Protecting Privacy with Simon Harman
Privacy is a vital concept in the online and offline world. Simon Harman, the Co-founder and Project Lead at Loki, talks to us about his new ventures in blockchain. He introduces the concept of a privacy network, what it looks like, and how it touches on human’s virtual privacy. Explaining the technical considerations and responsibilities that a person has once entering the virtual world, he notes that having good digital hygiene is a critical step in using any privacy tool. Moreover, he shares the challenges he and his team went through while finalizing the network, surviving the trial and error stage.
Listen to the podcast here:
Protecting Privacy with Simon Harman
I have a guest from Melbourne. We are going international. I have Simon Harman from Loki. He is the Cofounder and Project Lead there and he has been heavily engaged in the blockchain industry since 2015. Before making a move to blockchain development. He had a broad skill set and adaptability on cryptocurrency. He’s a recognized industry thought leader and blockchain expert. He plays a role in the redesign and running of the Talk & Trade, a weekly discussion about current affairs within the blockchain and crypto industry at the Blockchain Centre of Melbourne, assisting startups and educating themselves on blockchain technologies. We’re talking about new ventures in the blockchain. He is high on potential use cases. Simon holds a Bachelor of Arts from RMIT. A little bit about Loki. Loki is a privacy network, which is a first not-for-profit privacy organization and project building.
There’s a bit of a long story behind this. In Australia, we haven’t had many examples of open source software foundations or anything of that nature. We were going to be the first open source software foundation in Australia, but funnily enough, the first one launched their application literally a day before we did. That happened a couple of times in our project’s history. Someone always jumps the gun by a day and it’s very frustrating.
Slow and steady wins the race. You keep being sustainable. You’re a privacy organization and your project building a full-scale privacy network. Let’s talk a little bit about that. What does a privacy network look like?
The privacy network is a pretty broad concept. In our case, we’re leveraging a couple of nice properties about the blockchain and some existing technologies out there. We’re combining them in an interesting way to provide something that so far, I haven’t seen anyone been able to replicate in terms of security properties. We’re going for something that will allow people to send private messages over a decentralized network with the relatively similar user experience to chat apps that they might be used to. That also provides a great deal of decentralization. It could deal with anonymization and all of the encryption security that people have come to expect from common apps like WhatsApp and Signal. That network will also allow people to browse the internet anonymously through a technique called onion routing. I didn’t come up with that name. Onion routing has been a thing for several years.
I’m new to this, so I’m exploring. Whenever I hear a curious term, we’ve got to define it.
We’re also a fork of Monero. Monero is a privacy cryptocurrency that uses a few different encryption techniques and obfuscation techniques to ensure that privacy is maintained throughout all transactions on the blockchain ideally. We combine all of these three items and use them to create a platform which is greater than the sum of its parts because using each of these items in conjunction with one another gives the whole system properties that otherwise wouldn’t be possible.
There’s going to be some skeptics out there. Those that are saying you’re building a network for criminals because if you want to keep everything so private and secret, it’s going to breed criminal activities. There’s a fine line between privacy and that nefarious use of that privacy. How do you come back those skeptics?
I just tell them about how cash is used and what cash is used for and point out that it is no different. The US dollar banknote has been used in more criminal activities than any cryptocurrency ever. There’s a huge counterargument to that, which is that these people will get their hands on the best tools no matter where they are or create it themselves. They have this very strong incentive to make sure that people don’t know what they’re doing. They’re going to get those tools regardless. It’s important to many other people in the free software community and to me to ensure that the rest of the world also has access to these tools so that the playing field is level. Particularly, when it becomes too nefarious actors on the internet such as hackers and phishers. As a democracy as well, it’s important that we all have access to the same levels of privacy and security that anyone else can. If we can’t get that, then the internet becomes an equal place. There are lots of conversations about freedom of speech and that thing that can be had as well.
You’re saying that privacy is a right for everyone. It’s not just to the privileged few who decide to exploit it, who have the tech knowledge or who have the money?
