Proton Mail, the leading privacy-focused email service, is making its first foray into blockchain technology with Key Transparency, which will allow users to verify email addresses. From a report: In an interview with Fortune, CEO and founder Andy Yen made clear that although the new feature uses blockchain, the key technology behind crypto, Key Transparency isn’t “some sketchy cryptocurrency” linked to an “exit scam.” A student of cryptography, Yen added that the new feature is “blockchain in a very pure form,” and it allows the platform to solve the thorny issue of ensuring that every email address actually belongs to the person who’s claiming it.
Proton Mail uses end-to-end encryption, a secure form of communication that ensures only the intended recipient can read the information. Senders encrypt an email using their intended recipient’s public key – a long string of letters and numbers – which the recipient can then decrypt with their own private key. The issue, Yen said, is ensuring that the public key actually belongs to the intended recipient. “Maybe it’s the NSA that has created a fake public key linked to you, and I’m somehow tricked into encrypting data with that public key,” he told Fortune. In the security space, the tactic is known as a “man-in-the-middle attack,” like a postal worker opening your bank statement to get your social security number and then resealing the envelope.
Blockchains are an immutable ledger, meaning any data initially entered onto them can’t be altered. Yen realized that putting users’ public keys on a blockchain would create a record ensuring those keys actually belonged to them – and would be cross-referenced whenever other users send emails. “In order for the verification to be trusted, it needs to be public, and it needs to be unchanging,” Yen said.
Curious if anyone here would use a feature like this? It sounds neat but I don’t think I’m going to be needing a feature like this on a day-to-day basis, though I could see use cases for folks handling sensitive information.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
much thanks to @gary_host_laptop for the logo design :)
What should I use for my throw away emails now?
So, every identity verification of your email address will be forever in the public domain? That’s counter to privacy. Your email address will be married to a block and chain? There is no thorny issue. That’s a solution to a problem that hardly anyone has. Ridiculous nonsense.
If you are one of those people that thought CERN was looking out for your privacy, here is the rude awakening.
It is not counter privacy. It is (potentially) counter anonymity.
Who cares about their honeypot
We now have an unalterable record of exactly who you are for your anonymous email address. For your privacy.
This is basically like Domain Keys-Identified Mail (DKIM) but for a specific email address, without needing to own a domain to set it up. I’m gonna call it “P(ersonal)KIM” for short.
If this is implemented correctly it’ll be a few clicks to set up and then just work in the background to make it harder to impersonate you via email, even if you have a free email address.
The best thing is reading all of this with https://github.com/samhocevar/no-fucking-thanks
While it is funny (honestly replacing any tech term with circlejerk in a tech article makes it sound so funny to me, I have the mind of a child), it’s not very relevent here.
You should first try reading it at all.
I dont want to, I just said it looks interesting if you use that addon.
This announcement doesn’t have anything to do with cryptocurrencies or nfts. I’m not sure if I like the idea yet either, but please don’t conflate it with all that other scammy nonsense.
I’ll use it once they’ve sorted out CalDAV and CardDAV… it’s only been an open issue for eight fucking years.
Care to elaborate?
There’s no way to sync contacts and calendars between an iPhone (and other mail clients) and protonmail. The app does one way sync from the phone to protonmail, but not the other way round.
8 years ago a feature request was made to add support for CardDAV and CalDAV, but even with the release of bridge it’s not there.
So iOS users have to resort to using other calendar services, or 3rd party bridges to enable it.
Why would knowing every single email be seen as something positive? Nice way to have spam-heaven. The keys also don’t need to be public. If you need something THAT secretive, there are safe ways to do a permanent key exchange.
The public part of it would be the RSA pubkey, likely linked with an identifier such as the SHA-256 hash of the email. You could quite easily have that ledger public and it would take millennia to crack any of the emails, much easier to use fuzzing with common words and names than trying wasting computing power for a single email. The whole point of blockchain is that it’s an immutable public ledger which would actually suit this idea quite well.
It’s trying to solve a problem that we don’t have. We don’t need any of that to be immutable.
This is solving a problem we DO have, albeit in a different way. Email is ancient, the protocol allows you to self identify as whoever you want. Let’s say I send an email from the underworld (server ip address) claiming I’m Napoleon@france (user@domain), the only reason my email is rejected is because the recipient knows Napoleon resides on the server France, not underworld. This validation is mostly done via tricky DNS hacks and a huge part of it is built on top of Google’s infrastructure. If for some reason Google decides I’m not trustworthy, then it doesn’t matter if I’m actually sending Napoleon’s mail from France, it’s gonna be recognized as spam on most servers regardless.
