but it really islike, I don't know, it's a core reason that we punish people,right. And then you have very similar to that. You have prostitution,which is like if it's if it's like a financial crime, then they canpay it back. Eye for an eye actually false sort of into this.And then was that five baby? Sure,...

...sure, anyways. So when welook at that and then we talk about blaming people right, like it'sI think in this space a lot of times we're like, okay, weare evolved and we're decentralized and it's all individuals and it's the individuals responsibility todo everything, and if they get ragged or if they lose their money orif they have their money stolen, is their problem. It's their fault,it's there to blame. They shouldn't have aped into this, so they shouldn'thave done this, or they should have done security better or whatever. Butlike one were not evolved, like we're still humans and to that's not howthe world works. Like people aren't just individuals, they are individuals as partof a community, as part of a society, as part of a largerworld. And just like pretending that everything is only for the individual person andtherefore is only the fault of the individual person, like it doesn't work,because it's never worked, as not in our nature. We're social beings.So I don't know, when I look at Crypto, I think that's oneof the things that I fight against the most, is is the blaming ofthe individual for getting wrecked. Well, like you think about first off,like as we push responsibility and risk to the edges, like the end users, by having the menage their own data, their own private keys, etc.There's a they're not the ones who are building the tooling. That's that'sfacilitating that, right, and how you built that and the options you givethem, the options you surface to them, how you what you call those options? The security implications of whether or not it does the thing you sayit does. All of that is not on them, has a severe impact, in like a huge and how they conduct themselves and what they're capable ofdoing and how they make decisions right, and that's the that's one of mybiggest sort of like, I think, fundamental issues with crypto over the yearsand like when I get burnt out, it's almost always because I see likethe notion that it's like it's it's not me, it's that, or Idon't have a responsibility for this, or I couldn't have done this, orI couldn't have foreseen this, or they shouldn't have done that, they shouldn'thave risk their money, they shouldn't like no, no, like it's nota hundred percent on the reader, but it's also not a hundred percent onthe user. And, most importantly, again, we are social beings,like we're individuals, part of the community, part of the larger society, likeit's not just the individual and it's not just like the company or theCreator, but it's also the culture of the whole that has a huge impact. So when you see these pervasive notions of like not being secure, likenot having any basically like rebelling against US security practices that are not that hardimplement. That has an impact on everything that comes from it, and soI think all in this case, like those three all share blame. Andthen there's obviously like other things as well, but all three of them share blame. Not One of them not to it. I'm like all, everyonecan be better. What's an example of like the repelling? It gives bestpractices. Oh, just, I mean like just like throwing something on mainetBomo marketing it up. Like, I mean the entirety by summer was this. And you know, there is an argument to be made that it's valuableexperimentation, that their warnings and that there was this and there was that andnobody expected it. Well, well, like yes, but also, didyou even do this on test nap for like a day, right, likethe you know, the Yams thing? I thought it was it was coolat the beginning that I got huge and I was like, oh no,and then what like twelve hours and people are like, Oh, there's thisvery basic math are that would have been...

...caught with a I would say,running running on test now for a week a day, sorry, a day, just going through the process on something that doesn't have vailure. Does itwork right? Because it wasn't. You know, the issue with that onewasn't necessarily that it was some complex thing that had interactions with other things andthat this perfect edge case scenarios mashed up to create this situation like no,it's just the code. HMM. Yeah. And then, I mean it getsmore complex because when things are relying on other things, so when DFIprotocol number one is relying on dpy protocol number two, and if I protocolnumber choose relying on number three, but they're relying on the prices from thisguy over here. You know, there's just there's an infinite number of likepotential mashups and potential things that could go wrong. You can't necessarily foresee them. You can't necessarily foresee them exactly like the the exact steps right, andyou certainly can't like detect it with a with a basic audit either. Yeah, the tooling around, how you handle composability like that like that, thepre term we use for that concept is lacking. It's so like how youreason about exact for it's like flash loans, for instance, as an example,and how like the maker issue happened because of no like real spark contractvulnerability, but because they made assumptions when they deployed contracts based on rational actorsof a given value size, so like what a person who's using that muchmoney would do, or like whoever has access to that kind of money wouldact a specific way. And the concept of a flash loan, which isa reasonable, like a very valid technical thing, blew that assumption away andthus, like any security, is implications that came from it. And that'snot something you really get from tooling. No, it's not, and Ithink makers actually a good example of they're a complex system in themselves, andthen they're relying on all these external forces and then all these external forces areinteracting with them and and their entire sort of security model or threat modeling canbe disrupted by like all of a launching. So I found this I've been talkingwith a buddy of mine trees like ask me kind of deep philosophical questionsabout what the point of Crypto is. I want to try to explain it. A lot of it tends swords like experimentation and do economic models and likereal like community building with value at the foundation. It's not all. It'snot, you know, fake Internet points, like most of the value flow ofthese networks is real and substantial and so potent. So, like whatcame up from those conversations was the fact that it's very, very, verydifficult to model and prepare for emergent phenomenon based on like relatively like systems,is, relatively simple things, and it's never, it's never been in likethe in the security one hundred and one has never said, imagine your scenariowhere the attacker or the threat has unlimited money. Like that's not like it'sin the same bucket as like, you know, imagine your situation if alienscame down from the sky, like you don't throat model against that, becauseit's a lot likely. And by the time that you are, like say, a target of like a nation's date or something, which is was traditionallythe only actor that could have, quote...