I don’t know if I would call it a right. I don’t like referring to things as right on the internet because in practice, that’s not how it works. It’s a responsibility that we can choose to take and we give up if we decide to allow companies, third parties, government’s access to that information. Until access to these privacy tools is made illegal, which in very extreme circumstances happens in some parts of the world such as China and Iran. These tools are important. The US government has a lot of enshrined in common law or a lot of the aspects of this that will ensure that going forward access to these privacy tools is always going to be available because it is such a critical part of doing business every day. Such a critical part of maintaining secure conversations.
The last thing that I would say is that over the many years we’ve seen this very strange shift from a situation. Pretty much all conversations that happened in a private space is a function of them not being able to be heard by anyone else because they’re physical conversations. Most of the talking we did, most of the communication we did happened in a private sphere that wasn’t privy to some random company or government’s listening in should they so choose. If anyone was going after criminal activity, they would have to do what we call old-fashioned police work, which back then was just normal police work. All of a sudden, this thing came along called the internet. It basically gave a select few people and potentially law enforcement agencies if they were smart enough about how they were going to collect this information, the access to a lot of these conversations.
We see based on most of the apps that we use, a lot of the conversations that we’re having are not in a private space anymore, but in a public space because other people are privy to that conversation. If they’re not privy to the conversation directly, they’re standing outside the window. They can see who’s in the building and who’s talking to who, which as you may recall from watching all those law enforcement TV shows as a kid, all you need to do is sit in the car and watch who’s entering and leaving the building. That’s usually enough information to get what you need. There’s a big argument to be said. This has happened without anyone having a conversation about it, where all our lives are happening in these public spaces and that we don’t know what the effects of that are going to be.It's important that we all have access to the same levels of privacy and security that anyone else can in the internet. Click To Tweet
It’s that situation. It’s not even that we don’t know what the effects are going to be, but we also don’t know who’s on the outside listening. At least in a law enforcement situation, they were supposed to get a warrant. Their funds transferred somewhere to say you are allowed to go and observe. We don’t necessarily see that here because we don’t have any understanding of who’s listening in, who’s watching, who’s doing any of that at any level because they don’t disclose that. Whether it is a corporate team at Facebook who is screening all your messages, we didn’t know that was happening early on. You didn’t know that’s how it was. You assumed it was a bot, you didn’t think there were actual people there. You find out they’re actual people there. That’s where you think you’re doing something in private but it’s not disclosed to you how it works.
It’s like the curtains have been thrown open and people realized, “The conversations that I’m having are not in fact private.” That changes things. The very fact that you could be watched changes people’s behaviors as has been discussed in scientific literature many times. That’s actually George Orwell’s book, 1984 is all about. What happens when you are being listened all the time in very intrusive ways and it changes people’s behavior in a very negative way? What is happening with access to these privacy tools is that we’re taking back our conversations and putting them back in a private sphere through technology.
One last point on the criminal activity argument, why are you doing this? It’s bad. That is probably not true. I can point to one specific example before we get into the onion routing part of it because it’s very relevant. There’s a network out there called the Tor, which stands for The Onion Router. They have been running for several years. They essentially run another privacy network that allows people to access the internet anonymously. I’ve been doing a lot of analysis of what happens on their network. They estimate that 0.1% of activity on the Tor network is nefarious. The most visited website on the Tor network is actually just Facebook. The Tor network is a great way for people in places where Facebook is banned from bypassing those bands so that they can talk to their friends on Facebook, which is obviously a very normal thing to do.
It is a normal thing to do. I did that when I traveled to China.
Do you use the Tor network in China?
I use VPNs and other things, but that’s exactly what you do is find a way to have to bypass it. If you can use Tor, go ahead. We’re talking about a state at which even in that case they’re overseeing and watching, and taking a study of what’s going on. That’s where I feel we don’t have a good grasp of what these protocols mean. I’ve gotten in quite a few privacy arguments with my daughter’s school. They are like, “We’ve given your child a Gmail address and we’ve got access to all this software and you have to sign an agreement that says you’re going to use it responsibly. We’re all excited because this is free.” I stopped and said, “Do you want me to sign away my child’s rights in the future?” They said, “No, don’t worry. No one’s going ever to advertise or see the terms and conditions.” I said, “No, but they’re watching her.” There’s a whole business watching her. The day they turn eighteen, there’s no guarantee that they won’t start advertising in a very manipulative way now that they know everything about what she likes from the age of eight on. For several years, they will have studied her without ever placing an ad. They’re going to know exactly how to make her do what they want her to do.