A decentralized chain of trust could potentially replace Google + all these DNS hacks we have in place. No central authority gets to control who is legitimate or not. Of all the bs use cases of block chain I think this one doesn’t seem that bad. It’s building a decentralized chain of trust for an existing decentralized system (email), which is exactly what “block chain” was originally designed for.
I’m glad there are authorities out there (like Google) that act as gatekeepers and track the worthiness of senders. Without that, there would just be no way to close the floodgates. Is Google the best company for that? It’s definitely one of the good ones for that.
No, you can’t forge emails easily as you say. Maybe DMARC isn’t perfect, but it works just fine. Attacks that bypass that are done on misconfigured systems, so human error, which can happen with any tech, the one from this post included.
Yes email is an old tech, but let’s not pretend like it hasn’t evolved. It’s not perfect, but it generally works. I don’t think you need to go fully decentralized, but some steps to have more than a single authority could be positive.
What do you think the problem even is? It sounds like you just don’t understand why someone would want to use public key cryptography to begin with.
I understand how public-private keys work, and I understand why you’d want one. I just think this implementation of a register is bad. Not from a security risk, from a use case point of view; it’s for all intent and purposes an email which if ever compromised is forever compromised and non reusable. It’s an email that’s unrecoverable so not usable in many companies.
I’m sure there are other reasons to not like the idea, but that’s what I can think off the top of my head.
It doesn’t sound like you understand why someone would want to do email with public key cryptography, it sounds like rather you do not like the idea of doing email with public key cryptography. Being unrecoverable is just the tradeoff there. Again, what do you think the problem described even is? For reference,
I think if you actually acknowledge the problem of trust for propagating public keys as a real one that is worth being solved, it would be hard to argue that blockchain is a bad fit for that problem, because it is not. Trustless, verifiable propagation of data is one of the things it actually offers unique benefits for.
It might be useful to start by considering the idea itself and what it is saying, instead of looking for arguments to make against it.
You’re not adding anything that wasn’t argued towards before. Soon or later, you have to trust something. There are ways to transfer keys by other means which you can use to corroborate.
The tradeoffs of this idea are just not worth it for 99% of the people.
What are the tradeoffs, assuming an email encryption scheme based on self custodied private keys and publicly published public keys? I don’t see any major disadvantages to using blockchain for this, and significant advantages. It’s a big deal if no one can selectively remove/conceal previously published info. If associating a key with an email, and someone is trying to impersonate you, you’ll know it, it’s not going to be hidden from you and specifically shown to someone else. It just makes sense to do it that way. Yes, you have to trust something at some point, but this is a way to minimize how much trust you have to give.
I think the main pro of this system would be that it requires no trust. The immutability would be actually a con for privacy: if you’re burned or doxxed later, there would be hard evidence of your identity in the blockchain.
Except the trust of the source of the blockchain, or some certificate authority somewhere at some point, but ya, that’s kinda assumed as there is no way of making a “first handshake” that’s secure.
For me, it all looks like someone is trying to make a product rather than solve an actual issue.
It’s not like we’re controlling spam today by keeping email addresses hidden.
It’s not a reason to make it worse.
Don’t use proton…
You can’t just give all of your data to one company and expect it to be private
Is your suggestion to self host your email or not use email? I’m not sure why you couldn’t find a company that you do trust, and proton seems to be one of the most likely candidates.
@volleyballcrocodile @possiblylinux127 What about Disroot ?
Disroot uses proprietary JavaScript so I won’t consider it an option. I use posteo but I’m actually considering self hosting.
The problem is that I probably would end up renting a VPS which would be much more expensive for little gain.
In all reality email is pretty unprivate by design. Its better to focus on encrypted messaging.
@possiblylinux127 okay. But self hosting Posteo on a VPS ! The VPS company can still see your mails if it’s imap and maybe give them to the government as well.
Posteo is a company in Germany who sells email for very cheap.
deleted by creator
I suppose that’s a fair point, although I thought they didn’t have access to your data in terms of email content. I agree with the point about not putting all your eggs in one basket but I’d seriously consider them for email only.
The problem with Proton is the vast, vast majority of email you get in it will be visible by them first. This is an issue not with them in particular, but with the protocol itself. At the end of the day, even the best email or VPN provider can only say “trust me bro” and do their best to make themselves worthy of being trusted.
fuck this and blockchain in general so very, very much. time to look for another email provider.
