Rivetz For Investors #2 – Analysis By Rivetz Advisor, David Johnston

Tai Zen: So we just went live. As soon as we get confirmation from everyone, then we’ll start the show. All right. I’m getting feedback here.

This is Tai Zen. We have 2 special guests today with us. One is LeonFu.com a right next to him is David Johnston, the chairman of Factom, Inc.

Tai Zen: Instead of explaining who David Johnson is for the new people, I’ll just let David explained himself.

Can you give us a little background on yourself? How did you get into Bitcoin and cryptocurrencies? Then, tell us some of the projects that you’ve worked on in the past and how you got involved with the current project as an advisor.

David Johnston: All right, sounds good.

I was lucky that a friend introduced me to Bitcoin in 2012. It really fits my economic model and I’m sort of a free-market economic advisor.

When my friend explained that it was non-governmental money, which could never be inflated by politicians and was controlled by mat, I was like “Yeah. I’d like to change my green pieces of paper into that.”

I was really lucky to get involved in Bitcoin early. I started going to the conferences, speaking about building startups because that’s what I’ve been doing. My whole career is building technology startups.

One time, I went to the San Jose Bitcoin conference in 2013 and ended up co-founding the BitAngels. This was the first angel investment group in the space in May of 2013 with Samuel Mosque and Michael Turpine. That really led me to get exposed to hundreds of different Bitcoin startups. This is like when Coinbase and Bitpay and all of the early companies were kicking off. BitAngels ended up deploying about $7 million in Bitcoin into a lot of those early companies.

What I realized is my passion was for the low-level infrastructure of the space that everything else was going to need to build on top of. Therefore, I ended up co-founding the decentralized applications venture fund.

In late 2013, I had written the general theory of decentralized applications, white paper, sort of proposing this model for things other than payments and wealth storage.

Then, I ended up getting to advise Ethereum and MaidSafe early on. I introduced the founders of Factom like Paul Snow and Peter Curby and other folks there. That just ended up taking over all of my time in my life, which was helping out with these decentralized applications.

I ran the venture fund for a few years and then ended up as the chairman of Factom. It was the most successful thing in our portfolio. I’m sort of the most overactive chairman ever. I spent like 70 hours a week in their office, mostly helping with investor relations and strategic partnerships and stuff like that.

I’ve gotten a chance to speak at 25-30 blockchain conferences around the world. It’s really cool to be part of a global community where there are just so many people inventing cool technology all the time.

That’s how I ended up as an advisor to Rivetz. I had known Steven, the CEO of Rivetz since 2013 and seen the whole pipeline of the technology from the first proposal to a working prototype.

Now, it is in production where they’re connected to these trusted execution environment chips and phones and computers to make secure transactions and send secure messages.

When I was running the Dapps Fund, I proposed to him that if he could adopt a utility token, that would incentivize people to help support this security network. However, the platform wasn’t there yet. In 2014, Ethereum was yet to come out. A lot of the infrastructure wasn’t there yet. He said it’s too early.

When Steven came back to me in 2017, I thought the pieces were there. We could now actually pull this off to create a decentralized application that extends the security and attestation network we’ve built to everybody that wants to hit that API.

That’s amazing because lately, I’ve just seen how important security is, so I’d love to be an advisor for this project. I think of it as one of those core technologies that’s required for this space to mature and really reach a mainstream audience.

Without secure sending and holding of crypto, it’s always going to be this huge bar of becoming a security expert in order to really access this space. That’s why I’m passionate about it and happy to talk about it from what I know about the project.

Tai Zen: Okay. Now let’s focus on the Rivetz project that you are serving as an advisor. In case anyone is new to our channel, can you explain what the role of a project advisor is?

David Johnston: Sure. I mean it’s definitely a broad title and it really depends on how deep they go into a particular project.

For me, I get the request pretty often to be an advisor on these projects because of my experience in the past. I have to, unfortunately, decline a lot of those invitations because I don’t have the time to advise them all. Nonetheless, I’ll try to take 2 or 3 projects a year.

This job involves reading their white paper when it’s first getting written and hopefully offering useful feedback there. Basically, I like to do an informational report on the projects that I’m helping.

I’ll spend hours asking the founder and the team questions about the technology and economics of what they’re doing. Then, I distill that into an informational report, which I post on my Medium blog.

I usually ask questions like telling me about this team, why this technology matters and so on. That’s some of the value I tried to provide in for people not having the time to spend hours and hours digging into these things.

I try to do that as an advisor, then to be able to answer questions from the community when people say how this part of that work is or why this is important. I try to be calm enough of an expert on the project that I can answer those types of questions and add value that way.

Tai Zen: The way LeonFu.com and I were aware of Rivetz was through you. You brought it to our attention and we saw that as an interesting project.

The other thing that got us interested was we noticed that you’ve been in one of the “veterans” in crypto community space. We know that you don’t write reports on a lot of projects.

Therefore, when we see your report on something, we need to pay attention to it. That’s why I wanted to bring you on for our audience because we know that you don’t do that for too many projects.

Now, could you explain Rivetz to our audience at a basic level?

David Johnston: Rivetz is basically built-in security for people holding crypto, wallets, exchanges or anybody that needs to have a high level of confidence that the person making the withdraw or the deposit is really that person.

Let me just start by saying security today is absolutely terrible.

I had this reinforced just recently. A couple of months ago, I got a call at 11:00 PM when my friend had been hacked. I helped him recover his accounts and told him what he needed to do to reset his passwords and put in Google authenticator and call his phone company to recover the use of his phone.

