"You don't want to get left behind, do you?" They countered.

That struck me as a bizarre sentiment. What is there to be left behind from? If BitCoin (or whatever) is going to liberate us all from economic drudgery, what's the point of "getting in early"? It'll still be there tomorrow and I can join the journey whenever it is sensible for me.

Part of the crypto grift was telling people to "Have Fun Staying Poor". That weaponisation of FOMO was an insidious way to get people to drop their scepticism.

I feel the same way about the current crop of AI tools. I've tried a bunch of them. Some are good. Most are a bit shit. Few are useful to me as they are now. I'm utterly content to wait until their hype has been realised. Why should I invest in learning the equivalent of WordStar for DOS when Google Docs is coming any-day-now?

If this tech is as amazing as you say it is, I'll be able to pick it up and become productive on a timescale of my choosing not yours.

I didn't use Git when it first came out. Once it was stable and jobs began demanding it, I picked it up. Might I be 7% more effective if I'd suffered through the early years? Maybe. But so what? I could just as easily have wasted my time learning something which never took off.

I wrote my MSc on The Metaverse. Learning to built VR stuff was fun, but a complete waste of time. There was precisely zero utility in having gotten in early.

Perhaps there are some things for which it is sensible to be on the cutting edge. I took part in a vaccine trial because I thought it might personally benefit me and, hopefully, humanity.

But I'm struggling to think of anyone who has earned anything more than bragging rights by being first. Some early investors made money - but an equal and opposite number lost money. For every HTML 2.0 you might have tried, you were just as likely to have got stuck in the dead-end of Flash.

There are a 16,000 new lives being born every hour. They're all starting with a fairly blank slate. Are you genuinely saying that they'll all be left behind because they didn't learn your technology in utero?

No. That's obviously nonsense.

It is 100% OK to wait and see if something is actually useful.

A few months ago, my wife and I went on a 30 day Interrail holiday across Europe. 10 countries, over a dozen cities, making over a hundred payments.

I looked in the window of every cafe, restaurant, corner shop, pub, bar, museum, and tourist-trap that we went into. All of them accepted a wide range of credit cards. Some politely informed us that they were either cash-only or no-cash. A few gleefully accepted foreign currencies at ruinous exchange rates.

None advertised accepting crypto.

Due to the language barrier and the risk of looking like a bellend, I didn't actually ask anyone if I could pay with crypto. But every bill we were handed told me which (fiat) currencies I could pay in. The tip-jars let me tap my card or drop my (metal) coins. There were signs warning that I couldn't use American Express.

But, again, no mention of crypto.

I literally only saw one sign that cryptocurrencies existed. Tucked away in Zagreb train station, next to the left-luggage lockers, was this:

I've never used a crypto ATM before. I've no idea if it's safe or whether it'd give me a good deal. I also didn't know whether a guy with a crowbar would follow me out of the station. But, hey, YOLO!

There was no queue of people waiting to use it, so I thought I'd investigate.

Delightfully, it wasn't just Bitcoin that it offered:

Including two subtly different stable coins. Which is nice, I guess.

I clicked through a screen confirming that I wasn't a Politically Exposed Person and got hit by this screen:

I've never had a cash ATM warn me about those kind of scams. Progress!

And yet, after wandering Zagreb for a few days, I didn't find anywhere to spend whatever crypto I could've purchased from there. I went to laundrettes, museums, galleries, bougie little eateries, and had dark kitchen deliveries. None advertised their acceptance of crypto.

Perhaps I'm not cool enough to go to the hip underground club where all the cocktails are only purchasable with an obscure shitcoin. Maybe there's an exclusive casino where all the beautiful people spend their evenings playing baccarat chemin de fer for tokens?

Or perhaps I'm just unobservant.

In the last few years I've wandered through the twisty passages of the Marrakech Medina and pounded the mean streets of Halifax, Nova Scotia. I've drunk in the bars of Kuala Lumpur and slurped food-court noodles in Hong Kong. From Sydney to London, I'm not exaggerating when I say that no one has ever offered to let me settle my bill with a cryptocurrency.

I've paid by mobile, in-app, using loyalty card points, instant bank transfer, and fairground tickets. No crypto.

In London, my home city, there are maybe 50 places which say they accept Bitcoin. London's population is about 10 million. It is one of the most visited cities in the world. There is, effectively, nowhere to buy a coffee using the blockchain.

Perhaps crypto is more like gold? I don't know any shop which would let me pay with an ingot or doubloon. Yet plenty of people have gold as part of their investment portfolio. Although gold is a physically and chemically useful metal whereas the utility of crypto is yet to be demonstrated.

It's the same with shares. I can't go to a pub and buy a round with GME:NYQ. I need to convert it into something more liquid before I can enjoy something more liquid.

So crypto can be an opaque speculative investment. Maybe it is the next tulips, maybe it is the next Ford Model T. But it is obviously so far from infiltrating normal payments that it can be safely ignored.

I've been writing about Bitcoin since 2011. I even studied for the Certified Blockchain Professional qualification and wrote about it for my MSc a couple of years ago.

I'm just so tired of all the unjustified hype. I despair about the amount of energy that's been wasted - both electrical and mental.

It has been seventeen long years since Dr Craig Wright published the Bitcoin paper. How much longer are people going to keep pretending that this is a transformative payment technology ready to be embraced by the masses?

