It is a rather unfortunate that two really important developments in the world of fintech both chose the same name to describe two entirely different concepts.

In the world of defi, a token is value that can be transferred from owner to owner using some kind of shared ledger technology so that there is no possibility of “double spending” and therefore unambiguous ownership.

In the world of payment cards, a token is an alias payment card number that can be used anywhere that a payment card can be used but

The growth in these tokens has been exponential. After launching the Visa Token Service (VTS) in 2014, Visa said it had issued 1 billion tokens by 2020, after which growth accelerated to 2 billion in 2021 before doubling this year. There are already more tokens in circulation that physical cards, which is exactly what you would expect if the deployment is successful.

From Visa tokens overtake payments giant’s physical cards in circulation | WKZO | Everything Kalamazoo | 590 AM · 106.9 FM:

xxx

xxx

The key finding of this measurement exercise is that current dollar hegemony is a historical idiosyncrasy, in terms of its length, the size of its lead and its stability.

From The Rise and Fall of Global Currencies over Two Centuries | Banque de France:

xxx

xxx

Researchers at the University of Technology Sydney estimate that insider trading, or front-running, occurred on 10% to 25% of new crypto listings at Coinbase between September 2018 and May 2022, generating at least $1.5 million in profits for whomever was behind the transactions.

From Token Front-Running Was Common at Coinbase Crypto Exchange, a New Study Argues.

xxx

xxx

This post just focuses on the first claims in Mudge’s report, which (honestly) seem to have been written more to jump on the current news cycle than to address an actual issue at Twitter. It’s entirely unrelated to the other claims in the report, but instead is focused on the question of Twitter and spam/bot reporting. And… it’s weird. It is framed as though it supports Musk’s claims that Twitter is lying about spam. But, the details actually show the opposite.

From Twitter Whistleblowing Report Actually Seems To Confirm Twitter’s Legal Argument, While Pretending To Support Musk’s | Techdirt:

xxx

A former Twitter security person, Peiter Zatko, has filed a whistleblower’s complaint with the Securities and Exchange Commission, the Federal Trade Commission and the Justice Department, alleging (amongst other things) that the company and its executives understated or misrepresented the scope of spam or fake accounts on its platform. This echoes complaints by noted entrepreneur Elon Musk as to the status of many accounts, something that could actually be fixed fairly easily, as we will discuss later on, and has therefore been the focus of media coverage (which is framed as if Mr. Zatko’s words support Mr. Musk’s claims, while his actual comments appear to show quite the reverse.)

The whistleblowing complaint, though, included additional and serious claims about a lack of privacy with the social network. He alleged, for example, that a foreign government had forced Twitter to hire government agents, who had access to internal data, and that a U.S. official had warned the company that one or more of its employees were working on behalf of a foreign intelligence agency.

Given the sensitive political nature of some of the debate on Twitter, it is easy to see why this might be a concern.Yet even without agents of foreign powers on the payroll, Twitter is staffed by human beings and human beings are imperfect. Look at the recent case of a former Twitter employee who was found guilty of acceptating bribes in return for providing the identifying information of an account critical of Saudi Arabia as well protected information on other accounts.

Even without corruptible employees, things can still go wrong. Earlier this year Twitter confirmed that it had had a data breach that exposed information on more than five million accounts. The breach was down to a vulnerability that allowed any party without any authentication to obtain the twitter ID (which is almost equal to getting the username of an account) of any user by submitting a phone number/email even if the user had prohibited this action in their privacy settings. In response to this breach, Twitter posted a statement saying that they understand the risks that an incident like this poses and recommend “not adding a publicly known phone number or email address to your Twitter account”. Basically they recommend burner phones and disposable e-mail addresses (kind of like the Apple pseudonymous e-mail addresses).

Wise precautions I suppose, although not everyone has access to a burner phone.Twitter is testing a new profile badge for people who have verified their phone numbers. This could be to signal that an account with such as badge is not a bot, which the company says is one of the ways that helps people find credible info and gives more information about different types of accounts

How much longer are we going to put up with this? Not jus at Twitter but everywhere! We see this all the time! Step one: App or website asks for personal information such date of birth, phone number or mother’s maiden name for “security” although none of the information contributes in any way to transaction security. Step two: App or website gets hacked and your personal information is now in the hands of scammers, nation state cyber warriors and perverts. Step three: Rinse and repeat.

It is time break out from this mad loop, and there is an opportunity for Twitter to lead the charge because the way to stop Twitter from leaking personal data, or to stop it from being a target for hackers trying to loot personal data, is not to tighten up the security practices around personally identifiable information (PII) but to stop collecting it in the first place. Twitter is a messaging system (one that I like very much and use all the time), it is not a know-your-customer (KYC), anti-money laundering (AML), counter terrorist financing (CTF) or politically-exposed persons (PEP) management system.

Data is not the new oil it is the new plutonium and personal data is the new nuclear waste. Twitter as a nuclear waste containment facility is not a viable business, so they should get out of it.

Sustainable Models

We all know what to do, which is to shift from identification to authorisation and embrace the reputation economy. Here’s how this works: I want to know something about you, but I don’t want any of your personal information because that is toxic waste that will inevitably leak from my systems because I will always spend more money on marketing and stock buybacks than detailed risk analysis and appropriate countermeasures. Hence I ask you to present a credential, which is a fact about you that is digitally-signed by someone I can trust (by which I mean, of course, someone I can sue). If you tell me that you are over 21, whatever, But if you present a credential from Wells Fargo that says that I you over 21, great.

This can transform Twitter’s modus operandi because there is no reason for them to know who everyone on their system is, but there is every reason for them to know what everyone on their system is: It is important to the integrity and value of their social graph to know whether you are a person or a bot, to know whether you are American or Iranian, to know whether you are the same real person behind multiple accounts. Whether I am Dave Birch or not, much less which Dave Birch I am, is not their business.

What I mean by this is that Twitter do not know whether I am a non-executive director of Cinnte Solutions or not and it would cost them time and effort to find out. But why should they bother. Apart from anything else, it’s none of their business and I don’t want it to be any of their business. I strongly agree with über crypto lawyer Preston Byrne who said that the only opinion that he wants from a social network is whether particular content was published by a particular account. When you see a tweet from me calling for the arrest of the Chancellor of the Exchequer for running a Ponzi scheme (national insurance, in case you are wondering) you need to know that this piece really was published by @dgwbirch and you may want to know that @dgwbirch is a person. Other than that, the social networks opinions are tangential and irrelevant.

The way to move forward here is for Twitter to give up trying to build its own verification services and move away from the blue check “totally unknown vs. totally known” bifurcated world toward the three state solution that I have argued for before. Once I am “known” (that is, I have an IS-A-PERSON or IS-A-BOT credential), then I can go on to be “verified” if I want to be. Again, not by Twitter, but by someone or thing who can attest to relevant facts, as shown in the diagram below. In this straightforward scheme, “unknown” users show up in red, “known” users show up in yellow and “verified” users show up in green (and perhaps even with a blue tick, for historical reasons.) 

Most normal people, I imagine, will leave their Twitter account in the default yellow setting of “known only” which means that the nonsensical ramblings of flat earths, bots and sock puppets will not show up in their feed. Some people might want to go tighter with a green “verified only” setting. Either way, should Twitter’s data redoubt be stormed by shock data troops of a foreign power, organised crime or nosy hackers, they will be none the wiser as to the personal data of any of the account holders, since Twitter does not have it. Twitter knows that Barclays Bank know that I am a person, but Twitter does not know which person. And if I break the law by tweeting incitement to murder someone, the police can obtain a warrant to have Barclays Bank reveal which of their customers I am.

Now, perhaps for some reason you might need to know that @dgwbirch is in fact the David G.W. Birch who is a director of Cinnte Solutions. In which case, that link can be demonstrated by any number of third parties and presumably one or more of those will be trusted by you. So the working solution is to find out which credential you will accept and provide it to you. There is some great work going on in the world of claims, presentations and verification right now and there is no doubt in my mind is that this is how mass-market digital identity infrastructure will work.

In her keynote to Identiverse in Denver earlier this year, identity OG Eve Maler, Venn Queen and @xmlgrrl, said that IS-A-PERSON is the most important credential of all (she is 100% correct, by the way) and the “killer credential” for bring digital identity into the mainstream. There is a great opportunity for Twitter to get hold of this technology and reshape itself for the new world. This way Twitter can focus on building useful tools to enhance the value of the network and forget about trying to set up Turing tests (or intelligence tests) to screen its accounts.

xxx

Management consultant firm, McKinsey, believes that this trickle of money could become a river of capital, or as it surmises as “too big for companies to ignore….it has the potential to be the next iteration of the internet”, estimating that by as near as 2030, over $5trillion of money a year will be spent p.a. in the metaverse. This vast sum is more that the GDP of Japan, at $4.97trillion p.a. – significant, since it is the third largest country in the world.

From By 2030, metaverse revenues p.a. to be worth more than the GDP of Japan.

xxx

xxx

I suspect in the future there will be a premium on good, human-generated content and response, but that huge and growing amounts of the content that people watch and look at and read on content networks (“social networks” will become outdated) will be generated automatically, and the humans will be more and more happy about it.

From The approaching tsunami of addictive AI-created content will overwhelm us.

xxx

xxx

Authorities arrested Esteban Cabrera Da Corte, Luis Hernandez Gonzalez and Asdrubal Ramirez Meza on Tuesday, alleging the group used stolen identities to purchase millions of dollars worth of cryptocurrencies on a “Cryptocurrency Exchange” in 2020. The purchases were funded with bank transfers; after buying the crypto, the men disputed the transactions with the banks, tricking them into reversing the transfers and redepositing the money into accounts controlled by the crime ring.

From Miami Trio Charged With Defrauding Banks and Crypto Exchange of Over $4M.

xxx

xxx

The long-held assumption in the financial services industry is that consumers wouldn’t choose to use services qualifying them as underbanked — cashing checks, purchasing money orders or paying bills through nonbank providers — if they had a banking relationship that provided such services. It is also widely believed that these services prey exclusively upon lower-income adults. But an examination of the demographic makeup of fully banked adults compared with underbanked adults doesn’t support this theory.

From In a Rapidly Evolving Industry, Banking Leaders Must Redefine ‘Underbanked’ – Morning Consult:

xxx

The Federal Trade Commission is currently considering rulemaking for the business of biometric and other personal data. Consumers with an opinion about how their biometric data is managed and mismanaged are likely going to say the FTC should step in to stop any abuse. That is because biometric data is unique in its potential for “life-altering” harm. The Commission is weighing options on commercial surveillance wants public input about regulating unfair or deceptive practices in how companies “collect, aggregate, protect, use, analyze, and retain consumer data, as well as transfer, share, sell, or otherwise monetise that data.”