The truth is it’s just not that hard to hack people. If you call the phone company and somebody doesn’t have a security pin on their account, they’re going to ask you really easy questions.

The hacker called up the phone company and say I lost my phone, so I need you to port my number to my new device. If you don’t have the security pin, they ask you stuff like your address, your last four years social and your birthday.

Are you kidding me? You can find that stuff on Facebook, Google in like 5 minutes without even going to do illegal stuff.

Leon Fu: You don’t even have to go to your carrier. I just recently switched carriers and it was so easy. I could say I could have been anyone to just move my number over to another phone.

David Johnston: Then, at 1:00 PM the same night, I got another call. Another friend’s phone was hacked. This happened every night for 7 nights in a row. There was a concerted effort as the value of cryptographic assets increased recently from these attackers to go after people and tried to get their funds.

Therefore, you got to do things like adding a Google authenticator. All you have to call the company makes sure there’s a pin on your phone and do all these steps.

Leon Fu: Don’t use your phone number as a two-factor authenticator.

David Johnston: Well and even beyond that, you shouldn’t use any phone number. Most of these services will let you print out backup codes instead of using your phone as a recovery mechanism. Instead of using your phone number for 2FA, you need to use the authenticator app.

There are all these steps, but it’s really hard to expect everybody is going to become an expert in cybersecurity.

I spend a week till 3:00 AM for 7 nights in a row calling friends and family and business partners. Eventually, I was just doing this proactively and calling people up and checking things because I don’t want you to be the next person to call me and report this problem. That approach isn’t working. That’ soften referred to as network security.

The idea of Rivetz is that you build in the security of the device itself. Steven is leveraging something that’s been around for a while. He’s actually pioneered the last 15-20 years, which is these trusted computing elements inside the film.

This is basically a separate chip that doesn’t interact with the operating system and it has a public and private key pair. You can sign something from that trusted execution environment (TEE) and send it, which I know really sure that it came from that device. The reason is that the key pair is unique to that device only.

Now, you raise the bar where the attacker would like literally have to get your phone for them to be able to do this attack and they can’t just call up from anywhere. I think Steven has a point when he talks about it. Instead of trying to do network security, which isn’t working, we should really get to devise security.

If you can build device security, you can have a lot more confidence about the people that are sending those instructions.

Today, they use these insecure methods to try to make sure it’s you making that request. This would really bring it to home or levels. When Steven had called me a couple of weeks after this happened, it was really fresh in my mind that security really sucked today.

I said we needed that and needed that at all the exchanges, major wallets for this to really go mainstream in that ecosystem. Otherwise, it’s just going to continue to be a problem.

That’s the most basic way I can break it down.

Rivetz is building this into the actual device as they have relationships with the Intels of the world. They’ve gone through a really long process to get permission from those folks to access the TEE.

Leon Fu: It sounds a lot like Yubikey, which has been around for a while, so why do we need Rivetz then?

David Johnston: How many people have them?

Leon Fu: Well that’s true, but it is 40 bucks each.

I would argue that it is because most services don’t support it yet like banks. I see hardware solutions already exist now, but the challenge really is how you get services to support Rivetz.

David Johnston: Well, I think having the fact that these chips are already built into several billion devices, whether they’re your mobile phone or your PC is a big difference from having to buy the hardware.

For most people, they don’t know Yubikey exists, so the barrier of knowing that technology is available is really high. Get them getting them and thinking that they actually need this level of security is another barrier.

Then, the inconvenience of having a separate device that you need to remember carrying with you adds a third layer of complexity.

For example, you could get a nice camera but you got one on your phone, so you’re just going to use the one on your phone. This is why we saw this great decline between non-phone cameras.

I think that the level of convenience is really the key. When people gonna use it as I think people are going to demand it as all these attacks are happening.

I’m certainly putting out a request right now to the exchanges and hope they integrate this technology.

I know that there are active discussions going on where people are encouraging exchanges to improve their technology because of these attacks. I think the exchanges need to adopt that approach, which is really easy to do. Thanks to Rivetz technology, they will benefit from more customers, more capital, and more confident of their users.

Leon Fu: Let’s say I want to log into my exchange account. I would have to go buy a Yubikey or some kind of hardware dongle, stick it into my computer and then it can authenticate because I have that Dongo.

What you’re saying is that this computer already has that technology built into it. There’s no reason I should have to go buy a separate USB dongle just for this purpose. If the hardware is already there, why are there no exchange or bank using it? It should just become a standard.

Now, we still rely on usernames and passwords. I have to type in a code every 30 seconds to log in. Meanwhile, you’re saying that the exchange just simply knows this is my computer.

David Johnston: You may have actually been using without knowing it. Do you use Apple Pay?

Leon Fu: I have used Apple pay.

David Johnston: Apple pay leverages the trusted execution environment on your phone. As you can see from the example of Apple Pay, people have actually bothered to do this where the money’s on the line.

Leon Fu: Yes.

David Johnston: The history or the security of visiting my Facebook maybe or maybe not crosses that threshold

Leon Fu: My banks don’t use it.

David Johnston: They use other ways of trying to detect the device and IP address and things like that.

My point is it’s starting to enter the mainstream. Apple pay is is a good example where you want to know and connect to that particular device when payment is being made.

What I would say is Steven just at the leading edge and Rivetz is at the leading edge of bringing this technology in the blockchain. There is a lot of technology out there that exists, which hasn’t had somebody in the blockchain space that is an expert in it and bringing that to the table.

Rivetz is the first group I’ve seen that already has an expertise in this and is bringing this to the table, specifically for the use case where assets are valuable enough.

