Do you remember when you had to pay for ringtones? In 2005, analysts were predicting that ringtones would be a $10+B market by 2010. In that pre-smartphone era, you could only install a ringtone if your service provider gave you permission. You had to pay for the ringtone, and your service provider got a cut of the revenue. Germany ringtone provider Jamba had $600M annual revenue selling ringtones. Today, your phone will install any sound file you have as a ringtone, and you don't need your cell phone's service provider's permission. Since that permission was the only thing that enabled the market to exist at all, it vanished as fast as it had appeared. Actual size of 2010 ringtone market, approximately zero.

When the internet came into existence, nobody needed permission to create a website. If you created an online store, Comcast (or whoever) didn't get a cut of your profits. Of course, you had to pay them for internet service, but that just depended on your bandwidth needs, not what you were doing with it. I hadn't realized until I read the wonderful book The Box, which is the history of the shipping container, that shipping rates before they were deregulated during the Carter administration, depending on what you were shipping. You needed different permissions depending on whether you were shipping wheat, cement, or vegetables. The container changed that because it was just an opaque box.

When the iPhone launched the smartphone revolution in 2007, it made the internet available and you didn't need permission from AT&T to use it. You just had to pay your phone bill. In that era, you purchased a certain number of voice minutes per month, and the internet was thrown in for free. In a decade that had switched: you purchase a certain amount of internet data, and phone calls are thrown in for free. You did need permission to send a text message since AT&T controlled that, and they charged you per message (or you could buy a bundle). That didn't last long, what were known as over-the-top services (OTT) arrived, bypassing AT&T. Apple's iMessage would only send a real SMS text message if you were communicating with someone who wasn't using an iPhone, otherwise, it was sent using the internet data connection (and AT&T didn't get their 10¢). Skype would let you make international calls over the data connection (and AT&T didn't get $1/minute). In the same way, as the container changed shipping, since it was just a box, having high-bandwidth internet connections on our phones changed everything since it was just a "dumb pipe".

Telcos are constantly striving to be more than dumb pipes but it is an uphill struggle since we, as users, just want dumb pipes. The intelligence is all at the edge, in our phones, and in the websites, we connect to. Verizon spent about $9B to acquire Yahoo! and AOL, on the basis that they could provide premium services to their subscribers, only to discover their subscribers didn't care. They were happy with dumb pipes and getting their video from YouTube and Netflix, and their email from Google, and so on.

A similar transition happened with wired internet. In the old days, if you wanted to see a particular video (called a program back then), you had to pay for the cable channel on which it was broadcast and turn on your TV at the correct time (and the companies that created the content had to pay Comcast to carry it). But then internet increasingly let us bypass all that and get content directly from Netflix or whoever. And whenever we wanted it. Again, the pipe companies decided to splurge on buying content. Comcast acquired NBCUniversal, for example. We didn't even notice. We bought Roku boxes and canceled our cable subscriptions since we had a nice dumb pipe and didn't need more. In fact, we'd like lower prices and higher bandwidth—a better dumb pipe. But I've never heard anyone wish that their pipe company would provide more content directly (Comcast acquiring Netflix, say).

Summing all that up, the internet in general, and mobile in particular has come about because you don't need permission from anyone to do most things. The things that you do need permission, and pay, to do (make some phone calls, send a true SMS text message, watch a real cable channel) are increasingly bypassed by the permissionless pipes. For example, I get HBO for free with HD basic cable. But I couldn't even tell you what channel it is on since I get HBOGO too, so I just stream whatever I want from there, whenever I want it.

Permissionless Crypto

Crypto (in the sense of blockchain and similar technologies) has the same decentralized permissionless architecture. Let's look at a simple example, images. If you are a photographer, you might like to make some money from your photography. If you are a publisher (hmm...maybe a blogger) then you might want to include images in your output.

Today, there are just two ways to use an image. One, you just go and find an image you want on the net, and you use it (and hope that the copyright holder doesn't notice or doesn't care enough to come after you). This is permissionless, but only in the same sense as someone who steals your car doesn't need your permission.

The other way is to go and get permission from someone like Getty Images. But there are dozens of companies like Getty images (BigStock, ShutterStock, iStockPhoto, Adobe...). As a photographer, you have to deal with all of them, and you need their permission. If they don't like your photo, because the quality is not high enough, or it portrays nudity or something they don't like, then you can't use them as a channel (you need their permission). If you are a user of photos, you may need to search lots of stock photo sites to find what you want, and then you have to have a relationship with them (aka a subscription) to get permission to use it.

One particular area today where you need permission is payment. In principle, you can use BitCoin but in practice not so much, since most places do not accept it. If you want to use ApplePay, a credit card, or PayPal, you need their permission. If they decide that you are unacceptable for some reason (you are laundering money, or not woke enough) then you can get cut off. Just one example is PewDiePie. who YouTube has cut off from monetizing videos despite having 83 million subscribers. That's 83M people, more than the population of Germany, who will be disappointed if PewDiePie has to stop making videos due to lack of income because the middleman between the users and the creators (YouTube) doesn't give its permission. Or the endless problem that people seem to have been cut off by PayPal. I don't know if it is still an issue, but in states which have legalized marijuana, the companies involved can't get bank accounts since banking is covered by federal law, where marijuana is still illegal. It 's not just in the online world.

