Edward Snowden Explains Blockchain to His Lawyer — and the Rest of Us

[This piece originally appreared in McSweeney’s new issue, The End of Trust, a collection featuring over 30 writers investigating surveillance, technology, and privacy, with special advisors the Electronic Frontier Foundation.]

Over the last five years, Edward Snowden and I have carried on an almost daily conversation, most of it unrelated to his legal troubles. Sometimes we meet in person in Moscow over vodka (me) and milkshakes (him). But our friendship has mostly taken place on secure messaging platforms, a channel that was comfortable and intuitive for him but took some getting used to for me. I learned to type with two thumbs as we discussed politics, law, and literature; family, friends, and foster dogs. Our sensibilities are similar but our worldviews quite different: I sometimes accuse him of technological solutionism; he accuses me of timid incrementalism.

Through it all, I’ve found him to be the clearest, most patient, and least condescending explainer of technology I’ve ever met. I’ve often thought that I wished more people — or perhaps different people — could eavesdrop on our conversations. What follows is a very lightly edited transcript of one of our chats. In it, Ed attempts to explain “blockchain” to me, despite my best efforts to cling to my own ignorance.

Ben Wizner: The Electronic Frontier Foundation recently joked that “the amount of energy required to download tweets, articles, and instant messages which describe what ‘the blockchain’ is and how ‘decentralized’ currencies are ‘the future’ will soon eclipse the total amount of power used by the country of Denmark.” It’s true that there are a lot of “blockchain explainers” out there. And yet I’m ashamed to admit I still don’t really get it.

Edward Snowden: Are you asking for another math lesson? I’ve been waiting for this day. You remember what a cryptographic hash function is, right?

BW: This is where I’m supposed to make a joke about drugs. But no, I do not now nor will I ever remember that.

ES: Challenge accepted. Let’s start simpler: what do you know about these mythical blockchains?

BW: That I could have been rich if I’d listened to you about this four years ago? But really, I’ve heard a lot and understood little. “Decentralized.” “Ledgers.” What the hell is a blockchain?

ES: It’s basically just a new kind of database. Imagine updates are always added to the end of it instead of messing with the old, preexisting entries — just as you could add new links to an old chain to make it longer — and you’re on the right track. Start with that concept, and we’ll fill in the details as we go.

BW: Okay, but why? What is the question for which blockchain is the answer?

ES: In a word: trust. Imagine an old database where any entry can be changed just by typing over it and clicking save. Now imagine that entry holds your bank balance. If somebody can just arbitrarily change your balance to zero, that kind of sucks, right? Unless you’ve got student loans.

The point is that any time a system lets somebody change the history with a keystroke, you have no choice but to trust a huge number of people to be both perfectly good and competent, and humanity doesn’t have a great track record of that. Blockchains are an effort to create a history that can’t be manipulated.

BW: A history of what?

ES: Transactions. In its oldest and best-known conception, we’re talking about Bitcoin, a new form of money. But in the last few months, we’ve seen efforts to put together all kind of records in these histories. Anything that needs to be memorialized and immutable. Health-care records, for example, but also deeds and contracts.

When you think about it at its most basic technological level, a blockchain is just a fancy way of time-stamping things in a manner that you can prove to posterity hasn’t been tampered with after the fact. The very first bitcoin ever created, the “Genesis Block,” famously has one of those “general attestations” attached to it, which you can still view today.

It was a cypherpunk take on the old practice of taking a selfie with the day’s newspaper, to prove this new bitcoin blockchain hadn’t secretly been created months or years earlier (which would have let the creator give himself an unfair advantage in a kind of lottery we’ll discuss later).

BW: Blockchains are a history of transactions. That’s such a letdown. Because I’ve heard some extravagant claims like: blockchain is an answer to censorship. Blockchain is an answer to online platform monopolies.

ES: Some of that is hype cycle. Look, the reality is blockchains can theoretically be applied in many ways, but it’s important to understand that mechanically, we’re discussing a very, very simple concept, and therefore the applications are all variations on a single theme: verifiable accounting. Hot.

