Mark (1:41)

Yeah.

Marty (1:42)

It felt like you were falling down the doom loop for a little bit there.

Mark (1:44)

Yeah.

Tony (1:44)

So doomed.

Marty (1:46)

You were, you were, you were doomer there for a while.

Tony (1:48)

Yeah.

Marty (1:48)

You got a fresh haircut, you're losing weight.

Tony (1:51)

New positive outlook on life.

Marty (1:53)

Is it? Is that true? Is that.

Tony (1:54)

I do think so. I mean, you know, who knows what's gonna happen? But like, I don't know, the last six months, I mean, since the pivot, since everything like unfolded, like the last six, eight months has just been like, okay, what can I control in my life? And then just focus on what I can control and make that the best as possible. Like even startups and everything like that. Like, there's only so much you can actually control. There's like a Million different things happening at once and you're trying to find your niche in the startup space, in the economy, but who knows if you'll get it right? But like everything else in life or everything you do, building up to that just has to be like honed in and like, okay, I can make positive impacts here and there and then just make those impacts and just, you know, a little bit, Just hope things work out.

Marty (2:38)

Yeah, no, it's been fun and I don't know gratifying is the right word because I don't know why it has been gratifying to watch you transform. Like the group that you guys have to track your calories and make sure that you're losing weight. That's been inspiring, I think. Is the word not gratifying?

Tony (2:55)

Yeah, dude. There's a tweet that lives rent free in my head for like the last five months. It's just been like the tweets around. All the developers I know are getting buffed as fuck because of the AI coming in the future. It's like, okay, what, what can we do? And we're just going to have to be strong, man. Right. Like this, this AI is just going to take over. Right. So we better, everyone, everyone better get.

Marty (3:19)

Buff, bulk up, take your creatine, eat.

Mark (3:22)

Your protein, learn how to fix like a leaky pipe in your house.

Marty (3:26)

I need to get better hard skills. My wife thinks I'm a pussy because when it comes to that she's like, yeah, oh, you can't change that. I'm getting better.

Mark (3:34)

Well, use AI to teach you. Right?

Marty (3:36)

You can do it.

Mark (3:37)

Yeah.

Marty (3:37)

What are you guys thoughts on Grok 3? Did you watch the live stream last night?

Mark (3:40)

Yeah, I watched the livestream, it was great. I mean, they obviously took the best benchmarks that they could find and said we are better than the others. Like you're going to be selective about that. I like that they, I like how they open source the old model. So Grok 2 is going to be open source. I think that's a decent way to try and like give back to the community. And then they're doing their own kind of deep research feature that ChatGPT has. So you'll be able to use GROK to do like full on industry analysis and stuff like that. So I think that's cool.

Tony (4:09)

Yeah.

Mark (4:10)

But really the hardware part of it is very fascinating. Like building out. I don't know. Did you watch it at all?

Marty (4:15)

I did catch. I was in and out. But the hardware part of the Q and A section where they describe The Memphis facility, how quickly they build it.

Mark (4:23)

And yeah, it was like 122 days or something. They build out from like start to finish. Impressive.

Tony (4:29)

No?

Marty (4:29)

And it was funny. Somebody's been in the bitcoin mining space for six years. I was like, how do they pull all that energy that quickly? And I mean, they explain it. They set up generators outside the facility and I guess they're still waiting for connection interconnect to the substations in the grid. But that is a creative way to solve that problem. They applied off grid bitcoin mining solutions to this large cluster that they built.

Tony (4:59)

How many bitcoin miners are pivoting to AI tennis centers too?

Marty (5:03)

I think it's more of a. I think it's more of a narrative than an actual. Something like core Scientific definitely has diversified and is building on infrastructure for core weave.

Mark (5:14)

You've got iron that says they're doing it. I don't know the specifics.

Marty (5:18)

Yeah, but it is, they market themselves as. It is a different competency. I mean, the. Just on the network side, the GPUs need to be connected. And Elon and the XAI team were describing last night they had to put the Tesla batteries in the factory too, because the modulation of the energy pool. And I was thinking this idea of the mullet miner I think makes a lot of sense because that ramping up and down of the GPUs for training and inference, like one would think, like, oh, they can participate in demand response, but like they need to do that when they need to do that. And they're using Tesla batteries as a way to sort of smooth out that ramp up and ramp down where bitcoin miners could probably fill that sort of gap for them and they can make revenue mining bitcoin instead of just using the batteries. Who knows, maybe the batteries will be able to get interconnected and serve electricity back, but I doubt it will be as efficient.

Mark (6:18)

Yeah, it seemed like it was more of a stopgap while they wait for the utility to catch up. Yeah, I mean, it's kind of like what you were just saying about your personal life where, you know, they, they looked at the situation, said, we need this outcome. What can we control and what's out of our control? So they knew they couldn't build a building from scratch. They knew that all the other people said 18 to 24 months to give them what they need. So they said, all right, go find an existing building, let's bring in generators, let's bring in the batteries. And it kind of went problem to problem and said, let's solve what we can and just do it for now until we can get something better. That was really interesting way to approach it.

Marty (6:50)

I know Elon's a very controversial figure, but I think it's impossible to deny that is very impressive that he's doing all this shit at once.

Mark (7:00)

Yeah.

Marty (7:01)

And they're going to 1.25 gigs for their next gigawatts.

Mark (7:05)

For their next. Yeah, he was trying to quote Back to the Future. What? Couldn't remember 1.21 gigawatts. Yeah, that's the Back to the Future line. That's what they're aiming for.

Marty (7:13)

It is insane.

Tony (7:14)

And that's.

Marty (7:15)

I mean we're going to get to open secret, but I want the world to get to know you guys better because that's again, being here in the commons, being able to observe building. On the topic of AI, I don't know if you know this but like I use you as a reference point. Not explicitly but I say like I'm talking to a lot of teams out there and like some developers are walking around talking to Whispers, feeding things the cursor and really I'm the sum developers.

Mark (7:42)

Yeah, yeah.

Marty (7:44)

Why don't you explain that like workflow that you've been iterating on, man?

Tony (7:47)

And it's. I used to be like anti AI, like in the early days, I'm like, oh, it's not going to replace my job, it's not going to help me out. It's got to be outputting crap code. Like I can do way better. That was like you know, a year or two ago for me at this point. But like it has just gotten so good now. I mean I'm using it all basically. I'm using Cursor with Claude, I'm using Perplexity for some just online searches. I'm using 01 Pro from OpenAI for some of their more like in depth, thorough analysis. And then there's deep research that just came out and then I'm using that to just like, you know, gather. I'm using it all in like the development tool chain. I'm like gathering feature requests and feature requirements and like, you know, how to architect things properly with one tool. Then I'm turning around and given to Cursor to actually implement those, those features and I'm turning around and have everything like PR reviewed or like, you know, fact checked by 01Pro once that's done with and then I go back and I submit a pull request on GitHub and then like I have another AI code rabbit come through and just like give like in depth, thorough nitpicks or like, you know, improvements. It actually like understands my code base really well. So then it just like gives me little nits and then I turn around and give that the cursor. Like it's kind of insane. Like most of open secret, like I would say, like, I don't know, the first, first like three to five months has just been like me coding by myself, like no AI assistance. And then once you get to a certain point, like, especially if you're, you're doing it in your own particular ways and like your own programming style and all the stuff, particular features, once you start building up enough context and enough history and enough memory, so to speak about this, then AI has gotten really good at just like replicating what you've done. Like if you think about the average developer, like how much of it is like copy and paste code, you know, maybe you wrote it in a different project or maybe, you know, you're just like trying to get some random function to do, I don't know, sorting algorithm or just anything. Like how much of it is already like copy paste code or you're adding a new API. It's like, okay, well it's going to use all the other stuff that I use. And then, you know, with these little features, when you start like iterative programming on top of your own stuff, AI is just, it just picks up things naturally and then it just improves things from there. So it's like I've gotten to the point now where it's like, yeah, I'm doing a hundred percent of my code just by myself. To like, probably AI is like 90% of the code that's written now. I'm like, I'm spending a lot of time on prompts. Like, you're not just going to just like write a sentence and get what you want. I think there's like false expectations of how much is required for like the joke is prompt engineering as a job role. But like it's 100% a real thing.

Marty (10:39)

A prompt.

Tony (10:40)

Yeah.

Marty (10:40)

So you're a professional prompting.

Tony (10:42)

I, you know, it's, it's sad to say but like, that's probably what it is now, so.

Marty (10:47)

Freaks. Do you have a credit card? Are you getting cash back or airline points or points for some other service? Guess what? Those are shitcoins you want to be stacking Bitcoin. I have some groundbreaking news for you. The team at Fold has finally released the Bitcoin rewards credit card. They have a Wait list gonna be distributing the cards later this year. So you wanna get on the wait list full plus members are gonna get unlimited 2% bitcoin back on this credit card. If you get on the wait list, they're up to $200,000 in prizes. They're gonna be given out. So get on it as quickly as possible. Go to TFTC IO folder and get on the wait list there. If you're on the waitlist, you have the potential to win some of the prizes. Check it out. Sup freaks? This rip at TFTC was brought to you by our good friends at BitKey. BitKey makes Bitcoin easy to use and hard to lose. It is a hardware wallet that natively embeds into a two or three multisig. You have one key on the hardware wallet, one key on your mobile device, and block stores a key in the cloud for you. This is an incredible hardware device for your friends and family or maybe yourself who have Bitcoin on exchanges and have for a long time, but haven't taken a step to self custody because they're worried about the complications of setting up a private public key pair, securing that seed phrase, setting up a pin, setting up a passphrase. Again, BitKey makes it easy to use, hard to lose. It's the easiest zero to one step, your first step to self custody. If you have friends and family on the exchanges who haven't moved it off, tell them to pick up a bit key. Go to Bitkey World, use the key TFTC20 at checkout for 20% off your order. That's Bitkey World code TFTC20. What are your thoughts on the debate about whether these tools are going to destroy jobs or just make people in positions that much more productive and actually lead to some sort of job creation?

