Oct 26, 2018
Last December / January, people were promising to use "blockchain" to revolutionize everything--supply chains, poverty, banana sales, etc. This clearly hasn't happened. Why not?
One obvious answer is that many people saying these things had absolutely no idea what they were talking about. Of course tokenizing bananas was never going to work. Plenty of people were scammers or fools, as will always be the case when there is a frenzy of investment.
However, this answer isn't really interesting. There were (and are) rather smart people, like Vitalik Buterin, claiming that blockchains would allow people to coordinate in fundamentally new ways, like building decentralized organizations governed by prediction markets. Some of these ideas were sensible.
So what's the deal? Why don't we have these yet? I think one reason is that building decentralized applications is really difficult. They're a security engineer's nightmare, and even if they weren't, they're excruciating to use. Have you heard of Augur, the decentralized prediction market platform? Have you actually tried to use it? I have, and gave up after an hour's work trying to get the damn thing to connect to the network. These applications are not yet usable, even for engineers.
Eventually these problems will be solved. It's hard to build on smart contract platforms, but it will get easier, and this is the kind of problem we know how to solve. But there is another problem that's far worse, and far more fundamental. It's the same problem underlying (the lack of) end-to-end encrypted email.
Why do we all send email to each other in plain text, rather than encrypt it first? Shouldn't this just be automatic? Technically, email encryption isn't hard. PGP has been around for decades, and it totally works. And almost no one uses it. Dozens of my friends use Signal, but I can count on both hands the number that use PGP. Why?
It's because managing private keys is hard. People lose their devices, forget their passwords, spill coffee on their laptops. In order for PGP to work, people have to be able to always have access to private keys, across any device they wish to use for their email. People don't care enough to deal the hassle this causes. Furthermore, key exchange can be tricky. How do you know that the public key that your friend sent you wasn't intercepted and modified? Do you compare in person? That sounds like a lot of annoying work, and most people, reasonably, won't do it.
What does this mean for blockchain applications? Well, forget about any that require regular people to manage their own private keys. Bitcoin? Sure, so long as people are cool with losing all their bitcoin when their phone gets stolen. Blockchain based social media? Fine unless it's a problem if people commonly get locked out of their accounts (permanently) and have to start over. This technology might be usable for organizations that have the budget for competent IT teams which can manage and backup private keys, but it's not ready for ordinary mortals.
Does that mean this technology will never reach its potential? Not necessarily. I think it's possible to make private key management *much easier* for people. Normal people can't be required to write down their private keys and put them in a safety deposit box. The process has to be easier, and more comprehensible than what we currently have. Hardware security keys (think yubikey) is closer to the right approach. People can think about the value of something that is physical, like gold or cash, or a key-shaped usb device.
I'd like to see a world where people can easily & securely handle private keys. This would be huge. This could solve many elements of online security, like weak & reused passwords. It would make private communications easier, fixing PGPs original problem. And, it would allow people to benefit from the kinds of coordination blockchains enable. I don’t know if sufficiently good solutions to this problem exist, but it's worth finding out. If blockchain technology is ever going to disrupt financial tech, supply chains, etc. then this problem has to be solved.