So, databases, remember? The concept is to bundle up little packets of data, and that can be anything. Transaction records, if we’re talking about money, but just as easily blog posts, cat pictures, download links, or even moves in the world’s most over-engineered game of chess. Then, we stamp these records in a complicated way that I’m happy to explain despite protest, but if you’re afraid of math, you can think of this as the high-tech version of a public notary. Finally, we distribute these freshly notarized records to members of the network, who verify them and update their independent copies of this new history. The purpose of this last step is basically to ensure no one person or small group can fudge the numbers, because too many people have copies of the original.

It’s this decentralization that some hope can provide a new lever to unseat today’s status quo of censorship and entrenched monopolies. Imagine that instead of today’s world, where publicly important data is often held exclusively at GenericCorp LLC, which can and does play God with it at the public’s expense, it’s in a thousand places with a hundred jurisdictions. There is no takedown mechanism or other “let’s be evil” button, and creating one requires a global consensus of, generally, at least 51 percent of the network in support of changing the rules.

mechanically, we’re discussing a very, very simple concept, and therefore the applications are all variations on a single theme: verifiable accounting. Hot.

BW: So even if Peter Thiel won his case and got a court order that some article about his vampire diet had to be removed, there would be no way to enforce it. Yes? That is, if Blockchain Magazine republished it.

ES: Right — so long as Blockchain Magazine is publishing to a decentralized, public blockchain, they could have a judgment ordering them to set their office on fire and it wouldn’t make a difference to the network.

BW: So… how does it work?

ES: Oh man, I was waiting for this. You’re asking for the fun stuff. Are you ready for some abstract math?

BW: As ready as I’ll ever be.

ES: Let’s pretend you’re allergic to finance, and start with the example of an imaginary blockchain of blog posts instead of going to the normal Bitcoin examples. The interesting mathematical property of blockchains, as mentioned earlier, is their general immutability a very short time past the point of initial publication.

For simplicity’s sake, think of each new article published as representing a “block” extending this blockchain. Each time you push out a new article, you are adding another link to the chain itself. Even if it’s a correction or update to an old article, it goes on the end of the chain, erasing nothing. If your chief concerns were manipulation or censorship, this means once it’s up, it’s up. It is practically impossible to remove an earlier block from the chain without also destroying every block that was created after that point and convincing everyone else in the network to agree that your alternate version of the history is the correct one.

Let’s take a second and get into the reasons for why that’s hard. So, blockchains are record-keeping backed by fancy math. Great. But what does that mean? What actually stops you from adding a new block somewhere other than the end of the chain? Or changing one of the links that’s already there?

We need to be able to crystallize the things we’re trying to account for: typically a record, a timestamp, and some sort of proof of authenticity.

So on the technical level, a blockchain works by taking the data of the new block — the next link in the chain — stamping it with the mathematic equivalent of a photograph of the block immediately preceding it and a timestamp (to establish chronological order of publication), then “hashing it all together” in a way that proves the block qualifies for addition to the chain.

BW: “Hashing” is a real verb?

ES: A cryptographic hash function is basically just a math problem that transforms any data you throw at it in a predictable way. Any time you feed a hash function a particular cat picture, you will always, always get the same number as the result. We call that result the “hash” of that picture, and feeding the cat picture into that math problem “hashing” the picture. The key concept to understand is that if you give the very same hash function a slightly different cat picture, or the same cat picture with even the tiniest modification, you will get a WILDLY different number (“hash”) as the result.

BW: And you can throw any kind of data into a hash function? You can hash a blog post or a financial transaction or Moby-Dick?

ES: Right. So we hash these different blocks, which, if you recall, are just glorified database updates regarding financial transactions, web links, medical records, or whatever. Each new block added to the chain is identified and validated by its hash, which was produced from data that intentionally includes the hash of the block before it. This unbroken chain leads all the way back to the very first block, which is what gives it the name.

