Why Tamper-Proof Messaging Matters

There's a right way to go on record.

The introduction of ephemeral messaging was the most transformative shift in consumer messaging apps over the past decade. Spearheaded by Snapchat, the idea made its way through all major messaging apps and quite a few social networks. Instagram has adopted it most famously as a FOMO-driven lure to get users to tune in daily to catch the latest exploits of friends and influencers before they disappeared forever. WhatsApp, Signal, Instagram, Telegram, Facebook Messenger and iMessage all have features that allow you to delete sent messages. Many of the aforementioned products can actually auto-delete these messages for you. These are great features for inconsequential personal conversations between trusted parties. Once any of these conditions is no longer true, these apps become a terrible option.

Building Trust in a Trustless World

I have spent the past year and a half tinkering on blockchain-related projects through the lens of cybersecurity. There’s no shortage of bad actors in the cryptocurrency space as evidenced by the plethora of shady dealings and probable malfeasance in the recent billion-dollar blowups of stablecoin protocols, crypto hedge funds, lending desks and exchanges. One of the great ironies is that the underlying technology that powers the entire industry is built around the concept of “trustlessness”, the idea that you don’t have to know or trust the counter-party you’re dealing with in order to safely communicate and transact with them. (I say “communicate” because every transaction on the blockchain is a message sent from one address to another, a key point I’ll return to later.) But because blockchains were so hard to access and understand for the average person, an entire industry of centralized opaque abstractions emerged to make it “easier” for them. The trade-off for ease of use in most cases was the loss of trustlessness. You now had to trust the abstraction layer blindly, thus defeating the whole point of trustlessness in the first place.

The term “dark forest”, a reference to a book by the same name, is often used to describe the paranoia one needs to defend against adversaries in the crypto space at large. I’m convinced that I have met at least one hacker of a major protocol at some of the conferences I’ve attended. In fact, I had a meeting with one half of the couple that was later accused of stealing or laundering $4.5 billion in bitcoin. Unlike bank robbers with fingerprints and mugshots, these people are simply hiding in plain sight. While the term “adversary” usually refers to actors who have malicious intent, there’s a lot more opposing parties who simply have differing viewpoints, interests and agendas at heart. The same paranoia, therefore, extends to them as well and vigilance is required not just on-chain but off-chain as well.

One recent example where communications between opposing parties comes into play in the crypto industry in light of the FTX fallout is a continuing war of words between Gabriel Shapiro (General Counsel at Delphi Labs) and Ryan Selkis (Founder of Messari), who both work at blue-chip crypto research firms. Accusations are flying over who said what when in regards to a bill called the Digital Commodities Consumer Protection Act (DCCPA), which was heavily championed by FTX founder Sam Bankman-Fried. Now that SBF has fallen from grace, industry players are moving to distance themselves from him. Ryan accuses Gabriel of selective disclosure of their chat transcript to frame his reputation in a certain way. Without getting into the inside baseball behind the drama, the oppositional nature of their relationship and the perceived threat of transcript tampering is summed up nicely in the following tweet:

Ryan’s online reputation drives his business so this wasn’t just a personal issue but also a business one. And once it becomes a business issue, a whole new set of parameters come into play in regards to their chat. If this is construed as corporate communications then there might be record retention policies in play or even a fiduciary duty to preserve the communications. It’s perfectly understandable why consumer chat platforms are often used for business (even though it’s against the Terms of Service of many of these platforms) — email is often too slow for a real dialogue to happen and cross-organizational chats are difficult (if not impossible) when using tools like Slack. However, the intimate personal nature that we pre-associate with these consumer messaging apps leads to blurred lines over what’s perceived to be private and personal and what’s corporate and subject to disclosure for business reasons.

