Pages:
Author

Topic: BANK RUN! - P2P Fiat-Bitcoin Exchange - page 7. (Read 39092 times)

hero member
Activity: 756
Merit: 502
February 15, 2014, 04:12:44 PM
#86
Can you tell us how they manage to pick out btc related transactions assuming no central exchange account is used and people do not use any comments like "BTC trade id:1234" in the tx?

I will research that more to get some facts, but if you are more familiar with that area maybe you could add valueable input here or post some links to good resources?

Again, my knowledge is limited to a certain project I did in the area, during which I was exposed (under strict NDA) to some involved technologies.
The companies in question used an analytic tech platform, which allowed reviewing every transaction against a very broad of both personal and external patterns and trends.

While you right about people not mentioning BTC in transaction (although I did seen few that did!), I still can envision a situation, where blockchain transactions are being reviewed to match to a particular wire transfer, based on the exchange rate at the moment of transfer (for example).

As said this will cause many false positives, but as the tech in question is self-training (at least from what I seen), it may eventually recognize a repeating pattern and flag (including showing the prediction accuracy %) both accounts as participating in the crypto trading.

Long shot - but the chance of this happening (if there is enough pressure) is certainly there.
newbie
Activity: 3
Merit: 0
February 15, 2014, 12:21:47 PM
#85
I would love to help with the front end of the exchange
PM me or my skype is mcduder1
k99
sr. member
Activity: 346
Merit: 255
Manfred Karrer
February 15, 2014, 11:02:59 AM
#84

2. As long as centralized platforms like Bitstamp work, people will be too lazy to switch to the system described here, which lacks the funds to make it really attractive to people. And centralized platforms do work - I mean that despite the Gox-shit! If some exchanges go bankrupt every 5 years or so, that is ok.  The normal user only has to trust them with his money for 1 day.  The probability that the exchange goes bankrupt in that time is very very low.

Yes in western countries where we are (yet) not confrontated with governmental attacks against BTC, then main motivation to use a less feature rich platform would be a political one. But localBitcoin and Bitcoin.de have also quite a large user base so it seems there are enough people who are not so much concerned about the missing features/speed.
For other countries like China that solution could be the only way to get into the fiat world. So there could be a huge potential.

You say that localBitcoins and bitcoin.de are quite popular. That is not true. They all suck so much and nobody will use them in the near future.  The only reason they still exist is the lack of any real exchanges that run in EUR.    But in the next months I'm sure we will have a place that people trust.  Kraken.com looks promising. Noone will ever go through all this shit on bitcoin.de or localBitcoins if he can use a proper exchange like Bitstamp or Kraken.

99% of the people also don't care about their data being passed to government.   Exchanges like yours or localBitcoin will never work as 99% of the people are not willing to pay the costs associated with the additional privacy.  


3.  It is really important to determine how BTC Trading will develop if the country bans it.   So maybe you should get informed about the situation in Russia for example.
You should try to figure out if your exchange could possibly run in Russia. If there are ways to solve the Undercover Agent problem, it could very very successful!


To address the blackmail problem:  Studies in behavioral finance have shown, that people are willing accept a major financial loss if they could penalize a malicious trading partner. The only condition is that, the penalty for the malicious user has to be at least around as high as the  penalty you are going to suffer.  As the collateral can be set as high as you want and additional feedback systems could be implemented, blackmailing can be prevented...

Cryptolocker worked because the penalties were imbalanced.


I would not recommend to use bankrun in a country where BTC is illegal.
We cannot prevent them from using it and maybe they find ways how they can use it without risking anything, but the "undercover agent attack" scenario is very real in those cases, and I don't see much room for protection against that.
The privacy between the traders is leaked due the bank transfer. If there are alternatives to a bank transfer (mail?) which preserves privacy, they could gain some protection. But even then I would not recommend it. The project is intended to work inside the legal frameworks.

I would appreciate to get more information about the situation in Russia, so if there is somebody with more knowledge about that please share it!
I am also not sure if it is really illegal or just the central bank said that you may not use it...
Legal questions tend to be complex, and I am absolute not an expert in that.

