- Signal founder Moxie Marlinspike, whom MobileCoin previously described as a technical adviser, may have been more deeply involved in the cryptocurrency project.
- An earlier, nearly identical white paper found online, which MobileCoin CEO Joshua Goldbard called „erroneous,“ lists Marlinspike as the project’s original CTO.
The founder and CEO of encrypted messaging app Signal, Moxie Marlinspike may have been the former CTO of MobileCoin, a cryptocurrency that Signal recently integrated for in-app payments, early versions of MobileCoin technical documents suggest.
MobileCoin CEO Joshua Goldbard told CoinDesk this 2017 white paper is “not something [he] or anyone at MobileCoin wrote,” though it is very nearly a verbatim precursor to MobileCoin’s current white paper. Additionally, snapshots of MobileCoin’s homepage from Dec. 18, 2017, until April 2018, list Marlinspike as one of three members of “The Team,” though his title is not given there. He is not listed as an adviser until May 2018.
The team for the self-described privacy coin has always acknowledged Marlinspike as an adviser to the project, but neither the team nor Marlinspike has ever disclosed direct involvement through an in-house role, much less one so involved as Chief Technical Officer.
If Marlinspike actually was involved as a CTO in MobileCoin’s early days, the recent Signal integration raises questions of MobileCoin’s motivation for associating itself with the renowned cryptographer, along with his own motive for aligning with the project, given the MOB team has historically downplayed this involvement.
“Signal sold out their user base by creating and marketing a cryptocurrency based solely on their ability to sell the future tokens to a captive audience,” said Bitcoin Core developer Matt Corallo, who also used to contribute to Signal’s open-source software.
Goldbard shared another document dated Nov. 13, 2017, same as the other white paper, which does not list a team for the project. He claimed that this white paper was the authentic one and the other was not.
“Moxie was never CTO. A white paper we never wrote was erroneously linked to in our new book, ‘The Mechanics of MobileCoin.’ That erroneous white paper listed Moxie as CTO and, again, we never wrote that paper and Moxie was never CTO,” Goldbard told CoinDesk.
This book is actually the most recent “comprehensive, conceptual (and technical) exploration of the cryptocurrency MobileCoin” posted on the MobileCoin Foundation GitHub, which Goldbard describes as project’s “source of truth” and serves as the most up-to-date technical documentation for the project.
This ”real” version of the paper is nearly identical to the “erroneous” white paper except there is no mention of team members or MobileCoin’s pre-sale details. (Both white papers and current MobileCoin technical documents are embedded at the end of this article for reference.)
Goldbard said the “erroneous” white paper was accidentally added as a footnote to this latest collection of technical documents compiled by Koe, a pseudonymous cryptographer who recently joined MobileCoin’s team. That footnote also lists Marlinspike as a co-author of the paper along with Goldbard.
“He just googled it, like everyone on the internet seems to be doing today, and put [it in] as a footnote. It was an oversight. I did not notice it in my review of the book prior to publishing,” Goldbard told CoinDesk.
A metadata analysis of the papers run by CoinDesk shows that the “erroneous” paper was generated on Dec. 9, 2017, while the “real” paper was generated two days later.
Marlinspike declined to comment on the record about his professional relationship with MobileCoin.
A tale of two papers
In a December 2017 Wired article titled “The Creator of Signal Has a Plan to Fix Cryptocurrency,” Marlinspike went on the record as a “technical adviser,” a title CoinDesk has also used to describe his relationship with MobileCoin in the past.
“There are lots of potential applications for MobileCoin, but Goldbard and Marlinspike envision it first as an integration in chat apps like Signal or WhatsApp,” the article reads.
It also states that “Marlinspike first experimented with [Software Guard Extensions (SGX)] for Signal.” These special (and expensive) Intel SGX chips create a “secure enclave” within a device to protect software, and MobileCoin validators require them to function (validators, as in other permissioned databases, are chosen by the foundation behind MobileCoin).
Signal Adds a Payments Feature—With a Privacy-Focused CryptocurrencyThe encrypted messaging app is integrating support for MobileCoin in a bid to keep up with the features offered by its more mainstream rivals.
