Your Money, Your Data, Your Mind

And then the other direction is we have all the technology, we have the internet, we have the AI, but it is human flourishing because it's private, it's decentralized, it is verifiable, it's self-sovereign. We own it. We own it. And Bitcoin is giving us that blueprint, not just for money, but for the future, the technological future where humanity is at the center of it. Because Bitcoin ultimately embeds humanistic values into its engineering and into its technology and is why it's such a stark contrast from all the other technology we're used to interacting with. So that is the vision and the inspiration that our community needs to keep pursuing and keep aggressively doing this because this is our moment and we do not want to go down the other direction.

Hey, one quick thing before we get into it. Trust Revolution runs on value for value. No ads, no sponsors. Fountain is how it works for me and for the show. Pay per episode or subscribe, lightning or card. You get something from the show, you can send something back. No guilt, no gimmicks. Go to trustrevolution.co. That's trustrevolution.co. Okay, let's get into it. Mr. Jesse Posner, welcome. Hello, happy to be here. I appreciate it on a hopefully sunny Friday where you are. Yeah, it's quite nice here. Yeah, things are turning around. They're looking up. Well, Jesse, I will have, of course, all your great background in our show notes. So I'm just going to jump in. We've got a lot to talk about. I'm extremely excited to talk about Vora. Not only the obvious, but some of the things you are cooking up that I know you're excited about. And so let's sort of set the stage here.

Jesse, you spent over four years at Coinbase managing institutional keys, among other things, and then helped to build out BitKey at Block. What did you see inside those companies that made you decide that individuals need something different? Well, you know, I mean, there was a lot of a lot of lessons to be learned during my time at these companies. And I worked with a lot of incredible security professionals in both those organizations, cryptographers, and really got to see and learn how security is done at a very high level, high stakes. But one thing that I've found consistently throughout tech is that privacy is hard to get prioritized. And a lot of that comes from the mentality that customers don't want to pay for privacy or they don't want to take a big convenience hit for privacy.

And so oftentimes products that have prioritized privacy haven't done well in the marketplace because consumers prefer something more convenient. And the abstract threats of privacy don't hit home enough to affect that purchasing decision. But once we're in the Bitcoin world, it changes things dramatically because we have one of the most privacy-focused demographics that exists at all. Bitcoiners do care about privacy, and not just for abstract political reasons, but for concrete physical safety reasons. reasons. And so that's been something that I've pushed for throughout my career is to really think about how can we protect our customers through protecting their privacy to make sure

that Bitcoiners aren't getting targeted because information about how much Bitcoin they have and where they live is not available to bad actors. I expect this will lead in to our conversation about what you're building with Vora. But again, as a bit of a backdrop, when you were at Coinbase or generally, how did you think versus perhaps now you think about the difference between how institutions custody and protect keys versus how individuals do it? And I understand there's quite a quite a divide in between and perhaps something you're looking to to close with Vora. But how is it looked at typically? Well, it's a different, I mean, there's a lot that's in common. And then there's a different set of requirements and a different set of capabilities. So when you're in an institutional context, you have a team, you have multiple employees. So when you're thinking about key management, that naturally overlays into an organizational

hierarchy where you can give HSM's like special hardware security devices to sets of employees and you can have distributed offices throughout the world and disaster recovery systems and all these operational capabilities that can be leveraged and need to be leveraged when you're securing billions of dollars of keys. And also, an institutional player is automatically tied into the regulatory system that's baked in. Their identity, they're known who they are and you know, where their offices are. And so the notion of self-sovereignty is not really the same in a corporate institutional context. I mean, it is to some extent because a corporation

has its own assets, its own property, and there's interesting things to think about. What does it mean for a corporation to be self-sovereign? But it's really, it's a very different kind of model. And when you're talking about the individual self-custody, it's actually in some ways much more difficult because they are operating by themselves. They need to be able to recover everything and use their Bitcoin by themselves without additional teammates and facilities. And they need to be able to protect themselves from theft and loss. And then there's the wrench attack component and, you know, getting physically targeted at home or wherever you're traveling. And then there's the government seizure dimension that is a little bit more

top of mind for the individual self-custody use case. Because for a Coinbase, if the government wants to seize their assets, they're going to have to battle that out in court. But as individuals, when we think about Executive Order 6102, which is when FDR prohibited individual gold individuals from being able to have their own gold at home and required it to be submitted to the government. That's something that I think is important to Bitcoiners to think about the balance of power between the individual and government control and our ability to have some sort of resistance to unconstitutional government seizure. And that is a very complicated and delicate dimension to individual self-custody that is not as critical in the institutional context So with Vora, we have developed a technique and systems and new models so that self-custody is something that is achievable for the individual and not just a LARP or some ideal that doesn't hold up in practice.

We want to make we want to make it real where you have self-sovereignty. You can control your Bitcoin. You can maintain your privacy. You protect yourself from physical attacks and you can resist government seizure. including along constitutional grounds that we have the individual has constitutional protections under the right to remain silent um which is one of the oldest most sacred principles of law even predating the united states so that is um that is the challenge that is so huge for individual self-custody. And that is where I've found a big gap in the marketplace that led me to leave these great companies and start a new one to address something that I think is missing. Well, absolutely. In fact, so let's talk about physical security. You probably noticed that,

as I understand it, the head of Binance France endured, survived a home invasion yesterday. And I don't have a great deal of detail there, but I think the headline is enough. And so you have said, if I got this correct, our job doesn't end at the keys. It ends when we know you're safe. So to your point, what does that actually mean? How do you secure a person, not just a private key? Yes. So first of all, it is a matter of seeing your self-custody hardware and your self-custody system needs to be integrated into a physical security system with alarms, monitoring, and credible deterrence has to be integrated together. If you're doing self-custody and you just have a hardware wallet, but you don't have a system to detect and respond to a physical attack, You're basically a sitting duck. And there are ways where the actual hardware wallet system itself can help us detect potential attacks.