I’m sparing you some technical nuance here, but the important concepts to understand are that blocks in the chain are meant to be verifiable, strictly ordered by chronology, and immutable. Each new block created, which in the case of Bitcoin happens every ten minutes, effectively testifies about the precise contents of all the ones that came before it, making older blocks harder and harder to change without breaking the chain completely.

So by the time our Peter Thiel catches wind of the story and decides to kill it, the chain has already built a thousand links of confirmable, published history.

Money is, of course, the best and most famous example of where blockchains have been proven to make sense.

BW: And this is going to… save the internet? Can you explain why some people think blockchain is a way to get around or replace huge tech platform monopolies? Like how could it weaken Amazon? Or Google?

ES: I think the answer there is “wishful thinking.” At least for the foreseeable future. We can’t talk Amazon without getting into currency, but I believe blockchains have a much better chance of disrupting trade than they do publication, due to their relative inefficiency.

Think about our first example of your bank balance in an old database. That kind of setup is fast, cheap, and easy, but makes you vulnerable to the failures or abuses of what engineers call a “trusted authority.” Blockchains do away with the need for trusted authorities at the expense of efficiency. Right now, the old authorities like Visa and MasterCard can process tens of thousands of transactions a second, while Bitcoin can only handle about seven. But methods of compensating for that efficiency disadvantage are being worked on, and we’ll see transaction rates for blockchains improve in the next few years to a point where they’re no longer a core concern.

BW: I’ve been avoiding this, because I can’t separate cryptocurrency from the image of a bunch of tech bros living in a palace in Puerto Rico as society crumbles. But it’s time for you to explain how Bitcoin works.ES: Well, I hate to be the bearer of bad news, but Zuckerberg is already rich.

Money is, of course, the best and most famous example of where blockchains have been proven to make sense.

BW: With money, what is the problem that blockchain solves?

ES: The same one it solves everywhere else: trust. Without getting too abstract: what is money today? A little cotton paper at best, right? But most of the time, it’s just that entry in a database. Some bank says you’ve got three hundred rupees today, and you really hope they say the same or better tomorrow.

Now think about access to that reliable bank balance — that magical number floating in the database — as something that can’t be taken for granted, but is instead transient. You’re one of the world’s unbanked people. Maybe you don’t meet the requirements to have an account. Maybe banks are unreliable where you live, or, as happened in Cyprus not too long ago, they decided to seize people’s savings to bail themselves out. Or maybe the money itself is unsound, as in Venezuela or Zimbabwe, and your balance from yesterday that could’ve bought a house isn’t worth a cup of coffee today. Monetary systems fail.

BW: Hang on a minute. Why is a “bitcoin” worth anything? What generates value? What backs the currency? When I own a bitcoin, what do I really own?

ES: Good question. What makes a little piece of green paper worth anything? If you’re not cynical enough to say “men with guns,” which are the reason legal tender is treated different from Monopoly money, you’re talking about scarcity and shared belief in the usefulness of the currency as a store of value or a means of exchange.

Let’s step outside of paper currencies, which have no fundamental value, to a more difficult case: why is gold worth so much more than its limited but real practical uses in industry? Because people generally agree it’s worth more than its practical value. That’s really it. The social belief that it’s expensive to dig out of the ground and put on a shelf, along with the expectation that others are also likely to value it, transforms a boring metal into the world’s oldest store of value.

Blockchain-based cryptocurrencies like Bitcoin have very limited fundamental value: at most, it’s a token that lets you save data into the blocks of their respective blockchains, forcing everybody participating in that blockchain to keep a copy of it for you. But the scarcity of at least some cryptocurrencies is very real: as of today, no more than twenty-one million bitcoins will ever be created, and seventeen million have already been claimed. Competition to “mine” the remaining few involves hundreds of millions of dollars’ worth of equipment and electricity, which economists like to claim are what really “backs” Bitcoin.

Yet the hard truth is that the only thing that gives cryptocurrencies value is the belief of a large population in their usefulness as a means of exchange. That belief is how cryptocurrencies move enormous amounts of money across the world electronically, without the involvement of banks, every single day. One day capital-B Bitcoin will be gone, but as long as there are people out there who want to be able to move money without banks, cryptocurrencies are likely to be valued.

BW: But what about you? What do you like about it?

ES: I like Bitcoin transactions in that they are impartial. They can’t really be stopped or reversed, without the explicit, voluntary participation by the people involved. Let’s say Bank of America doesn’t want to process a payment for someone like me. In the old financial system, they’ve got an enormous amount of clout, as do their peers, and can make that happen. If a teenager in Venezuela wants to get paid in a hard currency for a web development gig they did for someone in Paris, something prohibited by local currency controls, cryptocurrencies can make it possible. Bitcoin may not yet really be private money, but it is the first “free” money.

Bitcoin has competitors as well. One project, called Monero, tries to make transactions harder to track by playing a little shell game each time anybody spends money. A newer one by academics, called Zcash, uses novel math to enable truly private transactions. If we don’t have private transactions by default within five years, it’ll be because of law, not technology.

As with all new technologies, there will be disruption and there will be abuse. The question is whether, on balance, the impact is positive or negative. 

BW: So if Trump tried to cut off your livelihood by blocking banks from wiring your speaking fees, you could still get paid.

ES: And all he could do is tweet about it.

BW: The downside, I suppose, is that sometimes the ability of governments to track and block transactions is a social good. Taxes. Sanctions. Terrorist finance.

We want you to make a living. We also want sanctions against corrupt oligarchs to work.

ES: If you worry the rich can’t dodge their taxes without Bitcoin, I’m afraid I have some bad news. Kidding aside, this is a good point, but I think most would agree we’re far from the low-water mark of governmental power in the world today. And remember, people will generally have to convert their magic internet money into another currency in order to spend it on high-ticket items, so the government’s days of real worry are far away.

BW: Explore that for me. Wouldn’t the need to convert Bitcoin to cash also affect your Venezuelan teen?

ES: The difference is scale. When a Venezuelan teen wants to trade a month’s wages in cryptocurrency for her local currency, she doesn’t need an ID check and a bank for that. That’s a level of cash people barter with every day, particularly in developing economies. But when a corrupt oligarch wants to commission a four hundred million-dollar pleasure yacht, well, yacht builders don’t have that kind of liquidity, and the existence of invisible internet money doesn’t mean cops won’t ask how you paid for it.

The off-ramp for one is a hard requirement, but the other can opt for a footpath.

Similarly, it’s easier for governments to work collectively against “real” criminals — think bin Laden — than it is for them to crack down on dissidents like Ai Weiwei. The French would work hand in hand with the Chinese to track the activity of bin Laden’s Bitcoin wallet, but the same is hopefully not true of Ai Weiwei.

BW: So basically you’re saying that this won’t really help powerful bad actors all that much.

ES: It could actually hurt them, insofar as relying on blockchains will require them to commit evidence of their bad deeds onto computers, which, as we’ve learned in the last decade, government investigators are remarkably skilled at penetrating.

BW: How would you describe the downsides, if any?

ES: As with all new technologies, there will be disruption and there will be abuse. The question is whether, on balance, the impact is positive or negative. The biggest downside is inequality of opportunity: these are new technologies that are not that easy to use and still harder to understand. They presume access to a level of technology, infrastructure, and education that is not universally available. Think about the disruptive effect globalization has had on national economies all over the world. The winners have won by miles, not inches, with the losers harmed by the same degree. The first-mover advantage for institutional blockchain mastery will be similar.

BW: And the internet economy has shown that a platform can be decentralized while the money and power remain very centralized.

ES: Precisely. There are also more technical criticisms to be made here, beyond the scope of what we can reasonably get into. Suffice it to say cryptocurrencies are normally implemented today through one of two kinds of lottery systems, called “proof of work” and “proof of stake,” which are a sort of necessary evil arising from how they secure their systems against attack. Neither is great. “Proof of work” rewards those who can afford the most infrastructure and consume the most energy, which is destructive and slants the game in favor of the rich. “Proof of stake” tries to cut out the environmental harm by just giving up and handing the rich the reward directly, and hoping their limitless, rent-seeking greed will keep the lights on. Needless to say, new models are needed.