They’re also getting her to buy into the ecosystem long before.
They’re getting very comfortable in the ecosystem. I was like, “This is not free.” It’s at the sacrifice of our child’s privacies and their future. We expect that there’s some sacrifice as free, but it’s so ethereal. Nobody understands what that looks like out there that we’re willing to sacrifice that because it’s way out in the future and I don’t have to deal with it.
In my opinion, it’s probably fine. Believe it or not. I’m not sure if this is the case in the US, but in Australia, for some reason, they’ve allowed banks to solicit children to open bank accounts with them. Obviously, a kid putting $500 in a bank account isn’t going to help them issue any loans anytime soon. What it does is it hooks them into their particular banks, so that later on down the track when they turn eighteen and get a job and whatever else, they hook into the ecosystem straight away. Even though it may not be inherently profitable, doing that thing and giving them something for free or a good interest rate or in this case a free Gmail enterprise account by the sounds of, it makes sense.
As a parent, I’m a little bit more cautious about that because it can be used manipulatively. This is the thing. We are always looking at this mystery as to how information is used and what we’re chatting about, what we’re talking about, how it’s stored. Most people don’t read the fine print. They don’t understand that. In your network, are you disclosing that out front saying, “This is our mission, this is our standby. These are the guiding principles that we’re basing everything we do on?”
It’s because of the field that we play in, privacy and security are obviously very deep topics. There are a lot of technical considerations and threat models that you have to think about. For instance, you advertise that it is a secure private messenger. What does that actually mean? What are the limitations of it? Where should you use it? Where shouldn’t you use it? What should you consider? Instead of saying, “We’re beating all these things. We’re solving all these problems,” the responsible thing to do is not to say, “This will solve all your problems. Just use and you’ll be fine.” When you first started up, it’s like, “No, here’s roughly how it works. You need to do this and this in order for it to not break and break your privacy and your security.”
You’re making us partially responsible for how we use it as well.There are a lot of technical considerations and threat models that has to be thought of when creating private network security app. Click To Tweet
I was actually at a Tor meetup during New York Blockchain Week. One of the cofounders of the Tor Project was there talking about what the NSA described as their methodology for accessing their information from their privacy network. The number one thing that they do instead of trying to break the Tor network because that’s inherently a very hard and expensive thing to do. Instead, they just wait for their target to slip up and forget to turn it on.
We’re the weak link in the chain.
Good digital hygiene as it becomes known is a critical step in any of these privacy tools.
It’s so true that we all slip up when we get rushed. You’ve made this an open source. Do you think that may be an enterprise use would be some future? I deal on a lot of intellectual property on behalf of my clients and I have to deal with partners all over the world. Frankly, we use Skype because it’s the only way we can communicate with China, for instance. Maybe we’ll use WhatsApp. If that’s not secure and I have to talk about product details and intellectual property, that’s not safe. Would it be in my best interest to look at utilizing this open source platform as part of my corporate communications?
I think that’s going to be a big part of the mission in the next couple of years when the full product suite is optimized a bit better as fully available on all the platforms. We’d done a bit of work with the UX. It is an open source network and an open source front end. It’s also possible for us to be able to engineer a front end that integrates with existing platforms or user experience designs so that it still uses the same back end and has all of the same privacy qualities. It integrates better with whatever the corporate or enterprise or government environment would require.
That’s interesting because Facebook has gone into this Workplace. My big concern about it was when my team presented it to me was yes, we needed to find a platform that everybody could talk on, which wasn’t easy to find, but how secure is this? It was a big question, and I still because we are having human resource discussions over that. You’re dealing with employee issues via this chat platform. How private is that? While we may not be regulated by our US laws for how we’re supposed to treat employees, I don’t feel comfortable without treating it with the same kind of privacy that I’m required to here with my employees around the world. Why should I treat that less securely just because they’re never going to find out? No, they are and it matters. That’s an interesting idea that you have that you’ll be able to plug it into your existing things that work because many of these things are being implemented by a large international corporation.