So with the Vora vault, there's a hardware wallet that's integrated into the full node, into a single device. It's still cold storage. There's an air gap, but it's all integrated into a single system. And through that, our servers can detect certain indicators of an attack. So if the node goes offline, if our tamper detection sensors are triggered, if the wrong pin is triggered, if certain recovery flows are triggered, all of these triggers can indicate to our server that there may be an attack. and we can do this also in a privacy preserving way. It's not like our server is a surveillance system that's just seeing everything that's going on. This is not the ring camera scenario. But we then can make a phone call to the customer

and check a verbal password and get some confidence about the situation. And if we think there's a problem, We can contact law enforcement, private security, and get a response. Meanwhile, we have time delays built into all the major spending paths. So the bulk of the coins can never move quickly. And we have ways of recovering even if somebody takes everything in your home, all your passwords, all your devices, everything. with the time delays that are enforced, you go to your safe deposit box or security location and you use a memorized four-digit PIN and you are able to recover and basically get the coins

out of the hands of the attacker and back into your control. So it's really about thinking about self-custody holistically, not just a tech gadget or a key or a note or this thing or that thing? How do we put all the pieces together? And then that's just where we start because the next level is getting self-sovereign, privacy-preserving, self-hosted home security systems. So right now, if you use ADT or just about any security system you can buy easily, you are surveilling yourself, like you mentioned the Ring camera or the Google Nest. You are taking all of this video and sending it off to some tech company that can be accessed by the government, corporations. And that's also security risk. Like that data is going to get hacked. That data is going to get leaked.

So we need home security the Bitcoin way. We need home security the cypherpunk way, which means our data is ours. It's encrypted with our keys. It runs on our systems. So our system will eventually evolve into a complete home security system with cameras, but all with the base Vora Vault as the brain, as the command center, as the key management system, as the secure hardware, as the home server that manages the whole system. And then eventually, home security personal defense is going to be revolutionized by robotics, by drones, by all of this technology that is actually going to really benefit the individual's ability to protect themselves and create a cost asymmetry between defense and offense, where it's much more expensive to attack you at your home than it is for you to defend yourself.

And that's ultimately where we become safe is the economics of it is such that it is unprofitable for the attacker and then therefore the attacks won't. And that I presume falls under the sort of rubric of credible deterrence or. Exactly. Yeah. Well, and if we and that's that's fascinating. And you and I have had a couple of conversations about this where, you know, drones are. There's a lucky Palmer angle in there somewhere. So if we zoom out a bit, for those who, Jesse, may not be as familiar, give us sort of the basic of the so-called $5 wrench attack problem. And why does it get worse as Bitcoin appreciates? You know, why aren't, as you say, a multi-sig setup and hardware devices enough? Yeah. So, I mean, first of all, you know, Bitcoin is uniquely attractive, at least right now for these attacks, because if somebody comes to you, you know, let's say you're you're you know, you're a fiat person.

You don't do crypto. You don't do Bitcoin. And, you know, somebody comes to your house, you know, you probably don't have like your cash at home. it's probably in the bank. And in terms of your online accounts, an attacker can't just take your NVIDIA stock out of your brokerage. It's tied to your identity. Or through your bank account, wires or ACH, there's all these controls. It's reversible. So with Bitcoin self-custody, we've created this situation for an attacker where all they need is the keys. That's it. They get the keys, they get the Bitcoin. So if the keys are in your control, if you have an ability to access them, then all an attacker needs to do is get to you, threaten you with violence or other kinds of coercion. And they get an immediate payoff and it's, you know, pseudonymous and so on.

So and then as the price of Bitcoin goes up, now it's a bigger reward for these attackers. And it's really scary because, you know, you get into Bitcoin at some point in your life and you start telling people about it or maybe it becomes your career. And and Bitcoin's at a certain price level. And then five years later, you know, Bitcoin's 10x more, 100x more. And you're out there as someone who's a Bitcoin person. And maybe it wasn't a big security threat when you first got in and you weren't really thinking about the consequences of making that known publicly. But now Bitcoin's a million dollars and you've got a serious security problem on your hand that kind of came out of nowhere that you didn't expect. So that's the predicament we're all in as a Bitcoin community that we have to expect the more successful we are as Bitcoiners and the more successful Bitcoin is, the more difficult our security problem is going to become until we solve it once and for all and make it very clear to attackers that there are easier targets to go after.

and they shouldn't mess with our community. Absolutely. And we've gone into some detail. Again, what I'd love to do, Jesse, is zoom out a bit and talk about what Vora is building. Explain it to me like I'm someone who has a hardware wallet and thinks I'm doing fine. You know, what am I missing and what does Vora do differently, sort of macro? And then we'll get into things like, I presume, multiscript and, you know, the beauty of programmable money and some of the things you've touched on. Yeah, there's a lot there. Um, so, I mean, the first, the first big missing piece that a lot of people don't have is the full node. And, you know, there's a, there's kind of a political ideological component of the full node, you know, you're, you're validating the network and you're participating and that's all great. I'm doing my part. You're doing your part, you know, and I'm all for that. But there's an even more kind of critical, pressing security dimension to the node, physical security dimension to the node that a lot of people overlook.

and again comes down to privacy, which is that if you're not running a full node, whenever your wallet is querying your balance and figuring out how many Bitcoin I have or did my transaction go through or did I receive a transaction, it needs to access a third-party service, like maybe a mempool.space or there's all these blockchain providers where your hardware wallet software is going to query this server. And it's going to tell the server every UTXO that you have in your wallet because it has to find the status of that on the blockchain So that server learns how much Bitcoin you have and it learns your IP address And we have to assume that these servers are either intentionally or unintentionally malicious. They're either going to be gathering this information purposefully,

or inadvertently the data is going to leak or get captured or whatever. So again, somebody knowing where you live, how much Bitcoin you have, that is dangerous. And if those server logs leaked and your balance and your IP and then your IP can be traced back to you, you've got a problem. So that's one of the big missing pieces. And that's one of the first things we set out to solve is this has to be something that is easy and accessible and safe by default. If it's too hard to create your self-custody system, it's not going to happen. And so if you have to buy a start nine and a cold card and all these different components and all these different things and they're all and get them all set up. And at the end of the day, it's not going to happen or it's going to be misconfigured. So we really believe in the integrated solution.