...unquote, on limited money, youwould be in a different position and you have to handle it. But,like, I mean, these defy things. Yeah, like all my launches andthat's suddenly a real threat. Like aliens are not a threat. GoFix Yourself, go reassess what you've done. Yeah, from the ground up.Everything you've made is wrong. That's crazy. It's just going to startrights like this is just like if any of will say is true, orlike, if anything the stuff that we've done and pushed for and worked onover the past decade or so has real potential, then these things are hereto stay and it's just beginning right, and I don't have like I don'tknow what the answer is, but I feel like there's really smart people inthe world that are not part of crypto that probably have insights into how tolike manage risk in really complex systems. It probably has to do with likebuilding resilient systems and adaptable systems, which the resilience runs up against the experimentation. Like it's very hard to just the throw money around and experiment with thingswhile also prioritizing being extremely resilient and then being adaptable or being reactionary or beingflexible or being able to like react very, very quickly to a new threat.That often runs up with like the core tenets of decentralization and authority.So because the it's sorry, because the easiest way to like adapt something isto have someone press a button and if the thing's completely decentralized, right,and this is what we saw with with them. Situation as well, waslike it very quickly turned into like a social coordination game where, you know, everyone, myself included, were being reached out to go down the listthe influencers and see if they can signal booses so that people don't get racked. That's a that's a fundamental consequence of what happens when you distribute power,and it's like, and that's not necessarily bad, it's just something you haveto take into account and if there's that's something you want to be a partof your system. And what's more important, and I don't think those, arethose like risk assessments. Ever happens, like like, Oh, this happensnow, what is the what is the like plan the scenario of actuallyfixing this thing, and what is the odd like how does that change aswe distribute power across things? And so right, and we started. Idon't need to start it, like I mean your your spot on right,like nobody's thinking about this. It's not that we haven't perfected the balance right, like we haven't even adjusted it at all. Part of that, myopinion, which is a qualm that I've had so far is a lack oflike monitoring. Yeah, y'all do a good job of this at my crypto, but like there's the the amount of effort and money and development work thatgoes into watching value after it's been accumulated is minuscule and compared to the amountof work that goes into trying to build the things that are grew value.Yes, and so like all this work. If you look at all the likeprep stuff for had a STELC, like secure software development life cycle stuff, right, whatever the hell's called, is like how do you prepare testsand so on and so forth to deploy? And the none of that. Theyjust stops and it's like so all I could know, how do youwatch to make sure the thing you deployed is doing what you think it does? Because, like, because you have limited power in your ability to stopthings, the time in which you know and something's going on is crucial.But we're not looking at no, you're just like hoping that someone will notice. Yeah, so we we cripple ourselves...

