Pages:
Author

Topic: BANK RUN! - P2P Fiat-Bitcoin Exchange - page 8. (Read 39092 times)

member
Activity: 84
Merit: 10
February 14, 2014, 02:36:48 AM
#66
I'm just thinking out loud here but maybe something can come of this.

Western Union has a way to send cash to their agent locations. These transactions can by picked up in cash by a person by simply presenting the MTCN (Money Transaction Control Number) along with ID at the agent location. Once cash is picked up, it is obviously not reversible. There's a period of about 3 days for the cash funds to be available for pickup. The downside is having to show ID.

My thinking is that there still needs to be an escrow system that works anonymously. The escrow system can rely on mining for escrow fees. A not-yet-solvable block can be created once Bob deposits BTC plus escrow fee and enters his first and last name. In order to be solved, additional information has to be input from the transaction. When Alice sends the Western Union Three Day payment, she gets a MTCN from Western Union. She then enters that MTCN into the client, the country it was sent to, and amount. She also must enter a BTC address to receive the BTC when the block is solved. Once that information is entered, A waiting period of 96 hours is created. This creates time for Bill to obtain the cash, making the fiat transfer irreversible. The escrow system encrypts all the information and checks Western Union online to verify the MTCN is valid and the receiver matches, etc. If it all matches, then the block becomes solvable. Once solved, the btc gets paid to the bitcoin address supplied by Alice. The escrow fee gets divvied up amongst those who solve the block.

This solution would have to integrate well with checking Western Union online. This might require people to do this manually. In that case it adds an actual human work component to the escrow system. Now of course, a person might just say yes or no to whether the transaction information on Western Union's website matches the information in the block. To facilitate this, I think several people would have to confirm the transaction. If your confirmation or rejection of the transaction doesn't match with the other transaction checkers, you lose points. Lose enough and escrows won't be assigned to you anymore. Truthful responses will be rewarded with small amounts of points, leading to more escrow verifications coming your way. Those who verify blocks, leading to them being solved, get a portion of the escrow fees.


I'm not a programmer and don't fully understand how blocks, etc., work so this might be full of flaws. Hopefully, not so many that it is useless even as a beginning concept.
newbie
Activity: 38
Merit: 0
February 14, 2014, 12:31:47 AM
#65
Im interested in getting involved. I'll throw you a PM.
legendary
Activity: 1470
Merit: 1006
Bringing Legendary Har® to you since 1952
February 13, 2014, 05:45:55 PM
#64

You mean not being able to go to a bank give them cash and bank details and expect them to transfer it I hope? Like an anonymous deposit? Or can you just not send money to people via bank transfers at all? I can't believe this is true?


The only person authorized to deposit money into an account under the new rules is the account holder.  You can make a bank transfer, but he (or she) must explicitly authorize it ("deposit it") to get into his (or her) account.

I think the idea was to close the "I don't know nothin' about that deposit, where did that even come from?" defense for people who've gotten money from sources considered illegal.  There can no longer be a deposit unless you specifically authorize that particular deposit or you specifically authorize that particular person or business to make deposits directly into your account.  

Is that only for certain banks in the US or does that apply to all? Crazy, luckily I live in the EU and not in the "land of the free".
Well, in the EU we have the "Cyprus business" (HINT: EU plans to allow the Cyprus way in any country), so that wasn't very lucky comparison.
k99
sr. member
Activity: 346
Merit: 255
Manfred Karrer
February 13, 2014, 05:42:49 PM
#63

You mean not being able to go to a bank give them cash and bank details and expect them to transfer it I hope? Like an anonymous deposit? Or can you just not send money to people via bank transfers at all? I can't believe this is true?


The only person authorized to deposit money into an account under the new rules is the account holder.  You can make a bank transfer, but he (or she) must explicitly authorize it ("deposit it") to get into his (or her) account.