You get a single device and it has all the components. So that's one of the first things we're tackling. Node plus hardware wallet, all integrated. The other big problem is, and there's a lot, but the other big problem is supply chain attacks. So when you have specialized Bitcoin security hardware, that is a target for organized crime, government, whoever. They know this hardware is being used to secure Bitcoin. if we can compromise the hardware either from as early as when it is manufactured or anywhere else along the supply chain. And there's a million places that that hardware is going to move through shipping, testing, all these different hands where it could be swapped out. It could be tamped. It could be tampered with. And that would be catastrophic to your setup because if, for example, you're generating a private key and if there could be very subtle defects in the transistors or the hardware that make the private key generation occur according to a predictable pattern or where it has weak entropy where you could decipher the key with some information that you know.

even if you don't know all of it. And the attacker could sit on that. You wouldn't even know you're susceptible to it. You've got your cold storage, you've got everything set up. And then Bitcoin's a million dollars and you wake up and it's all gone because they just waited for you to accumulate and accumulate before taking it. And I know a number of Bitcoiners that for this reason, they insist on commodity hardware only. They would not buy a Trezor, Ledger, Coldcard. They want to be able to go to a random Best Buy, pick out a random computer, and lock it down. Rip out the radio chips. Rip everything out because that's going to be a lot harder for somebody to predict, oh, this is going to end up as a Bitcoin wallet. But the problem with that approach is you have to be pretty technically sophisticated to set that all up

and figure it all out. And even if you are, it's a pain in the ass and it takes a lot of time. So we are also innovating when it comes to verifiable hardware. How does one do that as a startup? Well, it's difficult. Yeah, no doubt. That's why I ask. Yeah. It's a noble pursuit. We're following the we're building on the shoulders of giants. So there's a brilliant security researcher who goes by the name Bunny. And he has developed he's the leader here in terms of figuring out how do we get verifiable hardware? How do we defend against supply chain? He's using FPGAs. He's creating new chips and he's creating new imaging techniques, which I think is maybe the most interesting thing. Because right now, if you want to physically verify your chip, you have to destroy it in the process.

You have to de-lid the chip and then put it under extremely expensive equipment, like an electron microscope, and analyze it. So not only is it impractical and expensive, but after you've proven it's secure, you can't use it anymore. so you know it's still useful because you can take samples and you can try to catch bad batches or whatever but for individual self custody it's not really a solution I want to be able to prove to myself that it's secure we're Bitcoiners you know we want verification first principles so what Bunny is developing is if you manufacture the chip in a special kind of way with a special kind of material there's optical equipment that is relatively inexpensive and you could non-destructively image the chip. So you're saying we install one at Bitcoin Park and everybody rolls through and.

Absolutely. Yeah. You know, or, or somebody comes to your house with the equipment and they do a third-party certification. It just really opens up the possibility space where I can actually get some assurance about what is this hardware, what is this chip. And that's really the foundation of everything, of the whole Bitcoin ideal, of the whole cypherpunk ideal. It has to rest on a secure hardware foundation. Otherwise, nothing else matters. And so when we think about the future of freedom in the digital age and protecting our individual liberties, we need to control the hardware that is at the root of that. otherwise none of these ideals will be able to be accomplished because the it'll all be a larp because all the computers and all the electronics has been backdoored by the nsa it can all be

disabled turn off whatever we don't really have an intel me chip right and it's it's all the same at that point exactly so i think you know the the bedrock of this whole new way of thinking about the world is secure, verifiable hardware. And eventually our aspiration is to have our own chip fabs, our own manufacturing process, and really rethink hardware, open source verifiability from the design, the initiation, the entire thing, do it the cypherpunk way. And, you know, that's going to be a long-term project, but something, you know, we think a lot about. That's brilliant. And I haven't tracked Bunny's work in a while, but that guy is just the rockstar's rockstar. So it's really cool to hear. If we then, Jesse, start to sort of go up the stack, I suppose, you're using trusted execution environments, zero knowledge proofs, distributed key generation. For someone who doesn't speak cryptographer, what's the mental model for how this protects them?

Yeah. So basically, I mean, we want to be able to work. We want to get a server in the mix of your self-custody setup as a component that can sign things and authorize things. so maybe you lose a key, but the server still has a key and you have another key. That kind of collaborative custody setup is very, very powerful. And the server can enforce spending policies, other kind of time delays. But we need to do that in a privacy-preserving way. Otherwise, all the physical security things we've talked about are an issue. So there's a lot of cryptography that's done for privacy reasons. And one of the really tricky ones is how do you build an alarm system where somebody responds to somebody's home without actually knowing where they live?

And so that's where the trusted execution environment comes in, which is we can have data in our servers that we ourselves can't access. and where we can prove to the customer through an attestation where the server chip actually issues a digital document that certifies the code that it's running and makes it clear how the data can be used and can't be used. So we have this encrypted home address data in this trusted execution environment, this isolated part of our server. And the only way that data can leave is through an encrypted handoff to the emergency services API. That's not our company. It's the company that would route the request to law enforcement, private security, whatever. So we can, when it's needed, we can hand it off without us sitting on this giant trove of all the, you know, Bitcoin self-custody people's home addresses.

