The Changelog – Episode #269

Bisq, the decentralized Bitcoin exchange

with Chris Beams

Guests

All Episodes

Chris Beams joins the show to talk about Bisq, the P2P decentralized Bitcoin exchange and open-source desktop application that allows you to buy and sell bitcoins in exchange for national currencies, or alternative crypto currencies. We get some background on the issues faced by crypto exchanges like CoinBase, and the now defunkt Mt. Gox. We discuss whether or not Bitcoin is a censorship resistant payment system and what it means to have anonymous transaction currency options. Bisq also has an interesting white paper about its own DAO (Decentralized Autonomous Organization) to support its contributors and we discuss that in detail at the end of the episode.

Featuring

Sponsors

Bugsnag – Mission control for software quality! Monitor website or mobile app errors that impact your customers. Our listeners can try all the features free for 60 days ($118 value).

DigitalOcean – Get DigitalOcean Spaces free for 2 months. Securely store and deliver any amount of data with the same simplicity you've come to expect from us. Instantaneously create a cost-effective, reliable storage space using our drag-and-drop UI or API.

Toptal – Hire the top 3% of freelance software developers, designers, and finance experts. Email adam@changelog.com for a personal introduction.

GoCD – GoCD is an on-premise open source continuous delivery server created by ThoughtWorks that lets you automate and streamline your build-test-release cycle for reliable, continuous delivery of your product.

Notes & Links

Edit on GitHub

Transcript

Edit on GitHub

Chris, we're talking about Bisq, previously Bitsquare. Why don't you tell us about the naming and why you all decided to change it?

Yeah, so the project has been around now for about three and a half years, and most of that time it had been under the name Bitsquare, which people may have heard of if they've been around the Bitcoin space at all. And the reason that it was called Bitsquare in the beginning is because it was kind of a play on the idea of what's come to be known as Satoshi squares in the Bitcoin world.

What Satoshi squares were... People might know the name - Satoshi, like Satoshi Nakamoto, the creator of Bitcoin, and people would form Satoshi squares, which were in-person opportunities to exchange Bitcoin for whatever their local currency was - dollars, or euros, or what have you, and they were just informal things. So that's where the name came from - Bitsquare, a way of having Satoshi Square-like interactions, peer-to-peer exchange of Bitcoin for national or fiat currency, but not having to do it in an actual physical meet space; doing it online, doing it on a proper peer-to-peer network.

[00:04:26.13] Then earlier this year we changed the name, because Bitsquare was a potential overlap with a certain trademark holding financial services company that people might be able to guess the name of, because Bitsquare's name kind of intersects with it, and they asked us nicely if we might change the name. So we did, and we just shortened it down to Bisq, which was kind of an abbreviation of the original Bitsquare, and it's a relatively unusual and sort of Google-friendly name. That's how we got there.

When you rename something like that, you often lose some people in that; how long ago was this renaming and what is the downfall of a rename?

Of course, the process itself takes a while; it was happening starting around April of this year. I'm not sure that we've lost so many people per se, but there's just a cost to it because you have to continually repeat the fact that it's been changed, and you're always in the business of saying "Bisq (formerly known as Bitsquare)", so just the introduction of the project... Much like the conversation we're having right now, it takes a while, right? Because you wanna make sure to bring people into the fold that had heard of the project before, under its previous name, and so on. But in general, it's been okay.

One thing that helped there is that while the project has been around under development for three and a half years roughly as we speak, it's been live in production for about 16, 17 months now, so people who had actually been using the application to do live trading had only known it as Bitsquare for just a handful of months at that point.

So Bisq is an open source desktop app. Not only that, but it's also an exchange network, but it's the formation around it, at least based on your white paper, the motivation around it is essentially around the censorship, the different things around the current ways in which you trade Bitcoin, right? Can you kind of give us the background, to some degree, of the problem with crypto exchanges like Coinbase etc, different places where you can actually go and do these original squares, which is kind of interesting how that came about?

Yeah, so I'll talk about "centralized" exchanges in just a second, like you talk about, but just to get first to principles - you're asking "Why did we create it the way that we did?" and it's because it's really modeled after Bitcoin itself. We wanted to build the exchange that the Bitcoin network needed in our minds. What does that mean?

Well, Bitcoin itself is this remarkably censorship-resistant network; it's really designed as such. It's global, it's at this point by all accounts unstoppable, right? It's definitely powered through different governments and different agencies, considering ways to take it down or attack it, and so on. We'll probably see lots and lots more of that over the years to come, but for essentially zero downtime on the networks, and January 2009 the Bitcoin blockchain has just been running along more or less smoothly, right?

[00:08:08.19] We thought that that's exactly the kind of exchange that we wanted to build - something that's just as permissionless, privacy-respecting, and indeed censorship-resistant as Bitcoin itself. What we've seen emerge since Bitcoin essentially first got a price, around 2010 -- the network was running for many months before anybody ever actually exchanged Bitcoin for value, and pretty much the moment that began, the first exchanges started popping up, and if people know anything about this space, they probably know at least the headlines that they read in 2013 about the Mt. Gox exchange, which was responsible for something on the order of 700 million dollars worth of Bitcoin being stolen. Of course, the reason that that was possible, for Bitcoin to be stolen, is because when you're dealing with a centralized exchange - meaning, by the way, a website, right? Fundamentally a web app, where three parties are involved - the person who wants to sell, the person who wants to buy, and the exchange itself. When things are designed that way, the exchange has to have custodial control over the user's Bitcoin for at least some period of time. And typically, just for reasons of convenience, people would keep their Bitcoin on the exchange for much longer than just the moment that was necessary to match a trade and then cash out.

When Mt. Gox was hacked back then in 2013, something like the tune of 700 million dollars worth of Bitcoin were under the control of Mt. Gox, and that fundamentally means the private keys that were capable of spending that Bitcoin were in the control of Mt. Gox.

That's basically a great, big honey pot. It's like, there's 700 million reasons that an exchange like Mt. Gox would get hacked, and it's utterly predictable that the beatings will continue if this sort of architecture doesn't change. And of course, that's exactly what happened. Over the years, there's been an almost predictable pace of exchanged getting hacked, and various amounts getting stolen and so on. It's just the nature of the beast. When there's enough value in a given system or location that can be hacked, it probably will be hacked. So that's always been our motivation - that's the security side of Bisq, it's the security of users' funds; we wanna make sure that people can actually fulfill the promise of Bitcoin, which is... You know, people sometimes say "Be your own bank", that you can actually keep custodial control of your own private keys, your own Bitcoin, and you can have as much security as you can manage.

Assuming you have well put-together operational security practices, you're using things like hardware wallets, or air gapped computers, or whatever it is that you deem appropriate to secure however many Bitcoin it is that you have, you have that full control, you have that full capability. The Bisq application never maintains control, it never has the opportunity to steal your funds, because it never holds your funds; it's just between you and your counterparty, essentially.

[00:11:54.03] Yeah, I have a couple of questions breaking off of this. The first one is perhaps speculative a little bit, with regards to exchanges being hacked and the analogy between a cryptocurrency exchange having custodial control over your wallet, or really your keys at that point, in order to have access to trade that coin, is very similar to banks... Like you said, "Be your own bank"; well, with a Coinbase or a Bitstamp or a Mt. Gox or whatever, you're allowing them to be your bank, to a certain degree, and that's problematic. And like you said, the more honey that's in the pot, the more attackers are gonna come after those things. I guess my question would be why don't we have more historical banks being hacked? Our Bank of America, our First National... Now I'm of course putting this in an American context, but they are very literally banks and they have online presences and they have web apps, so why is everybody going after Bitcoin exchanges and not after places where you can get cold, hard cash?

Yeah, I'm certainly not an expert in the space of traditional physical banks getting robbed, but just to hazard an answer to this... I think to some degree banks do still get robbed, like literally people coming in and saying "Put all the money in the bag..."

This sounds like a physical hack.