I think the idea was to close the "I don't know nothin' about that deposit, where did that even come from?" defense for people who've gotten money from sources considered illegal.  There can no longer be a deposit unless you specifically authorize that particular deposit or you specifically authorize that particular person or business to make deposits directly into your account.  

Is that only for certain banks in the US or does that apply to all? Crazy, luckily I live in the EU and not in the "land of the free".
legendary
Activity: 2618
Merit: 1007
February 13, 2014, 05:09:30 PM
#62
Ok lets play blackmail:
We do a trade and I (Bob Blackmailer) will not release the fund at the end of the trade, so you would loose 1.1 BTC and I only 0.1 BTC. I send you a message that I only will release it if you send me 0.5 BTC.
Would you accept?
Your 10% markup for example is useless, as even just selling yesterday would mean the price moves more than that - anyone who were to send fiat simply would be smart to let the 0.1 BTC be and keep the funds frozen forever just to screw with the BTC seller.

Anyways, you say I sell 1 BTC, we both put 0.1 extra on the table and then you say I need to pay 0.5, to get my 1.1 back? I would for example publish a transaction that depends on the 1.1 that is paid back to me, so there is no chance that this gets cheated... if you want to get your 0.6 (0.1 from the table + 0.5 of my 1.1), then you'd have to release the funds.
legendary
Activity: 924
Merit: 1132
February 13, 2014, 04:46:38 PM
#61

You mean not being able to go to a bank give them cash and bank details and expect them to transfer it I hope? Like an anonymous deposit? Or can you just not send money to people via bank transfers at all? I can't believe this is true?


The only person authorized to deposit money into an account under the new rules is the account holder.  You can make a bank transfer, but he (or she) must explicitly authorize it ("deposit it") to get into his (or her) account.

I think the idea was to close the "I don't know nothin' about that deposit, where did that even come from?" defense for people who've gotten money from sources considered illegal.  There can no longer be a deposit unless you specifically authorize that particular deposit or you specifically authorize that particular person or business to make deposits directly into your account.  

k99
sr. member
Activity: 346
Merit: 255
Manfred Karrer
February 13, 2014, 04:45:12 PM
#60
To accept the blackmail would mean to trust a partner who has proved to be dishonest. There is absolute no reason to justify a blackmail acceptance. Therefore that risk can be ignored.
Yeah, that's why blackmail is only a theoretical idea in the real world - right?  Roll Eyes

Exactly. You should look into the whole Cryptolocker thing if you believe blackmail is to be ignored.

Ok lets play blackmail:
We do a trade and I (Bob Blackmailer) will not release the fund at the end of the trade, so you would loose 1.1 BTC and I only 0.1 BTC. I send you a message that I only will release it if you send me 0.5 BTC.
Would you accept?
If you accept to pay then you are in an even worse situation: You can lose now 1.6 BTC, I have already won 0.4 BTC. So I will try it again and will blackmail you. Would you be so irrational to pay again.... Then you would be in an even worse situation, and so on... after a few rounds I think everybody has learned that the only way to deal with blackmail is to absolutely reject it!
If you reject right from the beginning, what would happen? The blackmailer will wait a while, maybe repeat to blackmail you, but at some point he will give up. Then he has to choose to lose 0.1 BCT if he never releases the fund or he releases it and get back the 0.1 BTC. A greed blackmailer will release. And its in the nature of a blackmailer to be greedy ;-).

The only real blackmail problem would be in countries where BTC is illegal (russia) and the other party blackmail you with reporting you to the police. Also an undercover agent could be trading and sending you to jail... In those countries you have probably more problems then buying/selling BTC.
If you manage to do the Fiat transfer in an anonymous way (?) then that could be avoided as well. I have not idea how, but I assume in those countries they know ways to do that...
sr. member
Activity: 266
Merit: 250
February 13, 2014, 03:40:50 PM
#59
To accept the blackmail would mean to trust a partner who has proved to be dishonest. There is absolute no reason to justify a blackmail acceptance. Therefore that risk can be ignored.
Yeah, that's why blackmail is only a theoretical idea in the real world - right?  Roll Eyes