China I see as much more interesting market. I have no idea how they trade BTC now with the bank bans for the exchanges?
k99
sr. member
Activity: 346
Merit: 255
Manfred Karrer
February 15, 2014, 10:50:23 AM
#83
I have some (limited) familiarity with banks and credit cards company fraud prevention systems, and I think that with enough interest, they *might* implement crypto-analytics to try and correlate wired transfers to crypto ones, and block/limit the relevant bank accounts.

That said, it probably will take quite some time until they decide to do that, plus will probably generate a lot of false positives.


In any case, this protocol should be much safer for crypto buyers / sellers, than a central exchange bank account (that can be easily traced and blocked), and I personally know some people who were hit by their banks for such transactions exactly.

Just my 2c.

Can you tell us how they manage to pick out btc related transactions assuming no central exchange account is used and people do not use any comments like "BTC trade id:1234" in the tx?

Also opening up new bank accout is not a big deal at least in Europe. To be safe, we will be recommended to no use the primary Bank Account. But as far BTC is not illegal there is no reason why they should freeze your account. If you trade huge volumes, you will be confronted with money laundering questions, but thats another issue...

One big open question is the irreversibility of bank transfers. As far as I know SEPA transfers are irreversible (my bank confirmed that for my account at least). But many people in the discussions say they are not. I am not familiar with the situation in the US.
I will research that more to get some facts, but if you are more familiar with that area maybe you could add valueable input here or post some links to good resources?
k99
sr. member
Activity: 346
Merit: 255
Manfred Karrer
February 15, 2014, 10:41:40 AM
#82
Also I want to keep it as simple as possible. An escrow could be added to the system without much problem, the problem is that the escrow needs a tamper proof document. A screenshot from the bank tx is easy to fake. SSL dump could be a solution but thats complex.

Just to be clear on the practical point - ssl logging to provide proof works, I and dansmith have done hundreds of experiments. Since the core code is already written (actually, more than one version), the complexity isn't much of an issue.
On the other hand I understand you're looking for non-escrow models, so that's fine.

I would prefer if the system does not require escrow (I am still convinced that it should work fine without, but will lay out that more in detail in the paper soon), if it turn out that escrow should be mandatory included, your solution will be the way we have to go. Good to hear that it is already that mature!
hero member
Activity: 756
Merit: 502
February 15, 2014, 09:33:46 AM
#81
I have some (limited) familiarity with banks and credit cards company fraud prevention systems, and I think that with enough interest, they *might* implement crypto-analytics to try and correlate wired transfers to crypto ones, and block/limit the relevant bank accounts.

That said, it probably will take quite some time until they decide to do that, plus will probably generate a lot of false positives.


In any case, this protocol should be much safer for crypto buyers / sellers, than a central exchange bank account (that can be easily traced and blocked), and I personally know some people who were hit by their banks for such transactions exactly.

Just my 2c.
sr. member
Activity: 469
Merit: 253
February 15, 2014, 06:56:51 AM
#80
Also I want to keep it as simple as possible. An escrow could be added to the system without much problem, the problem is that the escrow needs a tamper proof document. A screenshot from the bank tx is easy to fake. SSL dump could be a solution but thats complex.

Just to be clear on the practical point - ssl logging to provide proof works, I and dansmith have done hundreds of experiments. Since the core code is already written (actually, more than one version), the complexity isn't much of an issue.
On the other hand I understand you're looking for non-escrow models, so that's fine.
sr. member
Activity: 469
Merit: 253
February 15, 2014, 06:43:06 AM
#79
There are two problems with that I can think of:

1. Bank transfers can be reversed in some circumstances (account was stolen etc). Some days after Bob gets the money and releases the bitcoins, the bank may reverse the transaction.

2. I'd be worried that the bank may freeze my account if I receive cash transfers from someone who turns out to be a criminal or the bank freaks out for some reason.

I would much prefer a centralized exchange.

This concept could work if A and B meet up and payment is made in cash. This concept could also work for trading between cryptocurrencies (btc <--> ltc etc)

I think these are serious issues which need to be considered


This is the 3rd time these points have been raised - you seem to have addressed literally every other post specifically apart from these ones.