Yeah, I don't think that's a done deal, and I think the reason that that still happens, however high risk that may be - I don't know how many people successfully get away with it, but of course, the reason... One famous bank robber was asked "Why do you rob banks?" "That's where the money is" was his answer. [laughter] And it is still where the money is, at least to the extent of cash bills in a cashier's drawer, so you actually can get the honey out of the pot. But I think when we -- and this is where I'll quickly get out of my depth, so anybody who actually is working for a bank, my apologies ahead of time... But I imagine the reason that we don't see people hacking into Bank of America's servers and so on and "stealing all the money" is because what they're stealing would be entries in a database representing...

Transactions.

Yeah, representing transactions, representing ultimately their kind of fractional reserves and so on. The money itself is not a digital thing, a digital asset that can be taken away in a digital bag, if you will, when what's there is actually private keys, like files; it also may be entries in a database, but strings of numbers and letters representing a private key. You can actually take those and run away and spend the Bitcoin that they have access to. There's no correlate I think in the traditional banking, because it's not fundamentally digital.

On that note though, I think that in today's world it's so hard to see what you're saying there about traditional banking, and that you're not actually stealing funds because so much of what we do is removed from actual cash... You know, we don't often -- there's some people out there who live by cash and spend only cash, but the large majority of the world relies on some sort of market like Visa, MasterCard, American Express, some sort of credit card type system that ensures secure payments, or some sort of digital way to do a transaction. So we're so used to not actually spending real cash hand-to-hand, so it's hard to see that, that it's not digital.

Yeah, it sure feels digital, right? When you log into your online banking or swipe your card here, or what have you. But in the end, it's not a natively digital money, which is the big difference.

[00:16:01.03] So let's get back to the point about being your own bank, and we'll branch off in here; this is where I think Bisq is interesting to me as a thing that you guys are doing, and hopefully it's successful in what I think is providing the power to decide to more people. Because if you look at the tradeoffs between centralized exchange and you say "Why are people using these?" and you even said it yourself, it's because of the convenience, it's because of the access, and a lot of times that convenience isn't "This is simply easier for me to do", but it's actually accessible, in terms of "I don't know how to do it on my own. It's too difficult. So this is not just convenient for me, it's actually enabling me to do something that I couldn't do on my own."

We've seen a lot of hacks and we've seen a lot of -- even recently Ethereum, I think somebody drained 31 million from some Ethereum wallets, you mentioned the big one with Mt. Gox with Bitcoin... The other thing we see a lot is people losing their own coins, right? They lose their private keys; they've got them in three places and in a safety deposit box...

I just saw a Reddit thread the other day where a guy still managed to basically lose his entire Bitcoin wallet - which I think was sizeable, by the way - even despite all of these different steps that you take, and by doing something that I don't recall the details... But it's really hard, even for technical people. It's hard to get it right and to keep it right and not lose your stuff because you're personally a really bad bank, you know? So is Bisq trying to make that easier for regular Joes?

Yeah, I think it's only gonna get harder, by the way, especially for people who have growing amounts of value. It's actually a real challenge to fully, properly secure Bitcoin in any case.

Real quick, Chris, can you break that down for us and just explain? I've assumed our listeners all understand the problem with the keys. Can you just lay it out, like what would happen...? How can I go about just losing the Bitcoin that I have in a personal wallet? Can you just explain that for the listeners?

Yeah, sure. So let's just assume the simple scenario of you've gotten your first Bitcoin wallet - it's a desktop application - and I've sent you some Bitcoin just to get you started, so now you have 0.1 Bitcoin or something like that sitting in that wallet, and five minutes later your machine melts down. It's just an unrecoverable disk failure, and your time machine hasn't had time to back it up, or whatever; you don't have any backup of it. That wallet on that computer was the only home of the private keys that can spend the Bitcoin that I transferred to you.

When I transferred the Bitcoin to you, I signed a transaction using my Bitcoin private keys that spent the Bitcoin, to your address, in that wallet. I sent it to your public address, and only that wallet has the private key that can then subsequently sign again and send it to somebody else. So if that private key is gone, your money is gone, gone, gone, gone, gone.

Now, there's a little bit better news these days. For the last number of years there have been really clever solutions that have come along. When you set up a modern wallet today, if it's a good one, the first thing it's gonna walk you through is this process of setting up the so-called seed words, which are typically a 12-word sequence, or sometimes even a 24-word sequence. Those words, in addition to a password or whatever it is that unlocks the wallet, but these words are much more powerful than a password, because those words alone can actually completely recreate a wallet, including essentially all of the private keys that are necessary to spend that Bitcoin, and that's a really clever piece of engineering and math that makes that possible.

[00:20:15.29] So the process today is people set up a wallet, they get their seed words, and they must write down those seed words, like pen and paper, never ever storing those words on a digital device of any kind. Store that piece of paper utterly secure, whether it's your bank's safe deposit box, or whatever it is that you deem to be the most secure location that you can possibly --

Dig a hole in your backyard...

Yeah, hopefully not collocated with your machine, not in your same house, and so on. So that's getting a little bit closer to the state of the art with security around that.

That's interesting, the multi-word sequence... Is it granted to the person, or can they...

Select it, or...

Yeah, does somebody select it, or...

"The quick brown fox jumped over the dog", or whatever?

No, it's generated from kind of a set of words that has a particular kind of entropy profile, that with 12 words you can capture enough entropy to essentially recreate those private keys. I don't fully understand how it all works, but I just know that it works. But you definitely don't get to choose, because if you're choosing, that's also generally poor security.

Yeah, I was thinking someone would choose a famous quote from a movie, and then hackers can just use a list of famous things that anybody can easily google, and there's millions of results for, for example, what you said with "That's where the money is." If you had a phrase like that that was actually twelve words long versus five, that might be something that people can store in a text file and just randomly parse it, and you know, brute force.

Right. People would just have the word "password" twelve times. "Password, password, password..."

People are generally a lot less clever than we think we are. When we're trying to make up a good password, we're far more predictable than we think we are.

Is that technology in the wallet, or where is that technology at? That recreation of the wallet. Is that in the protocol of Bitcoin, or where is that living at?

That's a Bitcoin standard. Bitcoin has this so-called Bitcoin improvement process. So you see these proposals get put together about ways to enhance the overall Bitcoin ecosystem or Bitcoin protocol, or certain things that wallet providers can standardize on, like this seed words approach. So that's usually something that's proposed by people who are pretty close, sort of core Bitcoin developers who understand what's possible with the technology, and they'll write it up, maybe give a presentation on it or something like that, and then often leave it to the community to pick up the idea and really run with it and take it through to the state that that stuff is in now, which is a completely accepted standard. Anybody downloading a wallet today should expect seed words support. It's basically a broken wallet if it doesn't support that.

By the way, one ideal profile, or kind of state of the art for security is not just the seed words, but a hardware wallet as well. So you might have the wallet that you spend, and maybe people have a wallet on their phone that they keep basically some pocket money in, if you will, enough for whatever it is, buying your coffee or paying a friend back, or something like that...

[00:24:04.26] Those wallets will have seed words too, so you can protect those funds, but when it comes to storing any kind of larger amount -- what's Bitcoin as we speak today? It's around $4,500/coin, so if you have even two or three of these things, much less 10 or 20 or more, that's not anything that you want or need to be carrying around on your person probably, right? So what people do is store those coins, the larger amounts for sure, on a hardware wallet. Those take different forms, but generally they're devices that can plug in via USB; they have dedicated, very simple chipsets that are just exactly for signing Bitcoin transactions and storing private keys, and so on. So they can be designed in a very security-conscious fashion to make them as impenetrable as possible.

You see products like Trezor or Nano ledger, or what have you... These are hardware wallets that have become quite popular. And when you combine seed words and hardware wallets and all this, you can actually begin to fulfill this promise for yourself of being your own bank.

It is possible, but back to what started this thread of the conversation, we're still in pretty rarified air. This is not easy for grandma at this point, still. So also to answer the question you asked along the way, is Bisq on a mission to make that easier - frankly, no. Not at all our core value proposition, if you will. Of course, it's in our interest to make it as easy as possible...

I would think so, yeah.

