Does PayID Violate Our Blockchain Rights?

in #blockchain5 years ago

image.png

By FIO Managing Director: Luke Stokes

Do You Care About Blockchain?

When I first bought bitcoin in January 2013, I believed I was participating in the beginnings of a peaceful revolution. I did not trust the legacy financial system or the authorities that manage it, and I was (and still am) appalled by the wars funded by it. As this trust continues to degrade, our principles matter more than ever. They will be put to the test in the real world, not as ideologies, hope, or optimism, but as applied solutions.

A realist view of blockchain in 2020 admits it hasn’t accomplished much. Among thousands of failed projects, bitcoin is our primary win, recognized by the world for going from $0 in value to well over $100B in value. It's a self-sovereign, decentralized, secure, and more private solution than the existing financial system. It’s a great example of why blockchain matters, but the conversation has shifted from peer-to-peer digital cash and warnings about bank bailouts to just a store of value. If cryptocurrency can’t be easily used as money, what real impact will it have on the world?

We've been ignored and laughed at, and now we're being fought.

Will we win? Is this battle still worth fighting?

Do you care about disintermediation? Do you want immutable, censorship-resistant financial networks which are verifiably accurate via cryptography without having to trust a third party to secure (and possibly mishandle) your data?

On June 18th, Ripple’s PayID and the "Open Payments Coalition" launched. With an $8 billion market cap and a history of investment (such as Xspring putting out more than $750 million according to this source), Ripple’s PayID seems well-position to bring their universal payment ID solution to the masses. However, that may depend on whether or not you, as members of the cryptocurrency and blockchain community, think this battle is still worth fighting or if are comfortable using centralized, less-secure solutions which lead to institutional control of the sending and receiving of your value.

The FIO Solution

The FIO solution to the payment usability problem preserves these fundamentally important concepts in ways we believe a non-blockchain solution cannot. Let’s name and define these concepts as "Blockchain Rights":

Blockchain Rights:

  • Self Sovereign: permissionless and free from external control
  • Decentralized: no single point of failure, no centralized third-party requiring your trust
  • Secure: not open to direct attack, strongly encrypted, and with built-in key exchange functionality for individuals, not just institutions
  • Private: own your data, keep it encrypted and only available to the two parties involved in a given transaction

FIO / PayID Technology Comparison

FIOPayID
+ Secure, extremely hack resistant encrypted messages on a cryptographically secure blockchain- PayID servers are hacking honey pots. White paper has road map for "verifiable" PayIDs but this requires trusted key exchange between counter parties and no solution is presented for this problem
+ Clear path to complete privacy with FIP-5- PayID servers will have access to users mapped information including transactions
+ Self Sovereign- Ownership of identities resides with PayID server owner
- Newer blockchain technology with fewer years of real world testing+ Well known and hardened technology
- Necessitates a fee for every user paid by user or 3rd party to cover blockchain costs+ Cost is in PayID servers which are easy to stand up and psychologically can feel "free"
- New emerging project+ PayID backed by Ripple with huge financial resources

PayID is an interesting technological solution. Having worked with HTTP and REST for many years, I appreciate the use of existing technologies most web developers are already familiar with such as HTTP accept headers and end-to-end TLS encryption.

What concerns me most is how little focus has been put into the Verifiable PayID approach for individuals who will not give over their Blockchain Rights. Unless you're willing to take on third-party-risk (or run your own industrially secured web server), you have to solve the key exchange problem of securely and provably getting your public key to the individuals you wish to interact with. The PayID white paper makes it clear this is not a priority, and they do not currently have a solution for it:

Discussion Section on distributing PayID owner's keys

In this subsection, we discuss potential ways to distribute the keys of the PayID owner used to sign the message. Once we reach a consensus, it will be added to the relevant sections of this document and this subsection will be removed. Following are the two possible approaches:

(1) Identity field in payment account(s) information message
(2) Embed the public key of PayID owner in the PayID

This concerns me because there are plenty of motivations within the legacy financial space to keep this problem unsolved. Metadata about your expenditures and financial interactions is a multi-billion dollar industry powering banking, credit cards, advertising, social media, government spying, and more. Blockchain and cryptocurrency obfuscate this which is a direct threat to the existing systems. To the extent PayID has been designed to keep data centralized and unencrypted for PayID server operators to data-mine, there will not be motivation to resolve this issue. The URL-based approach actually promotes vendor lock-in as the data is controlled by that server, not accessible from the blockchain by you directly via your private key. If you can't reliably participate in a public key exchange, then you have to trust a centralized entity like a bank or payment processor to manage things for you.

