My brother and I have been working on a big app for Hive for the better part of seven months now. From the initial planning, the testing, the research and everything in between, we've been arguing, discussing, and coding for hours every single day.
Just the other day we finally reached the “happy path,” and we began celebrating a bit. It reminded me very much of when I'm almost done building an instrument. When you string up a guitar, tune it, and strum the first chords, you think you’re finished. Deceptively, it feels like just one final push and it’s finito. But that is never — and I do mean never — the case.
Last night my wife started asking me some difficult questions about the app’s security. She had concerns, and they weren’t concerns I could simply dismiss. After all, these are exactly the kinds of blind spots that can destroy months of effort.
At that point I decided to take a nap and let my mind drift elsewhere. It’s frustrating to see what feels like the end — the checkered flag — and suddenly realize you're not close yet. But I appreciate her input. I value it. Don’t get me wrong.
It’s a difficult balance, you see. The balance between privacy and security.
How do you provide security to users without becoming invasive? Without requesting personal information? If there is no threat, no possibility of legal consequences for bad actors, how do you keep those bad actors away?
I say this knowing full well there is absolutely no way to make a system that is one hundred percent safe. God knows the world of crypto is the most unsafe corner of the internet. One look inside Telegram rooms tells you everything you need to know, and that is precisely the type of environment I wish we could avoid.
Some people will say — and I hear them — that it comes down to educating the user. Teaching best practices and whatnot. Yes, that too. But unless the world suddenly becomes a “manual-reading majority,” we are bound to lead people toward cliffs.
I realize I might be breaking some unwritten rules here, but I don’t see another way out.
For this app to work, service providers may have to self-dox.
Even as I write that, I feel the weight of those words. But I truly don’t see another solution.
And at that point… aren’t we just falling back into KYC shenanigans?
To say that I'm conflicted would be putting it mildly.
— MenO