Think I'm wrong. Don't bother arguing in the comments. Instead, you can put your money where your mouth is by sending Bitcoin to me at bc1q60rt4rrnky7syxdw6234zqnmy84ah2gphra5ev 😂

So I signed up for a wallet, installed an extension, verified my credentials, saved a seed phrase, and - without too much technical fuss - had some crypto transferred to my account.

So far, so good. Compared to a traditional financial institution it had some advantages - there were no KYC checks or ID verification requirements. But the disadvantages were obvious - I had to install a different app on my phone and link it to my computer. The UI for the app and extension were awful. A huge amount of technical jargon was thrown my way - and there were dozens of technical pages to read through all stuffed with yet more jargon, memes, and insider jokes.

It felt sloppy and unprofessional. But, hey, $20 is $20.

Then I tried to withdraw the crypto into something useful. You know, money that I can use to buy goods and services. This, it turned out, was impossible.

I had to install a different extension. Then I had to decide which bridge to use. I popped into Discord chat and said "Hey! I'm new! Which bridge should I use?"

The answer won't surprise anyone who has dealt with cryptocoins.

"DYOR!"

Here's the thing - I don't want to do any research. When I want to change money with Wise.com, I just click a button and the cash is converted.

One of the classic web design books is literally called "Don't Make Me Think!" People are busy and tired and stressed and confused and just want their damned money.

I asked again "How do I judge which site is safe and which service I should use?"

The responses were filled with technical jargon, links to 3rd party sites, a list of acronyms, and assumed a huge amount of pre-existing knowledge. When I said "I've only just got started - how do I withdraw money?" I was told to watch a 3 hour YouTube video and / or install yet another extension.

That's when it struck me.

Cryptocurrencies are perfect for people who want to feel smart.

Some people like learning. That's great! But rather that learn something useful, they create ever more complex systems. They become the gatekeepers of rarefied knowledge. A lore so vast and tangled that they can smugly laugh at the smoothbrains who just don't get it. HFSP!!

Right now, in the UK, I can send £0.01 to anyone for free. The transfer is instant. But, more importantly, it is simple. I don't need to learn anything. My friend sends me their account details, I click a button, paste their info, hit a button, and done.

I don't need to know how the underlying infrastructure works. I don't need to understand how the global financial system works. But, with crypto, I need to understand staking, gas fees, bridges, offramps, DeFi, and a dozen other things. This is stupid. It makes insiders feel smart because they have embraced the self-created complexity, and allows them to feel smug that normal people aren't as smart. That's it. That's why some people love crypto.

PayPal solved crypto's fundamental usability problems decades ago. Click here to send money to an email address. Done.

Fifteen years of cryptocurrencies and the usability is still dreadful. Why? Because the people running it are addicted to complexity.

In the future, all your clothes are an NFT.

"Wow! I love your blouse."

"Thanks, here's a smart contract showing where I purchased it from. If you buy one, I get 10% of the sale price back in WoolworthsCoin."

Applause Tokens™.

A smart monitor under your theatre seat detects how long (and how loud) you applaud for.

Remember, the more enthusiastic you are about this middle-school production of Annie, the more tokens you earn!

Geneticoin

By storing your frozen sperm or eggs in our BYOG-Bank®, you're investing in your future!

Anyone who has a child using your genetic material signs an irrevocable smart contract which entitles you to 1% of the progeny's lifetime earnings.

More donations means more money!

KindleCoin

With KindleCoin, a Basic-Attention-Token derivative, you only pay for good books. Didn't finish reading the latest Dan Brown novel? Only pay for the pages you enjoy!

WARNING! Leaving your eReader unlocked could result in an attacker flipping through Dostoevsky; costing £££

Book-NFT

With this new Literature-based NFT, you can bring your most beloved characters into your favourite books!

Unlocked Willy Wonka by buying some Roald Dahl? Wonka can now appear in Game of Thrones!

DateCoin©

Welcome to a REVOLUTION in online dating.

Before meeting up on a date, both parties sign a smart contract. If either bails on the date, or doesn't look like their profile photo, or fails to put out, their stake is forfeited to the other party.

BoomBoomBucks

By placing noise monitors in every house, we are democratising annoyance.

Want to play some banging techno at 3AM? No worries!

Your neighbours can set a price on being annoyed and automatically charge you for waking them up.

⚡️coin

Let's embed a tiny Blockchain processor in all your electronics. Want to charge the battery in your PS5 controller? It's FREE this weekend!

(As long as the ⚡️coin chain doesn't detect you charging an Xbox controller. In which case the price is doubled.)

No More Train Delays

Train delayed on the way to work? Not a problem!

Your employer can bid on prioritising your train based on the economic value your delay is costing them.

By automatically monitoring your movements at all times, ChooChooCoin incentivises faster repairs to the train network.

Prevent diamond theft

Stolen a bag full of diamonds from an highly protected safe in a daring raid involving lasers, an electronics expert, and an old lag looking for one last score?

Joke's on you! Those diamonds are associated with an NFT which you didn't steal!

Enjoy your sparky stones, idiots!

TrafiqueTokens

No more waiting at 🚦! Your Tesla will automatically bid up to your specified limit to override a red light.

Remember, the value of TrafiqueTokens may enter negative territory and you could be stuck behind a Skoda for the next 6 hours.

PrayerPoints

An exciting new soul-bound token which you can earn for acts of worship and devotion. The more spiritual you are, the more the points accumulate.

You can exchange these points to get out of minor sins.

A group of friends can pool their points to redeem against a major sin!

Dietary Dinar.

Imagine you're a vegetarian who has a craving for steak. Collateralise all your veggie-pesos to exchange with someone's carnivore-bolívars.