Leon Fu: Apple pay doesn’t use blockchain. Yubikey doesn’t use a blockchain. What are the additional capabilities that blockchain brings to these existing solutions, which already use the hardware?

Tai Zen: Because we’ve mentioned a lot of Yubikey, I just want us to just pause real quick and explain what a Yubikey is.

According to Andreas Antonopoulos, there are 3 ways that you can authenticate who you are for security reasons.

One way is to authenticate who you are is by what you know such as the password in your head. Number two is what you are such my fingerprint or retina scan.

The third way is having a hardware device such as a phone or what David Johnson and Leon have been talking about call Yubikey, which is just a small electronic device like a key. Every time you log in, you have to touch that key to your computer or plug into the USB port to authenticate that that’s you.

When you hear David and Leon talk about authenticating who you are for security reasons, it’ll make more sense why Rivetz is a potential project.

Now back to Leon Fu’s question.

Leon Fu: What are the additional capabilities that blockchain brings to these existing solutions.

David Johnston: I would say the ease of developers accessing this technology.

As I mentioned before, Intel and these chip companies have a very lengthy process for getting access to the trusted execution environment.

They don’t let most developers touch it because it’s a very sensitive area of the device, where if you uploaded malware or some bug got in, it would be very bad for the system since it’s operating outside of the operating system.

Rivetz essentially spent the money and the time to go through that process. I remember when Steven was doing that in 2013 and 2014, they spent 12 to 18 months getting approval from Intel and all these other groups to access the trusted execution environment.

Now, after they’ve done that for everybody, they essentially extended this API package where any developer can hit them up or attestation, which testing to check that whether the device is really as what it was for. This works like the device has a fingerprint, a signature or the transaction that’s been signed by that public-private pair of keys.

By publishing that on Rivetz, this is the same mechanism built on blockchain, which gives me a level of immutability that I can’t trust the central party because I’m then trusting that the central party hasn’t been corrupted, which makes they become the central point of failure.

By using Rivetz and building it on top of a blockchain, there’s an immutable record. It couldn’t have been altered by anybody of the identity and history of this device. That’s one of the advantages.

The other one is a sort of openness. In Apple’s case, they use it for their own purposes. They actually create their own chips to control that to a certain extent, but they’re not necessarily offering that as a general service to all developers.

Leon Fu: What you’re saying is even though that trusted execution environment is already on my computer, I am not able to write any code to access that. I have to go to Intel or my chip’s manufacturer to get access to that. That’s not an easy process, which only very few people are able to do.

And now you say Rivetz has accomplished that.

David Johnston: well they’ve already done it.

Leon Fu: Basically, it means Intel has given permission to Rivetz to act as a gateway.

What Steven has done is the Intel is trusting Rivetz to provide a secure API to access their trusted execution environment that’s open to the public. It’s secure enough that anyone going through Rivetz’s API can then get to Intel’s TEE

David Johnston: They’ve reviewed the Rivetz code and processes. They’re like we bless this with holy water and you can run within the TEE.

What they’re extending to everybody isn’t the ability to load up their own program if you want, but to do these series of functions whether that’s publishing this identity or checking this identity. Then, as you said, Rivetz will be the API representative of the community in terms of TEE access.

Leon Fu: Let’s say this is my computer that we’re using right now. I can register on Rivetz that this computer belongs to Leon Fu, so if the authentication requests come from this particular computer, that’s Leon Fu.

Therefore, the only way to hack my computer is to steal it, not by taking your computer and then impersonate me.

David Johnston: That’s right. It is a much more expensive attack than just reaching over the Internet.

Tai Zen: Okay. I just want to make it clear because there was common coming in through the live chatbox. That was kind of interesting.

T-money ask if Intel trust and Rivetz already, whether they’re partners right now or that just something happened in the past.

David Johnston: It’s active in the sense that they’ve got access to the trusted execution environment.

Steven could speak more intelligently to which chipsets they’ve done that for. Basically, they’re among half a dozen security partners that I’m aware of that have gone through this lengthy and expensive process. They actively have that relationship and they would need to do that for whatever chipset of devices they’re trying to serve.

Intel just happens to have the most common chipset, but there are certainly exceptions to that.

Leon Fu: Steven mentioned that they wanted to focus on mobile. When we interviewed him previously, does he have relationships with ARM or any phone chipset maker?

David Johnston: You’d have to speak to which partnerships. I don’t know which ones they made public or which ones are still private.

I think his intention is to expand this chip by chip. That’s a really high barrier of entry for anybody who wants to follow. They would have to spend a similar amount of time and energy going through that process and exactly.

Go back to the blockchain, I do like the model that Steven has settled on when it comes to the actual software licenses that are being originated here because it’s a means of creating a valid request to a smart contract that is executing this attestation.

It means people can’t send their servers with a trillion requests without costing anything. There has to be some cost to prevent spam or denial of service attack.

This is common amongst most blockchains. Ethereum has Ether. Factom has Factoid. That’s an entry credit for the same reason. Bitcoin has a dust limit and transaction fees.

The same thing needs to be present in the Rivetz network in order to know that it’s a valid request for the attestation. There’s a very simple utility model for the use of the software tokens as opposed to where I think a lot of projects get a lot of difficulties and end up with these really complex models.

But for what Steven wants to do, it’s very straightforward.

Leon Fu: Let’s say I have a Mac and all types of devices. I could register all of them on Rivetz blockchain. If anyone asks for authentication, they know that these devices belong to LeonFu.com.

David Johnston: You’re probably not the core audience. The core audience is folks like exchanges that are already interacting with tens of thousands of customers and they’ve already got multifactor processes in place.

If they activate this as a multifactor authentication method, this allows them to be a lot more confident about the request that their customers are making.

I say you’re not the core audience because this is the type of thing where you really need a development team and a use case where there’s a value in doing it.

I don’t imagine a lot of lots of individuals registering themselves. I imagine lots of businesses that serve big crowds of individuals that will want this type of service to improve their security.

Leon Fu: If I log into an exchange account, they logged my IP and they know this user came from Austin, Texas.

However, as soon as I get on a plane and I want a login, I have to basically reauthenticate myself just because I pick up my computer and move.

But now, with Rivetz, there’s a database saying this computer belongs to Leon Fu. If I go somewhere else and I’m no longer at that IP address, they can still have a high degree of confidence that that’s still me.

David Johnston: Let’s go back to moving the security model from the network to the device, which is a lot harder to fake.

Again, I don’t think we’re going to get there if everybody has to be savvy on independent pieces of hardware. People do that when they have lots of money and lots of sophistication, but for the common user, it isn’t necessary.

Leon Fu: It would automatically register my device once I sign up for an account. Whatever services I’m using can also automatically say this is Leon Fu computer, so let just make a note of that.

David Johnston: There is a Rivetz app. I think the intention is you’ll have the easy ability to push one button and say I’m connecting my device.

Leon Fu: They’re going to make it easy. Like when I upgrade my computer. Just move my identity to a different machine.

David Johnston: You can always update records, but then you’re also rebeginning the reputation of that device.

Time is the best way of preventing fraud. People don’t tend to know the type of fraud they’re going to commit in the future. People are always lying about the past.

Leon Fu: I can build a whole history like with the computer right now. I know that I have been using this computer for the last three years and for hundreds of times.

However, the question I would have is doesn’t this raise privacy control concerns, because if you’re making this record, you’re almost reading a permanent record of all the devices that I’ve ever used potentially with the services I’ve used.

How are you going to address the privacy controls? Maybe I don’t want to have a record of where I am, of what devices I’ve even I’ve been associated with.

David Johnston: Well, again, you’re not going to make that record available to the public. You’re going to make that record available to the services that you’ve authorized into yourself.

Imagine this in the Factom context. There’s the ability to publish data on the Factom network, but if it’s a hash, people don’t know what that hash is unless you had the raw documents and you can recreate that.

I think it would be concerning if you were doing that in plain text, but the whole idea is to have privacy to the application and privacy to the device.

I mean the service is going to have to know and you’ve authorized them to do that. You’re going to have to know. However, I don’t see technically why anybody outside of the two of you would need to know.

Tai Zen: You mentioned that the Intel chips inside my phone, my laptop and my computers and stuff.

You say that this area in the chip called the TEE which stands for the trusted execution environment. You said that a person or a company has to go to an extremely lengthy security process to be able to access that part of the chip.

You’re saying that Steven and Rivetz have already gone through that lengthy process already and have been approved by Intel to access that portion of the chips. Is that correct?

David Johnston: That’s right. It’s a pretty lengthy process to go through.

What I would say is, it’s been cool to see Rivetz come from a proposal and a prototype back in 2013-2014 and today they serve large enterprise customers. I’m not going to name names because I don’t know which Steven has made public or not, but we’re talking about huge institutions that really care about security.

Not surprisingly, they are the most willing to pay for this type of service, so the proof is in the pudding.

They have contracts, they have customers, and the technology’s already out there. What they’re doing today is saying they can extend this service to the rest of the community who aren’t gonna go through an enterprise contract process. They just want to be able to hit an API and talk to a smart contract and offer these software licenses to prove they’re making a valid request.

I think that’s really cool because it gets beyond big institutions and starts to include the exchanges and wallets that want to improve their security, but they’re not going to go through this lengthy process themselves anymore.

Most companies are not going to do what T-zero did to go through the lengthy SCC approval for securities in the blockchain. They spent like 18 months and millions of dollars to do that and now people just want to use the T-zero platform.

They don’t want to rego through that process. That’s the beauty of economics. We can have specialization. This is an example of Rivetz doing that specialization and extending that to the rest of the community, which I think is really cool.

Tai Zen: I thought that was pretty cool when you mentioned. At first, it sounded anyone was able to be able to access it, but what you’re saying is that not everyone is able to access it.

Now, can you describe exactly what Rivetz is so that the audience know? Is it a software or a hardware, phone app or a computer app?

David Johnston: The toolset that they’ve got today is a series of API. I believe they’re going through the app processes as well to make this is interfacing really easy to use.

However, it’s not a question of people having to sort of build something, custom it or being very difficult to interact with the software. It’s really a software interface. It’s not a piece of hardware they have to buy, because again, you’re just accessing the existing trusted execution environment.

Because they’ve gotten the permissions from the chip manufacturers, their app has the access that you wouldn’t normally have to this trusted execution environment.

Just think of this as a new level of access permissions.

Rivetz is a set of developers that have gotten a higher level of permissions from the phone and chip manufacturer than the normal application to get. Even in the Apple app process, you have to disclose all the things you’re going to ask the user. Apple will often push back and say you don’t really need access to all their contact info.

Therefore, this is a constant balance because there are plenty of apps that are gathering data right in that data that gets sold whether it’s your contacts or other things.

There’s been a huge push last few years to limit this. Only authorize the app to do exactly what you needed it to do and nothing more. Back in the day, they’d asked for everything like give us all the information and permissions. They’re really trying to get that down because that information leaks out.

Leon Fu: Is Revitz going to do the same thing?