FYI. Blockchain is only so very power waster because for cryptocurrency uses the users churn out new rounds continuously as if there is no tomorrow.
Here, your public key relatively rarely changes. If you had your protonmail account for years, it probably hasn’t changed ever yet.
Maybe I’m wrong in this, but this seems to be similar to what Keybase was doing, and that was a cool idea!
Do you have valid arguments against this proposal or is it just an emotional reaction caused by a single word?
Sounds like you’re letting emotions cloud your judgement there mate
What is wrong with doing something like pgp key servers?
How do you ensure the accuracy of the data going into the block chain in the first place?
You query the blockchain after you submit your data to confirm that it is what you intended it to be.
That I don’t know the answer too. And i would like more information about how it works. I am mostly familiar with Crypto in block chains work and I still wouldn’t say i fully understand that either.
I am also a little confused when they say unchanging. Sure block chain are unchanging but I am assuming you can add new data that would take priority of old data. I don’t think you would want a system that you could never change your key once you add it. Because that is stupid keys can and will get compromised eventually.
Key servers can be dishonest, so you need to have another way of verifying that the key you receive is correct.
Not enough 2022 era buzzwords
So PM claims it has on the order of 10^8 users. Let’s assume each user has one email address with one public ed25519 key, both of which are likely false.
Each key is 32Byte;
32B * 10^8 = 3.2GB
.Could someone do the math how much fiat it’d take to store such an enormous amount of data on the Ethereum or monero blockchains?
deleted by creator
The only place where end-to-end encryption is used on ProtonMail is between ProtonMail users. It is a closed, essentially private, system.
Signal already dealt with a similar issue by having keys stored on users’ devices and not in a database that is made to be both publicly accessible and irrevocable. Sounds like a big step backwards to me.
Update: Proton’s blockchain is currently not public. So scratch that one off the list of supposed benefits.
This is false. Protonmail has supported Web Key Discovery for external domains since 2019: https://proton.me/blog/security-updates-2019
deleted by creator
They’re the maintainers of the most popular JS PGP library and they’re pushing for some major upgrades to the PGP standard. There’s no competing standard. Proton is pretty much the only popular encrypted mail provider that actually does interop well enough.
I’m reading the linked article. It says “However, key discovery has long been a challenge in the OpenPGP ecosystem… A new approach, called Web Key Directory (WKD), leverages the web to allow a domain to serve its own keys”
Are you speaking for Proton when you say this being added to PGP??
deleted by creator
Unfortunately pretty much no one uses openPGP.
Yeah, and I don’t think Proton is helping anybody by introducing a new, competing method of encrypting and verifying email…
As far as I know they use openPGP and that works automatically between proton users but can be set up to work from and to anyone. The other partner just needs to use a client that supports it (like the objectively best client, Thunderbird ;) ) unfortunately pretty much no one uses openPGP so emails will very seldom be E2E encrypted.
Apparently the Proton clients support web key exchanges so you wouldn’t have to import the key of users that use OpenPGP (if they have imported the key to the exchange) so in theory that would make it better. I have yet to use that functionality in Thunderbird though, since again, pretty much no one uses openPGP.
I have sent one legit openPGP email and that was to my country’s financial inspection asking for an internship. Unfortunately they replied unencrypted and included my email in the reply, lol. It’s fair enough though, since I used a feature that’s probably intended to report fraud and crime.
And this is not at all what’s happening here.
Look, another solution without problem.
Key verification has been a real problem for decades, and AFAIK nobody’s made a solution that is simple and effective.
This one isn’t that either by the looks of it but it’s certainly a problem where something like blockchain could provide a solution.
It sounds overcomplicated, is there really a need for the blockchain aspect? Could the same security be provided by a simpler method (like how keybase has their identity proofs?) but better to have it and not need it than need it and not have it ig
Right here:
The benefit of doing this with a blockchain instead of a privately held and maintained database is that the latter can be compromised, and you just have to trust “whoever” is maintaining that private database. Blockchain means that the ledger is distributed to many nodes, and any post-entry modification to that chain would be instantly recognized, and marked invalid by the other nodes operating the chain. Besides that, when you’re looking up a public key for a recipient on such a blockchain, you would be looking it up at a number of nodes large enough that in order for a malicious entry to come through, they would all have to be modified in the same way, at the same time, and you would have to be asking before the change got flagged. Poisoning blockchain data like this is simply not possible; that’s what makes this an especially secure option.
