Category: Web/Tech

A MimbleWimble Explainer

TechnologyReview: In July 2016, someone using the name Tom Elvis Jedusor (the real name of Lord Voldemort, the main villain in the Harry Potter universe, in the French edition) posted a link to a text file in a chat room frequented by Bitcoin researchers. Voldemort’s document described MimbleWimble, a blockchain system that would hide the identifying information associated with Bitcoin transactions.

…The person who started Grin [one of the first new currencies built on a blockchain that implements MimbleWimble] is also pseudonymous, going by the name Ignotus Peverell (the original owner of Harry’s invisibility cloak), and has never been seen. Peverell recently used a text-to-speech program to address attendees at a Grin conference.

So to sum up, Grin is a new currency on the MimbleWimble blockchain imagined by Lord Voldemort and implemented by the invisible Ignotus Peverell.

…Eric Meltzer, an investor for crypto-focused Primitive Ventures, recently estimated that $100 million of “mostly VC money” has already been invested in Grin mining operations.

California fact of the day

UCLA students call about 11,000 Uber and Lyft rides that never leave campus every week, raising concerns about the environmental impact of unnecessary trips.

Here is the article, via Jessica Roberts.  I can’t say I am crazy about the framing however — have you tried walking across UCLA campus?  You could just as soon write an article criticizing the people who don’t do bulk shopping, thereby creating unnecessary car trips to the store.  Students who live on campus hardly seem like the worst environmental offenders or anywhere close to it.

Markets in everything those new service sector jobs

Advansun, 39, is a full-time “sleep writer” in Toronto. He writes with one goal in mind — to lull people off to la-la land.

Advansun publishes his bedtime stories for adults on the popular app, where they are voiced by famous actors like Matthew McConaughey. says its roster of 120 sleep stories has been listened to more than 100 million times.

“I think we are putting a modern take to something that’s pretty timeless,” he says. “We are giving grownups permission to drift off to sleep to a story, and that’s not something a lot of people have thought about before.”

Advansun says the key is to get the attention of the listener and then “hold it gently” without ever jostling them awake. He maintains this is a tough balance to achieve … especially since Advansun is trained as a screenwriter (think plot twists, car chases and explosions).

“I certainly didn’t set out to write stories that put people to sleep,” he jokes. “I have sort of fallen into it, and I adore it. It’s not only quite rewarding, it is a great challenge as a writer.”

Here is the full story, via Michelle Dawson.

Does Amazon have an investing advantage?

Thought experiment: How would Amazon enter the venture capital business?

Use data from AWS to inform investment decisions

Amazon can leverage its proprietary data from AWS (Amazon Web Services).  Amazon’s edge is that most of the best technology start-ups are built on its services.  Amazon has a lot of information about how much these companies are spending, what services they use, what technologies they use, and more.

The AWS data could be extremely predictive and give Amazon early signs that companies are growing fast or reaching an inflection point.  And it can use the data as a better diligence check of a company … for instance, the data could help determine which companies that claim they have “AI” are real and which are just marketing.

Using this data to invest in public companies would likely not be legal since it could be deemed as inside information.   But using it for private companies is something Amazon could do.

There is much more at the link from Auren Hoffman.

You still underestimate YouTube

Birmingham was brought to a standstill on Saturday, with motorists abandoning cars and the city gridlocked for hours after thousands of teenagers flooded the city centre to see a 19-year-old YouTuber make a 30-second public appearance at a cosmetics store.

Many shoppers were forced to cancel their trips, while parts of the bus network ground to a halt and road traffic was at a standstill, as fans hoped to catch a glimpse of James Charles, who is known for his online makeup guides.

Here is the full story, via Anecdotal.

Craig Palsson does economics on YouTube — Market Power

His channel is Market Power, and he promises new economics videos every Tuesday.  Here is the associated Twitter account for the channel.  Here is his video “How much does vibranium cost in the Marvel movies?”:

Here is another video “How much is an Oscar nomination worth?

And I am pleased to announce that Craig is a newly minted Emergent Ventures fellow.  He also is an economic historian, and has lived for two years in Haiti, both big pluses in my view.