For some reason, they’re nervous about using software that doesn’t have their logo on it. It baffles me but entirely possible. Where do you settle on the end? What do you guys use to communicate?
We do use Facebook Workplace. It’s been the most streamlined. We had started in Slack actually, but had so many problems with storage space and not being able to track the conversations. It’s because of that, this has worked out better but still, I’m not comfortable and I will instead get on a Skype call or get on a Zoom call and have a much more direct conversation with my HR team rather communicate in written an information like that because it feels very insecure.
We use an app called Discord. I’m not sure if you’re familiar with Discord. It’s become very popular amongst the gaming community. That’s what it was designed for originally. It’s fantastic. They’ll have like a server. It’s like Slack group or a Facebook Workplace for instance. You have all the text channels you want. All the voice channels. You just jump in. The audio quality is good. We have lots of security concerns around it as well. We operate under the assumption that everything we write on our private Discord server will be able to be read by someone at some point that we don’t want them to read it. It’s a very difficult way to operate. I would love to see a self-hosted version of one of these Workplace apps.
I agree with you. If that’s always our assumption, it makes it very difficult to have. We don’t have the thing where I have a corporation, I can close my office door and invite someone in and then know that conversation with an employee as private. There’s always this mistake of, “Did I enter in the wrong chat group because there are so many groups? Did I send it as a direct message or did I not? There’s a lot of human error that can happen there.”
The digital hygiene problem all over again.
Tell me about onion routing. I’ve got to know.Using a free VPN is a bad idea because it might be getting something else out of the arrangement, such as selling your info to someone else. Click To Tweet
Onion routing is a clever technique to be able to connect to somewhere on the internet without that person knowing. It’s like a VPN but way more clever. The thing with a VPN, you talk to someone and you go, “Can you please route my internet traffic for me and I’ll just hide behind you.” You had to pay him or you use a free one. If you’re using a free one then that’s probably very bad because it’s free. He’s probably getting something else out of that arrangement such as selling your information to someone else. It’s the purpose of using a VPN in the first place. Never use a free VPN. If you use the paid one, you pay them and they go, “No worries, I’ll route your traffic.” Your internet connection gets routed through some server somewhere, wherever you decide. It hits the internet and whichever server you end up connecting to sees an IP address there, but it won’t be yours. It will be to the VPNs. That’s often pretty easy to detect.
There are a lot of problems with that because the guy that you pay, it’s not clear and it’s almost impossible for him to prove that he is doing the right thing and deleting any logs of interactions that you had with them. That’s problem number one. Problem number two, very easy to correlate this because you simply connect to a VPN. For example, I’m in the US and I have a home connection. I use a US VPN. If someone that has access to the wider network there wants to, all they have to do is see that you connected to that particular VPN and then basically stand out the front door of where the VPN actually is. They watch what happens to the traffic out there and watch your internet connection at the same time. They won’t be able to see what’s happening on your particular connection. They can do something called a timing attack where I send a request to a website and then there’s a spurt of activity on my internet connection. They can’t see that it’s a request, but they can see the size and the shape of it. They sit outside the VPN’s front door and then they watch the website requests come out. It looks like it could have been that shape and it happened at exactly that time. Lo and behold, that’s probably you. They can continue to correlate using that fashion.
You’re scaring me because I thought I knew enough but I don’t. I thought I was careful with my VPNs but maybe not, so go on.
It all comes back to your threat model. What scares you? What are you scared about? In this case, it would have to be a state level actor that you would be scared off or malicious internet service provider, which is something that a lot of people don’t think about. In most countries, there’s like two or three, sometimes even one internet service provider that also has access to all of this information, not just the government. They could be a vector for many attacks as well. I’m actually more scared about ISPs than I am about security agencies. I think security agencies are under-resourced and don’t have enough time to care about what I’m doing specifically. ISPs, they’re collecting all this information as well and they could be selling it off, they could be doing and who knows what. It could be hacked. They can get all the logs and find all this stuff out anyway. It’s a pretty big problem because there are lots of people that have this information.