...and I like to think that we've done a pretty decent job of that, but given that we're actually adding quite a bit of complexity into the picture... Like you said, Coinbase, or Bitstamp, or any centralized exchange that people might choose to use today, are extremely convenient, by comparison to what they were a few years ago, and indeed, by comparison to Bisq. It's just a higher sort of profile of engagement that we have to ask the user to understand and comprehend, and so on. There's a kind of essential complexity to doing this in a peer-to-peer way that I don't think will ever be lower than the essential complexity involved in interacting with a centralized exchange.

We also don't think that that's a fundamental problem, that there's that greater complexity, because what you're getting for it is greater privacy. Indeed, much greater privacy with Bisq, and that's really the core value proposition or reason that Bisq exists.

We've talked about security so far, right? Using Bisq, and using all these other things that we're talking about is a great way to make sure that your funds don't get stolen and can't be stolen; you're eliminating a trusted third-party, you're eliminating a security hole by taking a centralized exchange out of the loop - that's great, that's security, right? But then there's privacy, and that's where we get back to the beginning with Bitcoin, and saying "We have this amazing global blockchain etc. It's all permissionless, it does for money what the internet did for information." The blockchain and Bitcoin have the potential to do for money what the internet did for information.

[00:28:04.04] If you think about pre-web, we had a select set of gatekeepers, media organizations - TV, radio, news outlets etc. Post-web we have an explosion of people becoming their own TV, radio, news and consuming the TV, radio and news of other self-producers and self-publishers. That dream of the internet and the web has been totally realized and continues to be realized to ever greater degrees today. And where we are now, certainly where we were in 2008-2009 was very much like we were in the media landscape pre-internet, with regards to banks and money and finance and so on. There's gatekeepers - there's a few banks, there's financial institutions, there's governments, there's regulatory bodies etc., and they have a whole lot to say about what's possible with your money, with money in general, and so on, and that's why Bitcoin has been so deeply exciting to so many technologists.

A glance at the news today is all about the price and all about an 18-year-old kid who got rich because he bought $1,000 worth of Bitcoin when he graduated high school, or whatever it was five years ago. Those are fun stories, and of course it's sensational, and it's all also true, right? People made a lot of money. But why did all of these people get engaged and why have all these people been in this space now for years and years? It's because of what's possible. It's because of that amazing promise of what happens when we have essentially the internet of money, if you will, or more broadly, the internet of value exchange. We now have the possibility to exchange value at a distance, with people who we don't have a high degree of trust with, and that was simply not possible prior to Bitcoin without having a trusted third-party, some intermediary, a Paypal if you will, in the middle.

So if that's what Bitcoin made possible, it starts to make sense why we thought Bisq was so important, because you wanna have the ingress and egress from that system, right? Getting into Bitcoin from fiat - people call it national currencies "fiat" in the space, if people aren't familiar with the term. So US dollars, yen, euros, whatever - that's all fiat money... Getting into Bitcoin from fiat, so buying Bitcoin for dollars, getting out of Bitcoin, selling your Bitcoin for dollars or euros - that's a really important part of the system. It's not Bitcoin itself, this kind of ancillary thing at the edges, but it's incredibly important, because as people exchange that money, and if they're doing it via, say, a centralized exchange, if they're doing it anything other than a person-to-person or peer-to-peer over the internet way, then somebody else besides you and your counterparty knows about that transaction, has a record of that transaction, and centralized exchanges are - the vast majority of them - subject to regulations that say they have to know their customer, they have to get ID verifications... This isn't perfectly true, but in many cases - most cases - you're dealing with requirements where people have had to give their identities to these organizations. That information can get out, and does get out. It can get out via hacks, you can get doxed, it can get out via government requests, it can get out in a number of ways. It's just as vulnerable as the Bitcoin that you're storing there, actually.

[00:32:06.04] When you couple that privacy risk with the fact that Bitcoin is itself a totally transparent system of value exchange, in that it's a perfectly trackable, perfectly treaceable, you can follow the coin through every single transaction on the blockchain - putting your name, having the possibility of putting your name and personal information on any one transaction, especially the first transaction where you buy your first Bitcoin, or anytime you buy a new Bitcoin, that means that it's possible for entities that you might not want to be able to, to track that coin all the way through the Bitcoin blockchain, and that does happen; that technology is getting more and more sophisticated as we speak. The so-called chain analysis systems and companies - that's what they do.

So Bisq's raison d'être here - really why does it exist - is for the protection of individual privacy, to give people who want it, people who need it, people who value it, the ability to get in and out of Bitcoin without ever putting their personal information on these transactions.

So in today's world, or I guess if we're not talking about cryptocurrency (or that kind of coin), if we're talking about dollars, just to use this example, my information is not held private, right? If I spend it on a credit card, AmEx knows who I am, they have a profile built around me, that kind of thing. If it's Bitcoin spent through Bisq, it's private, right? What's the point of privacy? Help me and the rest of the world understand the downside of not being private, aside from doxing... Is it the marketing profile? What are the concerns of privacy? Is it just anonymity? Is it doing [unintelligible 00:34:09.24] things? What's the point of privacy?

Yeah, it always bears digging into that, because for better or for worse, it's not always so obvious today. You were saying a few minutes ago in the interview a lot of people don't really use cash these days; plenty of people just pay via credit card and so on, and in many places there's a kind of war on cash. You see this with the demonetization policies that are being rolled out in India, and so on. Many countries across the world are basically disincentivizing people to use cash, and there's a variety of reasons for that, but one of the effects of that is that increasingly in that environment people's financial transactions are under surveillance, right? It's possible to know, and indeed known, what you're spending your money on at any given moment. Probably Visa isn't sharing that information with anyone, but they can, and again, things can be hacked and so on... And they certainly do, given certain conditions.

So why does it matter? Well, the reason I was explaining that is that we've been in this environment for a long time. We've all been, not because the U.S. government has been demonetizing the dollar necessarily, but just by choice and convenience, people have just more or less happily moved to using credit cards. I use credit cards, it's useful stuff; there's nothing wrong with it, right? But the effect that that has is that we increasingly forget over time "What value did cash ever have? What is the value of a private financial transaction?" and I think it's useful here to just jump outside of money for a moment and ask the question "What is the value of any private interaction at all?"

[00:36:15.06] It's been a while probably since many people listening to this have sent a physical letter to a friend or a relative, but we've probably all done it a time or two... When you send a letter, you put it in an envelope and you seal that envelope. Doing that doesn't indicate that you're doing something nefarious, or that you're breaking any laws, but it's rather the norm when it comes to sending physical mail. It's a norm. We've grown up in a culture of privacy in that situation, where people would think it quite strange if they just took the whole letter not in an envelope and just slapped a stamp on it. That would feel "Hey...?! Every postal handler from here to Poughkeepsie or wherever it's going can read my mail? I don't wanna do that." That's the way postcards work, but mostly people don't write anything of great importance on a postcard, but people do bare their souls, talk about what's important to them or troubles that they're having etc. in letters.

If we take that world of communication and communication privacy to the online world, it's a very different world, right? Because it just happens to be that e-mail, which of course we all use a whole lot, basically never had a good envelope, right? So we live in a culture of openness by default, and we don't think about it that way; when we send an e-mail, we have this kind of false sense that it's private, because it's just going to the person I send it to, but if we know anything from the revelations over the last years - Snowden and all the rest - the writing couldn't be written larger on the wall that all your e-mails are belong to us, name an agency.

So we live in a world - I wouldn't say for better or worse, I would say definitely for the worse, where everything you do online, certainly with e-mail and in many other contexts, is per default non-private, per default open. We see money no different than this. We see digital money, virtual currencies, cryptocurrencies as no different than the kinds of transactions and interactions people have with speech, with written language etc. The fact that I am buying a coffee or sending some money to my brother to take care of his family who's just in a -- we were talking about Houston and Hurricane Harvey before the call started, right? Transferring money to my family to help them out in such a scenario or what have you - that's just nobody's business but my own and my family's.

Actually, one argument for privacy is that it's a right, and there actually need be no argument for it. It need not be justified any further than "No one has the right to force me or to force anyone to be open." One ought to have a right to privacy, and that's actually enshrined in the United Nations statement on human rights and in a number of other contexts, including the U.S. Constitution, and so on.

