Community

Critical is in the eye of the beholder, I expect some Robinhood customers weren't too impressed.  These days encrypting customers passwords is about as optional as is putting your pants on before you go out in public.

Surprising they would feel the need to admit such an embarrassing fact to their customers if they're certain the plaintext passwords weren't circulated outside the response team.  Perhaps they're not certain.

Understanding the nature of trust is key to understanding cryptocurrencies.  The purpose of a blockchain is to eliminate the need for a trusted-third-party.  So created-by-who doesn't matter; a decentralised cryptocurrency is not controlled by it's creator nor by any other individual or organisation.

Rather it's controlled by a decentralised, market-based mechanism that works to ensure the ledger is append-only; once a transaction is recorded it cannot be reversed.  This immense resistance to roll-back/charge-back (in the face of any kind of pressure) is what distinguishes a truly decentralised blockchain.  The same mechanism also makes it impossible for any central authority to alter the rate of new-money creation.  These two characteristics make a decentralised cryptocurrency a substantially different creature from a currency that's issued and controlled by a central bank.

Blockchain-based currencies (of the truly decentralised variety) aren't yet a competitive threat to traditional banks and they may never be, though it's a prospect banking consumers can be hopeful about, not fearful of.  Taxpayers too.

Indeed that wasn't my intention. There's nothing secret about the workings of the "core devs" for a truly decentralised blockchain, quite the opposite. Take bitcoin as an example; a great variety of controversies have arisen over the years, as various developer factions compete for primacy. These dramas take place under the public eye, they're documented and analysed in exhaustive detail.

When developers promote a possible change, they're trying to persuade the general audience of all interested parties - but the only audience that truly matters is the node operators, who only accept software changes they approve of. Changes they believe are in their best interests, and only changes that have been published openly and exhaustively analysed and tested by the community.

Typically the more radical and risky changes aren't accepted, only incremental, cautious changes.  Much to the frustration of some observers but that's the nature of the beast.

It's true the node operators aren't representive of all users of the blockchain.  However they're not centrally controlled, anyone can become a node operator if they wish to.  Their incentives are in the right place; they have a definite interest in the ongoing health of the blockchain, a strong incentive to encourage growth and stability.

Any blockchain where ongoing software development is controlled by a central authority - and carried out in secret or otherwise - is not a truly decentralised blockchain.

Regarding who controls the "core devs" of a truly decentralised blockchain. How it works is each operator of a mining node (who number in the thousands) decides which version of the blockchain software they want to run. The software incorporates a voting mechanism; whichever version of the software is used by the majority of nodes determines the behaviour of the blockchain as a whole.

Operating a mining node requires a considerable investment of resources; node operators have a substantial stake in the continued health of the blockchain so they tend to be conservative.

Any developer can take the software and change it as they please (it's open source) but doing so achieves nothing unless they convince node operators to use their new version.

In other words "core devs" means the group of developers who at any point in time have the trust of the mining-node operators.  To win that trust they must convince the node operators they have the long-term interests of the blockchain at heart.

Speaking of New Zealand, this country used to have a reasonably good Bitcoin exchange a few years ago but it was forced to close down by it's bank.  To my knowledge this was for no other reason except that it was a business that traded Bitcoin.  I've heard anecdotally that most or all of the banks here have a similar policy now; they refuse to allow businesses involved in Bitcoin to operate a regular bank account.

The level of interest in Bitcoin and ownership seems high, given the overt hostility from the traditional banking and finance sector.

It seems like the policy would punish payment organisations that haven't "met required standards" regardless of whether those measures & processes had any relevance to the specific situation.  More compliance overhead just increases barriers to entry for smaller payment organisations, and favours large banks.

It also looks like a invitation for customers to make fraudulent claims that they've been scammed.

What apology did the bank offer for the 800% fee hike ?  That's the real crime here.

These are all proposals, announcements.  Worthy intentions are not the same thing as results.  The first sentence on theodi.org reads "If implemented effectively, open banking will unlock innovation that will transform and improve the customer banking experience."

If.

Why would the proponents of these initiatives push for compulsory adoption ?  Only if they believe the projects will fail.  Technical complexity is the IT equivalent of the "fog of war" allowing the banks to blame the eventual failure on the fintechs.

Disclosing credentials is a risk many people seem to be willing to take; present-day banking is all about who you choose to trust.  Breaching T&Cs is academic unless a dispute arises.  If a common API is well-designed and well-implemented the third parties will adopt it in droves as it's reputation for marvellousness spreads, as it proves it's natural superiority to screen-scraping.

The BEUC isn't "advocating" the use of a common interface: pushing for compulsory adoption isn't "advocating." Compulsion is only necessary if you want to force the third-parties to do something that is not in their interest.  In other words everybody knows the APIs will be rubbish.