These maybe hard questions to answer, but if #2 in particular starts happening for users of your system, you will become a VERY unpopular person, VERY quickly. Having a primary fiat bank account closed or locked is far more damaging and off putting for the novice user (who you've said this system would be for) than losing some fiat or some BTC.

There is no question that this is a huge issue with p2p systems using bank wires. However it seems to me you're missing a critical aspect - the very fact that the system is P2P rather than client server can lower the chance of an account getting blocked.

If banks start seriously blocking bitcoin-related transfers, they have to have some evidence to suggest which out of the hundreds of thousands of wire transfers a day are related to bitcoin. If all fiat-btc transfers are via one of 10 different exchange companies (especially if they're international), it is not very difficult for banks to do that. If the transfers are peer to peer and local, not so much.

(Of course banks freeze accounts for non-bitcoin reasons, I'm not suggesting the P2P aspect removes the blocking risk, but it moves the goalposts)

I'll take this opportunity to let people know of the architecture I'm working on coding right now - description here. Read the ssllog thread for more details if you're interested.
sr. member
Activity: 266
Merit: 250
February 14, 2014, 04:54:24 PM
#78
You see, the Cryptolocker guys are actually smart criminals. They did not, as you assume (and in doing so, greatly underestimate their cunning and intelligence), enter your supposed infinite ransom loop. Instead, they decided that keeping their word was in the best interest of their "business plan", if we can call it so. They established a weird kind of credibility, where the victims knew paying was the best option, bar none at the moment. And then they delivered.

But here is the big difference. With Cryptolocker you deal with one attacker with a certain identity, so you know they behave in a certain way because they did it in the past. In an P2P exchange you will not make the trade with the same person again (the bank details give the identity). So there is no reason to assume when you onced get blackmailed and the blackmailer acted "honest" that the next time another blackailer will do the same.

That doesn't change anything. Criminals can provide PGP keys like anyone else.

Anyway, I don't wanna derail your thread, but I urge you to not forget this issue and seriously pour some thought into it.
k99
sr. member
Activity: 346
Merit: 255
Manfred Karrer
February 14, 2014, 04:47:44 PM
#77
Does anybody know more details about these projects?

http://www.coinffeine.com/
coinffeine is from the same guys who have published a whitepaper on pauv.org (not available anymore).
It is based on a very similar idea (Nash equilibrium).

http://www.metalair.org/
https://bitcointalksearch.org/topic/proposal-fully-decentralised-exchange-mechanism-for-all-cryptocurrencies-fiat-218516
Seems pretty different to my approach

Jed McCaleb new project:
http://alphatesters.secretbitcoinproject.com/

I contacted all 3 and hope to get some answers to see if there are possibilities for cooperation, or at least to see where they are, to not develop the same thing twice.
k99
sr. member
Activity: 346
Merit: 255
Manfred Karrer
February 14, 2014, 04:16:19 PM
#76
You see, the Cryptolocker guys are actually smart criminals. They did not, as you assume (and in doing so, greatly underestimate their cunning and intelligence), enter your supposed infinite ransom loop. Instead, they decided that keeping their word was in the best interest of their "business plan", if we can call it so. They established a weird kind of credibility, where the victims knew paying was the best option, bar none at the moment. And then they delivered.

But here is the big difference. With Cryptolocker you deal with one attacker with a certain identity, so you know they behave in a certain way because they did it in the past. In an P2P exchange you will not make the trade with the same person again (the bank details give the identity). So there is no reason to assume when you onced get blackmailed and the blackmailer acted "honest" that the next time another blackailer will do the same.

Also I am thinking on an idea to introduce a legal contract, that way (you have the identity due the dnak details) you have much protection. But I dont want to discuss that yet as it is half-baked. I will add that to the paper soon if it works out.

But thanks for your input!
Nobody can know now how it will work and if the assumtions are correct. For sure we need to improve stuff as soon we get it out and see how it works and where are the problems. That does not mean that I dont take these issues serious! Will try to find the best base setup to start.
sr. member
Activity: 266
Merit: 250
February 14, 2014, 03:41:24 PM
#75
To accept the blackmail would mean to trust a partner who has proved to be dishonest. There is absolute no reason to justify a blackmail acceptance. Therefore that risk can be ignored.
Yeah, that's why blackmail is only a theoretical idea in the real world - right?  Roll Eyes

Exactly. You should look into the whole Cryptolocker thing if you believe blackmail is to be ignored.