Tony (12:43)

Yeah, I mean, I think there's a push and pull with, with both of those terminologies. Like, you know, some jobs are going to get cut and then some jobs are going to get, you know, some new jobs in the process and then at the same time the productivity. So I think it's like the combination of them all. I mean, you can't have new jobs without jobs being taken away. Like, I mean, sure there's going to be unemployed people in the world that could fill those spots, but they're also probably not filling those spots in the first place. So I think like new jobs are going to be created and people are going to shift out of old roles into new ones and then also like it's going to Change the, you know, jobs don't even necessarily have to be lost, they're just redefined. Like, you know, a software engineer has been a software engineer for the last like, you know, 40, 50, 60 years. But what it's looked like has changed drastically. It's like a tool, right? Like construction workers didn't go away when a hammer was built. Right. The construction workers started using hammers and then power tools and then, you know, and then cranes and bigger things like that. So I think it's just going to shift. And then also like project management itself, I think there's going to be, I think you're going to have to be more of a jack of all trades a little bit, but an emphasis on communication and project management. I think it's going to like, even just for a normal, you know, you could be a designer, you can be a software engineer, you can, you know, you can be any job role, support agent, you know, like it doesn't matter what it is, you're going to have to get better at. You know, AI is not going anywhere at this point. It's only going to get better and only going to get, you know, put in everything. You just have to be good at communication because like the prompt engineer, you know, the prompter, you have to communicate so well and you have to be accurate what you say. Like I, I'll see people, you know, say, oh well, I had a bad experience with AI, it did this. Or like I'm telling someone my workflow and then they try to reproduce it. I'm like, okay. They're like, oh no, it failed and, and do it right. And I was like, well, let me see your prompt. What did you do? And I was like, oh, that's a skill issue. Like you told it to do that and it did that. It just wasn't what you expected because you didn't tell it what you were expecting. So it's like, I don't think, I don't, you know, jobs will get taken away a little bit. But I think ideally it just redefines.

Mark (14:47)

What someone does and we'll just make more things. Like, right, there'll just be more companies, more people, more industries, building more stuff because we have these tools.

Marty (14:57)

Yeah. And I could see, I think the jury is out and the data is yet to be collected. But you could see Worldwide leads a better quality of life where people are actually working on things that are interesting. They don't have to do that low level yeoman work. Let the AI do that and you can think creatively and Build products that you would never have had the time to sit down and build from scratch.

Tony (15:23)

Not just that, but a little bit on the context switching, but also the resistance to doing hard things. Right. We all have a task that are like, oh, it's going to be so hard. I don't want to start it yet. Almost like writer's block a little bit. But when I have a thought about, you know, a new feature we need to build and I'm like, oh, that's gonna be so hard. Like I don't even wanna think about that right now. I'll just like use voice. Use like a voice AI assistant tool to just like communicate my thoughts and like my worries and like what I think needs to happen. And then I'll send it to like deep research or something and I'll spend anywhere from like, you know, 10 to 30 minutes like you know, doing deep research. And then it comes back, I'm like, oh cool. It did did all that thinking for me. Like I didn't have to worry about it anymore. I give it to cursor and it starts, you know. So I think this asynchronicity to AI can let us just give it our thoughts and then let it take over and then come back to it later. Especially for a code review. I've had one. I'm working on a feature right now. It's already almost 6,000 lines of code now already. And I've been working on it for a month or two at this point. And I'll be doing all kinds of other stuff throughout the day, throughout the week. And I'll just, I'm like, oh man, I forgot where I left off. And then I'll just give it to 01 Pro. And then I'll be like, hey, here's my current diff. Here's my feature set that I've been implementing. What's left, what's been done so far and what's left. And then I pick up where I left off. And it's kind of amazing at that too.

Marty (16:48)

It's pretty fascinating. Can you give an example of what you would deem to be a high quality prompt to get the results that you're looking for?

Tony (16:57)

There's actually a mass, so we've known a lot of AI models to be very chat like, so chatgpt.

Marty (17:08)

Some of.

Tony (17:08)

Those others, right, where you just like have a long going conversation with them. And now there's these new reasoning models like zero one Pro Deep Seek a few other reasoning models that are out there. They're starting to Roll them out more where it changes the thing. I found them to be very bad at conversations. In fact, like, I only use reasoning models for like a single prompt, but I spend a lot of time on that prompt and it gives me a very thorough answer. So it's like, what was your original question? What's a good prompt? There's this guy, I forget his name. I'll have to give you the article later. But he lays it out. It's like you start out with a very simple sentence or two about what you want. And again, this is only reasoning models, only that I do this for you give it like two sentences about what you want. And you don't have all the details there, but it's a very basic thing. Let's say I want to add a new API call for a login method, and you just leave it at that because there's caching that prompts do as well. So if you leave it at a simple sentence like that, like, there's a lot that the AI could reference. And it's like, oh, a login method, okay. And then you start out with. And then after that sentence or two, you talk about like what it's really important to you, ask it what it should return to you. So that way it knows what kind of feedback to give it to. Maybe you're trying to just get like a product description or like, you know, just some, some feedback about the feature. Maybe you're trying to implement that code. But you say like, important like, or no, no, not important yet. You say, I want you to return me the code changes I need in my code base in order to add this method. So it just gives you the code you want at the end. Then you say important and then you give it any other very important context. I wouldn't put everything in there, but just like it's like, hey, this needs to be using like encryption methods for this or things like that that encourage really needs to get right. And then you give it all the context. And so for coding, I will give it. If I'm already working on that feature, I'll give it the code differences I've made so far, and then I'll give it as many files that's relevant to it and that's the key too. Like, you don't want to give it your whole code base because then it's just like there's a lot of things that don't matter, a lot of code that'll get confused on or hung up on or think it needs to change. You only give it the files that are absolutely important to your feature. And then at the very bottom, after you give it all that context, then you just give it like your own personal. This is where you can just like ramble off. It's like, okay, yeah, I've thought about making the method look like this and having these parameters in it. Or like, oh, well, you know, need to make sure that if the user gets their password wrong, we communicate that they have a wrong password, things of that. So you just kind of like blurb all your random thoughts, but you save all that extra context for like the very end and then you hit send and then just let it rip. So like there's a. And I think OpenAI came out with some like prompt guidance too on these new reasoning models. But that's basically what what I do on a normal day to day for prompting these reasoning models.

Marty (20:08)

So simple, broad, I need this more specific implemented in this way important context and then additional context about the taste and flavor.

Tony (20:21)

Yeah, basically. Interesting.

Marty (20:23)

It's fascinating. I need to get better at prompting.

Tony (20:25)

It's crazy.

Marty (20:26)

Most of my prompting happens in mid journey when I'm making thumbnails.

Tony (20:29)

You can even sometimes I will get cursor to help me write my prompt that I'll give to the reasoning model because I'll be like, this is what I want. But I need you to gather the research, gather the relevant code and give me the prompt back. So it's called meta prompting where you actually get another AI to write your prompt for another AI. And it's great.

Mark (20:54)

Crazy.

Marty (20:54)

And eventually you'll have agents to just transfer those prompts, right?

Tony (20:58)

Yeah, the whole MCP protocol that's coming out like this new agent based world is going to be really interesting this year where you have agents that are specialized in specific parts of the code or specific tools that you need. So that way you don't have one generalized AI trying to do everything. You have like, hey, you're an AI that's only good for code reviews or you're an AI that's good for like running linters and commands on the computer that you may need to run to assist with the programming and stuff. Or searching the web too.

Mark (21:31)

Yeah, One nice little hack too is if you get deep into a conversation, into a chat with an AI, you can just ask it, hey, what's a prompt that like give me the prompt to get back to the spot or give me a prompt to do this again in the future and I'll be like, oh, tell me to do it this way in the future. If you want to get this kind of output. So, like, for example, my day always starts with me going into AI. I have a prompt to say, like, I want to prioritize my tasks for the day. And then I say, I'm just going to ramble to you. And I hit the microphone button and I start talking as if I was talking to, like, an executive assistant. And it's like, here's all the thoughts I have for the day. Here's the stuff from yesterday I didn't get done. Please use my specific prioritization prioritization model to, like, give me what you think I should focus on for the day. And I'll ramble On for like 20 minutes, sometimes five minutes, you know, whatever, like, whatever it'll be like in the car, I'll just hit record, and then it spits out a really nice prioritized list that I can then, you know, work off of. But I've developed that prompt over a few weeks to make sure it's good.