...in our ability to stop things andthen we did. Haven't done the other other part of that, which islike figure out it's happening. Before it gets too late. Yeah, Imean this was most evident, and I because I was so close to thesituation. But the parody multisig where. So they hacked one of them,I can't remember. It's the third one that I don't remember the name of. Always the cause, you know, one or whatever. The hacker gotthose funds and then like eight hours later or something, they did eternity andthen swarm city, and then hours after that, storm city happened to seethe balance of their account was zero. How does like, how does twelvehours pass in your entire tread injury like and nobody, nobody noticed, exceptfor the Hecker. That's what those situations were like. You don't? Youassume secure and then, based on how often you use those funds and likethe more thick Itsi and a lot of instances, a lot of those typesof funds were supposed to be used that often, and so, like,you don't. You don't. People don't monitor them or look at what's happeningon the blockchain. Is people try to do stuff exactly the one. Thethe problem with that argument is that these were all ICO funds. So intheory the investor should have noticed before I mean the teams diouldn't notice first,but if the team didn't notice, you would think that the investors who investedinto this company would notice, because that's their money. And like one ofthe hugest issues in this space, besides a lack of security, is alsoa lack of diligence, and so a lot of these seems to just runoff with the money, like exit scamming is hugely fact, it's a problem, and so that was like also like the whole other thing I don't like. So it turns out that these seems weren't malicious, but nobody would havenoticed if they were. Yeah, don't, like, don't, don't be soquick to assume or to like assign something with a maliciousness if it canbe attributed to ignorance, like really, you know? So that I meanthat. And and by the way, the most remarkable thing about that situationwas the fact that then a group of people got on a skype call,hacked the rest of the multisigs and then return the money. Before I thinkthere might have been like a maybe one black hat that got like some littleones or something, but the white hat group and then also at least oneother white hat hacker, who is now part of the white hat group,drained all the rest of the multisigs and then return the money like. Soit's especially hard, and we see this in you by two, that thatwe're not punished for the stupid shit that we do. Well, it's right. Well, you have to watch the contract, you don't notice the moneyis missing. Then when the money's miss everyone scrambles around and then somehow,like generally speaking, in the broad scope of things, everything ends up okay. You can't be too mad because, like, okay, let's think ofit this way, like, well, maybe, excuse me, maybe abit of perspective on why that is. It's because, like it's green fieldfor potentials of what you can build, a new things you can do inthe secret system, because it's so young and everyone's excited and focused on thecool thing that they can do that no one's done, instead of actively lookingat the things that we've done and making sure it works. And I thinkthat there's like as in a balance right there. That the pool of thingsyou can do to potentially like really innovate something or build something. That's that'sthat's a that's a substantial value or alter...

...the current the current financial system insuch a way where like the power gap is less in a lot of likethe original ideals of Crypto is so large in comparison to like let's make surewe did it okay, for the things that we've done it learn. There'slike people who have like decades of experience se hearing complex systems, right,like what did they let's learn from them, and we're like, no, that'sthe old system. Nah. Well, to be fair, trying to tryingto be fair here. We've only now, only now, maybe justgot to the point where like we've reached this threshold of legitimacy, where peoplewho have those skills are willing to spend time contributing or like right, yeah, think sous. That's no, it is true. And and I don'tknow, the one question that I've asked myself again and again is, likehow does crypto or how does defy specifically, but even, you know, goingback to the parody hack, would fall into this like how do wekeep getting so lucky where these really potentially detrimental things like somehow it's like wejust like, instead of just getting completely wrapped me, just like skirt aroundit. Right. Um, I don't think how exper Divi the amount lostis miniscule. So they mount stolen, which is minuscule compared to the amountthat should have been lost or soul in that's insane. Maybe we still gota pretty good balance of good people to assholes. I mean, that's theonly thing I come up with. Is that is that at the end ofthe day, even, especially a d by right, even the hackers,are in this ecosystem enough to like not want to fully destroy it, likethey want money, but they don't want to like actually screw up. That'skind of a point, right, is to build systems where like it's withinyour best interests to contribute in a good way to the community, then totry and break it. And we try to limit the emergent pooling of large, large pools of value so that, like there aren't these really, reallyawesome targets to steal money from. We try, and it's that you're alwaysgoing to do it something, some sense, some extent, and and I andI think that if we do that, then we end up creating this communityof developers and people who do things where that's that's it's always going tobe the case. We're always going to have more good people than bad people, because, like, this is why this is something that I was recentlytalking with I forgot someone else about, and then is like that's there's alwaysthat argument. Right, we're not, because we work it status, wedo privacy like it's it's. So people like, well, what do youwould if, like, people use your tool for something bad and you can'tdo anything about it? Right, people always say, like well, Bitcoinis bad because it people buy drugs of it and you can't do anything aboutit, and so like. And by argument to this, and this isthe best one that I've come up with so far, is whenever someone createsa tool that can be used for good and evil or, you know,bad and good bye community standards, like it's going to be done always likesomeone's going to use it for whatever possibly way they can if it benefits whatthey're trying to do it, regardless of they're good or evil person by whatevermetrics communities have for good and evil. I think it's important that the peoplewho build these systems and these tools are doing it from the most ethical placespossible, because in the indie eventuality, that's something bad happens. Those peopleexist that can help mitigate the issue as best as possible it, whereas ifyou look at the other way around, if, like, you choose notto build it because bad people can use...