David Johnston: Only half

Leon Fu: If I was an independent developer and I wanted to use Rivetz, I have to ask Rivetz for permission to use what API? How is that model going to work?

David Johnston: Well, fortunately, they’ve already got the permissions to create the app and to run this service in the trusted execution environment. That gives you a defined set of things you can do.

As I said, Rivetz says is an app that you can request these attestations, you can publish the identity data and then you can call it back. That’s a very limited percentage of that.

Leon Fu: Is Rivetz going to be like Apple that you just mentioned or is it just going to be the lowest common denominators?

David Johnston: My understanding is they’re taking the approach of a permissionless system, so anybody that can pay the software tokens to access the system.

There’s really such a limited number of things you can do, which is basically authorized and authenticate this identity data. There are very few nefarious things you could do.

Now the person will still have to authorize it on their device. There’s a check of authorization at that point. But beyond that, as my understanding, the developers aren’t going to have to go through some special process.

I think that’s a smart approach to take. If you can push this down to the permissionless layer, you’re going to get a lot more people using it.

Leon Fu: If Rivetz succeeds and Steven accomplishes what he sets out to do, what’s going to change as a user’s perspective.

Am I not going to need to enter my username and password anymore? Like what will actually be the benefit to me as an end-user?

Tai Zen: Once the Rivetz is commonly used in the crypto community, is that going to eliminate the need for a hardware wallet such as this Trezor I have in my hand? Then, I can just use my phone as a hardware wallet.

Is that what I’m hearing?

David Johnston: Yeah, I think that’s part of what it’s going to do.

For those that are carrying around specific hardware, this may offer them an option that’s more convenient and it offers too much larger audience who aren’t going to go out and buy that specific hardware.

However, in the end, you still want to be able to log into your exchange account. You’re still probably gonna need your password and credentials and everything like that.

I mean you don’t want to remove layers of security, but instead of connecting my phone or a google authenticator app, I’ll pick the Rivetz option and it’ll authenticate directly from the TEE in my device.

I’m going to feel a lot more confident that my exchange account isn’t going to be compromised because of that extra layer of requirement.

As you said, you can do this today, even with Trezor for example. They support UFA and that’s supported by Google. I can type in a little code and use it as a Yubikey to authorize things.

However, again, most people don’t own Trezor and have this specific hardware, so I think it’s extending that to the normal phone. I want to be clear that this isn’t a panacea. It’s not going to close all security loopholes if people are still authorizing things they shouldn’t on their own device.

Somebody had mentioned it on the comments that there’s still phishing and other types of attacks. Nonetheless, what I think it would limit the universe off is all the exterior remote attacks today. Of course, people still have to be smart not to click on links or things they don’t know, but it makes it a lot harder.

What you want to do first in insecurity is the attack surface. Right now, the attack surface is really big. It’s like the size of a football field and I would like it to be the size of my phone.

Leon Fu: What Rivetz hopes to accomplish is that the security is narrowed to the point where it’s just the physical device that’s in my possession that needs to be secured rather than putting a pin on my phone or adding 2FA.

David Johnston: It’s scary. After all these hacking events, I put Google authenticator for all my google stuff and hardware security. I realize I even need Microsoft authenticator because Microsoft owns Skype.

I could see that for weeks after these hacking attempts, there are requests for multifactor authentication while I was like driving and stuff, which clearly wasn’t me. There were people very actively going after my accounts, so that didn’t really feel great. I felt really vulnerable and really insecure.

Tai Zen: From a Rivetz advisor perspective, once it gets into the hands of the people that need to use it in crypto, what are the implications and what do you see as the value of this?

David Johnston: I’d say it’s probably more comparable to groups that are doing background security that maybe people aren’t as familiar with.

I think that’s the level of potential because literally everything in the blockchain ecosystem that has a wallet or has assets needs this type of built-in security. I think it is a platform that will end up being broadly adopted and I’m really excited to see the community willing to manage that, especially after every high profile attack.

I remember before 2014, when there were no multi-signature architectures available in the blockchain space, as soon as that came out, people immediately demanded. I hope it’s the next best practice that’s going to get implemented in the community

Unfortunately, I think those kinds of events drive people up to focus and attention. You don’t care about something until it matters.

We’re going to see it as a fundamental and foundational layer that can offer a much higher level.

Tai Zen: Okay. All right. That’s all the questions I have at the moment. If you have any questions, go ahead and type it in and then I’ll look for the ones that pertain directly to Rivetz.

Leon Fu: If people are interested in Rivetzs, how can they get involved? If they want to invest in this ICO, how would they do that?

David Johnston: Well, I’ll try not to give a piece of investment advice. I’m not a financial advisor, but I try to just get information out there.

As I mentioned at the top of the program, I’ve written an informational report after doing a project. It’s purely about the team, technology and pulling different statistics down from their website about the software sale.

I’ve gone ahead and publish that on my Medium blog, so just google David Johnston Medium and you can check that out. I also go into risks since every project has risks. If you scroll towards the bottom, you’ll see a whole section on risk issues and potential problems. I do that for every contract.

I’m not trying to paint a perfect picture, but what I am trying to do is disseminate factual info about the software sale. It’s also really about technology so that people can wrap their minds around this.

Tai Zen: There is a question about how the Rivetz being used to stop the DDOS attacks on exchanges like Poloniex.

David Johnston: It certainly can be helpful if they’ve established a good database of their primary users. I mean you still have people that want to visit the website in general.

However, a lot of exchanges have separated the service of their front page from the backend where they serve people that have logged in as users. If you have an attack, which is tons of people hitting the home page, which is hard to filter people out, it doesn’t bring down on the back end.