For me, I do a lot of business in China. I make a lot of trips there and I’m responsible for my client’s intellectual property. They are usually more concerned about the factory stealing the designs. Who’s to say there isn’t a government actor on that overseeing all of that and it’s possible. I don’t usually work on such top-level secretive products that matter, but I could be.
I wouldn’t be using a VPN in China.
I usually don’t transfer my IP back and forth on that. That’s just to connect to Facebook or Skype and make sure that I can say hi to my family. It’s a little bit different. I wouldn’t do something serious communicating back and forth with clients that way.
For most people, it works relatively okay as long as you trust your VPN provider, which you almost can’t do. There are some issues there. Onion routing is a variation on the same idea that you stand behind someone else and they pass the internet traffic around for you. Except what you do beforehand is you select at least two other people to stand behind them. The way this works is if you think of an onion. You’ve got something in the middle and then you’ve got layers of onion wrapping around the center. That’s why it’s called onion routing. What that actually is are layers of encryption. You’d take your internet packet, which is a website request and then you wrap that in one encryption layer that the last guy can unlock. You wrap it in another layer that the second guy can unlock, and then you wrap it in another layer that the third guy can unlock. That’s when you send it out to the third guy.
Each of them, they can only see where the request came from, where it is going next and nothing else unless they’re the last person. The first guy, he knows nothing about what is inside the packet. He only knows that you sent him a packet. The second guy will receive that unwrapped packet from the first guy. He will only know that a package has been sent to him and he will only know where to send it next. He doesn’t know anything about what is in it or who sent it or where it’s going. The last guy will be the last person to unwrap that packet. He’ll see that the second guy sent it and where it’s going, but he won’t know who you are.
It’s a way to distribute the trust problem of the VPN because you have all these intermediaries in between that exposed to a limited amount of information about the interaction on the internet. You can increase the security of that by putting more intermediaries in the way. If you go from three to four to five to whatever hops you want, that’s a great way of protecting yourself on the internet. All the sudden, your connection is not only being routed by several intermediaries that only get some of the information that a VPN would, but also those people all over the world. Your connection is being bounced between here there and everywhere. If I connect to the Tor network from here in Australia, I might get hooked up to a server in France, followed by a server in the US followed by a server in Brazil. It might get forwarded on to its final destination.
That’s a great way to distribute the connection in such a way that it’s very hard for someone to be able to track exactly what is going on. Tor has so far been very successful in providing people of a method of accessing the internet and accessing it privately in censorship prone areas and just generally. That’s been a great success story there. We are providing a design that also uses the same technique with onion routing. There are some distinct technical differences and also something that we gain from the blockchain that Tor doesn’t have, which is one an incentive structure. All of the nodes on the network that actually do the routing are paid for it.
Is that why you’re a fork of Monero?You need to have some strong guarantees around how the data is protected on the blockchain in order to ensure that it benefits privacy. Click To Tweet
The blockchain that we use is a fork of Monero. We’ve also built a new onion routing protocol on top of that called Loki Net, which sits beside it but uses the blockchain as a list. The blockchain is used to go, who on the network is good, who on the network is bad, who should we pay for the work that is being done, who should be kicked off because they’re not pulling their weight. That’s partially what we use the blockchain for. That’s an interesting property. It’s self-regulating, decentralized method of deriving this list of who is on the network, which you need in order for it to work. It also solves this problem by having a centralized directory and bandwidth authorities. The Tor foundation directly controls who is allowed to route stuff on the Tor network and there are a number of problems with that. That’s one of the problems that we can address by leveraging the blockchain.
There are some other properties as well, such as, if you require a steak in order to become a router on the network that means that there can only be so many routers. You can’t get a cyberattack that you would see on Tor happening on the Loki network because you just wouldn’t be able to own that many coins in order to do it. That prevents anyone from owning a large percentage of the nodes. The thing with this intermediary thing is it works great if you assume that the network is well distributed. If you can get anywhere from 10% to 50% of the nodes, there’s a good chance that you can break a good chunk of the connections because if you are hop number one and hop number three, you figured everything out. You can see all of the information, you can see who you are, what you’re sending, you don’t need to be the middle one because you can infer that the middle one is sending you what the first one has seen. It’s an easy way to break the privacy of it. You don’t want that to happen. You want to make sure that the network is in fact distributed and it is not possible for anyone to own more than 30% or 40% of the network because then they can be anonymized. They’re everyone and Tor doesn’t have a solution to that.