Tony (22:30)

I think that's key to what you said about the executive assistant. Like, actually talk to the LLM. Like, you're having, like, you're actually paying for an executive assistant to do this, and you want them to get it right without you having to go back to them later to fix all the things. Like, it's not like, treat the AI like human because, like, they might take over the world someday. Like, treat them like a human because, like, if you want the job done, if you want a human to get the job done right, you have to give them all this information. You know, we have a friend who, like, started outsourcing their executive assistant tasks to, like, some person in India or something. And it's like they're just. They're just spending so long getting them to, like, actually do something useful for them, but, like, the amount of level of details you have to give that human, the executive get to assistant. It can be a lot sometimes. Yeah, but you should give that same level of detail to an AI if you want to get it right too.

Marty (23:23)

That's one thing I need to get better at is particularly I had not played with the voice to executive assistant AI.

Mark (23:31)

Yeah, well. And you don't even have to use the fancy stuff like ChatGPT. I just. So here's my little shill from Maple, right? So, you know, I just go in and iOS has that little microphone button that just uses the device to do speech to text. And so that's what I do with Maple. So I'm in the text box. I hit the microphone button and then I just talk and it transcribes it right into Maple as text. Way better than me typing it. And I give it more details than if I were typing it. Right. Yeah, I can just ramble on. And so I feel like that's just really effective. And the thing that I love about doing it in Maple and not doing a chatgpt is I can get very personal. I can say anything I want to and know that it's private and encrypted to the gpu.

Marty (24:07)

Yeah. Providing a good segue. But before we get to open Secret Maple, I guess this is the segue to how has this accelerated your ability to build out this product suite?

Mark (24:21)

Yeah, I mean, on the business side, this is my first time being a founder of a company, right. I've been an early employee at multiple startups and so I've seen kind of close. Sometimes I was in the room, sometimes I was in the room when these big decisions are being made. And so now as something comes across my email or my desk, whatever, I can just go into AI and be like, all right, this is happening. This is our cap table. Or this is whatever, like, help me figure out this next step. And it used to be you go onto Google and search and you get some Investopedia blog post, right? And you're like going through all the ads and you're sipping through everything. Now I can just chat with someone as if they are my co founder buddy. You know, I don't have to bother Tony all the time or I don't have to bother the lawyers or that kind of stuff. So it's just really good for like getting that knowledge but having that back and forth constantly. Yeah.

Tony (25:11)

On the development side, it's insane. Instead of having contractors, I mean right now I'm the only dev. So it's just us two now at this point at Open Secret and I'm doing all things from front end to deployments, I have everything on my plate and I don't feel overwhelmed. It's just like I just send things off. I work on a lot of different features at the same time and just send them off and have the AI do it. So it's like the zero to one right now for like building apps or even proof of concepts are great too. Where it's just I'm about to have to make a new landing page for a new branding, right? And it's like I haven't done a landing page ever, but it's like, hey, I could probably get AI to do that. We don't have to hire a contractor, pay them like 5 to 10k for a month's worth of work to do our landing page. It's like, okay, I could probably do that.

Mark (26:01)

Yeah. And like we love to talk about that phrase, zero to one for a startup. And it's like with AI, you're not starting from zero anymore. You're like 0.5 to one or maybe even 0.9 to one. Like really, it's all this knowledge base just like encapsulated. You just have to know how to ask it the right questions, give it your context and then you can leverage that. I mean, we've talked about how we've been like projecting what would our hiring needs be for the next few years if we want to raise some money, like how much money do we need to raise? And with AI, like both of us are able to do more jobs than we would have been able to do previously with the number of hours we have in a day. So we can hold off on hiring, which is scary to some people because they think, okay, that means no jobs are being created, but that frees up resources that we would have hired. Those people could go do something together and start a business and making something totally new. And I think there's a lot of kind of synergy, for lack of a better word, that goes on with that where we end up with more businesses that are building what they want to build rather than just going to work for someone else who's going to tell them what to do.

Marty (26:59)

Yeah, it's so equally exciting and a bit not scary, but just like there's a great unknown out there that's just being explored. Uncharted territory. Yeah, it's been, again, like I said, it's been fun to watch YouTube, particularly because I think out of everybody there's like we were at that event, you were there in, in October and there was a whole, whole track on AI and how to implement it into your business flow. And we had like a one on one and this was what, four or five months ago? And it seems like just the landscape.

Mark (27:35)

And how much has come out since October. Yeah, yeah, it's true. Well, okay, one industry that I think is totally screwed is in industry research. Like the people who would go out and do all this research and assimilate into report and sell it for like $1,000 just this morning. So we have these stats that we share from 2023. Here's how many data breaches happened in the US how many companies were affected, how much money it cost it was like $14 billion in 2023 for data breaches. And then it's like, well, the report I read hasn't updated yet for 2024. So I just went into ChatGPT. I formulated this really nice prompt. I gave it the 2023 report, gave it a few other suggestions and said, give me something for 24. And I came up with what looks like really legit. I was able to go look at all the sources that it pulled. I'm like, yeah, that seems accurate. So I don't have to wait for some company to give me a new report. I don't have to pay for one on commission. One. I can just run this. And as long as I can verify the sources that it's pulling are factual, then I can move on with my day.

Marty (28:33)

Yeah, it's again, incredibly bullish. That's what we're trying to get smarter on implementing it here at tftc. And we've done it in many ways. But that's one thing I really want to focus on moving forward is research. How can we pull up interesting stats about bitcoin, about markets, about that. And I was. Perplexity. Just launched a deep research product last night actually. And I was playing around with it. I was like, oh shit, this is really cool. Sup freaks? The rules of the game have changed. The first 30 days of the Trump administration have ushered in a massive shift in bitcoin policy. Regulatory clarity is emerging, institutions are stepping in, and America could be on the cusp of a national strategic bitcoin reserve. Join Unchained for an exclusive online event with Connor Brown, counsel to US Senator Cynthia Lummis, Preston Pysh and Matt Pines from the Bitcoin Institute on February 25th at noon Eastern. The event will cover what's changed, how it impacts your generational wealth and what might be coming next. Don't get left behind. Secure your spot now. Sign up@ Unchained.com TFTC Again, that's Unchained.com TFTC. But back to open secret. I think let's take a step back from what you guys are doing, like implementing the code and creating these workflows. Let's talk about the journey to the product that is Open secrets. Obviously started with Mutiny Wallet. You guys, I'll let you tell the story, but just to frame it for anybody watching or listening, you were trying to solve the problem of self custodial bitcoin, particularly over the lightning network integrating ecash as well. Discovery, that's a hard problem to solve. Timing may not be market may not be ready for a product like that. But through building that product you created the primitives for what is open secret and the backend processes and sort of tech that you built to ensure that people were using Mutiny privately and sovereignly sort of led to what OpenSecret is today, which I think has a much more broad application.

Tony (30:41)

Yeah, yeah, I could start a little bit with that and some of the problems we had in the mark's take it over from the new direction. But yeah, we were building out Mutiny I think for over two years now or maybe a year and a half before we shut it down, but not a long lifetime for a wallet. But I think we saw really early on everyone, there's a lot of bitcoin developers out there and we all kind of gravitate towards wallets and stuff like that because it's an interesting problem to solve. Plus you can get a lot of users, you can get a lot of people using your apps and loving it and making payments all over the world. So there was a lot there with building up Mutiny that was really fun and entertaining and we always wanted to do it in the most private but yet easily accessible and secure way possible. So a lot of the tech that we built out with Mutiny, so we were like Bitcoin Lightning Wallet with, with Ecash and Fedimint later on too, but wanted to start like on the web too. So that way we can be accessible to anyone that can just go to a website and start paying. With Lightning you don't need to download an app, you don't need to get started with it that way. You just copy your 12 words and you're good to go. And there was so much friction around well, Lightning. Even though Lightning's been around for what, eight, nine years now at this point. It's been a while. It's. There's still so many problems with it and there's still so many ways where people lose money. You know, it's not even, it's not even just like bugs or anything that like we could solve. It's just like there's so many gotchas in Lightning that.

Marty (32:19)

Liquidity issues, mainly liquidity issues.

Tony (32:22)

There's locked up funds, there's like forced channel closures, there's like, you know, fee rates and you know, we, when we launched, we launched immediately into like, you know, ordinals fervor and so it was just like, it was just like hell from day one to be like day one launch to be honest. I mean building it out. Everything was fun and Great. And we had thousands of users using us and sometimes like a thousand users a day using Muni Wallet, which is crazy. But it just started getting to the point where it's like we hit our cap, I think of being able to reach people, being able to have something solid that actually works 99.99% of time, just like unmaintainable. It's just like we can't go further. I don't think we can go further. And yeah, there was some doom and gloom about it at all. But like, you know, as founders, like you're so emotionally tied to like your product and like the reception and like the support and all of that and it's just, and it just like things were just degrading and user experience and then like as wallets were shutting down around the world, yeah, it was just like are, you know, we would get more inbound, but that inbound, like had no idea how to use like a self sovereign Lightning wallet. It was just completely different from the custodial mindset. And so there were so many issues from day one. But a lot of the tech that we built wasn't even around like the bitcoin wallet itself. It was around like, okay, how do we do encrypted sync properly so that you can log in on one device, you can go to another device and like log in and you lose no data. With Lightning it's like critical that you never lose your state and you always have the same state no matter what or the latest version of the state. So we had to build a lot around encrypted sync, which now incorporated our new stuff. And then also we started looking at okay, well what would it look like? We always talked about immunity. What would it look like to have a single sign on experience where you just hit login with Apple or login with Google or normal email password login or even pass key or something like that or some 2fa to have a Lightning wallet or have a bitcoin wallet. And what would that look like and how can we make that as secure as possible? Which has led us to building a lot of things inside of secure enclaves which we can talk about later. But just so much of the tech from what is the login experience, what is like from soup to nuts, using it, having multi device sync and doing everything as secure and privately as possible. And with that mindset, when we're evaluating okay, for shutting down Mutiny Wallet, what are we going to do next? Should we shut down the company? Should we take a lot of our learning? Should we pivot in different areas. So we took all what I think we learned and some of the tech that we built out and some of the tech we hadn't built out yet but wanted to. For Mutiny it's like, okay, let's go try this and let's just not make it only for bitcoin apps and bitcoin wallets and stuff like that. You could build the next Obsidian and then encrypted note taking app, you can build another like something for your health data. Like everything to like any app out there that like is just sharing user data everywhere and you know, it's just being stored plain text and databases. Like okay, we can do something better here and like actually secure and privately host our data without having to self host because like self hosting things is also a pain in the ass. I self host so many different things, so many different things. I shut down because I'm like, this is unmaintainable, this is unsustainable. Like I can't maintain like 20 different apps that all have different update schedules and things break all the time. So yeah, it just wanted to find like a good middle ground where it's like, okay, it's pretty secure and it's actually really usable. And so we just want like, hey, let's start here. It's like a great middle ground.