But it’s not public. It’s a private blockchain. The immutable ledger aspect only matters if everyone can see the ledger. Otherwise we take at face value all of the things you said. Assume they run one node and that one node is compromised by a malicious actor. The system fails. Extend it to a limited number of nodes all controlled by SREs and assume an SRE is compromised (this kind of spearphishing is very common). The system fails again.
Sure, you can creatively figure out a way to manage the risks I’ve mentioned and others I haven’t thought of. The core issue, that it’s not public, still remains. If I’m supposed to trust Proton telling me the person I’m emailing is not the NSA pretending to be that person (as the Proton CEO suggested), I need to trust their verification system.
It’s. In. Beta. Of course it’s not being offered to the general public yet. It’s likely that there are very many beta nodes, in order to test scalability. When it’s out of beta, you drop the beta chain and start a new one.
Did we read the same article? Emphasis mine.
I’m not interested until it’s public. Additionally, building out the chain then dropping it to rebuild a new public one is rewriting history, which violates the whole “immutable” part of “immutable ledger.”
There is obviously an invasion of shills.
Its. In. Beta.
Untestable security claims for sensitive information are useless. I’m a huge fan of Proton and I’m excited to test this but only once the blockchain is public. Until then there is no way to verify the trust so there is no trust.
If you disagree, I might have something for you. I’ve got the strongest financial encryption known to man on top of the best transit system ever that makes it super easy to do stuff. It’s all based on blockchain, of course. Just give me your credit card info and bank details. It’s in beta so I won’t let you audit it, but unless you’re shilling you don’t have a problem with that.
Its. In. Betaaaaaa
This is good for blockchain.
Context matters:
It’s not rewriting history. We’re talking about validation of public keys. The exact same information can be added to a public non-beta chain, to satisfy the concerns about security that would come from maintaining a previously private beta chain into production.
… which gives a timing attack and the ability for bad actors to impersonate someone. I agree with you that, once public, this is a good idea. You cannot convince me that this is a good idea if done privately because there is no way to trust but verify, especially in the highly sensitive contexts they want trust in.
If it’s not public, I won’t trust it. You trust it blindly because it’s in beta. We’re not going to come to an agreement over these mutually exclusive positions.
I don’t “trust it blindly” because it’s in beta - I understand that it’s a work in progress because it’s in beta. Jesus christ you people and your fucking tinfoil hats.
And on the flip side, you cannot delete data that is sensitive or entered incorrectly. Blockchain evangelists assume these things will never happen.
As long as there is an appropriate method for adding a legitimate entry to the chain, incorrectly entered data can be handled by appending corrected data on to the chain, and marking the error as such. Sensitive data, in this case, would be along the lines of “I accidentally added my private key instead of my public key.” The action necessary here is the same as if I published my private key anywhere: stop using that key pair and generate a new one.
So at the point a private key becomes compromised, then what? If you have to start from scratch, then a malicious entity could start from scratch too. And if that’s the case, there is no security benefit.
This part:
And if there’s not, then…? Because that was my question.
Well, if there’s not, then the whole thing would never work at all.
PGP solved this a long time ago, but it is difficult to make it user friendly enough for non-technical people to understand and adopt it.
How many people have verified how many people’s identity with PGP signatures? Also I’m willing to bet a horribly shocking amount of people would just accept a new key from someone (not necessarily sign it) and trust them regardless.
People evangelizing this new, untested, private technology already saying it would be automatic, so everything would be easy to use. And that’s the problem, isn’t it… If it’s all automatic, nothing is being verified.
By the way, PGP already has this.
https://stackoverflow.com/questions/3591342/how-to-prevent-a-man-in-the-middle-attack-in-case-of-a-compromised-server
Yeah these issues are definitely not new, but replacing “I trust the people who sign/verify my keys” versus “I trust the blockchain” is not too far off. What rules are going to be in place for peers to validate entries to the blockchain and independently reach enough concensus to achieve true decentralization?
To be clear, I’m not saying this solution is better or worse than PGP, I just don’t believe PGP works well for creating a web of trust.
I’d absolutely use this. I’m glad to see people using this incredibly powerful concept to solve problems that would literally be impossible to solve without it. It is especially encouraging that they used Monero since it has an extra layer of untraceability built-in. Blockchain is experiencing kind of a backlash in public perception, but like tech closely related to it like NFT’s, it is a VERY viable idea that just so happens to be tainted by greed and disinformation.