Ok lets play blackmail:
We do a trade and I (Bob Blackmailer) will not release the fund at the end of the trade, so you would loose 1.1 BTC and I only 0.1 BTC. I send you a message that I only will release it if you send me 0.5 BTC.
Would you accept?
If you accept to pay then you are in an even worse situation: You can lose now 1.6 BTC, I have already won 0.4 BTC. So I will try it again and will blackmail you. Would you be so irrational to pay again.... Then you would be in an even worse situation, and so on... after a few rounds I think everybody has learned that the only way to deal with blackmail is to absolutely reject it!
If you reject right from the beginning, what would happen? The blackmailer will wait a while, maybe repeat to blackmail you, but at some point he will give up. Then he has to choose to lose 0.1 BCT if he never releases the fund or he releases it and get back the 0.1 BTC. A greed blackmailer will release. And its in the nature of a blackmailer to be greedy ;-).

The only real blackmail problem would be in countries where BTC is illegal (russia) and the other party blackmail you with reporting you to the police. Also an undercover agent could be trading and sending you to jail... In those countries you have probably more problems then buying/selling BTC.
If you manage to do the Fiat transfer in an anonymous way (?) then that could be avoided as well. I have not idea how, but I assume in those countries they know ways to do that...

You are repeating your previous argument only with more words this time, and you clearly have not studied Cryptolocker. If you had done so you would know your assumptions are plain wrong, and that real life evidence of an already existing (and wildly successful) blackmail scheme contradicts every assumption you are making.

You see, the Cryptolocker guys are actually smart criminals. They did not, as you assume (and in doing so, greatly underestimate their cunning and intelligence), enter your supposed infinite ransom loop. Instead, they decided that keeping their word was in the best interest of their "business plan", if we can call it so. They established a weird kind of credibility, where the victims knew paying was the best option, bar none at the moment. And then they delivered.

Don't get me wrong, I very much like your idea, but you cannot go about dismissing the main objections by making generic statements like "...after a few rounds I think everybody has learned...", "And its in the nature of a blackmailer to be greedy ;-)." or "The only real blackmail problem would be...".

That is NOT how you do Exchange level security. These last few days should serve as a perfect example of why not.

There are tons of Cryptolocker case studies by very good net-sec firms. Please go read one to understand its severity and implications. Good will and logic assumptions do not make blackmail go away.

 

legendary
Activity: 924
Merit: 1132
February 14, 2014, 12:58:56 PM
#74

There can no longer be a deposit unless you specifically authorize that particular deposit or you specifically authorize that particular person or business to make deposits directly into your account.  

Is that only for certain banks in the US or does that apply to all? Crazy, luckily I live in the EU and not in the "land of the free".


I don't  know how broad the scope of it is.  I know that all the banks local to me (Northern California, USA) have started doing things that way. 

I don't know whether that's because the law now _requires_ it, because the law now _allows_ it, or because some regulatory agency is now incentivizing it or penalizing failure to do it, or because of a court precedent that makes banks less likely to get sued for it, or ....  any of a thousand possibilities.

k99
sr. member
Activity: 346
Merit: 255
Manfred Karrer
February 14, 2014, 08:37:54 AM
#73
Ok, I looked over your scheme and have 2 points.

It seems, there is no orderbook? How does one get an idea, what price to ask or bid?

I thought about a p2p exchange, too. And I think it should focus on mobile phones, because they are harder to track down and to block. I'd also use the GPS api to support meetups to complete an actual exchange. No bank need then.

These 2 points led me to the next problem: how to create a distributed orderbook, that spreads orders in a fair way?


You get all the broadcasted orders (2 days message storage is standard in Bitmessage, so you get all > 2 days age) you are interested in:
Set a filter for offers with: Offer-type: Buy BTC; Currency: EUR; bank transfer type: SEPA; Region EU
Then you get a list of offers sorted by price, you can pick the best mathing price/amount of the list.
It is basically similar to localBitcoin or bitcoin.de.