You eat their steak, they eat your salad. Karma neutral! Sadly the coin exchange takes a few hundred kWh, so not carbon-neutral.

Voice Coinz

This means an end to spam calls!

Set a smart contract price on calls and texts to your phone number. If a legitimate call comes through, waive the charges. If it's spam - make 'em pay!

(Huh, that might actually be a good one...)

NO YOU SHUT UP

MeetingCoin. A non-rivalrous smart-attention coin which ensures that Gavin from accounts doesn't speak over Michelle who actually knows what the meeting is all about.

Probably sends electric shocks if you waffle on too long. Voltage based on number of votes.

Pest Control Smart Contracts

We have a pretty huge pest control problem. Imagine if exterminators could be paid exclusively in crypto for every vermin they destroy?

For every snake head you present to us, we will mine you one RajCoin.

No, I've never read a history book. Why do you ask?

Basic Love Token

If every marriage was a smart contract, your could rent out your spouse to other people who wanted them.

Imaging being able to seamlessly transfer marriage obligations as simply as you rent a DVD from Netflix.

All of the advantages, none of the obligations!

🐼🪙

There are only 1,800 pandas left in the wild 😢

We have minted a unique "Hunting Permit NFT" for each of them. The coins are pegged to the price of ETH.

If conservationists want to save these cute bears, they can chose to outbid the hunters.

Distributed Proof Of Kill.

BugCoin

Annoyed by bugs in your code?

Blockchain solves this.

A smart contract will prevent you from committing anything which crashes by determining whether or not your program will eventually halt.

And so on

If you have any other billion dollar ideas - please leave a comment. We'll split the profits 50:50.

I'm going to talk through a proposed user experience, and then discuss how it would work in practice.

Let us imagine a future digital currency ₢. It might be fiat, it might be crypto, doesn't really matter.

• Alice loads up a smartcard with ₢100 and locks it.
• Alice gives Bob the smartcard.
• Bob uses offline verification to see that the smartcard contains ₢100 of unspent currency.
• Bob unlocks the smartcard and transfers the ₢100 to his own wallet.

Sketching out how it works.

The key thing here is that Bob doesn't need to connect to the Internet - or do a live check with any 3rd party - in order to verify that the card has cash. How would that work?

It is - sadly and unavoidably - an escrow system. If you want to avoid the "double-spend" problem without going online, then you need intermediary to vouch that the funds are locked.

Let us imagine a physical token. For example, a Smartcard with an embedded microchip. The microchip has a unique ID and is able to perform certain cryptographic functions. It is able to sign data with its own private key - for example, it may have embedded a subkey of its manufacturer.

When Alice loads a card, this is what happens.

• Alice sends a challenge, signed with her private key, to the Smartcard.
• Smartcard sends Alice a response to the challenge, and its unique ID, signed with its private key.
• Alice tells the Escrow provider that she is in possession of a specific Smartcard by sending her signed challenge and the Smartcard's signed response.
• The Escrow provider checks a public ledger to see if this specific Smartcard is in use.
• If the card is not in use, the Escrow sends a challenge, signed with its private key, to the Smartcard.
• Smartcard sends the Escrow provider a response signed with its private key.
• Escrow provider tells Alice that it is convinced that she is in possession of that Smartcard.
• Alice sends ₢100 to the Escrow provider.
• Escrow sends the Smartcard a cryptographically signed digital certificate saying that Escrow is in possession of ₢100 and will release it to the bearer of the Smartcard.
  • The certificate could be time-limited?
• Smartcard validates the certificate and securely stores it for later retrieval.

Effectively, this Smartcard is now digitally engraved with the words "I promise to pay the bearer on demand". Anyone who proves that they are in possession of that specific Smartcard, can redeem the stored value from the Escrow provider.

Here's how it works.

• Bob asks Alice for ₢100.
• Alice hands Bob a Smartcard.
• Bob asks the Smartcard for the amount it has stored.
• Smartcard responds with a figure which is cryptographically signed with the private keys of the Smartcard and the Escrow provider.
• Bob has previously stored the public keys of all major Escrow providers.
• Bob validates offline the Escrow's signed statement against the Escrow's public key.
  • Alternatively, Bob may have the Smartcard vendor's public keys available for validation.
• Once satisfied the card contains the correct amount, he takes the card.

How does Bob redeem the stored value? Well, firstly, he doesn't have to! The smartcard is fungible. He can hand it over to someone else as payment.

But, if Bob wants to "cash in" the card and transfer the ₢100 to his own wallet, he will need an Internet connection

• Bob sends a challenge, signed with her private key, to the Smartcard.
• Smartcard sends Bob a response to the challenge, and its unique ID, signed with its private key.
• Bob tells the Escrow provider that he is in possession of a specific Smartcard by sending his signed challenge and the Smartcard's signed response.
• The Escrow provider checks a public ledger to see if this specific Smartcard is in use.
• If the card is not in use, the Escrow sends a challenge, signed with its private key, to the Smartcard.
• Smartcard sends the Escrow provider a response signed with its private key.
• Escrow provider tells Bob that it is convinced that he is in possession of that Smartcard.
• Bob tells the Escrow provider he wants to cash out and sends them the details of his wallet.
• Escrow provider sends an instruction to the smart card to "self-destruct" and remove the signed amount.
• Smartcard deletes the stored amount and sends a signed transaction back to the Escrow.
• Escrow transfers the money to Bob's wallet.