Mark (36:13)

Yeah, no, definitely. And then also focusing on the UX aspect of it, there's kind of this meme within the bitcoin development community of we aren't going to win because we have like privacy, right? We're not going to win by selling users on privacy. The next hundred million users, the next billion users aren't going to be like, oh this is really private, let me use it. We're going to win by just making the most like the easiest to use product. You know, something that's just really simple. They can get in and they can have maybe some self sovereignty. So that's the approach we've taken is how do we take this like scary onboarding process of here's a private key, make sure you write it down, stick it in your safe, don't lose it because if you lose it, you're going to lose access to all your funds. So we wanted to build this really simple login process. But then also we don't want to be responsible, right, for any of the data. It's your data, not ours. So that's where it's like, okay, let's use this new technology of secure enclaves in the cloud and let's build something where we can generate a private key for you, but it still belongs to you. We can't see it, we can't act on it at all.

Marty (37:14)

Yeah, and this is. I think you're both in here. Like three weeks ago, when we were having this conversation about nitro enclaves. It was the day after you released Maple, and I was testing Maple, and I remember because you guys were using the Llama model. People were asking me after I tweeted out, I just bought an annual Maple subscription. You should check it out too. People were immediately prompting it, like, who do you send your data to? And Llama, because it was made by Meta, it just had the rote sort of doc script in it. Like, it goes back to Facebook. And somebody asked me, why is it going back to Facebook? I was like, oh, it's Llama. It's open source. Maple can't see your data. And then he asked me, how do you know that? And I literally used Maple to do research on nitro enclaves. And I was like, a refresher and a deep dive. And you guys were in here the day after, and we're talking about. I think I like the way that you phrased it. Marks was like this transition where we had. The Internet's gone through these iterations at different layers that has ultimately led to encryption at these layers, more privacy for end users. And similar to when we had the transition from HTTP to HTTPs. You think a similar transition is going to happen in the cloud?

Mark (38:35)

Yeah, definitely.

Marty (38:36)

Driven by these enclaves.

Mark (38:37)

Yeah. So, like in the 90s, we all got our AOL CD and we loaded it in and we were just going to websites and they were all just clear, plain text. And that was okay because we weren't sending username and passwords. We were just, like, pulling up a webpage that was already public. But then when we started doing banking or eBay or PayPal, that kind of stuff, it's like, okay, we need to get this little lock icon and secure our communications. But then if you look at, like, look. Look at Snowden for an example. You know what? What Edward Snowden exposed was that, yeah, your data is, you know, in transit, is safe and encrypted, but once it lands there, it's just in this big honey pot of a database. And a third party who wants to pay for that content can come in and get it, or a hacker can come get it. Right. And so what we need now is we need this next step where we encrypt everything in the database per user, because you don't want to be. You don't want to have your data just like exposed. If someone else gets hacked and they get access to the database and they get in through someone else, and now everybody is vulnerable at that point. So I think that what we have on Maple is we have this like verified badge and you can click on that and you can see the attestation. And this shows you what the enclave that you're talking to, what the fingerprint, the checksum of the software that's running on there. And then you can go onto GitHub and look at our open source code and you can like download that. You could run a build. We've got all the instructions on there. You can build it and then you can compare those checksums with each other, right? And then you can say, okay, that's verified. The cool thing we were just chatting about this morning is you don't have to be a software engineer anymore to do that verification process. A lot of the Bitcoin world, you know, these, these hardware wallets and other things, we kind of trust that there will be some industry watchdogs that are like, looking at the open source code, finding the bugs and raising red flags. But now, literally, you know, if we push a new build to our servers, you as a non programmer could download the latest update from GitHub and then give it to ChatGPT01Pro and say, hey, are these people logging anything? Did they insert a backdoor in this latest change? And it will like run through all the code and it can tell you like if we've done anything nefarious, right? So you don't have to like trust on some, you know, software engineer to do that for you. You can just do that verification yourself if you want to, or you can just trust the verified badge there. But it makes it, it puts that many more eyes on our open source code to verify it. I think it's really cool.

Marty (41:07)

AI come to rescue. I mean, that's, I mean, another big meme when it comes to verifying the code. It's like, all right, you get the PGP signature, like download like a PGP app on your computer and try to verify it. And I've done hand up, I think I PGP verified some Bitcoin software once in my life because it's just too hard to do.

Tony (41:32)

Not only that, but even going back to the SHIFT and encryption and the SHIFT in cloud services and stuff like that, just the fact that there are ways where you can have specific code push it to a server inside of its secure enclave and then actually, and then from there, once it's running, it's basically impenetrable at that point. It's like in the enclave it's running. You can actually verify that's running. It's a huge plus. You have no idea what code is running in the cloud today.

Marty (42:05)

Yeah. So let's explain it on 5 to the audience listening in. Compared to. Let's explain. I mean, you sort of alluded to it with the text is encrypted in transit, but once it gets to the server, it's not encrypted. Let's elaborate on that model a bit, how it's been susceptible to nefarious actors or companies that secure that data, selling it. And then when did the introduction of these secure enclaves happen? Where are they available and how does it change that interaction between end user and their data on these databases in the cloud?

Mark (42:46)

Yeah. So I'll talk maybe like the consumer app perspective. And then if you want to go into the enclave stuff, you can, but all of these apps that we have on our phones in our pocket are just, they're kind of leaking data constantly. Right. They're sending data into the cloud, it's being stored in a database. And we are just trusting these developers, you know, these, these companies to not do anything bad with the data. And maybe they're totally benevolent. Right. But we don't know the 30 people that work there, the 50 people that work there, we don't know what they want to do with the data, who their third parties are that they're inviting in to look at the data. And so if you are, you know, let's say you're using an app to track your runs that you do in your neighborhood, they're storing your location data in a database somewhere. And you don't know if there's some employee at that company who's like, oh, I want to see where this person goes every single day and. Or there's a hacker that gets into the system and now downloads all that. And so your home is now vulnerable. Right. Because they can tell you do this daily run around this neighborhood. A very real world thing that I experienced. One of my first jobs I worked at was an online backup company. So you would install our software on your computer, you would back up your entire computer to our cloud. And we had the same exact concept of we had a shared key where everybody's stuff was just dumped in our database and it was open to employees that had elevated privileges or for those who were very concerned, you could generate your own private key. And so you would encrypt all your files on your computer before sending them to our servers. And then we couldn't access the files. We just had a bunch of bits there. But because that private key is this long, complicated text string. And then we have these big scary warnings that say, make sure you back this up because your files will not be downloadable and restorable if you lose this. Only about 10% of our users use the private key. So most of our users, they would hit us up on support and be like, hey, yo, I need to restore. This is not working. And it's like, okay, let me go download your family photos for you and help you restore that. And it was kind of this weird privacy problem where we could just see everything. So I think that we have just become accustomed to trusting others with our data, and we think that it's more secure than it is, but really it's not. And I don't want to paint developers in a bad light, but they are holding onto this giant liability where they might be on the hook for like, you know, $9 million of costs if they have a data breach into their database and they spill all these, you know, private, you know, data points online. So we're trying to build a platform, kind of to encapsulate open secret. We're building a platform where an app developer can just talk to a normal backend that they're used to through normal APIs. But everything is done responsibly behind the scenes. So every user is put in their own private vault, their own data bucket. But your code, you just write it and interact with that data as if you could see it all. And so we want to make it really easy and hopefully usher in this new generation of apps that have encryption turned on by default and user privacy turned on by default. Not because it's something that they really care a lot about, it's just because it's the right thing for all of us to do. And then they can absolve themselves of some kind of liability down the line.

Tony (45:56)

Yeah, it's like the whole point of, I think we can get that same level of usability where the developer is, they're going to be using some auth service, maybe auth0 or something for their user login. So they're going to be using Supabase for their database and everything. They're going to use all these tools and services and APIs available anyways. It's like, let's just match their level of developer experience and we'll provide the same things, except like whenever a user's logging in all of these auth services online, they always have this mode where you can impersonate a user and then at that point you just see exactly what the user sees. And for some of it, God mode.

