Oddbean new post about login | logout This is actually kind of scary.
Is there a regulatory reason they all use coinbase? Why wouldn't saylor (who runs a damn tech company) spin up a multsig solution for his own company? I just don't get this. My tinfoil hat is ringing.
Agreed. Absolutely silly state of affairs
It's going to be brutal, and its inevitable unless we get lucky with a small hack and it scares the shit out of half of these stupid, irresponsible shitheads and they make the necessary changes. Otherwise, there is only one most likely outcome to this story. And they will deserve it.
When we find out Coinbase's keys are all on 2-3 internet connected computers, my desk is going to handlessly flip over.
I'm not the biggest Coinbase guy, but the amount and doom and gloom about them being a custodian is funny to me. As if all of this shit sits in one wallet. There is just no way get past corporate compliance and legal teams without a robust solution in place. Anyone that has worked in IT, especially at a clearance level, knows the hoops vendors have to jump through to get contracts when it comes to critical infra or where the money is held.
You're probably right, but since I have no idea what their process/procedure are, I just focus on the fact that a single entity makes it a single point of potential failure. That's the salient point to me. I have no doubt they are best-in-class, but it remains a single point in a sense.
Yeah, I get what you're saying but it's only a SPoF in the sense it is one company. However, not knowing is a feature, not a bug. We shouldn't know. For example, I work in G IT and our vendors have to be FedRamp compliant. To get that certification, some of their systems can't touch, certain people cannot interact among teams, etc. We get these sort of setups for non-critical data to boot. For critical data, it can get even more stringent.
Totally agree I shouldn’t known but intend to assume that in the long run every SPOF is guaranteed failure but that’s because I’m a lawyer and all I think about is worst case scenarios day in and day out lol. Thanks for the thoughtful replies though it’s good stuff.
If there is an order to seize everything and the house is full of man in black, what will corporate complience and legal teams do? Comply?
This is Bitcoiner doom porn. They will sue the US Government. The US G isn't in the business of getting sued by every large financial institution on the planet. They do not want that smoke. It also doesn't make a lick of sense considering the common belief that gets parroted is that BlackRock and their ilk bought the politicians and secretly run shit. Can't have it both ways.
Just look at history. I would not assume that there will always be something like a "rule of law" that delivers justice to you. This thinking makes sense in corporate world which operates in a horizon of maybe a decade, but not for Bitcoin world which has an ambtition to be universal money for the forseeable future.
They won’t sure the govt if the govt puts them in charge of the new “govt bitcoin banking reserve.” Easiest way to consolidate power is to give a little bit of it to the people who have the capital you want to control. The govt would easily PR their way to controlling what they need to if it’s left this centralized and vulnerable. If it’s an existential choice between the govt status quo and the people’s rights, there is no ambiguity in what decision they will make.
Disagree. The lawsuits would just move down a level. There would be multiple class-action lawsuits by shareholders against all of these companies for not upholding their fiduciary duty responsibility. This would get hella messy and there is no way the G could PR their way out of this; Especially with how polarized politics and ideologies have become.
I think the shifts in the political environment in the past few years has made it far less likely, but I think that also depends on how hard they come down with the hammer if they consolidate more power in the next few years or not. I’m hopeful in that regard though. I think they are losing their grip on things and general dis-consensus in the political power world is good for us.
I think it is a mistake to equate the many hoops around regulations as “security,” when I know multiple people who tried to get regulatory approval, and ended up having to refuse because it would have deliberately *weakened* their actual security to follow their requirements. For the regulations to make sense from a bitcoin keys perspective, it has to understand them. I find it extremely unlikely that they do. There are likely areas where some of it still applies, mainly in basic computer access, user controls, and possibly physical separation. But the idea that this properly translates to the bitcoin environment and doesn’t either leave them vulnerable to accidental data loss (because you can always “roll back” in fiat) or exposure of keys in a different way (because authority overrides mistakes in fiat) I think would likely be naive. If you want to argue that regulations work and that incentives are aligned, I’d probably just point to the AAA ratings for MBS’s immediately prior to the worst housing collapse in this countries history. “Corrupt” or “incompetent” I think are far more broadly accurate terms when it comes to describing our regulatory systems.