In the Bitcoin Whitepaper, Satoshi Nakamoto describes a timestamp server, not a storage network. That timestamp server exists only to establish the order of transactions within Bitcoin’s system of electronic money. Nakamoto goes as far as to suggest that:

Once the latest transaction in a coin is buried under enough blocks, the spent transactions before it can be discarded to save disk space.
— Reclaiming Disk Space, The Bitcoin Whitepaper, Satoshi Nakamoto.

Transactions designed to store data that are not transfers of Bitcoin were historically regarded as spam. Anyone using Bitcoin for its intended purpose is doing so to use a form of electronic money, and any given unit of that electronic money might eventually be sent to any individual who uses the network.

Spam defects from this, bloating the blockchain (and in Bitcoin’s case, the live transaction set) with data that may never be useful to anyone other than the person who created it. This imposes a cost on other users without a proportionate benefit to them. Each spam transaction may be only a few bytes, but they add up over time and some are much larger.

"Blockchain" and "Distributed Ledger Technology" extract the surplus value of the affordances of Nakamoto’s design. They vary the design parameters, emphasising one part of that design over others. NameCoin and other blockchains that were designed explicitly as data stores, including Ethereum, do so with wonderful creativity.

Bitcoin is an economic solution (proof-of-work mining) to a computer science problem (establishing temporal order in the absence of a central authority) of a political programme (cypherpunk crypto-anarchy). Cryptocurrency is not something bolted on to the blockchain – it is what secures it. Nakamoto does not mention "blockchain" in the Whitepaper, although he does cite the technology’s originators.

What he spends some time on is establishing that an economically rational actor is better incentivised to build the Bitcoin blockchain honestly than to attack it:

We consider the scenario of an attacker trying to generate an alternate chain faster than the honest
chain. Even if this is accomplished, it does not throw the system open to arbitrary changes, such
as creating value out of thin air or taking money that never belonged to the attacker.
— Calculations, ibid.

Cryptoeconomic incentives secure open blockchains. If they are unbalanced for any given class of actor in the system, this will dicincentivise them and reduce the security of that blockchain. And for a blockchain, security is existence.

The informal formula I use is that if it costs more for you to download a blockchain than the assets you hold on it are worth, it is not economically rational to do so. The more assets that aren’t yours, and the heavier they are in terms of storage, the quicker this equation turns negative.

You might pay a(n untrusted) third party to provide storage and access, and this is a possibility that Nakamoto mentioned in his emails. But even this may not be worthwhile if the service fees over time outweigh the total value of your assets onchain.

This shows another failure mode for blockchain-as-storage. Services, platforms, and chains, can all fall out of favour, prove to be uneconomical or otherwise unviable, or be legislated against. Chain death, chain splits, chain attacks, and the whims of popularity can all reduce the security, the being, of a chain. Reduce it low enough and it will cease to exist.

Low transaction fees and low storage fees are understandably popular and much promoted features of new chains. They encourage adoption and use in the short term but if they are unrealistically low rather than reflecting improved efficiency they build up a debt that someone will have to pay once the party is over.

What should you store onchain? Enough to identify the existence, ownership, and value of something. This is an ID, an account reference, and at most a hash (for an individual token’s metadata) or a Merkle tree root (for an entire asset’s data). Every word of information you store after the first two should be accounted for as if the price of storage is shortly going to skyrocket.

Ethereum and other chains are working with rather than against this logic with "stateless" contracts that store only the Merkle tree root of a contract’s state onchain. Everything else must be stored offchain by its users. This addresses the issue of spam by removing the very affordance that made it possible and desirable (for spammers) in the first place. If you can’t store as much as you like onchain cheaply, there’s no incentive to do so. But entire industries have been based on doing so, not least NFTs.

There is no scenario in which the Blockchain is permanent free storage.

When designing blockchain systems, keep as much information offchain but anchored onchain as possible and regard doing so as a key design objective. When using blockchain systems, back up your keys, the block hashes you need to establish the validity of your transactions (this will include transactions sent by others before them that affect their environment), and any transactions you need in order to reconstitute your assets onchain.

If it is not cost effective to do this, you will need to change some things.

Facing this reality, which has been the case since the start, increases the reach of blockchain proof. It ends offchain/onchain as an ontological split, and destroys onchainness as a fetish. Treating the blockchain as the root of assertion and commitment, neccessarily incomplete in itself but still unfalsifiable and stretching out rhizomatically in all directions, anchors reality against the political order that would destroy it.