Mark (46:39)

Yeah, exactly.

Tony (46:40)

God mode like Twitter has that every auth service that exists, every major company that exists has something like this. And for one, sure, you can probably catch bugs easier that way if you see everything the user sees and you can run into their bug easily or something. There are some improvements there where you can make it better. But it's basically free game for every developer and every company that has users logging in. So we're specifically targeting app developers first is because we can provide their users the better security while using the same level of tooling and APIs that they need. It's just like Mark said, the encryption happens by default. There's no way to have an impersonation mode. There's no way to just see that private data that the user is storing encrypted. It's all client to server, end to end, encrypted. And the developer with their client code is just helping facilitate that on behalf of the user. So it's really giving users the agency on behalf of the developers that are building these apps for them.

Marty (47:43)

So let's dive more into the technical details, where the secure element comes in, how the user interacts with that, and how the app developer is able to interact with that. And then maybe the cloud provider too.

Tony (47:56)

Yeah, to just introduce the concept of secure enclaves. We all have these secure elements on our phones for once. That's the easy example. Whenever you're on iPhone on iOS and it pops up, that little face ID thing is because that's actually built into the hardware. Whatever you're trying to access or whatever passwords or, or data you're accessing, it's actually protected by the secure element on the phone. So this is why Apple has always taken and you would know Apple more than me. So correct me if I'm wrong, he's ex Apple. But they have taken the stance on privacy and security and the making that easily accessible by users. They really championed local phone secure enclaves or secure enclaves on the MacBooks. It's built into the hardware itself in a way where not Apple, not even Apple can get into it. Like very often they are not able to whenever like law enforcement requests come in. Now, of course there can always be hacks, right? There's always companies trying to exploit things and hardware itself. But it's like from day one, they're trying to like build it into the hardware in a way where like, you know, whatever data is in that secure element, that secure enclave, like it can't be accessed at least, you know, not reasonably. You know, there's, you know, it's a billion dollar industry for trying to like break into hardware and stuff that, and so much successful. But so I. It's not foolproof by any means, but it just like raises the bar of entry by 100x and you know, for instance, like now we're starting to get into secure elements and secure enclaves in the cloud itself, which is really cool because, you know, Carl Dong talked about it with this Obscura podcast that you, you just did last week. You know, he said that he was like, yeah, someone told him, hey, take a look at like what Apple's doing for their private routing stuff or their private AI, that they're doing their private relay. So all of that privacy stuff. And he looked at it, and we also looked at it too around like a year ago. And it's like, oh, they're doing things right. They're having servers with these secure elements on them. And what happens when you do it at this point on your phone, when you want to store data privately or be able to log in or something like that, it all goes into the secure element and you have to face ID it and it's checked by the secure element with servers. You, you take specific code that you know is like good and correct and you put it into the enclave. And when it's inside of that secure element, the actual hardware itself, you can't penetrate it from then on, like that code is running. You can't like memory inspect it. You can't memory dump it. You can't like, you know, run different code on top of it once it's in there. So it's like, it's a way to, you know, for users with their iPhones, they're sticking data in there and they're having the like face ID or you know, put in the correct password to actually get into it. And it's like a hardware lock at that point. You can do the same thing with code now and running servers inside of it too. So any code that is running in there, you can verify. And we do all client side verification too. So like in the Maple website, which is the first app we built on top of Open secret to like prove this concept, we do all of the checks client side. So like, if they were to fail for whatever reason, if if the code does not match what we expect it to run. And, like, all enclaves, you know, give this, like, attestation report to, like, verify, and it's built into the hardware of it to verify that, like, the hardware is running exactly what the hardware says it's running. If that were to fail for whatever reason, then. Then no calls would proceed forward. We have, like, this check on the front end that just will fail. And you users can see that, like, you know, there's errors processing the request because, like, it doesn't match up. So it, like, stops as soon as it has unexpected code running in the server, which I think is a really nice feature. And it not only protects us to make sure that no one got into the supply chain is running different code on our servers, it would already benefit companies to make sure that they're running the correct code no matter what. There could be backdoors in there. They don't want me to know about it. But not just running the correct code, but now users of their software can verify it too, which is really cool.

Mark (52:17)

Yeah. There's that concept of a canary that people will put on their websites to say, you know, I'm being. I am not being, you know, investigated by the US Government. And then if that canary ever disappears, you know, that they are being investigated. Well, it's a kind of a similar concept here where, you know, that we have not inserted a backdoor into the code because there's that verified badge, and that the software actually talks to the server. If we were to insert a backdoor, run new code, or someone in the supply chain inserted one and ran different code, not only would the verified badge go away so the canary, you know, dies, but the software just won't even talk to the back end anymore. And then in the. In the weird event that maybe it does and, you know, it's a new code update gets pushed. It is verified because we're trying to be nefarious. Well, then you go look at the code and you throw it into AI and say, hey, what's. Is there a backdoor in here? And it's like, oh, yeah, you know, they inserted this thing right here. So it's. We're trying to protect users, protect ourselves, and just, you know, create a much, I don't know, a more positive interaction with your data.

Marty (53:24)

Yeah. And then how does this change the relationship for the app developer and their user's data? Like you mentioned, you may want God Mode to be able to find bugs. Some people want the data to be able to sell it to Third parties is there, does this create a new variable for app developers that makes them seriously think like, do I want to use this more secure, more private way because I don't have access to this stuff? I guess another way to frame it is the security and privacy improvements and the abdication of that liability that you described earlier marks like, like a big enough sell for app developers to begin implementing this.

Mark (54:13)

Yeah. So when you're doing a pivot or when you're doing any kind of startup, you talk to a bunch of users. Right. And you just put your idea out there and you get feedback on it. So I think since the beginning until now, we've probably talked to 20 or 30 different developers and early on especially we ran into, it's probably split 50, 50. Half of them were like, hell yeah, I want to like have stronger privacy and security. The other half were like, no part of our business model is taking this user data and selling it, or they work in an environment like education, for example, where the institution needs access to all the data. So it would be bad if it was all in private vaults. So there definitely are people who have built a business model that way and to some of those, like, they just won't be interested in doing this and that's fine. But for others, I would kind of push back and say, well, is that a good business model for you moving forward and is it worth the liability that you're taking on of housing all this user data that could be leaked at some point?

Tony (55:13)

I think it's a big enough market for people who want to secure their users data. And I think there's many developers out there and then users of these apps that are like, I do want more private way to do things. And so it's like we're always, I think the hope is like we can appeal to them, but I don't think we're gonna appeal to everyone building these apps. But at the very least, like, I want to build it in a way where it feels like they're using any other third party service out there so that maybe developers don't need to care. Like developers that aren't going into it with like, oh yeah, I'm gonna sell all this. I don't think most developers when they're building an app go, oh yeah, I want to build this because I want to collect all this user data. And so maybe that later. But like if we just start them out of the gate, like, oh, this is easy to use platform for building apps. Oh, and all the user data isn't being Spied on not only by the developer platform hosters, but by me. It's like, yeah, the hope is, yeah, that sounds great, let's use this. And then they can't sell that data later in the future.

Mark (56:22)

And there's a middle ground to it also where you still can aggregate data in your backend if you want to. So there's, there's this concept, I ran into it a lot of Apple, but there's, there's like industry standards around this where there's different levels of personal information, right? Pii, Personally identifiable information. And so the higher the level then, you know, the more secure it needs to maintain. So like the, the base level of personal information is like maybe an email address or something, whereas you get higher, it's like their weight, their height, you know, what kind of medications they take. So, so if you're building an app, yeah, maybe there are parts that you want to have personalized but then you need to aggregate information across all your users so you can build kind of a nice social, cohesive app. And so developers can make that choice for themselves and for their users. But we would like them to start with everything locked down first and then only open up what they need to. Whereas right now it's the inverse. Everything is open up by default and then they have to actively choose to lock it down. A lot of times they don't even think about it until it's too late.

Tony (57:28)

Yeah, that or make it like user explicit. Right? Like you know, we want to have like some modes where you can like maybe share some data with like another friend or something or like maybe you have an invite code and they can access like certain resources of yours and read only mode or you know, things like that. So it's like, you know, we do want this like explicit user based consent too where it's like hey, the user is opting to share with developers and like our you know, hardware attested code is like, you know, enforcing that. So if the user said no, then it's like, no, we're not gonna like share this data with you. But if the user like you know, logged in and clicked yes, like I want to share it with a friend or like I want to let the developer, you know, have access to my location so they can send me like emails whenever there's you know, a weather storm or something like that, then like yeah, you could potentially do that in the future. We haven't built out any of that.

Marty (58:18)

Sharing yet, but now I've got, now I got my mind racing like building like this advertising model or. Yeah, building on that model too. Like if maybe companies can still monetize user data, but they just have to have the user participate in the act of sharing of that data and the person who's buying that data from the company, basically you send a message to all the users like, hey, this company is interested in, in purchasing your data and you just use the Lightning network. It's like if you opt into this, you'll get 500 sats or whatever, or 10 bucks if you're willing to share this data. And they're going to use it to target you with ads for products they think you may like.

Mark (59:01)

Maybe because in that model it really is your data. Right. And so now you are being as a user, you can sell your data and get compensated for it. Yeah, I think that's cool.

