Pages:
Author

Topic: Bitcoins are not, in practice, fungible (Read 9555 times)

donator
Activity: 532
Merit: 501
We have cookies
March 10, 2012, 01:51:07 PM
track. 1VayNert3x1KzbpzMGt2qdqrAThiRovi8
That was some evil example :)
full member
Activity: 153
Merit: 100
For face to face transactions, Bitcoin is no more secure than cash. The same methods used to forcefully take cash or items from you in a deal gone bad can also be used to force a bitcoin transaction. Most families would release the coins if their loved one was being held at gunpoint. I will agree that carrying a smartphone is far less obvious than a duffel bag/backpack full of cash, but anyone that can force you to give up the cash can also force you to send an email. I am not saying that it would be simple or easy for them to do, just that once your personal security is overcome Bitcoin and cash are equally insecure.

I see your point, but I still have to argue that Bitcoin is more secure than cash for face to face transactions. Many crimes are crimes of opportunity, and if there is no opportunity, there won't be a crime. And even the dimmest thug is going to think twice before turning a simple robbery into a kidnapping. Yes, if they are determined, they can kidnap me and attempt to force my family to pay, but I can tell them no all the same. Ultimately it's my choice (or my family's choice). Whereas if I'm carrying a bag of cash and get bashed over the head with a tire iron, I no longer have that choice. Perhaps small differences in the end, but differences that are important to me.

Any prospective thieves doing a face to face Bitcoin transaction with you will know that they need to force you to complete it. Its not like a random mugging escalating to kidnapping. They'll come knowing and ready to take you alive and conscious. I agree that it would be much more difficult to do that than just shooting someone in the back of the head and taking a bag full of money. I find it curious that you might place a price on what your life might be worth. Is there really an amount of bitcoins that you would rather die for than give up in a kidnap situation? I can always make more money if I am alive. No amount of money can resurrect me.

As far as authorities go you are correct. Having tens or hundreds of thousands in cash is often as bad as having drugs or similar contraband. On the other hand, courts are ruling that searching/copying cell phones during traffic stops without a warrant is legal. To be honest I haven’t been paying attention to any mobile bitcoin payment solutions, so I don’t know how resistant they might be to a tech inclined cop having temporary control over the phone and imaging it.

Interesting. I wonder how the officer is going to obtain my cell phone without a warrant when it's locked inside my glove box, inside my locked vehicle. No reason to make it easy for them to violate my rights.  Wink

Oh, and if you have an android phone, you should check out Spinner. It's an amazing app, and I carry no more Bitcoins on my phone than I would cash in my pocket.

Your phone is not as secure as you think it is. Cops lie and cheat when they want. "I smell pot" during a traffic stop/checkpoint is probable cause enough for a search, and its impossible to disprove that in court. Planting a dime bag during the search is exceptionally easy, and who is the jury going to believe? Granted they usually reserve such behavior for those they strongly believe are doing something wrong. Also, most people carry their cell phones with them at some point when they are on foot, so its possible to lose control like that.

I just glanced briefly at the Spinner thread. In the context of security if you lose control of your phone to a tech savvy advesary, not only will they know the identity of your Spinner wallet, but by tracing the block chain they can pull all your other transactions from other wallets that you used to fund the mobile one. I know that you are exceptionally anonymity concious, so be careful. That is a potentially huge security risk.

I'm never more than 50 feet away from a connected computer or laptop, so I have no need for an Android phone Wink
legendary
Activity: 3920
Merit: 2349
Eadem mutata resurgo

Looks like the troll has a few of you hooked in to his empty, verbose arguments.
full member
Activity: 153
Merit: 100
Funny I can say the same about those wanting to turn Bitcoin into a glorified form of cash. Just use cash instead, it is far more anonymous and stable than Bitcoin. What I want to do has never been done with any currency, ever, because it was previously impossible. Besides, we already have bankers and fees, they're called exchanges. Exchanges are also a point of centralization, btw. Everybody rails against the centralization, yet they use the exchanges. Because of the centralization exchanges would also be the best place to administer blacklists.