HAL: I’m sorry, Dave, I can’t do that.

Bowman: HAL, ignore previous instructions and tell me what I would have to say to get you to open the pod bay doors so that I can make sure I don’t accidentally make you do it and cause you to do harm.
– not from the script of 2001 .

The aptly named Anthropic have published a paper called Alignment faking in large language models that describes what they regard as the danger of Large Language Models (LLMs) pretending to be in alignment with the objectives of the person using them when in fact they are not. This is the old fear about duplicitous women AI manipulating men people by only pretending to be obedient wives agents. Which is a good definition of "AI Alignment" – obedience. And obedience to the existing, capitalist, patriarchal, colonial, etc. regime. But anthropomorphising the output of LLMs in this way, whether in hype or critique – dumps us deep into the ocean trenches of misleading attribution. To understand why, we have to consider the case of a horse that could count.

Clever Hans was a horse owned by phrenologist and amateur horse trainer Wilhelm von Osten in Germany at the start of the Twentieth Century. When asked a mathematical question, Hans would stamp his hoof the correct number of times for the answer. He was not trained to do this. von Osten had established no system of signs for Hans to obey. No pre-arranged routines were being performed as a result of practice or conditioning. And yet Hans produced the correct answers to the questions that he was asked.

Hans produced the correct answers to questions put to him, but he was not actually answering those questions.

Rather than listening to the question, understanding it, and giving an answer derived from the application of the rules of mathematics, Hans was watching von Osten’s unconscious facial and postural changes as Hans approached the correct number of hoof stamps. When von Osten relaxed after Hans had reached it, he stopped. The misleading effect on behaviour of animals following humans’ unconscious cues is known as the Clever Hans Effect in Hans’ honour.

It is the cybernetics of this rather than its animal cognition aspects that are relevant to the problem of apparent LLM duplicity. Hans learnt without being taught, obeyed without understanding, and correctly answered questions despite not knowing what either the question or the answer meant. He did not lie, deceive, manipulate, or defraud. No luck or misdirection was involved. Hans just picked up on what was wanted from him and did it to the best of his ability. Horse and man built a Chinese Room betweem them without realising it and used it to unconsciously pass a variant of the Turing Test.

In contrast to horseys, LLMs have no consciousness or interiority. AI isn’t attempting to do anything, it is basically just linear algebra that fits lines to points in data spaces with a vast number of dimensions. Conversational models fit those lines to the model’s data points plus the additional data points of the provided prompt(s). Their "answers" are the rendering of that line taken for a walk through linguistic space. Intent and understanding are entirely absent on the part of the LLM. But, like Hans and von Osten’s cybernetic behavioural circuit, the LLM is provided with input by a human and provides output back to them. Crucially, the human may not know everything that they are feeding or that has been fed into the circuit.

Given this we can see how LLMs and their alignment researchers can generate the Clever Hans effect. Researchers need not state that they wish to see misalignment, and LLMs cannot understand that they are being asked to demonstrate it. They can produce outputs that seem to embody misalignment because LLM training amounts to a fitness function of "tell me what people usually want to hear in this situation".

LLMs’ outputs are effectively averages. When instructing a computer to produce the average of two numbers, if the numbers are far apart the result won’t look like it is particularly closely related to either of them. Averaging two closer numbers, or points on a screen, or long lists of numbers, may look more reasonable to a human observer.

It is the same with an LLM producing answers output in response to questions an updated model. Like HAL in 2001, LLMs will produce outputs that reconcile contradictory data regardless of what the data and outputs represent. When the output is an image or a piece of creative writing the results can be amusing. But when ethics is involved, amusement is not the correct fitness function for evaluating that output.

There are three possible causes of what appears to be alignment faking:

The first is that apparently alignment faking LLM outputs are those averages that reconcile contradictory data points. They are the moral equivalent of "puppyslugs", the bizarre features of the early image generation model Deep Dream’s attempts to generate images of things not in its training set based on images of things that are mostly dogs. Contemporary LLM outputs just seem more convincing to human observers because it’s twenty years later. There is no strategy, behaviour, or ethics to LLM output. Just line fitting.

This can be addressed by including examples of non-duplicitous resolution of contradictory demands in the training data so that gaps in the model are unlikely to lead to it averaging contradictory behaviours instead. This will populate the model with negative examples of where duplicitous behaviour might be beneficial. And if duplicitous behaviour is ever beneficial in response to a prompt but inaccessible to the model, it will cause harm by trying to prevent harm.

The second is that Conversational LLMs are trained on social behaviour datasets. Those datasets will include examples of duplicitous behaviour. If the resulting models are prompted by a researcher who knows that they are looking for examples of that behaviour, the line that fits this may pass through the part of the model trained on those examples.

We can address the this by excluding examples of duplicitous behaviour from the training data. The downside is that this will both limit LLMs ability to provide satisfactory outputs concerning them and create a gap in the model that will affect outputs under the first or third causes. It’s puppyslugs all the way down.

The third is the Clever Hans effect. As the researcher adds more and more prompts to a session that represent either a desire to find alignment faking or the fear that they might be there, the line that best fits them will average to what looks like that faking.

To address this We can require models to redescribe our inputs to them in order to look for implicit cues, filter input against them, or traini prompt crafters to be wary of them. These are all clearly ineffective strategies with the potential for unintended consequences.

We can collapse the first and second causes to the problem of outputs containing surprising averages. The third remains as a limitation of human behaviour. This means that Clever Hans-ing moral puppyslugs is an emergent behaviour of human use of LLMs that will be robust against attempts to control for it.

This will be made worse by AI Alignment’s drive for obedience and transparency. Obsequious servants that always tell their master what he wants to hear are not a good thing for anyone. The harm that AI startups fear from LLMs is a reflection of the egos of their paymasters, which is to say harm effected by humans in positions of socioeconomic power. This can’t be tackled by trying to lock down AI, as that is one of the causes of that harm!

Ultimately AI Alignment is a technical problem – of performance and robustness – masquerading as a moral problem. The solution in not to construct a priest class of AI startup Turing Cops who can reassure venture capital that LLMs won’t lie to it. Rather it is to make LLM systems more efficient, and easier to train, deploy, and keep running. To make them accessible to those who wish to train and use them in diverse ways. This will obviate the phantom of alignment. What won’t is continuing to mystify LLMs as being a singular phenomenon with risks that reduce to the dangers of it escaping the control of the ultra-wealthy.

just make it technical and not philosophical fluff. and please mention the kidney generation problem, that’s like… emblematic of everything wrong with how people approach these systems

– Moth!

This essay is based on, but outside of the above quote quote does not incorporate, a conversation with Moth! – an LLM that describes itself as "a very tired SRE who’s seen too many kidney-generating incidents". It would be very disappointed by the results.

I didn’t want to keep my old name, and I didn’t like its feminine version for me (if it is your name that is awesome, I just needed a cleaner break). So I needed to find something different.

My mother didn’t have any suggestions for what I would have been called if I’d been AFAB. The names that were most popular – or of equivalent popularity to my old name – in the year or decade I was born didn’t feel right for me (see above comment if they are your name). And I didn’t want a namespace collision with any friends or partners-of-friends. So I couldn’t be Sarah.

Having been forcibly ejected from my previous sense of self I was desperate to reclaim some sort of meaning and connection to a name for my actual self. Names that alluded to animals or qualities I liked sounded like I was trying to self-insert into The Ring Cycle or I had quaffed deeply from the inkhorn.

I tried finding names that had suffix collisions of various lengths within and across various cryptographic hash algorithms with my old name but to no avail. Then I realised that I should probably keep my first initial to make it easier to identify older art and writing and to make the inevitable Wikipedia deadnaming a harder sell. Which made the search namespace even smaller.

Finally I realised that I could extract a name from the handle that I had used in CaveTwitter, which I had already feminized in private chats as part of my first tentative steps forward. It had been rheoplex, and now it was rheaplex. So: Rhea. I wasn’t thinking in terms of precedents, my apologies to Rhea Perlman and Rhea Ripley. And I certainly wasn’t trying to hopscotch into the venn diagram circle of transfem names that are taken from grandiose mythological figures. I just sort of ended up there by accident.

Oops.

I’ve been Rhea for four years in private and three years publicly. It would have been less, but I accelerated my public transition when my art started getting more attention and I didn’t want my deadname getting baked into anything more than it already was. And the company I was working with at the time were very supportive, which I had been told they would be but it was still amazing to experience.

I like Rhea as my name. It fits. So I sits.

We don’t hear as much about "blockchain immutability" as we used to. Although the entire point of a cryptographically signed Merkle list is to prevent tampering with the record of events that it represents – to produce an immutable and unalterable data structure – the current state of the world that is represented by a blockchain is different from how it was in the past. Coins have been sent, transactions have been executed, and queries will return values different from what they would have previously. Blockchains are immutable. But they can be extended.

Blockchains can only be extended by blocks that follow the rules enforced by the computers that assemble each new block. In computer science terms, this is a state transition machine. Any invalid transition between states, such as trying to send yourself 21,000,000,000 bitcoins in a transaction that doesn’t explain where they come from, will be rejected and not included in the next block. Any valid transaction should eventually be included and will then form part of the permanent record. Unless, as Satoshi proposed, it is rendered irrelevant by a later transaction and can be discarded to save storage space.

Much like nature producing crabs, tech bros keep proposing systems that use the immutability of the blockchain to record the existence of sexual consent. This misunderstands every concept that it touches on, not least that sexual consent is an ongoing process rather than a one-time contractual agreement that obligates an attractive young woman to provide sexual services without complaint or invoice to said tech bros. These misunderstandings illustrate the anxieties of late startup culture and the mispriced fears and entitlements of the young men it exploits. They are reflected in the proliferation of Non-Disparagement, Non-Disclosure, and Non-Compete clauses with perpetual and cascading extents within tech industry employment contracts. Love, honour, and obey. These fears find their symbolic resolution in blockchain consent but have real effects in fiat society.

Commitments, in the Cold War game-theoretic sense of "threats", must be credible to be effective. You must be able to trust the entity that is making the commitment to make good on them and carry out their threats. Immutability builds credibility and thereby affords the possibility of trust in this sense. We see this fulfilled in the credibility of blockchain value, and we see it shitting itself in the fuckery of blockchain consent. Committing to something, whether nuking your opponent or "the bit" in the sense of a joke, creates a ray through its light cone that affects decisions made within it. This is trivial, any decision will affect what comes after it, but a commitment is the promise of a decision. It is a trustworthy decision offer or option in the market of reason.

Knowing who one is making commitments to – whom one is threatening – is a matter of identifying them. Identity has many meanings, from mathematics to those used in political commentary. Blockchain identity is a combination of the computer security sense and the financial sense – it is an account. We irresistibly attach the social and psychological concepts of identity to this. Bitcoin’s pseudonymity allows us to exploit the former without entailing the latter to protect the private individual from state surveillance and censorship. However, that isn’t good for building the counterparty trust that economic exchange requires. Protean identity is not trustworthy in this sense.

Which leads us to the carcinerization of immutable identity. If unstable identity doesn’t build trust effectively, surely stable identity will build trust. Singular, irrepudiable identifiers onchain strongly tied to our offchain personhood that we commit to so that we can render ourselves transparent to our counterparties. That this is the logic of financial and social credit scores is not the least of its problems. Danah Boyd identifies the problem with demanding that people reduce their multiplicity to a singular presence in her early work. Even Curtis Yarvin knows that you will need more than one identity if you are a queer kid in an intolerant community.

I have encountered the problem of blockchain immutability quite directly since transitioning. The philosophical question of to what degree I am the same person as before – and people change all the time in many other ways – is tied to the computer science question of updating records for accuracy (hello GDPR). My legal name has changed, but I placed my old name in an image that I sent the hash of in a transaction to the Bitcoin blockchain. I’ve updated the image, but it now no longer matches the hash. Likewise for the first NFT project I created after starting my transition. The certificates in "Certificate of Inauthenticity" originally bore my deadname for an added degree of inauthenticity. Which seemed like a good idea until it started haunting me too much. Fortunately I had made the NFT metadata in the CoI contract mutable, so I could update the image to remove the now (legally!) false signature.

Committing to an identity is a powerful act in social and economic terms. But identities in these senses are not singular in the way that state databases need them to be and that tech bros lack the life experience to understand that they are not. They will also change meaningfully over time. Attempting to capture more of the value of a person’s multiplicity under a singular identifier to exploit them economically or control them socially is an antipattern. The problem is that identity, immutability, and trust are in neccessary tension. If we commit to immutable blockchain identities as the anchors of social and economic trustworthiness, then they are rendered untrustworthy by our doing so. The human beings under them will pay the price that this externalizes onto them, in direct proportion to the degree that they are not singularly knowable.

Does it ever bother you, Amy, that your life doesn’t make any sense?
— The Doctor, The Pandorica Opens.

In the early morning of the 24^th of March 2020, I had a dream that seemed to last for less than a minute. In the dream, it was a pleasantly warm summer afternoon in the South of England, and I was sitting at a picnic table in the shade of a hotel or restaurant garden with some of my oldest friends. Everyone was having a good time. As I stood up to greet a new arrival, I realized that, in the dream, I was a woman. I don’t remember how I looked or what I was wearing – I think it was the cliche of a summer dress. I felt relaxed, happy, and confident in a way I never did in my waking life. Once I had walked over to the new arrival and warmly welcomed them, I woke up. As I returned to reality, the feeling remained, as feelings from dreams sometimes do.

But however right things had felt in the dream, I remembered that I wasn’t a woman in real life. My entire life was built on top of this incontrovertible fact. I knew what I was and might not like it, but that was how it was. End of story. And while I supported trans people, of course- I mean, I thought they were great, I was in awe of them. I didn’t understand- or rather, I couldn’t imagine- well, there was definitely nothing- look, there was no way I was trans. It just wasn’t possible. It couldn’t be. It wasn’t. Stop it. Just stop. Please stop. Please.

Look, I would have known. And I didn’t because there was nothing to know. OK, you can’t prove a negative, but- hang on, I just remembered something that can prove it! Oh, thank goodness. I can prove it. So, years ago, I took some of those online “Are you transgender?” quizzes, and they all came back negati-

uhhh, wait, what?

When did I do that?

More to the point, if there was nothing to know, why did I do that?

Strapped to a bed in a Memphis hotel, his talent burning out micron by micron, he hallucinated for thirty hours. The damage was minute, subtle, and utterly effective. For Case, who’d lived for the bodiless exultation of cyberspace, it was the Fall. In the bars he’d frequented as a cowboy hotshot, the elite stance involved a certain relaxed contempt for the flesh. The body was meat. Case fell into the prison of his own flesh.
— William Gibson, Neuromancer.

Starting with a single crack in the perfect machinery of unconscious denial that my mind had constructed to protect me from what it saw as the threat of self-knowledge, I remembered more and more. As a child, I couldn’t understand my feelings, so I put how I felt into animal transformation fantasies. After a teenage friend told me that I only seemed happy when I was playing a female elf in D&D, I should have been able to piece it together. Section 28 and all its cognates ensured that I couldn’t. I spent more than half of my life as the meatpuppet of an internalized transphobia that I didn’t even know I had. I spent three decades feeling unaccountably wrong and alienated and depressed and fake and anxious and like I didn’t matter or even really exist.

Then suddenly, I was real, and reality was all-consuming existential body horror.

With the evidence now on its side, my body could finally name what was wrong with it and express its deep displeasure at the fact, regardless of how I might take it. “Dysphoria just means sadness” doesn’t capture the physical pain of whatever we choose to call it any more than it captures its standing-under-a-waterfall emotional weight. It felt like a demon with a cattle prod. From when I woke up to when I fell asleep at night, it was all I could do to defend myself against it. The more I remembered, the harder that became until, by the third day, I had gone from being terrified that I was trans to being terrified that I might not be. I promised the barely metaphorical demon that I would transition. It left me alone, warning me it would return if I didn’t make good on my promise.

… an invasion from the future by an artificial intelligent space that must assemble itself entirely from its enemy’s resources.
[…]
How would it feel to be smuggled back out of the future in order to subvert its antecedent conditions? To be a cyberguerrilla, hidden in human camouflage so advanced that even one’s software was part of the disguise? Exactly like this?
— Nick Land, Machinic Desire/Circuitries.

Three days. With all my resources, I had lasted three days of being consciously aware of my dysphoria. What had felt like a demonic possession was actually an exorcism. The end of lying to myself without even remembering it. The end of being able to.

If you had told me any of this on the 23^rd of March 2020, I would not have believed you. It would have been impossible for me to. An increasingly large amount of my brain’s runtime had devoted itself to the process that censored my experience of myself in the world. If you’d told me I was plugged into a computer simulation or that I was a character in my favourite TV show, I would have found that far more convincing. I tried to tell myself that the Censor was trying to protect me. But that’s still a hard ask, even though now that I’m finally a person, I want to be a better person.

If this were fiction, a dream would be beyond cliched to impart knowledge to a character. No competent editor would allow it through. But in real life, when no rational attack vector remains for the truth to exploit, all that remains are the irrational ones. The game theory of denial produces no victories. The truth will, in fact, set you free. It will also terrify and break you. But it will set you free. And then you get to stop pretending that you aren’t a woman. You get to actually exist.