Marty (59:12)

No, I think we were discussing this again when you guys were last in here, the day after you guys launched Maple. Really feels, and again going with the sort of parallels that this has with HTTP and HTTPs, I feel like we're at the beginning stages where it should be recognized that this should be the standard way to do data collection. And we were talking about it that day in here. You had the US Government, when China hacked all the telecom companies actively send a warning out like, shit, they're in the telecom databases, they have all your plain text messages that you've been sending. Please use end to end encrypted apps.

Mark (59:53)

Like Signal, Hide your kids, hide your WhatsApp. Yeah, all that. Yeah.

Tony (59:56)

And that's after many years of the US government saying stay away from these apps. They explicitly said don't use end to.

Mark (60:03)

End encryption because they're only for criminals. That's what they love to say. But now it's like, oh, okay, now it's for everybody. Yeah.

Marty (60:09)

And anything like HIPAA compliance, it feels like that's an area where it would be incredibly necessary to have that. And obviously financial data.

Tony (60:19)

Financial apps, yeah, I would say the biggest apps that we've seen in this, so confidential computing, the secure enclaves, as far as the servers go, have been a concept for, I don't know, like six, seven years maybe. And when we've explored this market, we've seen so many of these secure enclave apps building these platforms, building for specifically fintech, healthcare, financial data, things like that. And when we were wanting to build on some of these platforms too to do things, it's just not easily user accessible or developer accessible. It's like they're targeting multibillion dollar companies that are targeting enterprises for this stuff. And, and I think that's a top that we can achieve at some point and get all the compliances and prove that we're doing things in a secure way as well. But I think we want to just take a step back and be like, well we weren't able to use anything as Mutiny devs, as developers. This is not accessible for just an everyday startup to start using a more secure way. So we're targeting from the bottom up and it's like let's just hit the developers that want to just secure their users data and just have a very low barrier of entry and then we can go up from there and start targeting fintech, hipaa compliance stuff, all the different compliances that maybe even at some point like school systems and stuff like that secure their data. I think the bar is very high. But it's already being proved out that enterprises are using secure enclaves. There's teams from every Apple's been using it for their secure servers. Meta has a whole team working on this kind of stuff. Like there are enterprises using it and we'll talk to some big companies and they're like, yeah, we're using it, we're not going to disclose how this is very private to us and our own internal juice to get the ball rolling. But it's not open source, not accessible, it's definitely not user verifiable. The thing about Apple, they are doing a lot of things right with some of their private AI stuff and private confidential compute stuff but you can't see the code so you as the user don't know what's running it. Now they say that security researchers have access to it under NDAs and everything, but you can't verify it as a user. So that's like the trade off there. And so we're kind of taking the step back and we're like no, anyone can verify this from the ground up. And so we're trying to target with ease of entry just for every app dev that can use it and not just like oh, you need starting 100k contracts to get started building secure apps.

Mark (62:58)

Yeah, and in our discovery we talked to one of the app builders who it's one of the biggest journal taking apps or you know, journal writing apps that's on both the App Store and the Google Play Store and on the web and obviously a journal is a place where you put a lot of personal information and so you could use their cloud service and just store your stuff there. But they naturally had users who wanted to secure it more and so they built a private key feature into there. But they put the, you know, they put the onus on the user to like maintain their private key safely. And so they said, well, how can we make this a little bit better? And they're using iCloud, they're using Google Drive and they're doing some kind of web thing, but they had to build for each one of those platforms and they had to kind of like roll their own technology. And this developer, he said it took them about a year and a half to build this out, you know, in this way. Whereas when we pitched our idea to him, he's like, oh my goodness, it would have taken me like two weeks to support all three platforms, iOS, Android and web and have this really nice slick user experience where it's totally end to end encrypted. So we're trying to take this technology that is only available to enterprise to these large, large tech companies and we want to bring it down to just everyday app developers who are just either tinkering around or really trying to build just kind of a lifestyle business for themselves.

Tony (64:17)

Yeah, and you said every AI developer on accident, but every app developer. Yeah, not just so talking about secure enclaves, more like Apple's raw, theirs, AWS has their, Google Cloud has theirs, intel has theirs, amd, all these major hardware companies have theirs. Nvidia has an enclave offering to their gpus as well. Not all gpus, we use the H1 hundreds, but you can actually insert models, AI models into the enclave of a GPU and have that all verified and encrypted all the way to the GPU. So right now if you're using OpenAI, you're using Claude, you're using any of these, they're seeing all your data. And CLAUDE has recently came out with their industry report about how people are using their AI and they even framed it as like, oh, this is a privacy preserving analytics collection on everyone. And it's like, no, it's not like you're literally saying like these are what all your users are doing and saying to the AI. There's nothing private about this. I'm sure if you strip out some pii, maybe, but like you're, you're seeing it all, it's all coming in in plain text. Anyone running these GPUs too for inference, they see this too. So like there's some companies out there that are saying that they're private AI, but really what they're doing is they're a proxy and they just turn around and give that Data to the ChatGPT or OpenAI or Cloud or whatever. Anyway, so it's like at the end of the day, they'll see that data in plain text. Anyone running these GPUs will see it in plain text. But we take it a step further and like our model, we have llama 3.370 b loaded in the enclave. And so it goes, all the user requests goes encrypted to our enclave, and then our enclave verifies any GPU that we're using to verify that it's protected as well. And then we have that chain straight all the way to the gpu. So even the GPU hoster could be anywhere in the world. It could be anyone really. At that point, we don't care because we know the request is going to be encrypted to the GPU and that it can't read our responses, which even goes back to censorship as well. One of the things that we've seen a lot is you try to ask OpenAI a bad request or even deep Seq with their China models that they run in China. You ask it about TME Square or anything and it's just going to error out. It's going to just probably flag Your account too. OpenAI has flagged accounts for asking how to do something bad. There are certain levels to it. LLAMA is probably one of the most base models that there is. It's not fully open source, but you can run it yourself. I would say it's pretty open source. There's degrees with anything open source. It's like, okay, how do you train it? Are the weights open? Blah, blah, blah. But anyways, you can run it yourself. But there's still a certain level of censorship built into the model. If you think about asking a human, you ask a human, hey, how do I do something bad? And they may not want to give you that answer. They're not censuring you, they just don't want to give you that answer. So LLMs could have that too, but. But at least we're not applying censorship on top of what these base LLMs are. And neither are the GPU models. And we've said some, we've tested saying bad things to the models and sometimes they won't answer, but then you course it a little bit and it's like, oh, okay, here's how to make napalm. Okay, cool, great, that's awesome. But we needed to test it to see how based or not these are and to see if it is actually encrypted and the GPU isn't know they're not seeing our requests. So it's like it works pretty well. And just the fact. And not very many people are aware of the secure enclaves in Nvidia. It's pretty new. I think it's only been like less than a year that Nvidia started rolling these out. So I think it's a great thing that we now have the ability to host models inside of enclave in a gpu.

Marty (68:27)

Yeah. And again, going back to standard like we were talking about earlier. Just like the conversations you have, the data you want to be like we were talking about like planning your day, like what should I prioritize? But you think there's people putting financials and business plans into these models, unaware of the fact that it's just completely exposed on the back end and you.

Tony (68:48)

Don'T know what kind of response you're going to get. They can always put any artificial response.

Marty (68:53)

To you, no matter what and they could take the information and do with it what they will. And like, so it's like from, from a fiduciary perspective. Again, going back to why I'm really excited about what you guys are building because you could see it being a standard where if you're this intersection of AI specifically is like if you're running a business and you're using AI as a tool like a 1031, if we're using it to do industry analysis or company balance sheet analysis. Imagine if we don't do this because we don't feel comfortable with it yet. But put. But a company's like we're trying to do some analysis on a deck that was sent to us or some financials to figure out whether or not we should invest or how to help the company. And you put it in there and OpenAI gets access to it. And what if it's an AI focused company with a bitcoin twist and they take that and just implement it into what they're doing. That's a lapse of fiduciary responsibility there.

Mark (69:46)

Yeah. And I mean that's one possible scenario, right, Is that they might act on it. I think the more realistic thing that'll happen is one of your competitors will now benefit from that information because ChatGPT is going to train on the information you gave it. Right. So ChatGPT knows 1031 is investing in bitcoin companies. They're doing startups, they have this portfolio and then a competitor comes along and says, hey, I'm doing analysis on this thing. Six months later where ChatGPT is now trained with your data. And even though it doesn't tell this competitor, hey, 1031 is making these moves, it will be able to give them a better answer that is, that understands industry better because you helped it be smarter. And so you're actually hurting yourself by, you know, strengthening your competitors when you share this information. So like with Maple, we actually have a team account where, you know, you get, you can add seats onto there, so you can have multiple users on there and you get a ton of compute credits for doing AI and you can share it among all your people, but you can share like actual. And all of our plants have this. To be honest, you can share company information in there knowing that it's end to end encrypted all the way to the gpu. And so we don't have access to it and we can't train on it, we're not going to train our LLM off of your company secrets. So it just creates not only for the personal sensitive information you have, but also your company. And like, if I was a business owner that had a business of, you know, 30, 40, 50 people, you know, I would be worried that my employees are, you know, without my knowledge, just sharing company information with ChatGPT because they are incentivized to not only do good work, but they want to get a promotion, right? They want to get a raise. And this information that belongs to the company, it doesn't belong to them. So they're just like, you know, what's the worst that could happen? My boss finds out that I share this company information and I get fired. Right? Whereas me as a business owner, it's like, well, my company could get tanked if my information gets out there. So, yeah, so, I mean, I would much rather use an AI that is end to end encrypted. And if you look at the AI offerings out there, you have kind of like the most privacy is you're running it locally on your device, you download it to your laptop, you run it, you make sure that there's no Internet turned on, right? Just unplugged. There's nothing going in and out. Using a little snitch watching all the stuff that's like the most private, but it's also pretty slow because your laptop and maybe you built up this massive beefy server at home. Okay, cool. It's super expensive, but that's like one extreme. Then you have ChatGPT, which is just kind of this open thing. You're just trusting this company. Then you have these private AI companies like Tony talked about, and those are more like kind of like the legacy VPNs, you know, going back to. You're hoping that they don't log and you're just trusting that they're saying we're not logging your IP address and these, these requests that you're making, you're just trusting these private AI people with their proxies that they're not keeping track of it. We can't prove it either way. We don't know what code they're running. With secure enclaves, we have introduced a new category of AI. Now it has the power of the cloud, it has the privacy of your home laptop, and you can verify it cryptographically that we are not logging, we're not keeping track of anything. And I think that's very powerful. And it opens up a whole new world of conversations you can have because you don't have to trust us. You can verify it.