...it, there's an eviduality that badpeople will build it and those good people who understand a system aren't there.Right, yes, and there's also like the so if you build something andit does good for the world and then it gets like, let's say,Co opted for evil, at least there was good that came from it.If you assume that the other potential outcome is that someone evil builds it andit's only is for evil. Right, like option one is is, fromthat perspective, objectively better, because something good rite you hadn't in both ofustions you have peovil, but this one you have some good too, andyou have like maybe a fighting chance. You have people who can make itless evil, for example, right like the people leading, the people leadingthe sphere of understanding, like, if you think about, like all thepeople who understand the technology and its applications, there's a larger portion of people whowant to use it for good if they're the ones that created it,which means that in the event in the virtuality. That's something bad happens.There's a larger pool of people that have eighty intuition about what to do aboutit or any like care. Right, like is, if it was trulyonly used for evil, or even, like, for drug dealing, thenI probably wouldn't be here right and that happened, starting about anything, andI wouldn't be you know what I mean? Yeah, there's there's someone like youhere to shout about it and write it's. So when people ask methat question, because with like the within the concept of privacy, I sayno, I you can't get that information anymore, but you can't do thesethings. Yeah, because of this, this and this, you could.This is wherere your new focus needs to be, because traditional ways of doingthings aren't going to work anymore, so stop wasting resources on it. Thisis where you need to be looking and and those types of conversations have tobe have to be had, because it those people need to exist to beable to end like an inform those who would like to stop bad, whateverthe hell that means. Yeah, I think the biggest problem with almost allof the sort of the things that get coopted for evil, though, isthe fact that the builders often have not even considered the fact that it couldbe right. Like there is this huge, huge ignorance about the fact that whatboth about the fact that they could build something and and something could gowrong and therefore bad things, like there, their thing, could impact people negatively, but also that the technology, that the whatever could be used bysomeone bad for a bad reason. You don't think you can think about that? I mean so, have you read mine, effuct Christopher Wiley's, theCambridge Analytica whistle lower story? Okay, he has this quote in there wherehe goes because basically, like the original attack and like the data minname wasbeing used. God, what was it to be? Being used to understandlike voting demographics and emerging economies and like small islands and these very, likevery tiny little things, but they were very quickly, like able to determinethe likelihood that someone would vote, for example, and this little tiny likesample size, and then they just like scaled it up hugely to manipulate theentire world. But he has this quote in there where he goes like yeah, I just never realize that what we...

...were we were doing, like ifwe could do this here, that someone else could do it against what webelieved in. And I was like how did you not know that? Like, you're from the US, you have Democrats and Republicans, like today you'reon this side, you're building for this team. Of course the other teamcan do the exact same thing to you. But also, how do you sitthere and say that that what you'll, you are doing is right and thensay that they're what they're doing is wrong? Like you can't have itboth ways. You don't have to answer that. Yeah, like that seemsa still like the question of, like what is this look like in thein the potential that this is successful, like how does this scale or whatdoes it means? So that, from a societal standpoint, is never asked, right, or if it's asked, it's to happen, it happens tolight. Yeah, and it's just never. It's just never. Yeah, it'slike it's just never considered. So that's what so, very early on, someone, someone asked me like but if I'm if I'm monitoring like thebalance of my address and all my funds get Stul and like all my fundsgot soul, and so why does it matter? And I was like,Oh, okay, that's an argument. Right. Yeah, I guess thendon't monitor your account balances, like, don't get a notification for your accountdown. The answer to that question is set your account, but set youraccounts half with such a way where they can't just be stolen without things happening. But you can see. It was like I was just such a perplexingway of looking at it. Right, right, yeah, it's like it'slike what's the point? The kids? I'm like just, I mean,what's the point of reading a book? What's the point? Don't like thinkingwith your brain, like knowledge and information, and it influences everything, like youcan't not know, right. Yeah, it's a it's such a strange thing, like if you don't have the information, you can't you can't makedecisions right, or you're making I'm like, you're like if you don't know thatyour balance is zero and then you make in a decision based on thefact that you have a hundred million dollars, only to learn that you don't likeyou've made a very bad decision. HMM. Well, I guess thedecision may not be bad, but your decision making processes shit, because youcould have information and then you will fully ignore it. Well, that's that'slike a I think this is something that I'm one of the really more thereasons why I like this, this ECO system, is that it's forcing peopleto start thinking about risk. It had a had a manage it, or, as like previously, like I've said it a few times, like thethe the tendency and traditional infrastructure and finances to offload responsibility of risk to somebodyelse. So like you don't need to Monter something because someone else is doingit and you assume that they're doing it in a way where they they can, they can manage things in case something bad happens, and then they don'tbecause they're ye, well, like it doesn't matter because we're they're like theindividual isn't thinking about it. Yeah, yeah, yeah, I mean that'sthat's I think most of the problems in the space in terms of users.I think you can put them out like almost a hundred percent in in thecategory of like just complete, not ignorance in a bad way, but justlike complete and utter ignorance, right, and some of that we're taught.Yeah, because your entire life you put your money in a bank and everything'sfine and your parents did your grandparents did, and your boss and your co workerslike you watch that, but also like, I mean even down tolike Gmail, spam, filtering everything,...

