What Blockchain Enthusiasts Are Not Saying About Security

Immutability is a feature of blockchain which means that its records cannot be (easily) changed outside of the consensus mechanism. This makes all of blockchain transactions irreversible and immune to chargebacks. It is often hailed by pro-blockchain companies as an important advantage of blockchain which they claim improves security.

It is one of the most impressive-sounding claims in the world of blockchain. It is also one of the most misleading ones.

The problem of immutability positioning in the blockchain world is one of the most important issues for an investor to understand.

Reality is, immutability is important only in peer-to-peer environments. It demonstrably improves security within such environments, but benefits of immutability cannot be trivially applied or compared to centralized systems.

Photo by Jon Moore on Unsplash

Additionally, immutability is rarely, if ever, a solution in itself. When applied to problems blockchain companies claim to solve, there is usually no problem that requires a solution in form of immutability. In fact, in many cases immutability introduces drawbacks that are seldom mentioned or even acknowledged.

The problem of immutability positioning in the blockchain world is one of the most important issues for an investor to understand. But at the same time it is not immediately obvious, and it is a problem easy to obfuscate. It is especially difficult to notice when reading through an actual whitepaper or listening to a pitch about a blockchain use case.

But it is a fallacy in reasoning committed frequently by blockchain proponents, and understanding the actual place of immutability in the blockchain landscape is important for investors, entrepreneurs and the public.

Let’s take a look at this problem in detail.

Mutable transactions are not a problem for centralized environments

Many blockchain companies are trying to sell immutability as an important part of their offering. A lot of their whitepapers underline the fact that transactions are immutable, but they do not explain why immutability would be an advantage in a problem space they are targeting.

For instance, an online identity verification startup I was researching lists immutability as an advantage in their whitepaper:

Because the ledger is immutable, a transfer that has been accepted into the network cannot be reversed. With no trusted intermediary to act on behalf of users or control the movement of their funds, bitcoin transactions are immune to chargebacks and are like paying in physical cash, but online.

This is positioned as an advantage of their solution. However, when I asked their Marketing Director whether there is a problem in the identity verification industry with chargebacks, his response was: “I don’t have data around that”.

Which tells me that there is, in fact, no such problem. And immutability is not an advantage of their solution, it is simply a feature that comes with it, whether identity verification needs it or not.

AIDChain, a startup trying to utilize blockchain for charity assessment, has the same gap in their reasoning:

Thanks to the AIDChain platform and AIDPay, the information automatically or manually recorded on the blockchain will be immutable, tamper-proof and publicly accessible through an open explorer, increasing the level of transparency and allowing public auditing besides AIDChain platform users.

This strikes me as a thinly veiled implication that charity assessment organizations are likely to collude with the charities they assess. So likely, in fact, that we need AIDChain to solve that problem.

But we are presented with no evidence of such a fraudulent scheme ever emerging. Unless there is a proven record of charities submitting documents to charity assessment organizations and then someone tampering with them, blockchain’s immutability adds absolutely no value. And submitting documents in order to then tamper with them seems like a very unpractical way to cheat anyway. I was able to find no scandals involving a charity assessment organization being bribed by a charity so that they allow access to already submitted documents. And yet, this is a problem that AidCoin proudly announces to solve. Where is the value in solving a problem that nobody has?!

And the answer is: there is none. But blockchain requires immutability in order to function, which is why it is there. The nuance here is that the startup is trying to sell it like a security feature relevant to charity assessment, where in reality it is only relevant to blockchain.

Photo by André François McKenzie on Unsplash

Same with many other cases. Many cryptocurrency supporters, for example, will say that the advantage of immutability is that transactions cannot be reversed arbitrarily by the sender. But are transactions being arbitrarily reversed by senders on a scale that warrants a special solution? Research shows that this problem does not exist.

Cryptocurrency supporters sometimes bring up credit card chargebacks, but abuse of credit card chargebacks is in most cases severely punished, and abuses of chargebacks are not at all numerous.

Which means that positioning immutability as an advantage is more of a rhetorical device. By claiming that your technology will make sure that problem X will not happen, when in reality problem X is not happening anyway, you make it feel that your technology is more useful and revolutionary than it really is.

2. Immutability is only necessary for decentralized environments

So why would companies based on completely different premises, such as a cryptocurrency project, a charity assessment organization and an identity verification startup, be so obsessed with chargebacks? An alien from another galaxy looking at these whitepapers might be forgiven to think that chargebacks are the biggest concern of our civilization.

But what all of these companies are not saying is that immutability is a necessary feature in a decentralized environment. In other words, immutability is a solution to a problem that exists in a peer-to-peer environment only. Therefore, immutability is not an advantage, it is an inescapable feature of blockchain, whether you like it or not.

The reason why immutability claims are misleading is because all of these whitepapers rarely, if ever, point out that immutability adds security as compared to a peer-to-peer environment without immutability, not as compared to a centralized environment.

Immutability adds security as compared to a peer-to-peer environment without immutability, not as compared to a centralized environment.

This is incredibly important, because only this understanding allows to begin comparing apples to apples. In the vast majority of cases claims about blockchain security make it seem as if blockchain is being compared to current solutions in the real world, whereas in reality it is being compared to an uncontrolled peer-to-peer environment.

The identity verification company’s whitepaper actually does say it. Let’s look at their wording again:

Because the ledger is immutable, a transfer that has been accepted into the network cannot be reversed. With no trusted intermediary to act on behalf of users or control the movement of their funds, bitcoin transactions are immune to chargebacks and are like paying in physical cash, but online.

This time I highlighted the relevant phrase in bold. It gives away the real reason why their solution uses immutability: because it has removed a centralized controlling component. It has no choice but to have irreversible transactions.

3. The downsides of immutability

So, immutability is not helping solve the initial problem, instead it is a mechanism that makes it possible to operate in a distributed peer-to-peer world with some sort of consistency. But does it have any downsides?

From the point of view of the initial problem, immutability can either be neutral, or have downsides. In the vast majority of cases, immutability will have downsides.

These downsides are rarely, if ever, mentioned by blockchain proponents. Instead, things like chargebacks and transaction disputes are being painted as inefficiencies that need to be removed because they are inconvenient for businesses. Here is an actual quote from a reddit discussion, and it is one of many expressing a similar sentiment:

Visa’s system is trust-based. It causes huge headaches for businesses and enormous inefficiency. Visa requires armies of customer service and dealer service agents to cope with all of the chargebacks and settlement disputes.

But reversibility and chargebacks are primarily consumer protection mechanisms! Isn’t being complacent with theft more inefficient than setting up mechanisms to return the funds to rightful owners, as well as punish and block perpetrators?

It is especially interesting to read such comments, given the fact that many of cryptocurrency proponents are so anti-corporation. But in this case they side with businesses and not customers. The problem they see here is not people being cheated or people trying to fix a mistake, but that it is a huge headache for businesses. I think that this fluke is the result of motivated reasoning, with the aim to protect blockchain from any criticism.

Immutability dramatically reduces consumer protection

So what would be the typical downsides of immutability? They are generally the same for everyone: not being able to fix a mistake, not being able to reverse a transaction to cancel malicious activity, guaranteeing that no chargeback mechanisms are possible in the future. In other words, immutability dramatically reduces consumer protection.

In some cases these downsides might not be as glaring. A crypto-kittens game might afford a bit of theft and a bit of mistakes. But as the stakes grow higher and higher, and wander into finance, identity and legal areas, immutability downsides become central considerations.

Conclusion

The difference between understanding the role of immutability in blockchain solutions could be the difference between adopting blockchain or not. It must be made completely clear to the public: immutability is not an advantage, it is not anything that adds to contract security or financial security. Immutability is the cost of decentralization.

Immutability is not an advantage. It is the cost of decentralization.

Which is perhaps why blockchain companies prefer to largely obfuscate the matter. The sole fact that immutability downsides are never mentioned is a sign that rational evaluation of blockchain technologies is in short supply.

And it is also entirely possible that an understanding of the downsides of immutability is what will eventually kill blockchain.

Read more: https://louigiverona.com/?page=projects&s=writings&t=qa&a=qa_blockchain