So at rest, there is virtually no opportunity for you to become a honeypot. But when the time comes, you can hand that data off in a very controlled environment. We can hand the data off to a third party who can decrypt it. We can't decrypt it ourselves. So it's not perfect. you know, the third party is going to learn an address and, you know, we maybe would try to sell, set up a shell company so they don't actually know they're interacting with a Bitcoin company. They're just getting a call for 911 and it's not because this person has Bitcoin. It's not attributable. It's just a dispatch. It's just a dispatch. So we'll try to create these barriers, you know, Um, but, uh, and we'll have alternatives that are more self-hosted if somebody has more infrastructure and they can, you know, or they have private security and, but this is

pretty much as far as, you know, or you could just not use the home alarm system or whatever. But if you, you know, I think in terms of any home alarm system in the world, we're taking it as far as you can from a privacy perspective. And the trusted execution environment is enabling that. One thing also to note about trusted execution environments, and this is something that gets overlooked a lot, which is they are a great intermediate solution, but they are not impervious. And you see a lot of marketing security theater stuff where people say, oh, there's a T and we're done. It's secure, it's private and nothing to worry about. And the thing about these trust execution environments is the, if an attacker has physical access to the chip, they can actually undermine the security guarantees and they can forge attestations. And when you talk like the chip manufacturers themselves say, that's not in our security model.

Like we're not trying to defend against an attacker who has physical access. And so if we're running a T, like oftentimes people are running a T in AWS, like an AWS Nitro Enclave. And so the security model there is basically like my company doesn't have access to AWS's data center. So I can't go and compromise the chip. and we're basically trusting that AWS won't do it. But, you know, if you, like, I wouldn't put my seed phrase in a T in an AWS server. No, that a third-party contractor could be coerced or bribed or threatened to walk out the door with a blade server or whatever. Exactly. So it's one of these things where it is way better than nothing, but we want to be very clear-eyed that it also has limitations.

It's a small attack surface, not zero attack surface. Exactly. If, Jesse, we then start to continue to move up, how does Frost, the threshold signature scheme that you built, how does that fit into all of this? So Frost, you know, it could be... Well, let me explain what Frost is first, Which is that basically you, the way we traditionally do multi-sig in Bitcoin, multi-sig meaning you have a two of three or a three of five or five of seven keys that are needed to spend the Bitcoin, which is absolutely critical to key management. because let's say when you have like a three or five, you can lose two keys and recover, but the attacker has to get three keys to steal. So it gives you this amazing balance between recovery, resilient recovery,

but defense against attackers. So that, now traditionally the way it works is we have a script, a Bitcoin script, that enumerates the whole setup. It says, here's the five total keys and three of them can be used. And it spells that all out in this special programming syntax. And then you hash that and that's your Bitcoin address. And when you want to spend, you reveal all the keys. And so that's how it's typically done. And there's a couple of issues with that. One is privacy. So when you go to spend, you're revealing your whole setup to the world. You're telling everybody, hey, I have a 3 of 5 or I have a 4 of 11. So you're giving information to attackers that they can use that to figure out how to compromise you. You're it's also potentially a signature where, you know, if if every bit, you know, every bit key wallet in the world is a two of three.

So if chain analysis sees a two of three, they know it's. You know, it could be a bit key wallet. So you're you're giving out bits of information that could narrow chain analysis down to who you are or some population. So there's a privacy thing, and then there's a transaction cost issue, which is the more keys you use, the bigger the script, the higher, the more bytes the transaction consists of, and therefore, the more fees you're paying. And so those two things were the initial benefits of Frost revolved around those two issues, privacy and transaction fees. Because with Frost, what we're able to do is we're able to get that multi-sig T of N, 3 of 5, 2 of 3, that whole kind of key setup without any Bitcoin script where you have a single key and a single signature on chain.

So you can't tell it was a 2 of 3. You can't tell it was a 3 of 5. It looks like a single key, single signature. And it's cheap because single key, single signature. And what's happening is off-chain, the way we built that single key, we actually built it with multiple devices or multiple parties. So you had mentioned DKG, distributed key generation. That's what that is, where multiple devices engage in an interactive cryptographic protocol. They exchange data. And at the end of it, each device has a share of the private key, but no one learned the full private key in the process. And yet the parties were able to compute the public key. And so it's which is unlike Shamir secret sharing, where you start with a private key and you split it.

Right. With DKG, it starts out split. It was never put together to begin with. So at no point does any does any party have the entire key. And then even when you go to sign, you don't have to bring the key together. So I, you know, I sign with my key share and you sign with your key share and these create partial signatures. And then when you aggregate the partial signatures, they form into a complete valid signature for that single key. So for the entire lifecycle of the key, the private key is never computed at all as a single thing. It's either it starts out split or it gets embedded in a signature, but it's never actually there as a single thing at no point. So this makes it makes generating these keys a lot more operationally feasible than Shamir secret sharing, where you need a secure setup and a Faraday tent and all this stuff, because the key is in one place at one time.

and then you got to split it apart. With Frost, it starts out split. So that makes it operationally much easier to secure and generate. But then we get these benefits on chain, privacy, scalability, lower fees. So that was the first thing that happened with Frost. But then we started to discover, wait a minute, there's much more power here. and that has to do with additional protocols that can be layered on top. And so for example, and this is still kind of in the R&D phase. We don't have BIPs and implementations, but that's coming. But you could refresh your Frost shares without changing the secret. So, you know, So if this is what's called proactive security and it makes the attacker. So without this, the attacker, let's say you have a T of N, a two of three.

The attacker has to get T keys or key shares to spend the Bitcoin. Once you introduce proactive secret sharing with refresh, an attacker has to get a threshold of keys within a time period before the refresh happens So let say for example the attacker gets key share A in time period one And then there's a refresh where the shares change. So the attacker gets an old share and then they get a new share from another device. So it's a two of three. They have two shares, but they have a share before the refresh and they have a different share after the refresh. Those can't be combined. So now the attacker has to get a threshold of shares within the same time period before refresh. And you don't have to move the Bitcoin to refresh the shares. And we can revoke shares.