Is this the future we envisioned? Is this the peaceful revolution?

PayID relies completely on TLS for the security of the data exchange. If that breaks down due to transparent SSL proxies (such as solutions like Cloudflare, large corporate networks, or government actors) then man-in-the-middle attacks on your key mappings create a serious problem waiting to happen.

The supporters of the Foundation for Interwallet Operability believe in Blockchain Rights. We believe these rights are being marginalized by the PayID solution as currently described. The “just run your own server” argument is not sufficient for a usability solution seeking mass adoption. In addition, these PayID servers will become targets for hackers, fueling a narrative that you can’t be self-sovereign and need to trust an authority like a bank.

We are at a crossroads. We can sacrifice our rights for a non-blockchain solution aligned with the centrally-controlled legacy financial system, or we can double down on our beliefs that individuals and the keys they secure should be empowered to control their own financial future.

You will determine the outcome. As a user of crypto wallets, exchanges, and payment gateways, will you demand a blockchain solution like the FIO Protocol from these products and services? As a blockchain company owner, will you align yourself with a solution leading to centralization of unencrypted data on PayID servers or with a decentralized, secure blockchain solution by prioritizing integration of the FIO Protocol into your product? The non-profit Foundation for Interwallet Operability helps facilitate an open process for protocol improvements. The board elections will be community suggested via token votes while the protocol itself is controlled by block producers continuously elected by token holders. Unlike centralized entities dictating the future under the guise of an “open” coalition, FIO is run by the cryptocurrency community who directly benefit from it via the tokenomics model.

All you have to do is show up and take a stand for what you believe.

If you think PayID will ultimately harm Blockchain Rights, share your thoughts and tag us @joinfio. The larger discussion about #BlockchainRights has to take place, or we will find ourselves back where we started with our decentralized visions replaced with centrally controlled tools.

Sort:  

We are at a crossroads. We can sacrifice our rights for a non-blockchain solution aligned with the centrally-controlled legacy financial system, or we can double down on our beliefs that individuals and the keys they secure should be empowered to control their own financial future.

How do you get the general consumer to care about their rights? It's not about who's best or has the best intentions, it always comes down to who can deliver the easiest to consume productized format. There's so much education to happen before average people care enough.

PayID relies completely on TLS for the security of the data exchange

y i k e s

How do you get the general consumer to care about their rights?

This is a difficult question I don't have a good answer for. I've tried for years to educate people about the importance of these things through stuff like http://understandingblockchainfreedom.com/ but ultimately, I fear there's little we can do. It's like sugar or alcohol. It tastes good, makes us feel good, etc so we don't care if it's bad for us. In small doses, we get away with it. In larger doses or when there is massive, unseen systemic risk, it can destroy everything. I think our global fiat financial system is reaching that stage and eventually it will be seen for what it is. I worry that may be too late for most people who don't see the problems now.

You're right about easy consumer product, but there's also the ease of integration to consider in terms of getting developers of wallets, exchanges, payment gateways and the like to integrate.

Congratulations @fioprotocol! You have completed the following achievement on the Hive blockchain and have been rewarded with new badge(s) :

You received more than 50 upvotes. Your next target is to reach 100 upvotes.

You can view your badges on your board And compare to others on the Ranking
If you no longer want to receive notifications, reply to this comment with the word STOP

Do not miss the last post from @hivebuzz:

The Hive community is in mourning. Farewell @lizziesworld!
Support the HiveBuzz project. Vote for our proposal!

you have really written well. that's a new concept and need some time to see effects

Flagging as it appears you're just comment spamming with links to a website. image.png