This is just another tool to give them a better idea of who’s accessing or potentially make it easier for good actors to go in and say I’m happy to authorize who I am.

Tai Zen: One guy asks whether there are any other competitors in this space.

David Johnston: They’re the only ones that I’m aware of specifically focusing on blockchain use cases.

There are other groups that do this type of trusted execution environment like RSA and other groups providing this for large enterprise companies. There are a lot of these different conventions and conferences, cyber suite conferences and you can check out lists of competitors there.

However, I’m not aware of any of them having the intention to release a product focusing on blockchain use cases. I’m sure others will move into the market.

Somebody brought up Waves which was in a previous project that Steven worked on in the early days with a trusted execution environment. The project was offering this technology, but it wasn’t yet mass market, of which you need a certain level of penetration before these things can succeed.

Tai Zen: Sometimes, business comes to market too early like My Space.

David Johnston: There are lots of video streaming services before Youtube, but before 2005, bandwidth was just not good enough that most people could stream decent video quality.

Some people may be negative about the fact that Steven had been in this for a long time, but we haven’t seen mass adoption of the trusted execution environment. I don’t think that makes sense.

I think it makes a lot of sense to me that he’s been very dedicated to this technology, He is like one of the foremost experts in it and is dedicated to finding like the real use cases people care about.

As I said, this isn’t for everything. If you’re logging into some photo-sharing site, you might not care. However, if you’re caring about all of the sudden these digital assets which are on your device, it matters a lot.

Leon Fu: Can you tell us why Rivetz is based in the Cayman Islands and not in the United States?

Tai Zen: There seems to be a Rivetz.com and Rivetzintl.com. Could you explain that?

David Johnston: I’m not a legal counsel, but I take his legal counsel recommendation in an international approach. We’ve all seen this approach in other projects.

For example, the Ethereum foundation is based in Switzerland. Blockchain.info is in Europe, specifically London and Luxembourg.

Basically, I think it is a lot more clarity internationally about doing software sales. I think that’s just a reality of our space.

People do things out of London and Hong Kong and Switzerland and other areas where they’ve seen that regulatory clarity. Now, hopefully, we’ll see that regulatory clarity emerging in the US.

However, I think it tells that people are comfortable because they’ve gotten that level of clarity that they see overseas. They’re going to shy away from US jurisdictions.

Overall, that’s not an easy question to answer. It’s still early in this space. There are a lot of unknowns. Therefore, I respect that approach because it’s basically a conservative approach.

Tai Zen: There is a question about whether we invested in Rivetz or not.

Full disclosure: if you hear me and Leon talk about cryptocurrency projects on our channel, it is safe to assume that we invested in it.

I don’t know why, but people ask us that every time we broadcast. We always say the exact same thing. When we bring guests like David onto our channel, we don’t like putting them on the spot to announce what they invested in a project or not.

David is an advisor to the Rivetz project. I guess that most advisors that are advising a project will probably invest in some way or another in their time, their energy, their funds or something else. I just wanted you guys to be aware of that.

We have a question about the best use case of Rivetz in the crypto space.

David Johnston: The most vulnerable position such as exchanges, wallets, people holding a lot of money of behalf of customers

Leon Fu: Honeypots.

Tai Zen: There is a question: “ Please mention one main business model that Rivetz plans to pursue such as a major client, either in a Blockchain, cyberspace, cybersecurity. The question is basically about the best business to go after with Rivetz.

David Johnston: I know some enterprise customers Rivetz has signed that want to use the protocol itself. They’re the kind of companies that have a lot of users, so they need to authenticate them for access.

I think that’s the ideal business model, which are the companies that are directly going to benefit from the security. That’s as specific as I can be. I want to respect privacy and confidentiality.

Tai Zen: When I talked to not you specifically, but other crypto projects that we have talked to in the past, sometimes they do not want to reveal to the competitors who their clients are.

I think that’s a good question to ask, that’s one of the few questions we let those crypto projects slide with because we understand as a business, you got to protect yourself against competitors.

David Johnston: It’s a great question. I would say it’s really straight forward with Rivetz.

It’s companies that are using their API suite to make these requests to the smart contract that we are consuming or at least all sending and funding the use of those servers to do that authentication.

I think the intention is for Rivetz to run the initial smart contract and to make it open over time in order for more people to run the software and do this attesting service, but all of them will consume the software license on a token that we’ve created in order to provide this function.

Tai Zen: When Rivetz kicks off, will it be applicable to new devices only or will it also be applicable to current devices and old devices.

David Johnston: Should be applicable to any device that has one of these trusted execution environments that Rivetz is approved to access.

There are around 2 billion devices including computers and phones that already have a trusted execution environment.

Leon Fu: Would you say that’s every phone and computer in the last 3-4 years?

David Johnston: The last 2-3 years. It’s really ramped up.

When I first talked to Steven in 2013, I think there were 500 million devices that had the trusted execution environment. Today, there are 2 billion, so it’s quadrupled in the last 3 or 4 years.

I don’t think there are many modern devices that are made without them at this point. Therefore, we’re going to get to most market penetration in the next 3 or 4 years.

Leon Fu: Once you bring that up, when will Rivetz be ready for users? I know that the ICO is going on right now.

I mean to get to this vision that you just described, how long does it take from now?

David Johnston: I remember getting this question about Ethereum early on. I always punted and said: “I don’t know. I’m confidence Vitalic and the team that they’ll deliver the right thing and they’ll push it out when it’s ready.”

I would say the same about Steven. I can’t promise or forecast whether it’s going to be 6, 12 or more months for their team. However, what I know is they already have the technology working.