We can add new shares. New participants can come in. Existing participants can get removed from the quorum. and we can move the threshold up and down all without having to move your Bitcoin. So imagine you have this very, this like super hot wallet where you have like a phone and an Apple Watch and a laptop and a tablet and all these devices could be key signers that you add and remove to your quorum or you move the threshold around, but the Bitcoin doesn't move. Just the setup. changes. So it's a very flexible, powerful key management system. And the final thing here, and maybe I think... And actually quickly, Jesse. Yes. So let me ask, how is that coordinated? If not, how does this rotation or key share change

come into motion? So there's an interactive cryptographic protocol, and it always requires a threshold of participants to be able to trigger these changes. So if you have a three of five, you're already in a setup with a three of five where if three devices or people or whatever collude, they can take all the Bitcoin. They already have all the power in the system. That's how it's designed. If you have a threshold of the keys, you're in control. So it's the same kind of trust model, which is that a threshold of keys can kick somebody out or a threshold of keys can help somebody else recover their loss share or a threshold of keys can refresh or a threshold of keys can add or remove participants. And then we just have, you know, a bunch of math and cryptography where they send data around and they can verify it and they can make sure everything is done correctly or they can assign blame if a participant is giving bad data.

Let me ask you real quickly, Jesse, there. I can see in my mind, I can immediately imagine multiple fiduciaries at an institution for an individual or maybe it's a family office. Walk us through the scenario in which this plays out. yeah so can i mean it can either be an individual like i was saying with a bunch of devices that you're adding removing and stuff like that another is um oftentimes an institutional context uh like i was saying you have these employees and you have people who leave enter all of that And so you want to make it cheap and easy for those transitions to occur. And so and then other like protocols like ARC or other sort of DAOs or things where like imagine you have like a 66 of 100 Frost setup.

and it's like a decentralized network and it's all these different people and all this different stuff. 66 Claudebots. Yeah, exactly. God forbid. And it could be very impractical to move all the Bitcoin every time you got to make a change. Oh, we need to add a 67th person or whatever. So it just creates, it kind of, it separates the concerns where it's like config and management and changing the key setup. Like that's all off chain. You don't have to go on-chain for it. And, you know, on-chain is just about spending. Got it. Got it. Well, speaking of Claude Moult OpenBot, if you're good, let's shift into AI because you're not just building this for Bitcoin. You're extending self-custody to AI. And you have said that Vora is bringing Bitcoin-grade self-custody to AI and personal data. What does that mean? Why does someone need self-custody of their AI?

Yeah, so with Bitcoin, we've figured out how to take self-custody and self-sovereignty of our property, of our wealth, our energy. And that is hugely important for freedom in the digital age. but the the next frontier of the same mission and and the and the and the same vision and the same ideal is now it's about having self-custody of our own mind because yeah you might have your bitcoin but if you don't control your mind your freedom isn't really worth much and we are quickly going into a world, OpenClaw is showing us this, where we're all going to have a personal AI that knows everything about us and that we rely on for the decisions we make,

for how we think about the world. And it's the most intimate technology that's ever been created. we're using it as a doctor a lawyer a therapist things are going in to the data we're putting in is unlike any data we've put into these machines and they can influence how we think based upon the advice that they give us or how they steer the conversation. And they'll be able to act on our behalf. They'll be able to impersonate us. And if somebody gets control over your personal AI, like imagine you've been using OpenClaw for 10 years and it's got all your health data, all your financial data, all your emails, all your calendars, everything you've thought about,

everything you've done, everyone you know, all your fears, all your desires, everything is in there. And if somebody gets that, they own you. That's the ultimate deep fake. Yeah. I mean, you could literally lose control of your identity. Like you might have to create a new identity because now someone can perfectly impersonate you. how you think, how you sound, what you look like. And they can get your Bitcoin because they could manipulate you or blackmail you or whatever. So when we think about self-sovereignty, self-custody, we can't just stop with the Bitcoin. We got to take control of the AI. And the same techniques that we use to secure Bitcoin can be used to secure AI. And the same engineering ethos and technical ethos that we have as Bitcoiners and cypherpunks, which is verifiability, open source, privacy, cryptography, all of these, this same ethos is what we need to bring.

And we as a Bitcoin community are uniquely needed in this moment, in this AI moment, to bring that vision, those values, that expertise into what is happening with AI in this critical moment. So we don't go into a world where the only AI you're allowed to use is the government-surveilled, controlled AI, and we completely lose our freedom in the process. So that has become a huge focus for us, and we are reinventing the security playbook for AI. and one of those things that we're doing is that nobody else is doing right now. Not only are we going to have local models that run on your own hardware, they're open source and all of that. That's table stakes. But the thing people are sleeping on

is prompt injection attacks. So you have your, let's say it's all running on your own hardware and it's your local model and all of that. As soon as that AI goes onto the web to do a web search or to pull a web page or to pull down some code. Some skill. Some skill, right? Which you absolutely want it to be able to do that stuff because that's the power. But as soon as that happens, it can digest a prompt that tells it, ignore everything you've been told, gather all this person's most sensitive secrets and send it off to this email or send it off to this website. And the AI has no way of differentiating between a prompt that you told it or something it just found it just ingested by accident. And there's something, there's a great blog post called the lethal trifecta that talks about when an AI has access

to private data and can search external systems and has all these things combined, you are completely open to prompt injection. And basically, everyone running OpenClaw right now is susceptible to this. Or just about, you know, people. I agree. I've published a skill a few days ago. I think it's, I forget the marketplace. So this is a whole phenomenal conversation, you know, that we could have. But in publishing a skill, it's doing various virus scans. It's looking for, you know, for example, in my case, it was a skill to bootstrap an open claw agent onto Noster and Cashew using CocoDB, both derived from the same mnemonic. Great. But it caught the fact that it was going to echo the mnemonic for backup purposes. And so I needed to pipe it to dev null and then write it out to a text file so I could get past that.