The Buying Slow but Selling Fast Bias

In this clip professional money manager Ben Griffiths approvingly quotes fellow-trader Larry Williams, “If you get one thing right in your career it is to learn to be a slow buyer and a fast seller”. “If you can master that”, Griffiths continues “you will be well down the way to being a successful manager of money.” Using a huge database of 783 portfolios averaging $573 million in size and covering 4.4 million trades over 16 years, Akepanidtaworn, Di Mascio, Imas, and Schmidt show that professional money managers follow exactly this advice and it is exactly wrong.

Professional money managers do well on their “slow”, buy decisions–somewhat surprisingly, well enough to beat benchmark portfolios. It’s on their “fast”, sell decisions that money mangers significantly underperform the market. Remarkably, the authors show that on average professional money managers would have done better had the chosen what to sell randomly. Why? On their buy decisions money managers put in effort–you can tell they are putting in effort because their buy decisions cannot be explained by simple heuristics based on past returns (such as buy past winners or buy past losers). On their sell decisions, however, managers do appear to follow a heuristic of selling their big past winners or past losers. See the graph where the blue buy decisions are independent of past returns while the red sell decisions show a clear preference to sell positive or negative return outliers. The authors show that this bias reduces return (just as you would expect). When you sell fast you sell what comes to mind quickest, an availability bias, and that’s often a past winner or a past loser even if greater thought would convince you that these are not the best stocks to sell. The sell fast bias, however, is pretty easy to fix. I expect that institutional investors will induce money managers to take a second look at sell decisions, much as computer systems now ask physicians to check branded prescriptions when generics are available.

Addendum: In related news, Deep Mind’s Alpha Star trounced human players of StarCraft II, a game of imperfect information that is much more complicated than chess. Amazingly, Alpha Star made fewer actions per minute than the human players. As with GO the AI developed new long-range strategies never before seen.

Library of Congress to archive Marginal Revolution

From my email:

The United States Library of Congress has selected your website for inclusion in the historic collection of Internet materials related to the Economics Blogs Web Archive. We consider your website to be an important part of this collection and the historical record.

The Library of Congress preserves important cultural artifacts and provides enduring access to them. The Library’s traditional functions, acquiring, cataloging, preserving and serving collection materials of historical importance to foster education and scholarship, extend to digital materials, including websites. Our web archives are important because they contribute to the historical record, capturing information that could otherwise be lost. With the growing role of the web as an influential medium, records of historic events could be considered incomplete without materials that were “born digital” and never printed on paper.

The following URL has been selected for archiving:

We request your permission to collect your website and add it to the Library’s research collections. In order to properly archive this URL, and potentially other URLs of interest on your site, we would appreciate your permission to archive both this URL and other portions of your site, including public content that your page links to on third party sites such as Facebook, YouTube, etc. With your permission, the Library of Congress or its agent will engage in the collection of content from your website at regular intervals over time and may include it in future collections.

The Library will make this collection available to researchers at Library facilities and by special arrangement. The Library may also make the collection available more broadly by hosting the collection on the Library’s public access website no earlier than one year after our archiving has been completed. The Library hopes that you share its vision of preserving Internet materials and permitting researchers from across the world to access them.

Drop Gangs

Cryptocurrencies, GPS, drones, and cheap beacons are driving a new evolution in illegal markets:

…[A] major change is the use of “dead drops” instead of the postal system which has proven vulnerable to tracking and interception. Now, goods are hidden in publicly accessible places like parks and the location is given to the customer on purchase. The customer then goes to the location and picks up the goods. This means that delivery becomes asynchronous for the merchant, he can hide a lot of product in different locations for future, not yet known, purchases. For the client the time to delivery is significantly shorter than waiting for a letter or parcel shipped by traditional means – he has the product in his hands in a matter of hours instead of days. Furthermore this method does not require for the customer to give any personally identifiable information to the merchant, which in turn doesn’t have to safeguard it anymore. Less data means less risk for everyone.

The use of dead drops also significantly reduces the risk of the merchant to be discovered by tracking within the postal system. He does not have to visit any easily to surveil post office or letter box, instead the whole public space becomes his hiding territory.