It isn’t a proposal, it isn’t a white paper. It’s something that’s in production today for enterprise customers.

Leon Fu: But the blockchain is not working?

David Johnston: That’s right. The question becomes how long it takes them to extend that existing service.

Well, they’re not Ethereum. To be clear, they’re not building something from scratch.

Leon Fu: Steven had told me that they’re issuing the Rivetz token as an ERC 20 token, but the blockchain may not be Ethereum.

I remember he said that he was going to create his own new blockchain having the features that they required.

David Johnston: They’ll need a tech stack and I’ll leave it to the team whether it has pieces of Ethereum or Factom or other services that give them what they need. It’s probably the combination of different services

In my analysis, I confidently think that team can make those decisions intelligently and that’s really what it boils down to. As you said, since they’re using an ERC 20 token, it’s available immediately as far as the software token.

It’s a question and we’ll see how they perform to connect their existing service to that smart contract and begin executing it. However, there is certainly our scalability. This is one of the risks I believe I mentioned in my post is Ethereum hasn’t scaled yet.

For Rivetz to function, they’ll need Ethereum and other technologies to scale their ability to do this on a blockchain.

I’d say they’re dependent on the success of the ecosystem and they can’t go faster than the ecosystem itself.  I think there’s enough capacity today. There were plenty of other technologies available that can bridge the gap and enough tools to do it.

I’m very confident the ecosystem will scale whether through its big blocks or second layers like Factom. There’s a lot of approaches we can use to get that skill. That will be over time.

Tai Zen: There is also one of the things that get our attention to the Rivetz project.

Most of the current ICO and token sales that are being done right now since the beginning of 2017 have raised bucket loads of money just on a piece of white paper that’s not even complete.

As more and more ICO and projects are coming out, one of the things that Leon and I’ve been looking at is those that actually have a working product.

That’s one of the interesting things about Rivetz because we saw they actually had a working software. That was kind of surprising to me because most of the projects that we have nowadays are just a piece of paper. They’re not even real. Did you have any comments on that?

David Johnston: It’s more a case of the blockchain ecosystem is now ready to support this use case versus somebody finding out about the blockchain last week and saying: “I should do with software sale”. Unfortunately, there are a lot of that going around.

I agree with you on this. I’d much rather get involved in a project having working software.

As I mentioned, I encouraged Steven do evaluate this model as far back as 2013 and 2014 but the tools just didn’t exist and pull it off. Hence, he kept nose to the grindstone and actually got the approvals he needed, got the technology into production, got enterprise customers.

Now that the ecosystem is caught up, he’s ready to release this big version of the model, which I think is really exciting because it’s something I’ve been hoping for 2-3 years ago.

That’s definitely a differentiator. People actually know what they’re doing and also know blockchain really well.

Steven has been in this for 3-4 years. He knows what they can and can’t do. He knows the players in the ecosystem. He knows the technologies in that ecosystem. He is the one that approaches this from a piece of deep knowledge, not form me.

Tai Zen: One of the things that we are always concerned about on our channel is we talked about so many different ICO and cryptocurrencies, so there’s going to be bound to be one that’s going to be a piece of crap.

It always makes it easier to talk about a project that already has working software at least in the early stages so that people can see that they’re not going to run away with their money.

The fact that he used to be the CEO of a former publicly-traded company in the US is also very helpful, so we know that he understands the laws and regulations in the US as he’s doing the project.

The other question is what the difference between Rivetz and Civic is.

Leon Fu: I belive Civic is trying to verify your personal identity as to who you are. I did briefly look at it. I’m not very well versed in Civic either, but I think they want it to be a decentralized Facebook.

Now, you can log in with your Facebook identity, but they want to be decentralized identities. Therefore, whether or not I am Leon Fu is controlled by me and not by Facebook, Google or other services.

I think Rivetz is not actually authenticating my identity. They’re authenticating my computer belonging to me. I am not necessarily Leon Fu. Is that fair to say?

David Johnston: Yeah, that’s my understanding. I don’t think Civic at this point has any interaction with the trusted execution environment. They’re not taking Rivetz’s approach when it comes to devise identity.

I’d say that’s probably a good differentiator. This is about device identity when it comes to Rivetz versus Civic has built this great mission around personal identity and taking back control of your personal identity.

They may very well be complimentary. Civic may end up leveraging something like Rivetz that may be able to let you even have more confidence about connecting that identity or controlling that identity. However, this becomes another tool in that toolbox.

I’m a big fan of Vinay Lingham. I’ve known him since 2013 at the San Jose Bitcoin conference back when he was doing a gift, which was the first gift card company to accept Bitcoin. It was a brilliant move on his part, so I’m very excited to see him back doing another blockchain project.

Tai Zen: We saw him up there at Token Summit last May in New York. He was busy explaining the Civic project.

This is the last question I see in the chatbox here. Someone asks whether Rivetz investors can use its token to secure the network. Is it a staking model? Is it a mining model? Do you know that David?

David Johnston: You’d have to ask Steven. I’ve looked at their paper and thinks like that.

However, if you’re using ERC 20, you will leverage the existing security model of Ethereum. That’s how you’re securing the tokens with the proof of work and hopefully proof of stake. It’s depending. That’s a good question, but you’ll see how they end up doing it.

Because of the way it’s structured to a certain extent, you need a Rivetz to play an important role since they’ve got these permissions from the Intels of the world.

It’d be interesting to see how they play that out, but I won’t speculate about what they are going to do in the future. Just that using the token is the very simple to access to the utilization of the protocol.