BW: Say more about the environmental harms. Why does making magical internet money use so much energy?

ES: Okay, imagine you decide to get into “mining” bitcoins. You know there are a limited number of them up for grabs, but they’re coming from somewhere, right? And it’s true: new bitcoins will still continue to be created every ten minutes for the next couple years. In an attempt to hand them out fairly, the original creator of Bitcoin devised an extraordinarily clever scheme: a kind of global math contest. The winner of each roughly ten-minute round gets that round’s reward: a little treasure chest of brand new, never-used bitcoins, created from the answer you came up with to that round’s math problem. To keep all the coins in the lottery from being won too quickly, the difficulty of the next math problem is increased based on how quickly the last few were solved. This mechanism is the explanation of how the rounds are always roughly ten minutes long, no matter how many players enter the competition.

The flaw in all of this brilliance was the failure to account for Bitcoin becoming too successful. The reward for winning a round, once worth mere pennies, is now around one hundred thousand dollars, making it economically reasonable for people to divert enormous amounts of energy, and data centers full of computer equipment, toward the math — or “mining” — contest. Town-sized Godzillas of computation are being poured into this competition, ratcheting the difficulty of the problems beyond comprehension.

This means the biggest winners are those who can dedicate tens of millions of dollars to solving a never-ending series of problems with no meaning beyond mining bitcoins and making its blockchain harder to attack.

BW: “A never-ending series of problems with no meaning” sounds like… nihilism. Let’s talk about the bigger picture. I wanted to understand blockchains because of the ceaseless hype. Some governments think that Bitcoin is an existential threat to the world order, and some venture-capital types swear that blockchains will usher in a golden age of transparency. But you’re telling me it’s basically a fancy database.

ES: The tech is the tech, and it’s basic. It’s the applications that matter. The real question is not “what is a blockchain,” but “how can it be used?” And that gets back to what we started on: trust. We live in a world where everyone is lying about everything, with even ordinary teens on Instagram agonizing over how best to project a lifestyle they don’t actually have. People get different search results for the same query. Everything requires trust; at the same time nothing deserves it.

This is the one interesting thing about blockchains: they might be that one tiny gear that lets us create systems you don’t have to trust. You’ve learned the only thing about blockchains that matters: they’re boring, inefficient, and wasteful, but, if well designed, they’re practically impossible to tamper with. And in a world full of shifty bullshit, being able to prove something is true is a radical development. Maybe it’s the value of your bank account, maybe it’s the provenance of your pair of Nikes, or maybe it’s your for-real-this-time permanent record in the principal’s office, but records are going to transform into chains we can’t easily break, even if they’re open for anyone in the world to look at.

The hype is a world where everything can be tracked and verified. The question is whether it’s going to be voluntary.

BW: That got dark fast. Are you optimistic about how blockchains are going to be used once we get out of the experimental phase?

ES: What do you think?


How a Nigerian ISP Accidentally Knocked Google Offline

Last Monday evening — 12 November 2018 — Google and a number of other services experienced a 74 minute outage. It’s not the first time this has happened; and while there might be a temptation to assume that bad actors are at work, incidents like this only serve to demonstrate just how much frailty is involved in how packets get from one point on the Internet to another.

Our logs show that at 21:12 UTC on Monday, a Nigerian ISP, MainOne, accidentally misconfigured part of their network causing a "route leak". This resulted in Google and a number of other networks being routed over unusual network paths. Incidents like this actually happen quite frequently, but in this case, the traffic flows generated by Google users were so great that they overwhelmed the intermediary networks — resulting in numerous services (but predominantly Google) unreachable.

You might be surprised to learn that an error by an ISP somewhere in the world could result in Google and other services going offline. This blog post explains how that can happen and what the Internet community is doing to try to fix this fragility.

What Is A Route Leak, And How Does One Happen?

When traffic is routed outside of regular and optimal routing paths, this is known as a “route leak”. An explanation of how they happen requires a little bit more context.