MobileCoin will bring payments to Signal, but also added complexity and potential regulation. Illustration: Elena Lacey
To try to tame that volatility problem, Marlinspike and Goldbard say they imagine adding a feature in the future that will automatically exchange users‘ payments in dollars or another more stable currency for MobileCoin only when they make a payment, and then exchange it back on the recipient’s side—though it’s not yet clear if those trades could be made without leaving a trail that might identify the user. „There’s a world where maybe when you receive money, it can optionally just automatically settle into a pegged thing,“ Marlinspike says. „And then when you send money it converts back out.“The mechanics of how MobileCoin works to ensure its transactions‘ privacy and anonymity are—even for the world of cryptocurrency—practically a Rube Goldberg machine in their complexity. Like Monero, MobileCoin uses a protocol called CryptoNote and a technique it integrates known as Ring Confidential Transactions to mix up users‘ transactions, which makes tracing them vastly far more difficult and also hides the amount of transactions. But like Zcash, it also uses a technique called zero-knowledge proofs—specifically a form of those mathematical proofs known as Bulletproofs—that can guarantee a transaction has occurred without revealing its value.On top of all those techniques, MobileCoin takes advantage of the SGX feature of Intel processors, which is designed to allow a server to run code that even the server’s operator can’t alter.
MobileCoin uses that feature to ensure that servers in its network are deleting all lingering information about the transactions they carry out after the fact and leave only a kind of cryptographic receipt that proves the transaction occurred. Goldbard compares the entire process of a MobileCoin transaction to depositing a check at a bank, but one in which the check’s amount is obscured and it’s mixed up in a bag with nine other checks before it’s handed to a robotic bank teller. After handing back a deposit slip that proves the check was received, the robot shreds all 10 checks. „As long as SGX is working as promised, you can prove every robot cashier is working the same way and shredding every check,“ Goldbard says. And even if Intel’s SGX fails—security researchers have found numerous vulnerabilities in the feature over the last several years—Goldbard says that MobileCoin’s other privacy features still reduce any ability to identify users‘ transactions to low-probability guesses.If MobileCoin’s privacy promises hold true, Marlinspike says he hopes the cryptocurrency can help Signal reverse a troubling trend toward financial surveillance. If successful, Signal’s use of MobileCoin will also face the same hurdles and critiques that surround all privacy-preserving cryptocurrencies. Any technology that offers a way to anonymously spend money raises the specter of black market uses—from drug sales to money laundering to the evasion of international sanctions—along with the accompanying crush of financial regulations. And that means integrating MobileCoin could expose Signal to new regulatory risks that don’t apply to mere encrypted communications.
„I think it’s phenomenal from a civil liberties perspective,“ says Marta Belcher, a privacy-focused cryptocurrency lawyer who serves at special counsel at the Electronic Frontier Foundation. But Belcher points to a coming wave of regulation to control exactly the sort of anonymous cryptocurrency transactions Signal hopes to enable, including a new „enforcement framework“ the Justice Department published last fall and new regulations from FinCEN that could force more players in the cryptocurrency industry to collect identification details of users. „Anyone who’s dealing with cryptocurrency transactions, especially private cryptocurrency transactions, should be really concerned about all of these proposals and the government pushing financial surveillance to cryptocurrency,“ Belcher says.Matt Green, a cryptographer at Johns Hopkins University, puts it in starker terms.
„I’m terrified for Signal,“ says Green, who helped develop an early version of Zcash and now sits on the Zcash Foundation board as an unpaid member. „Signal as an encrypted messaging product is really valuable. Speaking solely as a person who is really into encrypted messaging, it terrifies me that they’re going to take this really clean story of an encrypted messenger and mix it up with the nightmare of laws and regulations and vulnerability that is cryptocurrency.“But Marlinspike and Goldbard counter that Signal’s new features won’t give it any control of MobileCoin or turn it into a MobileCoin exchange, which might lead to more regulatory scrutiny. Instead, it will merely add support for spending and receiving it. „The regulatory landscape is complicated, but there are ways to do privacy-protecting payments safely,“ says Goldbard. „To be frank, there’s a moral imperative to do so, because Signal has to offer payments in order to remain competitive with the world’s top messaging apps.“As for the possibility of enabling dangerous criminals and money launderers, Marlinspike offers an answer that mirrors one he’s long given for encrypted communications. Just as criminals used encryption for decades before Signal, they’ve used anonymous cryptocurrencies for years before Signal added MobileCoin payments as a feature.
For those criminals, the threat of law enforcement made using even clunky, tough-to-use tools necessary. By making those secure communications and payments easier, Marlinspike argues, Signal didn’t enable those criminals, but instead simply made their tools available to more casual, non-criminal users.“With Signal, we didn’t invent cryptography. We’re just making it accessible to people who didn’t want to cut and paste a lot of gobbledegook every time they sent a message,“ Marlinspike says. „I see a lot of parallels with this. We’re not inventing private payments…Privacy preserving cryptocurrencies have existed for years and will continue to exist. What we’re doing is just, again, a part of trying to make that accessible to ordinary people.“