Exactly. You should look into the whole Cryptolocker thing if you believe blackmail is to be ignored.
legendary
Activity: 2618
Merit: 1007
February 13, 2014, 03:34:13 PM
#58
To accept the blackmail would mean to trust a partner who has proved to be dishonest. There is absolute no reason to justify a blackmail acceptance. Therefore that risk can be ignored.
Yeah, that's why blackmail is only a theoretical idea in the real world - right?  Roll Eyes
k99
sr. member
Activity: 346
Merit: 255
Manfred Karrer
February 13, 2014, 03:30:40 PM
#57
A couple people here had a misunderstanding.
Assuming that any of the parties do not agree on anything , everything is frozen.
The money gets deposited in the shared wallet after both parties have provided collateral.
If they have a dispute , such as 1000$ is not received , both parties have their collateral stuck along with the 1 BTC stuck in the shared wallet.
Surely , the bitcoin seller has a bigger loss in this case , but the buyer has a loss too.
This only works if the price for BTC is stable.

At the time of the trade, 1 BTC is 1000 USD.
Alice buys 1 BTC, freezes 0.1 BTC, sends 1k USD honestly.
Bob sells 1 BTC, freezes 1.1 BTC, receives 1k USD but never reports on it.

Once these 1.1 BTC are worth LESS than 1k USD, Bob was smart.

Staying honest when selling with this scheme just depends on how low you think the price would go.
Collateral should be greater than amount in exchange. If they exchange $1000 for 1 BTC, collateral should be 2 BTC. So when Bob receives $1000 it's cheaper for him to unlock collateral (2 BTC) than to keep 1 BTC worth of product (cash in this case).
Only if he believes the price won't tank more than 2-fold until he gets the money. Also he has now a much higher risk that someone locks up 2 BTC to lock up 3 of his. Potentially forever.

Would you sell me 1 BTC right now via bank transfer if we both need to lock up 50 BTC for that?

>Once these 1.1 BTC are worth LESS than 1k USD, Bob was smart.
You are wrong with the above assumtion.
He cannot win anything when not releasing. Maby he was lucky with the price move, but in any case he just loose his collateral if he does not release and get back his collateral if he release. So he would be stupid to not click the release button.

Blackmail is discussed in the paper as well:

Blackmail:
Satoshis statement in a discussion regarding his proposal for an escrow model [2]: "Now, an economist would say that a fraudulent seller could start negotiating, such as "release the money and I'll give you half of it back", but at that point, there would be so little trust and so much spite that negotiation is unlikely. Why on earth would the fraudster keep his word and send you half if he's already breaking his word to steal it? I think for modest amounts, almost everyone would refuse on principle alone."
To accept the blackmail would mean to trust a partner who has proved to be dishonest. There is absolute no reason to justify a blackmail acceptance. Therefore that risk can be ignored.
https://bitcointalksearch.org/topic/escrow-750
k99
sr. member
Activity: 346
Merit: 255
Manfred Karrer
February 13, 2014, 03:23:05 PM
#56
Which economically rational person buys unbacked digital assets?
Anyways, if you for example have stolen money or Bitcoins, you don't need to be economically rational. Also paying a price for hurting your competition can be economically rational.

Yes a political motivated attacker could be a problem.
Reputation system could help, but would not be perfect.
I have another idea how to solve that and will add that to the paper soon.

It leaks private data (cash in mail: mail address, bank transfer: bank account data) all over the place. I described one problem (stolen bank data which will lead to later reversed USD transactions) already, also there can be indefinite lock-ins, the extra funds at stake (in your example 10%) can lead to people implicitly taking a short/long position, it requires trust to begin with (who wants to trade with a newbie in your system?), both traders need to be online and do manual tasks outside of the system...

I mean, feel free to try this out in practice, it's not even hard to do - just post an offer in this forum for the mean time, put some funds on the table and get trading. It took less than 2 weeks each for 2 different new Ripple gateways, until they had a few 1000 USD bank transfers reversed each. Maybe you can beat them to it?