…Classically, when used by intelligence agencies, dead drops relied on being concealed. This lead to dead drops being hard to find even by the intended recipients without costly preparation and training. One of the results of this was that dead drops were often used repeatedly, which increased the probability of both sender and recipient being identified by surveillance.

An ideal dead drop is however used exactly once. Only then can the risks of using it be reduced to pure bad luck.

This challenge is met by Dropgangs in various ways. The primary one is that the documentation of each dead drop is conducted in minute detail, covering GPS coordinates, photos of the surrounding and the location, as well as photos of the concealment device in which the product is hidden (such as an empty coke can). The documentation however increases the risk for the Dropgang since whoever creates it would be more easy to identify by surveillance. In addition, even great documentation still requires the customer to understand it and follow it precisely, which can lead to suspicious behavior around the dead drop location (staring at photos, visually comparing them to the surrounding, etc).

A first development to mitigate the problem of localizing is the use of Bluetooth beacons. In addition to the product, the dead drop contains a little electronic device that sends a signal that can be received by a smartphone, which in turn can display the direction and approximate distance to the device. In addition to the GPS coordinates, the customer requires only a smartphone with the correct App. Beacon devices like these are available on the open market for under ten dollars.

They do however pose the risk of a non-authorized party to discover the dead drop, simply by searching an area suitable for hiding dead drops with their own smartphone.

There are first reports of using beacon devices that are not constantly sending a signal, but have to be activated first. The activation usually happens by establishing a WiFi hotspot on the customer’s phone (by using the WiFi tethering feature). Only if the beacon sees a WiFi hotspot with a specific, merchant provided, unique name will it start to send a homing signal itself. Devices like these are very cheap (<15 USD) and have gained traction in the field, but they pose risks to the customer: His smartphone becomes identifiable by observers, even over considerable distance. This can lead to tracking the customer.

…A plausible next step would be the development of markets for dead drop operators that make their living by picking up product from one dead drop and placing it in another, working as a proxy for the customer to increase his safety and to reduce his efforts. This would also make this distribution model wider spread and available to more products, which will blur the lines between the black and the legal market. On this blurred line new services and technologies will establish themselves, inherently dual use services like lock boxes that can be paid by peer-to-peer cryptocurrencies.

Looking even further into the future, it seems plausible that the whole urban environment might find itself integrated into a dynamic landscape of very short-lived dead drops that are serviced by humans and cheap drones (unmanned aerial vehicles), which are already cheaply available and likely only require one market actor to develop and spread a mechanism to pick up and drop goods. Both merchant and customer could use drones, that are available for rent through dedicated Apps, to deliver product to a meeting point on a roof, where another drone would pick it up. Chaining multiple exchanges like this will make the tracing of the delivery extremely hard, essentially leading to mixing techniques so far used only in anonymizing digital communication.

Read the whole thing.

Hat tip: Eli Dourado.

Those new service sector jobs

Ms. Golden, 43, has developed these no-fly lists in her four years as a dating app ghostwriter. For $2,000 a month, she swipes, chats and charms, impersonating her clients. Once she has earned a client a date, she tags them in and becomes a more traditional dating coach, reviewing each encounter in detailed post-mortems, helping to guide their next moves. Some clients disclose to their dates that they have used Ms. Golden’s services, and others do not.

And what does she use for input?:

Tone is essential to Ms. Golden’s — and her clients’ — success. She learns to imitate their conversational styles through the use of an eight-page intake form that includes specific questions: How do you take your coffee? Have you ever “swam with dolphins or stingrays or enormous turtles”?

By the time a potential client has answered those questions and had an hourlong introductory conversation, Ms. Golden thinks she can mimic them convincingly enough — down to whether they would type “gonna” or “going to” — to start chatting.

Don’t forget this:

She subscribes to a less-is-more mind-set, and much of the work she does is in how little she says.

Here is the full NYT piece by Jonah Engel Bromwich.

Privacy vs. control

It is often suggested that Facebook, Google, and the other major tech companies violate the privacy of their users, and of course the companies are criticized on those grounds.  Yet I never see those critics go after other sources of privacy violations, such as say the friends and acquaintances who gossip behind our backs.  If privacy were so important, you might expect the overall campaign to be “pro-privacy” rather than just “anti-corporate” or “anti-tech.”