All this is... complicated. And relies on smartcards which have close-to-unbreakable storage for their private keys. And has a lot on baked-in assumptions about humans want to transfer money. But it is something. At the moment, all cryptocurrencies demand a permanent Internet connection if you want to use them. I think offline transactions are useful.

Notably, it doesn't require a blockchain or any cryptocurrency. It makes use of cryptography, sure. But you don't need inefficient, permanently-online, slow databases to make this work.

One of the things people do when trying to create a new product or service is to write little user stories to illustrate the problem they're solving. You've probably seen this sort of thing:

• As a… busy parent, I want… a push alert from my washing machine; so that I… can stay on top of the laundry.
• As a… citizen, I want… an online passport application process; so that I… can save time and money.
• As a… corner-shop owner, I want… a simple way to accept credit cards; so that I… can attract younger customers who don't carry cash.

Stories are not always good nor, indeed, accurate. But they help you and your team explore what sort of problems you're trying to solve. Ideally, they're backed up with user research - but even if they're just figments of your imagination, they give you something to work towards.

One of the (many) failures of Cryptocurrencies is that they have a weak to non-existent set of user-needs. Very few of the "whitepapers" even discuss users, except in the abstract. They ones that do talk about specific needs are really just addressing the fact that the USA has an antiquated financial system - they are mostly ignorant about the financial services which exist in the modern world.

Let's take a look at one of the ur-texts of this movement - the original BitCoin paper. The problems it identifies are that users want:

1. To "transact directly with each other without the need for a trusted third party."
2. Lower transaction costs, because high costs are "limiting the minimum practical transaction size and cutting off the possibility for small casual transactions".
3. Protection from fraud via "Transactions that are computationally impractical to reverse".

And that's it as far as end-users are concerned. There's a little bit about privacy - but it doesn't discuss whether users want it. There is, I suppose, an overarching need for an honest network - protected by cryptography.

It is obvious that BitCoin has failed on its first two user needs. It is impossible to transact without being online and trusting thousands of third-parties to process the transaction. There's no way to hand over, say, a USB stick full of bitcoins without the risk of double-spending.

Similarly, the transaction costs of BitCoin (and most cryptocurrencies) are comically high. In the UK I can send a single penny to any other UK bank account and it doesn't cost me anything.

What about (3)? Does BitCoin protect users from irreversible transactions? Yes! But do users want that? No!

Let's take a look at that whole sentence from the paper:

Transactions that are computationally impractical to reverse would protect sellers from fraud, and routine escrow mechanisms could easily be implemented to protect buyers.

(Emphasis added).

Both buyers and sellers want escrow. There will always be a user-need to mediate disputes. One of the reasons users love credit cards is that - in the UK at least - there are incredibly strong consumer rights laws. If a merchant screws you over, you can ask the card company to refund you. Try doing that with a cryptocurrency exchange!

Creating Some User Needs

I think one of the reasons NFTs got so much (brief) attention is that they had identified a well-understood problem and proposed a fix for it.

• As an artist, I want to receive a percentage of any future sales of my artwork, so that I see the gains in any future popularity.
• As a customer, I want to invest in something which might grow in price, so that I can resell and make a profit.

That's it. That's all there is to the NFT value-proposition. NFTs were never about supporting artists; PayPal and bank transfers has that covered. NFTs are deeply flawed in many ways, but they relentlessly focused on those two user stories - and users flocked to them. For a while.

So, what might a user want from a modern, digital currency? Here's my attempt to sketch out some idea. You will notice that many are contradictory! Users are not a homogenous blob and may have needs which can't be satisfied at all times.

Instant payments

These are part of those "parity with cash" needs. If I hand you a fiver, the transaction happens instantly & no-one takes a cut. Similarly, all online money-transfers is instant & free. Any future currency must meet those user expectations.

Low / No Fees.

In the UK, I don't pay anything for access to a credit card. I don't pay for cash withdrawals or deposits. I can transfer tiny or large sums of money instantly without a fee.

Now, the flip of this is that merchants pay a fee for handling my credit card transactions. They also bear the cost of transporting and insuring cash. Banks don't charge for current accounts or transactions - but do have huge fees for overdrafts and the like.

Crypto tends to evenly split this cost between the customer and the merchant. That's probably a fairer way to do things. But it is unusual - and will take some work to convince users that it is sensible.

Evading Capital Controls

Some countries place limits on how much money can enter or leave the country. Try wandering through an airport with a large suitcase full of cash and see what happens!

So, "As a user, I want to move money in and out of a country without a trace, so I can ..." what exactly?

Insured Funds

One of the things the BoE talked about was what to do if someone lost their wallet. If your cash gets shredded, you can usually send it back to the bank for a replacement. If your bank goes bankrupt, a central bank insures your money.

How could a digital currency provide that service?

Escrow

A customer wants refunds, but a merchant disputes that. Enter an escrow service. A middle-man to hold on to the money /goods until both parties are satisfied. In the non-crypto world, this is commonplace. Smart-contract sort-of provide this for digital exchanges. But they're unregulated.

Your story here

It's late and I'm tired. The original BitCoin paper didn't analyse user needs - and has manifestly failed on 2 out of its 3 identified needs.

If digital currencies are to thrive - they need to be attractive to real users. It isn't enough to make something mathematically perfect, or which only appeals to gamblers, or con-artists. Products live and die by addressing problems faced by users.

One of the many reasons crypto is dying is that it still doesn't have a compelling user story other than "number go up".

A piggy bank is close to perfect security. If you are seven and your adversary is a younger sibling.