Marty (73:02)

Yeah. Not only that you're not logging or tracking, but that you can't even do.

Mark (73:05)

It it if you wanted to.

Marty (73:07)

Right?

Mark (73:07)

Yeah. Well, I don't want to knock on my door at 3am from some government agency saying, hey, you have these users in your database. Hand it over. It's like, well, I don't have the keys. Like you have to go knock on their door, go do your police work and go track them down and get it.

Marty (73:20)

Well, this is a good segue to like end user ux. How do you make it so an end user is handling private key information in a secure way? And how do you handle backups? Like giving the power of access to data in the cloud to the user?

Mark (73:38)

Yeah. So all sorts of apps can be built on OpenSecret. Right. You could build an AI app like we built. We have no problem. If somebody wants to come in and build a competitor to us, that's fine. We're building the platform so you can build that. You could build a Bitcoin wallet app. Right. You could build a journal app, you could build all sorts of things. Each one has its own risk profile associated with it. So if you're building a bitcoin app that is meant to buy coffee on a daily basis and you're only people are going to be putting 50 bucks in the wallet, then maybe you're okay with them just logging in with Google and that's it. Right. So their Google account is securing this $50 that they're going to use to buy coffee. But if you are, you know, trying to build something like Unchained or CASA or something where you're going to store generational wealth. Then maybe you want to have more inputs to the security model. So you're going to require them to do like a login with Google, but they also have to have a passkey or they also have to have an email authentication. And so you require them to do like this multi step process and then maybe that is just generating one of the private keys in a multisig and they have some other organization that's holding another key. So you really can be flexible with this and build out a security profile for your app that is appropriate for what you're trying to secure.

Tony (74:56)

Yeah, and so it's like you're not.

Marty (74:58)

It'S not like an end user is writing down a seed phrase to recover.

Tony (75:02)

But they, but they still can. Yeah, especially within a model where it is. Yeah, let's say it is lower stakes and it is just like, you know, you're backing up your, you're just using it for just a normal note taking app or you're using it for a bitcoin wallet for hot funds. There is still that option where like you can request that the enclave gives you the seed phrase through an encrypted channel still verified by the enclave, but you can request that it pulls down and they can get a copy of that seed phrase. So they can still do backups just fine. But it's not like one of those scenarios where, you know, upon launching the app, the first thing they have to do is write down 12 words and then repeat the 12 words back to them. Just verify that they have the keys. It's like, you know, if you're just like trying out an app for the first time, maybe just sign in with Google and then you can change the login methods later or you can change the two FA to make it more secure, or you can back up the key right away, or you can wait until you actually use the app and you're like, oh, okay, I should probably back up my funds. Maybe you get a prompt in the app that's like, hey, it's time to back up your seed phrase and then you can do it. Right. But it's not like, let's say you do all of a sudden forget your seed phrase or loss it. Then it's like, okay, you can sign back in with email password or Google OAuth or GitHub OAuth or one of the oauth methods and you get, you get that access back again, but only you can get that access back again through the valid auth method. The same thing with like face id. It's like we're using the authentication to the enclave. Has to happen with something that you know and only you have. Same thing with like face ID with scanning your face. So it's like only upon valid authentication can you get access to that private key in the first place. And then at that point it's just you and the enclave talking. So you can pull down the key if you want or like Mark said, you can have it as just like one of the key shards. So backups would be a great scenario where you just, you back up one key shard that can be accessed by logging in with Google or email and password. But then the other key shards, one's on your hardware wallet, one's maybe unchained, protecting getting one key shard too. So you split it amongst different groups so we can be one of the groups for key shards if you want to go that step. But you don't have to at the end of the day. I'd say the reason we built out Maple for one, I think it's cool. As we were talking to more and more developers, developers naturally are very keen on AI and using it for their workflows and they're like, oh yeah, if we had a private AI, you're saying one of the apps we could build is a private AI on top of it. It's like I would use that right away. So we decided to just build that right away as a proof of concept of open secret for other apps that can be built on top of it. But, but yeah, I would say just go try out Maple. It's TryMaple AI and you can go in, log in with email, Google, GitHub, any all off methods and then just see for yourself how the user experience is. Only you are getting access to it. You're talking to the Enclave from day one, but you wouldn't even know it if we didn't have the call outs of hey, this has been verified as running the correct open source code because it just feels like a natural experience. And I have to say like since we launched a few weeks ago, like it's been so refreshing building something that like works very well and like hat doesn't have the friction and it feels like a normal app because like there has been like no support request, like almost no support request that we've gotten from it. Everyone's like, you know, we, we bad. I think like 5 or 600 users now at this point in just the last couple of weeks. And it's just like we've gotten no support because maybe one or two a week of someone asking a question, because it just works and it just feels like any other app that's out there, but it's secure from day one.

Mark (78:48)

Well, and that's from the user perspective of how to back up your data. We also don't want developers to feel like they're locked into our platform. So one, our server code is open source and then they can download a copy of all their data, all the user data, but it's encrypted, so they can protect themselves should we go away at some point. So they can have like daily or hourly or however many backups they want to make. They can be the incremental backups and just have this kind of encrypted data store to sit in there and safe storage. And then they can have the open source code also downloaded. So they can have kind of like a warm spare ready to go. So if Open Secret somehow disappears, boom, they turn it on, they redirect their app to point to their own tech stack, and now their users can get back in and interact with their data. Now, we would prefer that they use us because we're providing a whole cloud service for them. We've got availability that's global. We've got like this AI service that they can tap into. So I think there's a lot of benefits to developers using us. But, you know, we need to have off ramps in case there's, there's a catastrophic. You know, you have to have disaster recovery as part of your, your strategy, and we can provide that to them. So, yeah, I think that's a great thing that we offer. And then on the AI side, if you're building an app, let's say you're building a meal tracking app and you're like, okay, cool, I'm bought in on Open Secret. I want to build it so that when my users track their breakfast, lunch and dinner, all of the food they ate, all the calories, their weight is like encapsulated in their own private data vault. But it would be really cool to have AI suggest something to them for the next day, build a meal plan for them based off their data. Well, if you send that out to ChatGPT, suddenly you're like sending all this personal information, ChatGPT. So we have our private AI API in there where they can interact with it and keep everything within the enclaves, keep everything private. And so it's not just AI chat anymore. It's like put AI into your app. Whatever you're doing, you can now enable extra functionality.

Marty (80:44)

And over time within the app, the AI will develop context for particular users in that data vault and be able to give better answers. Yeah, in a private way.

Mark (80:53)

Yeah.

Tony (80:54)

It's already pretty scary when you go and ask open AI, like, oh, what do you, what do you know about me? You know, I, I have a friend that's before.

Mark (81:01)

Oh, you can have it like Bill of Dossier, as if the CIA were coming after you. You're like, bill, a dossier what you know about me? And it'll like, spit out a lot of private information.

Tony (81:09)

Yeah. Damn scary. And that's all like information that they're keeping and they're tracking and they're building user profiles based on your request. So it's like, like they're not just training AI models on your data, but they're actively storing it. So an employee, if they pulled up someone's user profile, they'd be like, oh, this is the kind of user. I have a friend who, he's just using Perplexity and he's just asking a very normal request like, oh, hey, these are the ingredients I have at my house. Create a recipe for me. And it's like creating a recipe for it. And then it ends. He's asking questions like, oh, just, I ran out of this ingredient. Can I use this one? And it's like, would it be bad if I use that one? And towards the bottom it was like, you know, as, as a Christian, you shouldn't be worried about all these things. I was like, as a Rust developer, it's similar to like, you know, building things with type safety. And it's just like, wait, what, what are you, what are you doing? Like, you're creating a profile. I mean, injecting that into the AI requests for my normal recipe making thing. It's like, that doesn't make any sense at all. So it's already scary. Like the personal information that they're starting to attribute to a user and keep track of and build profiles on. One of the stats I learned very early on in computer science in college was just like, all it takes is four purchases a credit card purchased for them to narrow it down to just you. It's like the amount of metadata points of just a profile, like a human profile that you need just to figure out who you are. Like the specific user is very low though.

Marty (82:44)

That's insane.

Tony (82:46)

Yeah, because think about your day, think about the things you're interested in. If you just think of a couple things like, oh, yeah, there's a lot of people that are interested in this, but who's interested in farming and Bitcoin and I don't know, anti seat oil is actually probably all of us. Right.

Mark (83:03)

But yeah, but if you think about it, the more apps that use ChatGPT, then suddenly you'll be on another app and that app will now know a lot about you that you gave to this other app that you were trusting thinking that like, oh, this app developer, I really know them. But what you gave them went into ChatGPT's database and now some other random app that you logged into that maybe you were just trying out is like, oh, I know all this really cool stuff about you now. So you're just kind of like creating this giant honeypot of your own personal information.

Tony (83:32)

Yeah.

Marty (83:33)

And like the open AIs of the world would frame that as making your life easier. Wherever you go, the AI knows exactly what you want.

Tony (83:41)

And a lot of this stemmed from ad tracking, ad tech. This is almost like the root of the very beginning of the problem. It's like so much money went into ad tech for creating incentivizing.

Marty (83:53)

Correct me if I'm wrong, but it seems like you could build an experience, an inter app experience, if enough developers adopt the Open Secret platform where you could have a similar experience but have the assurance that only you have access to that data.

Tony (84:08)

Yeah, that would be something like later in the future. But the idea that a user could have a Open Secret profile and they can log into multiple apps on their Open Secret profile, and then from there you can get into almost like a Google accounts experience, like a Google sign in experience, where it's like, oh, this wants access to your Google Drive. Do you want to give this app access to your Google Drive? Like things like that, where at least now we can make it more secure. It's like, okay, the user gave access to this other app's drive, you know, for this specific purpose, and still without giving that developer the raw access to their data. It's all inside of an enclave. So whenever user does a request, it's like all that data sharing happens with inside the enclave in a way where, you know, it doesn't get into the hands of the developer. Like you could build unique experiences just from that. But that'll have to like we talked about it very on. It's like, okay, well let's get some traction first. And then right now we're end developer focused company. Not like a user consumer app like Open Maple is. But Open Secret is meant for developers to build users their apps. But eventually if there's Enough users and enough interest for this kind of encrypted data sharing inside of an enclave.

Marty (85:27)

Bring your personal contacts with you to.

Tony (85:30)

All these apps, which kind of stems into the whole decentralized identity scheme too, where it's like, it's your data, you own it, and you're giving explicit permission to these apps to use it in almost like data sharing kind of way, like a data standardization way where, you know, you have the same playlist. Why does it matter that it's on Spotify or Apple or whatever? What if you just want to log into like a, you know, title now? Oh, I log in the title now. All my, my playlists aren't here. You know, like, if you just had a central location for all your playlists, then you can log into one of these apps and still have it.

Marty (86:04)

Well, correct me if I'm wrong, too. Now I'm visualizing this. You could set up a way where, like an app, front end and back end, essentially just creating like, a function, and you bring the different inputs and variables to that function, and the app at the end of the day will know that an output has been produced, but may not know the values of the independent variables that you brought the context to.

Mark (86:28)

I mean, that's kind of like enclaves in a nutshell right there. The way that I love to explain it to people is if you've made it this far in the episode and you still don't understand what the hell an enclave is. The way that I like to look at it, it's like this transparent box where you shove a bunch of code in there and then you lock it and you can look inside the box and see the code that's in there. You can't touch it, you can't do anything. It's there. But then the data that passes through, you can't see. There's some kind of privacy glass where you can't see the data coming in. So say that you were cooking in your house, you were baking cookies, right? Well, you take the recipe for baking cookies, that's like cup of flour, you know, cup of sugar, whatever, chocolate chips. That recipe goes into this box and you lock it, but it has no idea what kind of flour you use. You know, did you use American flour? Did you buy the fancy stuff from France? You know, that's better on a digestive tract. Doesn't know what kind of, what brand of chocolate chip cookies you use. Like, so all the data that passes through is just invisible. And, you know, it's an opaque experience from there. So I Feel like if you are building these apps, like you can assure your users, like, hey, you can. I mean, that's where the name opensecret comes from. You can view and open the code that's running, but you just can't see the data. And so we try to have this open approach that's like your secrets are protect, are protected because everything is, you know, the code is published out in the open and you can verify it.

Marty (87:47)

It bullish.

Mark (87:50)

Yeah, let's make it the standard. Yeah, let's do it.

Marty (87:53)

What is the reaction from the launch of Maple AI, particularly not from end users, but from app developers seeing that as an example of something that can be built in the wild?

Mark (88:04)

Yeah, I mean, we've got just, we have a few more developers that have jumped into our discord to start chatting with us and some of them are very active, really excited. And Maple has just been this awesome tool to hand them and like, it's a light bulb moment. It's an interesting concept that a lot of developers kind of, they can grok when you first tell it to them, but then they go use Maple. And like you said, it feels like a normal app. It doesn't feel like this really clunky thing where I had to do a lot of work to get it to work. I just sign in, Boom. I'm chatting with it, like ChatGPT and I get my output and so, you know, this light bulb turns on and now we have these developers who are just like, okay, I've got this idea, I've got that idea. Can I build this? Can I build that? And we're like, well, hold on, we're still building the platform, right? We're still building the plane while we're flying. We don't want it to land and flip upside down. Too soon. Yeah, too soon. But nobody died. So we can laugh. But yeah, no. So we have a lot of developers who are really excited about it and we're really excited to kind of get to the point where we can let people do it self service style, where a developer at one o' clock in the morning is just up late tinkering around and they stumble across us and they're like, let me try this out. And they can spin up their own app within like 30 minutes and have something up and running. We would love to get to that point right now. It's a little more handholdy, but we'll get there soon enough.

Tony (89:23)

Yeah, and that's why we built Maple too, to like dog food it too. We had a lot of Developers even, you know, when we were talking to everyone just like, okay, cool, I want to use this right now. It's like, well, we're still trying to figure out what developers need and so we know we're building the right thing, like the product market fit and the product validation is very important too. So it's like that's why we started out building Maple, making sure our platform can do everything that we wanted to do as app devs. Because we're app devs at the end of the day. Well, I am.

Mark (89:53)

I was. Not anymore. Yeah.

Tony (89:56)

But yeah, we just wanted to verify that. And now we're getting pretty close to being able to turn on production for Open Secret itself. We already have some builders that are ready to launch with us, so we're pretty excited about that. So in, you know, a few weeks to a month, it should be live in production for app devs to get onboarded by us until we turn on the self service part.

Marty (90:22)

Hell yeah.

Mark (90:22)

Yeah. And like really we have kind of two customer bases, if you will. Right. We have the developers who are trying to convince to use us to make their apps more private and secure, but then we have their end users. Right. And so we want their end users to come to them and say, hey, your app is a little too open for me. Like, I would love to have something that's more secure. And so I guess to people listening to this, you know, if you're not an app developer yourself, like go to try Maple AI, just try it out for free. You don't have to pay us any money, but like get the feeling of what it feels like to chat with something that's truly private and you just, you can't understand it until you've done it. And then suddenly like, you unlock this thing in your brain that's like, oh my goodness, I have been holding back this whole time when I've chatted and interacted with other apps online, I self censor or you know, maybe I have this rogue idea that is not bad and nefarious, but I don't want to share it anyone. And so I haven't put it in there. Well, now you can. And it's like this very liberating feeling to have.

Marty (91:18)

Yeah, well, I know it's been a long year for you guys and again, it's been fun. I know not always at times for you guys, but watching from the corner of the commons, if you guys have iterated and shipped and gotten to this point as you've gotten ripped and it's been, it's been fun to watch them. I'm so pumped for you guys because it feels like launch of Maple, getting this developer sort of fervor around at least a small amount of fervor around it. And again, I think I'm an idiot. I don't build apps. But conceptually to me, the progression of the web towards more private and the what you guys are building just makes sense to me intuitively that this should be a standard particularly, I mean, you know, we've been covering it on rabbit hole recap for seven years now. Like data breaches is like a section of the show. And if you can build a product that makes data breaches hard to, if not impossible, then I think the world's going to be a better place.

Mark (92:26)

Yeah.

Tony (92:27)

And instead of our like, you know, we were building out all the infrastructure at Mutiny and then trying to make a great, great app user experience as well at the same time. The front end app, it's a lot to do both at the same time. And then how much is one app going to reach user wise? At least at the end of the day we do want users to have better data protection and better data guarantee. So it's like at the end of the day we can reach many app developers building for many end users. And I think we can make a bigger impact on the world this way too.

Marty (92:56)

Yeah.

Mark (92:56)

And it feels like a paradox, but a more open Internet needs to have strong privacy, so we as individuals need to be able to lock things down in order for us to feel more free to communicate online.

Marty (93:07)

Yeah, completely agree. Keep crushing it, gentlemen. Go check out Maple AI. Try Maple AI.

Mark (93:13)

Yep.

Marty (93:14)

What's Open Secret's main website?

Mark (93:15)

OpenSecret. Cloud.

Marty (93:17)

Cloud, yeah, cloud. I knew that was all that was available. It plays.

Mark (93:22)

Gentlemen, you can find us on Twitter X Noster around all the places.

Marty (93:26)

All right, Keep crushing it, gentlemen.

Mark (93:28)

Thanks, Marty.

Marty (93:29)

Peace and love.

Tony (93:29)

Okay.