Because the standard line is "Should've had more security" and then everybody goes on like nothing happened. Ho-hum, another large theft, wasn't my coins, you just should've had better security bro. It's your fault the coins were stolen, b/c you didn't have better security. Sorry about your loss. And now I will completely ignore where those coins went and look the other way as the thief sends me those stolen coins for whatever good/service I am selling.
People use the 'better security' excuse as a cop-out. It lets them place full blame on the victim while letting the thief get away scott-free. Letting the thief spend their coins wherever they want is fencing stolen goods and tacit approval of the theft. And the 'a coin is a coin' thing is also a moral cop out. If Al-Qaeda bought a backpack nuke w/ bitcoins and used it, I damn sure wouldn't use any of those coins. I can't speak for anyone else's conscience, but I can speak for mine.
I think you take this to the opposite extreme though. The thief is always the aggressor, but people need to be responsible for their property. This is why we have locks, security systems, etc. How can I feel bad for everyone who has their coins stolen when I've taken the steps to protect mine? At some point you have to realize that you need to be responsible with your own property instead of relying on everyone to protect you.
Security = proactive. Blacklist = reactive. Which method is preferred? Which method should we be pushing users towards? Why would I bother with the reactive one when I can help prevent people from having their coins stolen in the first place?
I'm not saying forego personal security and rely solely on a blacklist. There is no reason you can't do both. A blacklist is also proactive in that it removes much of the profit motive from theft. As an anaolgy, an off duty cop in a bank lobby is both proactive and reactive. He will help deter most casual bank robbers, but he is there to respond against determined attackers. Security is never 100% effective, somebody will always find an exploit. And in Bitcoin world this means the victim will be blamed for not having enough personal responsibility to get better security.
You can have the same potential abuse with cash, and banks will absolutely blacklist serial #'s they know were stolen.
I've never seen anyone checking serial numbers on cash, ever. Perhaps banks do, and maybe this is how it will play out in the Bitcoin world. Banks (exchanges) will check, merchants and users won't.
They don't always know , but if they just got a shipment of new bills in, they do. Also in the event of a ransom situation they always write down the serial numbers. A better analogy would be the way the US system handles counterfeit notes. Merchants check most bills they get and any that fail the pen test are refused. If any get through and the merchant tries to deposit them, the bank confiscates them and they are a loss on the business for not doing its due dilligence. The same thing if a person tries to deposit them into their personal account. A blacklist for stolen coins would pretty much be the same thing. Failing to check for validity is not the fault of the bank(exchange), but that of the business/end user. Especially since it can be seamlessly integrated into the client. And before the peanut gallery chimes in, yes I know bitcoins can't be counterfeited.
The quick answer is only do business with trusted parties.
Yes, as I expected. Well, this is why I use Bitcoin. So...
Meaning use a system like bitcoin-otc or somesuch. While I have never been there I would be extremely shocked if SR didn't have at least some kind of informal trust system. So if you are doing business with people that have no references anywhere, then don't be surprised if those transactions don't always turn out satisfactorily. Also, how does your purchaser know that you just didn't steal the gold that you are selling to him, or that you will even send him that gold?
People are going to get hurt regardless of what you do or do not do. Blacklists help make sure less people overall get hurt. Removing profit incentive from thefts will greatly lower the rate of thefts. Of course thieves will attempt to find a way to make their thefts profitable even quicker, but it will help deter most large thefts (unless those are just being done maliciously).
I think the thieves will just find new ways around the blacklist. The silk road, for example. I'm sure those people could care less about any blacklist, that should be obvious. It will also create a black market for blacklisted and clean Bitcoins, and then we get all the wonderful things that come with a black market...
There is a black market for counterfeit US bills too, ones that no bank will take, drug dealers will etc etc. Not so different. I hate to keep going back to that analogy but it is pretty apt.
It is this attitude that will relegate Bitcoin to being nothing more than a marginalized hacker currency.
The attitude that I want financial privacy? Why use something as volatile as Bitcoin otherwise?
Is that the only reason for people to use Bitcoin? If so, then we just need to stop wasting resources on trying to get any normal users to start using Bitcoin. Because whether or not it is true, the public perception is that if you need 100% financial privacy, it is usually for something illegal.
Only those who can deploy large byzantine security solutions should be able to have bitcoins without fear of them being stolen.
Well, as I've pointed out several times, there are new features that will make security quite simple for the average users. Multi-sig functionality in the default client, and Armory offline transactions. One of them is working and available today! And let's not forget, this is all beta software.
Awesome. If it is all beta software, then there is no harm in trying out a blacklist feature. If it works, great! If not, well its just beta software and we'll drop that feature in the next revision
(and yes I already use Armory)
Any security a user can implement can be overcome by a determined enough person or group. And most security isn't going to help if someone knowledgeable has physical access to your server (*cough* datacenter employees *cough*) --but TPM looks interesting.
With multi-sig I could give you my computer containing my unencrypted wallet, and you won't be able to steal my coins.
Multi-sig is definitely a huge step in the right direction. Most users don't have access to a secure offline computer to sign all of their transactions though. Is there a solution that would have helped Slush or Zhou out? Meaning multi-sig with businesses that need to do instant payouts. And yes, I know Zhou really did need 'better security' in the 1st place.
Also, precisely what advantages of Bitcoin are being given up here?
Financial privacy.
How? Nothing new is in the block chain that wasn't already there. If this stripped anonymity then it could be used to identify thieves, but it cannot. If your transactions were private before, they still are. Enhanced scrutiny of the block chain does not change this. If your transactions cannot bear close examination via the block chain, then you never were private.