Voting is another concept that would become unhackable overnight…but would also probably:
A. enable the creation of a CBDC (which would also allow the state to REVOKE ownership of your own money)
B. force a state to pick a technology/crypto of choice (and tip the scales toward that crypto)
both of which I somehow am vehemently against yet moderate a (ghosty) community on blockchain voting. 😅
!blockchainvoting@infosec.pub
No. Voting on the blockchain is an even worse idea than money on the blockchain.
In many cases, there are good reasons why these things are done they way they are. I have yet to see a software system that is better at preventing voter fraud than humans looking at your government-issued ID at a poll site and humans overseeing other humans manually counting votes.
A single actor might be able to commit voter fraud in the order of dozes or hundreds of votes perhaps but with a digital voting system based on blockchain, they could do so on the order of thousands or even millions by compromising end-user devices used for voting or buy enough work/stake/whatever to perform a 51% attack.
Same goes for money btw. Our current system is by far not a perfect one but removing the ability for governments to i.e. freeze accounts of bad actors is not a boon.
have you seen any of the research that the US government did on it? Homomorphic encryption enables votes to be both public and obfuscated at the same time. I don’t want to write an essay right now but are you truly up to date on this?
I COMPLETELY DISAGREE. It should be exactly as hard as it is to freeze the cash of bad actors. That’s the point of it. I, of course, happen to be a libertarian socialist/anarcho syndicalist. You happen to be a capitalist. You seem to want be in the camp of “you will own nothing and you will like it” but I just so happen to not trust governments and their decisions. I believe in socialism but have seen it co-opted and destroyed by corruption. Anyway, I don’t think that those same clearly corrupted governments should have the unilateral right to prevent me from attemtpting to claw enough back from their corruption and greed to feed my family.
That’s nice but has nothing to do with voter fraud prevention.
I will not reply to the stupid ad hominem. You have made it exceptionally clear that you have no idea what my political views are.
If you dislike corruption and capitalists, then why do you like cryptocurrency? Why do you take the same side as neoliberal capitalists, who have invested heavily in cryptocurrency?
I asked you three times about why your ideals align with the alt righter Peter Thiel, you declined three times to respond. I can only assume you are either extremely deluded, or acting in bad faith.
deleted by creator
“You drink water and breathe air. Peter Thiel drinks water and breathes air too. Therefore you are just like Peter Thiel!”
You’re a troll. I literally hate Peter Thiel. He is invested in so many technologies that it’s VERY likely that we’re invested in the same tech somewhere. Pretty sure he doesn’t give a shit about Cardano which is the project I develop applications for.
Spreading your investments out is kind of how investing works when someone is a billionaire, dipshit.
Anyway, that’s enough feeding the trolls for today. Have a good night, intellectually dishonest hiveminder.
I love your hypocrisy: you see no difference between neoliberals and the alt-right, but then you get offended when somebody rightly compares one cryptocurrency to another.
I’m sure you would tell me that you were no Hitler fan if you loved Mussolini, and that obviously Peter Thiel loves Bitcoin and Cardano is absolutely dissimilar!
But hey, what do the cardano evangelist say about Peter Thiel?
LOL
Nice. He recognized a good technology. You sound SO stupid.
I see. So the two of you are on the same page when it comes to cryptocurrency. Isn’t that curious.
deleted by creator
deleted by creator
Because properly-implemented cryptocurrencies make corruption impossible. Even the shitty, scammy FTX project had a decentralized ledger, allowing the FTC to quickly and easily forensically untangle SBF’s tangled web of lies and fraud. Even Do Kwan’s TerraLuna hack would have been possible to detect had the project been open source (like any viable crypto project) but regardless of that, it will still now be quite trivial for the regulators prosecuting him and his co-conspirators with fraud.
More learning for those listening in that haven’t already made up their mind like you have: https://youtu.be/J5xegDJphvc?si=x3tJw9s1c1WL_WNy
deleted by creator
It’s interesting that you can identify cherry-picking on my part but fail to identify it on your own. I merely mentioned situations where fraud (which I didn’t fall for because I follow certain principles about transparency and auditability of the crypto technologies that I prefer) was easily detected because the nature of the technology puts all transactions on an immutable ledger.
What valid criticisms of THE TECH have you offered so far? You’ve simply pointed to situations where stupid people failed to protect themselves from clear frauds then went and used that brush to paint the entire crypto space. You’re not really the intellectual heavyweight you seem to think you are.
deleted by creator
ETA: I’m glad to see I mentioned three major mega capitalist neoliberals and you didn’t have a single bad word to say about any of them.
How convenient that you are announcing your immunity to fraud after it occurred, rather than before!
Oh, I’m glad you asked!
Here is an alternative Piped link(s):
https://piped.video/J5xegDJphvc?si=x3tJw9s1c1WL_WNy
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
deleted by creator
“Disinformation” = one video the entire cryptocurrency evangelist community can’t disprove, because the guy who made it did his research.
Voting on the blockchain is yet another joke, demonstrated by some of the truest true believers attempting to function in such a manner.
Moxie Marlinspike’s My first impressions of web3 is also a very relevant thing to share.
As a sampler of the points made, web3 is already re-centralizing around gatekeepers because the average person doesn’t want to run their own server (or, in the blockchain case, host their own full copy of the blockchain) and, if the supermajority of users can’t see you because the gatekeepers block you, then it doesn’t really matter that you’re technically still up.
The takeaway on that particular point is that pushing for more and easier data portability is probably the best route in the face of how real-world users behave. (eg. anything stored in a
git
repository, including GitHub project wiki contents, is a great example of that. You’ve got your data locally with a simplegit clone
and you can upload it to a competing service with a simplegit push
.)I like Dan Olson’s video but I don’t think it’s truly unassailable. There is some real use cases for block chains in low trust networks. One of those being global monetary policy. Another critic is that web3 applications (like Mastadon and Lemmy …) I think is moving forward even more so as the age of easy money comes to a full close.
Mastodon and Lemmy are very different from web3 stuff, because they don’t run on anything remotely close to it. Both are decentralized (at least, if you ignore all the Amazon nodes that web3 applications tend to run on), but
It’s the coordinated decentralization that really defines web from web2 and 1. Cooperative vs competitive coordination is just a sub strategy within that, but I don’t think either strategy is always best for all problems.
Thanks for lazily puking a couple of reductive, bankster-funded, cherry-picked, neolib rage-bait videos at me. Did you want to discuss this issue or do you want to lazily let the videos do it for you while forcing me to write essays that will be brigaded by the hivemind?
It’s good to know that you can’t argue against Dan Olson’s videos. Other cryptocurrency shills have tried much harder than you, and come up short.
And since you hate the videos but can’t criticize them…
I guess your second choice is projection. Cryptocurrency is the plaything of the venture capitalist, and for some reason you want to lick their boots.
deleted by creator
deleted by creator
Peter Thiel is a neolib? I’m pretty sure he’s more alt-right but really what’s the difference. You seem to be conflating the whole crypto space with Peter Thiel even though he’s kind of focused on shitty projects like Eth and Solana. Oh well.
deleted by creator
deleted by creator
Here is an alternative Piped link(s):
one video the entire cryptocurrency evangelist community can’t disprove
Voting on the blockchain
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
What does Monero do? Why don’t they emulate whatever it is that Monero achieves its reputation and functionality with?
it is a crypto currency that:
IMO, as a software engineer, leveraging the network effect of Monero was a wise choice. In decentralized systems, the network effect (the amount of unique, separate nodes on a network) is directly correlated to the security of that network. If I were to transact with you in a public place (like a mall food court), you could correlate the presence of other parties in the food court as unique nodes in a network. The more eyes you have witnessing you transaction, the more intrinsic security that transaction has.
Another concept that actually comes into play in cryptocurrency-based systems is that the intrinsic value of that token directly relates to the security of the data in its network. That could be another reason that they chose Monero. Since it already has stable value, it offers a pre-existing and stable security solution.
How does it address the issues with like money laundering, KYC, etc? Wouldn’t you, in practice, basically need a lawyer to help make sure you “use” it correctly and legally?
Using private cryptocurrency is not illegal, at least in the United States, nor should it be. This is like worrying if it is legal to pay for things with cash.
I could be wrong (since article is paywalled) but as a DApp dev, Proton probably has a wallet with enough Monero to run this smart contract without anyone needing to add any money at all. So you wouldn’t be getting a Monero wallet in it. It would simply mint an NFT that you could then refer back to for verification that this is the same address that I say it is. It would simply leverage the monero chain every time an account was created and mint that as a unique ID (NFT!).
deleted by creator
A valueless NFT? Not sure I can conceive of such a thing ;)
Yeah my most downvoted comments mention Blockchain 🤣 Capitalism turns everything to shit 💩