You can even add price charts of completed offers (not investegated that yet, but should be not a big issue).

Mobile is an important point! Thanks for bringing that up. One problem is that the wallets are dependent to centralized services as you cannot run a full node there. But a field to investigate further. Is on my TODO list....
legendary
Activity: 965
Merit: 1000
February 14, 2014, 08:24:39 AM
#72
Ok, I looked over your scheme and have 2 points.

It seems, there is no orderbook? How does one get an idea, what price to ask or bid?

I thought about a p2p exchange, too. And I think it should focus on mobile phones, because they are harder to track down and to block. I'd also use the GPS api to support meetups to complete an actual exchange. No bank need then.

These 2 points led me to the next problem: how to create a distributed orderbook, that spreads orders in a fair way?
k99
sr. member
Activity: 346
Merit: 255
Manfred Karrer
February 14, 2014, 08:17:24 AM
#71
There are two problems with that I can think of:

1. Bank transfers can be reversed in some circumstances (account was stolen etc). Some days after Bob gets the money and releases the bitcoins, the bank may reverse the transaction.

2. I'd be worried that the bank may freeze my account if I receive cash transfers from someone who turns out to be a criminal or the bank freaks out for some reason.

I would much prefer a centralized exchange.

This concept could work if A and B meet up and payment is made in cash. This concept could also work for trading between cryptocurrencies (btc <--> ltc etc)

I think these are serious issues which need to be considered


This is the 3rd time these points have been raised - you seem to have addressed literally every other post specifically apart from these ones.

These maybe hard questions to answer, but if #2 in particular starts happening for users of your system, you will become a VERY unpopular person, VERY quickly. Having a primary fiat bank account closed or locked is far more damaging and off putting for the novice user (who you've said this system would be for) than losing some fiat or some BTC.


Thanks for bringing that up again and sorry for the late reply!

1:
I mentioned in the paper that you may only use bank transfers which are irreversible (SEPA in europe, no Paypal). See
Money hardness:
https://en.bitcoin.it/wiki/Payment_methods
I will also add another idea I need to work out more in detail before discussing it which could help to solve that issue.
Will add it to the paper soon...

2:
There will be a kind of FAQ page where users get the most important side effects described.
If you do 1000 trades a month with 50 000 USD every bank will raise "money laundering" alarm.
So if you trade a lot dont use your primary account, create maybe a few accounts. That will not help to hide it to the government/tax authority as in most countries the banks deliver information there so the tax authority will ask questions for the sources of the money.
If you are in contact with a problematic peer you could also get problems. If the other get an investiagtion from tax authority they may link to you and you are the next if you are in the same country.
Also as you mentioned if a criminal send you money, you could get confrontated with problems.
But those issues are the same with Ebay or other online services where you can make financial tx with private persons.
So there will be some remaining risks. As well there are risks with centralized exchanges (I am still waiting for some money of a locked down exchange).

There is no perfect Silver Bullet. Life is risk.
It will be just a solution which fits better to the idea of BTC.

The whole concept will be in line with the legal framework (at least in civilized countries).
To make a financial transaction between 2 private persons without any other person in between is legal everywhere if it does not violate certain limitations (frequency, volume, criminal involements).
That would be the same if you do a traditional trade privately. You need to take care to not overstretch the limits.
If you buy a bike from a drug dealer you could get problems. If you buy 100 bikes a months you could get problems (looks like a business). If you buy from 100 different persons stuff that could cause problems (looks like you are a professional trader)....