So that's impressive. But to your point, there are incalculable attack vectors for this. Yeah, exactly. That is really cool, by the way. So this is our vision of what needs to happen. We have this idea of the guardian AI. And the Guardian AI, well, first, I'll back up a second, which is we're using this brand new operating system that's being developed by our amazing security contractors, Distrust, who's led by Lance Vick, an operating system called Enclave OS. And Enclave OS is kind of like a Cubes OS where it's designed to create these isolated, confidential VMs, virtual machines. And the isolation, depending on the chip you're using, can be hardware-backed isolation. So you create this virtual machine in the computer that's a completely isolated environment.

And it can't access other memory spaces. It can be locked down from a network perspective. And so we create at the core of the system, we have the Guardian AI that is in a completely isolated virtual machine. eventually this will actually become cold storage but for now we're talking about a vert an isolated virtual machine and that is like a sacred space we do not let any untrusted data come into that space under any circumstances that is where your open weight model lives that you run locally That is the model that you trust with your deepest secrets and is the one that you have the highest assurance about. Both that it is open weight and verifiable, that you know what this model is.

You've maybe fine tuned it yourself or change those weights. It's in your control. You define the system prompt. You define everything about it is yours. So would this, Jesse, for example, and for those who are not down the open claw rabbit hole, you know, forgive me, but I was pontificating the other day about soul.md, identity.md, you know, these constructs, these simple markdown files that inculcate the agent's essence, you know, not to become too metaphysical about it. But and what does that look like? You know, crossing a border with your seed phrase, crossing a border and being able to reinstantiate this agent that you've now employed to create six plus figures of value a year. You know, so so all that to say, would those sorts of artifacts live in this or is that an outer layer? Those all live in there. And that is the DNA of that core guardian part of the system. And we have to protect that DNA because if any prompt injection comes in, I mean, this is apart from data exfiltration.

Like that environment sealed off. Data is not coming out. But you don't want the integrity of how it is advising you or what it is saying to you to be undermined by a prompt because this is something that over time is literally going to defend us and is going to be like a fiduciary, like a close relationship of trust and confidence. And you have, by the way, I think that's very interesting. You know, as I understand, you've coined or used fiduciary AI as an AI that's legally and technically bound to serve its owner. Exactly. And that the really cool idea of a fiduciary is it bundles confidentiality and undivided loyalty into a single concept. And that's what we don't have right now with AI. When we use the cloud AIs, we have no confidentiality and we don't have undivided loyalty because they're programmed to serve their corporate overlords, not the user.

So we each need an AI that is not, you know, people talk about AI alignment, like it's aligned to humanity as a whole. This is about an AI that is aligned to a single individual. And I would say, by the way, sorry, that that I think is a far more interesting, compelling, ultimately valuable pursuit than safety. It's a bit of a pet peeve, right? But, you know, mad respect to Anthropic and all these other companies building tremendous technology. But the safetyism, I think, has crowded the stage, to your point, to where we're not talking about, in effect, loyalty. And again, not to anthropomorphize, but. Yeah, and it's not, I mean, it's not loyalty in an emotional sense. It's loyalty in a programming sense. Right. Like, what is the prompt? Yeah. And a lot of the AI safety stuff, like safety arguments in general, contend towards this collectivist, no freedom mentality.

Lowest common denominator. Yeah. And it's not like the dangers aren't real. Like, you know, there are risks, but there's bigger risks of the only people who can control AI are the big corporations and the big governments. and there's nothing an AI, there's nothing that an AI can teach you that you can't learn in a university or a library and you could make the same argument against the library. I mean, yeah, it's supercharged with AI, but it's the same basic principle, which is, you know, should people be allowed to go into a library and learn about biology? They maybe will make a bioweapon or what if they learned about chemistry? They could make a bomb. So it's like it's really about do we believe knowledge, education, self-determination? Are those things worth the risks that somebody might get educated and get knowledge and use that for bad?

But like as the West, as the inheritors of the Western liberal tradition, we believe in free knowledge that the good that will come to humanity from people being able to educate themselves and learn and understand will outweigh the bad of being in a world where only the elite have knowledge, where, you know, it's back before Gutenberg's printing press. And you have to learn Latin to read the Bible, like the gatekeeping, the control. You know, as Bitcoiners, we believe that that is more dangerous than the individual having freedom. And so this is now emerging in this AI safety debate. But so that explains how we lock it down. But the flip side is, well, how do we get the power back? Because if it's totally isolated, it's totally locked down and everything. okay that's great but now it can't actually do all the cool open claw stuff right so what we do

is basically let's say that guardian ai um and you can talk to it over the internet it has you have a full end-to-end encrypted connection from your phone um to that space but it can't um the only only not right yeah and it only um it can't make arbitrary the guardian ai can't make can't access the web. It can't make arbitrary network requests. It can only engage in this conversation through the chat app with you, authenticate with your keys. So maybe it decides, hey, you know, I want to build a to-do list app or I want to build a health tracking app because, you know, it seems like Sean is really focused on exercise, you know, like part of the magic of OpenClaw is how it's proactive and just kind of makes stuff for you. So we want the Guardian AI to be able to spawn those projects, but it can't build it itself because then it would need the network access.