You guys are working towards being a whole suite of privacy tools. What do you think is needed?
For me personally, the thing that we’re working on that I’m most excited by is our private Loki Messenger.
I think that’s a logical start. That’s the crux of what’s needed.
The EFF brought out an article called How to Make a Secure Messenger. It was talking about a lot of issues that apps have in terms of security issues, centralization issues. We have found a system that by using the blockchain, onion routing, and this decentralized storage network on top of the service allows us to have a combination of features that solves the good chunk of the problems that they described in this article. We think we have a solution to the private messaging problem. There’s been this notion out there in the blockchain world and the security world, just in general, that there’s a trilemma where you have three qualities and you can only have two of them at once. It can be two of secure centralize and scalable was the one that was talked about for the blockchain one. We think for the private messaging, we’ve got that trifecta of metadata security through doing onion routing and not including phone numbers, which is quite interesting.
We got brilliant security, good anonymization as well. We also have a scalable solution that doesn’t depend on a central authority or central service. It’s an interesting trifecta of qualities that I think people will find compelling I hope when it’s done. At the moment, by the time this comes out will be a couple of weeks away from launching the first version of the Loki Messenger on the main net. It won’t have all of the security qualities yet. There’s still a bit of work that has to be done on the onion routing side of things, but it will still be an interesting secure tool they use is end-to-end encryption and a decentralized storage network to be able to provide an interesting user experience. I hope that your users would like to help us and try it out, and tell us how we can make it better.
We appreciate that Simon, because I think there are a lot of people who will be very interested in checking that out. You also do a lot of startups advice and education for blockchain technology. It’s hard to be a startup and contemplating, “How am I going to put into my business plan utilizing this blockchain technology? Who’re the right players to be using?” How do you advise them to get themselves educated? Where should they go? What should they look at?
Are we talking in terms of blockchain technology?
We have some startups who are considering blockchain as a possibility or even existing corporations and companies that are thinking, “Should I build this on the blockchain?” How do we know where to go? Who to trust? Where to get ourselves educated on whether or not it’s applicable?
There are a lot of cases thinking about using a blockchain in any given solution is done purely because it’s an attractive idea in and of itself without considering what the qualities of a blockchain are. They’re pretty horrible for most applications. Databases do 90% of what blockchain does except way faster and way better and they’ve been heavily optimized over the last many years to be able to do things like Facebook and Twitter and all of the apps that we use. They all use databases, which is super fast, super scalable, super high quality. There are things that blockchain solve.
Things that blockchain might be more applicable for is obviously privacy. Hand-in-hand with privacy is security so that there isn’t the release of data.
I think that they definitely offer a greater degree of security, especially when you’re talking about a situation when there’s more than one company that’s controlling the information. They do privacy because of blockchain’s inherently public. Everything on that blockchain is viewable by everyone. You need to have some strong guarantees around how the data is protected on the blockchain in order to be able to say that it in fact benefits for privacy. It’s something that I believe that we have to take a leaf out of Monero’s book and to use the techniques that they do. They can be a good way of giving several people that may have conflicting ideas about what reality is an immutable record about what is actually the case.
I think where the database might normally be used. Let’s talk about the supply chain. I actually think supply chain blockchain is a horrible idea. Not because it’s an inherently bad idea, it’s because you have all these companies that have set up these databases to be able to do exactly this already. A big logistics company usually have their own database, for instance. I don’t know how much effort has gone into aggregating them, but that’s the problem that supply chain blockchain wants to solve. How can we hook all these supply chain databases together so that they can work? The only issue with that as is the case with a lot of technology is that you have to get a number of people using it before it becomes useful. They all want you first. Toll develops one, DHL develops one and then FedEx develops one. All of a sudden, you’re back to this problem of everyone’s got their own implementation of the same idea and you may as well just go back to using databases because they’re faster and you have more control over them.