[00:39:59.04] The right to privacy is a long-held tradition, and it just happens to be that we've been trending and drifting in this direction, especially as the online world has come to prominence, and things like e-mail, we've sort of forgotten about it. We just happen not to be in that private-by-default environment that physical mail used to be, and there's no reason not to be private when it comes to Bitcoin, and there's actually every reason TO be private, because well, do we really want, do we really trust (whether it's) the centralized exchanges...? Generally, they're just businesses trying to get along, keep customers, keep people happy.

Mostly, there's nothing nefarious going on with centralized exchanges, but those become information honey pots for other entities, other players - governments, or whomever they may be. People say "I have nothing to hide." Well, okay. Does that mean that we ought to just open everything up and give all of our data to anybody who might come along and want it for any reason in the future?

That's a big argument for privacy, by the way - the environment that we live in today, especially very lucky people like ourselves living in the States... I'm from the States, I live in Europe now, but in general, people listening to this podcast will tend to be people who are living in reasonable enough jurisdictions that probably the most draconian versions of crackdowns and so on don't happen to individuals; that's not true of everybody else in the world, and it may or may not be true in the future for ourselves, or for our families or for our children. So we can't predict the future, we don't know what's gonna happen, and you don't need and value privacy sometimes until you absolutely wish that you had had it. So those are a few reasons...

Coming up, we talk about Bisq the software - what it is, how it works, and what it's built with. Chris breaks down the peer-to-peer aspect of Bisq and how you get fiat currency into the network; altcoins, crypto-fiat exchanges, and yes, they even support exchanging for Dogecoin. We'll be right back.

Break

[00:42:40.11]

Alright, let's talk about Bisq the software, Chris. One thing you said earlier on was that Bisq is inherently more complex than using an exchange because you're adding more bits that have to be peer-to-peer, whereas with an exchange you have a centralized authority... So tell us about the software itself, especially I think where I get -- do I see the complexity as a developer as "Oh, we have to actually move money between the banking world and this world somehow? We have to get fiat money in and out of a system...", that does sound like complexities to me. So tell us what you guys have been doing with Bisq, how it works, and all that.

Yeah, so you could call it a hard problem; I think it's fair to call doing what we refer to as crypto-fiat exchanges/trades in a truly peer-to-peer way, a truly decentralized way is like an official hard problem, and it's one that many thought basically can't be done. But of course it can, if you're willing to make the right concessions and the right compromises, and know where the limits of the programmatic are, and know where the human must enter the picture.

Bisq really embraces the idea that when we're dealing with fiat currencies and bank accounts and the rest, there just has to be human interaction at some points. We can't automate everything. We might be able to automate more if banks were, say, much more modern than they are; if banks had API's and standardized ways of crediting and debiting; if we didn't have to log into a web UI everytime we wanna do something, we might be able to do more in an automated fashion, but that's not the world we live in.

[00:48:08.02] One thing that we haven't mentioned yet is what actually is the application? So yeah, it's a desktop application, it's a JavaFX application, meaning -- it feels more or less just like any app, but it means that it's cross-platform, and it looks and behaves the same across Windows, Linux and Mac. By the way, that's the nature of the beast, this JavaFX desktop application. And when you're first setting it up, you're putting information into it like your bank account; if you wanna ever sell a Bitcoin over a Bisq, that means that you're going to receive somebody else's fiat money, so it's gonna come into wherever you bank, like Capital One, or something like that. So you're gonna need to put in the account number... Just exactly however much information is necessary for that particular payment method to become possible.

For example, there are what are often called person-to-person payment systems like clearXchange, or it's now called Zelle - it's a system that a number of banks (bigger banks especially) in the US have adopted that allows their customers to transfer directly (it's going through third-parties, but directly in the loose sense of the word).

I wanna send $100 to this e-mail address. So if your bank supports Zelle and you're counterparty's bank supports Zelle, then you can just send money via an e-mail address or via a phone number, and all the right stuff will happen between the two banks.

For example, that's a supported payment method in Bisq, is Zelle. So what you would be putting in to your bank account information when you're setting up Bisq there is just enough information - your e-mail address or your phone number, the name of your bank, your first and last name... Exactly the information that Zelle requires, because that's what your counterparty is going to need in order to actually complete the transaction and send money into that account that you own.

So that's one of the "complexities", setting up a bank account. But as you can see, it's kind of essential information; you'd never be able to get the money if you didn't do that. So you could get away with doing just one bank account if that's all you have. If you wanted to support more payment methods, you had bank accounts in multiple countries or something like that, then you would set up as many as you needed.

I'm assuming that there's a limit to the banks that are supported and potentially an opportunity there for contributions in terms of - you guys have Zelle, it looks like you can do money orders, which is interesting, cash deposits... I'm just looking through your different payment methods in the app. But it's a limited list, of probably 12 or so. Does that cover 80% of people's setups, or where are we at with regards to how many people can actually get a fiat account hooked into this?

Perhaps ironically, the U.S. is one of the less rich environments. There's fewer options that really work in the U.S., and I'll explain why in a moment. But in Europe, for example, there's an almost universal system called the SEPA system, and pretty much every bank player interoperates with SEPA, and it's a reliable and reasonably fast thing (within a day or so). So in Europe pretty much people just need to put in their bank accounts and it's a kind of given that they're gonna do it over a SEPA transfer... Again, just through their bank's web UI they can initiate a SEPA transfer to anybody else's bank account in Europe.

[00:52:13.18] So when we're talking about Europe, it's pretty easy. People just do SEPA, or in the UK there's Faster Payments - that's another one you might see in the list there. So it really depends on the sort of geographical region what payment systems are widely used. In the U.S. we have postal orders, we have Zelle, which I mentioned a moment ago, but the limiting factor here, the reason why we have added the payment methods that we have, and that we have not added - or indeed sometimes removed - other payment methods is because the critical concern for us is chargeback risk. For example, Paypal is not a supported payment method in Bisq, because it's just too easy to do chargebacks in Paypal.

This invites scammers into the picture; they can more or less easily initiate a chargeback, and of course, after they have your Bitcoin, they can take their money back one way or another through Paypal. And because that's a kind of inherent risk, it's too great a hazard and we won't support it in the application... Whereas a system like Zelle, so far we've had exactly one chargeback ever. In thousands of trades and so on we've only ever had that one incident, that one chargeback through Zelle; a totally isolated incident so far. If we had another, we might take it down. It is extremely important to us that nobody gets a chargeback; that's why fiat is such a hard problem, is that it's not irreversible. Bitcoin transactions are immutable, irreversible things. Fiat transfers are not. So what we're counting on here, and this is again where I say knowing where to make the right concessions and compromises and analyzing the human side of things is that we look at these payment methods and we're basically asking "How hard is it for a chargeback to happen?" Almost all payment systems can one way or another make a chargeback happen, well, because there's a third-party there and they can just do it. But the one that we support have proven themselves to be very unlikely to just frivolously greenlight a chargeback. The person is gonna have to go through extreme amounts of diligence and really prove their case, and of course, if it's somebody trying perpetrate a scam, they're not gonna hold up to that scrutiny.

So that's why you see the payment methods that you do, and people suggest new payment methods and we take it through the same kind of scrutiny on our side, which is actually quite a bit of diligence; we're really trying to figure out "Hey, how likely is it that something bad could happen with this payment method?", so that's why we tend to take a conservative approach there.

Gotcha. So you get in here -- we're just looking at it from a user perspective; obviously, there's a lot of complexities on the software side... I think even just interfacing with those different payment methods, there's probably loads of stories in the code there, not just on the process and the decision-making around which ones to support, but also just the grilling work of getting all of those to work the way they ought to.

[00:55:47.11] If I can jump in there, it's actually simpler than you might think, and it's a useful point of departure for actually kind of digging into how Bisq works... And it's also a nice point, because we've just finished talking about privacy, and the next thing we talk about is putting your bank account information into this app, and then, you know "Well, that's gonna get shared with other people, your counterparty... Who else can see that information?" - this might seem like some kind of contradiction of the privacy stuff I was just talking about a moment ago. But as it turns out, the information that you put in about your bank account, your Zelle information or whatever it may have been, is never seen by anybody except you, and the trading counterparty who takes your offer... If you were making an offer to sell or if you were taking their offer to sell or buy, that one person, that one counterparty, that trading party will see that information at the right moment in the trade, so that of course they can actually initiate payment and send you the money. It has to happen at some moment, but they're getting that information in a totally peer-to-peer way. So it's your Bisq node, sending it directly to their Bisq node.