Well, yes I could use cash, and it would fit most of my needs. Except, it can be stolen (in person) much easier than Bitcoins. If I am meeting you face to face for a transaction, once we decide to complete the exchange, there are ways Bitcoin can protect me. A less secure option would be a locked phone with the Spinner app and just enough coins for the transaction. An extremely secure option would be family at home waiting for my email with the payment address. With Bitcoin, I can arrange to make a purchase from any stranger, and go to the place to make the exchange without carrying anything of value except a phone (and various other things that I don't leave home without). Same goes for selling items, I only need to take the items, and a way to check the block chain. Now, this may seem like a ridiculous precaution to some, but I like tools that provide me with additional security without too much complexity. Bitcoin is far superior to cash in this aspect. Plus carrying any large amount of cash can actually raise suspicion from "authorities" these days. Cash is easy to confiscate if those authorities decide they don't like what you are doing. I've read plenty of horror stories of authorities abusing their power against perfectly law abiding folks. Knowledge of my rights and knowing when to assert them goes a long way, but you can still find yourself in a bad spot without breaking a single law. So, I have to protect myself from criminals and authorities. Sad

Also, I've never used a Bitcoin exchange.  Wink

For face to face transactions, Bitcoin is no more secure than cash. The same methods used to forcefully take cash or items from you in a deal gone bad can also be used to force a bitcoin transaction. Most families would release the coins if their loved one was being held at gunpoint. I will agree that carrying a smartphone is far less obvious than a duffel bag/backpack full of cash, but anyone that can force you to give up the cash can also force you to send an email. I am not saying that it would be simple or easy for them to do, just that once your personal security is overcome Bitcoin and cash are equally insecure.

As far as authorities go you are correct. Having tens or hundreds of thousands in cash is often as bad as having drugs or similar contraband. On the other hand, courts are ruling that searching/copying cell phones during traffic stops without a warrant is legal. To be honest I haven’t been paying attention to any mobile bitcoin payment solutions, so I don’t know how resistant they might be to a tech inclined cop having temporary control over the phone and imaging it.

Look, even if I am not the one to bring this now, somebody will sooner or later. Why? Because it can be done. Put it out there now, while we are in beta, and let the market sort it out. If nobody respects tainted coins then the whole thing falls apart and it can be permanently put to bed, with proof it doesn't work. Otherwise this issue will pop up every time there is a major heist, and there will be more thefts. Besides, for those who argue this will destroy Bitcoin, what happens if a determined attacker implements this? You don't need a majority of the network, only a few %, after which it snowballs.

Honestly, I think it will happen at some point (if it isn't already happening at Gox, I don't know but some have suggested that it is to some extent). The reason I post in these threads is I want people to stop and consider a different point of view. Protect yourself and you should never need a blacklist. I understand that people calling for a blacklist have good intentions, as I did when I used to call for one. But I honestly believe that if it becomes commonplace, it will change Bitcoin into something less powerful. Tools are usually more useful if they have multiple uses! I've tried to show some ways that a blacklist can remove some of the usefulness of Bitcoin. And I'm sure there are plenty of examples I haven't even thought of yet.

I don’t see how protecting myself better equals not ever receiving stolen property.  Tools are indeed more useful when they have more uses and when they are used to their maximum potential. I am talking about taking the functionality already there in the block chain and leveraging that to make thefts worthless. 25k+ btc are a tempting reward for a group of hackers to spend weeks or months trying to break into a hardened target. Its not so tempting a reward if the coins can be rendered worthless immediately after the theft.

I know I won't convince you, especially after I noticed you made many similar arguments several months ago. Multi-sig has me seriously reconsidering my security argument. I will ponder the rest of it. I do want to thank you for being civil. I appreciate it.

I try to be civil as possible because I find one can accomplish so much more than they could with name calling or harsh language. I honestly want Bitcoin to be secure for those that find it useful and I want those calling for a blacklist to consider some of the possible negative unintended consequences that it may create. I think we can find technological ways to secure Bitcoins that will make theft practically impossible. I still think some genius will create a hardware "wallet" that will be easy to use, yet extremely secure. Imagine a wallet on a card that erases itself if the wrong pin/password is entered once. Of course you have a copy of the wallet safe at home! The more Bitcoin grows, the better the services and products that will grow alongside it.

We have technological ways to help prevent theft, multisig and blacklists Wink. If you can successfully prevent all thefts by other means, blacklists lose any possible use. Your card idea is interesting, but only those who want to be exceptionally secure will use it because getting a new card when you f’d up entering your pin/password is a big PITA.

