Giacomo rejoins me on the show to talk about the need for Bitcoin to be both Hard Money and Dark Money. In this show we talk about: 

  • What Dark Money means
  • Why “Just use Monero” is not a satisfactory answer
  • Use of atomic swap services or other
  • Can compliance bros kill Bitcoin?
  • Global KYC capture risk – would it create a minority chain soft fork? 
  • Why NgU is still important

Links: 

Sponsors: 

Stephan Livera links:

Podcast Transcript:

Stephan Livera:

Giacomo, welcome back to the show.

Giacomo Zucco:

Thank you for having me back. It’s a pleasure. It’s a long time.

Stephan Livera:

Yeah, it’s been a while since you were on my show actually, but I always love seeing your perspective on Bitcoin Twitter and the articles you write and the talks you do. And you did a great one recently at Unconfiscatable, which we might get into some of that also, because I think it’s a very topical moment for many of us in the Bitcoin world where we’re having this discussion about Bitcoin as a tool for privacy, but also as a tool for savings and a store of value and just being a better money. And I think this is something you have spoken about, this idea of Bitcoin being both hard money and dark money. And that’s probably a good spot to start. So maybe if you just want to frame this for listeners—how would you define hard money and dark money? Why are both of those important?

Giacomo Zucco:

So hard money is not a definition that stemmed from me, it’s pretty standard, this point. It’s the Bitcoin standard in a way, because it was popularized by Saifedean among others. So hard money is basically the characteristic of supply inelasticity. When you have more people demanding some kind of very saleable good as a form of money for monetary function, the supply production will resist, will be inelastic, with respect to the demand. That’s very important for money, because if you use as money any other thing, you incur into this money trap. Basically, you have more demand for this good as money for monetary functions, so now you have more demand so now there is more incentive for the producers to basically produce more, and now you will have a collapse of the price and it’s not working as money anymore. So it’s important to have this kind of supply inelasticity. It has been qualified better as a stock to flow ratio, which is separate from the stock to flow price prediction model. I mean, at this point it’s very important to separate the things—price prediction is a very difficult endeavor, while the analysis of the stock to flow ratio as a fundamental measure of inelasticity of the supply—and scarcity, basically—is very important. So hard money is very well qualified. It’s a definition that overlaps a little bit with a previously famous definition of sound money, but I think it’s a more clear definition of what makes scarcity so important for the monetary function of Bitcoin or of everything else. Dark money I will admit is probably something that I’m trying to push more myself. It’s not very standard at this point within Bitcoin or outside Bitcoin, and I started to push it in my Discovering Bitcoin series in Bitcoin Magazine. And I think it fits very well because it’s a similar sounding, very short definition. It’s not like fungibility or deniabil—it’s like, Dark is very compact. And it also basically makes you think to dark net markets, which to be clear is not the only case of application, but the most clear self-evident case of application of some form of money that cannot be spied or censored easily, and that it’s basically free to use as you please without consequences. But there’s also a lot of other, like, if you think about that, the idea of dark is used also outside the specific idea of secrecy. Like, if you think about the intellectual dark web where journalists are classifying people like Peterson, or Wolfram in science, it’s basically everybody who is not in the official whitelist. So there is a whitelist of people and stuff and ideas that you are allowed to follow, and then there is a dark side of it, which is basically everything which is below the whitelist, everything which is without the light of the official sanction on it—so everything which is below that. And also there is the idea of going dark: so when people need physical cash, or in this case digital cash, they usually need cash because they want to go dark. So they want to be able to spend without being pursued or harrassed or confiscated or punished or anything else. So I think dark is very good. I mean, for somebody it could be [feeling] scared. The whole idea of calling this stuff dark net is to make that scary, but at a certain point, just like maximalism, we could just take the negative connotation of the word and just ignore it and reappropriate the word in general. So explaining hard money is very simple. It’s scarcity. It’s a supply inelasticity. Explaining darkness is a little bit more complex. I will start probably from the definition of censorship resistant. We say that Bitcoin must be censorship resistant, but what is censorship? Basically you can resist censorship in two ways: either you can physically outpower the attacker—so somebody wants to censor you, wants to prevent you from spending your property as you please. And in order to resist the censorship, you just outpower the attacker physically. So I come to you—No, Stephan, you cannot spend that. And you are just bigger than me and you just punch me and it’s over—you are censorship resistant. But the other kind of censorship resistance, which is more pertinent to Bitcoin, is admitting a physical inferiority. Like, I’m the US government, I come to you—you cannot spend it. You cannot punch me—not easily. I mean, if you are the Taliban, maybe you can try to fight for 40 years, but it’s not trivial as a consequence. So you have to resist, but you cannot resist physically. So if you cannot use the physical force asymmetry, then use the information asymmetry in order to beat me, which basically in Bitcoin it’s at two levels. The first information asymmetry is at the level of the user, which is the private key secrecy. Since I don’t know your keys, I cannot prevent you from spending because I cannot spend that money away from your wallet, so I cannot stop you from spending, because you know the key and I don’t. So this is the first level of darkness, of secrecy. The second level is, if I don’t even know that you do have this money—because I cannot easily track you—it’s even harder to try to steal your money or to censor your money or to confiscate it or to freeze it, because I don’t know how much you have and where you have it. So first, the private key, and second, the fact that you have any money at all. But this kind of darkness is not just at the level of the user, but also at the level of let’s call it the system administrator. For example, in the case of E-gold, even if users were pretty anonymous in a way, the system administrator was not anonymous, was not dark, was very clear, because it was just two guys and they just had to arrest them and shut down their server, and they knew where the server was and where the guys were. They just put some electronic ankle—they just had to jail them, basically. In Bitcoin, you have this kind of darkness, because first of all, you don’t know who Satoshi Nakamoto—the creator of the system—is. The anonymity of Satoshi is very important because it’s not an attack vector, while other cryptocurrency creators or system creators, they may be an attack vector to the system in general. And second, even if you knew who Satoshi is, it’s not important anymore, because at this point everybody’s replaceable, everybody’s disposable. If you shut down a miner, another miner can just plug the ASIC in. If you shut down an exchange, another will come. So you have made the system censorship resistant, because you don’t know who you have to hit in order to take the system down. So this idea of darkness, I think it’s a better characterization of censorship resistant. We are not resistant to censorship because we can outpower the attacker, but because we know things that the attacker doesn’t know.

Stephan Livera:

Yeah, good explanation there. So at a very superficial high level, you could think of dark money just being private money, right? That’s maybe a very simple way to put it, but as you say, there are levels to this, because if you are strong enough, physically, you could just say, I know you know I have this money, but I’m stronger than you, so I’m just gonna do it anyway. Or as an example, you might say, Okay, look, instead of all the gold of the world or a very high percentage of gold of the world being stored in one vault in Fort Knox—instead of that—it’s because it’s so distributed all around the world or all amongst the country or in different places amongst different people, for this large entity to go around and seize it, it’s just physically very difficult, similar to your US and Taliban example, right? Because they’re just all spread out in the same kind of guerilla warfare, Vietnam sort of idea.

Giacomo Zucco:

Which is also an information problem. If you want to stop the Taliban, if you want to conquer Afghanistan and go home by home, your problem is also an information problem. You don’t know which one is a resistance, which one is just a civilian—it’s asymmetric, because you don’t know. The enemy could be everywhere. So it’s still a problem of information and secrecy in a way.

Stephan Livera:

Right, right. Yeah, correct. And so then I think the challenge for Bitcoin as an open source project to overall survive and go this way is this idea that it has to be both. Is there a fundamental trade-off between being one or being the other? And I think that’s probably the interesting question. So what’s your view on that? Is there a fundamental trade-off? Or is it not the case, and actually for Bitcoin to survive both aspects, both ideas must be preserved?

Giacomo Zucco:

It’s both, meaning that there are trade-offs. For example, the main trade-off is that when you optimize technology for hardness, for example auditability of the supply, there are smart ways to also have a good privacy. And vice versa in the other way around. But usually you do have to choose some optimization. They are a little bit in trade-off. An example is a typical problem in cryptography of perfectly binding versus perfectly blinding. When you have this problem of obfuscating things, you have to choose if you want to make these things easier to retrieve in case of confusion of bags and stuff, or easy to hide. And you do have to choose. But my point would be that, at the more general level, we have to have both, because these are actually self-reinforcing characteristics. In particular, money cannot be really dark if it’s also not hard, and this is the point that I think many privacy coin proponents don’t understand. If you don’t have hard money, people will not use it if you don’t have the most saleable good, which also depends on its hardness. At least in the context of your use case like your dark net markets or stuff, if your money is not the more hard, it will never be the more liquid, and if it’s not the more liquid—so, the more used—then your anonymity set will decrease. So the problem is that it’s not just about the technology you use, it’s also about how many people are using the same technology. If you have the perfect anonymity, if you have a suit covering your face features completely, but you are the only guy using that suit among a room of naked people, it’s very easy to spot you because you are the only one using it. I cannot see your face, but Stephan is the only one missing among these naked people, so I know it’s him under the suit. So the problem is liquidity and anonset, and the anonset depends on liquidity. And it’s not easy to solve this and to work around just saying, Okay, let’s use Bitcoin as a very liquid store of value and let’s use something else as a dark medium of exchange, because every time you have to get out of your store of value and enter in the medium of exchange, that will be a liquidity bottleneck, and that will also be an anonset bottleneck. And the other way around—when your merchant gets paid, he will have to exit the medium of exchange into the store of value long-term, and there it will be an anonymity set bottleneck as well. Also, the other thing why hard money is usually not very good at being dark is also the thing about HODLing versus spending. If you HODL, it’s pretty easy to stay dark, because you are not moving anything. You’re not just leaking any metadata about spending. You’re just keeping your private keys secretly for 20 years—very hard to spot you. If you have to spend continuously—so if your money is not hard, you have to keep spending like an inflated Venezuelan government shitcoin, then you need to move around. You need to leak a lot of metadata. We leave traces on-chain or off-chain at network level, at chain level. So HODLing is good for privacy, while keeping spending is bad for privacy. So a harder money that you can HODL is easier to hide. On the other way around, I will argue that if your money is not dark, it cannot be really hard. First of all, because if it’s not dark at the personal user level—so you cannot easily hide that you have it, or your private key in this specific sense—then the more powerful attacker, which in this case is the government, or it could be just a common bandit or others, they will come, if you cannot hide the fact that you have it and where you have it and how much you have. And in a more extreme scenario, even your private keys—so if you don’t have darkness, if you have complete loss of secrecy, then they can just take it and make it not hard anymore. Like if it cannot inflate the supply, well okay, they can just take the same amount of the supply instead. Another example is: imagine that we have a Bitcoin that is limited in supply—21 million and everything—but the government will enforce KYC rules, so every time you accept Bitcoin transactions, you need to have KYC whitelisting of the UTXOs that you use. In this case, the question is: if the government was powerful enough to prevent you from running a Bitcoin node without those additional restriction—which is basically a fork—if the government is able to prevent you from running the original Bitcoin, and it’s forcing you to run Bitcoin plus whitelisting, what is actually stopping the government from forcing you to also run a Bitcoin which is hard forked and it’s, for example, using some kind of inflated cap? So some people are thinking that privacy and the 21 million are completely separated things and imagine that the government will basically clamp down on privacy, but then once everything is not private, they will just magically leave the 21 million thing to go untouched. But I think this is fundamentally misguided, because the government, for example, imagine the government of the United States, they may like prohibition, because of it’s control on people, so they may want to stop people from buying weed. Sure, okay. Maybe they want to. But what is more important for the United States government? Stopping people from buying weed? Or stopping savings of the nation from escaping the inflation tax? So I will not know how to quantify it, but I would say that probably 80%-90% of government spending is not now funded by direct taxation—so coming to your home and taking your money—it’s funded by issuing debt, and then printing money to take your money out of Cantillon effect to monetize the debt. So the budget of the federal government of the United States is based on inflation. If you have a money that will not be used to buy weed, but will be used to basically destroy 90% of the federal budget of the government by making the savings of most people government resistant—I mean, you have to assume that the effort that the government will put into monetary compliance will be orders of magnitude more of the effort about weed-buying compliance. Nobody cares about weed. So it’s a canary in the mine. It’s a litmus test. If you cannot resist a whitelisting to make it private for buying weed, for sure it cannot resist an analogue whitelisting to make it easy to inflate. And the last argument—and then I’ll stop because my answers are long—the last point is fungibility. In order to stay hard, the money has to have not only hard to manipulate supply, but also a good demand. And if you break fungibility—so if people cannot accept this kind of money without having to spend unpredictable cost in order to know if it’s the legit variant—so I come to your shop, I pay with cash, you take the cash and you give me the money. You don’t care for anything else. I come to your shop, I give you the money, and now you have to imagine, What are the various regulators of various countries thinking about how many on-chain hops I have to spend between a CoinJoin? And any kind of acceptance of fungibility breakdown will reduce the liquidity of money, because it will increase the cost of acceptance, the cost of receiving, in an unpredictable way, because maybe you are Julian Assange, so I really have to look at maybe your money is coming from the cousin of the barber of Julian Assange, and I have to know that. So that’s basically breaking [fungibility]. So we need both. A dark money cannot not be hard, and hard money cannot not be dark.

Stephan Livera:

Yeah, interesting. And as you rightly point out, there is a reason the state demands control of money. And there’s actually a very great essay by Hans-Hermann Hoppe talking about why the state demands control of money. And as you rightly say, if Bitcoin were to get captured to that point, then the supply cap may get manipulated, or it may be manipulated upwards by some politician who wants to promise the world in terms of spending and so on. So that’s probably an example where there is an argument there that you actually need both longer-term. Now, I think the counterpoint, and probably what people might be thinking is, Well, there is a challenge in terms of Bitcoin today, because many of the people entering the Bitcoin ecosystem are doing that through a KYC entrypoint through an exchange or a broker or some kind of service where they have to provide government documentation, and there is a list now of people that could be requested by the government, or it could be hacked by a third party. And so this is a difficult thing, because we’re all in this ecosystem and we’re trying to advance Bitcoin, but at the same time, there’s this government regulation which many of us don’t like, would prefer did not exist. But for certain businesses above a certain size and scale, they have to operate and they have to play in that white market space. So how do you think about that balance there of businesses who are in the KYC white market world as opposed to the peer-to-peer world?

Giacomo Zucco:

So I think there will always be a trade-off between convenience and censorship resistance. So if you want maximum convenience, just use fiat as long as you can—eventually you will not be able to. So when you have centralization, you have efficiency, you have convenience—everything is easy. Everything is cheap. Everything is fast—until it’s not, because you’re Russian ,because you’re a trucker, because you don’t fit anymore the fragile political white listing. So everything is convenient until it’s not. If you go on the decentralized extreme of the spectrum, it’s the opposite—everything is so inconvenient. Everything is slow, expensive, inefficient. Like, buying Bitcoin without KYC—I mean, you can use Azteco: you have to move, you have to find the shop, move around, take some cash. If you have money in the bank, you have to withdraw the money first, and banks are not happy to let you withdraw the money. Then you have to go there, but you have limits in your Azteco vouchers, so you have to buy more. The ATMs is the same, or Hodl Hodl is the same, and Bisq is the same. There is a lot of inconvenience. So the point is that you may prefer to go where it’s convenient until you can’t. But the main thing we should be actually aware of is that the problem is that eventually you will not be able to anymore, because the point of this censorship is that it keeps growing and excluding. The more the government is becoming bankrupt, the more it will try to implement stuff like negative interest rates. And the more they will want to implement negative interest rates, the more they will try to stop you from going outside the system, and so they will basically censor you if you go out of the system. So they will find new ways to confiscate and censor. And they did it already with—and this is another good example of hard money that was not dark enough—gold. Physical gold, before Roosevelt confiscated it from the American people in a Western democracy. Not in North Korea. In a historically recent Western democracy, the President of the United States confiscated gold from people. Gold was hard, but it was not dark enough, because it was not hidden in private homes, but just in this very easy to spot third parties. And so the point is: we have to know the end goal. The end goal is that at equilibrium, this money will be either censored or confiscated. So the convenience that we are basically getting now, it is at the expense of the absolute lack of convenience that we will have when it will be confiscated or taxed or banned. Also, as you said, we are thinking about the government, because in geopolitically stressful times like now, like in the 30’s, there may be something like Roosevelt confiscating the gold of the American people, sure. Like Italy did, and Germany, or basically elsewhere. But as you said, it is not just about the government. It’s also about personal security against random bandits. For example, people were scared—rightly so—about the leak in the Ledger customer list, because these people, they basically acquired this list of people buying a Ledger device. Now they knew that you had this name and shipping address and you had a Ledger, so now they could try to either attack you or blackmail you or do phishing attacks on you and stuff like that. And this worked because now they had the list of high conversion rate victims for their attack. Same goes with Block-Fi and more recent leaks. Eventually, when you put your personal financial data into something, this will leak eventually, and it will be used to attack you in a more targeted way. And the KYC lists are the most dangerous of all, because if you compare the Ledger shipping list where you just have your name, maybe your company name, plus your shipping address—not necessarily your home address—and the fact that you own a Ledger. So somebody could assume that you may have some level of coin. Compare that with a KYC list when they have exactly your legal name with your valued documents, your residency with a proof of reside that you have to give the exchange, and where they have the exact amount of all the coins you buy and the exact address of withdrawal, and all the on-chain movements of these addresses after the withdrawal. So you cannot even say, Okay, I sold it—I’ve lost it. Oh no, I can look on-chain and I see what you have done. So KYC lists are extremely dangerous because also they’re not kept inside the exchange. They are sent by the exchange to several government agencies around the world, so you have literally thousands of people accessing this list. So the probability of leaking is eventually strong. And that’s a danger for you and your loved ones. So, in order to answer to your question: I think that nowadays we cannot fight the fact that KYC stuff is easier for privileged first world people that are not yet censored than the alternatives. The alternatives are hard and slow. What we have to explain is that that suffering you are going through now by avoiding the KYC trap is not just for the sake of suffering, it is because the first way will eventually increase the amount of harm you will receive, probably, when the situation will go in a certain direction. And the probability the situation will go in an idyllic, utopian, opposite direction are very, very low. I don’t want to say they’re zero, but the probability that we will see less censorship, less taxation, less confiscation, and less random banditism are very, very low.

Stephan Livera:

And so the situation around privacy in Bitcoin, there are challenges, I think it’s fair to say. And so I’m curious your view as well: as we look back on the Bitcoin industry, do you see it like the right tools need to be built? Or is it a matter of the way that the businesses in Bitcoin have gone that have been too much around KYC? Or is it around the community, that the community should be more anti-KYC in your view? Like, are there things that the community should have done? Or is it more just that the ongoing encroachment of government and KYC was just always baked into the cake from the beginning?

Giacomo Zucco:

So I think that one of the main issues about this technology is—I would say two of the main issues: they are issues that we should discuss and analyze and maybe mitigate, but I don’t think there is any obvious way around it. The first issue is that the digital realm, the Internet, online digital anonymous identity or pseudonymous identity, they created a lot of space for freedom, because we are not physically in front of the attacker, so that the symmetries are limited. So the Internet was a force for freedom like in the Arab Springs, black markets everywhere, or even just people spreading the content of some laptop on Twitter right now even if it’s forbidden. So it’s a way to counteract censorship, but it’s also a technological stack that will leak information everywhere. So when you’re using the Internet, you have more power than when you had to physically move and pay your provider with physical gold or physical cash. You have more power. You can easily buy your secret medicine or medical certificate across the world. So you’re basically entering more powerful markets with more exchanges, but at the price of leaking more. Bitcoin lives on the Internet and the Lightning Network lives on the Internet and everything we do will have a non-trivial possibility to leak information. So privacy on the Internet is in general hard. If we go around with physical gold, that’s intrinsically easier to stay private, but it’s way, way less powerful. So I’m not suggesting to just stop using the Internet and just withdraw from the global market. You don’t get more freedom if you just stay—I mean, yeah, you have the freedom to stay in your own local prison without weapons, food, and any kind of medical support. Of course you’re more private—you’re darker—if you stay in your coffin, but you’re not powerful. You’re not leveraging the darkness that you get. So, Bitcoin needs to stay on the Internet, and the Internet sucks for privacy—we have to accept this, explain this to people, know that you can make many mistakes and eventually will make mistakes. There’s no perfect privacy, no perfect darkness. It’s better that you leak something and you know it and you can prepare accordingly, than just to think your privacy is perfect, because it most likely isn’t. Then more specifically in Bitcoin, we have another additional problem. Bitcoin is as hard for privacy as any other Internet system, plus we also have the specific Bitcoin problem of the global consensus. So the great invention by Satoshi Nakamoto—the timechain or blockchai—it solves the double spending problem in a decentralized way at the settlement layer, but it basically makes it so that every other node of the system will have to register all the information forever. So if I give you a gold nugget, you keep it, and other gold owners they don’t care. If I give you a Bitcoin on-chain—there are other ways—but if I give you Bitcoin in the first layer of Bitcoin, then every other Bitcoin user, forever, will have to download and verify that information, which basically creates a paradox that we may solve in two ways. And one way is what I call—I’m not sure my definitions are very standard but I don’t care, I like them, I think they are clear—one way is privacy by obfuscation. So we keep sending this information to everybody forever, but we obfuscated this information with more information. For example, instead of a clear signature, we put some blinded Chaumian signature. Instead of one input and one output, we put 10 inputs and 10 outputs in a CoinJoin. So we are using more space in order to add more information which is decoy information and is giving us a little bit more privacy and deniability. Or we do a lot of on-chain hops. So instead of paying this exchange directly, I pretend to pay somebody for 10 times, and then I pay the exchange and I get deniability. So all these techniques are fine, but they basically fight against incentive problem of the global consensus. Everybody keeps having all the information, just obfuscated with confidential transactions: bulletproofs, range proofs, ring signatures, or zk-SNARKs—you are just adding more stuff to obfuscate your stuff. The other opposite strategy is privacy by omission, which is, Let’s not use this global consensus until it’s necessary to use it. So for example Lightning, which right now is not great for privacy. If everybody’s interested about Lightning and privacy, I gave a speech about that in Istanbul a few weeks ago, which I think it’s pretty much like giving a broad picture of the problem. But in theory, Lightning goes in the same direction of the incentives. You don’t have to put everything for everybody else to see—you are retaining the information, not obfuscating the information. And this is something that we may discuss also about Monero and Monero trade-offs or Zcash and stuff like that. So there is the Internet, there is a specific problem in global consensus, and then there is a problem of mostly users not caring enough for a long time. We may translate this as: this is the fault of the governments, because the governments were not evil enough soon enough, so people thought that they may actually get away with free economic interaction with inflation-resistant saving and with censorship resistant markets without the government doing anything for a long time. So they got lazy for many years, they were thinking about nice UX and stuff like that, but they were not really caring for privacy. Most Bitcoin wallets—not Core to be, to be fair—but most non-Core Bitcoin wallets, they were connecting with other people’s nodes asking for all the UTXOs in clearnet, so giving basically your IP, which is basically one phone call away from your legal name, to another random server. And many wallets still do that, basically, without a full node. And also they reuse addresses. So people were basically posting an address on a blogpost—I was doing that as well in 2013—this is my address for donation on my blog post, link to my name, reuse it for 100 times, which is terrible. And many tools were actually poor. Only right now, Bitcoin wallets are starting to really play with CoinJoin and Payjoin and CoinSwap stuff, but it was possible—like, Gregory Maxwell analyzed CoinJoins since 2013. And only now we are really seeing, within all the dramas like Wasabi drama and everything, we are actually seeing a real interest by the user. So (1) technological problems first, (2) user apathy that was driven by the lack of short-term attacks—there are only long-term attacks—there was a very good speech by Peter Todd in Milan in 2018, and he made this metaphor: The danger of fire versus the danger of mercury. Or basically: Fire is great because when you touch it, you immediately suffer and you withdraw your hand. Mercury is shiny and nice and you keep playing for two months and then eventually you get poisoning and you die—and you cannot stop it. So the problem is that the way the government approached privacy was mercury, not fire—they’re not hitting people immediately in 2009-2010. They’re slowly, slowly, slowly increasing censorship and increasing surveillance. So technological challenges, users apathy, and the third is (3) exchanges. Exchanges are a problem because exchanges are a fiat business that need a bank account. So the typical centralized exchanges, in order to survive, they need to beg the government and the fiat banking system. They exist only out of mercy and complacence of these centralized entities. So while a business without a bank account may actually become pretty much resistant to regulatory pressure—I mentioned Wasabi, and right now the company behind Wasabi’s coordination, zk-SNARKs, they actually self-censored, imposing by themselves some level of censorship on the users, which was not legally required. But this is a typical dynamic of VC-funded companies where the legal team gets scared and they will start to scare everybody else. But in theory, an entity like zk-SNARKs could also exist as a pure anonymous TOR service so it’s resistant. That specific company basically was destroyed by this self-censorship, but another company as centralized as that could actually survive. Not so with the exchanges, because centralized exchanges—typical custodial exchanges—they need a bank account. And you can never have a bank account without bending your knee completely to regulation. And so they started not only to accept regulation, but also most exchanges, they were more proactive about censoring people than the governments themselves. Even when the governments were not actually understanding Bitcoin at all, most exchanges were basically self-imposing stricter KYC rules, even stricter than requested, because they were so scared to get put out of business by their bank accounts closing. Imagine this: you have a normal bank, you withdraw cash from the ATM. They spy on you within the bank, of course, because they know everything. But once you withdraw that cash, they don’t pay for a private investigator to follow you in your car to see where you spend that cash—they don’t do that. They’re not forced to do that, because it’s expensive. Bitcoin exchanges, when you withdraw the Bitcoin to your address, they will hire private investigators to follow you outside of the system in public Internet—just like a PI following you in the street—after the KYC interaction. And exchanges are paying for that because they are terrorized—they want to appear as such good boys that they go beyond. And actually exchanges are the ones preventing people from not reusing addresses. Most exchanges when you withdraw, they will force you or push you to reuse the address. And some of them will freeze your account or flag your account if they see that you’re using best security practices like CoinJoin or Payjoin and stuff like that. So exchanges are a problem. It is not every single exchange, people are evil—in some cases yes, like Coinbase—but not always. Sometimes they are good guys, but they are just forced by incentives to be even more regalist than the king. I don’t know if this is a saying in English too, but in Italy we say, You are more royalist than the king himself. I don’t know if there is an analogous saying.

Stephan Livera:

Yeah, I get what you’re saying. And this brings up this whole concept of compliance bros, and so this comes in in some of the discussion, and also mentioned in your recent talk. So listeners, I will include Giacomo’s talk link in the show notes for this episode. I highly recommend you guys check it out. And just for listeners, the high-level summary was essentially that there are these different camps or subgroups within the Bitcoin world, and there is one particular group which is derogatorily-named the compliance bros, because they are the ones who are trying to proactively go to the government regulator and say, Oh yes, look, Mr. Regulator, I’m stopping a crime. I’m doing chain surveillance on my customers, so please do not ban me. Please do not stop my banking relationships. And look, to steelman that a little bit—obviously I’m not defending that, but there’s a steelman here—which is that government regulations sometimes are unclear, and so sometimes they have to exploit that gray, they’re playing with the gray. They’re saying, Look bank, you must do KYC and you must do AML and you must do a risk assessment. And look, cash is very high risk—what are you doing to mitigate that risk, Mr. Bank? And in this case, in the Bitcoin exchanges, they’re sort of in that kind of, Oh, we don’t want them to ban us. We need to look like we’re trying to do something. Ah, oh look, here’s these chain surveillance companies. And there’s a little bit of a let’s call it regulatory capture play going on here because these chain surveillance companies obviously want to have themselves put in and have the regime back them in that way and the regime will then come out and mandate that all the other exchanges must do chain surveillance. Now, currently that’s not the case. It’s not a mandated requirement, but this is sort of where the conversation is going now because of the conversations about Bitcoin growing up or maturing and so on. And that obviously causes some tension in the community because there are those who say, No, Bitcoin needs to be dark money, right? And so do you see like compliance bros are able to kill Bitcoin? Is that sort of what you’re getting at? Or are you saying essentially that this is something that has to be pushed back on?

Giacomo Zucco:

Yeah, the latter. If they have the power to kill Bitcoin, Bitcoin is doomed anyway, so it’s better to know before than later. So if compliance bros can kill Bitcoin, they should, and please do it immediately so that we know that Bitcoin is failed as an experiment—by definition—if that’s all it takes to kill Bitcoin. I think the problem is that they cannot kill Bitcoin, but they can get some Bitcoiners killed, at least in a financial way. They can get people spied upon, censored, confiscated—not the system itself. The system is very resilient, but single people are not resilient, and we have seen that with the truckers protest or others. Bitcoin is decentralized but single Bitcoiners aren’t, and that’s maybe the problem. To be fair, I appreciate your steelmanning because it’s true. Like, for myself also, I remember—so in Bitcoin, privacy is this strange thing because it’s all or nothing. Either Bitcoin is completely private because pseudonymous users in the transactions are not connected with the legal names—so there is total privacy—or it’s completely unprivate because, at least on the base layer, once you connect the names with the people, the names are so connected among them, that you can basically leak everything. You can spy on the past and future private financial data of everybody. So you have total privacy or complete lack of privacy—and personal security as well, because you can have kidnappers or blackmailers or any kind of stuff. So of course Bitcoin can work if it’s completely private, but it cannot work if it’s completely non-private because of the things we’ve said about dark money, that in a money where you cannot protect yourself, there is no point to that against fiat, because if you don’t have the secrecy to protect you from your physically more powerful adversaries, then what’s the point of the cypherpunk strategy at all? So you have this kind of problem. At the beginning, the regulators were not really understanding anything about Bitcoin, so there was a temptation—and I felt this temptation myself, and I fall for it—to actually ride the total traceability narrative in order to reassure the regulator and delay the tech. So the point was, Okay, we can use Bitcoin privately, but Bitcoin is also in a way totally traceable. So let’s insist on this second part—which is not really a lie, it’s a white lie omission—so let’s insist about this. And so we created—I did it in Italy when I had an advocacy group—this kind of [admittance] that Bitcoin is completely traceable, that you cannot commit crimes with Bitcoin. Of course, if you cannot commit crimes with Bitcoin, Bitcoin sucks as money because it’s like selling shoes and you say, Okay, you can never rob banks [wearing these] shoes—you are basically selling very, very shitty shoes. I mean, they don’t work if you cannot use them to run from a bank robber. So Bitcoin can be used for crimes—for sure—as long as it works, but we promoted the other way around in order to make the regulator sleep a little bit more and to buy time. I mean, Please don’t don’t attack us, let us—so in the meantime we built stuff, we built privacy instruments, we built power, we built wealth, and we buy time. The problem with this approach is that at the same time while you basically gaslight the regulator—which is fine, gaslighting the attacker is fine—you also gaslight, eventually, future users. So you will have users that think that a) they think that nobody will ever come at them for Bitcoin because, It’s totally traceable, I’m fine, so nobody will confiscate from me—wrong. If we want to teach you honestly, we have to teach you history about Roosevelt’s confiscation. If the monetary impact of Bitcoin is what it may be—if it works—they will try to attack you, because the federal budget of the United States of America will be destroyed because the Cantillon tax will not be there anymore. So then the problem is non-expert people will receive the notion that Bitcoin is basically bad for privacy, because they’re not stupid. Maybe they’re not expert but they read, Bitcoin is totally traceable. They know that they need financial privacy because financial privacy is important for personal security, and they will just dismiss Bitcoin. Maybe they will go into some kind of privacy shitcoin. Maybe they will just stay outside of the global Internet market, because they think that there is no option. So they will self-censor because they will think that Bitcoin cannot be used privately—while it can, with a lot of challenges and attention, but it can, of course, more than credit cards. Bitcoin is very bad for privacy compared to physical gold, but more powerful because it’s on the Internet. If you compare it with other stuff on the Internet like credit cards or PayPal or banking, Bitcoin privacy is great. It’s not bad—it’s great. It’s just that it’s not as good as physical cash or physical gold because it’s on the Internet, because there is global consensus. So the idea of an exchange that will promote traceability in order to gaslight the regulator, I think it’s fine short-term if it’s just a strategy to buy time in order to strengthen the privacy of the users. If it’s a long-term strategy and you end up gaslighting the users instead of the regulators, that’s very, very bad.

Stephan Livera:

Yeah. So as you rightly point out, I think it is important that people have the right expectation, that they don’t believe that. Oh, just because I’m using Bitcoin I’m private. Well no, you need to take some additional steps. You might need to use CoinJoin. You might need to use various techniques to actually remain private. You might need to use TOR. And obviously some wallets have this built-in—Specter or Samourai Wallet or some other ones might have that built-in so that you can do that.

Giacomo Zucco:

And same, if not worse, with the so-called privacy coins. This is a long discussion, but my main issue with like Monero, for example, is not really that it cannot be used in some kind of secure setup in order to improve privacy. My main issue is that the narrative is coming up as, Bitcoin is not private, just use Monero and you’re fine. While usually for a series of reasons, you may end up with less privacy doing that if you do that in a trivial way. So it’s true for Bitcoin, it’s true for everything else—you don’t have privacy just because you buy some privacy Kool-aid. You really need to understand the threat model and to understand what you’re doing.

Stephan Livera:

Right. And on that point, I think it might be interesting as well just to get your thoughts here, because, calling back to what we were saying earlier, you might still need to exchange in and out. So again, I don’t use Monero, I’m not shilling Monero, but just hypothetically exploring that idea of: if you were to use Bitcoin as your overall store of value, but then periodically swap in and out of Monero, that still necessitates using swapping kinds of services. And okay, fine—there’s a steelman there as well of, There are some automated swap services. Or even abstracting away from Monero, could that be done with, say, LBTC on liquid, and could there be some kind of CoinJoin using Liquid and confidential assets? How are you viewing this idea of having automated atomic swapping, whether it’s in the case of using Monero or in the case of using Liquid BTC? How are you seeing that if someone was to steelman you and say, Oh, what if you use Bitcoin is your store of value and Monero or LBTC as your privacy coin?

Giacomo Zucco:

Well, the automatic atomic swaps help security—so they do help. It’s better to have an atomic swap tool compared to some kind of custodial exchange, sure. But it doesn’t really help privacy. In a way, it makes it even worse because in order to atomic swap, you need a public order book of bids and asks, especially if the two things that you are exchanging are not at the same price. Then you will need liquidity: so you will need somebody able to give you Monero in exchange for Bitcoin, and they will have to publicly signal this kind of a bid in kind of public book, you will have to signal the opposite, and then you will have to match. In a way having the necessity to do that in a decentralized open, automatic, trustless way will actually increase the exposure of the order book, and the order book by definition will have a limited amount of liquidity. So that will be an anonset bottleneck because now you know that you’re passing through this market, and so you know that whoever is the seller, it cannot be anybody’s Monero—it can only be somebody’s. And then you have, of course, network privacy, where you have to send somewhere this kind of pricing, which is the same for some CoinJoin implementations. For example, I use Joinmarket. In Joinmarket, you have to publish on IRC your bid and ask, in a way. How is that different from, for example, Liquid? It’s slightly better, not completely better. It’s still problematic. Like, if nobody—for example, one of the reasons I really didn’t promote or suggest Liquid as a privacy tool for a long time—it’s slightly getting better now, but it would be dishonest to say, Just use Liquid and you’re set—is that nobody was using Liquid up to a certain point in time, and very few transactions. So even if you have confidential transactions there, if nobody’s using that, the anonymity set that you’re getting for Liquid is very slow. But why is it better than atomic swaps with Monero, for example? For two reasons: the (1) first is the peg out requires an order book, so you have this liquidity problem—the peg in doesn’t. When you peg in with Liquid, there is not an exchange—there is not a liquidity bottleneck. Every satoshi can become a Liquid satoshi automatically without passing through a liquidity bottleneck—an anonset bottleneck. You just have a sat, and now you have your Liquid sat. The other way around is not, but at least you have one half of the swapping that will preserve your anonymity set instead of reducing it in a bottleneck due to the order book. The (2) second point is that, when you don’t have a price difference and a slippage—when you don’t have trading but you just have swapping—usually the liquidity is easier to declare or provide. So an order book where you have a lot of people just saying that they’re randomly swapping Liquid for Liquid Bitcoin and over, if there is not a strong financial premium for each, you don’t have slippage. And usually the matching is simpler and you have more liquidity, because you don’t have just the people that want to trade. I mean, I just need a small fixed premium in order to—I can put all my Bitcoins—of course I will not do it because it would be a hot storage, but I could put all my Bitcoin there just accepting a swap to Liquid Bitcoin and then back, provided that I just put a small fixed premium on both, so I don’t care. While I will not put all my wealth in a Monero swap proposal, because there are economic considerations. So a sidechain is a little bit better for privacy than a swap across chains, and what is even better—way better than Liquid but is still a swap—is actually Lightning. It has to be perfected in many, many ways, but right now, if I open a Lightning channel with some Bitcoin, and then I do a submarine swap out, I will do a coin swap not between Bitcoin and Monero but between Bitcoin and Bitcoin, with a way better level of privacy than atomic swaps with Monero. Because with Monero, you need an order book of Monero people selling me with some price and some amount. With submarine swaps you need a market, which in this case is Boltz if you do that with Electrum or with Phoenix, but in this market there’s no slippage so it’s way more efficient. It’s way harder to follow, to restrict the anonymity set using that. So swapping Bitcoin is fine, but the best thing is to swap Bitcoin for Bitcoin. Ideally, you want to swap Bitcoin for on-chain Bitcoin with some tool like CoinSwap by Chris Belcher, which is not perfected yet and needs more work. Less ideally, you swap for Lightning, which requires some level of market premium because liquidity and [inaudible 53:18 sounds like roadability] are not always the same, but still it’s an example of DeFi, basically. It’s a decentralized finance where you will find a counterparty. And then the third best would be swapping to a Bitcoin sidechain where at least the beginning doesn’t reduce your anonymity set and you don’t have slippage. And the fourth best would be swapping, for example, to Monero and back. And then you have to consider all the considerations about how much liquidity there is on Monero and how much anonset. In Monero, basically every previous user of Monero is part of your anonymity set in Monero when you’re in, but even that is not much compared to the volume that’s going on in Bitcoin. I would say it’s comparable. Calculating the whole anonymity set of Monero depends on threat models, specifically of what your attackers are looking for, but in general, the amount of people using Monero—and the volume—are so low that even all the anonymity set of Monero can actually be trivially compared with some huge Joinmarket CoinJoin rounds, for example, minus of course the [inaudible 54:33 sounds like amount correction] problem that you don’t have in Monero or Liquid and you do have in Bitcoin on-chain. So I think the takeaway is: it’s complicated.

Stephan Livera:

Yeah I agree with you.

Giacomo Zucco:

If somebody says you cannot be private with Bitcoin, it’s lying. If somebody says you can be perfectly private forever without effort with this other thing, he’s lying.

Stephan Livera:

Right, yeah. And I mean, there’s other considerations there as well. So as an example, even in the Bitcoin world, there are other fingerprints or heuristics that could be applied. So they could say, Okay, what’s the scripts type? What’s the nLockTime? What’s the sequence number? Or some of these other things that could then narrow down the Bitcoin anonymity set, where if you compared that versus, say, Monero, then it actually gets a bit more comparable. I mean, who knows? And then the other point that’s interesting as well is that, could it be that these things later themselves become the surveillance mechanism? So giving an example: in the early days of Electrum, there were people just using Electrum Wallet and the Electrum servers, and then later it’s kind of figured out, Oh, the chain surveillance firms figured out, Hey, let’s just be the Electrum servers for people and use that to surveil. In the same way, could there be surveillance put on at those atomic swapover points, potentially even maybe not inside the Monero world, but let’s say when you’re trying to swap out of Manero back into Bitcoin, could there be surveillance leveraged at those points? And then that’s also another consideration potentially, also.

Giacomo Zucco:

Absolutely. If you now do what I say in order to swap your coins, you have to know that if you—let’s give an heuristics scenario: use Electrum to create a channel and then you swap out using Boltz. If the Boltz market is full of a Sybil-attacking liquidity—so if the Boltz market is compromised and it’s basically matching your request to swap out with a lot of chain analysis money, then they know half of your trade. They have to collude with your trampoline node—which may be Electrum itself or ACINQ or others—if they collude with the trampoline node, now they can deanonymize you. It’s still pretty good, I would say, especially compared to nothing, but there is a threat model in that as well. There is one big advantage, though, between what you can do on-chain and what you can do in these kinds of swaps. The advantage is that, on-chain, even a passive attacker can spy on you forever. So on-chain heuristics, this is there forever—you don’t have to spend money on outside competition in order to make your guessing and connection. If you want to attack Bitcoin on a Lightning-level or swap-level or Lightning routing-level or Monero versus Bitcoin in a swap market, you need to put your money where your nose is. So if you want to sniff somebody, you need to pay. Like, assume that the government of the United States wants to basically compromise 90% of the Lightning channels. They have to buy Bitcoin and put a lot of Bitcoin there, increasing the price. So it’s bad because they’re attacking us, but there’s no free lunch, at least in attacking, while chain analysis can be done completely passively, which is a little bit easier—it’s unfairly easy for them. So let’s make it harder.

Stephan Livera:

It’s unfairly cheap right now—let’s make it harder, yeah. One other area I was keen to chat about—and you touched on this before—is this idea of creating a soft fork like maybe unintentionally, right? But I think that’s an important question as well: considering this whole trade-off, and there’s the different groups within Bitcoin. And you could say there’s this kind of compliance bro, Number Go Up aspect, and that that’s the criticism is: Ah, see you compliance bros don’t care about the ethos of Bitcoin—you just want Number Go Up. You don’t care about regulation as long as it pumps your Number Go Up. And the privacy gang, the never-KYC gang, right? And I don’t have anything against non-KYC acquisition of coins, but I think just in that interest of talking about what exactly would that soft fork look like, how would that conflict play out if, let’s say, governments tried to mandate certain whitelists or blacklists? And I think what I’m getting to here is: how feasible is that, really? Because at the same time, there could be different countries who have different ideas of what should be sanctioned. And even today, even in the fiat banking world, the US government has their sanctions on various Russian oligarchs, as they say, but then also the Russian government has their sanctions on President Biden and Jen Psaki and some of these other people. And so how realistic even is that idea in your mind?

Giacomo Zucco:

So I think that straight collusion among world governments is a very rare phenomenon, but it’s a more and more common phenomenon. The present crisis with Russia and Ukraine is of course a tragic crisis for everybody—it’s horrible. But it’s a good example in this regard, because now you have blocs of not completely symmetric but quite powerful adversaries. And you have also neutral blocs. Like, now you have Russia, you have China, you have the US, the NATO, and everybody is trying to censor everybody else in a very uncoordinated way, in an adversarial way. There are a few different blocs. And that’s actually an example of censorship that does hurt people, of course. If you are a Russian pacifist with a Ukrainian wife in the US, now your property is confiscated—so it’s terrible. But at least there is no single source of censorship, there’s not a single whitelist so it’s not easy to, for example, soft fork Bitcoin following Russia’s sanctions, because there is Russia—which will do the other way around—and China will not follow and stuff like that. Another example which is more scary though will be, for example, the global War on Terror, where Putin and Bush were allied in order to sanction. Of course, terrorists are bad, but if you break down the money using terrorists as an excuse it’s even worse, because now people cannot even use it to protect themselves from terrorists. Another example is COVID, actually. Like, the COVID restrictions. That was an example where Trump was putting just the same amount of restrictions than Putin—literally, Putin enforced vaccination proofs and lockdowns. So, okay, you had some contrarians, specifically like Sweden, Belarus, and most of Africa, but there was a strong global coordination. And you have something similar in drug prohibition. So the geopolitical crises among strong blocs are an example where coordination among governments is difficult, but there are many example of rhetorics—I think about like global warming. If you want to censor or confiscate Bitcoin for global warming, you have to have the government of the Taliban officially subscribing to the global warming emergency measures. So you have to have the Taliban actually concerned about CO2. So I think it’s not realistic to have a global whitelisting effort. Like, right now in the banking system, you cannot pay without a strong KYC everywhere, including former tax havens in the Caribbean—they were all blacklisted by the United States. And this blacklisting was so hurtful that they all had to comply, eventually—Panama, Dubai, everybody—well, Dubai is still keeping it, but everybody eventually is capitulating. So you don’t have this idea of geographic arbitration and jurisdictional arbitrage, where you just pick your government that are all enforcing different stuff—it was great in the 90’s, it was great at the beginning of the 2000’s, but now it’s falling down because there is a hegemonic power which is getting transnational. In a way, this recent war with Russia is weakening this global coordination, but I don’t think it’s going to stand for very long. Like, China and the United States are very much aligned to the same objective, which is preventing their own people from exporting capital and from escaping inflation. And I think that Xi and Biden will agree that we need more control to avoid people from using their money freely—they will completely agree. So the idea of coordination is not so unrealistic. Of course, you make a very good point, because the only way that KYC can be globally enforced is in such a coordination, because if you have a local whitelist or blacklist, that’s basically just like saying, Nobody can use Bitcoin this way. So the KYC Bitcoin without the global whitelisting would be so crippled that nobody will actually be able to use it, because when you receive free Bitcoin because you don’t care, you receive Bitcoin, you give your service and that’s all. When you receive Bitcoin and you want to stay compliant, now you have to wonder which whitelist I am going to follow and in which combination and which jurisdiction is going to hurt me eventually—you basically cannot accept that money because you don’t know how the money may be tainted. So the only way you can actually impose that kind of whitelisting is if the whitelisting is automatic and consistent. So you basically connect with a global task force, the anti-money laundering global taskforce database, and they’ll tell you the UTXOs that you cannot accept. And that’s basically how you do it. And that becomes, strictly speaking, a Bitcoin soft fork, because the Bitcoin protocol tells you that you have to accept a transaction if the block is right and the block size is right and the difficult is right and the signatures are right and the script is right and the witness—so that’s the consensus of Bitcoin. If it’s okay, you accept it. If you sway from this consensus and you impose additional rules, you are creating a soft fork in your node. And if these additional rules are queried—a database by the financial crime task force—then you are basically switching to a completely centralized form of money. And my hypothesis will be that eventually the value of this centralized shitcoin will gravitate towards zero. Why? Because the thing you will be able to do with that—from spending to saving—will be the same things you’re allowed to do with fiat money on PayPal. If PayPal allows you debt, then whitelisted Bitcoin will allow you debt. But then we just use PayPal because there is more network effect and it’s technically easier to use because it’s centralized. And having all of this decentralized system just in order to ask the global financial crime task force which UTXO I can accept—well, just close the mining down and leave the task force to tell you about the double spending as well. I mean, they’re already censoring your UTXO set with the whitelisting. So just ask them to censor double spending as well and throw away the mining. So there is literally no point in regulated Bitcoin. All the design of Bitcoin—and all the sacrifices and the trade-offs that Bitcoin has to make as a design—make sense only because you don’t have to ask somebody to tell you which payments are good or not, and you only have to relay with your local counterparty. So I think that eventually this kind of regulated Bitcoin will be worthless.

Stephan Livera:

Right. And I think another challenge point would be coming up with a coherent definition, because even now, yes, there are some Bitcoin addresses on an OFAC sanctions list, right? So this is like a US government entity saying, These sanctioned Bitcoin addresses—but at the same time, as most people understand, in Bitcoin, you can trivially create new addresses. And as you were saying earlier, could this person just trivially insert some hops? Okay, then if the rule is, Oh no, it can’t be within two hops. Then can people just start doing three hops? Or can people start using other techniques like CoinJoin or Lightning swapping in and out or whatever to evade that or basically circumvent this kind of control. So I think in that aspect, it’s not clear to me how they would come up with a coherent definition there, unless they were to go with a whitelisting approach of this idea of, Oh, you may not transact with us unless you’re already on our KYC whitelisting, in which case we come back to that same problem that you were saying of the soft fork—you’re basically creating a soft fork of Bitcoin, and at that point you might end up forking off and having a minority chain.

Giacomo Zucco:

That’s a great point. So blacklisting doesn’t work with Bitcoin, basically—that’s the point, because you cannot have a coherent definition. There was recently—we mentioned the Wasabi crisis. So the coordinator is now censoring. And so I was in the chat and basically I said, This is very bad because you will have to hire a chain analysis company to tell you which one you have to censor. And some of the guys—in very good faith—he is a good guy, but he answered, No, no, no—we’re not doing that. There will just be a specific list of UTXOs and we will just censor that without any chain analysis. And then I said, Okay, that’s, that’s great. So if you’re banned, you just make one transaction—one input to an output—and now you’re not in the UTXO set anymore and you’re free to transact. Well, not really—we will have to apply some level of heuristics. And so, Okay, which level? If it’s an arbitrary level of heuristics, the regulator can still tell you that you’re not applying good heuristics, and the heuristics are just as arbitrary as anybody else. So either you marry the official politically-approved heuristics by the chain analysts’ bosses, or you are still not going to avoid sanctions or fines or whatever you’re scared about. So you have to hire a chain analysis company. And then Nopara73—Adam, the founder—basically he just said that he’s not really putting much lipstick on this dramatic pig. He said, Uh, we will have to hire a chain analysis company because they do have to. And another example would be like Coinbase or Binance Singapore—they censor you if you use CoinJoin. Of course, you may use CoinJoins in a way that no one even knows about easily with some tools, but assuming that they can trivially see that you’re using CoinJoin—Okay, if I receive money and I don’t use CoinJoin, I just get paid for my service and then I put it on Coinbase or Binance Singapore, but somebody paying the guy paying the guy that paid me was using CoinJoin—are you going to freeze me or not? Because, if yes, then basically it’s trivial to make every kind of clients of Coinbase or Binance Singapore going out—we make actually drive, finally, Coinbase and Binance Singapore out of business, because everything is eventually connected with something that may be a CoinJoin. Also because every—more than two input, more than two output—may be a CoinJoin of some sort. So if they go ad infinitum, every coin is dirty already—we don’t even have to make an effort. If they go one step, of course—Ah, okay. You don’t want to CoinJoin? I just want to do one step, and then I pay to you. So they have to choose. And what are they doing right now? They’re choosing arbitrary numbers. Like, most chain analysis companies, they’re saying seven. If we find something seven steps, then we will signal it to you. Otherwise we will not alert you. So if you know that, you do eight—it’s expensive, but you do eight and you’re fine. If they go to nine, you go to ten. The problem is that there is no coherent definition. Another example is: there was a very good, funny story when the Marathon miners, they said that it was the first block that was OFAC-compliant. So okay, they had the coinbase, and some funny Bitcoiners started to donate from CoinJoined transactions to this coinbase address. And now, I mean sure, they could say, This is a dust attack because they didn’t donate much, so we’ll just exclude, trivially, the dust attack—sure. But then we increase the dust level more—where do you stop? If you exclude everything, I mean, of course the more you go, the more we have to pay to taint you or to escape the taint, but there is no consistent definition. The only way that they have, just like you say, is to basically create a coherent and deterministic whitelist. And the deterministic whitelist is a soft fork in the Bitcoin protocol, forking your node into a useless shitcoin.

Stephan Livera:

Right. And so I’m with you there—I follow you there. And so again, that might then drive it another level where it becomes more about, Oh see, we just need to KYC every participant. And this comes into the whole conversation around travel rule, AOPP, et. cetera, because it’s kind of like trying to go the other way of saying, No, we don’t like cash—we don’t like this idea that we can’t trace every step of the way, so let’s try to fit this round peg in the square hole and say, No, every person transacting—and the, we see this rhetoric as well from the EU and things talking about “hosted” wallets or “unhosted” wallets—this idea that self-sovereignty is a bad thing and so on. So I guess that’s potentially where it could lead down. But then I think that also points to the importance, in an ideological sense, of having a circular economy, of having just peer-to-peer merchants, peer-to-peer traders and users of the ecosystem. So I’m not anti-peer-to-peer in any way, I actually think it’s an ecosystem that has to be built up, because then that’s what’s credibly making this whole soft fork idea bad, because then there’ll be all these people who are just not even in that system to begin with. They just never were a part of that world, because they were just transacting outside that world.

Giacomo Zucco:

Yeah. There are challenges to this idea of a circular economy—it’s a great idea, and it will help with censorship resistance and fighting these kinds of trivial attack surfaces—like, exchanges are the most trivial attack surface for Bitcoin used right now. You can go around these attack surfaces with a circular economy. I’m not deluding myself about the fact that it will be hard, because if a new kind of good is going to be used as money, it will have this kind of monetization phase in which the demand will go up because you will have basically the monetary demand adding up. Like, gold had a demand for aesthetic reasons, and then you had—in 2,000 years or maybe 3,000 years—a slow monetary demand adding up and arriving to some price discovery. Bitcoin is starting from almost zero—just a digital collectible, so almost zero aesthetics. I mean, it’s fine to show off your public key with some money, but it’s not a great ornament for your face—at least, not everywhere. So you start from a very low consumer value, and all the value that is added up, all the demand that is added up, is an exchange demand, is basically a monetary demand—not a direct consumption demand. So you have this violent dynamic of monetization, which is basically creating a Number Go Up situation. The Number Go Up situation will basically make it so that first, most people that want to save their wealth, they will have to move their wealth from the current most widespread monetary tool which is fiat and in particular US dollars globally, they will have to move it from there to Bitcoin. So some level of non-circular movement—we cannot imagine Bitcoin succeeding ane become inflation resistant or censorship resistant without people escaping from inflation and from censorship into Bitcoin. If they do that, they will have to escape from the place they are now, which is mostly fiat. Of course, everybody has a reserve of goods and services that we provide for work so we can earn Bitcoin, sure, but most of the wealth that will escape inflation and will escape censorship—the current work will trigger to adopt Bitcoin by earning Bitcoin, but the stored work, the stored time of generations and families and companies, it will be in fiat. And so you need an uncircular entry somewhere. So there will always be tension because there will always be this interface that will be easy to attack. It’s like escaping from a prison, right? You are in the prison. You can say that outside the prison, you are fine—finally. And if you stay outside, you are fine—sure. But first you have to escape. You have to cross the prison ward. And the prison ward will always be an attack surface for the guards to shoot you down, because that’s the point. And you have to go there, and we cannot say just, Circular economy—we cannot imagine ourselves outside the prison already. We have to cross the very, very censorship-prone wall, which is the fiat versus Bitcoin exchange. Then again, when you’re out, people can HODL or spend directly—both are fine for privacy, but HODLing is even better for privacy. So if you have a censorship problem, a confiscation problem, and you also know that the number is going up, I understand the idea of spending for the sake of spending—I mean, you spend Bitcoin when you have a strong reason, which is basically when you cannot spend fiat, but if you want to escape fiat, Bitcoin’s number is going up, and moving Bitcoin is making you more subject to censorship or confiscation, first you spend fiat—this is nature. So when you are out of fiat, then you will start imagining how to spend Bitcoin. And even there, you will probably have a lower time preference than most people outside Bitcoin. If you spend all fiat and you go Bitcoin-only, probably you will—to put it like Pierre Rochard would—you will buy way fewer chairs than fiat people, because your time preference will probably be lower.

Stephan Livera:

Right. And while a lot of what we’ve been talking about is about the importance of privacy, and even calling back to your talk as well, there is an importance of Number Go Up, right? And I think amongst some of the privacy circles—the never-KYC gang—I think they tend to look down on this idea of Number Go Up. They say, Oh see, you just want Number Go Up. Like, That’s bad because you don’t care about the privacy cypherpunk ethos. But I think it’s important to respect and appreciate that a lot of people don’t have access to a store of value, and is it wrong to want to store your value? And the other point I think that is probably underappreciated by a lot of the privacy-focused people is that they say, Oh look, as long as Bitcoin’s got a price—any price—well, then you can just use it. But I thinkthe let’s call it Number Go Up camp response is, No, actually the higher the price of Bitcoin the better it is as a money, because more people can use it. And it eventually contributes to that idea of—again, it’s a long-term thing—but in my view, it eventually contributes to that idea that it’s taking away the government’s cheap debt funding. Now it’s not happening tomorrow, but I see that as a long-term impact of the Number Go Up aspect of it. And so this comes back to this sort of fundamental trade-off, but there are people in the center—as your talk alluded to—that see value in both camps.

Giacomo Zucco:

Absolutely. That’s the whole point of my talk. My talk actually had three circles and three overlaps. So if you want to watch it, Stephan will put it in the description. It’s more complicated, because there is not just privacy versus Number Go Up, but it’s also the idea of basically disruptive technology and the Silicon Valley kind of startup thinking, which is another part of the debate. But I think that the hot debate right now is between the Number Go Up people with laser eyes and the HODL slogan, and the no-KYC Bitcoin hardcore cypherpunks-inspired people. And I think that we need both—just like I said at the beginning: you need dark and hard money because if the money is not hard, it’s not dark. Also the other way around. But also this way: I mean, I gave a few examples of why at the beginning of our conversation, but you just now added a very good other reason. I didn’t think about this—I never do the same presentation twice, but if I ever do I will add this point: Number Go Up does defund the government, because the action of deanonymizing you, following you, spying on you, surveilling you, enforcing you into compliance—it’s an expensive action. The governments cannot enforce KYCs, whitelisting, confiscation, without money to pay henchmen to enforce that. They have to put you in prison if you don’t do something, and they need to pay somebody to shoot at you if you don’t go to prison, so that’s expensive. And of course it’s not an immediate thing—it’s a very long-term secondary effect—but if you do defund the government via Number Go Up, you do defund also the enforcement action against your privacy. Of course, this will be the last things that the government will cut. First, the government will cut everything else, and the last thing that they will cut will be IRS and Fed wages and police and especially financial police taking money from people—that’s the most important kind of police they have. But eventually the less budget the government has, the less informants and the less surveillance they can do. Of course, technology makes surveillance cheaper, but technology makes also Number Go Up possible, which will make their surveillance budget smaller and smaller. They will print in order to attack Bitcoin, but the more they print, the money they give to the chain analysis companies will become more and more inflated. And that’s very good.

Stephan Livera:

Yeah, that’s right. And I think it is a tough one to speak about because there’s all of these different nuances and aspects of it. And it also comes down to how likely you believe people will resist, right? Because another argument that I see people making is this idea that, Look, look at COVID—how many people just caved into that? Now, I think you could potentially counter that and say, Well look, think about how many people had an incentive, right? Because how many people are either working for the government or get government welfare or they are part of, colloquially, the Zoom class who didn’t feel the cost of all these lockdowns and the hysteria that the world has been going through for the last two years. And so I do still believe that, long-term, enough people would have an interest to defend their own value of Bitcoin rather than let it get eroded and destroyed. And such, they wouldn’t just cave in, but that’s the question, I think. But that’s probably a good spot to finish up. Giacomo, if you had any closing thoughts for the listeners? And of course I’ll put your links in the show notes. But where can people find you, as well?

Giacomo Zucco:

Yeah, there is a website, giacomozucco.com that was very, very mistreated up until recently, but now a friend is helping me to put all the videos online, so it’s getting better. And if you don’t mind, I will actually leave the link to the Las Vegas talk, which is about this Bitcoin subculture thing that we discussed a lot. But also, since we mentioned the problem of Lightning and privacy, the talk I gave just before that was my Istanbul talk that I think can be useful in this regard. Well now that I said it live, you cannot really not put it in the description, so I’m forcing you, basically!

Stephan Livera:

Of course, it’s going in there.

Giacomo Zucco:

Thank you.

Stephan Livera:

Fantastic. Well thank you again, Giacomo. It was a really fascinating conversation.

Giacomo Zucco:

Same. Speak soon. Bye.

Leave a Reply