[localhost3000]

"Instead of relying on trust or regulation, in the blockchain world, individuals are on-purpose responsible for their own security precautions. And if the software they use is malicious or buggy, they should have read the software more carefully."

This is also one of the aspects of "the blockchain" that I struggle with. I don't think normal people want this or should be expected to do this effectively. And once you outsource the security (which most everyone will because it's the rational choice, e.g. Coinbase is better at protecting your crypto than you are, John Q Public.) you're no longer in a "trustless" state. The "trustless" pipe-dream (in the consumer use case) all sort of unravels from there for me.

[kaistinchcombe]

FWIW, my position in the world is protecting vulnerable seniors and people with special needs from fraud. So part of my view that this isn't a better recipe for trust is coming from that perspective - just imagine telling a person with alzheimer's that their life savings are gone and it's their own fault for downloading a virus…

[CraigRood]

I don't think that many users would store their tokens locally. I believe the trust aspect is that YOU have a choice where as currently you may not (if you think globally). You could think of it like hosting your own email server.

[zodiac]

> And once you outsource the security you're no longer in a "trustless" state. The "trustless" pipe-dream (in the consumer use case) all sort of unravels from there for me.

I think the conclusion doesn't follow. An analogous solution is that traditional public-key cryptography (e.g. as implemented in TLS) is supposed to be trustless, but I haven't personally audited or even read any of the relevant code (e.g. TLS), so I'm "not in a trustless state". It doesn't follow that TLS is useless for me.

[manbart]

TLS relies on trusted certificate authorities though. I don't think it was ever intended to be trustless, in fact you specifically get warnings when a trusted certificate authority cannot be found for a given cert.

[zodiac]

I was actually referring to the transport encryption which is designed to be "trustless" (but which, as you point out, is distinct from the digital certificates part)

[vel0city]

Traditional public key cryptography is inherently trustful. Either you're trusting a key because they physically gave it to you, or the key is downloaded from a trusted key server, or the key was signed by a trusted certificate authority, or you got the signing key from a server using HTTPS with a signed webserver certificate, etc.

[localhost3000]

My comment wasn't suggesting that blockchain is "useless" (that obviously isn't true), just that the "trustless" argument doesn't hold up for me, and that is a primary argument for why blockchain is awesome at pretty much every event/talk I go to on the topic.

[zodiac]

So what would you characterize the "trustless argument" as being? Would you say that an analogous argument could be made for TLS?

[celticninja]

I think that putting some responsibility for security on the user is a good idea. All too often users are lax with security and don't realise the impact that has, say when their credentials are used to access a system illegally because they used the password "password", or poor security on their own PC sees it become part of a botnet. If you don't take security seriously when dealing with cryptocurrency then you can be taught a very personal and expensive lesson in no time at all.

[tCfD]

In Trust we trust!

[achileas]

Trust, LLC, a subsidiary of Koch Industries and Union Carbide

[webmaven]

Seems like it would be useful to have norms and regulations against overly centralized control of such an important enabling technology.

If you'll forgive me coining (see what I did there?) a couple of neologisms, we could call this class of regulations "anti-trust" and their enforcement "trust-busting".

[ghthor]

The banks should step up and secure the average joe's private keys.