About Books and Blockchain

It's been a while since I updated my blog, but it was for a good reason: I published The Hacker Mindset, my first hacking book!

The Hacker Mindset on my desk

It's a collection of the most significant stories that shaped my experience to become a cybersecurity professional, with a special focus on what I believe is the most important skill for a hacker: the mindset.

Writing the book has been quite an experience itself, so enjoyable and rewarding that I was tempted to keep the book for myself and skip the (potentially) tedious publication part, which of course involved:

  • creating the book layout
  • designing the cover
  • editing the copy to make it "professional"
  • find a publisher (or self-publish)
  • distribute and market the book

And this is just to mention the most important steps. If you are interested in the specifics, I can recommend this YouTube channel, which gave me some pretty useful information.

In the end, I decided my little book deserved to "see the light of the sun", so I completed the layout and design parts myself (luckily, I was a designer in my previous life) and started looking for a publisher interested in my project.

A writer I met during my stay in Tel Aviv last year, told me that finding a publisher was not an easy task, and he was right. I emailed almost 50 companies and only a few of them decided to review my book and set up a meeting with me to discuss the details. Some of them were traditional publishers (they would invest in the project and pay me as the author) and others were hybrid publishers (I would have to cover all the publication costs and retain the majority of the royalties).

At this point, I was a bit confused:

  • I didn't like hybrid publishers because they basically get any project as long as the author pays them (this is why they are also called vanity publishers)
  • I didn't like traditional publishers because their publication process was too long and they wanted to change my book to make it more "sellable"

But above all, I didn't like how the book evaluation was handled, because I sent my manuscript via email or upload form, without any form of tracking or delivery confirmation. Just to be clear, I wasn't scared that someone could "steal" my book, because is really nothing special :) But at the same time, in 2023 we have the tech to make this process much more solid and transparent, and I would expect that from well-established publishers. Plus, it would have been really reassuring for a first-time author like me to receive a confirmation saying that the draft was received, would be handled within a certain timeframe, and treated under a certain privacy protocol.

Another thing that is really "old-fashioned" is the assignment of the ISBN, the international book identifier. It has to be assigned by your home country, and some countries even ask for money to issue it! It's issued locally under local regulations but is valid globally.

All of this made no sense to me, so I decided to self-publish my book in a creative way: I created 1book, an imprint (tied to my company), and implemented the publication process I wish other publishers offered to me (and anyone else).

A perfect combo with blockchain

I know, most of the time we hear the word blockchain in combination with cryptocurrency and finance, but don't forget what a blockchain is at its very root: a distributed and immutable ledger! Being immutable, it is the perfect technology to implement anything that requires the security and transparency of data.

In my ideal world, things like:

  • delivery confirmation of the first draft
  • the contract between the author and the publisher
  • the publication terms
  • ownership and copyright
  • assignment of the ISBN

Should be implemented and tracked on a blockchain.

Of course, making all this just for my book would have been overkill, especially because I am the author and the publisher in this case, so I decided to focus on one aspect: the ISBN - because it's what determines the ownership of the book.

ISBN as NFT

After reviewing a few options, including some 3rd party "NFT as a service" tools, I decided to develop and issue my own 1book (OBO) NFT. NFT stands for Non-Fungible Token and it's a type of digital asset that represents ownership or proof of authenticity of a unique item or piece of content, such as artwork, music, videos, and virtual real estate. So, why don't apply it to books?

NFTs can have a flexible JSON structure based on the smart contract used to implement it, and I structured mine in a very minimal way:

{
    "name": "The Hacker Mindset",
    "description": "How thinking like a hacker can improve your code, your coffee, and your life",
    "image": "ipfs://bafkreieelwtezx2i3sc2f7abapm3ql6arb6tn7u52ioarjd6dgjujctpvq",
    "attributes": {
        "author": "Francesco Carlucci",
        "ISBN_hardcover": "978-9916-4-1831-4",
        "ISBN_paperback": "978-9916-4-1832-1",
        "ISBN_epub": "978-9916-4-1833-8"
    }
}

After some research and some coding, I had a simple smart contract in place 0x0ce3ac6f0e1a1b3f29c0a4514275797f0f378a18 and issued my first token to my wallet!

I don't wanna go deep into the technical aspects because blockchain can be a really hyper-complex topic, but the bottom line here is that this way I can certify the ownership of the book and the ISBNs associated. The way I do it without a "central authority" is because there is a transaction on my digital wallet with metadata associated stored on the IPFS (InterPlanetary File System) in an immutable fashion.

You might think at this point: all you have is a transaction on a wallet which is an apparently random string of numbers! How do you prove that the wallet is actually owned by Francesco Carlucci?

The most understandable answer I can give is that I am the only one who owns the private key of that wallet, and I can ask anyone to encrypt a sample text using my public key, then decrypt the text and prove I own the only corresponding private key capable to decrypt that public one (aka asymmetric encryption).

It may sound not a strong way, but if you think that the first tweet in history has been sold for 2.9 million on the very same blockchain (Polygon) I used for my 1book token... maybe it's more reassuring :)

We could do more

Mine was an experiment, the perfect way to "complete" my journey of writing a book that is about hacking and deserves a creative publishing process. But of course, we can do much more using blockchain, smart contracts, and "web3" to empower an easier and more transparent publication process.

For now, all I can do is leave you with a link to buy my book, if I made you curious. If you read it, please do not forget to email me your feedback!

Francesco