Analysis of a cryptocurrency token whitepaper: scatterpass

Introduction

I have friends in the cryptocurrency space who ask for my opinion on the viability of certain projects from time to time. There’s a lot of money in initial coin offerings (aka token sales) and generally the first piece of information available from which to make the decision to invest is a single whitepaper. These whitepapers in the cryptocurrency space were inspired by the original Bitcoin whitepaper which preceded the actual implementation and explained the mechanics of the blockchain. These whitepapers are considered authoritative references on the bigger questions about the coin’s existence and technical architecture, and are usually focused on high level details.

That said, whitepapers are often dense. They delve (or should delve) into a domain’s problem space and discuss technical concepts with technical experts as the intended audience. It’s not enough to read over the parts you understand the skip the ones you don’t in a space where most projects fail and amount to nothing. Investing in an ICO is a classic high-risk high-reward scenario. Projects often fail because they are forcing a solution (the blockchain) on a problem, the developers never intended to deliver on the project to begin with after collecting funds (the scam), and because they’re not solving a problem that actually exists (poor product market fit). In short, there’s too much money involved for honesty from any side and you need good ways of separating the good and bad projects. Fortunately, technical concepts are core to the viability of these projects and also difficult to fake. That’s why I get these requests.

The conversation

Him: Hey man, good chatting last night
Him: Did you end up taking a look at scatterpass?
Him: Curious what you think of it
Me: tldr; not good.

scatterpass’ value proposition is a decentralized way of storing data securely with a password manager being the first application. their competitors are centralized/dedicated decentralized data storage alternatives (which already include security!) like Dropbox or Storj and password managers like keepass (you keep the encrypted file yourself) and lastpass (a company keeps the encrypted file and you can download it on different devices). in their own words, scatterpass claims that it’s primary advantages above its password manager competitors are geofencing, decentralized storage, credential fragmentation, and multi-sig auth. in every single one of those examples, this could be done by a centralized service (and geofencing is done for lastpass).

next, they do not have a prototype. they are looking to raise $30M with the possibility that the hard cap might be “adjusted”. (that’s a polite way of saying they intend to raise the cap if they can rake in more money.) this is the seed round and they’re asking for $30M. also, they are keeping 50% of the tokens which is insane. if they raised $30M, why in the world would they need even more money!? jesus.

they fail to justify their existence. they do outline a problem (properly, an ecosystem of problems) which easy to do but identify no specific problem that is being addressed which makes it easier to justify the solution. yes data is stolen but the problem there is weak password strength and password re-use, not the absence of a blockchain. they fail to explain how the blockchain – a public, immutable, distributed and censorship-resistant ledger – appropriately addresses contemporary problems for data security.

Me: also, not saying any asset will or won’t be profitable as markets are inherently irrational, but this project looks pretty fucked long-term.
Me: as a counter-example, Verge, the canonical scamcoin in privacy, still exists and is still profitable, sort of.

Additional thoughts

I see scatterpass as another example of a team trying to force the blockchain on a problem space that doesn’t need it and I also question their motives. I am skeptical of the team’s motivations for trying to raise $30M (accounting for only 50% of the tokens) without even so much as a prototype, and it’s such an excessive amount that on that basis alone I think this team is in the cryptocurrency space for self-enrichment. I am very curious to see if the actual smart contract for the token sale actually has a $30M cap and I would not be surprised if there was no limit. Without even validating product-market fit or a working product, the whitepaper details plans for an aggressive marketing strategy (a goal of $3.75M).