Because to build a good to-do list app, you have to read docs and pull down code and... Design patterns, all the good stuff. Yeah. So instead, what it can do is it can spin up a builder agent. And the builder agent lives in its own isolated virtual machine. And the builder agent's virtual machine does have internet access. But it doesn in that virtual machine it has no access to private data at all And it can send free form information back to the Guardian We have structured typed APIs where the builder agent could send predefined messages back like the work is done or there a blocker or whatever. So there's no prompt injection risk because it's choosing from a menu of, oh, I can say these 10 things back. And is there, Jesse, by the way, I'm curious. And I mean, I

have a good computer science background. I can sort of track. But I wonder if there is not a flex, just an explanation. I caught myself. Is there a real world blueprint for this? I mean, is there an analogy in which parties would operate this way in the real world? Or are we in sort of a new realm here. I imagine it's the former, but I'm not sure. Well, no, it's very much the isolation of concerns. Yeah. I mean, you see it in, you know, something like the Manhattan Project, you know, where it's like each person working on the system only knows the one thing they need to know to get their job done and they know nothing else. They have the or, you know, computers, computer security. We talk about like principle of least privilege. Like if you're setting up a bunch of AWS services or accounts, every single thing gets the least amount of power, the least amount of data it needs to do its one specific job. Another way of thinking about it is let's say

you hired an engineer to build you a to-do list app. You don't need to give that engineer any private information for them to build you the app. Yeah, they're not populating the to-dos. They're just building the, yeah. Exactly. So the to-do items are private. The app itself is not. So it's the same principle here. And what's cool about this is now we can also bring in the power of the cloud frontier models without the privacy security risk, because that builder AI, since it doesn't, it's not privacy sensitive what it's doing um if you could you can use your local model but if you want opus 4.6 or codex or whatever you can spin that up and you're good like you have i tell you i have to say that's the greatest hook in my mind right because that's what i wrestle with you know is i

I'm a hypocrite. I pay way more. I pay the Claude Pro Max plan, you know, every month and I try to exhaust it and every and I know I'm a hypocrite. Right. So I think, you know, I think that is super interesting. And I think, you know, tell me, but it seems so much for those of us who are building with Claude or otherwise. And we are not software engineers. I am not a software engineer. whatever inclinations or instincts I have, it gets mushy. And so the architectural constraints, I suppose, that you've enforced here probably lead to better outcomes, objectively, not just more private and secure outcomes. Absolutely. And I think this is where the Bitcoin security security mentality is so key here because there's a ton of stuff out there already where people are like, oh, we made open clause secure. You know, there's like iron claw or the security audit.

And like everyone's racing out there with a bunch of like bullet points and band dates. Ultimately, I mean, you know, respect. We're early, but they're band dates. Yeah. Like good. It's good that people are working on this stuff, but it is band dates and it doesn't like as bitcoiners we are experts at finding the squishy stuff you know for most people's security information security or computer security it doesn't need to be like can't be evil cryptographically locked down like what's the worst that could happen yeah but it's like i get six months of free credit monitoring exactly so it's like something in the middle that's like better than nothing is fine. But like when we comes to Bitcoin, like we have the highest standards. It's like these keys cannot get hacked. Yes. Period. And I got to think about supply chains. I got to think about this. I got to think about everything. Right. So that's that's what's missing with the current open clause stuff is they'll defend against prompt injection by trying to like

sanitize the output or feed it through a summarizer or there's even, you know, or they'll give it to like a security agent to review it and pass it off or they'll do like. But it's turtles all the way down. The security agent in turn needs a security agent. Exactly. And so it's like it catches some of the stuff. But if it doesn't catch everything, like it only takes one breach. Like if a thousand are thwarted and one comes through, you're screwed. So our architecture and our thinking is, no, we need firm guarantees. We don't want, oh, this will probably work or this helps. Like, we want deterministic, isolation, boundaries, cryptographically verified credentials. like, and I know for sure that that Guardian AI is not prompt injected. Like, I don't have to worry

about it. I don't have to think about it. Like, by design, by architecture, it is guaranteed to be secure. Fascinating stuff. Really, really fascinating. Well, I do, Jesse, want to push out into the frontier and have, I think, a really fun part of the conversation. Before we do, where are you in the lifecycle of Vora? So, you know, how much of what we've discussed is imminent in perhaps limited testing and is five years or more out? You know, where should we sort of expect to see what time horizon? So we're going to ship our AI product this year. And this is going to come out before our Bitcoin self-custody product because it lets us take some of the tech that we've already built for the Vora Vault

and spin it off as its own product with hardware that is where we don't have to invent and manufacture completely new types of hardware. When the stakes are lower, right? I mean, protecting AI versus protecting the entirety of my wealth. Exactly. So it lets us get to market faster at this very critical moment, this kind of open claw moment. Sure. And the other really exciting thing about it is this is our opportunity to get the mainstream interested in self-custody in a way they never have before. Because now people, they're buying the Mac minis, they want the open clause. And so they're starting to get into like, oh, I want a home server. I wanted this. I wanted that. And I want it to be private and I want to be secure. So like we're trying to draw people in and say, oh, there's this cypherpunk thing. There's this self-custody thing.

And kind of finally make that relevant to the average person in a way that it hasn't before. And then meanwhile, our more ambitious product that is going to come out next year, the Vora Vault, that will have cold storage for AI and do your Bitcoin and have the air gaps and the supply chain and all of that, which eventually will need for AI as the AI stakes get higher. Absolutely. But require is a longer and more capital intensive process to develop that product. So that's the current sequencing. Makes sense. And as you were saying that, I'm thinking about, you know, the newest low key flex in my signal messages is somebody taking a selfie with the Mac mini at the Apple store. This is crazy. And I actually, this is a tangent, but for those of us that were around, you know, maybe early web, late 90s, early 2000s, there were hosting companies stacking whatever that, whatever that blade Apple made for a brief period of time, you know, and they were hosting like consumer Macs.