Every network and network provider on the Internet has their own Autonomous System (AS) number. This number is unique and indicates the part of the Internet that that organization controls. Of note for the following explanation Google’s primary AS Number is 15169. That's Google's corner of the Internet and where Google traffic should end up... by the fastest path.

A Typical view of how Google/AS15169’s routes are propagated to Tier-1 Networks.As seen above, Google is directly connected to most of the Tier-1 networks (the largest networks link large swathes of the Internet). When everything is working as it should be, Google’s AS Path, the route packets take from network to network to reach their destination, is actually very simple. For example, in the diagram above, if you were a customer of Cogent and you were trying to get to Google, the AS Path that you would see is “174 6453 15169”. That string of numbers is like a sequence of waypoints: start on AS 174 (Cogent), go to Tata (AS 6453), then go to Google (AS 15169). So, Cogent subscribers reach Google via Tata, a huge Tier-1 provider.

During the incident, MainOne misconfigured their routing as reflected in the AS Path : “20485 4809 37282 15169”. As a result of this misconfiguration, any networks that MainOne peered with (i.e. were directly connected to) potentially had their routes leaked through this erroneous path. For example, the Cogent customer in the paragraph above (AS 174) wouldn’t have gone via Tata (AS 6453) as they should have. Instead, they were routed first through TransTelecom (a Russian Carrier, AS 20485), then to China Telecom CN2 (a cross border Chinese carrier, AS 4809), then on to MainOne (the Nigerian ISP that misconfigured everything, AS 37282), and only then were they finally handed off to Google (AS 15169). In other words,  a user in London could have had their traffic go from Russia to China to Nigeria — and only then got to Google.

But… Why Did This Impact So Many People?

The root cause of this was MainOne misconfiguring their routing. As mentioned earlier, incidents like this actually happen quite frequently. The impact of this misconfiguration should have been limited to MainOne and its customers.

However, what took this from relatively isolated and turned it into a much broader one is because CN2 — China Telecom’s premium cross-border carrier — was not filtering the routing that MainOne provided to them. In other words, MainOne told CN2 that it had authority to route Google’s IP addresses. Most networks verify this, and if it is incorrect, filter it out. CN2 did not — it simply trusted MainOne. As a result of this, MainOne’s misconfiguration propagated to a substantially larger network. Compounding this, it is likely that the Russian network TransTelecom behaved similarly towards CN2 as CN2 had behaved towards MainOne — they trusted without any verification of the routing paths that CN2 gave to them. 

This demonstrates how much trust is involved in the underlying connections that make up the Internet. It's a network of networks (an internet!) that works by cooperation between different entities (countries and companies).

This is how a routing mistake made in Nigeria then propagated through China and then through Russia. Given the amount of traffic involved, the networks were overwhelmed and Google was unreachable.

It is worth explicitly stating: the fact that Google traffic was routed through Russia and China before going getting to Nigeria and only then hitting the correct destination made it appear to some people that the misconfiguration was nefarious. We do not believe this to be the case. Instead, this incident reflects a mistake that was not caught by appropriate network filtering. There was too much trust and not enough verification across a number of networks: this is a systemic problem that makes the Internet more vulnerable to mistakes than it should be.


The internet's screen door strikes again – so get patching

Adobe has emitted software updates to address a critical vulnerability in Flash Player for Windows, Mac, and Linux.

PC owners and admins will want to upgrade their copies of Flash to version or later in order to get the patch – or just dump the damn thing all together.

The November 20 security update addresses a single flaw, designated CVE-2018-15981. It is a type confusion bug that can be exploited to achieve remote code execution. Basically, an attacker could slip the exploit code into a Flash .swf file, put it on a web page, and covertly install malware on any vulnerable machine that visits the page.

Because Adobe does not maintain a fixed patching schedule for Flash Player, this isn't technically considered an out-of-band band-aid. However, the update does come just one week after Adobe pushed out a handful of fixes for Patch Tuesday, including one for an information disclosure vulnerability in Flash Player.