...like people don't even like. Ifyou don't see spam, you can't you can't become resilient against it. Youdon't like build up the skill the like question what you're reading and be like, Oh, that might not be true. Hmm Right, and that's why Ithink, I honestly think that like less grandmother's fell for ICO or likegeneral, like today, I guess, but not. I seeos with they'rejust like a different flavor. I genuinely I think that less grandmother's fell forthose than like Gen z's and millennials, because I don't think a Gen Zhas ever seen like our true like scam, spam email, because it's just autunfilteredout of their life. That's possible and and that's that's important, isthat that skill needs to be cultivated because as you as you have this increasingtrend of moving risk and responsibility to the end user as opposed to like centralizedpowers having it over them. They're forced to have to understand how to mitigateit, yeah, and make decisions with the right assumptions. Yeah, youneed to do you need to be thinking about this a little bit. Andgranted, it's it's the developers responsibility and part to try and provide them withthe right tools to make those assumptions and make those decisions and act accordingly.But like, it's, in my opinion, better for society if people are spendingmore time thinking about where their value lies in their life and how it'saccessed and or like in if you think about it from like financial investment terms, what is my money doing for me right which is in something like financialeducation, you get from traditional financially until you're like, like, it's that'snot a poor person's mentality. Yeah, it's never it's. Yeah, that'sI mean that's probably one of the number one reasons for for the gap justgrowing larger and larger, because it's not just that you have this financial gap. You also have, like, I mean, it's everything. It's yourexperience, it's your ability to question, it's your it's it's like the entitlementthat comes with that. You need to build those skills over time and youneed the things that you do in your day to day life have to kindof reinforce you needing to make those decisions right, and that's why I win. Like a like a someone who like a VC or like a longtime investorwho, like you know, was a kind of normal person and then theysomehow got an immense access to financial knowledge and also money, usually other people'smoney. Whenever they say things like like nobody wants to manage their own moneyor nobody can manage their own money, I don't even manage my own money. I let so and so manage it. Right, like I invest it wasso andso. I put it in this fun I'm like right, butyou're you're still making that decision responsibly because you have the knowledge and experience tobe able to make that decision, where if you say that nobody can andnobody wants to, they will never have that skill, they'll never have thatexperience. You had that experience. Now you made that decision. I'm notsaying that like holding your like everyone must hold their private key because that's thebest decision for them. I'm saying that, like you have to create a systemthat where each person decides how they're going to hold their money or who'sgoing to hold their money for them. That has to be made, likethey have to have all the information to be able to make that decisions soundly. Right. It's like if you didn't know your account balance is empty andthen you made like a decision. Think you hands, you know, likeyou. It's not not necessarily that you made the wrong decisions, that youyour decisionmaking process was flawed. We never...