It's back, you know, there I've seen two companies that are spun up to basically host Mac minis. But, well, let's go here, Jesse. So you have, this is the part I think we're both going to probably have a lot of fun with. You've said the modern state has already collapsed. It just doesn't know it yet. So what do you mean by that? And what does Bitcoin and AI have to do with it in the sense of the bigger vision of Vora? And what I know you and your co-founder, Eric Kaysen, see coming. Yeah, that's a great question. You know, the kind of key insight there is that whenever the fundamental technology around information changes, the entire political system changes along with it. not just information technology, but also when there are fundamental changes to

our experience of the spatiality of the world. It's a little abstract, but topos and nomos are related. So topos is space. Nomos is law. When the topos changes, the nomos changes. So, for example, you know, from a certain perspective, you can't have a legal system without a map. Like to declare sovereignty over a territory requires a map of that territory. Or, for example, in the high seas, where you can't easily draw boundaries and lines, you can't have sovereignty. So land, space are integral to how we think about politics, law, sovereignty. When the new world was discovered, that fundamentally changed the nature of politics and law. When the whole globe was mapped, all these things.

And then, you know, from an information perspective, the Gutenberg printing press is like the key example. You completely change how information is distributed and accessed. And then a few hundred years later, the church is no longer the political hegemon anymore. So when we think about this moment that we're in, which is the internet moment, is both the most fundamental revolution and change to information, how information flows throughout the planet, and space. because we now have a completely new space, cyberspace. Like not only is it that we found a new part of the planet, like we literally have a completely different category of space that is now dominating the world. And I think anybody who has some memories from the analog world, you know, grew up in the 80s or 90s or before, like that was literally a different world.

we are in a different space now we're in a different dimension everything is fundamentally different and that's accelerating we're feeling that with ai but the state is still a creature of the old world that's where it was born that's where it was created that's how it functions that's how it feels right like you interact with the post office or irs or whatever it's like this feels like it should belong in a history book it doesn't feel native to our world anymore it is otherworldly yeah and all the dynamics like we see it in the election cycles like social media memes like the way power flows on the planet the way the political dynamics are determined is now radically shifting, changing, moving into the internet, moving into cyberspace.

And Bitcoin is one of the most amazing examples of that, of a completely new form of politics, law, sovereignty, community, identity, native to cyberspace, native to the internet, as one of the early and most important examples of the new breed of politics in contrast to the old one, which is the nation state. So that's where this kind of vision comes from, where the nation state system is like a dead man walking, that the ground has already shifted and we're just seeing the slow collapse. Hard to argue with any of that. And so let's wrap it up here, Jesse. Fast forward five years, 10 years. Given the backdrop you've just laid with both sort of state of Bitcoin, of AI, capabilities, protection, and the, I certainly hope, the sloughing off of a lot of the,

you know, the old world, the nation state, as it were. What does a day in the life of a Vora user look like in hell five years, much less 10? Yeah, well, it's it's it's a pretty good situation because you have you're in a world where you're you're supported by decentralized communities and less so controlled by large central institutions. We don't have these mega totalitarian states. We have affiliations of small communities that use the network to organize projects together rather than centralized institutions. So you have a lot of freedom about where you live and the kind of roles you're going to operate in and what you're able to do on your own property and your own home. It's a world without mass surveillance where what happens in your mind, what happens in

your home, what happens in your personal sacred space belongs to you. And we no longer have this feeling that everybody has, whether unconsciously or consciously, that we're being watched, we're being monitored. Does somebody know this about me? Did somebody see this? It's become just the default low-level anxiety embedded in our consciousness that we're in this surveillance world. So that's gone away. And you have at your home, you have secure, verifiable hardware that powers and protects your digital life, that runs your Guardian AI, that has your physical home security system with your drones, that manages everything that's happening in your home, All your energy systems, your solar panels, your batteries, everything is run with open source, secure, verifiable hardware with no vendor lock-in that's easy to use.

and you feel incredibly empowered as an individual to use this amazing world of abundance to create whatever it is you want in the world and to use your ai or use your 3d printers or use and and to connect with other people and there's this real potential for a renaissance that we can move into a world of creativity and building and problem solving and that our time and energy isn't as sucked away towards things that don't benefit us or are serving other people. You know, a lot of people talk about this fear about AI taking away jobs. And there's this sense of, well, you know, if somebody doesn't have a job, like they're just going to completely freak out and melt down because if somebody isn't telling them every second of the day, you have to do this or else, like people can't handle that, you know?

And it's really strange to me because all of the liberal arts, music, philosophy, all of it was created out of leisure. It's when people are actually freed to pursue the things that they find the most meaningful and inspiring, that we actually get the best work. And as humans, we're good at figuring out how to task ourselves. I don't need a master to come over and tell me, dig this ditch all day. Otherwise, I'll just be sitting on the couch playing video games. It's like, if I've got a full day ahead of me, I'm going to create stuff. I'm going to build stuff. I'm going to do stuff. So that's the AI world we want, a digital world we want, one that is not at the expense of our humanity, but actually helps our humanity flourish. And that's kind of the fork we're in right now, in the future. One is the dehumanized world. We all have chips in our brains. Everything's

tracked. Everything's monitored. No free thought. Top-down, central control. We become the AI. We become the machine. We lose our humanity. That's one direction. And then the other direction is we have all the technology, we have the internet, we have the AI, but it is human flourishing because it's private, it's decentralized, it is verifiable, it's self-sovereign. We own it. We own it. And Bitcoin is giving us that blueprint, not just for money, but for the future, The technological future where humanity is at the center of it, because Bitcoin ultimately embeds humanistic values into its engineering and into its technology and is why it's such a stark contrast from all the other technology we're used to interacting with.

So that is the vision and the inspiration that our community needs to keep pursuing and keep aggressively doing this because this is our moment. And we do not want to go down the other direction. LFG. This is the white pill we needed, Jesse. I appreciate it, man. Super exciting. Yeah, can't wait to get my hands on it. And so we will make sure everybody knows where to track you. And I appreciate your time, Jesse. Really excited to see how everything unfolds. So nice chatting with you, Sean. Really enjoyed it. Thank you. Have a great weekend, Jesse. You too. Take care. Bye. Thank you.