That Adobe would post another update just one week after their last patch should underscore that CVE-2018-15981 is a serious enough vulnerability to be a priority fix for users and admins.

After installing this latest fix, those who are tired of the constant security threats might also want to consider taking the advice of multiple security experts and developers and at least disable Flash by default if not permanently.

The notoriously vulnerable plugin has long since been surpassed by HTML5, and most major websites have already transitioned away from Flash, leaving it only really useful for specific sites and applications.

Even Adobe wants to kill off Flash. The Photoshop giant has said that by 2020 it plans to formally retire the plugin once and for all. 


Fake cryptocurrency wallets found on Play Store

Attackers are not only interested in mobile banking credentials and credit cards information to get access to victim’s funds, but also in cryptocurrency. Recently, I found four fake applications on Google Play Store that tried to trick users either in to luring their credentials or impersonating cryptocurrency wallets. These threats imitate legitimate services for NEO, Tether and MetaMask. I reported these apps to Google security team and they were promptly removed.


These four apps are divided in to two categories. The first one is phishing category where malicious app after launch requests from the user his private key and wallet password. That is the case for fake MetaMask app.
The second category are fake wallets. In this category I found three more apps created by the same attacker – NEO WalletTether Wallet.

Fake cryptocurrency wallets do not create new wallet by generating public address and private key. These malicious apps only display attacker’s public address without user’s access to private key. Private key is owned by the bad guy. Once the fake app is launched, user thinks that app already generated his public address where user can deposit his cryptocurrency. If user send his funds to this wallet, he is not able to withdraw them because, he doesn’t own private key. For this purpose, I created two different accounts, however in both of them app assign me the same public address, including the QR code.


Analysis of fake Cryptocurrency wallets discovered on Google Play Store.

  1. Disclose of two fake wallets on official App Store
  2. Demonstration of the apps functionality
  3. Legitimate VS fake wallets
  4. Code analysis
  5. How to stay safe

What concerns me the most is that these fake wallets were created using Drag-n-Drop app builder service without any coding knowledge required. That means that – once Bitcoin price rises and starts to make it into front pages – than literally anyone can “develop” simple but effective malicious app either to steal credentials or impersonate cryptocurrency wallet.

Read Original Article...

How data bundle prices changed over five years

Data bundle pricing has seen volatility over the past few years, with consumers increasingly calling for prices to come down.

A new report from the Independent  Authority of South Africa (ICASA) compares bundle price fluctuations from SA's four major operators over the past five years.
ICASA has published its latest "-annual Report on the Analysis of Tariff Notifications", with the latest  to 30 June 2018. The regulator provides analysis of the price trends between 2013 and 2018 for prepaid data bundles, valid for 30 days, for operators MTN, Vodacom, Cell C and Telkom Mobile.

When looking at a 100MB data bundle, the figures reveal pricing was volatile during the period of 2013 to 2017. Vodacom, MTN and Telkom Mobile charged relatively the same rate for 100MB in 2013. However, Cell C charged 50% less when compared to its competitors.

The graph below shows a major spike in 2014 by Vodacom, which increased its 100MB data bundle by 69% from R29 to R49, while its competitors' prices remained constant. Vodacom then dropped this rate back down to R29 in 2015.

MTN increased its 100MB bundle by 20.7%, from R29 to R35 in 2015, making it relatively expensive when compared to Cell C and Telkom Mobile. Now, in 2018, all four operators charge the same rate of R29.

In 2013, Cell C's 500MB data bundle, priced at R75, was the cheapest when compared to Vodacom, MTN and Telkom Mobile, which charged R99, R119 and R95, respectively. In 2014, MTN dropped its 500MB by 16.8% from R119 to R99, at the same time Vodacom raised the price of 500MB by 60.6% from R99 to R159. Cell C's prices remained the cheapest in 2014.

From 2015, Telkom Mobile reduced its price by 27.4% from R95 to R69 and has remained the cheapest in the market to date. Cell C increased its 500MB data bundle by 13.3% from R75 to R85 and Vodacom took its price back down to R99. However, MTN increased its 500MB data bundle by 6.1% from R99 to R105.

