Until four days ago, Signal was the most trusted name in secure messaging — it’s got end-to-end secure encryption and disappearing messages. It’s the messenger of choice for sensitive journalism.
Mostly, Signal’s still pretty good for that. Everyone else is still worse.
But Signal just blew a huge hole in its credibility, when it announced on Sunday 4 April that the Signal app would be getting a payments interface — using a cryptocurrency. Specifically, its founder’s own cryptocurrency. [Wired]
Techies were horrified and alienated by crypto nonsense being put into the messaging app they’d recommended to their friends — they remembered how cryptographic key directory Keybase had done an airdrop of Stellar lumens, and destroyed not only their users’ trust, but Keybase’s usability, as cryptocurrency spammers flooded the app. [Stephen Diehl]
The crypto community was horrified and alienated that Signal didn’t choose their coin.
Why MobileCoin?
MobileCoin is a pretend-decentralised cryptocurrency. It went live in December. Most volume is on Tether exchange FTX, where it’s just another altcoin.
Moxie Marlinspike, the founder of Signal, is also a founder of MobileCoin — he’s a paid technical advisor, and was previously CTO.
Signal added the payment system code to the messenger app in April 2020 — but only pushed that code to the public GitHub repository a year later, after the MobileCoin announcement. [Twitter]
Amy Castor did some follow-the-money on MobileCoin. [Amy Castor] MobileCoin has a fixed supply of 250 million MOB, and 37.5 million MOB were sold to early investors at $0.80 in its 2017 private offering, according to the white paper. [white paper, archive]
SGX: DRM for your money
Andi McClure wrote a Twitter thread on the technical details of MobileCoin. [Twitter]
MobileCoin was inspired by Stellar. MobileCoin’s technical detail is very scanty, but it looks like every validator has to be authorised by MobileCoin. That is, this is a completely centralised crypto.
There are four trusted nodes: two run by MobileCoin, one run by the Long Now Foundation (are cryptocurrencies a 10,000-year project now?), and one run by Blockdaemon. [MobileCoin, archive] MobileCoin’s own servers are decentralised to the Microsoft Azure cloud, as Azure offers SGX. [Microsoft]
The big problem in cryptocurrency is how to have distributed participation that isn’t susceptible to a sybil attack — where someone creates lots of sockpuppet entities that look like separate participants, but are all controlled by one person. The Bitcoin solution is proof of work, because it’s hard to fake — but this is horrifyingly wasteful.
MobileCoin uses code running in Intel SGX (Software Guard Extensions). This sets up encrypted regions of memory that even other highly-privileged processes running on your CPU can’t use. The secured enclave can only run code that’s been signed by Intel.
So each participating node must have an Intel CPU to run the code on. This achieves “one-CPU-one-vote,” as Satoshi put it in the Bitcoin white paper.
SGX acts here in the role of DRM for your money. Like any DRM, it treats the user (that’s you!) as the enemy. Your wallet keys are open to Intel.
In the security world, SGX is best known for its exploitability — there’s a list of exploits in the Wikipedia article on SGX. So SGX does a user-hostile thing, and then fails at it.
In fact, SGX has failed badly enough that Intel dropped SGX support from 11th-generation CPUs (Tiger Lake, Rocket Lake). Some users found they couldn’t play Blu-Ray discs — remember movies that came on 5″ discs? — whose software relied on having an SGX enclave. Hooray for DRM!
Just a minor regulatory clarity issue
Signal blew up its goodwill for … a coin that hasn’t yet figured out regulatory compliance.
You can’t buy or use MobileCoin in the US. Founder Joshua Goldbard said: [Hacker News]
I can assure you that we have the best minds in the regulatory and legal worlds thinking about this and there just isn’t a lot of regulatory clarity. If you had told me that 4 years after I started MobileCoin we still wouldn’t have guidelines on how to issue a cryptocurrency in the US I would’ve told you that you were insane, yet here we are.
Of course, MobileCoin has regulatory clarity already — if you’re in the US, you can’t offer unregistered securities that you sell cheap to investors so they can dump them on retail. Saying “but it’s a currency!” doesn’t change that. Ask Telegram, or Kik.
Goldbard says: “I started MobileCoin to fund Signal. That’s it.” And that’s great — good software can really do with paid support. But then Goldbard made what in US law would be an unregistered offering of securities to do that.
Mobilecoin currently claims to hold 125 million MobileCoins, which is $5.5 billion at today’s market price. Note the suspicious pump from $7 to $68 about a week ago — just before the Signal announcement: [CoinMarketCap]
Goldbard repeatedly evaded the question of dumping on retail when asked directly. Nor would he make clear his or Marlinspike’s precise financial interest in MobileCoin. [Hacker News]
It’s so hard for a pump and dump coin out here — no pathway to doing a pump and dump in full legal compliance.
As is true every single time, “regulatory clarity” is a crypto phrase meaning “why can’t I do this obviously and hilariously illegal thing, if I just sprinkle some crypto on top?”
Why not just use … money?
There isn’t really a crypto economy — almost everyone would just be using MobileCoin as a proxy for real money.
If you want your coin to be exchangeable for real money, you’re going to have to do the compliance dance anyway. And nobody wants to use a coin whose value goes up and down like the MobileCoin price chart.
So if you want a payment solution, why not use money?
Well, then you can’t dump your unregistered securities on retail. Duh.
Your subscriptions keep this site going. Sign up today!
Some people recommend MollyIM – https://github.com/mollyim/mollyim-android – an even more secured version of the Signal client, that connects to the Signal network just fine. And doesn’t have a crypto in it.
“Molly is updated every two weeks to include the latest Signal changes and bug fixes”
Have they said explicitly that they’re not touching this aspect with the proverbial?
“are cryptocurrencies a 10,000-year project now?” Well, they spend 10k years’ worth of energy in 1, does that count?
“Techies were horrified and alienated by crypto nonsense being put into the messaging app they’d recommended to their friends”
Oh yes, yes, yes.
“The crypto community was horrified and alienated that Signal didn’t choose their coin.”
Being able to laughing at the latter is the one upside to this.
Not a fan of Signal’s decision to mix the concerns of secure messaging with those of some cryptocurrency, but I don’t think secure enclaves work the way you describe them.
An Intel signature is not required in order to run them, but rather Intel provides a signature of the enclave state for attestation.
They don’t have the gatekeeping role you claim, i.e. this statement is false:
> The secured enclave can only run code that’s been signed by Intel.
Still, Intel is ultimately trusted to never make any false claims (i.e. they, or anyone compromising SGX sufficiently, could always create an enclave that does not actually run the desired software but cryptographically can claim to be doing so). Considering their track record with SGX, I’m not sure if that trust is deserved.