Storing your own money is a mug's game. Having a fiver on you for emergencies might be sensible - but stuffing cash under your mattress is not advisable. Loss, theft, and fire are all real concerns.

The world is moving away from cash. Just before the pandemic, I went a year without using cash. Since then, I haven't withdrawn any notes.

Holding on to cash is like running your own bank. You have to check that the money you're given isn't counterfeit, store it safely, insure against loss, protect against theft, project future needs, etc. It is a massive faff.

So people use banks. In the UK, they're mostly free. I give an institution my money and, due to a combination of their size, insurance, and regulators, I'm confident that my money will still be there tomorrow. They are unlikely to give me fake notes, and they can refund me if I've been defrauded. I trust them.

Enter the crypto-dudes with their plaintive cry "But I shouldn't have to trust anyone!"

Sure. I fully support your right to get paid in cash and to store all of it in a lockable box guarded by your dog.

But don't come running to me when the dog eats all over your notes and shits them out in the middle of nowhere.

As Moxie wrote a few weeks ago that most people don't want to run their own servers. I'm a massive nerd and run a few servers. And it is a pain in the arse! This website runs on someone else's cloud infrastructure so it doesn't break too often. I don't have the time, energy, or skill to securely run important servers all by my self.

Do people want to manage their own cryptographic keys? I doubt it. It's complicated and fragile.

The complexity can be magically managed away with better technology and usability. Up to a point. You no longer need a degree in electronics to tune in to a radio station. But look at the number of people who don't know how to re-tune their car radio's presets.

So people will gather around big institutions. Those which have the funds, insurance, and regulatory oversight to provide a reasonable degree of trust.

Sure, some people will hold on to their own cryptokeys - just like some people only want to be paid in cash. But, just as now, they'll be the minority.

There's an inherent fragility built into cryptocurrencies. If your physical bank notes are damaged, the bank will replace them. If you are defrauded, the bank will reimburse you. If your loved one dies, and you inherit their assets, the bank is legally obliged to give you access.

Cryptocurrency has none of that.

• If your hardware wallet or keys are destroyed, you've lost everything.
• If you are defrauded, you've lost everything.
• If your loved one dies and didn't give you access, you've lost everything.

Would you carry around your life savings in your wallet? Would you store everything of value in your home in a safe? Would you want to run your own banking infrastructure?

I doubt it.

The "not-your-keys-not-your-crypto" folk want us to return to an almost prehistoric means of storing and transporting money. Thankfully, most people realise how backwards that is.

Background

Suppose you want to support an artist and give them money. That's easy. Most artists take PayPal, bank transfer, or cash. But how can you prove that you've paid an artist for a specific piece of work? That is, in essence, all an NFT is - the seller signing a statement that the buyer has sent them money related to a thing.

Whether that claim can be meaningfully sold on to someone else is outside the scope of this discussion.

The artist's signature

Most cryptographic schemes let a user digitally sign a file. Essentially, all this says is "this string of bits was seen by this user". It cannot say whether the signer was the person who originally created the file.

Here's an example.

-----BEGIN PGP SIGNED MESSAGE-----
I, Terence Eden, created "monkey.jpg" with a SHA512 hash of
123a887f3d5e7f246077eee40d0c073fa5ecad85d5b9bd130a87eb07408…
This token was created at 2021-12-25T01:02:03.5Z
-----BEGIN PGP SIGNATURE-----
Version: 1.2.3

456aae68585c9b176e06792396a08ad9ab92e335940e33c79ab69053a55e4f19…
-----END PGP SIGNATURE-----

Hey presto! Now the seller has a token - the above file - which offers strong proof that they were in possession of that exact monkey.jpg file.

(In reality, this would be a formal schema - JSON, ASN.1, XML, whatever - with lots of metadata. But for these examples, let's keep it simple and human readable.)

The transaction

The sale can go via any medium. Cash in hand, PayPal, bank transfer, or even unregulated cryptocurrency. The problem with Blockchain is that you cannot guard against off-chain transactions. There's nothing to stop me buying an NFT for 100ETH and the seller immediately returning that to me in cash.

Here's how a buyer can create their own "receipt" saying that they purchased the above token:

-----BEGIN PGP SIGNED MESSAGE-----
I, Luke Skywalker, have purchased "monkey.jpg" with a SHA512 hash of
123a887f3d5e7f246077eee40d0c073fa5ecad85d5b9bd130a87eb07408…
And signed with
456aae68585c9b176e06792396a08ad9ab92e335940e33c79ab69053a55e4f19…
For 100ETH
This payment was sent at 2021-12-26T02:03:04.5Z
-----BEGIN PGP SIGNATURE-----
Version: 1.2.3

798a42cec24ff0cc40a9270a645f115c137625e1868563044adb139a1d0a3050…
-----END PGP SIGNATURE-----

The seller can verify the transaction once they have received the money:

-----BEGIN PGP SIGNED MESSAGE-----
I, Terence Eden, have sold "monkey.jpg" with a SHA512 hash of
123a5887f3d5e7f246077eee40d0c073fa5ecad85d5b9bd130a87eb07408…
And signed with
456aae68585c9b176e06792396a08ad9ab92e335940e33c79ab69053a55e4f19…
For 100ETH
To Luke Skywalker
With transaction signature
789a42cec24ff0cc40a9270a645f115c137625e1868563044adb139a1d0a3050…
This receipt was generated at 2021-12-27T02:03:04.5Z
-----BEGIN PGP SIGNATURE-----
Version: 1.2.3

000a7324409938862ff8006291b5471aef8c7ba4732a60e6823e77284d42cf17…
-----END PGP SIGNATURE-----

Ta-da! The buyer now has a chain of cryptographically signed, Non-Fungible Tokens, which shows that an artist claims to have created a file and claims to have received funds from the buyer.