This is a part of a little bit conversation about how we got involved in exploring blockchain because I am an expert in physical consumer product development so supply chain, blockchain matters. The reality is that I agree with you that I came to the decision that it wouldn’t work in the process. That while there is a lot of corruption in the process that is clearly there that you can have signed off and moved from like, “This quality is good on these products.” You still have to have humans in that process. Why it’s got a trigger the next stage anyway? Linking all those databases in that chain together doesn’t matter. There’s always a gatekeeper at each level.
At a stage, I don’t see how an algorithm or an AI could substitute for that and be reasonably certain because so much of the choices and the things that are made are aesthetic or quality control. They’re qualitative and not quantitative and decisions that are made along the process. There isn’t little until it gets to port and ready to go across that it matters. At that point, everything is tracked and everything’s in a database anyway and you’ve already chosen someone. It’s not a great application for it, but there is some argument to some cases of that. I think that Facebook’s announcement that they were going to put their passwords and that log in section on a blockchain makes a lot more sense because it’s extremely vulnerable. It’s all in a big old silo somewhere. There are millions of people around the world who are in this. There’s a place for that because of security standpoint.
I haven’t actually heard of that.
This is the rumor. There’s been a couple of announcements that Facebook is looking to move their password section, login section into a blockchain. I think it makes sense for them to consider that because that decentralizes that portion of it, which is the most vulnerable part of what they do.
I have lots of questions and I don’t know anything about it, so I’m not going to say anything. That to me straight off the bat sounds like a horrible idea.
It does. I was thinking from a user standpoint that sounds like a good idea. That I think is a part of what happens when we go in and evaluate this. Does blockchain sound trendy? It sounds like this is the solution because we’re having so much PR problems.
Facebook is pretty interested in this stuff. I don’t know what you’ve heard about this GlobalCoin thing that they’re talking about, but effectively they’re trying to put a cryptocurrency into Facebook called GlobalCoin. I think the name sells what it’s all about. They want it to be a global cryptocurrency.
You have this Facebook shopping problem of no matter what you buy, it never gets delivered to you. They have a whole other problem on the shopping side. Based on what I do, 86% of consumer purchases here in the US, I don’t know the way it is in other countries, but here in the US are bought and controlled by women. It’s bought and influenced by women and yet women are not adopting Facebook purchasing at the rate men are, and it’s showing because we don’t trust it. If you want a currency to start moving, you better get women saying yes. They’ve got a trust problem overall.
The other interesting thing about Facebook is that people that actually use Facebook are old. Half of the daily active user base is over the age of 45.
It is actually the case. The kids are leaving it for Instagram and Snapchat and everywhere else left and right. The reality is that there are so many of us who are stuck with it because of business use. That’s how we market that we can’t get off of it. I still wish I could. I already quit Twitter. If I could quit Facebook, it’d be great. Divest myself of social media one-by-one until I find one I like. Simon, what is on the front for you? You guys have a lot of work to do. You’ve just pretty much gotten launched out there. Your privacy network and organization is coming. You’ve got projects going. You’ve got tools coming. What’s your biggest challenge?
Our biggest challenge is a technical one actually. We’ve had lots of different challenges as we’ve gone through the startup side. Everything from making the idea work to making the fundraising work, to doing the fundraising, to building a team, to starting work on the product development. As most startups do, every couple of months, our situation just completely changes as far as what the problems are. At the moment, we’re fortunate enough that our monetary situation has been looking good ever since we finished the presale. Our team situation is fantastic. There are twenty of us between here in the US. Most of us here, but there are a lot of remote developers in the US as well. We’ve been able to work through everything that we’ve come across and we’re still here.
How like 99% of startups fail. We’re at the stage where we are at 95% and there are still little ways to go yet, but things are looking pretty good. At the moment, the biggest challenge that we have is with Loki Net, our Onion Router. This thing is new, and it took Tor years and years to build what they have and get it to the standard that it is. We’ve managed to rebuild an Onion Router from scratch in less than a year, and it works. It does the thing that it says on the box. The only issue with it is that it’s not super reliable. At the moment, we’re in one of those situations where you have known unknowns and unknown unknowns. We run into an unknown unknown. We know that we don’t know what is wrong with this thing. It’s causing a bit of uncertainty, but we’re working through some potential fixes and also just doing a bit more work to make the software older. I know that’s a funny thing to say, but all software’s got all the error messages. It will tell you everything that is going wrong with it because it is so young. We’ve been building it so quickly.