One possibility is that service users don’t see much of a chance that the “Zip files” assembled on them by the algorithms stand much chance of harming their fortunes or even being released in decipherable form.

Still, people are made vaguely uncomfortable by some of what is going on.  Could it be a “control” issue rather than a privacy issue?  That is, people do not like “feeling out of control” when it comes to their lives, including their personal data.  They used to “feel in control” and now they do not, in part because of the very media critics who view themselves as solving the privacy problem.

If it is a control problem, the chance that placebos will improve matters is higher, because I do not see our privacy losses as being reversible, or people even caring all that much.  What is the cheapest placebo that can help us address the control problem?  Passing some meaningless piece of legislation?  Self-reforms from the media?  The right kinds of proclamations from the tech companies?  All of the above?

I believe public discourse would be improved if we realized “privacy problems aren’t always about privacy,” to paraphrase Robin Hanson.

Trying to sell your data

I have news for you people: your data ain’t worth nuthin’:

I was ready to call it quits—unless, that is, my proceeds reeled me back in. I tallied up my fiat (that’s money, to the rest of us): 162 WIB, 1 DAT, 0 NRN. My earnings, while eclectic, were worth approximately 0.3 cents.

That is from a recent Wired article by Gregory Barber, who tried to sell his data in the open market.  Yet data can be worth a good deal in the aggregate — just ask some of the major tech companies.  The economics here are a bit like the economics of voting.  If it were legal, and you tried to sell your vote and your vote alone, you might not get much more than 0.3 cents.  That vote is unlikely to prove decisive.  Yet average and marginal value do not coincide.  If someone could buy a whole block of votes, which in turn could swing an election, the price could be much higher.

The upshot is that giving individuals ownership of their data, so they can sell it, is unlikely to yield much, unless of course you think widespread consumer collusion will prove feasible.

For the pointer I thank the excellent Samir Varma.

Ethereum Classic Double Spend Attack?

Yesterday, I warned that double spend attacks were cheap and particularly likely for smaller coins using standard hash algorithms. Coincidentally (?) later that day there was this:

It’s not entirely clear whether that is true or if there is an alternative explanation. Coinbase, however, says that approximately $500,000 was double spent. You can find a good discussion on Hacker News.  You can also find an interesting calculation of the cost of renting enough hashing power to 51% dominate various networks here. It’s cheap. The costs given are underestimates in one respect since they don’t include block rewards but overestimates in another as renting may not always be possible.

Here’s some back of the envelope calculations on the cost of the ETC attack. If I am reading the blockchain stats correctly, ETC has a block time of about 15 seconds and the chain was reorganized almost to a depth of 100 blocks or 1500 seconds, i.e. 25 minutes. The cost of dominating the ETC hasing power for an hour is around $5000. Thus, this attack could have been very profitable, even adding in substantial setup costs. Feel free to write in the comments if these numbers look wrong.

As I mentioned yesterday, it’s not surprising that this is happening now because with massive falls in prices in most cryptocurrencies there is an excess supply of computation. Expect more stress testing this year.

Hat tip: The excellent Jake Seliger.

Bitcoin is Less Secure than Most People Think

I spent part of the holidays poring over Eric Budish’s important paper, The Economic Limits of Bitcoin and the BlockChain. Using a few equilibrium conditions and some simulations, Budish shows that Bitcoin is vulnerable to a double spending attack.

In a double spending attack, the attacker sells say bitcoin for dollars. The bitcoin transfer is registered on the blockchain and then, perhaps after some escrow period, the dollars are received by the attacker. As soon as the bitcoin transfer is registered in a block–call this block 1–the attacker starts to mine his own blocks which do not include the bitcoin transfer. Suppose there is no escrow period then the best case for the attacker is that they mine two blocks 1′ and 2′ before the honest nodes mine block 2. In this case, the attacker’s chain–0,1′,2′–is the longest chain and so miners will add to this chain and not the 0,1… chain which becomes orphaned. The attacker’s chain does not include the bitcoin transfer so the attacker still has the bitcoins and they have the dollars! Also, remember, even though it is called a double-spend attack it’s actually an n-spend attack so the gains from attack could be very large. But what happens if the honest nodes mine a new block before the attacker mines 2′? Then the honest chain is 0,1,2 but the attacker still has block 1′ mined and after some time they will have 2′, then they have another chance. If the attacker can mine 3′ before the honest nodes mine block 3 then the new longest chain becomes 0,1′,2′,3′ and the honest nodes start mining on this chain rather than on 0,1,2. It can take time for the attacker to produce the longest chain but if the attacker has more computational power than the honest nodes, even just a little more, then with probability 1 the attacker will end up producing the longest chain.