Yes you loose your privacy to the other peer, but not to any other party (in normal exchanges you loose it to the company and the state if they request the data).

You may not use bank transfers which are reversible like paypal. SEPA for instance in EU is noreversible.
Money hardness:
https://en.bitcoin.it/wiki/Payment_methods

Money is only locked if one is too stupid to understand that cheatin in that system will only hurt both. There is no win possibility beside the fair behavior.

The collateral can be choosen freely by the offerer. And you dont need to take an offer with too low collateral.

Yes people have to do an asynchronous process. The banking system does not allow us other solutions. Sorry.

If you read the paper all these points are discussed there and the attack scenarios are layed out.
newbie
Activity: 1
Merit: 0
February 13, 2014, 03:14:53 PM
#55
This is good but one obstacle in the USA is how to get funds into the other person's bank account.  Chase is already making it so you are not able to deposit cash into someone else's account, and other banks are likely to follow.

Not living in the US:

You mean not being able to go to a bank give them cash and bank details and expect them to transfer it I hope? Like an anonymous deposit? Or can you just not send money to people via bank transfers at all? I can't believe this is true?

So you would just transfer from your bank account to his/hers, nobody asks questions. That's how it works over here, I can even do this with my smartphone as long as I have the bank details...
k99
sr. member
Activity: 346
Merit: 255
Manfred Karrer
February 13, 2014, 03:11:53 PM
#54

An overal design goal is also to keep it as simple as possible.
First because it is more realistic that it gets developed some day.
Second it is easier to understand and use.

Open Transactions or Ripple are very advanced and complex solutions. It is even for tech people like here in the forum difficult to really understand it (and trust it). For non-tech savvy people it would be even more difficult. A simple system would help that people really use it and therefore create market liquidity.


Is OT really that complex?  It seems like the API should be pretty straightforward to program to, and then you just make a simple GUI for it (you don't have to worry about all the other 'advanced' stuff the OT server does).

I should not have mentioned OT/Ripple as I dont know them really well....
I just was trying a while ago to really understand both concepts and spent some time on it but sorry, I failed. In both systems at least I didn't understand how the fiat money (not IOU) comes into the system without centralized entities (like exchanges, banks -> gateways).
IMO a very important part is that the system does not depend on centralized elements. Otherwise why we bother with all the stuff at all, building a centralized system is much easier...

You can say BTC use as well centralized exchanges.
YES, that is exactly the problem I am trying to solve.
k99
sr. member
Activity: 346
Merit: 255
Manfred Karrer
February 13, 2014, 02:56:56 PM
#53
Like the idea, guess a few of us, including myself thought of exactly the same thing, maybe using automated ACH transfers. Glad to see a lot of interest in it.

Thanks. If you like to contribut to the project I am looking for developers!
sr. member
Activity: 448
Merit: 250
black swan hunter
February 13, 2014, 02:28:51 PM
#52
Like the idea, guess a few of us, including myself thought of exactly the same thing, maybe using automated ACH transfers. Glad to see a lot of interest in it.
k99
sr. member
Activity: 346
Merit: 255
Manfred Karrer
February 13, 2014, 01:43:17 PM
#51
I am not really thinking of a Sybil attack.  I am talking about people buying and selling real reputation or accounts, generated from genuine transactions.  For example a seller who wishes to stop trading could sell their account or reputation to somebody else.  A malicious attacker could buy this reputation in the same way a malicious attacker can burn collateral to destroy this system.  Therefore reputation doesn't add a different type of security, its merely another mechanism like collateral.  On eBay, for example, this cant occur as user accounts and feedback are linked to real identities.

Basically an alternative to this collateral model, is a reputation/feedback model in which the market value of the feedback is significant enough to deter fraud.  I think the collateral model is more simple, however I can't currently see why adding feedback adds value to it, when a secondary reputation market inevitably emerges.  Although maybe the two can somehow work together, in a way I cant see.