Scatterpass seems very confused what their own value proposition is. They discuss the ecosystem of problems related to data security, and claim that on-chain encrypted storage would solve wide classes of problems. But the problem of data security is more frequent that proper security measures aren’t taken and not that data isn’t thrown on some distributed ledger. If the problem came down to just data storage, why couldn’t people put their sensitive data on DropBox? DropBox almost certainly encrypts and fragments and replicates data. Well enough for many companies like Facebook to entrust sensitive data to DropBox. And about that, I doubt that there is going to be cost savings by using on-chain storage, and it doesn’t seem like they cared to look in the cost of this. Then the features scatterpass claims cannot be provided by the competition can in fact be provided by any non-blockchain solution like geofencing and multi-sig auth. I am here trying to figure out their value proposition for them because they could not make a strong case themselves.

To be clear, I struggle to understand a business case for this product beyond being a novelty password manager. If you were serious about going trust-less you’d just go with a local password manager like Keepass. The features they claim make this a superior security product are things which do not relate to security or can be implemented in a blockchain-less password manager like Lastpass. It is not solving a real problem and this seems to be another “blockchain for [something]” start up. One of the core missions of scatterpass is to make their architecture the “commonly practiced standard for data security” but for some reason they never even thought to discuss data compression and spend very little time discussing FEDS, the protocol that powers this whole system. Their roadmap details their plans to hire “infrastructure engineers to scale [the platform]” before they even have users. Hiring engineers to scale a platform that doesn’t exist is a polite way of saying you’re going to hire other people to build your product because your team lacks the experience to do so.

Whitepapers are technical references. I am strongly opposed to using the term whitepaper for business proposal, which is exactly what this document is. The protocol for data storage has big implications here and that should have been the focus of the whitepaper – a protocol for on-chain data storage. And to be frank, as a business proposal I am surprised that there is no discussion about the price of on-chain storage.

What could they have done to make a better whitepaper?

Here are some suggestions about how it could have been done better. I do not believe this product has a business case so these details aren’t to be considered conditional endorsement of this kind of project but rather I am using scatterpass’ whitepaper as a template for criticisms that apply to a great deal of whitepapers in different contexts.

  • No discussion of the costs of data breaches, especially problems for which this solution does not directly apply. They’re sensationalist and do not add value to the discussion. Good technology solutions stand on their own and don’t need to be propped up by if-we-only-captured-1%-of-this-market arguments.
  • Do not co-opt the phrase “whitepaper” for a business proposal. A whitepaper is meant to be a technical reference not a means to raise funds.
  • If you are doing something for which protocols already exist (e.g. decentralized storage), I need to hear exactly what features or properties about your solution justify its existence. On-chain storage is not a new concept so discuss developments in that field in your whitepaper. One of scatterpass’ core objective is as a new data protection tool and I guarantee you that encryption, dispersion, and fragmentation is done by every other decentralized data storage protocol, and I’d like to know why on-chain storage was seen as the best alternative.
  • A simple prototype in conjunction with the whitepaper. People need to know that you have a team capable of delivering software products without having to hire “infrastructure engineers”.
  • An actual understanding of how password managers are implemented today and the features they offer. For example, Lastpass stores data that has been encrypted by you before sending it to them. They do not have access to your data in any useful form. When you download data from Lastpass, you are downloading encrypted data that is decrypted on your computer. Having data on the blockchain as opposed to some company’s servers does not add any additional security if appropriate security measures are taken.
  • Do not ask for $30M without an existing product. Floating the idea of “we might adjust this figure as time goes on” further underscores concerns I have about the judgment of the authors.
  • No marketing until you have a product that works. Marketing is used too frequently as a panacea for weak product market fit.
  • Directions on how to send you Ether (money) is not appropriate for a whitepaper. I am not amused a dedicated page on how to send you money when I have important unanswered questions.
  • Discuss compression. A obvious point but if you’re explaining fairly simple concepts like encryption and fragmentation then the exclusion of compression further underscores the lack of technical familiarity for a founder making a technical product.
  • Detail the technical protocol for inserting and retrieving data. It’s what they call FEDS. If they knew exactly how it worked, they wouldn’t be looking to hire engineers to “scale” a platform that doesn’t exist yet. That’s what this whitepaper should have been about.