...had the opportunity to make it right. And that's the thing, is that we're not setting people up for success, to like to level up, I guess right. Like how does someoneto day who gets into Crypto, how do they level up? Right,because, like when I got into Crypto in whatever the two thousand and eleven, two thousand and twelve, sorry, not two thousand, two thousand andthirteen. That run up right. When I got into Trypto, like Idon't know it was. There was the culture and and what people talked about, when people cared about like it was. So it was everything right, likethe privacy, the little the the crypto libertarian anarchism, like you knowwhat I mean. And then I was the main that was the mainstay ofwhy people look. For the majority of people who got into it, thatwas why I got into it. It was a vehicle for expressing those thosethings. Right, but I got into it because I heard about this bitcointhing from a smart person and although the money thing, you know what Imean. But then I turned into not turn into but like then my viewswere shaped by the community and by that culture, and then I leveled up. But I think everyone did RTE, like, even if you were already, say, like an anarchist, I think your views evolved and like,you know, more nuance, the just they had to get more nuance.Yeah, but today, like I'm not sure that we're doing anything to helpthat evolution in any sense. Right, like, not necessarily, like,oh, we need we need to instill the crypto anarchism in the NOUBS,like no, not like anything, you know, like whether it has todo with security, whether it has to do with like the General Culture orprivacy or self reliance or whenever, like I don't know. It's just Ifeel like people just don't talk about it as much. Like maybe. Imean I try to. You try to. Yeah, Oh, yeah, yeah, you've been screaming from the mountain tops for years now, but partof that maybe due to the fact that you can't really do anything on atheriumright now or like where a lot of these projects are outside of like defyand so like. The attention based on transactional volume is on things that don'ttend to look the stuff because they're like things are happening so fast, peopleare making so much money that they don't care because they need to focus onsomething else. And you have a limited sumited attention span. Ye, now, that's that's not sustainable, but it's how it seems to be. Yeah, and that help. And if there was a larger, thriving ecosystem thatwasn't basically shouldered out by the fees of the fee structure, which is risen, because that's all you can do on this ecosystem, like that's the onlyeconomical thing to do right now, at least within etherium. Yeah, thethe stuff that would normally push that narrative or try to experiment with that typeof stuff has to kind of go elsewhere. Yeah. Or if there's nothing goingon, then we could talk about art, politics and personal beliefs andreligious beliefs, whatever you want to call them. They anarchism. Right,if there's nothing to do, we could talk about that all day. Butwhen they're stuff to do, yeah, there's when they're stuff to do,but it's a limited it's limited to these. Really, I don't even know howto explain like what you have to have to get to be profitable anddefy besides like a pile of money and a pile of my watch. Idon't I don't know. It's thanks or damn sure, I honestly I don't. Yeah, I don't know. You have to have a crap little moneybe making money in dfy right now.

These really right? I don't know, I don't know. May like the the Bitcoin podcast lactics seems to doa pretty good job, and the defy channel of like doing good things andmaking reasonable profits with the stuff they're doing. So that's that's the other question Ihad was you see people supposedly making money, but are they making money? That's not much. That where my that's not where my attention is,it seems as though because they're all happy and they okay. So my friendMark said we're talking about a similar thing. He said it's like the casino whereyou walk into the Casino with Twozeros and then you spend all night thereand you get drunk and you have a blast and then you walk out ofthe casino with like five hundred dollars, thinking that you won five hundred.That's like, okay, that's not what I don't think that's what's happening.Like I've cashed out a few times, like just from F I stuff.Thought, no, you cash out on your long term molding. Yeah,definitely, but like I know other people who have cashed out on defy stuff. Yeah, that's what I'm wondering, I guess, like for the defystuff, like if they I don't even know, because if you like takeyour thing to stake your thing and then you get another thing over here becauseyou staked it here, because all these needs, I don't understand it.All the new dfy protocols will do like an air drop based on your activityon other DFI protocols. Right thanks you to swap. It's Jordan's like Yo, to go check your badgers, and I'm like what? And then Iliterally like type in whatever word dot finance and like it's an actual thing andI like connect with my metamouse and so, as if I ever words, andI'm just like a lot of Badger folks and that they're quite podcast.Like I don't understand it. Neither why, but all I know is that itseems like you're making money because whatever you did, you get that initiala lotment of badgers is so far removed from the badgers. Right there's atruck. I'm going to have some folks on the Bitcoin podcast talk about that, because I don't know and I need to ask those questions. Ask themif they have actually like see, and this is thing, I don't thinkthat there's. If you were to ask them, how do you know thatyou've liked made money, like when you you know, when you say thatyou're like up on badgers or whatever, how do you know that you makemoney? They're going to say, well, I didn't have badgers and then Ihad badgers and then I sold the Badgress for thousand dollars. So Ihave a thousand dollars, but they didn't just like. I'll cut holes inthat argument all day long. Yeah, because you had to claim the badgers. You to do something to even get in a lotment of badgers. Itcost you gas to claim them and then you're to like stake them and thenyou're to unstake them. Well, it's for this way, based on whatyou just said, because I'm pretty agreed about it. Regular people are goingto do this. So it's moving in a direction that I don't really careabout. Uh Yeah, I mean I I can't keep up with it,but I don't care to keep up with it, like I'm not bothered bythe fact that I can't keep up with it. Once we got on acall with my whole team and I asked them what's going on and they tryto explain something to me and I feel like the eight part in the roomand they're like, Taylor, just go to badger top Pointians, you know, and I'm like what is this? Okay, should it just tell methat my thing? Oh, there's a claim, let me click the button. And then I click it and like Meta math lags out and then theUis different than the met a mask and the micro transaction won't get mine andI'm just like, how the hell are you guys doing this and how what'sanyone that that could benefit from this doing?...

Yeah, here's so that that's it'smaybe it's good as an experimentation of like playing with the stuff so thateventually the the friction that exists now gets key worked out, so that doinginteresting financial things is available to people who want to do it later on downthe line. But like what I think about. Sorry, if we learnhow to learn for more precessors. That's what I so this is where Iwas going to get to go. I was going to go for it,like like you have to kind of wrap up, because I know I havea meaning coming up. Something that you've experienced firsthand is we've created a technologythat gives potentially gives people value or a lot more control over their value.And then as we watch them fumble with the with the interaction, the userexperience of doing this thing, and then we watch it kind of blow upin value, we see a tremendous amount of opportunities for people to come inand take advantage of those of those both those frictions by like trying to trickthe user through a lot of traditional methods like fishing. HMM, okay,like every single step introduces points in which people can come in to trick theuser, to steal their money. Yeah, or user could just screw up.or in my case, like if I and I feel like for thefirst time, maybe I'm sort of more of a user perspective with the defystuff, I don't understand badgers, but someone told me to like go checkthis thing and when I was having that conversation it seemed riskless, right,because like you're just claiming them, you can't nothing can go wrong, right, like you're not doing anything, you're not making a bet, you're notbetting that the badger price is going to go up, like all you're doingis just claiming this thing that they gave you for something that you did inthe past. But that precedent of just doing whatever they tell me and notquestioning it and not and and truly believing like, oh, nothing, there'sno risk here because I already don't have my badgers and if I don't havemy badgers in the future, I'm still at like the same state. Orhit a badgers. So that's an upstate, but there's no like down state.But when you start establishing that, I don't know when that becomes thenorm, even with quote unquote, legitimate projects, it's so much easier formalicious people to sort of like like do the same thing and like push peoplein that same pattern, except now that the people now people do have likea negative state, I. Down State. Right, like they're taking an actionthey think is riskless because everything else that respect people told them to dois riskless. Oh, but now it's not. You know, now there'sa risk. Or now now I'm just going through the flow and I don'treally understand it. Some I'm clicking the button, I click the button andthen I send all my money to the to the hacker. Oops, youknow. And so like the patterns, the patterns that we're setting, thelike, like the autopilot type things that we just do, the culture,the questioning, like I think those are the areas that are that are socomplicated and so nuanced, but could have a huge one if we, ifwe actually address the issues and like become aware of them, it could havea huge positive effect on the community. And I don't think we even realizethe negative effect that it's happened, that the that is happening right in thesame way that like, like when we launched me in the early days andlike put private keys on the web, like at no point was I like, Oh, yeah, I'm just going...

...to blow up into a huge productand we're going to set this horrible precedent of people copying and pass in theirprivate keys and or website nothing could go wrong. Like I literally didn't thinkthat whatsoever, but that's what we did. And then the fishers get along.We're like hey, just hoping, beach, you're probably cut this websiteto get your ear job. And then people just did it. Yeah,yeah, and it's a person like I mean, but this people also builtsomething that was that was that was needed at the time. And good,right, you did it, you did it quickly and maybe you did itbased on like ignorance at these security best but you've learned a lot about securityalong away from the mistakes that you've made. Yeah, because I legit, bythe way, I legit. Thought the reason they don't use a WebWall it was at the web wall a creators would take your money and sincelike I was the web all at creators, like well, yeah, I can'ttake my money and like I can't take my best friends money, youknow what I mean? Like at that in the early days it was justlike basically there's me and Coles La mark was using it and then like weposted on read it and I think about like half dozen upboats. I useit like it was just it was so it was so small. And again, that's why I say, I don't think product creators, if you're along term because, like I wasn't thinking about it right. Yeah, it'sinteresting because, like that's not something that you would I would think you wouldget from traditional security background of F because value wasn't so quickly access digitally.Yeah, the implications of doing things like that weren't nearly as bad. Andso, like the like general breast practices, the intuition that kind of stems offof those general best practice semmunity didn't exist for that type of thing becauseit was less likely that you put something on a web wallet or on aWeb on a web AP and all your money's gone. Right, and that'sthe thing is that the auditors said so, like the first, not the firstauditors, but like the first security people that we talked to. Everyonetold us like no, you needed like private keys, can't be on theweb. But that was like, by the way, this is like midtwo thousand and seventeen, like we already knew that, but are surprised thatof like the various security people we talked to, they all said it,but only the auditors that we actually went with, care fifty three, actuallygave the real reason. All the rest just said, yeah, it's aprivate key, you can't put that in a website because that's a secret.You know what I mean? HMM, like it's just it's a secret andit's you shouldn't do that. Like it. They just like somehow fundamentally like we'relike that's bad, but they didn't necessarily understand that. One. It'scontrolling in cements value, that you couldn't rotate the keys right, like,hmm. If I'd called it something besides a private key, I don't knowthat they would have necess sarely recommended against it. Yeah, yeah, that'sreally I don't know. That's really interesting, but it's also terrifying and I stillthink that the the real damage was not like it had such trickle downeffects. I like the fishing sites were bad. Fishing sites got a lotof money, but I think also like every air drop site that commenced peopleto just like mindlessly pace their private key like that was bad. I thinkall the other sites that then like supported private keys on the web that thenax to scammed or hacked or like had some bowl. Like those losses arealso like a trickle down like got a...

...little more or lessons to learn,but I think we've come somewhere. From the start, like and and there's, you know, murmurings of security communities with an ecosystem trying to build andbuild like General, General Best Practices that are differentiated from Traditional Security and soI hope that over time we can build those things and not, yeah,screw people over so much we're like give them the technology that gives them thepotential to screw themselves so easily. Yeah, I think the biggest thing, Imean I think like we can do best practice is a day. Ithink that will make a major impact, because we're not doing it right now. I ideally, though, I think the best thing would be if,like all the builders were just generally like more like more questioning or more skepticalor more aware or like seeking out the unhappy paths, right, because likewe focus so much on like we're going to build this thing and everyone's goingto use it and we're going to thank the I'm banking to and we're allgoing to be rich day yet and like nobody's like, oh, but ifthis goes wrong, you know, or like watching what's happening in frontother face, right, because if I hadn't, if I hadn't if I just ignoredevery support box question or if I just victim blamed and the like. Well, they shouldn't have entered their key on the fucking fishing site. Then Iwouldn't have learned any of this. I would have just like it wouldn't havecome into me. I would just like shoved it out and I'd be thesame person I was four years ago. So I don't know, that's likethe seeking out of like information and realizing that like nothing that we're building.No, no, decision we made four years ago, like you should probablybe unhappy with most of the decisions that you made four years ago, becauseyou should be a vastly smarter person today. All right, so if you don'thate yourself, your your four year old for years in the past self, you're doing something wrong, because that that that's a lesson for today.Yeah, I mean right. There's things that, like, I read tweetsthat I wrote, wrote like a six months ago around like you ignorant littlechild. Yeah, but I also read stuff that I wrote a long timeago and I'm like fuck, yeah, man, good chop. Yeah,there's there's yeah, Oh, if you haven't re read it and while myfuture, the future of a Theorem, doesn't have wallets. Article from liketwo thousand and eighteen, I think. I just reread it randomly. It'sso good not to tell. I will try and remember to add it tothe description for those who would like to read it. But it's good becauseI was ignorant. Good disclaimer. All right, Taylor, you want toshout out or say anything before you leave? MMM, just think more, justlike, seek out knowledge more, seek out information more question like.Just ask yourself, like, what could go wrong? That's all, andthen follow us on twitter at my Crypto, and then we're actually like launching aproduct. Right now. It's in slow rollout mode. So if youhaven't been using Beta dot my cryptocom so far, you will be ordered hoursgratulations. But it's super cool and I hope you, I hope everyone likesit. I love it. Changes Hard, though, so we are expecting thenormal bath flash. Well, congratulations and thanks for coming on. Yeah, thanks for having me. Yeah,.

In-Stream Audio Search

NEW

Search across all episodes within this podcast

Episodes (109)