It's useful to mention here that all Bisq nodes are Tor hidden services. So this is being routed through the Tor network, which we know to be quite a privacy-friendly place, quite a secure place generally speaking. And the information itself is encrypted, and only able to be decrypted by your counterparty, and so on. So yeah, that information has to make it across at some point, but it's done with the least amount of exposure possible, and certainly nobody that develops Bisq or any of the arbitrators can't see any of that information when a trade is happening normally.

So maybe we could return to your question...

Yeah. Well, it's also just worth pointing out, just to make sure that I'm following well, that it's also only sent in transactions that are trading Bitcoin for fiat. It's not like if I'm sending you Bitcoin, or -- can you trade other altcoins like Bitcoin for Ether with this, or is it Bitcoin only?

Yeah, I'm glad you asked that, because definitely, if you're looking into Bisq UI, you'll see lots and lots of so-called altcoins, or just other tokens besides Bitcoin. For people who aren't familiar with this, there's something of the order of 1,000 of these tokens out there, coins, tokens that go by these different terms, and they can all be traded in more or less the same way that Bitcoin can. They're all fundamentally similar technologies. So every trade in Bisq, one side of that trade is gonna be Bitcoin, but the other side of the trade might be fiat, it might be Ether (from the Ethereum world), or Monero, or one of these other altcoins.

So it's into and out of the Bitcoin world.

That's right. And for completeness, I should actually say, it tends to be in practice that one side of every trade in Bisq is Bitcoin. We've actually recently added support for additional kinds of what we call "base pairs". In the situation that I've just described, Bitcoin is the base of the trading pair, but we also support Dash, which is another popular cryptocurrency we support, Litecoin, we even have support for Dogecoin, which you guys may know and other people may not know... It's kind of a meme, kind of a joke on cryptocurrency, but people use it and it's even possible to trade against that as a base pair.

Does it still hold any value? I remember it spiked back in the day, but I haven't been tracking... Is it still...?

I think it's trading pretty low. I actually don't follow it so closely. As it turns out, no one's -- in fact, I think we haven't had even one trade against Doge as the base pair.

[01:00:07.00] Your online charts don't show any activity for it.

Yeah, yeah. We added those alternative base pairs over the last six months or so because - I don't know if you guys sort of caught this level of depth in the Bitcoin world, but we saw transaction fees in Bitcoin going up and up and up. It was actually getting pretty expensive to move Bitcoin on the Bitcoin blockchain, and that's a whole world of conversation and debate about why that was, and so on... But it was getting to the point where it was becoming almost prohibitively expensive to use Bisq, because with a Bisq trade actually several Bitcoin transactions are in the mix; you actually move Bitcoin around several times between the two trading parties, and when transaction fees were getting up to two, and three, and four dollars and more per transaction, it was like "Hey...!", that's no good, right? So that's one of the reasons why we introduced things like Litecoin, and Dash and so on, because they weren't suffering from those high transaction fees.

These days, thankfully, transaction fees have returned to reasonable levels, so there isn't a whole lot of reason for people to switch to those other base pairs, unless they really have a particular interest in those coins.

Yeah. So the default is Bitcoin as a base pair, but we're talking about the transaction of your connection details for the fiat account, and I was stating that that's only sent between you and the transacting party in the case that one part of the pair is to a fiat account, right? If it's BTC to Dash, there's no reason to send that information over the wire in that case - is that correct?

That's exactly right, and if you look at the -- it's all stored in protobuffer files, so if you sort of grep the strings in a protobuffer file that's representing that trade, which is sort of stored in an on-disk database, underneath Bisq, and you grep the strings in there, you sort of looked at in some sort of plain text viewer, you would see that the only thing that ever crossed the wire in a Bitcoin-Dash trade was the Dash address to send the money to, or to send the coins to, or the Bitcoin address to send the coins to, whichever the case may have been. So yeah, in these cases it's maximally private, certainly; we don't just sprinkle in the bank accounts for good measure, right? [laughter] But it's important [unintelligible 01:02:53.13]

Yeah, just to make it clear... Now, the other place where that information also lives would be locally, inside of the Bisq application. I assume that that's also encrypted on disk on your computer?

Yeah, actually the database, those protobuffer files are not encrypted on disk; it's actually an open request, and there's a couple of things for us to work out to do that, but there's nothing fundamental about not doing it. If you add a password, if you add a password to get into Bisq, then your wallet is definitely encrypted. So the actual Bitcoin that you're holding inside of Bisq is certainly encrypted on the disk. The trades themselves are not. Generally speaking, the answer to that is just whole disk encryption, and so on. But as one users recently pointed out, "That works for you, but what about the counterparty?" If he doesn't have whole disk encryption, then your information is on his side. So it's important and it's on our roadmap, basically.

[01:03:59.21] Gotcha. So then the other aspect of this which is I think worth talking about - you mentioned the Tor network; when you launch the application you connect to a certain number of peers on the Tor network, and then it also lists your Bitcoin network peers. Then you have a list of buy offers and sell offers, and so... I'm just looking at it right now [unintelligible 01:04:26.06] maybe there's half a dozen or so offers to buy, and there's zero offers to sell.

Yeah, you're looking at USD?

Yeah, BTC/USD. I can look at it real quick on the euro side... It's maybe the same to buy, and there's an offer to sell on the euro side. So when it comes to moving money between fiat and BTC inside of Bisq - I'm asking this as a question - you are limited to the other people who are also using Bisq? Or is it open to the wider Bitcoin community, anybody with a Bitcoin wallet, or an exchange, or... Help me understand why there are so few.

Yeah, it's the former. So you can see offers and you can place offers, but the only people that are able to place offers for you to see or that will see the offers that you placed are other people who are running Bisq. So there's not, for example, a kind of gateway into Bisq where we have access to other order books from other exchanges or what have you, which would perhaps be possible, but would be a whole can of worms with regards to maintaining the same privacy and security profile that we have.

It seems about the decentralization of it versus the centralization of it, because as soon as you cross that, you've now broken your cardinal rule, which is the motivation for the whole thing.

Right, but on the other side you have network effects limiting Bisq. With the current size - maybe I'm ready to buy Bitcoin to USD, but there's just no offers to sell out there. So as a community, this is something that Bisq (the networks) needs to overcome in terms of volume for it to be feasible... Which is a chicken and egg type of a thing, is it not?

Yeah, certainly. If one were to ask "What's the key limitation, what's the downside of Bisq?", one is hey, we're asking you to do more and think more and care more, and the reward is privacy and security. If that's of interest to you, then Bisq is for you; if not, then that's okay, too. So that's one thing.

The second thing is liquidity, volume. The likelihood at any given moment that you wanting to buy or sell, that there's gonna be somebody right on the other side of that trade to pick it up. So the state of the situation today - we have trades happening every day, it's a consistent, predictable number that's actually growing over time, but we're talking about orders of magnitude in some cases fewer trades per day (let's say) than an exchange like Coinbase, or an exchange like Bitstamp, or Bitfinex, or really any popular centralized exchange. They're moving thousands of Bitcoin for every one that Bisq does.

Now, in practice it seems to be the case that people can get into Bisq -- just from looking at the trades statistics and so on, it seems to be the case that people can arrive at Bisq, place a trade or take somebody else's offer, and get what it is that they were looking for. But it comes at a premium. It comes at the premium of time - you might have to wait a little while for something to show up or for someone to take your order.

[01:08:16.06] When you're on a centralized platform - back to the convenience thing, these are automated matching, automated order book matching, where just the mere act of saying "I wanna sell at market price this much Bitcoin", it's instantaneously matched for you, because basically the exchange itself is accepting the order and it know that there's gonna be enough liquidity on the other side to make the right match.

There's enough volume for them to buy it, essentially; they're essentially buying it, holding it, and that's why they're the target we talked about earlier.

