[oconnor663]

> They aren't useful outside of "financial engineering."

Without disagreeing with your overall point in 99% of cases, we did actually have a good use for pinning things in the Bitcoin blockchain when I worked at Keybase. If you're trying to do peer-to-peer security, and you want to prove not only that the evil server hasn't forged anything (which you do with signatures) but also that it hasn't deleted anything legitimate, "throw a hash in the blockchain" really is the Right Way to solve that problem.

[wizzwizz4]

The property that makes the blockchain useful for this, though, is that it's widely-distributed. "Throw a classified in the national newspaper" is just as good. Nowadays, we have better solutions (appendable BitTorrent comes to mind), with most of the advantages of blockchain but few of the disadvantages.

[oconnor663]

It's important to think about the exact procedure you want to use for verifying something. Running with your thought experiment, let's say we publish "the root hash of the whole world" (not too far off from what Keybase did) each day in the Times. Now I open my phone to read some messages from Billy Bob, and my phone needs to get that hash somehow. This is just a thought experiment, so let's say for the sake of argument that it tells me to walk down to the convenience store, buy a copy of the day's paper, and scan a QR code on page 12. The problem with that arrangement (even in thought experiment land, where I'm happy to perform these steps every day) is that all the evil server needs to do to trick me is to put a doctored copy of the Times in that one newspaper stand. That's not the level of security we were hoping for. To get real security here, I'd need to do some sort of random sampling of newspaper stands distributed across the country, to build confidence that whatever QR code I'm seeing is the same one that everyone else is seeing. And the kicker is, everyone has to do this. We can't just pay one guy to sample the papers every day and tell us what the QR code was, because now our security depends on trusting that one guy, and the whole point of peer-to-peer security is avoiding that kind of centralized trust.

I think this is actually a great way to talk about the difficulty of the problem that Bitcoin solved, and why so many nerds were so interested in the whitepaper, long before all the real money got involved.

[wizzwizz4]

> The problem with that arrangement (even in thought experiment land, where I'm happy to perform these steps every day) is that all the evil server needs to do to trick me is to put a doctored copy of the Times in that one newspaper stand.

Your analogy is analogous, and that's exactly the same problem as with the blockchain! Unless you're maintaining your own Bitcoin full node, your integrity comes from the provenance: "my lightweight client trusts this full node not to lie to me". This is the same as your "one guy to sample the papers".

All you need to do is grab a copy of the day's paper from your local convenience store, and compare your results with the Times website and two randomly-selected peers (selected from a distribution carefully chosen to ensure that each day's graph is connected). Any discrepancy will be obvious, and undeniable (since you have the physical artefact as a certificate of duplicity), so anyone who discovers a discrepancy can blow the whistle. If no whistle is blown, then either there was no discrepancy, or there is a big conspiracy (i.e., one large enough that blockchain wouldn't have saved you either).

The problem is not all that difficult. The main advantage of Bitcoin is that it's a good enough solution that many people don't feel the need to think about the problem any more – even though it's a marginal improvement over the prior art, with major downsides of its own.

[blibble]

> If you're trying to do peer-to-peer security, and you want to prove not only that the evil server hasn't forged anything (which you do with signatures) but also that it hasn't deleted anything legitimate, "throw a hash in the blockchain" really is the Right Way to solve that problem.

and it only requires the same electricity as a medium sized country to do it

continuously, forever