You have too many new messages that you’ve got to scramble to figure out, I understand that actually.
Not fix the failure cases but figuring out what the failure cases are and then write error messages for them so that when they happen, we can actually know about it.
You can see that as popping up and happening. I totally understand that. Australia seems to have a very rich innovation community in general. I’ve worked in 3D printing, AI and other areas, and we’re talking blockchain. You guys have a ripe environment for early adoption and getting deep into technology quickly. Why is that?
You can look back to World War I to explain how the Australian cultures had this deeply embedded in us ever since then. If you look at Gallipoli. I don’t know if you know anything about the Gallipoli campaign. Basically, the first time the Australian Army was ever sent anywhere as an actual Australian Army. They got deposited on a beach in Turkey and stuck there for months up against this bad cliff face fighting the Turks. If you look at some of the innovations that those guys made, it was incredible. There’s one particular case when the British finally decided that it’s time to get out of here because this isn’t working. They set up this system with sandbags, rifles and stuff so that periodically a rifle would fire off.
I can’t remember how many thousands of men were there, but because they did all these tricks and innovated strongly. They made it sound like they were still there and they were still shooting at the Turks when in fact they got everyone off with almost no casualties. There’s been a history of that throughout Australia ever since. We’ve invented a lot of stuff. We invented Wi-Fi. I don’t know why people bring this up, but this particular style of washing line that we invented that people want to talk about. I think in the modern day and age there are a lot of people that get involved in technology at a young age because we are so interested in being at the next stage. You might’ve come across a fair few Australians in the US because often what happens is, we get involved in this technology thing or startup thing and then we’d take it overseas because there’s a lot more happening in the US.
I have come across that. One of my very best friends runs a 24-hour graphic design firm that he started early on. Talking about web developers early on and they’re still doing amazing work because they operate in California and Australia. You’re right. I think it is part of your culture like, “Let’s check this thing out. Let’s try it out. Let’s kick the tires. Let’s see if it is going to work.” I love that you’re doing that. I remember when I did over 560 podcasts on 3D printing. Definitely had my share of talking across the world here and some of the best things that were going on in Australia at that time. Good for you guys. I’m glad you have a community that supports each other too.
I wouldn’t say that that is the case actually, unfortunately.
You mentioned in your bio there’s a blockchain center, so I just assumed it was a support.
There are some great examples of innovation hubs happening in Australia, but I don’t think the community is that big, unfortunately. A lot of people leave for other countries or they get fed up and they go back to corporate life or whatever else. The government keeps coming in and out of phases of, “Let’s get behind this.” They go cold and start cutting back all these rebates and grants and stuff that startups have had come to depend on and that can be devastating as well.
We don’t expect that here in the US. We never expect any of that to work out in our favor. We just go ahead. That’s probably why at some point everybody leaves. Simon, I appreciate you coming on. I definitely will make sure that our audience has all the links you mentioned so they can check it out and try it on because you’re right. The more that are trying it, the more that are working through it, the more that are testing this out with you. That’s what it takes us a critical mass for you to work through all the issues and being able to develop a robust privacy application for everyone.
That’d be fantastic.
Thanks, Simon. I appreciate it. This has been Tracy Hazzard on the New Trust Economy.
About Simon Harman
Simon Harman is the Co-founder and Project Lead at Loki, has been heavily engaged in the blockchain industry since 2015, and before making the move into blockchain development. His broad skill set and adaptability have led him to be an influential member of the cryptocurrency scene. A recognized industry thought leader and blockchain expert, Simon played a role in the redesign and running of the Talk & Trade, a weekly discussion about current affairs within the blockchain and crypto industry, at the Blockchain Centre in Melbourne, assisting startups in educating themselves on blockchain technologies and its potential use cases. Simon holds a Bachelor of Arts from RMIT.