Sure, you can pad it out with a bit more back-and-forth, adding promises to sell, more thorough metadata. You could even use a publicly agreed-on Merkle Tree to add a bit more "trust".

And that's how you mint an NFT with none of the baggage and none of the fees. Easy!

Problems

But there are a few drawbacks with this.

Without a published chain of transactions, there is no guarantee that the artist hasn't sold the same item multiple times.

Without a verified on-chain transaction, there is a risk that either the buyer or the seller may be lying about the transaction price.

Because there are no third-parties involved, there is no opportunity for escrow or complaint resolution.

To be clear - all of these problems are also present in "traditional" NFTs. Buyers have no idea of the provenance of the piece, there's nothing stopping multiple sales of visually identical artworks, scams are rife and smart-contracts are buggy.

But if you want to create an Non-Fungible Token - there's no reason to pay inflated "gas" fees. You don't need any centralised brokers or platforms. You can own your own ledger and be completely decentralised for free.

Web3 should be about you being in control - not endlessly paying micro-transactions to hundreds of gatekeepers.

Update

Siyuan Ma has built a Proof of Concept Chainless NFT

While under the influence, the victim used his usernames, passwords, PINs, and biometrics to send money to the criminal's accounts.

Is there a "technological" way to stop this? His banks initially refused to refund the stolen money. Only once the press stepped in did they relent. One bank, Revolut, said:

This was an unusual case where the payments were authorised by the customer but, as is now clear, without his consent. [Emphasis added]

From the bank's point of view, the victim presented the classic trifecta:

• Something you have - the logged in banking app and, possibly, bank cards
• Something you know - the passwords, PINs, and memorable phrases
• Something you are - the biometric authentication via fingerprint or face unlock

The bank is correct - the user did authorise these transactions. They had the authority to tell the bank to transfer the money, they presented the right credentials, and responded correctly to the challenges. The bank was satisfied that the user was who they claimed to be. This transaction would not have looked any different from other legitimate transactions.

But, of course, you cannot be forced into meaningful consent. If someone is threatening you, then you are not consenting; you are being coerced. But how can a bank - or anyone - know whether you legitimately want to proceed with a transaction?

Perhaps the bank could have detected that this was "unusual" activity. Does this user normally transfer thousands of pounds late at night? But how many of us have got annoyed at a bank suddenly thinking that our £3.50 lunch is a precursor to serious financial crime and denied the transaction? We get grumpy at banks who stop us doing what we want with our cash. So there's an incentive for banks not to go overboard with fraud detection.

And, in this case, what could they do? Call the user and see if they really wanted to make the transaction? Can a bank reasonably tell if someone is drunk or drugged? Do they have the right to prevent incapacitated people making dangerous decisions?

Perhaps, to detect coercion, the bank could video call you, and check there was no one in the room with you? Or they could use voice stress analysis and heart-rate monitoring to check that you weren't being pressured into something.

That all seems a bit overboard and annoying if you're legitimately trying to make a large transaction. Would users put up with that if they knew it was being done to keep them safe?

Ultimately, this is why we have banks, regulators and insurance. The banks can pause and reverse transactions to help recover stolen money. Regulators can tell banks how they have to treat vulnerable or victimised customers. Insurance can cover the losses and provide incentives to improve security.

This is, as I said, an upsetting episode. But it stands in stark contrast to the terrifying and unregulated world of cryptocurrency-powered decentralised finance. Under DeFi, a user being coerced can never hope to recover their money. Smart Contracts cannot distinguish between authorisation and consent. And that is its fatal flaw for consumers.

You should take a couple of hours to watch The Producers. Either the 1967 classic movie, or the 2005 remake will do. The pivotal moment in the film is when Leo Bloom has this stunning realisation:

"Amazing. It's absolutely amazing. That under the right circumstances, a Producer could make more money with a flop than he could with a hit. Hmm... Yes, it's quite possible! If he were certain that the show would fail, a man could make a fortune!"

The scheme is simple - if your venture is a success, all your financial backers want a share of the profits. If the venture is a failure, the backers accept their losses. You walk away with the unspent investment.

A related scam can be found in Lock, Stock, and Two Smoking Barrels (warning for homophobic language):

Nowadays, I suspect, most people wouldn't care that their bank knew about their sexual proclivities. But the essence of the scam remains - make claiming the refund too difficult or expensive to be worth it.

Which, of course, brings me to the latest "venture" from the Cryptocurrency pillocks.

‘Buy the Constitution’ Aftermath: Everyone Very Mad, Confused, Losing Lots of Money, Fighting, Crying, Etc. ConstitutionDAO tried to buy the Constitution. Now it has a $40 million mess on its hands and entire refunds are being wiped out by high fees.

…

Of the initial $200 we bought in ETH, $90 was eaten up in fees simply to donate to ConstitutionDAO.

…

to get our ETH back from Juicebox, we would have to pay gas fees again, meaning essentially the entirety of the amount invested would be wiped out. Vice

You "buy" a token - the seller profits from the fees you pay¹. The seller offers to refund you - if you accept, they get another fee, if you refuse, they keep your money. They make money either way. Genius!

