Operating a Bitcoin business is difficult and, a lot of times is the first step down the road which brings pretty much 9x% to crime within six months to a year (archived). With the excess influx of Venture Capital into companies pretending as to have any involvement with Bitcoin, I sat down with David "davout" Francois CTO of Paymium, formerly known as Bitcoin-Central, to talk about the fundamentals from his personal experience in developing a Bitcoin company that can survive the ruthless climate of the world of Bitcoin.
Startups like Coinbase have been performing overreaching bounds in the name of regulation, particularly those claimed to enforced by the US. Many have criticized Coinbase of habitually overstepping the boundaries of user's trust such as wiretapping addresses. Despite the numerous complaints of privacy invasions by Coinbase from their users, some still defend the company claiming they are just trying to stay in compliance with the law. Mr. Francois stated to Qntra his views of upholding state financial regulations, while maintaining users' trust:
It's not the fact that a fiat-bound institution follows existing regulation that is problematic in the eyes of the customers, it's when the 'compliance effort' goes way past the actual, documented, regulation. Any reasonably intelligent customer perfectly understands that having a business relationship with a state-registered financial institution implies a privacy trade-off.
On the other hand, what such a person does not expect, is being subjected to entities arbitrarily 'blacklisting' specific Bitcoin outputs. Those who tried sending coins from 'darknet-related' web wallets to Coinbase can serve as illustration. That's where my personal red line lies.
The way we operate also helps us keep the regulatory concerns under control because we clearly separate the Bitcoin side (which is handled by Paymium) from the fiat side (which is handled by our financial partner). The fiat currency that is traded on Paymium is in properly segregated accounts, that exist individually in the books of our financial partner. A nice side-effect of this, is that, should we ever become 'victims of our own success', our customers would simply be able to go knock on the financial institution's door, and get their fiat back.
He went on to state Bitcoin businesses need to take responsibility in preventing Venture Capitalists from hijacking the company from its principles for the sake of fiat delusions:
The funding doesn't change our principles as a company, or those I hold for myself. If at some point I step down as the CTO, that'll mean they will have started to contradict each other.
Paymium is one of the oldest Bitcoin exchanges still in operation today. This Bitcoin business has weathered the likes of storms such as pirateat40's Ponzi scheme, the collapse of GLBSE, the rise and fall of ASICMINER, and the self-destruction of Mt. Gox. Exchanges in particular seem to inevitably have problems that become headlines. Mr. Francois explained:
I would say exchanges combine quite a few factors: visibility, because they try to get as many users as possible; large holdings correlated to their visibility; a natural attraction to feature bloat, fueled by what consumers have come to expect, which in turn naturally increases their attack surface; a tendency to also want to act as a real-time wallet, opening up a lot of additional attack vectors; weaknesses in their audit and accounting procedures (the mtgox example is a very instructive one in this respect).
Highly visible companies such as Coinbase, Bitstamp and others have been known to heavily outsource security to third parties claiming it allows developers to focus on "what matters". Qntra reported earlier this year on a security vulnerability found in Coinbase's infamous 2-factor authentication. Paymium handles all security procedures internally with great care. Withdrawals are not done in real time as Paymium doesn't utilize a hot wallet, and instead holds all Bitcoin funds in cold storage. Mr. Francois acknowledged the burden and benefit of handling security internally with a small team:
Yes, not externalizing security does add a noticeable burden on the team, but it's the only way to get a shot at *actual* security. Pretty much in the same way you'll usually need to do the talking yourself, to get a shot at *actual* women.
The approach where one derps around with angularjs, and CSS, but 'outsources' its security simply does not work at anything else than achieving weak illusions and marketing mumbo-jumbo.
Paymium has a growing merchant services business, acting as a payment processor similar to Bitpay. Proponents of larger blocks cite retail payment processing throughput as a need for increased block sizes, however Mr. Francois stated the use of merchant services as a "means to an end" rather than a core business:
It's pretty consensual among intelligent people, that Bitcoin sucks as a payment system. Which is precisely why we see the merchant services as nothing more than a way to bring volume to the exchange, investing a bit of time into remittances follows from the same logic, it's just different sides of the same business: bringing business to the exchange. The core has always been, and will stay the exchange. Basing our business strategy on the idea that Bitcoin would scale and get massively used as a customer-level payment system would have probably put us in the situation Bitpay finds itself in today.
Gavin for over a year now has been referencing rapid technological growth as a factor to support a block size increase. Many proponents will state their computer or internet connection would more than handle a blocksize increase, implying that technological progress outpaces the proposed block size increases. If technological growth could not support any block size increase, there maybe no debate at all. However Mr. Francois thinks the debate would still exist, albeit, in another form:
There's all sorts of nonsense in Gavin's head. And yes, at some point, transaction demand will be more important than available space, the fundamental misunderstanding in the public, is that this is a problem, rather than something healthy that ensures the system's security. So, no. Whether demand outpaces technological growth or not, the debate is fundamentally about whether "does Bitcoin have to be inclusive? or is Bitcoin an exclusive system?".
The bar for operating a legitimate Bitcoin business that doesn't scam it's customers is quite high, and comes with a do-or-die mantra. This ultimately separates the trustworthy from the scammers; the professionals from the amateurs; the palea from the lemma. As such, the truth always emerges in the Bitcoin world despite the endless supply of scammers and idiots. When speaking to Mr. Francois, he elaborated on the nature of Bitcoin's illuminative properties:
Bitcoin does not really transform actions, it is basically a massive spotlight that shows everything as it is and quickly vaporizes any bullshit coating idiots like to cover things with. From there it immediately follows that the only sane attitude in handling a fuckup is to actually stand up and clearly admit that they fucked up before sitting down, shutting up and fix whatever needs fixing, and if fixing isn't an option, throw it away and start over. The correct thing is not, like pirateat40, to plan your scam from the beginning, or, like Marku Karupuresu, to pick up the criminal mind along the way, in a doomed attempt to cover-up a failure that got bigger and bigger as time passed, and eventually exploded in a cloud of vaporized shit, covering anyone too dumb to see the mess coming.
Startups parading as Bitcoin businesses rarely amount to any longevity, and with even heavily funded businesses such as Bitpay failing due to a lack of sane management, the fundamentals laid out by hanbot nearly three years ago still remains as a timeless truth. After speaking with Mr. Francois about his real world experience which relate to hanbot's guide, it is clear the path of legitimacy for any Bitcoin business.