Fear, uncertainty, doubt and mic drops.

Late last year on 20 December 2017, MIT Media Labs (only loosely affiliated with the MIT university) writer Joichi Ito published four key criticisms of IOTA. It followed over a month of contentious debate about potential security flaws, including some criticisms from Ethereum's Vitalik Buterin.

In the following days, IOTA shed billions from its market cap. Prices dropped to their lowest point since IOTA's early December spike, when value rose on the back of news that IOTA had partnered with Microsoft.

It's not possible to attribute this drop entirely to the criticisms, but it almost certainly played a part.

But today, it's looking a lot more like IOTA's competitors are scared and that recent drops have left the coin very undervalued.

IOTA developers responded to the criticisms at the time through social media, but recently released its official statement in the form of a four-part rebuttal to each of the points, with only trace amounts of sarcasm.

We take full responsibility for allowing this thorn in our side to fester for so long, and we feel it is necessary to put forward an official and comprehensive response to put these questions to rest." - The IOTA Foundation

IOTA criticisms

The following were Joichi Ito's four criticisms:

IOTA was dishonest in portraying Microsoft, and others, as partners. The "coordinator" in IOTA's network is a vulnerable and centralised point of failure. IOTA is not actually fee-free as it claims. IOTA has not adequately solved or explained the issue of existing vulnerabilities.

The IOTA Foundation's response

1. On partnerships

The IOTA team pointed out that at no point did it ever say that there was any kind of formal partnership, and that wherever the word "partner" was used, it was chosen by a representative of the other company. It was actually a representative of Microsoft that declared the company to be an IOTA partner.

From there, inaccurate media reporting took the story and ran with it.

However, the IOTA Foundation also acknowledged that it could have done more by attempting to police the airwaves and spending its resources vigorously stamping out any trace of misinformation rather than working on further development of IOTA.

To be absolutely clear: at no point was a formal corporate partnership implied either directly or indirectly in any post, statement, or press release issued by the IOTA Foundation." - Dominik Schiener, IOTA Foundation

2. On the coordinator

A lot of people have pointed out that the "coordinator" aspect of the network is centralised and vulnerable to issues. In October, the network was shut down, and IOTA developers appeared to move user funds around, suggesting that they have too much control.

The IOTA Foundation's response is that the coordinator is a temporary security measure to bootstrap IOTA during development. And that it has pointed this out many times before.

The October shutdown was the result of a malicious outside attack, and IOTA shut down the network to protect users. Its developers did not move user funds per se, but instead rolled back the network to a snapshot taken before the downage.

The IOTA Foundation pointed out that this was done with the full support of its community, and that such a move wouldn't even have been possible without community support.

"Once the issue was identified and resolved, a snapshot was taken to protect vulnerable addresses, the network full node operators came to a consensus on this snapshot, the Coordinator was turned back on and the network resumed normal operations. IOTA node operators, understanding the importance of the Coordinator’s role in securing the network while it is still young, voluntarily suspended operations during this time.

"The purpose of the Coordinator in the infancy stage of the IOTA network has been transparently communicated throughout the history of IOTA. As the team has explained at length, the Coordinator is a temporary measure to help bootstrap the network and protect it during its infancy. Once there are enough full nodes and transactions to secure and sustain the IOTA network, the Coordinator will be permanently removed from the network."

3. On fees

Ito writes that the IOTA network isn't actually fee free because one's devices will still need to provide processing power and energy to the network.

The IOTA Foundation responded by saying that MIT Media Lab appears not to know the definition of the word "fee."

It also points out that Ito updated his conflicts of interest statement immediately after the publication of the article, removing any mention of his paid position on the board of a company called Helium Systems, which "provides robust and secure IoT device connectivity for a fraction of the cost of our competitors."

Needless to say, IOTA's success would probably destroy Helium Systems.

In addition, the IOTA Foundation highlighted several other inconsistencies in Ito's conflict of interest statement, such as his claim that a $1 million stake in competing cryptocurrencies companies is not material.

So even though Joichi seems to be professing impartiality in his article, the evidence above suggests this may not be the case. One would think that with such obvious COIs, he should make these financial interests in competing technologies manifestly apparent to the reader, as required of faculty and staff at MIT." - IOTA Foundation

4. On explanations of vulnerabilities

The flawed cryptographic function that people identified was not actually a cryptographic function. Its developer, Sergey Ivancheglo, asked MIT's Digital Currency Initiative (DCI) to refer to it as Curl-P instead, to avoid confusion.

But for some reason (see point number 3) they didn't, and people subsequently got confused. The actual point of Curl-P was to act as a sort of copy protection against scam-driven IOTA clones as a necessary precaution against imitators of the open source software.

The Foundation's rebuttal points out that the "cryptographic vulnerability" described by MIT Media Lab basically requires an attacker to simultaneously know things they can't know, do things they can't do, then convince a user with an extremely high degree of technical proficiency to intentionally sabotage themselves.

The crux of DCI's argument is basically that an attack is theoretically possible, and that IOTA's explanations weren't convincing, so therefore the IOTA network technically isn't 100% secure.

The crux of IOTA's rebuttal is that their explanation actually was convincing, and that a failure to interpret it as such is more indicative of DCI's moral and intellectual shortcomings than anything else.

We regret the confusion in the media related to the IOTA Data Marketplace and will take care to ensure such an incident does not transpire again in the future" - IOTA Foundation