A Misunderstood Threat
By nixops on ALTCOIN MAGAZINE
The following article will hopefully shed light around a threat vector that is overlooked. This threat vector is now beginning to become very critical for the safety of the users of bitcoin and cryptocurrency as a whole.
Third parties are not to be trusted, as we have learned time and time again it is of no value to “trust” or label a third party as “trusted”. In an environment that champions the notion of being “trustless”, we must understand that adversaries are everywhere. This does not mean that businesses who are supporting the development of tools and services are necessarily dangerous. However, we must also remember that software is vulnerable and that mistakes do happen. Another consideration is what the software does, this is also prone to be used in a way that was not its original intent.
Currently, lightning which was started by Lightning Labs is being hailed for a great faster payment solution that uses bitcoin. Lightning is what is considered a layer 2 or a side-channel for utilizing bitcoin to send faster than you would through using a standard peer to peer transaction and wait for confirmations, this can be tedious and allow for double spends if an attacker is clever. As it uses bitcoin, it is important to remember it is not bitcoin. Another aspect to keep in mind is that this solution has its own issues and its own growing pains as all software does. While it is considered to be beta software and use at your own risk, which almost all software should be treated this way. The developers have provided numerous warnings.
Banks are also third parties, as are Visa and PayPal. Currently in the environment of Cringe Twitter(formerly Crypto Twitter), we see a lot of references that lightning allows for usage of bitcoin as Visa and PayPal do with fiat. This comparison should be frightening rather than championed. There is a threat that lies underneath the surface of this statement. While it may seem that this is great for bitcoin and it’s use, there are dangers with it.
As bitcoin is software, so is lightning. Bitcoin is licensed under the MIT license. This license permits the redistribution of the software with or without modifications freely, it also warrants no guarantee on the software as it is presented as-is with no warranty or liability. This is important to understand as this allows anyone to take and modify their own version of bitcoin. Lightning is also published using this license. This license is very permissive and is what you may commonly see referred to as open-source.
MIT licensed software is preferred in many sectors including in the world of businesses. This license allows a company to use the software and modify it accordingly for their needs, without some of the other open source license requirements to publish changes if the software were to be redistributed. MIT licensed software is often used by corporations and businesses to avoid having to disclose “secret sauce” when building products that may need software that is open source but without the redistribution. This happens a lot in financial technology or as the zoomers call it “fintech”.
Banks and institutions provide services to vendors and service providers through merchant services. These services are often the lifeline of a business. While we continue to see companies and institutional money come into bitcoin, it is important to remember they are not our friends with regards to the fundamentals of bitcoin. However, they have one very important piece of the pie when it comes to adoption, control. This control is derived from the need of a business to have a merchant service for their day to day operation.
As the community around bitcoin champions the idea of adoption and that you should be able to use bitcoin to pay for things, as literally as it was then intent in the beginning. Though now the community is much larger. With that being said there is a misunderstanding circulating around the desire to have banks and institutions to get involved with bitcoin. This has dire risks to the user. This vector is often overlooked as a compromise many are willing to make. However, it opens up the same control of Visa, PayPal, and the banks to impact bitcoin without attacking the network. Banks will attack the users and thus compromise the fundamentals of bitcoin by attacking the solutions that use bitcoin.
Banks are not a friend of bitcoin, they are actually the enemy. They just as governments have learned that attacking the bitcoin network is futile. However, they did their homework and watched the current movementand found that this vector is much easier to attack the users to compromise bitcoin. As the abstracted layers do not require consensus in order to function and or to enable features.
Bitcoin was the first in the digital currencies to allow for a permissionless network validated by a trustless consensus that was not centrally controlled. As the ecosystem has evolved, so have the compromises to those that choose to use bitcoin as a form of payment but not using the main network for this process. As we abstract from the main network the fundamental value add proposition of bitcoin is jeopardized. This happens because a bank can prevent a merchant from running their own service, including BTCPayServer, as they may lose their merchant services provided for other payment methods.
HODL is not a use case and because of this idealism, that formed from a drunken post on bitcointalk. As users “HODL” they are not spending their bitcoin. As the users are not spending, it makes no sense for a merchant to sacrifice their payment processing provided by the merchant services by running their own, also the learning curve. They will instead use what is provided to them by their merchant service provider. This is where the user base is impacted and compromised.
A bank can implement their own “lightning-like” service that they accept only as their form of payment for the merchants. This could force full KYC as well as the potential to censor a transaction by forcing the use of only their channels. As mentioned above the software can and will be modified for them to have this control. As we begin to see this roll out this year, you will see a full-on assault on the permissionless nature of bitcoin as well as the users losing their pseudo-anonymity as well as transaction censoring. While it may be easy to think this will not happen, it is already underway.
Adoption via the form of people using and accepting bitcoin is great for the overall ecosystem. It is important to remember the value of bitcoin in providing a permissionless network with a trustless consensus that is censorship resistant, once we abstract from the network and uses secondary channels compromises are made. At a point, this will all be reintegrated into the antiquated system that was to be our enemy in the creation of the revolution. Instead of paving the way for the future, we went full circle and while it may be widely used and accepted. We have sacrificed the fundamental values for the idea of adoption. If we do not challenge this attack, then the following will hold true. This will make bitcoin the biggest revolution that never happened. Banks will just have an orange coin button and the fundamentals will be lost.