As an example, Budish shows that if the attacker has just 5% more computational power than the honest nodes then on average it takes 26.5 blocks (a little over 4 hours) for the attacker to have the longest chain. (Most of the time it takes far fewer blocks but occasionally it takes hundreds of blocks for the attacker to produce the longest chain.) The attack will always be successful eventually, the key question is what is the cost of the attack?

The net cost of a double-spend attack is low because attackers also earn block rewards. For example, in the case above it might take 26 blocks for the attacker to substitute its longer chain for the honest chain but when it does so it earns 26 block rewards. The rewards were enough to cover the costs of the honest miners and so they are more or less enough to cover the costs of the attacker. The key point is that attacking is the same thing as mining. Budish assumes that attackers add to the computation power of the network which pushes returns down (for both the attacker and interestingly the honest nodes) but if we assume that the attacker starts out as honest–a Manchurian Candidate attack–then there is essentially zero cost to attacking.

It’s often said that Bitcoin creates security with math. That’s only partially true. The security behind avoiding the double spend attack is not cryptographic but economic, it’s really just the cost of coordinating to achieve a majority of the computational power. Satoshi assumed ‘one-CPU, one-vote’ which made it plausible that it would be costly to coordinate millions of miners. In the centralized ASIC world, coordination is much less costly. Consider, for example, that the top 4 mining pools today account for nearly 50% of the total computational power of the network. An attack would simply mean that these miners agree to mine slightly different blocks than they otherwise would.

Aside from the cost of coordination, a small group of large miners might not want to run a double spending attack because if Bitcoin is destroyed it will reduce the value of their capital investments in mining equipment (Budish analyzes several scenarios in this context). Call that the Too Big to Cheat argument. Sound familiar? The Too Big to Cheat argument, however, is a poor foundation for Bitcoin as a store of value because the more common it is to hold billions in Bitcoin the greater the value of an attack. Moreover, we are in especially dangerous territory today because bitcoin’s recent fall in price means that there is currently an overhang of computing power which has made some mining unprofitable, so miners may feel this a good time to get out.

The Too Big to Cheat argument suggests that coins are vulnerable to centralized computation power easily repurposed. The tricky part is that the efficiencies created by specialization–as for example in application-specific integrated circuits–tend to lead to centralization but by definition make repurposing more difficult.  CPUs, in contrast, tend to lead to decentralization but are easily repurposed. It’s hard to know where safety lies. But what we can say is that any alt-coin that uses a proof of work algorithm that can be solved using ASICs is especially vulnerable because miners could run a double spend attack on that coin and then shift over to mining bitcoin if the value of that coin is destroyed.

What can help? Ironically, traditional law and governance might help. A double spend attack would be clear in the data and at least in general terms so would the attackers. An attack involving dollars and transfers from banks would be potentially prosecutable, greatly raising the cost of an attack. Governance might help as well. Would a majority of miners (not including the attacker) be willing to fork Bitcoin to avoid the attack, much as was done with The DAO? Even the possibility of a hardfork would reduce the expected value of an attack. More generally, all of these mechanisms are a way of enforcing some stake loss or capital loss on dishonest miners. In theory, therefore, proof of stake should be less vulnerable to 51% attacks but proof of stake is much more complicated to make incentive-compatible than proof of work.

All of this is a far cry from money without the state. Trust doesn’t have the solidity of math but we are learning that it is more robust.

Hat tip to Joshua Gans and especially to Eric Budish for extensive conversation on these issues.

Addendum: See here for more on the Ethereum Classic double spend attack.