Blockchain Plumbing
Pongo's Key Points:
• Data security is a field that most people would agree is necessary to our society today, and blockchains are great tools for ensuring the authenticity and safety of data.
• One of the unsung benefits of permissionless blockchains is that they are arguably more secure because they're public. In addition, they can reduce the amount of targets for common social engineering attacks.
• Even though blockchain isn't used very much in this regard today, it would be prudent to think about its applications in the near future. Just like the switch from lead to copper pipes, or snail mail to email, innovation takes time but change takes longer.
Pongo's Point:
• Blockchains should be viewed more as plumbing than products, because they help improve data security as digital soundness and reliability become evermore critical to our world. Just like the pipes in a home, most people won't need to care how blockchains work or who maintains them, provided they serve their purposes as needed.
Breaches in the Pipeline
Despite making up a growing percentage of our daily lives, computer code is a widely unappreciated language. Less than 1% of the population knows how to code, which would be roughly the equivalent of the population of Spain developing the entirety of our digital lives. Of course, there are “technically-minded” people who can navigate technology without knowing how to code, but even a seemingly innocent-looking piece of software can fool the wisest of no-code techies.
Why is it, then, that so many individuals and companies are hacked each year? If our virtual identities are becoming more integrated with daily life, shouldn’t digital security be paramount for all of us? The problem isn’t innocent seniors falling victim to Nigerian royalty, but major corporations and governments as well. Some notable corporate hacks include the Microsoft Exchange and T-Mobile data breaches in 2021, not to mention the absolutely devastating attack against the US federal government in 2020.
How might blockchains help with data security in the future? One major improvement over existing infrastructure is the use of public and private key pairs. They aren’t too dissimilar from what we currently use - usernames and passwords - but the core improvement is that they are practically impossible to crack (at least for most public blockchains). Couple this with the fact that most blockchains require users to self-custody assets, and it becomes very unattractive for hackers to brute force passwords.
By contrast, banks either host data on their own servers or outsource them to a cloud company, like Amazon or Google. These centralized data centers become honeypots for hackers and your data (i.e. your username, password, and account balances) are susceptible to four obvious attack vectors: Code security and employee phishing, both for your bank and their server providers (if they host their own servers, then it’s only two attack vectors). Of course, blockchains can suffer from similar attacks, but to a lesser degree.
Safety in Numbers
While code quality is also a vulnerability of blockchains, open-source code has the potential to be reviewed more (and more quickly) by a wide swathe of independent developers. (As opposed to closed-source code, where you’re at the mercy of the company’s management of the software.) There are pros and cons to both approaches, but a fact of open-source software is that there are more people to catch bugs and suggest fixes - as well as bad actors looking to exploit those bugs. It’s a double-edged sword that, in my experience, often leads to stronger foundations and interesting privatized iterations of free software.
When it comes to open-source software, I’ve found that it tends to be more “pipe than tap” software - meaning they contribute a lot more behind-the-scenes to your everyday life than what you might think. An obvious example is Chromium, the open-source web browser codebase that powers some 75% of all web browsers like Google Chrome, Microsoft Edge, Brave, and more. There’s also a laundry list of web protocols that are totally open-sourced and power practically everything we use online. If banks are using open-source software to power large parts of their operations anyways, why not skip the middleman and custody our own assets?
The component of blockchain security that is most compelling is the reduction of the layers of social phishing. Phishing is a common social engineering attack where a malicious party poses as a government worker, company employee, or some other official-sounding title in order to trick an individual into revealing sensitive information or installing malware. Currently, if your bank uses cloud services to host data, then your banking details are susceptible bank and data center employees falling for sophisticated phishing scams. If it can happen to Microsoft, T-Mobile, and the federal government, then it can happen to pretty much anyone.
Blockchains reduce the social phishing layers to one: You. Because of the nature of permissionless blockchains, you are required to self-custody your assets. Even most crypto wallet developers are not susceptible to phishing attacks (assuming they’re developed by an honest party), since key pairs are generated on an individual’s device rather than a company server. Of course, many people still choose to leave their crypto on exchanges or custody services, which ends up adding back in the same security concerns with bank and data center phishing. Just look at FTX…
From Lead to Copper
Prior to World War II, lead pipes were the norm for many plumbing systems around the world. It was only after we became aware of lead poisoning that we transitioned to copper piping. A similar change is upon us with regards to our digital security in the future. As we transition from the Information Age to what will likely be the Age of Artificial Intelligence, our dependency on technology will further ossify and we will all become more acutely aware of the vulnerabilities of our existing digital infrastructure.
Centralization of sensitive information has always been a weak point for practically every operation since the beginning of human history. The Library of Alexandria burned and volumes of ancient works were lost in 48 BC. The House of Wisdom was destroyed when Baghdad was sacked by Mongols in 1258. The private records of over 150 million individuals were compromised in the Equifax hack in 2017. Thankfully, the total loss of information is diminished thanks to digital record-keeping. Unfortunately, a byproduct of that is unauthorized access to sensitive information.
With the advent of blockchain, we have a technology that mitigates certain vulnerabilities of our current data security protocols. Though not a perfect solution, blockchain can help reduce breaches by encouraging users to take greater control of their sensitive data, rather than centralizing usernames, passwords, and more in a company’s “honeypot” database. In addition, blockchains can be leveraged to better trace culprits when unlawful attacks do happen, since blockchains record a perfect account of when it happened and who may have done it.
Contrary to what many might believe, blockchains, Bitcoin, and crypto aren’t the products themselves. Instead, they will act more as plumbing, like Chromium or HTTP, in support of products that are built on top. Just as email is effectively three protocols that are leveraged by user-friendly clients like Gmail, Outlook, etc., so might Bitcoin and Ethereum be in the future; that is, base layers that support products, not products themselves. Yes, NFTs and DeFi can be fun, but the real value add for blockchain is digital security.