In most of the civilised world, money transfers are free. I can send boring fiat money to anyone in the UK and it arrives instantly, for free. Faster Payments work for up to £250,000. There's no cost to the sender or receiver. Not even a monthly bank account fee! There's no middle-man taking a cut. The sort of infrastructure that American cryptobores can only dream of.

If I want to send money internationally, most UK banks will charge a flat £20 fee. Or something like Wise transfers will cost as little as a quid, and up to 0.65% of the transfer amount. Sure, there might also be some exchange rate fees and fluctuations, but they're generally tiny.

If there's a problem with my transaction, I usually have strong consumer protection laws to help me get a refund. Either automatically through my payment provider, or through a well established court process.

I'm sure that the people behind ConstitutionDAO truly believed their own hype. And they probably didn't set out to steal money from gullible people. But all the cryptocurrency and DAO projects I've seen so far are barely concealed get-rich-quick pump-and-dump schemes.

There is nothing "democratising" about conning people out of money. There's nothing decentralised about deceiving a large group of ill-informed speculators. There's nothing innovative about these trite scams.

Here's how it worked¹:

• You pay money to the artist (Bowie)
• Artist uses that money to buy the rights to their back catalogue
• Every time one of the songs from that catalogue is sold, or played on the radio, the artist gets paid
• Investors receive a share of that payment

It's a primitive "smart" contract². Money flows back to the individual investors.

Imagine if you could do this today. Let's say you want to invest in The Rolling Stones. You can't.

You can invest in Warner Music Group. Which is the corporation which owns the label which controls the rights to the music of the Rolling Stones³. But that means you'd also be investing in bands that you don't like - or may even hate.

Imagine a future where a fan could directly invest the The Rolling Stones. Not just by buying records, concert tickets, or merchandising. But literally buying a percentage of the Stones. When their music gets played, you get money. If their latest record fails to sell, you lose money. You could trade your shares in them just like any other share.

What perverse incentives might this produce?

• Obnoxious Evangelist. You know those dudebros who derail every online conversation with how great Tesla is? Now imagine them at every gig. Ew!
• Pump and Dump. Hack a load of Spotify accounts, set them all to play Sympathy for The Devil on non-stop repeat. Cash out.
• Activist Shareholder. At the shareholder meeting, agitate to replace Keith Richards with Justin Bieber - that'll produce a short term price bump. Albeit at the cost of artistic freedom.

Let's go a step further. What if you could directly invest in the artist themselves? Buy a share of Mick Jagger.

Mick releases a viral video on TikTok? Your shares go up! Revelations about some dodgy behaviour in the 1970s? Your shares go down. Just like Celebdaq!

Cool! But, again, what emergent behaviour might that encourage?

• Abuse. If your share price goes down, will rabid fans start harassing the artist?
• Shorting. Could you intentionally reduce the share price in an artist by smearing them with malicious falsehoods?
• Share washing. Jagger knows a lot of millionaires. Could he get his friends to artificially inflate his share price in order to defraud unwary investors?

Finally, what is guaranteed to send an artist to the top of the charts?

Death.

If you knew exactly when an artist would die - how much money could you make from that?

This is, sadly, the logical end-case for the NFT craze.

Someone who is emotionally invested in an artist - to the point of obsession - is a common trope. Stalker fans are an unfortunate reality for some popular artists. Now mix that with financial investment. Imagine a fan, distraught that their favourite band has broken up and financially destitute because the share price has cratered.

What might that drive them to?

Or, perhaps a syndicate of wealthy investors realise that the cost of engaging the service of an assassin is a low price to pay for a guaranteed Return On Investment. Even if one - or all - of them are caught, the smart contracts can't be rescinded. Code Is Law. As the songs climb the charts and the memorial concert is sold out, all those micro-cents will flow through a tangled network and automatically land somewhere untraceable.

The future is going to get even weirder than we can imagine.

Most countries in the world place legal limits on alcohol production at home. There are, usually, several good reasons for this:

• Improperly brewed alcohol can cause severe health problems - including death.
• Poorly set up stills can - and do - explode.
• Unlicensed sellers of alcohol generally don't pay tax.

I'm sure you can think of a few more reasons to add to the list.

In the UK - where I live - brewing wine and beer for personal consumption only is allowed. Distilling alcohol requires a licence. Again, most jurisdictions have similar attitudes to home brewing.

Here's my big question - should CryptoMining be treated in the same way as the manufacture of alcohol?

(I'm in no position to enact such a global law. This is a thought experiment.)

The current state of proof-of-work mining is:

• Environmentally destructive.
• Opens users up to fraud.
• Reduces tax income to the state.

I'm sure you can think of a few more reasons to add to the list.

Could / Should / Would countries ban domestic cryptocurrency generation?

We all thought the coming war on general-purpose computing was going to be driven by DRM. But what if it is driven by Central Banks eager to retain control of currencies?

Even if such a law was enacted - could it be policed? Given that the computer equipment needed to mine currency is functionally identical to regular computer equipment, how do you stop people buying it?

Recently, the GPU manufacturer NVidia restricted the hashing power of its domestic graphics cards to stop them being used by miners. (Of course, this limit was quickly bypassed.)

Would we end up in a situation where you may be allowed to mine a trivial amount of currency for "personal consumption" but would be forbidden from generating too much? How could that be measured, let alone enforced?

Again, to be clear, I'm not in favour of such a restriction and have no ability to write laws about it. But I think such a restriction is likely to be proposed before too long.

An effective way to stop this happening would be to move away from speculative mining which requires large amounts of energy. If crypto can't get efficient - it'll find itself on the wrong side of history.