Potentially, crypto solves many of these problems. Images can come with their own licenses (using technology like Ethereum), they can be paid electronically with digital currency (think BitCoin, but not necessarily that one), and there is no central administrator like Getty Images, or PayPal, whose permission you need to do it. You (normally) don't even need the permission from the creator of the image. It is more like the licensing regime for music: provided you play the license fee to the copyright holders, there is no decision process involved. When Sid Vicious wanted to record My Way, he didn't need any permission from Paul Anka and Claude François, he just needed to pay the fees.

In some ways, it is like a creative commons license, except that it also handles payment. In some ways, it is like open source software, which suffers from the same problem, that it only works when the software is ancillary to something else people can make money on (providing ads, selling hardware, selling services, getting an academic paper out of it).

The Crypto Goldrush

I think that there are two reasons that venture capitalists are pouring money into crypto. One is simply that the Google, Facebook, Amazon, etc don't have built-in leverage, and so it is a greenfield market space. The other is that its permissionless nature means that it could get very big, driven by some of the same reasons as the whole internet got big since it didn't need the permission of the pipe providers. It could, potentially, lead to a much more decentralized internet. Instead of YouTube being the place to go to for videos, they would be hosted on any number of sites, and some high-level search engine would help you find them in the way that Google helps you find decentralized websites. Payment would not require the involvement of PayPal or banks or credit card processors, so they wouldn't get to decide that the NRA is out of favor today, or that you can't buy soda if you are overweight, or whatever random thing the politicians decide to latch on to next.

You are probably not a marijuana merchant, nor making controversial videos, so you may not care. But like in Martin Niemöller's famous poem, "First they came for the socialists, and I did not speak out..." there is no knowing what you might need permission for. In China, people are making sure they get enough steps on their wearable device to keep their social score up so that they can buy train tickets without any hassle. I have no idea if steps are even monitored, but it is enough that some people think they are. I don't think crypto can do anything to solve that problem, at least directly, but access to cash, and monetization, and photographs, and open-source software, and more can all be potentially made permissionless. It is, after all, the basis of a market economy that if you want to sell me something, and I want to buy it, then the transaction should happen and we are both made better off by it. We shouldn't need permission.

Does It Work?

In principle, the mathematical foundations of blockchain/crypto are good. But any given implementation might have weaknesses. I love the analogy of security as the immune system. Our skin is like perimeter verification, such as passwords to log onto the system. But if your skin is compromised, you don't die, your body has all sorts of further responses to pathogens that get into your body. Even they are not fixed, as they discover new problems, they develop new responses. The big challenge, I think, with crypto is to handle brittleness, when something goes wrong. And things do go wrong.

Over the years, there have been many things that have gone wrong. The most high profile was probably Mt Gox. You can read that story in The History of the Mt Gox Hack: Bitcoin’s Biggest Heist. How big was the heist? It's hard to put an exact number on it since some were recovered, and it all depends on what day you price it. But let's say $3B. That was back in 2014.

But let's look at two problems from just this month (yes, February, which is just a few days old):

• Zcash Discloses Vulnerability That Could Have Allowed 'Infinite Counterfeit' Cryptocurrency. That's just what it sounds like. No money seems to have been lost, but an error was spotted in some of the crypto.
• Cryptocurrency exchange loses $145 million after CEO takes passwords to the grave. The CEO had the password, nobody else had a backup, and he died unexpectedly. No password, you can't get the money out again.

My go-to security guy is Bruce Schneier. On his blog he said about all of this that:

Like all the other blockchain vulnerabilities and updates, this demonstrates the ridiculousness of the notion that code can replace people, that trust can be encompassed in the protocols, or that human governance is not ncessary.

Apple, Google, Facebook...

After I'd written this post, but before today, something happened to show just what "permission" means in this sort of context. Apple cut off Facebook and Google's master key (technically their enterprise certificate). This post is long enough already, but here's the quick version of what happened. If you are a developer for iPhone Apps, then you have a key that allows you to install your App on your own phone and others working for your company (and a limited number of testers). The only other way that you can get an App onto a phone is via the App store. This is known as sideloading (as opposed to downloading from the App store). Companies are also allowed to use this for Apps that are only used by their employees. Both Google and Apple skirted the rules and used sideload to get Apps onto some customers' phones who agreed to be guinea pigs and reveal everything they did on their phone (and get paid).

Other companies such as Amazon and Doordash also seemed to be circumventing the App store and its rules. One reason for doing this is that Apple takes a cut of any commercial transaction made from a downloaded App. That's why you can't sign up for Netflix on the Netflix App, or buy a new book in the Amazon Kindle App. I believe in both Amazon and Doordash's case it was a sort of technical foul since their "employees" (the people delivering) are independent contractors, so not eligible to be sideloaded.

Google and Facebook's certificates have been restored (and they canceled the projects that were violating the rules). But the point that I'm making here is that without Apple's permission, all of Facebook's revenue that goes through iPhone needs Apple's permission, and they can cut it off from one minute to the next. To be clear, Apple did not cut off the normal Facebook App that most people use.

While PewDiePie might be a nobody against YouTube, Facebook and Google are as big as it gets and were apparently thrown into turmoil by this (internal Apps for the cafeteria stopped working, for example, along with any new releases in an internal test). A lot of the internet ecosystem assumes that this sort of revocation of permission won't happen. Or at least will be limited to cutting off the videos of some guy we've never watched anyway. We assume that Apple won't cut off Google, or Google won't stop YouTube videos displaying on Apple devices. What happened last week was more like a warning shot, an indication that perhaps it can.

Sign up for Sunday Brunch, the weekly Breakfast Bytes email.