Oxen Ecosystem

0. Introduction
1. Oxen
2. Lokinet
3. Session
4. Thoughts on the Oxen Ecosystem

This is the fifth video in a 5-video series on Oxen, Lokinet, and Session. This video is about thoughts I have on this ecosystem as a whole.

All original content in this video is dedicated to the public domain. Third-party resources included in this video are not necessarily public domain, but they fall into one of two categories:

1. They are public domain or licensed under a license which permits commercial use without attribution.
2. They are copyrighted works which I have not licensed but which I believe I am using in accordance with fair use.

All Formats

• webm [1080p]
• webm [720p]
• webm [480p]
• webm [360p]
• mp4 [1080p]
• mp4 [720p]
• mp4 [480p]
• mp4 [360p]

Sources (in order)

1. W. Mallett. How Banks Make It Hard For Sexy Startups. https://www.fastcompany.com/3065256/banking-discrimination-porn-sex-toys, November 2016.
2. Oxen Blockchain Explorer. https://oxen.observer/
3. Oxen Project. Session Monetization Chat. https://www.youtube.com/watch?v=FR4YLZ4hZwk, June 2021.
4. The Oxen Project. Oxen Service Nodes. https://docs.oxen.io/about-the-oxen-blockchain/oxen-service-nodes

Script

4.1. Recap

Let's do a quick recap.

Oxen is a privacy-focused proof-of-stake cryptocurrency based on Monero which also provides infrastructure for decentralized applications. Oxen Service Nodes are required to provide high-quality service and are rewarded for doing so. Oxen aims to resist Sybil attacks by requiring Service Node operators to stake at least 3,750 $OXEN for each Service Node they operate.

Lokinet is a Tor-like anonymity network built on the Oxen Service Node infrastructure. It is designed to be very performant while also being decentralized and resistant to Sybil attacks.

Session is an anonymous, encrypted instant messaging app based on Signal. It solves Signal's problems of centralization and mandatory use of a phone number as an identifier, but it also sacrifices all of the interesting cryptographic benefits of Signal.

While Oxen and related applications use long, random-looking public keys as identifiers, these can be mapped to shorter identifiers using the Oxen Name System, making them much easier to use.

4.2. Thoughts

In general, these applications provide anonymity for their users by mixing their users with each other. (For instance, an Oxen transaction must have been made by an Oxen user, but we don't know which one.) In order for this to be effective, there must be many users to make this mixing set large.

Oxen is the only cryptocurrency I know about that actually interests me. I don't condone the environmental harm caused by proof-of-work cryptocurrencies, and I would want money to be anonymous like cash. While I'm generally cynical about cryptocurrencies and the politics that come with them, standard payment processors are also bad. At least cryptocurrencies can't just arbitrarily refuse service to sex workers doing legal sex work the way banks like to do.^[1]

That said, it doesn't actually matter if a cryptocurrency itself uses proof-of-stake if practically speaking to use it, you need to exchange through Bitcoin or another harmful currency. Unless Oxen becomes popular enough to be usable on its own, I have no use for it. Money is only useful to me if I can spend it on things.

I'm also concerned about the decentralization of Oxen. As seen from Bitcoin, just because anyone can theoretically participate in the network doesn't mean it's actually decentralized in practice. Wealth is already extremely centralized, and that wealth could be converted from another form into $OXEN. And the decentralization of Lokinet and Session is entirely dependent on the decentralization of Oxen.

It also concerns me that the network is, by definition, run entirely by rich people who just have 3,750 or more $OXEN lying around. Rich people are not exactly a demographic I trust.

Lokinet interests me, particularly because it may provide both strong anonymity and good performance. Lokinet's "VPN mode" (using exit nodes) interests me as a potential way to provide the benefits of VPNs without having to trust the VPN provider.

I don't like Session. I think it's cool how it achieves decentralization while maintaining usability, and I would consider using it if a friend wanted me to, but I'm disappointed with the sacrifices the Session Protocol makes in its cryptography, and I wouldn't choose to use it on my own.

While I understand why all these pieces need to fit together to work how they do, I dislike the fact that Lokinet and Session depend on a cryptocurrency when they're not themselves related to money. Similarly, there are plans to integrate an Oxen wallet into Session, and I dislike that. I think that they should be separate applications.

It's not clear to me in practice what happens when you enter a registered Session username or Lokinet domain to look up the corresponding public key. The blockchain is over 16GB at current time^[2], and it is not downloaded when you use Lokinet or Session. (Indeed, it would be impractical or impossible on some devices, such as mobile devices with limited storage.) Therefore, you must not be querying a local instance of the blockchain. I assume then that you query the Oxen Service Nodes which do store the blockchain, and you have to trust that the result you get is authentic. This is probably assumed to be safe because the network is assumed to be decentralized, and the nodes are assumed to be mostly non-malicious.

All of these projects are still under active development and being changed regularly. Consequently, auditing is of limited value, and documentation is sometimes missing, outdated, or inconsistent with information in other places. I think these projects need to get to a more stable place before they feel particularly safe to me.

I also dislike the fact that the graphical desktop applications are Electron apps. But I can deal.

The websites for these projects (in particular, the Oxen and Session websites) use Cloudflare and do not fully work without JavaScript. This is a bad look for privacy-focused projects like these.

The fact that Lokinet does not protect clearnet traffic by default feels unsafe to me.

The fact that there are premium features concerns me. For example, it costs money to register usernames on the Oxen Name System, and Session is planning to add paid features to the messaging app.^[3] I don't like the idea of a tiered system where the rich are privileged over the poor.

That said, I do think it's fun that these things are paid for by burning $OXEN to deflate the currency. It would concern me if these decentralized applications unlocked premium features by giving the developers or any other central entity money.

Finally, the argument that if someone tried to launch a Sybil attack, it would drive up the price of Oxen^[4] is very interesting to me. One possible takeaway from this is that launching a successful Sybil attack is very difficult or even impossible. However, another possible takeaway is that enticing a well-funded attacker (like the Australian or US government) to try to take over Oxen (for example, by building an anonymity network and an encrypted messaging application on top of it) would be a great way to drive up the price of Oxen and make a lot of money. I'm not saying this is what I think is the goal, but if it was, it would be quite a clever plan.