Tai Zen: Okay. Well, one last question just came in here. I think is relevant to Rivetz if you are familiar with it.

They’re asking about the token sale and whether Rivetz price would go up before the crowd sale is over. Do you know anything about that?

David Johnston: I’ve got all this stuff in my informational report. That’s the best place to look. They’ve got new models in there about how to structure for the early sale on the main sale.

Again, I don’t speculate and price. I don’t know what the market’s going to say. It’s really over the long term.

I think about these things more as fundamentals. If there are more exchanges using this service and gaining utility, it will be a valuable project. I try to take it to the value approach.

I don’t know what it’s gonna be tomorrow and I don’t know what’s going to be in a week. But I believe the project is valuable over time.

Tai Zen: Okay. Can you share the report with our audience? Can we get that link and then put it in the description box later on?

David Johnston: Sure. Sure. Yeah, that’d be great.

Tai Zen: Okay. The last one is not a question. It’s just a comment from Ms.Generic123 and then we’ll wrap it up after this comment.

He or she says that based on a careful analysis of your facial skin, you may have a dairy allergy. No clue how they can determine that through a video on youtube.

David Johnston: I’m happy to disclose that I already had my 23andme done, and I do not have lactose intolerance.

Tai Zen: I’m lactose intolerant. Leon loves Cheese and I hate cheese and dairy products, but I’m not sure if it’s common or not, but it was just hilarious to me, so I had share it with you.

Any last comments that people should know about Rivetz before we conclude this broadcast, David?

David Johnston: Well, you know, the biggest thing I’d say is I don’t advise a lot of projects earlier. I do this a couple of times a year with the projects that are well known and I think of the importance of the infrastructure in this space.

I would just encourage people to get involved. They can actively, as users of these exchanges and wallets have a voice to say we want this type of thing implemented to improve security.

That’s what’s going to drive these services to do it. It is user behavior. If you’re going to prefer one exchange that has better Rivetz-based technology and security than another, that’s what’s going to move the needle.

We, as a community, need to continue to encourage best practices by these exchanges and others. The worst thing that could happen in this space is there are bad hacking events and attacks, which makes a lot of people lose money.

That’s when regulators step in and say: “We’re going to save the day through licensing and through regulation.” What we really want to see is it emerges organically from the community to come and look real solutions that got meaningful effects on reducing these security problems.

I would just encourage people. Don’t be passive. Be active. You can request this of the exchanges. There’s probably a lot of people here on your channel or that follow this information that may even work at these exchanges.

Developers have the power to say to their bosses and the owners of the exchange: “We can do this here. The API isn’t a big deal. This is something our customers’ needs.”

I remember the early days of Bitcoin. That’s how we got merchants. People encouraged merchants to take a look. This is the type of advocacy that as users, we have a lot of power to do.

Tai Zen: Okay. Thanks for taking the time to come on.

Steven is not going to be happy if I said this, but I think you had a better explanation for the laypeople.

Last time we had the interview with Steven, I think it was more suited for the people that are technical like LeonFu.com. For the regular fork on the main street like me, I think that your explanation helps me understand that better.

I want to say thanks for that and thanks for joining us today. By the way, you are joining us from the Factom’s headquarter.

Leon Fu: There’s no air conditioner here.

Tai Zen: I know you are sweating over there.

Thanks for coming on and joining us. Thanks for sharing what you guys know about Rivetz to help our audience. Thanks for broadcasting from the second-best city to live in America awesome. Okay, this will conclude the broadcast guys. Thank you, David. Thank you, LeonFu.com.

You can learn more about Rivetz here:


Here is the report about Rivetz by David Johnston:


Cryptocurrency Investing Blueprint™ Course Cover

We believe you should NOT be in front of the computer all day making short term, in and out trades. That is no different than having a “day job” at home instead of at the office. After completing the blueprint, you will learn how to PUT your money to WORK for you in the crypto market.

Cryptocurrency Investing Bootcamp - Tai Zen & Leon Fu Dot Com 6

If you want to GET RID of the anxiety, nervousness, self-doubt, and FEAR of picking the “wrong” cryptocurrency and losing your hard earned money… then don’t think twice about it; get the blueprint today because it’s the perfect fit for you.

Cryptocurrency Investing Bootcamp - Tai Zen & Leon Fu Dot Com 12

You will learn “The VC MAN Method™” that we developed that allows you to systematically identify “A” Tier cryptocurrencies worth investing in, that are not scams, by identifying the 5 Key Traits of a Profitable Cryptocurrency.

Cryptocurrency Investing Bootcamp - Tai Zen & Leon Fu Dot Com 6

You will learn how to properly exit a trade so that you will be profitable even when you are wrong over 60% of the time! Imagine being RIGHT less than 40% of the time in your crypto investing and still be profitable! You do not have to be RIGHT all the time to be successful in cryptocurrency investing!

Confident Bitcoin and Cryptocurrency Investor

If you have the burning desire to make Life Changing Profits™… Faster Than You Ever, if you are SICK & TIRED of struggling to figure things out alone or listening to people who don’t make a living from crypto investing… then this blueprint is a perfect fit for you.

Confident Bitcoin and Cryptocurrency Investor

YES, there is a guarantee! If the Cryptocurrency Investing Blueprint™ did not deliver on what was promised on this website, simply make a request within 30 days for a refund, and we will cancel your student access and REFUND you back 100% of your purchase in US dollars.

Now there’s no excuse! If you’re serious about making Life Changing Profits™ in crypto investing, then click on the link below and order your copy of the Cryptocurrency Investing Blueprint™ immediately!

Leave a Reply