Setting the Record Straight

Selective disclosure and other forms of transcript tampering are prevalent problems not just in crypto but across industries. How many times have we heard about a celebrity complaining about one of their quotes being taken out of context to create a scandal? It’s hard to make an assessment one way or another because we usually don’t get access to the raw transcripts behind these interviews. And with the rise of ephemeral messaging, the transcripts might not even exist at all, leaving both parties with the ability to accuse the other of anything because the proof has been wiped clean.

And even when you do have proof, it’s hard to validate it. Consider a situation where you come up with a screenshot of an email, text message, WhatsApp message or Slack conversation. How does an outsider even know that it’s real? We see variations of this problem play out daily in parody memes using obviously faked messages but the underlying impersonation and tampering threat remains very real. What we are left with is a subconscious sense of unease that any representation of a conversation may have been altered or entirely fake.

There are also very real legal and financial ramifications that have played out as a result of message tampering. Here is a recent collection of cases:

• 10 Secret Service agents deleted messages related to the January 6 attack

• Thousands of messages from Portland mayor Ted Wheeler are missing in violation of public record laws

• SBF and FTX’s use of auto-deleting messages was cited as one the most pervasive failures in corporate control

• Wall Street banks were fined $2 billion for using WhatsApp and not complying with record-keeping laws

• Ripple estimated that it would cost $1 million and many months to turn over missing Slack messages to the SEC

Trustless Tamper-Proof Messaging

Returning to the topic of trustlessness, there’s a lot of blind trust that’s placed on companies that operate on top of messaging protocols today. We are reliant on Gmail to implement email protocols as stated and we trust WhatsApp to encrypt our messages the way they said they would. From a technical perspective, Google can refuse to deliver your email or delete/alter your emails if they so chose. If WhatsApp decides not to encrypt one of your messages, would you be able to detect it? Granted, Google and Meta aren’t expected to be adversarial organizations and the threat of reputational damage is the driving force behind them keeping to their commitments as stated. A larger risk that exists is that an external bad actor, be it a rogue insider, a single elite hacker or a nation-state, can infiltrate their infrastructure to do the very things I just proposed because they are all technically feasible. I’m not saying that you can’t trust Google or Meta. I’m saying that there’s a future where you don’t have to.

On a more fundamental level, there is another paradigm of messaging where both sides realize they’re on the record to begin with, either because organizational policies require them to be or because they find themselves in a conversation that is not personal, private, inconsequential and with a trusted party. We can design a system where it is technically impossible for a bad actor to come in and alter messages after the fact and where we can provably say that a specific unaltered conversation happened at a specific point in time not because “we said so, trust us” but because it has been trustlessly validated.

What I’ve described is the underpinnings of Fairo, an encrypted on-chain messaging protocol that I designed and built a reference client for. Fairo is designed to securely transmit conversations on blockchains. Using cryptography and the basic security guarantees afforded by most blockchains, Fairo can prove that a conversation happened as is, in its entirety, without relying on proprietary servers and arbitrary timestamps. Fairo is designed to be an open protocol and will integrate with other messaging protocols to provide on-chain guarantees to off-chain services. My hope is that you might one day be using a messenger that plugs into Fairo without even realizing it.

The initial target audience for Fairo is the crypto industry itself. Even without any regulatory pressure (of which there is a lot right now), there clearly needs to be a better way of doing business instead of using Discord and Telegram. These tools are great for community building but they were not designed to be enterprise messaging tools. I have heard horror stories of crypto hedge funds almost fat-fingering multi-million dollar token transfers based off of an address sent through Telegram. There’s been no shortage of impersonation scams that have flowed through Discord, especially within NFT communities. Enterprise crypto workflows demand a higher standard of accountability and security, especially when there’s millions of dollars on the line. With Noise, Fairo’s reference client, you can send crypto assets along with the message, all without the risk of fat-fingering an address.

Noise is currently in private beta. If you are a builder, an investor, or a crypto-native organization that wants to participate in the Fairo ecosystem, please reach out. And if you think I’m crazy, let me know as well.

My points of contact:
Email: inbound3@fairoinc.com
Twitter: setofsevens