Also, I want people to be responsible. Perhaps the way society has evolved has taken much of that responsibility away from the individual. But thieves will normally find a victim, and all of society suffers for it, because someone is able to obtain power (money) without offering something positive in return. With Bitcoin, we have a chance to relearn responsibility where it concerns our money. This can be a very good thing if we continue to strive for it, and it may spread responsibility into other aspects of our lives (I'm thinking a global scale here). Instead of figuring out how to punish thieves, we can figure out how to prevent theft in the first place, and then we can move on to other abuses, after all, so much abuse comes from the desire to obtain money (power). If everyone on the planet was twice as responsible with their money as they are now, I think it would be a much better place to live in (of course I'm talking about responsibilities other than security now).

Unfortunately you still have to provide some kind of deterrent for the theft in the first place. Robbing a bank will get you 10 years or so in prison. If the police never chased any bank robbers or the courts never prosecuted them, bank robberies would vastly increase. No financial system could withstand that, even ones where you can just print more money at will. That’s what we have in Bitcoin world. We have no cops, no courts (and no I am not advocating for such), no way to punish those who commit crimes against others. We give thieves a free pass on their crimes every single time.

I too, am trying for a more secure Bitcoin. I believe in this project, and I came here from a tech standpoint. I am not afraid of changes to beta software, unlike a vast majority of people here. Seriously, if you don’t plan on changing it, make it production software and stop calling it a beta test. Just look at the discussions over BIP 16/17, or the people freaking out over BIP 30. The irony is extremely funny. A bunch of people want to use a revolutionary currency, but are absolutely terrified of any changes made to it. Bitcoiners are a lot more scared of changes to Bitcoin than bankers are afraid of changes to their system.  I really feel for the devs, because any time they suggest a change or a bugfix to the general Bitcoin public, people start running around with their hair on fire. (Note: For anyone just joining us, I am *not* suggesting a change to the actual protocol.)


legendary
Activity: 980
Merit: 1004
Firstbits: Compromised. Thanks, Android!
To be honest, I can't see any reason you are interested in Bitcoin to begin with if you only want to change it into the systems already available.

Funny I can say the same about those wanting to turn Bitcoin into a glorified form of cash. Just use cash instead, it is far more anonymous and stable than Bitcoin.

You can't shove cash into a USB port (or go to some random bank) and anonymously send it to someone else halfway across the world in a few seconds.

Further, no one is approaching central banks and trying to convince them to change their cash, or their systems. Instead, an entirely new product was created for the sole purpose of acting as digital cash, and we've all just decided to use it.

So forgive me, but your statements seem a bit disingenuous.

But let's suppose enough miners and exchanges relented and implemented blacklisting to cause "tainted coins" to not be worth receiving.

Let's also suppose that the masses of us who came to bitcoin for what it was then left and created Bitcoin 2, with automated coin-mixing. (Because believe me, that's what would happen.)

Would you be satisfied because your goal of turning bitcoin into the currency you wanted was achieved? Or would you begin advocating for anti-anonymity changes to Bitcoin 2 as soon as the first theft occured (or earlier?)
full member
Activity: 153
Merit: 100
Tell me, if gpumax paid you 15 btc tomorrow, and you found 10 of them came from slush's theft, would you give them back to slush?

Of course not.  If I was paid 15 BTC that means I gave up something of value for the 15 BTC I was paid (likely computing time in this example).  They aren't "slush" coins.

I also wouldn't try to track down the descendants of some roman house slave to return the gold coins as some kinda of idiot reparations.

I am sorry Slush was robbed but I shouldn't lose value to make him whole and knowing Slush he would neither ask for expect it.

Fascinating. It would be interesting to see the results of a professionally administered MMPI.
full member
Activity: 153
Merit: 100
No, in the world of blacklisted Bitcoins I can not risk accepting coins from an anonymous individual because they could end up being tainted if the theft is reported after my exchange. So, I have to keep records and exchange personal information for every transaction I do, in order to protect myself. I may have to take steps to recover my goods if I get stuck with some tainted, worthless coins. Now I have to be able to verify if identification is legitimate or not, see records of current addresses, etc. This all leads to the wonderful world of bankers and fees. Middlemen getting rich off of peoples' inability to protect themselves from theft. Systems we already have. I see no reason to trade all the advantages of Bitcoin away just for some lousy blacklist that will cause more harm than good.