Yeah, it feels more like you're trading at a volume where it's almost like the stock market, where you just look at the current price and you say "Buy or sell" and it's guaranteed because there's enough volume that they're gonna match that [unintelligible 01:09:00.28] fractions of a penny, or whatever.

That's right. So anybody who's anything like approaching a serious trader, so they have a trading journal, they're thinking about it all day, they're watching charts, they're doing analysis, all of this stuff, they're basically not going to be able to function in Bisq, because they simply couldn't act quickly enough to the movements in the price that they're paying such close attention to. So for such a user, just to take the extreme example, of somebody who would basically be crippled by this - you basically can't do a day traders or swing traders, or just kind of active traders' work in Bisq; it's simply not designed for it. But that doesn't mean that there isn't a role for Bisq for such people. For someone like that, my recommendation would be as you're getting into Bitcoin, use Bisq. Then move that Bitcoin to the exchange of your choice. And again, different exchanges have different levels of requirements about how much they ask from you. You're still exposing yourself, it's still lower privacy, but you could still use Bisq to get in and out fundamentally. Likewise, if the trading that you're doing is between crypto token or crypto asset pairs, that first Bitcoin that you get would be trough Bisq, and then you could use a platform like Shapeshift or some of these other crypto-to-crypto exchanges, and then you have a really great privacy profile there, because your coins were never tainted with your personal information, and now you're just trading and moving stuff around in cryptoland.

So just to be clear - if you're a super active trader, that's not what Bisq is designed for. It's designed for sort of normal individuals who are saying "Hey, I understand Bitcoin, I believe in Bitcoin and the larger crypto space and I wanna get in and I wanna do that in a privacy protecting way and in a secure way." And maybe just one more point on that is, just to come back to the volume question, yeah, it's definitely where Bisq needs to go, is to increase the depth of the order book and all of that stuff.

The good news is that it's basically happening. These things take time. Like I said, we've been up for 16-17 months now, and we actually see a really nice curve, not just -- you guys have the app open, right? And if you're looking at the market, sort of top-level nav and you look at trades, by default you'll see the kind of volume in BTC that's moved through the exchange on a daily basis or weekly basis or monthly basis or what have you, and if you're looking at it in terms of weeks, it can be deceiving, because you see the number of Bitcoin, it was kind of growing and growing and growing through June, and then it drops off in July. Then it's been kind of slowly growing back up... What were you gonna say?

[01:12:23.22] I was gonna say, wasn't there a hard fork, or something? There was some sort of split...

That's right. There was maybe kind of a chilling effect on trading, that was one aspect. But that's not the most important one. The most important one is that right about that time in July the price started going through the roof, right? So the amount of Bitcoin that moves through an exchange like this you could say is not actually the most important metric. The most important metric is how much of the value that people denominate their lives in is moving through the exchange.

You do the math - I realize people on the call can't see this chart, but the point is that even though the amount of Bitcoin dropped in July, and has been now slowly growing back up, it dropped, but disproportionately with the amount of increase in the price. So if we had an amount of kind of like the effective amount of US dollars that were moved through the exchange over those last many weeks, you actually see that being a chart that just goes up and up and up.

So you might not see it when you first look at the application, or even at our own kind of market statistics website, but in actual fact, we've been doubling the amount of value that moves through about every 3.5 months lately. So we're on quite a healthy growth trend there, and that means that it's ever more likely day by day, as we continue to grow, that as people come in and say "I'd like to trade this for that", it's all the more likely that they're gonna get that trade matched quickly.

Yeah, absolutely, it seems to be growing. The chart that we would love to see would be -- well, you said it would be a volume times amount, right? It would be the amount per Bitcoin times the volume would be like the total transactions in the marketplace valued appropriately, versus just transactions [unintelligible 01:14:27.09]

Exactly. And you can see that when you look at it through -- in that trades tab, if you just show, say, euro trades, then you can see two charts; you see the price next to the BTC volume, and you can see the price going up at least... It's still not the complete picture, but it's just kind of funny; it's sort of this super, super useful thing to graph, and we don't really have it in the app. But we have it in some spreadsheets.

Right... Pull request welcome, I guess.

Indeed.

In this last segment we're talking about the software as it relates to the community and how we can help out. Bisq is open source, it's peer-to-peer, decentralized, secure, private and censorship-resistant, which are all things hackers value. We talk about the idea of open source projects funding themselves, the concept of a DAO - a decentralized, autonomous organization, or an ICO (initial coin offering), and Chris breaks down their plan to fund Bisq through the Bisq DAO. This is as bleeding edge as it gets for funding open source. Stay tuned.

Break

[01:15:50.12]

Let's talk about the software and the community, because you have a network effects problem, you have a value proposition which is privacy and security, which are things that are valued by hackers around the world, so no doubt you're trying to get more people involved in Bisq, both as "I wanna hook up my fiat currencies and place some trades", but also the software itself. It's open source, the whole thing is about peer-to-peer and open, and you have some calls to action on your website... I think I'm probably looking at an outdated version of it, but it does say you're actively looking for highly skilled developers and designers and security experts who can pitch in and help out. Give us that lay of the land - how can we get involved, how can we help out, why would we want to?

Yeah, well that's where it starts to get really exciting for me. I'm obviously excited about Bisq itself, the exchange... I think it's a wonderful thing. It's what we are now rolling out, which is what we call the DAO, the Bisq DAO - for those who don't know, it stands for Decentralized Autonomous Organization. This concept has also been called DAC - Decentralized Autonomous Corporation (or Company), but the kind of term that's emerged and kind of got this rough consensus these days in the space is this idea of a DAO. So what does that mean and how does that relate to people participating and contributing?

The idea of a DAO, if you just break down those terms - Decentralized Autonomous Organization - well, we've talked so far about the application itself, which is definitely decentralized; the application is definitely peer-to-peer, it's nothing more than the node of networks talking to each other, right? So it's certainly decentralized in that sense. What's not decentralized is the organization itself, the human side of the organization. To date, we've had contributors coming and going over the years, and indeed for myself, I got deeply involved with Bisq when it was beginning, in 2014, and I spent five or six months with the team in a kind of dedicated way, and then I left and did some other things; I was working with the [unintelligible 01:19:37.11] - for people who know Java build systems - for about a year.

Then I decided to come back, and I decided to come back actually in large part because of what Bisq is doing with this DAO. So what does it mean to decentralized the management, the operations, the development, all the human sides of making a piece of software?

[01:20:04.08] This is really exciting stuff, because with the advent of cryptocurrencies, with the advent of Bitcoin in particular, it's now possible for people to - like I said before - engage with each other at a distance, with a minimum of trust. Somebody working all the way across the world who is a JavaFX expert and wants to help improve the UI and put that chart in that we were just talking about, so far in the world of open source the ways that that contribution was gonna happen was a) just an industrious, helpful person over there, with this JavaFX expertise, that says "I wanna contribute, for the goodness of it all." And of course, this isn't so altruistic per se; it's great reputationally for people when they contribute to open source projects, even if they're not paid, and so on. It's a virtuous thing all around, everybody wins usually in these kinds of scenarios. But this doesn't scale very well, relying on just really helpful contributors. Contributing all the things that a project needs can be difficult. Certainly some projects do it, but I think when we look at the most successful, really world-changing open source projects that have been out there, there's usually at some point an entity behind them; a company is sponsoring them, or they form a company or what have you.

This is really kind of personally important to me because I've been working in open source for quite a while now. For the last 10+ years, every job that I've had has been with some sort of open source organization, usually fairly prominent ones, so I've sort of seen all of the different incarnations of business models that attempt to get basically bolted on to open source organizations.

For example, I worked with the Spring Framework team - again, for people in Java, they'll maybe know that name application framework, pretty popular one... And in the beginning, that was just a great set of ideas really well implemented in an open source project. Quickly, the team around that said "Okay, let's find ways to make money", and we did the training and consulting approach. That works; doesn't scale very well, doesn't make much money... And eventually, we were acquired, and so on and so forth. So you sort of move through these different models, but none of them feel like a native business model for open source. It's always something kind of ancillary that you're doing - training and consulting, or selling your documentation, or looking for someone to acquire you and kind of be a patron ultimately for the project.

