Why store app data on a blockchain?

What is the benefit of building an application that stores data on a blockchain? A blockchain can be an extremely secure database, but any centralized third party service that reads/writes to/from that blockchain is naturally susceptible to tampering. What good is an ultra-secure database if read/write access to it is not any more secure than the centralized services of today?

I’m not sure what’s your point here… Are you sure on the right forum?

If you understood how Counterparty (or Bitcoin) works, you’d know that neither prevent anyone from having read access (that’s the whole point of a public ledger) so the question about “read access” is puzzling.
The write part of your question isn’t much better either, because Counterparty transactions are bitcoin transactions, so that part of your query is equally pointless.

Good point as far as read access but do you understand my point as far as writes?

For example, someone could build a centralized application that issues tokens. Let’s call it app1. There are plenty of examples of it today. Counterparty is exciting because the record of tokens is stored on the Bitcoin blockchain which is extremely secure unlike a centralized database. So then someone builds another application that interfaces with Counterparty to issue tokens. Let’s call it app2. The record of tokens is very secure in app2, but the interface to Counterparty where users log in and transfer their tokens is still just a centralized application and just as vulnerable as centralized applications today. So why is app2 superior to app1?

An example of app2 might be a Counterwallet (or its fork) hosted on a private server (or, for bitcoin, let’s say Armory).
That Counterwallet could not arbitrarily make up transactions because it only serves as an interface that passes signed transactions to a bitcoin server (Bitcoin Core, but it could also be btcd, for example).

You don’t have to trust Counterwallet that it will do the right thing (of course, it’s “login” interface could be created so that it steals your pass phrase, but that’s unrelated to centralized vs. decentralized - any app could be modified to steal your credentials.)
(A way to deal with insecure apps is to use a cold wallet, or employ multisig transactions).

App1 (a centralized app) could issue coins in a trustless way (just as Counterwallet does, by broadcasting client-signed transactions), but even if that were to be true, the question of access and protocol openess would still be important.
Say App1 owner denies you to access his service, or the gov’t blocks it, or their server goes down. In that case you’d be stuck, not having the ability to access your token or read its format on the blockchain.
For App1 to be equal to App2, it’d probably have to be open source, trusless and decentralized.

Let’s use Koinify as an example. If Koinify were completely centralized and stored its token record in its internal database, it would be vulnerable to someone breaking into the centralized server and directly editing the token record. In reality Koinify stores its token record on the Bitcoin blockchain which is safe from direct edit. However, the Koinify interface itself is sitting on a centralized server somewhere and vulnerable to someone breaking in and using that interface to edit the token record on the blockchain. Since both scenarios incorporate a centralized server which makes the token record vulnerable (either directly or indirectly), why is the second scenario better than the first?

Are you comparing an off-blockchain Koinify-type of service/app vs. a blockchain-based Koinify type of app?

Someone from Koinify could explain this better and the details about the 2nd Koinify (the way they do this) are actually available either on their Web site or on Reddit (I remember there was a detailed explanation about the way they protect data around the time of GEMZ launch), but if I remember correctly there were several layers of protection.

I believe one’s wallet at Koinify is not open to Koinify and after it’s been credited by Koinify with whatever asset you buy, it’d be just as safe as any other. Prior to that (that is, before your BTCs are converted to whatever asset you’re buying), it would be theoretically possible (although there were several layers of protection, some involving external parties) that something could happen, but compared to an off-blockchain Koinify it’d be much harder to steal those funds because the attacker would have to steal private keys from several independent parties (whereas in case of a database that could be simpler).

And I think that Koinify wouldn’t necessarily have to host those wallets - they could as well organize a fully DEx-based process where they only sell issued tokens but in such case some value-adding features of the current process would be lost, so the current approach looks like it does because it works well to everyone’s satisfaction (issuer, buyers, Konify) without being complex, insecure or expensive. All of that would be harder to achieve using the traditional approach.
Again, I may be wrong in details and I hope someone from Koinify can correct me, but the main thing is the process is not flawed and as soon as it’s finished, token owners can send their tokens to whatever external address they please.


So it really comes down to trusting the third party service to secure their system. If they do it right, the blockchain Koinify is more secure than the off-blockchain Koinify, but if they don’t then it isn’t. And there’s no way to say which is the case.

Basically that’s it.

I mean, when you think about it, if you’re buying some token that’s offered on the DEx, you can buy it in a completely trustless way, but you still need to trust the issuer that he won’t simply disappear or something like that.
As I mentioned Koinify (or the issuer) could sell tokens through the DEx, that would be trustless (in terms of transaction), but you’d still have to trust that the asset is good.
Among value added things that the current approach provides is the ability to have both Konify and invited 3rd party experts do some basic checks (see on their page how it was done for GetGems), so you trade some transactional security while buying in return for relatively more security in terms of asset quality, etc.

Thanks for all your help with this stuff.

Has anyone discussed building a totally decentralized app on top of Counterparty? Something that each user would need to install like OpenBazaar?

Why not build something like Koinify except open-source and installable (along with counterpartyd) on each user’s system? Then users wouldn’t have to trust a centralized service.

I’ve been thinking about this a lot and I can think of one clear benefit of a centralized application that communicates with the blockchain (Koinify, Swarm, any web wallet) versus one that doesn’t (PayPal, Kickstarter) and that benefit is transparency. These applications have the same basic functions, but the operation of the blockchain ones can be verified by the public unlike the ones using centralized databases. So the transparency is there.

Security is potentially better with the blockchain apps but there is no assurance since they are centralized services (besides the assurance that is provided by their transparency). Even with Counterwallet being open-source, its code may have been altered on the server running counterpartyd.

Have I overlooked any benefits of centralized blockchain apps compared to centralized apps?

Because then every user would need a BitLicense (or similar, for their jurisdiction). If this service (“vending machine”) could be disabled, then we can assume that most people would disable it.

Yes, but all nodes must agree on the transactions. Validation is done through the blockchain, so any individual CP server can insert a fake transaction in its own Sqlite DB, but it won’t matter (except to those using that server without any verification) because it won’t be matched/replicated to other Counterparty server instances (which get their date from the blockchain, not from other Counterparty servers).

Related to Koinify-like services, Tokenly is creating - and getting close to beta - a DIY vending machine which is a combination of Shapeshift-like and Koinify-like service.:

(Trusted) individuals would be able to voluntarily run such servers and potentially benefit from token sales (either resale or issuance).