It all comes down to user needs. What pain point are you removing? Uber made taxis mildly less irritating, for example. But the UK already has a fairly mature mobile money market, so what does Signal add? Here are a few obvious questions I asked them:

• The UK already has faster payments in all major banks. I can send and receive money instantly from app or Web. Will Signal be as fast as that?
• The UK has a problem with authorised push payment fraud. Banks can recover funds which have been sent as a result of phishing / fraud. How can someone reverse a payment on Signal if it was fraudulent?
• The UK also has receiver verification. If I try to send to an account and it doesn't match the name I'm sending to, my bank will warn me. How does Signal stop impersonation?
• There's no cost to sending payments on most mainstream banks. How much does Signal charge?
• Most banks let the user block receiving payments from specific accounts. Can Signal stop harassers sending unwanted money?

Those were the questions I immediately thought of with my "product" hat on. I'm sure you can think of more.

The responses were... not well thought through. I'll respond to each one.

A: MobileCoin is as fast (or faster in some cases) than a bank payment in the UK with greater privacy. As far as settling back to Fiat, if that's what you're asking about, the velocity of that depends on on-ramp and off-ramp integrations which will come over time (but it looks like there's no reason MobileCoin can't help developers deliver payments at the same speed as banks).

I've yet to see a settled crypto transaction which is as fast as a UK bank transfer. We'll come back to "privacy" later. In terms of getting real money out of the system, the answer seems to be "variable" - which doesn't sound like a great customer experience.

Payments on MobileCoin cannot be reversed at the protocol level. If you want escrow and reversibility, you should use a wallet or payment service that supports those primitives. We believe that developers will build such services on top of the foundation of the MobileCoin protocol.

So, no. If you get scammed, tough. Neither a bank, nor a regulator, nor a court can reverse a dodgy transaction. Where's the user need for that?

Signal relies on phone numbers for identities. Other apps that integrate MobileCoin may have a higher threshold for identification.

So, again, if someone pretends to be your mate and cons you out of money, there's no independent verification. I bet users just love sending money and not knowing who it is going to.

Fees are set by the foundation (which has a stated goal of keeping transaction fees to around $.04 when the network isn't congested). Currently fees are higher as they need to be adjusted by a foundation vote.

That's pretty high! People in the UK literally use their banking apps to message each other - sending penny payments to get someone's attention. What is the user getting for this proposed transaction fee?

Signal doesn't allow people you haven't keypaired with to send you funds. If you have accepted a message request from someone, they can send you money.

If you can't block people - even after accepting them - that's a vector for harassment, or worse. Your psycho-ex can bombard you with micropayments. Your dodgy mate can offload his illegitimate gains into your account. It sounds like a nightmare.

So, I ask again, what is the use-case for this feature? It isn't faster, it costs more, it is in a volatile cryptocurrency, it has no fraud protection, and it facilitates abuse.

The one thing it has going for it is that it is "anonymous".

Except, of course, it isn't anonymous in any real sense. You need the user's phone number - which means law enforcement can track their activity. While the ledger may be anonymous, if you send a unique amount of money, and it gets received instantly, it's going to be pretty easy to work out who is at either end of the transaction.

Perhaps there is a huge untapped desire to send expensive pseudonymous payments. Perhaps people want to pay for stuff using a speculative instrument. Perhaps everything I thought I knew about people is wrong.

Or, perhaps this is another pump-and-dump cryptoscam?

I wonder who was "investing" in those coins before the big announcement? Nothing to see here...

I managed to drag the call out for 6 minutes - have a listen:

I'm not a brilliant scam bater. I didn't manage to get his address, discover when he got my number from, or find out any significant details. But that wasn't my goal. With most of these phone scammers, I have two objectives:

1. Keep them on the line so they can't defraud anyone less sceptical than me.
2. Get them to see the error of their ways.

I'm usually pretty good a (1). Stringing people along is easy, but risks getting further unwanted calls.

(2) is more difficult. I sometimes ask them if they think what they're doing is legal. Or I ask what they wanted to be when they grew up. Some people genuinely think the call-centre they work in is a legitimate company - they're also being scammed by the scammers. It's usually fairly easy to turn those people. Asking them if they've ever Googled for "company name + scam" is enough to get them to see the truth.

Sadly, I don't think my call with "Björn" is likely to have changed his mind.

What's doubly annoying is that the phone number has been marked as a scam for months. According to OfCom it is registered to BT. Of course, it could be a spoofed number. STIR/SHAKEN can't come fast enough!

The tour guides of Bletchley Park are full of fascinating stories. They can tell you how all the primitive computers work, about the history of each building, they know all the curious little facts which make visiting the park an absolute joy.

There's one story in particular that I never tire of hearing.

By 1945, Turing's computers were able to decrypt Enigma transmission within 48 hours - it was thoroughly broken. After the war, the British had captured thousands of working Enigma machines. What on Earth could they do with them? The answer was simple. Sell them to our Allies as "The Uncrackable Enigma!"

And, indeed, they did. The British Government sold cryptographic devices to their allies even though the British knew that the cryptography was fatally compromised.

I presume that for the next few years, the British Government were able to spy on the world. Listening in on all the high level discussions they could.

In 2007, the security expert Bruce Schneier asked "Did NSA Put a Secret Backdoor in New Encryption Standard?"

Cryptography experts were worried that the American National Security Agency were promoting a new encryption standard which was potentially crackable by the US Government.

The US Government had taken a leaf out of the UK's book, so it seemed, and had encouraged the world to use insecure cryptography.

This has been going on for decades.