What becomes possible now with cryptocurrencies and entities like DAOs is that open source projects can just fund themselves directly in a variety of ways. There's a whole bunch of models that are being experimented with right now. You guys have probably heard something about - and many people listening to this will have heard about this - ICOs, right? Initial coin offerings that are happening. Like I said, a thousand of these tokens exist and are being traded, and dozens more are being created every day as people come up with all kinds of different experiments about how to fund projects.

Most of that stuff is people funding essentially good ideas, with good teams... Hopefully. Of course, some of them are bad ideas with bad teams, but...

And some people are funding scammers. [laughter]

[01:24:04.19] Yeah, for sure. And some percentage are actually out and out scams, right? I think a lot of people are too quick to say "Oh, it's just all scams", or something like that. Mostly, the things that you run into, I think it's still safe to say, are actually well-intentioned people saying "Hey, I've got a bright idea. I've got some sort of notion of a kind of economics that I can add into this application, that I can sort of tokenize it, and that I can build a legitimate way to fund the development of this project. People will hold this token and pay for using the application with the token" or whatever different kind of model.

So there's hours and hours that we could talk about on all of those models, right? But what Bisq is doing is something if not unique, very unusual, by comparison, to this kind of norm that we've been seeing in this space. Basically, one thing that makes it unusual is that Bisq is working, running software. We've actually built the system, it's out there, it works, people use it, and people are happy to pay to use it.

When people initiate a trade, both on the maker side and the taker side (both counterparties), they pay a fee into Bisq, in Bitcoin; that fee goes to the arbitrators today. I'm one of those arbitrators, the founder of Bisq is one of the arbitrators. So people are willing to pay to use this application in this network, because it's valuable to them to be able to trade. Same reason people pay a fee on a centralized exchange.

So that works to a degree, in terms of economically incentivizing the development of the application. That can help pay the bills and so on, if you will, but it doesn't scale very well with regard to getting that JavaFX UI person to come and contribute that chart implementation, or fix that bug, or whatever it is. That's where this idea of a DAO comes in.

What we're up to here and what we're rolling out is a token; we added a token into the sort of larger Bisq system, and that token is actually something based on Bitcoin. This is something that is not a new idea, but not a lot of people do - it's called a colored coin. What that means is that each BSQ token (we actually call the token Bisq as well, but its ticker symbol would be BSQ) is actually backed by a small fraction of a Bitcoin, a thousand Satoshis, where a Satoshi is one one-hundred-millionth of a Bitcoin. So 1,000 of those, which is a very, very small amount of Bitcoin, actually backs this coin. What this means is that -- and before I get too much into the details of what BSQ is, what can you do with it? Well, we haven't launched it yet, and I can get into the details of the roadmap later, but when it's fully functional, what people will be able to do is buy BSQ, trade for BSQ on the Bisq exchange - so they might trade Bitcoin for it - and with that BSQ they'll be able to pay their trading fees at a lower rate than they would pay for it in Bitcoin. So it'll be a cost-savings to them, they'll be able to do more trades more cheaply when they pay for them in BSQ.

[01:28:04.27] Okay, so what? What good does that do? Well, on the other side, and getting back to the original question you asked, we wanna bring people in, have more people contribute, we wanna fully decentralized the operation and maintenance and development of the whole network and the application and so on. So this is the second role of the BSQ token.

The first role is that you can pay to use the application with it, so it's a kind of access token in that way. The second utility that it has is that you can be paid in it for the work that you do for Bisq or on Bisq. Somebody comes along and implements the chart that we were just talking about - they would at the end of that month period issue what we call a compensation request, and fundamentally that's gonna be a document saying "Hey, I did this work." It might be a link to a pull request, or one or more pull requests or commits, something like that that says "Hey, I contributed a chart and it's merged. That took me this much time, and this is my market rates, what I usually get paid." Again, just sort of thinking in the units of currency that we denominate our lives in, "Hey, this was $1,000 worth of work for me", and then they would look at what the market price of BSQ is, and they would issue a compensation request for that amount of BSQ.

What happens is then DAO (Decentralized Autonomous Organization) votes on his compensation request and anybody else's requests that were issued during that period, and they're voting in the affirmative or negative - "Yes, we're going to pay for that work", "No, we're not." And people don't have any guarantee.

How do you vote?

How do you vote - I could get into the technical details, I'd be happy to, but conceptually, just imagine that there's a tab in the application, in the same Bisq client application, where you're now in kind of DAO mode, and you're in the voting tab, and you have a list of the compensation requests in front of you that you can review, and you've got kind of a Yes/No checkbox, just to maybe over-simplify it a little bit, but conceptually that is what you'll be doing... Saying "Yes, I vote to have this happen."

A skeptical mind here will be saying like "Oh my goodness, this will just turn into a political nightmare", and so on...

[laughs] Yeah, I've seen a lot of conceptual roadblocks, or maybe speed bumps, as you're explaining this, but...

Yeah, I can either anticipate them and [unintelligilble 01:30:52.14] or you can ask. Either way you like.

Yeah, just continue with your explanation and maybe we'll just round them up at the end. Because we probably can't cover... I mean, these are new concepts, these are experimentation; the exact models that will flow out of this are yet to be known.

I think the idea is interesting. Maybe the way you're going about it may have its own bumps, as you just mentioned.

Yeah, it's definitely worth digging into all of those skeptical questions. Whether or not we have time to do it, so far (of course) we know that the team that's putting all this together, we're reasonably satisfied that we've actually addressed, that we sort of have an economic system here that is actually at least potentially sound, that doesn't have any obvious, glaring faults. Now, time will tell, of course, but just to flesh it out a little bit more...

[01:31:47.17] So the people that are voting, what are they voting with? Well, it's not just a radio button in a UI, and some entry in a distributed database; what they're actually voting with is their BSQ. So this is the third function of this token. The first one is that you can pay trading fees with it, the second one is that you can be paid in it, and the third one is that you can vote with it. And voting with BSQ is actually a Bitcoin transaction; it's actually literally the creation and signing and sending of a Bitcoin transaction.

If you remember, BSQ is actually backed by Bitcoin underneath, these tiny fraction/token. So it's a Bitcoin transaction with all the virtues of it, all the irreversibility and all the transparency and all the verifiability and so on and so forth, it's now representing a vote. I won't go deeper into the technical side of that, but it's important to understand that people are actually voting with their stake in BSQ.

For someone who has, say, just 100 BSQ, maybe they've just done some very small tasks a few times - they can vote, but they can vote proportionally. They can only vote with the power of 100 BSQ, whereas somebody who's been contributing to the project for years and has thousands, or tens or hundreds of thousands of BSQ, can also at least potentially vote with all of that proportion as well. That can create its own problems of course, because if people can buy BSQ, they can buy up a whole lot of BSQ and they can manipulate the project, right? That's why also part of the plan and part of the roadmap and the design is that reputation; another function of BSQ here is that it's actually a proxy for reputation.

In the end, people will not only vote just proportional to the stake of BSQ that they have, like literally the number that they have, but they'll also vote in proportion to the reputation that they've demonstrably earned. They have been paid, let's say, X number of times in BSQ; they've been paid this amount of times in BSQ - we count that not just as holding the BSQ, but as having been someone who earned BSQ, earned reputation. People had to agree that the work that you did was valuable. That's a measure of how useful and trustworthy you are as a person in the network.

So in the end, the voting arrangement will actually be mostly reputation-based and only partially stake-based. This takes a while to bootstrap and make happen, but that's the plan.

So if you start to put all of these pieces together and you start to see this larger crypto-economic system forming, then what you have is the ability for us as the current team, the actually very centralized team - centralized not that we're collocated with each other, but centralized in the sense of I'm playing a dozen roles, and Manfred (the founder) is playing a dozen roles, and there's only a few of us. So the opportunity that this affords is that we can now do things like bounties; that's not a new concept in open source but these bounties can be for an amount of BSQ, or for a range of BSQ. And the only thing standing between a potential contributor and the realization of that bounty is doing the work, and of course, doing it in a fashion that's acceptable and actually accepted. That's a radical lowering of the barriers that we have today for people being able to be compensated monetarily for their work.