Yes it will be more comfortable to use centralized exchanges. But services like Bitcoin.de or localBitcoin have also quite a large user base, so comfort is not the only thing. And for countries like China that comfort is not available anymore.
A crypto-crypto exchange will be possible as well, but there are already some solutions out there (Ripple, NXT,...). That was the easier problem to solve...
k99
sr. member
Activity: 346
Merit: 255
Manfred Karrer
February 14, 2014, 07:52:32 AM
#70
Great idea indeed. It could also be used to trade other things using BTC - not only fiat.   But I see 3 major problems:
Yes there is headroom for much more... NashX is a centralized P2P market using the same concept (nash equilibrium).
1. There is no money to be made here.  It should be 100% Open Source  and such projects don't make any profit to potential investors.  So who should pay the Developer here?  I can only think of guys who hold a significant amount of BTC and are not afraid of getting their hands dirty. I don't think we will find such a person.
I have already some dev contact and most of them did not address the financial side yet, so seams it is not THAT important to them. But I know that will be a thing we need to solve. My preferred model yet would be croudfunding. I like the style how Dark Wallet has done it. Transparent and open. Not playing with the greed of the people, attracting a special fraction of Bitcoiners (see Ethereum threads, most are just discussing the invetment stuff and are not very interested in the idea itself, or just in respect of their investment).
But I am open for any idea not destroying the basic principles: Openness, free, decentralized.

2. As long as centralized platforms like Bitstamp work, people will be too lazy to switch to the system described here, which lacks the funds to make it really attractive to people. And centralized platforms do work - I mean that despite the Gox-shit! If some exchanges go bankrupt every 5 years or so, that is ok.  The normal user only has to trust them with his money for 1 day.  The probability that the exchange goes bankrupt in that time is very very low.

Yes in western countries where we are (yet) not confrontated with governmental attacks against BTC, then main motivation to use a less feature rich platform would be a political one. But localBitcoin and Bitcoin.de have also quite a large user base so it seems there are enough people who are not so much concerned about the missing features/speed.
For other countries like China that solution could be the only way to get into the fiat world. So there could be a huge potential.

3. If Bitcoin Trading will get banned the system here won't work either.  Undercover Agents will easily track down the heavy trader via their bank accounts and put them in jail.

In countries (Russia) where the government is that corrupt to set BTC illegal, there are those risks, yes. I am not familiar with the situation there, but I assume people there are more used to these kind of threats and have other ways to get around it if they want. Also people there have maybe more important problems then how to get into BTC... Open question... Maybe somebody with experience about those places can add some input here.
k99
sr. member
Activity: 346
Merit: 255
Manfred Karrer
February 14, 2014, 07:40:48 AM
#69
I'm just thinking out loud here but maybe something can come of this.
....
I'm not a programmer and don't fully understand how blocks, etc., work so this might be full of flaws. Hopefully, not so many that it is useless even as a beginning concept.

Thanks for your input. I dont want a dependency to any 3rd party and I guess Western Union could be one of the first victims of the success of BTC ;-). They have high fees and could be replaces soon by BTC.
Also I want to keep it as simple as possible. An escrow could be added to the system without much problem, the problem is that the escrow needs a tamper proof document. A screenshot from the bank tx is easy to fake. SSL dump could be a solution but thats complex. I am still not convinced an escrow is needed at all. I will update the paper soon with more details about that topic, because it seems that many people thinks it will not work without escrow...
member
Activity: 83
Merit: 10
February 14, 2014, 04:36:33 AM
#68
There are two problems with that I can think of:

1. Bank transfers can be reversed in some circumstances (account was stolen etc). Some days after Bob gets the money and releases the bitcoins, the bank may reverse the transaction.

2. I'd be worried that the bank may freeze my account if I receive cash transfers from someone who turns out to be a criminal or the bank freaks out for some reason.

I would much prefer a centralized exchange.

This concept could work if A and B meet up and payment is made in cash. This concept could also work for trading between cryptocurrencies (btc <--> ltc etc)

I think these are serious issues which need to be considered


This is the 3rd time these points have been raised - you seem to have addressed literally every other post specifically apart from these ones.

These maybe hard questions to answer, but if #2 in particular starts happening for users of your system, you will become a VERY unpopular person, VERY quickly. Having a primary fiat bank account closed or locked is far more damaging and off putting for the novice user (who you've said this system would be for) than losing some fiat or some BTC.
member
Activity: 69
Merit: 10
We are all entering a new era.
February 14, 2014, 02:43:16 AM
#67
Seems just THE thing bitcoin needs!
Pages:
Jump to: