Topic: BANK RUN! - P2P Fiat-Bitcoin Exchange - page 7. (Read 39079 times)

Again, my knowledge is limited to a certain project I did in the area, during which I was exposed (under strict NDA) to some involved technologies.
The companies in question used an analytic tech platform, which allowed reviewing every transaction against a very broad of both personal and external patterns and trends.

While you right about people not mentioning BTC in transaction (although I did seen few that did!), I still can envision a situation, where blockchain transactions are being reviewed to match to a particular wire transfer, based on the exchange rate at the moment of transfer (for example).

As said this will cause many false positives, but as the tech in question is self-training (at least from what I seen), it may eventually recognize a repeating pattern and flag (including showing the prediction accuracy %) both accounts as participating in the crypto trading.

Long shot - but the chance of this happening (if there is enough pressure) is certainly there.

I would love to help with the front end of the exchange
PM me or my skype is mcduder1

I would not recommend to use bankrun in a country where BTC is illegal.
We cannot prevent them from using it and maybe they find ways how they can use it without risking anything, but the "undercover agent attack" scenario is very real in those cases, and I don't see much room for protection against that.
The privacy between the traders is leaked due the bank transfer. If there are alternatives to a bank transfer (mail?) which preserves privacy, they could gain some protection. But even then I would not recommend it. The project is intended to work inside the legal frameworks.

I would appreciate to get more information about the situation in Russia, so if there is somebody with more knowledge about that please share it!
I am also not sure if it is really illegal or just the central bank said that you may not use it...
Legal questions tend to be complex, and I am absolute not an expert in that.

China I see as much more interesting market. I have no idea how they trade BTC now with the bank bans for the exchanges?

Can you tell us how they manage to pick out btc related transactions assuming no central exchange account is used and people do not use any comments like "BTC trade id:1234" in the tx?

Also opening up new bank accout is not a big deal at least in Europe. To be safe, we will be recommended to no use the primary Bank Account. But as far BTC is not illegal there is no reason why they should freeze your account. If you trade huge volumes, you will be confronted with money laundering questions, but thats another issue...

One big open question is the irreversibility of bank transfers. As far as I know SEPA transfers are irreversible (my bank confirmed that for my account at least). But many people in the discussions say they are not. I am not familiar with the situation in the US.
I will research that more to get some facts, but if you are more familiar with that area maybe you could add valueable input here or post some links to good resources?

I would prefer if the system does not require escrow (I am still convinced that it should work fine without, but will lay out that more in detail in the paper soon), if it turn out that escrow should be mandatory included, your solution will be the way we have to go. Good to hear that it is already that mature!

I have some (limited) familiarity with banks and credit cards company fraud prevention systems, and I think that with enough interest, they *might* implement crypto-analytics to try and correlate wired transfers to crypto ones, and block/limit the relevant bank accounts.

That said, it probably will take quite some time until they decide to do that, plus will probably generate a lot of false positives.


In any case, this protocol should be much safer for crypto buyers / sellers, than a central exchange bank account (that can be easily traced and blocked), and I personally know some people who were hit by their banks for such transactions exactly.

Just my 2c.

Just to be clear on the practical point - ssl logging to provide proof works, I and dansmith have done hundreds of experiments. Since the core code is already written (actually, more than one version), the complexity isn't much of an issue.
On the other hand I understand you're looking for non-escrow models, so that's fine.

There is no question that this is a huge issue with p2p systems using bank wires. However it seems to me you're missing a critical aspect - the very fact that the system is P2P rather than client server can lower the chance of an account getting blocked.

If banks start seriously blocking bitcoin-related transfers, they have to have some evidence to suggest which out of the hundreds of thousands of wire transfers a day are related to bitcoin. If all fiat-btc transfers are via one of 10 different exchange companies (especially if they're international), it is not very difficult for banks to do that. If the transfers are peer to peer and local, not so much.

(Of course banks freeze accounts for non-bitcoin reasons, I'm not suggesting the P2P aspect removes the blocking risk, but it moves the goalposts)

I'll take this opportunity to let people know of the architecture I'm working on coding right now - description here. Read the ssllog thread for more details if you're interested.

That doesn't change anything. Criminals can provide PGP keys like anyone else.

Anyway, I don't wanna derail your thread, but I urge you to not forget this issue and seriously pour some thought into it.

Does anybody know more details about these projects?

http://www.coinffeine.com/
coinffeine is from the same guys who have published a whitepaper on pauv.org (not available anymore).
It is based on a very similar idea (Nash equilibrium).

http://www.metalair.org/
https://bitcointalksearch.org/topic/proposal-fully-decentralised-exchange-mechanism-for-all-cryptocurrencies-fiat-218516
Seems pretty different to my approach

Jed McCaleb new project:
http://alphatesters.secretbitcoinproject.com/

I contacted all 3 and hope to get some answers to see if there are possibilities for cooperation, or at least to see where they are, to not develop the same thing twice.

But here is the big difference. With Cryptolocker you deal with one attacker with a certain identity, so you know they behave in a certain way because they did it in the past. In an P2P exchange you will not make the trade with the same person again (the bank details give the identity). So there is no reason to assume when you onced get blackmailed and the blackmailer acted "honest" that the next time another blackailer will do the same.

Also I am thinking on an idea to introduce a legal contract, that way (you have the identity due the dnak details) you have much protection. But I dont want to discuss that yet as it is half-baked. I will add that to the paper soon if it works out.

But thanks for your input!
Nobody can know now how it will work and if the assumtions are correct. For sure we need to improve stuff as soon we get it out and see how it works and where are the problems. That does not mean that I dont take these issues serious! Will try to find the best base setup to start.

You are repeating your previous argument only with more words this time, and you clearly have not studied Cryptolocker. If you had done so you would know your assumptions are plain wrong, and that real life evidence of an already existing (and wildly successful) blackmail scheme contradicts every assumption you are making.

You see, the Cryptolocker guys are actually smart criminals. They did not, as you assume (and in doing so, greatly underestimate their cunning and intelligence), enter your supposed infinite ransom loop. Instead, they decided that keeping their word was in the best interest of their "business plan", if we can call it so. They established a weird kind of credibility, where the victims knew paying was the best option, bar none at the moment. And then they delivered.

Don't get me wrong, I very much like your idea, but you cannot go about dismissing the main objections by making generic statements like "...after a few rounds I think everybody has learned...", "And its in the nature of a blackmailer to be greedy ;-)." or "The only real blackmail problem would be...".

That is NOT how you do Exchange level security. These last few days should serve as a perfect example of why not.

There are tons of Cryptolocker case studies by very good net-sec firms. Please go read one to understand its severity and implications. Good will and logic assumptions do not make blackmail go away.

 

I don't  know how broad the scope of it is.  I know that all the banks local to me (Northern California, USA) have started doing things that way. 

I don't know whether that's because the law now _requires_ it, because the law now _allows_ it, or because some regulatory agency is now incentivizing it or penalizing failure to do it, or because of a court precedent that makes banks less likely to get sued for it, or ....  any of a thousand possibilities.

You get all the broadcasted orders (2 days message storage is standard in Bitmessage, so you get all > 2 days age) you are interested in:
Set a filter for offers with: Offer-type: Buy BTC; Currency: EUR; bank transfer type: SEPA; Region EU
Then you get a list of offers sorted by price, you can pick the best mathing price/amount of the list.
It is basically similar to localBitcoin or bitcoin.de.

You can even add price charts of completed offers (not investegated that yet, but should be not a big issue).

Mobile is an important point! Thanks for bringing that up. One problem is that the wallets are dependent to centralized services as you cannot run a full node there. But a field to investigate further. Is on my TODO list....

Ok, I looked over your scheme and have 2 points.

It seems, there is no orderbook? How does one get an idea, what price to ask or bid?

I thought about a p2p exchange, too. And I think it should focus on mobile phones, because they are harder to track down and to block. I'd also use the GPS api to support meetups to complete an actual exchange. No bank need then.

These 2 points led me to the next problem: how to create a distributed orderbook, that spreads orders in a fair way?

Thanks for bringing that up again and sorry for the late reply!

1:
I mentioned in the paper that you may only use bank transfers which are irreversible (SEPA in europe, no Paypal). See
Money hardness:
https://en.bitcoin.it/wiki/Payment_methods
I will also add another idea I need to work out more in detail before discussing it which could help to solve that issue.
Will add it to the paper soon...

2:
There will be a kind of FAQ page where users get the most important side effects described.
If you do 1000 trades a month with 50 000 USD every bank will raise "money laundering" alarm.
So if you trade a lot dont use your primary account, create maybe a few accounts. That will not help to hide it to the government/tax authority as in most countries the banks deliver information there so the tax authority will ask questions for the sources of the money.
If you are in contact with a problematic peer you could also get problems. If the other get an investiagtion from tax authority they may link to you and you are the next if you are in the same country.
Also as you mentioned if a criminal send you money, you could get confrontated with problems.
But those issues are the same with Ebay or other online services where you can make financial tx with private persons.
So there will be some remaining risks. As well there are risks with centralized exchanges (I am still waiting for some money of a locked down exchange).

There is no perfect Silver Bullet. Life is risk.
It will be just a solution which fits better to the idea of BTC.

The whole concept will be in line with the legal framework (at least in civilized countries).
To make a financial transaction between 2 private persons without any other person in between is legal everywhere if it does not violate certain limitations (frequency, volume, criminal involements).
That would be the same if you do a traditional trade privately. You need to take care to not overstretch the limits.
If you buy a bike from a drug dealer you could get problems. If you buy 100 bikes a months you could get problems (looks like a business). If you buy from 100 different persons stuff that could cause problems (looks like you are a professional trader)....

Yes it will be more comfortable to use centralized exchanges. But services like Bitcoin.de or localBitcoin have also quite a large user base, so comfort is not the only thing. And for countries like China that comfort is not available anymore.
A crypto-crypto exchange will be possible as well, but there are already some solutions out there (Ripple, NXT,...). That was the easier problem to solve...

Yes there is headroom for much more... NashX is a centralized P2P market using the same concept (nash equilibrium).
I have already some dev contact and most of them did not address the financial side yet, so seams it is not THAT important to them. But I know that will be a thing we need to solve. My preferred model yet would be croudfunding. I like the style how Dark Wallet has done it. Transparent and open. Not playing with the greed of the people, attracting a special fraction of Bitcoiners (see Ethereum threads, most are just discussing the invetment stuff and are not very interested in the idea itself, or just in respect of their investment).
But I am open for any idea not destroying the basic principles: Openness, free, decentralized.


Yes in western countries where we are (yet) not confrontated with governmental attacks against BTC, then main motivation to use a less feature rich platform would be a political one. But localBitcoin and Bitcoin.de have also quite a large user base so it seems there are enough people who are not so much concerned about the missing features/speed.
For other countries like China that solution could be the only way to get into the fiat world. So there could be a huge potential.


In countries (Russia) where the government is that corrupt to set BTC illegal, there are those risks, yes. I am not familiar with the situation there, but I assume people there are more used to these kind of threats and have other ways to get around it if they want. Also people there have maybe more important problems then how to get into BTC... Open question... Maybe somebody with experience about those places can add some input here.

Thanks for your input. I dont want a dependency to any 3rd party and I guess Western Union could be one of the first victims of the success of BTC ;-). They have high fees and could be replaces soon by BTC.
Also I want to keep it as simple as possible. An escrow could be added to the system without much problem, the problem is that the escrow needs a tamper proof document. A screenshot from the bank tx is easy to fake. SSL dump could be a solution but thats complex. I am still not convinced an escrow is needed at all. I will update the paper soon with more details about that topic, because it seems that many people thinks it will not work without escrow...

This is the 3rd time these points have been raised - you seem to have addressed literally every other post specifically apart from these ones.

These maybe hard questions to answer, but if #2 in particular starts happening for users of your system, you will become a VERY unpopular person, VERY quickly. Having a primary fiat bank account closed or locked is far more damaging and off putting for the novice user (who you've said this system would be for) than losing some fiat or some BTC.

Seems just THE thing bitcoin needs!