[01:35:51.19] Generally speaking, no one is doing open source contribution at a distance, outside of a traditional organization or company structure, and being compensated economically for it. That doesn't happen today, by and large. The idea of DAOs is that it makes that possible in a rather dramatic way. So the biggest challenge for us is being able to articulate this stuff and make it really clear and observable for people and so on, as you can tell -- how long have I been in a monologue here, right? That's a challenge. So that actually gets to my role - what am I actually doing on the team? Like I mentioned, I've just recently sort of rejoined in a serious way just over the last few months, and we've landed on the rather tongue-in-cheek kind of oxymoronic-sounding title of Director of Decentralization... [laughter] As silly as it sounds, it turns out that's exactly what I don't think just Bisq needs, but any organization, any open source project who wants to take this idea of decentralization out to its logical end, and really decentralized not just the code, not just the network, but the people, the operation, the management - all of it. That never starts decentralized. That's always gonna start with one or just a few people, and then have to become decentralized. It's funny to say it, but it actually does require kind of centralized directing that process of decentralization. And when people are listening to this and they take a look at the Bisq website (bisq.network is the website), when they see that, they'll be able to see all the links that take them to the boards of GitHub issues. We're using GitHub and [unintelligible 01:37:51.08] and just all modern stuff for this, where people will be able to see all the bounties and they'll be able to see beyond just individual bounties. They'll be able to see what we call the roles that make up the Bisq network, the kind of persistent, often privileged roles that are necessary to make a network like this happen... Because while it's just peer-to-peer code and anybody can just download the client and run it, well, there is a website, right? However simple it may be, there's a website, there's a domain name, the domain name costs money... Just any number of the services and products that a team needs to consume, somebody needs to have owner rights in GitHub, somebody needs to operate a Twitter account etc.

So what we've put together here is not just individual bounties - "Hey, implement that better chart" - but also roles. "Be the Twitter account operator." And those roles, because there's a risk involved - if somebody goes rogue here - it's not just about that they don't get compensated that month, but that they start disparaging the project or something like that on Twitter... That's a real damage to the overall network, or at least it potentially is. So for this reason, there's yet another function of the BSQ token, which is bonding. For people to take on a role that has this kind of potential risk involved that's of importance to the network and so on, they'll put up a bond in BSQ that's in proportion to the kind of amount of risk that's involved to the network with somebody, having the keys to Twitter, or having the keys to our domain name registrar, or what have you... Or for being an arbitrator, by the way. In the future, arbitrators will be bonded to the tune of probably hundreds of thousands of BSQ, because arbitrators can potentially wreak havoc if they're a rogue actor.

When you put all of this together, we're really excited that we have a kind of arrangement that can properly incentivize good people to come and work and get paid and build something fantastic, right?

And just one last thing on that is that if you think about being able to get bonded for one of these roles, being able to become the operator of the Twitter handle or whatever it may be, you have to first have BSQ, right? You first have to have Bisq tokens. And well, you could potentially trade for them, but actually in the early days, what we call "phase zero of the DAO", which we're just rolling out right now, trading is not possible. It's only earning that's possible. So the only way people would ever be able to become bonded and take on a very important role in the network is that they would have to do things like bounties or just individual tasks, earning BSQ bit by bit, until they have naturally demonstrated their value to the project.

In this way, we actually also think that we have a way to build up a team largely of developers, largely of technologists - this is a deeply technical project - that are people who have just demonstrated value all along the way, and then start to take on greater and greater responsibility, as opposed to just saying "Hey, get yourself enough BSQ and you can do whatever." That doesn't work, if people can just buy it up. In the beginning, people can only earn it.

Or even certain functions that don't require BSQ that is held, but like you said, it's earned. You can only buy this function, so to speak, with earned BSQ... To a degree. You're still paying your own way, but it's through earning, and the earning is by proving value.

[01:41:54.10] That's right. And you actually are kind of touching here on the power of basically programmable money. We can encode into the logic of BSQ itself certain semantics. For example - this isn't the way that it's designed right now, but it easily could be and it may turn to this as we actually roll this stuff out... It could be that the only people who have the right to vote are people who have newly-minted BSQ. When you issue a compensation request and it gets accepted, that's the issuance of new BSQ, actually new BSQ coming to existence when you get a compensation request accepted, like voted in the affirmative.

That's because, by the way, remember, BSQ is ultimately backed by Bitcoin; it's this colored coin riding on top of Bitcoin. Well, what that means is that when you issue a compensation request saying "Hey, I want 10,000 BSQ for this work", that means that you must actually spend the equivalent in Bitcoin of 10,000 BSQ. You have to actually issue a Bitcoin transaction for 1,000 Satoshis times 10,000 BSQ. It actually costs money for people to issue compensation requests.

The reason that we do that is 1) anti-spam, so that we don't just have people throwing compensation requests at us because it's free. People actually have to pay for it, which means they're gonna wanna have a reasonable degree of certainty that this is gonna be accepted, which means that they have all the correct social incentives to be out there, talking to other people in the network and saying "Hey, do you think this is good work? What should I ask for it?" etc, because they don't wanna waste that compensation request transaction fee.

Well, when they do that and their compensation request gets accepted, that Bitcoin that they spent on the compensation request becomes BSQ, gets colored as BSQ, by the logic in the BSQ validation processing software that we've built. So when I say newly issued, newly minted BSQ, what I actually mean there is somebody who just earned it. And because it's a blockchain, we can see the movement of every coin, for all of time. We can know that the BSQ that that contributor earned has not moved anywhere; it hasn't been transferred to anybody else, say. So we can know that's the BSQ of somebody who just earned it. Maybe only those people should be able to vote. That's just an example of what you can do.

There are constraints, right? Not anything is possible, but there's a remarkable degree of creativity that's happening, and it begins to become evident just how limiting our current monetary world is. You don't have programmable money. Look at what we've done with being able to program the rest of the world. Here it comes, here comes programmable money.

I think that's probably a great place to end - "Here comes programmable money." Chris, we have lots of little questions, but I feel like honestly most of those are probably because these is just brand new to us, conceptually even, and so [unintelligible 01:45:30.23] probably debating and discussing all the particular details, so I think we'd probably be doing a disservice asking perhaps the laymen's questions at this point, not having digested or even read the white paper about your guys' DAO... So we'll probably just save those. We've already definitely hit up against our time buffer, but we'd love to have you back on, maybe in a year, maybe in six months, and kind of look at Bisq's DAO, how it's going and how it's [unintelligible 01:46:01.10] maybe dive into all the particular details.

[01:46:06.06] What we'd like to ultimately know, first of all, is this gonna work for you guys? And then can we extrapolate that to open source projects around the world of all shapes and sizes. I think we could speculate right now whether or not this would work in certain circumstances, but I think perhaps if we have you back on with a little bit more experience, since it's rolling out as we speak, or probably by the time the show ships it will be out there... But with some time, we can tell if this is gonna be a model that makes sense for Bisq. Does it sound like something you'd be willing to do?

I'd love to come back. And just to echo your point, that's exactly -- that's kind of our highest aspiration here... If we can prove this out, this DAO model, for decentralizing the governance and the funding of a trading application, right? That's where it begins. And the question becomes "What else can you do this with?" Of course, we don't think it's limited at all to doing it just for a trading application, so if we can set any kind of example for ways that other applications can do this...

And again, we think after all this madness and irrational exuberance - it's all natural; people are out there exploring and trying different things with all these ICOs and so on... What we hope will come out on the other side is this sober realization and remembrance that working software matters, and there's a reason that we value people who have saved up money and spent their time and sweat building something, and then tokenizing it.

We've proved the concept and all that stuff, so if we can demonstrate that with Bisq and make any kind of an example for people - that's a very high goal... But it really is sort of what I'm up to here and why I'm excited, because again, I've just sort of been through all of the different incarnations of attempts to monetize open source, and I think they're all inelegant and inefficient by comparison to what we can do in the future.

Very good. Let's leave it there, man. I think that the future will tell; certainly high hopes, certainly very interested in how this may roll out. Thank you so much for joining us.

My pleasure. Thank you, guys!

Changelog

Our transcripts are open source on GitHub. Improvements are welcome. 💚

0:00 / 0:00