Ah sorry was not reading your comment good enough ;-).
You are right, that situtaion I have nto considered at all, but that is a very real risk.

As you said, it is not sure if reputation is really needed and if so the value is quesionable. Probably the only working reputation system would be with id check, but thats a NO-GO. And zero-knowledge crypto is future stuff...
k99
sr. member
Activity: 346
Merit: 255
Manfred Karrer
February 13, 2014, 01:38:51 PM
#50
Double collaterals with multisig were discussed for Zeroreserve https://bitcointalksearch.org/topic/announce-zero-reserve-a-distributed-bitcoin-exchange-295930 a while ago. Could be it was only on Retroshare.

One issue is that you need coins for a collateral to start with...

Also: funny pic  Grin

Ah thanks a lot for the link. Did not know that project. Sounds interesting, need to read more about it....
sr. member
Activity: 252
Merit: 250
February 13, 2014, 12:59:03 PM
#49
The Ripple/OT/NXT/... solutions are not pure P2P solutions IMO (IOU, gateways).
See that thread for more discussion: https://bitcointalksearch.org/topic/m.5117398

No one forces you to use gateways.  They are just nodes like every other node on the network.  Considering Ripple as not p2p because there are nodes that get more users than others is nonsense, including any Ripple Labs marketing telling you otherwise.
legendary
Activity: 1708
Merit: 1020
February 13, 2014, 12:49:22 PM
#48
Double collaterals with multisig were discussed for Zeroreserve https://bitcointalksearch.org/topic/announce-zero-reserve-a-distributed-bitcoin-exchange-295930 a while ago. Could be it was only on Retroshare.

One issue is that you need coins for a collateral to start with...

Also: funny pic  Grin
member
Activity: 129
Merit: 14
February 13, 2014, 12:39:42 PM
#47
I think this system is great.  The area that concerns me most is the reputation system.  What stops people buying and selling reputation tokens from each other in another market.  This way the reputation merely has a cost/price and adds nothing over the collateral which is also a cost. However a reputation system would be useful to deter attackers willing to spend money to damage the system.

The reputation system is optional. I assume sybil attacks cannot be avoided completely. But in practive they works not so bad, many web apps using such systems are confronted with the same problem. The only secure solution would be with an identity proof, which is unacceptable. But maybe a solution with zero-knowledge crypto or the like will be possible some day.

Yes the economic irrational actor would be a problem, and if fact it could be economic rational - just in the way that the profit is gained outside the system by bringing down the system (like Gold, Silver manipulation).
Another attacker would be a political motivated attacker.

For those 2 groups a reputation system could make it at least a bit more difficult. With sybil attacks it also would not be completely covered.

I had one idea but have no solution yet how to implement that:
If every locked fund will go to the trading community (as lottery style payout to save tx fee costs) then such an attacker would not hurt the system, because participating in the system will be more attractive as you could earn money when you are the lucky winner.
Only the successful traders would be in the lottery pool. So if a attacker sybil attack that concept he needs to make a lot of succesful trades, so helping the system again...
To solve the locked funds problem would be a great improvement.

Maybe its not so hard to solve that. I will elaborate it more....





I am not really thinking of a Sybil attack.  I am talking about people buying and selling real reputation or accounts, generated from genuine transactions.  For example a seller who wishes to stop trading could sell their account or reputation to somebody else.  A malicious attacker could buy this reputation in the same way a malicious attacker can burn collateral to destroy this system.  Therefore reputation doesn't add a different type of security, its merely another mechanism like collateral.  On eBay, for example, this cant occur as user accounts and feedback are linked to real identities.

Basically an alternative to this collateral model, is a reputation/feedback model in which the market value of the feedback is significant enough to deter fraud.  I think the collateral model is more simple, however I can't currently see why adding feedback adds value to it, when a secondary reputation market inevitably emerges.  Although maybe the two can somehow work together, in a way I cant see.
Pages:
Jump to: