Seth for Privacy joins me to chat about Bitcoin & Fungibility. We chat: 

• Privacy and fungibility
• Practical real world difficulties of censoring
• Bitcoin and Monero community differences
• Technical and social reasons for not having protocol level privacy
• The hopes for application level privacy with tools like Samourai Wallet & Sparrow Wallet
• Growing the p2p bitcoin economy

Links:

• Twitter: @sethforprivacy
• Site: sethforprivacy.com
• Pieter Wuille StackExchange answer mentioned: https://bitcoin.stackexchange.com/a/101874 

Sponsors: 

• Swan Bitcoin
• Hodl Hodl Lend
• Compass Mining
• Braiins.com
• Unchained Capital (code LIVERA)
• CoinKite.com(code LIVERA)

Stephan Livera links:

• Show notes and website
• Follow me on Twitter @stephanlivera
• Subscribe to the podcast
• Patreon @stephanlivera 

Update Transcription:

Stephan Livera:

Seth, welcome to the show.

Seth for Privacy:

Thanks for having me on, Stephan. A huge, huge blessing to be able to join and chat with you and chat about some of the trickier topics in the Bitcoin space. A big fan of the show. And honestly, it was one of the things that I started listening to when I went down the Bitcoin maximalist rabbit hole way back in 2018, I think.

Stephan Livera:

Oh, awesome.

Seth for Privacy:

Yeah. Been listening for a while and enjoyed a lot of your conversations. So, glad to be on.

Stephan Livera:

Okay, fantastic. Well yeah for everyone listening, we’re gonna have a chat about Bitcoin and fungibility and also talk about some of those fundamental trade-offs around privacy, as well as maybe talk a little bit about where the Bitcoin community is at in terms of privacy. So let’s just start with, from your point of view, why is all this stuff important? Why does it matter?

Seth for Privacy:

Yeah, so fungibility itself is a really simple concept. It’s something that’s been known about for, honestly, thousands of years, even goes back to Aristotle talking about the basic principle of money and what makes it important. And fungibility is one of the things that he focused on then. So it’s a concept that’s been known about for a long time. It’s really just something that we have relied on governments to enforce. And fungibility is really just this principle that money—any type of money, any type of currency, any type of token—needs to be able to be exchanged with any other unit of that currency and not have a difference in value, not have a difference in the way that you can or cannot accept it or spend it. Basically that, like in Bitcoin, one Bitcoin is equal to one Bitcoin or one UTXO of the same size is equal to another UTXO of the same size. So, really simple concept—it’s something that’s been around for a long time. But the key reason why we need to talk about it in cryptocurrency, why we need to think more deeply about it in the Bitcoin space—and really with any cryptocurrency this applies, but obviously we’re focusing on Bitcoin here—is that we have detached money from the state. And obviously that is a necessary thing. That is the key that makes Bitcoin valuable, is that we’re no longer reliant on the state for creating money, for inflating money, for handling who can buy and sell—all that kind of stuff. So because we don’t have a state, we don’t have a government, we don’t have a military or police force or anything like that to enforce this idea of fungibility, we have to do it technologically. We have to rely on Bitcoin itself and the way that it’s designed to ensure that Bitcoin is fungible. And we can go into a lot of the reasons about like why fungibility matters in a currency like Bitcoin, but ultimately it boils down to: we can’t rely on the state to mandate fungibility like in fiat. Cash is fungible basically in two ways, in that (1) cash itself, like the physical cash, is private. So it’s very, very difficult to actually know a history of a specific bill. Obviously they have serial numbers, so they could be traced in some ways, but no random merchant can look at the serial number and know the history of that specific bill. And (2) it’s also enforced through government mandate in that, even if you get money that was the proceeds of a crime, if you don’t know about it, you’re not ultimately responsible for repaying that or giving that money back or that kind of thing, because the money is forced to be fungible by the state itself. So it’s a really basic thing. It’s something we haven’t had to think about, really, until Bitcoin came about in 2009 and until this concept of money detached from the state really took off, but it’s a very, very important topic for today.

Stephan Livera:

Right. And so as you rightly point out, there’s legal tender laws and they force, they mandate, merchants and people to—and generally I think the technically precise definition is that you must accept it to extinguish a legal debt and things like that. And then there’s another aspect of it which is around if somebody offers that to you as payment, you must accept it as payment. And that’s another aspect in which people talk about legal tender laws. And so as you rightly say, governments have basically said, This is gonna be the money of the land. It’s got the king’s or the government’s stamp on it—this is money, and you must accept it at par, at this value. And with Bitcoin, there’s this challenge around how do you transact privately, and so I think what happens is maybe people are mixing the two, in a way, of saying, Ah, because privacy is one thing, and then fungibility—the value of those sats. If I send you a million sats to a Bitcoin address that you create, your Bitcoin node is obviously not distinguishing between clean satoshis or dirty satoshis, but really what’s happening—and as we’re gonna get into—is some other parties externally impose their view of, let’s say, a taint to say, Oh, this is a clean coin and that’s a dirty coin, per se. That’s not exactly what they’ll say, but this is being leveraged by some exchanges who are working with chain surveillance companies and the likes of the Chainalysis, Elliptic, CipherTrace, Crystal, and some others out there. So I think that’s perhaps where our disagreement might lie a bit, because in my view it’s like, Well no, it’s still fungible because it’s still the same number of satoshis. Whereas I presume your view is gonna be different.

Seth for Privacy:

Yeah. There’s a lot to unpack there. So the first thing you mentioned is the way that people normally conflate privacy and fungibility as the same thing or as the same word even often it’s used. But they’re two different concepts that are necessarily intertwined. So ultimately, fungibility is something that technologically you can only enforce through privacy. So if you have a currency that is we’ll say perfectly private—obviously in technology, perfectly private is not really true of any system, but we’ll say perfectly private—if it is perfectly private, every UTXO or every coin necessarily does not have a history because it cannot be traced. And if each UTXO or coin does not have a history, it is then necessarily fungible because you cannot possibly view a UTXO as different from another of the same value, because there is no history attached. So the way that you enforce fungibility in a distributed system like Bitcoin is you enforce fungibility by default, because every UTXO has to use that privacy technology in order to actually be indistinguishable from each other. So privacy is a key to fungibility. Privacy is really the way to empower other things. It’s not the end-all be-all itself. You don’t want privacy just because you want privacy. You want privacy because it gives you fungibility. You want privacy because it allows you to use the funds however you see fit without a third party being able to enforce censorship or put your UTXO on a blacklist or anything like that. So ultimately, privacy enables fungibility and is the route that you get there technologically. And like we talked about with fiat, you don’t necessarily rely on privacy for that fungibility, but in a system like Bitcoin you have to. So that’s kind of the difference there between privacy and fungibility. As far as how fungibility works within a system like Bitcoin, obviously you’re absolutely right—the Bitcoin network itself, the entity, the software that is the core way that people interact with Bitcoin, those do not right now distinguish between UTXOs. Any kind of person running Bitcoind, any person using a regular Bitcoin wallet, is not going to have any kind of distinguishing factor between UTXOs. Obviously they could look up a UTXO and decide if they want it or not based on what history they see in an explorer or something, but none of the software is going to distinguish those UTXOS as long as the fees are paid. That’s the only thing that Bitcoin really cares about is: your transaction abides by consensus and your fees are paid. So if those things are done, no node’s gonna care right now—and that is definitely true, and that is a very valuable piece of fungibility, that the system itself considers every UTXO fungible. But unfortunately, we use these things in the real world. We use these things and interactions with other people. We use these things both in a circular economy within the Bitcoin space and outside of that economy in the fiat space. We interact with merchants and with exchanges who are still living in a world where they have to deal with governments, they have to deal with regulators, they have to deal with all of these entities that go along with that. Hopefully that will change one day, but that is the case today. And because of that, even though Bitcoin itself as a network recognizes all UTXOs as equal—it doesn’t distinguish between them—the people who are interacting with it do distinguish between them. They don’t have to—they choose to, and I think this affects Bitcoin in two ways. The first way is really that (1) it puts a burden on anyone participating in this system who has any responsibilities outside of that system to do due diligence, to look into the source of UTXOs, to look into the funds that they’re receiving to make sure that they can then spend those funds as they see fit. In a perfect world, obviously they wouldn’t need to do that, but in the world we live in that is becoming more and more the norm. And so that imposes this massive burden on merchants and participants in the ecosystem—especially those that are both in the fiat system and in the Bitcoin system—and imposes that burden on them which can really break down the method of exchange value proposition of Bitcoin and can break down the economy around Bitcoin. And the other key way that fungibility affects Bitcoin is that (2) it opens this attack vector. And ultimately, that’s the reason why I harp on fungibility so much and the reason why many in the Monero community do and many in the privacy preserving-focused community around Bitcoin harp on this concept of fungibility, because ultimately, if Bitcoin is gonna be something that stands up to governments—that doesn’t just get co-opted, that doesn’t fit into the legacy system and just become another piece of that, but actually is able to stand up and be a tool that changes the way we operate financially and that gives us financial freedom—ultimately it is going to come under attack. It will come under attack. And I think we’ve seen a lot of those over the past, really, few months, but ultimately it’s been going on for years now. And if we have a system that can have a lack of fungibility exposed by outside entities, by, like we talked about, exchanges, regulators, merchants, that they can view specific UTXOs as having a good or bad history—again, that is an external taint that’s being applied. That’s not something that the Bitcoin network recognizes. But that doesn’t really matter when you’re interacting with people who are not just running Bitcoind and blindly accepting. So ultimately, the problem of fungibility boils down into this attack vector that we’re opening up to external entities to be able to put pressure on the Bitcoin ecosystem, to be able to put pressure on the Bitcoin network—even through miners—and that are able to leverage this weakness to try to stop Bitcoin from becoming the tool for freedom that it really can be and that it should be. And we can talk a little bit more, but this is a concept that’s been talked about in the Bitcoin space for a long, long time, even a few very good talks from Adam Back, Andreas Antonopoulos, have gone through a lot of these topics in the past and talked about the key aspects of fungibility and how they affect Bitcoin. It’s definitely a complex topic, but it’s one that I think can be a critical weakness or strength of Bitcoin, depending on the approaches that are taken.

Stephan Livera:

Right. And so I guess my response then is that the sense I get from some of the online discussion that I see from yourself and maybe some of the others out there is that you guys are very—well typically the Monero people tend to be very polarized about it. They tend to be very—it’s either 100% fungible or not at all. And I think we have to recognize there’s a bit of a gradation here, that if you go to, let’s say, Coinbase, they’re gonna be doing everything. Whereas if you go to other providers, they’re not doing any chain surveillance. So as an example, Swan does not have chain surveillance. And the other point that I think is important to understand is—and I got into this in a recent episode with Giacomo as well, I’m not sure if you’ve heard that one or not—but we got into this idea about: could you have a coherent definition or could you have a coherent way to blacklist or whitelist things that would actually apply globally, because otherwise we might end up in a similar situation that we have even in the fiat world where today the US government might sanction Putin and some oligarchs and whoever senior people in the Russian government, and then the Russian government will also sanction people in the US government. And then there’s all these other nations in the world who are not having any sanctioned regimes. And so I think that to me is probably an underappreciated point in this whole fungibility discussion, because I think I see perhaps yourself or perhaps other Monero advocates who are saying, Oh look, see, it’s not fungible because this person tried to deposit into a particular Bitcoin exchange or crypto exchange and they got blocked, or they had their account stopped. See, therefore it’s not fungible, therefore stick a fork in it—it’s gone. Everyone needs to go to Monero. That’s kind of the argument we hear. Whereas I’m trying to say, I don’t think that is really how it’s going to play out in practice. Yeah, there may be some exchanges that are very pro-chain surveillance, but there will be others that aren’t, right?

Seth for Privacy:

So a couple things there. I do just want to start off by saying something that I’ve said over and over again on Twitter and other platforms: I think often I get lumped in with the Monero maximalists and I really don’t think I fall into that camp even though Monero is my primary focus in the cryptocurrency space—and there really are many people in the Monero community that feel this way—but ultimately, if Bitcoin took fungibility seriously and took user privacy seriously, and when I say Bitcoin obviously I mean the Bitcoin community and the Bitcoin devs and the people who work on Bitcoin, if they took that seriously and implemented key changes that made Bitcoin as a system and as a money fungible, and made Bitcoin as a system and as a money easy to use privately for any person who approaches Bitcoin, we would gladly jump back to Bitcoin and focus 100% of our time on Bitcoin. Like, it is not a thing where I want Monero to succeed, I want Bitcoin to fail, I want my Monero bags to pump and I want Bitcoin to go to zero—that is not something I want. I definitely recognize that the best thing for the world and the best thing for freedom around the world would be that Bitcoin becomes the best tool that it can be for freedom. So that’s my focus, and it’s not something where I want Monero to take over. I would much rather a world where we don’t need a Monero and where no one needs to use a Monero and no one needs to consider different privacy tools or different cryptocurrencies in their toolkit outside of Bitcoin. So that said, a couple of things you mentioned—you mentioned a grading of fungibility within Bitcoin, and then a global blacklist. So the grading of fungibility, I think it’s really important that people realize that, Yes, the way that entities apply taint or don’t apply taint does happen differently right now, but a money is either fungible or it is not fungible. There’s no grade. You can’t be a fungible-ish currency or a partly fungible currency. If history can be attached to specific tokens and taint can be applied externally, it’s just not a fungible currency. That does not mean that immediately every single entity will start treating that good as nonfungible and start treating it in different ways and start using a blacklist and all of those things—that doesn’t mean that that approach will become an instant thing, but it is something where it is really either fungible or not fungible. And this is something that people who are legends within the Bitcoin space have talked about for a long time. Andreas talked about this in 2015 and talked a lot about how a lack of fungibility destroys the method of exchange aspects, and that it’s either fungible or it’s not. Adam Back talked about this a lot in 2016 and talked about how if Bitcoin is not fungible—and that’s just if anyone is not using it in a way that makes it fungible and doesn’t require just some people to start using it the right way, it requires everyone to—if Bitcoin is not fungible, then it makes it a centralized and permissioned money because entities in the ecosystem like exchanges, like merchants, can be forced to enforce this blacklist or this whitelist, and can be forced to do their due diligence on UTXOs that are incoming, and that kind of thing. So it is really a black and white of if something is fungible. It’s not a black and white of how do entities interact with the currency itself. Because obviously everyone could start using chain analysis today and could start using a blacklist today and start surveilling funds today. Thankfully that hasn’t happened, but we have seen a rapid rise in the adoption of chain analysis tools and a rapid rise in control being exerted over centralized exchanges and over on and off ramps. As for the effectiveness of a global blacklist, I would argue first that the problem is not necessarily if that global blacklist can be enforced globally or would just be enforced by specific countries, but I would first just point out that that seems to me, at least, a critical flaw in a system if it can be put on a blacklist and that blacklist can be enforced even by specific entities, because it can mean—like, for instance, if the US went hard on Bitcoin fungibility, on Bitcoin tracing, they pushed through regulators all of these laws that enforced any entity that touches it that wants to exist within the fiat world to start doing chain analysis, to start employing these tools, and to start tracing it, people within America would not be able to use Bitcoin in the same ways for freedom as they would in other countries. So that is a critical flaw in the system itself, that that’s possible. Obviously the best case scenario in that world would be that you could move somewhere else or you could find merchants maybe that are in other countries that don’t have to abide by those laws, exchanges in other countries, that kind of thing. There could be workarounds, but obviously that would be a net negative for the usage of Bitcoin as a tool for freedom. The possibility of an effective global blacklist enforced by all countries is something that is definitely a trickier topic as far as how enforceable that would be, because obviously that would require some coordination between countries, developing a blacklist—which is unlikely, especially between countries that are at odds like US and Russia, US and China. A lot of different conflicts. They wouldn’t want to agree on the same blacklist. They may have their own blacklist that they enforce on people within their countries or that they enforce on miners or mining pools within their countries. But the actual way that that would be enforced globally? I don’t know. That definitely would be something where probably it would be a regional thing. The issue there would be if most Bitcoin miners are in regions that agree on how to enforce a blacklist, then you could approach Bitcoin blacklists not from putting the pressure on the on and off ramps, but you would actually put the pressure on the miners and force them to censor at the transaction level, at the mempool level, and stop including transactions that that don’t fit that blacklist. And there is precedent for that: we saw that happen last year with MARA and the blocks with their mining pools. And so that is something that could be done technically—that also would be very difficult if Bitcoin mining was decentralized and globally distributed evenly and didn’t have single countries that could control a large portion of hashrate, but that definitely would be another pressure point that could be used to enforce a blacklist globally, even if it was only within a certain country. Like, when we had China and they had a large, large percentage—I think they had 60%-70%+ of mining hashrate and then they had 94% I think of the mining pool hashrate. Like, miners were sending 94% of the hashrate through Chinese pools—that has since dropped a lot, thankfully. But if you have that situation, really only China needs to agree on that blacklist. And if China decides this blacklist is enforced for all miners within China, you would have a situation where Bitcoin became censored at the block level, which is obviously a massive, massive problem. But that is a whole ‘nother conversation we can get into or not.

Stephan Livera:

Yeah, sure. So even there with the miners aspect, obviously the general response is: if you’re being censored, you have to just pay more as a fee. And then even if there was, let’s say, 50% or 60% of the miners who were enforcing a blacklist, that other 40% or 30% would have the incentive to pick up that transaction. Now, of course, you have to pay more, but that’s the general answer. But I think more than that, I want to take it away from this taint idea because, as you were saying, like you think, Okay, these chain surveillance companies are gonna impose taint. But even there, is there a clear definition of that? Because at the end of the day, a lot of these things are probabilistic, right? Because you and I could have swapped these UTXOs and then one of us went to the exchange and got our account shut down. It’s not actually deterministic at every point of the way. And the other difficulty for the tainter, as it were, is that there’s constant innovation. There’s new things happening. So as an example, people are doing things with Lightning, or people might invent ways of doing collaborative channel opens, or people might invent more easy to use swapping mechanisms and ways that fool some of the tainters’ efforts. So it may not be so easy as what you’re saying just to impose a blacklist and say, Ah, see, everyone has to do chain surveillance, because even the chain surveillance isn’t—some of it’s not really a science.

Seth for Privacy:

Yeah. So two pieces there. I think the first is that the problem is not necessarily that a perfectly equal global blacklist would be enforced against Bitcoin. The problem is more that real people would get hurt in real situations. Real people would go to jail. Real people would get their accounts frozen—both their cryptocurrency accounts and their bank accounts. We’ve been seeing this happen for years now. I have a whole blog post where I go through cases where this is happening. And the problem is not necessarily that every single user of Bitcoin will not be able to use it at all in a way that is nonconformant with governments. There are thankfully good privacy tools in Bitcoin that would allow that. Even if you had UTXO that was blacklisted, there are ways that you could run that through a service like Oracle, run that through a tool like Whirlpool, and break deterministic links from the history there. So there are tools to gain privacy for specific UTXOs. Right now, the problem is that the global Bitcoin blockchain is not fungible as a set, and certain people using privacy tools does not make it fungible. And so every new user who enters the Bitcoin ecosystem then bears the burden of that nonfungibility until they learn to use the right tools, as long as those tools keep working well, as long as those tools don’t just get a blanket ban. Because another way you could look at Bitcoin today is that it has fungibility pools, in a sense, for these well-designed privacy tools. I’ll focus specifically on Samourai and Samourai Wallet, Whirlpool, the tools that they’ve built out for mixing and spending Bitcoin privately. You could view that as a fungibility pool within Bitcoin. So all of the UTXOs that have gone through Whirlpool before they’re spent are fungible with each other, because none of them have distinguishable histories, none of them have any deterministic links back to anything that happened previously before the Whirlpool. And thanks to that tool being extremely effective, those UTXOs are fungible with each other, but they are not fungible with any other UTXO on-chain. So a Whirlpool UTXO is not fungible with the UTXO that someone just withdrew from their Coinbase account. And so it cannot grant global fungibility to the tool, but it can grant specific users privacy, and it can build these small fungibility pools. The problem there is then people could go after, and regulators could go after, banning those specific fungibility pools, because they say, Anybody who’s choosing to use Whirlpool obviously has something to hide. Obviously this is not my language, but it could be their language. You could say, If they have something to hide, they’re going through extra steps to achieve this privacy—let’s just stop allowing Whirlpool UTXOs to be spent on centralized exchanges, to be sent to merchants who are complying with regulation, all of these different things. So you could have that approach being taken there as well, but ultimately it’s a problem that affects real people. And so the problem is not that every single person will fail to be able to use Bitcoin as a tool for freedom, but rather that less and less people will be able to use Bitcoin as a tool for freedom as these services get pushed to more and more merchants and as more and more regulators are forced into this. But I’d love to hear a little bit more of your thoughts around how do you view the state of fungibility on Bitcoin today? Like, what are your thoughts around fungibility in Bitcoin today, and in the way that people use Bitcoin today?

Stephan Livera:

So there’s so many different aspects, probably the most prominent one is obviously the transaction graph privacy, which is the main concept we’ve been speaking in terms of. But you could even look at things like network level—is everyone using TOR? What countries are they connecting from? You could look at even all kinds of aspects like what kind of output script were they using? Was it off a P2SH script or was it off the native SegWit one or was it the OG legacy addresses? And so all of these aspects—and then here’s the other part: because Bitcoin has some level of scripting, then even there there’s an element of deanonymization that could occur. Now of course, within the Taproot world, let’s say we move into a Taproot and MuSig2 world, well then maybe some of that goes away because we’re gonna get rid of some of those differentiating factors. And so people like Chris Belcher have written posts about how to try to make things look the same, so this idea of making Lightning channel open and close look the same as a standard single signature transaction—in a Taproot world. And so these are some other elements. And I think the other thing that’s difficult is: of course with something like Monero, it’s just operating at a completely different scale of size, and it’s operating at a completely different mindset. So for example, it doesn’t have the same kind of scripting, right? You wouldn’t be able to do the same kind of multisignature for security or back off for timing or to say, Okay, it starts out as 3-of-5 and then after five years it goes down to 2-of-5. You couldn’t have the same kinds of functionality in that way. And let’s say in Bitcoin, people are looking at things in the future like CTV, Check Template Verify, to have vaults and other features. So I think it’s difficult in that way, and I think it just comes down to just really very fundamental trade-offs around the system that are just not simple, because I think the community simply would not accept a lot of those kinds of trade-offs, as you say. Because the way I read the discussion online is perhaps people like yourself are saying things like, Oh see, if you guys just trivially did this RingCT thing or if you just did the ring signatures and this other thing and then, Ah, see, it would all be fungible now—but I’m not that clear, and I think there are very real reasons why. So obviously I do not speak for Bitcoin per se, but I’m just trying to do my best reflect what the community believes and reflect the current view, at least as I read when I’m seeing some of the well known Bitcoin developers, like actual experts, talk about these things. So they’re saying things like, as an example, you might try to do something that increases the privacy, but then it might change the auditability of the protocol. Now I understand from the Monero point of view, you might say like, Well yeah, you can still audit the supply, but you are relying on certain cryptographic assumptions, or the implementation, which is now a little bit more complex than the Bitcoin model where it’s very simple, it’s out in the clear, it’s not as strong as an assumption required in order to be able to know that. So I think that those are probably the key reasons I can see that there is that difference, because the Monero community is sort of optimizing for privacy, right? That’s the first and most important thing from a typical Monero user point of view. Whereas from the Bitcoin point of view, privacy is nice to have, but I don’t think everyone sees it as the must-have. And of course there are communities—like, so for example, my friends over in the Samourai Wallet camp, the Samourai Wallet users, they are more [of the] privacy-first mindset. But I think the challenge here is that you still need to marry together this idea of the Number Go Up. So I think this is probably the other point where you and I might disagree a little bit, is: I see Number Go Up as being important.

Seth for Privacy:

I agree.

Stephan Livera:

I understand—and let me try to not strawman anybody here, but the sense I get from some of the privacy guys—and not just yourself, Seth—but the privacy guys even in the Bitcoin world are like, Oh, see, you guys are just giving everything up because you just want Number Go Up. See, you’re a bunch of compliance bros. You’ll take anything as long as your number goes up. But I see it like everything is competing for liquidity, and I don’t see wanting Number Go Up as a bad thing, per se. Like, you might be in a high inflation country and you might actually need something to save your value into. And so I see it as like sometimes the privacy-focused people, the privacy-first people, sort of look down on the Number Go Up as though, Ah, see, I’m better than Number Go Up. You Number Go Up people—ugh. And I understand I’m caricaturing a little bit just for the effect, but I think you understand what I’m saying, right? I think that is also a very crucial point, that perhaps the Bitcoin people see that more. What do you think?

Seth for Privacy:

Yeah. So definitely a lot of things going on there. The Number Go Up point, I mean, I don’t think anyone would or should disagree with people saying that Number Go Up is important to Bitcoin as a system, and is important to any cryptocurrency that uses the same type of game theory that Bitcoin uses. It’s something that’s absolutely vital. Bitcoin is designed around the concept of: the currency must have value or the network will not have security and the network will not be usable. The financial incentives are absolutely key. And that’s one of the beautiful things in the design of Bitcoin, is it leverages greed and financial incentives to push people to drive the network forward, push people to use the network, and push people to mine, even if they [couldn’t] care less who uses Bitcoin, what they use it for, if it’s a tool for freedom or a tool for surveillance—they don’t care. They’re making their Bitcoin, they’re able to sell that, they’re able to make money off that. So the Number Go Up aspects are absolutely critical. They also pull new people in, they ensure that it’s a tool that can gain purchasing power over time so it can be used as a store of value. All of those pieces are absolutely vital. So I don’t disagree that Number Go Up as a concept is vital to a cryptocurrency—it absolutely is. It’s absolutely critical to Bitcoin. It’s absolutely critical to Monero. I think the place people like that are coming from, and I often talk in a similar way—not about people who like to see Bitcoin’s price increase—I like to see Bitcoin’s price increase. I like to see Monero’s price increase. It is a nice thing for someone who’s using them as stores of value. And it is, like I said, an essential thing to the security of the networks long-term. The place where people who are more—and I wouldn’t even say privacy specifically as their focus—but more cypherpunk and more focused on the idea of using these tools for freedom and not just as tools for speculative value, I think the place that we come from is more of one where we get very frustrated. I’ll just speak for myself and stop speaking for other people. I get very frustrated when people are not just enjoying the price going up, but are spending the majority of their time and the majority of their platform and the majority of their efforts to drive people towards the speculative value, to focus on price increase, to ignore critical flaws or critical attacks on the network or things that are happening that could be dangerous to the network, that refuse to have an adversarial mindset around the tool that we have, the way that governments are going to approach it, the war that we are going to fight over this thing if it is good sound money that can displace the state or can at least displace the state’s money. And so I think the issue and the reason why I get so upset is because it’s people who are using their platform to only drive the speculative value upwards. If they have a motive that’s behind that that’s more cypherpunk and they understand that the Number Go Up aspect is key and that the other things will fall into place—it’s somewhat understandable. But I still think if we are ignoring any of the other aspects of Bitcoin to 100% drive up this Number Go Up narrative, that’s where the problem really is there. And that’s where I get upset, that’s where I get frustrated, when I see that. That’s a large part of Crypto Twitter and has become a large part of Bitcoin Twitter, is the influencers who have all the followers and who have the platform and they use it to continually lie or mislead and say things that are not true about Bitcoin and other systems in order to continue pushing the Number Go Up narrative. So that’s really the problem there. It’s not that Number Go Up as a concept is bad, because it is absolutely vital to a cryptocurrency. It’s absolutely vital to security, spendability, store of value, all of those aspects within that. So we need number to go up. But if we focus on that while ignoring all the other aspects that go into something like Bitcoin, that’s really where it becomes problematic, and that’s really where we have the issues. And that’s why a lot of people who are pro-privacy and who are cypherpunk attack that mentality or speak out against that mentality, is because I have seen that that mentality has driven out other important narratives. Even the people that I talked about when we started the show today—Adam Back, Andreas Antonopoulos—those people have spoken out for a long time about fungibility and privacy issues within Bitcoin and the effect that they can have in the real world, but those narratives and those conversations seem to have been mostly forgotten and mostly fallen by the wayside since Bitcoin’s price really exploded in 2017, and since the Bitcoin community obviously grew massively as a result of Bitcoin’s number going up. And again, while that’s a good thing, those critical narratives that are critical issues within Bitcoin, and that, if we don’t have an adversarial mindset around how can I use this thing—even though the number’s going up—can I actually spend it how I want? Can I actually store value in it as long as I want and be able to use it later on with or without anyone’s permission? So if those other narratives and those other conversations are not had because of people driving the Number Go Up narrative 100%, that’s where the problem really lies there.

Stephan Livera:

Right. And so I think it’s probably a good spot just for me to summarize some of the key—I guess from the Bitcoin developer point of view—I’m not a developer myself, but I’m just summarizing what I’ve seen as some common developer concerns. So I think it’s also fair to say that some of these ideas have been considered, but have simply been rejected because they were not suitable for one reason or another. So let me summarize some of them—now listeners, I’ll put this in the show notes—this is actually taken from a Stack Exchange answer from Peter Wuille, who’s obviously a very renowned Bitcoin Core maintainer, developer, and contributor. And so he has listed a few key ideas here, and I think it’d probably be useful to get your perspective on them as well, Seth, but let me just list some of them out. So one of them is: he says, Some of the difficulties with putting in more privacy at the protocol layer—this is critical, not just at like application-level using Samourai Wallet and Sparrow Wallet—if there is an opt-in approach, you could start having this question of, Hey, why did you use the private mode? And he also mentions that it might force people to upgrade wallet infrastructure also, if you’re doing other things. Another example he brings is that if you use fancy cryptography, there is a risk of future cryptanalysis that makes it possible to either steal someone else’s coins or to deanonymize their coins. And so that’s not a trivial risk out there. Another one he mentions is this idea that it’s a scalability concern. So he’s saying, Look, some of these ideas—they work, but they don’t if the scalability concern only manifests under actual load. And so I think the point he’s getting to here is that the number of users and the amount of use on, say, Monero today is just absolutely tiny compared to the overall number of Bitcoin users today. And so I think that’s what he’s trying to get at there, and coming back to that other auditability aspect around having to trust in some kind of cryptographic construction. So again, I don’t speak for Bitcoin, but I’m just trying to reflect some of the well known Bitcoin developers in the Bitcoin community—I think if I had to answer you as to why Bitcoin does not have those things, I think it’s that they have been considered, it’s just that for one reason or another—whether it’s scalability or, let’s say, Dandelion not coming into Bitcoin because of DoS concerns—I think those are probably the technical programmer developer reasons why those things have not come to Bitcoin. But from your point of view, what do you think? Do you believe that the community should be looking to make those trade-offs?

Seth for Privacy:

Absolutely. And that’s really—the thing that I’m driving for is not people to go hard fork Bitcoin today and implement all of these tools. I mean, I would love—I think that many of these tools are technologies that work. These tools were built for Bitcoin years ago. I mean, things like confidential transactions or confidential amounts. Confidential transactions is the thing that you can use to hide amounts—that was developed in 2013 and proposed and rejected. It’s a tool that has been very well vetted, well-tested—many, many, many third party audits on the cryptography and the implementations. It’s a very old, very well understood tool, and it was rejected for Bitcoin. And I think the thing that I’m trying to drive in the Bitcoin space—and I’m trying to drive as a Bitcoiner, not as a Monero person but as a Bitcoiner—is the conversations around these tools. I know it’s not gonna be something where just overnight we’re gonna hard fork and implement all of these things, but we need to have hard conversations about the trade-offs that are inherent in the current design and that would be inherent in a potential future design. So we can talk a little bit more about those specific trade-offs. I’ll take the approach of a way that you could implement Monero’s approach to privacy on Bitcoin as an example just to talk about some of the trade-offs that would be inherent in some of the tools that are used on Monero: all three of these that I’ll talk about were built for Bitcoin initially, but then were adopted by Monero and built out and expanded and improved by the Monero community. So I’ll talk about these for some of the trade-offs, but I’ll also briefly mention some of the trade-offs with the current approach to Bitcoin. Obviously we’ve been talking about fungibility as one of the trade-offs that is currently inherent in Bitcoin’s design. It’s not fungible by design. It is not fungible by default. So a new user approaching the system, if they don’t use better privacy tools, they’re not gonna gain fungibility and they’re not gonna gain privacy. The opt-in thing that Peter mentioned—if you have opt-in privacy rather than opt-out privacy—Bitcoin is an opt-in privacy cryptocurrency. So people within Bitcoin can choose to opt-in to further privacy measures like Samourai wallet, like Lightning, but the privacy guarantees there are not very well understood yet. There’s a lot of research going on there, obviously. But for instance, Samourai Wallet, if you opt-in to using Samourai Wallet, you can gain strong privacy guarantees on-chain and it can make those Bitcoin extremely easy to spend privately once you go through the tool, once you understand how it works, once you take the time to mix your funds, once you learn how to Postmix tools work—there’s a lot that goes into that. But once you do that, you do gain privacy. But then you have the downside of what you just mentioned that Peter talked about, where anyone choosing to opt-in to those tools automatically stands out on-chain and stands out as an entity, because you’re saying, I want more privacy than Bitcoin provides to me by default. And that could be viewed—obviously, it should not be viewed as a bad thing. Privacy is not a crime. Privacy is a human right, and should be something that we all have easy access to. But if you choose to opt-in to a system like that and it’s not just the default of the tool you’re using, you are necessarily telling other people, I want more privacy than this tool provides to me. So that could be viewed in a negative light, obviously, by regulators, exchanges, governments, whoever is interacting with the system or trying to put restrictions on the system or trying to control the system. From the actual technological aspect of how could you make Bitcoin fungible?—that is the hard one, because, obviously, like you said, you need these changes on the protocol level. You cannot build these in as an app layer thing. One wallet having strong privacy guarantees does not bring fungibility to Bitcoin, because every UTXO must be indistinguishable in order for it to be fungible. So you have to do these things at the protocol level—there are obviously trade-offs with that. So I’ll quickly run through the approach that Monero takes just as an example of what Bitcoin could do, because Bitcoin could implement all of these technologies today if they so desired. Obviously, it would require a hard fork and all these other things, but they are doable technologically. The first is stealth addresses, also called one-time addresses. This is a concept that’s been around since 2014. It was an originally proposed as a possibility for being used in Bitcoin. A similar tool that functions differently that doesn’t hide addresses on-chain but allows you to provide static addresses that are not directly linked to on-chain addresses is BIP47, or PayNyms is the other name—that was developed in 2015 for Bitcoin. But having stealth addresses or one-time addresses on-chain in Bitcoin would allow you to never see the source or the recipient of funds on-chain, so the address that would actually be used on-chain is a one-time address that’s generated by the sender using the recipient’s public key. They can generate a unique one-time address that has no cryptographic link to the actual off-chain address. So that allows you to break that easy link to say, I want to blacklist an address that someone’s using for donations. If you had stealth addresses or one-time addresses, you cannot do that because that address will never exist on-chain—if you have that technology. So, obviously a huge gain there. The trade-off is that scanning time for wallets completely changes. It becomes much more difficult to scan for outputs because you can’t just say, Okay, from my seed I derived all of these addresses—tell me the balance of these addresses right now. You have to go through block by block, transaction through transaction. There are lots of ways to optimize this and approach it differently, but ultimately you have to have some way to verify that a transaction belongs to you and you can’t just say, Does this transaction go to this address? If yes, then add it to my wallet balance. So it does complicate the wallet focus—it changes the way that wallets handle scanning and handle keeping up with balances. So there’s a complication there, and that’s a UX hurdle that would be non-trivial. It’s definitely a non-trivial. That’s a UX hurdle in [Monero] is that wallet scanning is a much more time consuming process than in Bitcoin. For an obvious gain, but obviously a big trade-off there. The second main tool that could be employed in Bitcoin and the second main thing that needs to be hidden—the second main piece of data that needs to be hidden—is the amount involved in every transaction. You can do that with something called confidential transactions or confidential amounts. Again, this was proposed in 2013 for Bitcoin. I don’t know the reasons why it was not chosen for inclusion then. Obviously the narrative now is that the auditability of Bitcoin is sacred above all else.

Stephan Livera:

It’s not just that—it’s also that the size of the transaction and the processing. So I think it’s an accessibility concern in this case, but go on.

Seth for Privacy:

That is a piece of it, but that actually is not—it’s barely any hurdle today, thankfully, due to Bulletproofs and Bulletproofs+ which, again, both were initially developed for Bitcoin. Bulletproofs in 2017, but then employed on Monero. And then Bulletproofs+ has been in development and is about to go live on Monero. The actual hit to verification time or transaction size is very, very minimal. Even in Monero—

Stephan Livera:

I think it’s still like 4x or 5x the size, though. So I mean, it’s not a trivial amount.

Seth for Privacy:

No, it’s not that high. So when you’re comparing transaction sizes like between Monero and Bitcoin, the key difference in transaction size with Monero is not the confidential transactions. It’s not the hidden amount—it’s that you have ring signatures. So for every output that you’re spending, you ultimately are including 11 total outputs that are the potential true spend, and then you’re having a confidential amount for each of those and you’re having to verify each of the outputs that are included in there. So you have an exponential increase in the amount of outputs you have to verify and the amount of outputs you have to include and sign for on-chain in Monero versus Bitcoin. So confidential transactions would be a hit to size of verification time, but it’s very minimal now after Bulletproofs and Bulletproofs+. I tried to figure out the numbers on what exactly the hit would be with Bitcoin and I couldn’t find it, especially not post-Bulletproofs and Bulletproofs+ as an implementation, but that hit is very minimal. The bigger problem now—and the main trade-off—is that confidential transactions and confidential amounts prevent simple UTXO sum audits. So once you have confidential transactions in place, you can’t just go and sum up the UTXO set with a calculator and say, This is the total supply in Bitcoin—I have confirmed that there’s no inflation that’s been exploited or something like that. You can still audit the output amounts or you can still audit the total amounts on-chain, and ultimately the range proof that’s involved in confidential transactions is the thing that, every time someone builds a transaction and every time someone verifies that transaction, it ensures that even though the amount is not transparent, the amount balances out properly. So if you’re spending a Bitcoin and the other participant gets a Bitcoin minus fees, it makes sure that that is the total amount, even though no one can see the actual amount involved. So it’s a very important piece of the cryptography there. It’s a very well understood piece, but it is definitely a complexity that would be added to the audit process, because you have to trust those range proofs as both being cryptographically sound—which I would argue, at this point, they are cryptographically sound, because of the scope of audits and the scope of input from many, many, many different projects, researchers, all of that—but the bigger issue would be potential implementation flaws, where you had the cryptography being sound but the implementation was not sound. And so there was some way that a attacker could create funds within a transaction, not from the coinbase reward or something, but within a transaction. And those funds would then be hidden on-chain because you couldn’t see the amounts. So that is definitely the risk there. There have not been any issues with that so far in like Monero, but obviously that is a potential risk, and that difference in auditability and that complexity in auditability is a key drawback to something like that. One caveat to that—

Stephan Livera:

Yeah, just on that though. I think from my earlier discussion with Adam Back, I did an episode, Episode 300, and I’ve just checked. I think the number he gave me was roughly—the confidential transactions, incremental—I think he said it would be about five times bigger in Bitcoin, like just confidential transactions. So that’s not even doing like ring stuff. And I think the other point is we would also lose backwards compatibility. So that’s another aspect in Bitcoin. It’s kind of seen like this idea—

Seth for Privacy:

It’s a hard fork-specific thing, not necessarily CT or any of these technologies. But yes, hard forks break backwards compatibility.

Stephan Livera:

And so I think that is also why in Bitcoinland it’s like hard forks are basically only if it’s absolutely essential or if it’s like the whole thing is gonna die—okay fine, that’s the time to do a hard fork. Otherwise, I just don’t see it happening. I mean, hypothetically, it’s possible that you build up enough of a base of people who are willing to do it. But I think the scale and the numbers that we’re looking at are just too large. So I think to me it just comes down to: while some of these ideas might sound nice, I think it ultimately, for Bitcoin, it’s going to mean loss of things like scripting. If you want everything to be fungible, well then does that mean we don’t have scripting anymore?

Seth for Privacy:

No, you can still have scripting. Taproot is a great example of that.

Stephan Livera:

Yeah. In the Taproot world, yes.

Seth for Privacy:

Taproot allows you to have scripting where any script cannot be distinguished from another and you could just enforce a script on every transaction even if nothing is being done with the script. So there are definitely ways to remain fungible while keeping that capability. The reason Monero doesn’t have advanced scripting is not that it is not possible while remaining fungible, it’s that Monero is not a code fork of Bitcoin and was not designed with that in mind, and it hasn’t been the focus for the Monero community. So that could be done while remaining fungible—that wouldn’t be lost. Multisig would still function. All of these things could still be possible.

Stephan Livera:

Right. So even with that though—the Taproot aspect of policy privacy—that’s in the successful collaborative case. In the fallback case, at that point, you are losing the fungibility. So it would be like, an example, let’s say you and I set up a collaborative Lightning channel and we could make that look like a normal single signature channel open and a single signature channel close if we were collaborative. If, let’s say, you went offline or I went offline, hypothetically, then at that point you are [inaudible 47:33 reviewing/revealing]. And then at that point are we reopening the door about fungibility and saying, Oh, actually look, now we can see that was actually a Lightning channel uncooperative close. And then, boom, are we opening the door then again with fungibility?

Seth for Privacy:

Yeah I didn’t actually know that it fell back to cleartext scripting—obviously that’s not the right term.

Stephan Livera:

But yeah, exactly.

Seth for Privacy:

—that it fell back to something that was not hidden by Taproot’s policy privacy. So that is good to know. I mean, if the focus though was fungibility, there could definitely be ways to work around that. So it’s not to say that that’s not possible—it might not be possible right now—but that is an important aspect that I actually didn’t know about Taproot, so that’s good information there.