In 2018, MTN discontinued its 500MB data bundle in the market, as per the notification filed with ICASA on 11 April. The operator is now instead offering a 600MB bundle at R99, which is 6% lower than the rate of the 500MB data bundle which was priced at R105.

500MB data bundle price trends for 2013 to 2018

The popular 1GB bundle has also seen some major changes over the years. In 2013, Telkom Mobile charged the highest price for a 1GB data bundle, at R180 per 1GB. Vodacom and MTN charged R149 and Cell C's 1GB bundle cost R155.

As with the previous bundles, 2014 saw a price spike from Vodacom, which increased its price by 87.2% from R149 to R279. This price was then dropped by Vodacom in 2015 back to R149 and has remained unchanged since.

In 2015, Telkom dramatically reduced its price by 45%, from R180 to R99, and it remained unchanged until 2018, when the price increased by R1 to R100. Vodacom, MTN and Cell C all charge R149 for a 1GB data bundle in 2018.

1GB data bundle price trends for 2013 to 2018

When getting into the higher GB bundles, Telkom Mobile had by far the highest prices on specific bundles five years ago, whereas today it is considered the cheapest mobile operator by most.

MTN was the cheapest 2GB data bundle charging R245 in 2013, followed by Vodacom at R249. Cell C and Telkom Mobile had the most expensive 2GB data bundle price, charging R310 and R349, respectively.

In 2014, Telkom's price dropped radically and it has been charging the cheapest price for a 2GB data bundle since then. In 2014, Cell C also dropped its price to R249, where it has stayed since. Vodacom's price has remained constant over the five years at R249.

ICASA says from 2015 to 2018, 2GB data bundle prices remained relatively stable. In 2018, MTN revised its pricing strategy by discontinuing the 2GB bundle and replaced it with a 1.5GB bundle charged at R189. MTN stated the discontinuation of the 2GB data bundle "was due to commercial reasons".

2GB prepaid data bundle prices over five years

When it comes to 3GB data bundles, all four operators have kept their pricing the same over a period of five years.

The below graph shows the operators with the smaller market share were the cheapest when compared to the bigger operators.

For 3GB, MTN has been the most expensive over the five years, charging R330 for a bundle; Vodacom and Cell C have been charging R299 since 2013; and Telkom has been charging R199.

3GB data bundle prices 2014 vs 2018 period

The 5GB bundle prices show the most dramatic changes when it comes to Telkom Mobile's pricing. In 2013, Telkom charged a whopping R819 for 5GB of data. In 2015, Telkom decreased this drastically to R299.

ICASA says "the action was observed as Telkom Mobile's strategy to attract customers and increase its market share". The price for 5GB on Telkom's network has remained unchanged since.

MTN, Vodacom and Cell C's prices were stable over the period at R430, R399 and R399, respectively.

5GB data bundle prices trends 2013 to 2018

The price trend of Vodacom and Telkom Mobile's 10GB data bundles remained unchanged over a four-year period, at R599 and R499, respectively.

MTN's 10GB data bundle, however, has been declining since 2016 and is currently the lowest at R405. Cell C increased its 10GB data bundle prices by 9.1% from R549 to R599 between 2016 and 2018.

10GB data bundle over a period of four years

In 2015, MTN's 20GB data bundle was the most expensive at R1 250, followed by Cell C, which charged R1 099 and Vodacom at R999. Telkom Mobile had the cheapest bundle offering at R899.

However, MTN reduced its 20GB data bundle by 28.1% from R1 250 in 2017 to R899 in 2018. Cell C also revised its pricing strategy by reducing its 20GB data bundle from R1 099 to R799 in 2017. Telkom's price came down from R899 in 2017 to R599 in 2018. Vodacom's 20GB data bundle price has remained unchanged at R999 since 2015.

20GB data bundle price for the period 2015 to 2018

Apple Repairs and Service
Member of the Internet Defense League

BitcoinCash Accepted