Stephan Livera:

Yeah. So I mean look, I think it just comes down to—I think the other aspect is accessibility. So it’s seen like Bitcoin is meant to be super-accessible, and I think the community really likes this idea of having, You can run it on a Raspberry Pi and that you can spin it up there, even though running on a Raspberry Pi may not be the best idea. Like, it might not be in practice what people actually use it for, but if you want to, you can, and I think that seems to be the guiding idea. Because we came—and this is probably from four or five years ago with this whole BCash idea that the community didn’t want it to go that way of saying, You’ve gotta be a big company to be able to pay for a big server or a big box to run your Bitcoin node—No, it should be accessible. The everyday man or woman on the street should be able to run their Bitcoin node. I think, potentially, that’s where that’s coming from. And so I think it’s that question around accessibility, some of these questions around backwards compatibility, that there’s just a much higher bar for doing a hard fork. Whereas in Moneroland, it seems like there’s more regular hard forking. And so in that sense, Bitcoin is a very decentralized culture and community. And it’s just difficult, I think, to coordinate anything like that.

Seth for Privacy:

Yeah, I’m not saying that a hard fork like that would be easy or would be a simple thing, but the problem is if we just dismiss the possibility of any future upgrades to the protocol that would have key impacts like this—like bringing fungibility—we just call Bitcoin what it is today and we just hope that these bad things don’t happen. And like you said, a hard fork could be done if the community consensus was behind a hard fork and the community understood that fungibility is a critical aspect of money and understood that a nonfungible Bitcoin will necessarily not to be the tool for freedom that it could be if it was fungible—they could come together, have a hard fork. It could be a non-contentious hard fork. Bitcoin’s so big, I’m sure there would be some entity that kept on the original chain and kept that going, but I think you could have an overwhelming majority that are for that type of hard fork and want to implement those things. Would that be easy? No. Would that have a precedent within Bitcoin? No, absolutely not. Obviously, hard forks have been anathema to Bitcoin outside of like an emission bug or something like that. So it’s not an easy thing, but the reason that I’m pushing is that I see this thread of hope while we have some flexibility now before we’re really in the war with governments, regulators, with all these entities. I see a thread of hope where the Bitcoin community can have real hard conversations about these topics, not just dismiss them because we don’t hard fork, or not just dismiss them because auditability is sacred. And again, the definition of auditability is complex there, but not just dismiss them because of these specific things or because of prevailing narratives, but have those hard conversations. And if after those hard conversations the Bitcoin community decides, No, we actually preferred this instead and we’re gonna figure out other workarounds, or we’re gonna just live with the fact that it’s nonfungible and find ways to provide privacy to those who recognize the need and take advantage of the tools—that’s okay. I just want to make sure that these conversations happen within the Bitcoin community, that these topics like BIP47, stealth addresses, confidential transactions, ring signatures—all these potential technological approaches that can be used to enforce fungibility via consensus—that those conversations happen again, because they’ve happened in the past, but a long time ago, and the community has changed drastically since then. So really what I’m pushing for is for those conversations to happen, because a hard fork could be done. All of these tools can be employed while keeping Bitcoin accessible from a node level. These things are definitely doable. Like you mentioned with the confidential transactions within Liquid, I don’t know why their confidential transactions are so large, because their transactions are actually larger than Monero transactions which have ring signatures and other pieces of the transaction that should make them necessarily larger. So I need to find out more about that—I did digging into why Liquids transactions were so large with confidential transactions and I couldn’t get to the bottom of that. So that’s not something I can answer today, but I know that confidential transactions can be done more efficiently because Monero transactions are already smaller than Liquid transactions using confidential transactions. So there’s some weirdness there, but these things can be done in a way that keeps Bitcoin accessible to other people. And the other key thing with accessibility—and this is something that I harp on constantly as being someone who’s in the broader privacy space and not just in the cryptocurrency space—a tool has to remain accessible to the most people possible by providing sane defaults. If a privacy tool does not enforce strong privacy for any entrant to the system, if you start to use Signal but the option to have end-to-end encryption between people was something you had to go in, check a box, you had to go into advanced settings and set up—when you have a system like Telegram where regular chats are completely cleartext, they’re stored on servers by Telegram, you gain no privacy by using Telegram natively, but you can do secret chats, and then you gain privacy. If you have tools built like that, the vast majority of people are going to be put in harm’s way because they won’t figure out that they need to start using these advanced privacy tools. And so ultimately, if you want Bitcoin to be as accessible—as a tool for freedom—for as many people as possible, it needs to take the privacy of users and the fungibility of the currency seriously, so that the people who get into Bitcoin and don’t know better don’t end up hurting themselves, going to jail, having these problems. And these are problems that we see people having constantly. This was a critical issue with the Freedom Convoy protests in Canada and the approach that was taken to collecting and handing out Bitcoin. The approach was terrible from every aspect of OpSec: like, the approach was very poorly done, the people were not taught how to use Bitcoin privately, they weren’t even informed that Bitcoin is not private and has these issues and that you need to take extra steps. And so real people are going to jail, real people are being prosecuted, and real people are going to suffer because of a lack of privacy by default and a lack of fungibility. So ultimately, I think if you’re going from the angle of, I want Bitcoin to be accessible to as many people as possible, you need to take privacy and fungibility seriously, and you have to do that as a sane default at the consensus level or else you risk bringing in new people constantly—especially through Number Go Up—that constantly brings in new people who have no idea how the technology works. And if the technology does not protect them by default, they are going to be in harm’s way eventually. Maybe not today, maybe not tomorrow, but eventually that can come back to bite them.

Stephan Livera:

Right. So let me offer a few thoughts in response. So I am definitely against a hard fork in Bitcoin. I certainly think that we have to work within the system as it is, and that means soft forking in with consensus improvements, if possible. So in the future, cross-input aggregation. So I’ve got an episode, listeners, if you want to see that one—that was from my panel discussion I hosted at TABConf. That was with Peter Wuille, Andrew Poelstra, Murch, and Andrew Chow, so I recommend checking that one out. I’ll put that in the show notes. But the broader conversation here is: I think we have to recognize that there are certain things that we’re just not going to change them easily in Bitcoin, and that part of that is no hard forking, and anything about accessibility is not really going to work—and people don’t want to lose that functionality. And so I see it like our best path forward for Bitcoin is actually more of a sociological aspect of it. It might not necessarily be a technological, Hey, we need to do these things at the protocol level—I think it’s that we actually need to encourage a peer-to-peer culture, if you will. And so I think it’s around growing that aspect of the ecosystem, and to use the Canadian trucker example, I think that could have been done better, right? I think it could have been like, Hey, get each trucker—if they’ve got an Android phone, get ’em on Samourai Wallet, or if they’ve got a laptop, get ’em on Sparrow Wallet, and then at least you’ve got CoinJoin functionality, or teach them more about how to do it in a peer-to-peer way. Maybe a guide could have been written there. And maybe do not emphasize this whole transparent thing about Bitcoin. So historically this was a thing, right? People said, Oh look, it’s all transparent—it’s on the blockchain, and I’m gonna donate in a very transparent way. Look, here world, I’ve made my 2 million satoshi donation or whatever—we need to get away from that transparency culture. And actually—yeah, it’s a trade-off, but we’re just gonna have to trust that the operator of the donation person, we’re trusting them to just give out the funds. And there are simpler ways. Like, as an example, maybe the organizer or the person organizing that could have run it through Whirlpool himself and then given it out to the recipients. And then in that way, they just already receive CoinJoined funds, and now they can go buy things with vouchers or sell it peer-to-peer. And so I see it like we have to work within the system as it is, and not trying to do this hard fork changing. So I see it like we just have to try to encourage the use—for those people who want that—I understand not everybody cares or wants that. And I think it’s all about preserving that longer-term goal, which, again, not to sacrifice everything, but I really think Number Go Up is the important thing, and that, long-term, governments will not have as much crazy power over everyone like they do today. I really think there’s a cultural change that will come given further adoption. And I understand some privacy advocates don’t agree there. They think, No, this whole idea of mass adoption is a scam or it’s a Trojan horse—don’t do that. I see it like we should be trying to build the peer-to-peer world and build privacy techniques at an application level and sort of place our chips on that idea that the longer-term in a Bitcoin standard will provide less tyrannical and authoritarian governments over us, because I think it will have changed some of the cultural factors that led us to where we are today under the fiat money standard. So that’s how I’m seeing it. But if you’ve got any closing thoughts for listeners, now’s your chance. And of course, when you finish off, tell everyone where they can find you as well online.

Seth for Privacy:

Yeah. I think your view is very hopeful, and I hope that your view happens. I hope that we can still build this world where Bitcoin provides financial freedom and financial privacy to as many people as possible without these changes—without hard forking, without implementing strong privacy by default. I definitely disagree that it’s a realistic view, and I think we’ve seen this shown all throughout the history of technology, that things that are developed without privacy as the forefront and without that being a key piece of it will have failings later on because building things in an application layer is incredibly difficult, and you keep adding complexity to all of the tools that are built on top if you don’t take care of that basic principle at the bottom. So I definitely think that world is one that I don’t see realistically happening, because I think that a tool that, in my opinion, is not being developed and focused on with an adversarial mindset will necessarily be pressured and be censored and be regulated into being not as powerful, at least. It will still be a tool for financial freedom for many people, but it won’t be as powerful, and it won’t be a tool for financial freedom for everyone because you have to have a certain level of tech-savvy. You have to have a certain level of understanding of the technology and understanding of the tools to use it privately and to benefit from it properly. So that’s really my main concern and the reason why—I understand a hard fork is not easy and is probably impossible. That’s why I focus most of my time on Monero, because I don’t see the things that I see as completely necessary for a strong money and for financial freedom being added into Bitcoin. But I’m hopeful. And again, I have that thread of hope that the Bitcoin community can see the necessary value of these things and could hard fork, or maybe there’s some other way that it could be implemented. But if you do it via soft fork or something else, you still have the problem of opt-in privacy and a lack of fungibility and all of those things. So I’m really pushing because I’m hopeful that there is a way that Bitcoiners can come to consensus around how to enforce fungibility and how to build in sane defaults so that anyone who’s being onboarded—no matter the wallet, no matter the software that they’re using as long as obviously it’s non-custodial and all those things—gains those strong benefits and does not have to worry about if they can accept funds safely and does not have to worry about if they can send funds to someone without them peering into their wallet and all of those things. So I know those things are unlikely. It’s unlikely a hard fork would happen, maybe even impossible, but it’s definitely something where I just want people to take a second and look at Bitcoin, take a second and look at the issue of fungibility within Bitcoin, and make sure that they’re okay with the current state of nonfungibility within Bitcoin, and make sure that they’re okay with the current state of relying on app devs building strong privacy tools, of educators teaching people to use those privacy tools, and of people choosing to use those privacy tools in addition into learning what Bitcoin is, how to use it—all of those things. So it’s a tricky topic. I know it’s not a fun one. It doesn’t get you pumped up for Number Go Up and doesn’t get you excited in the other ways, but ultimately these things are tools that will go against governments, that will go against regulators, that will go against banks—we’re designed to do so. And so if we allow these chinks in the armor of Bitcoin, and if we allow these these gaps that can be pressured by external entities, we necessarily reduce the value that Bitcoin can have—at least to some people. So that’s really my concern. I know there’s a lot that goes into this conversation and there’s a lot of technological approaches that can be taken. There’s a lot of politics and memes and narratives that go one way or another within this conversation. But ultimately, I want Bitcoin to be a tool for financial freedom to anyone who learns about Bitcoin and chooses to use it, not just to those who learn about Bitcoin, choose to use it, and then learn the proper privacy practices to be able to transact freely without permission, without censorship. So ultimately, I guess that’s my summary, but I really just want people to start having these hard conversations, start thinking about these things deeply, make sure that they’re comfortable with the trade-offs that Bitcoin currently takes, and then if they’re not, figure out what trade-offs they’re comfortable living with in order to bring fungibility and default privacy to Bitcoin. But obviously this is a very outside of their normal Bitcoin narrative conversation, and even the idea or the topic of hard forking is anathema to many people. So I know that will scare people off, but I think it’s a conversation we should have, and it’s a thought that I think each of us should take and walk through from beginning to end, and think about Bitcoin in the sense of, When there are adversaries, how will it perform? When there are adversaries to me using Bitcoin, how will I be able to actually use my Bitcoin? And if you’re okay with the trade-offs, learn the tools, because you have to learn the tools within Bitcoin to use it well. So learn Samourai Wallet, learn Whirlpool, learn Postmix spending, use Sparrow Wallet for desktop, all of these different technologies that can be used to gain financial freedom through Bitcoin, and that can be used to gain personal privacy for yourself there.

Stephan Livera:

Cool. And, Seth, where can people find you online?

Seth for Privacy:

Yeah, so primarily Twitter is gonna be the main place I’m talking about topics like these—broader privacy as well. I do a lot of privacy education and content creation under @sethforprivacy on Twitter. I also host a podcast called the Opt Out Podcast. That’s @optoutpod on Twitter, and it includes a lot of cryptocurrency topics, but it’s really focused on broader personal privacy. So we walk through a lot of the different tools that go into reclaiming your privacy and going on a journey towards personal privacy, including Bitcoin, including Monero, is another one of the things that we bring up pretty often. But those are he main places to reach me. I also have a blog at sethforprivacy.com where I talk about a lot of these same topics and have the fungibility posts that I mentioned at the beginning of this chat on there as well, if people want to look into some of the cases where fungibility has hurt people. But lots of different topics discussed there as well. But @sethforprivacy on Twitter is really the main place to follow me and interact with me.

Stephan Livera:

Great. Okay, well thanks very much, Seth. Thanks for joining me.

Seth for Privacy:

Yeah, thanks so much for having me on Stephan. It was a huge privilege to be able to join and discuss tricky topics and complex topics within the Bitcoin space, but I think necessary ones for people to consider and think about. So thank you for taking the time out to have me on and talk through this.