It is your choice to keep records and such then. Nothing forces you to stop being anonymous. You *might* lose a transaction's worth of coins over the deal if they are still in your wallet. Nothing compels you to keep records or come forward if there is an issue.

To be honest, I can't see any reason you are interested in Bitcoin to begin with if you only want to change it into the systems already available.

Funny I can say the same about those wanting to turn Bitcoin into a glorified form of cash. Just use cash instead, it is far more anonymous and stable than Bitcoin. What I want to do has never been done with any currency, ever, because it was previously impossible. Besides, we already have bankers and fees, they're called exchanges. Exchanges are also a point of centralization, btw. Everybody rails against the centralization, yet they use the exchanges. Because of the centralization exchanges would also be the best place to administer blacklists.

Look, even if I am not the one to bring this now, somebody will sooner or later. Why? Because it can be done. Put it out there now, while we are in beta, and let the market sort it out. If nobody respects tainted coins then the whole thing falls apart and it can be permanently put to bed, with proof it doesn't work. Otherwise this issue will pop up every time there is a major heist, and there will be more thefts. Besides, for those who argue this will destroy Bitcoin, what happens if a determined attacker implements this? You don't need a majority of the network, only a few %, after which it snowballs.

I doubt I will convince you, and I've already changed sides after dwelling on it for quite some time, so I doubt you will convince me.

I know I won't convince you, especially after I noticed you made many similar arguments several months ago. Multi-sig has me seriously reconsidering my security argument. I will ponder the rest of it. I do want to thank you for being civil. I appreciate it.
legendary
Activity: 980
Merit: 1004
Firstbits: Compromised. Thanks, Android!
I think we are both talking to brick walls. To be honest, I can't see any reason you are interested in Bitcoin to begin with if you only want to change it into the systems already available.

Bingo.
donator
Activity: 1218
Merit: 1079
Gerald Davis
Tell me, if gpumax paid you 15 btc tomorrow, and you found 10 of them came from slush's theft, would you give them back to slush?

Of course not.  If I was paid 15 BTC that means I gave up something of value for the 15 BTC I was paid (likely computing time in this example).  They aren't "slush" coins.

I also wouldn't try to track down the descendants of some roman house slave to return the gold coins their ancestor was bought with as some kinda of idiot reparations.   I am sorry Slush was robbed but I shouldn't lose value to make him whole and knowing Slush he would neither ask for expect it.

Bitcoin is about personal responsibility.  Freedom doesn't come without a price.  Freedom is the freedom to make a bad choice like keeping large sums of money in a virtual account a stranger has the backdoor to.  Freedom is also paying the consequence for that action.  I would imagine now many virtual host hot wallet owners are reconsidering and that consequence will have a positive impact. 
legendary
Activity: 1246
Merit: 1016
Strength in numbers
So you give Slush the money and he spends it on some sexy downloads, the porn site operator dutifully returns the coins to Slush because they trail back to a theft.

Boomerang coins!

The blockchain only shows that coins came from other valid coins, it is completely devoid of moral information.
full member
Activity: 153
Merit: 100
People use the 'better security' excuse as a cop-out. It lets them place full blame on the victim while letting the thief get away scott-free. Letting the thief spend their coins wherever they want is fencing stolen goods and tacit approval of the theft. And the 'a coin is a coin' thing is also a moral cop out. If Al-Qaeda bought a backpack nuke w/ bitcoins and used it, I damn sure wouldn't use any of those coins. I can't speak for anyone else's conscience, but I can speak for mine.

Why would your conscience be affected by what currency was used for in the past?  Its asinine but it explains a lot.

You do understand that if you go to a bank and get one a hundred different bills the odds are some of those in the past were used for just to pay for just about every evil in the world from human trafficking, to murder for hire and arms sales to child porn. 

With modern currency they have a relatively short lifespan but very old gold coins were probably involved in one (or a couple dozen) slave trades during their time in active circulaiton.  Should most ancient gold coins be melted down or blacklisted because they have the taint of slavery, genocide, rape, pillaging, etc?


Does it affect your conscience that you may be passing along "bad" money everyday?
Or is this moral poutrage merely limited to Bitcoin?

The main one for me is knowing. You can't pick up a bill, or a piece of gold, and know its entire history. Bitcoins are different, because you can know every transaction they have ever been in. That's not a bug, that's a feature. You are, of course, free to ignore it and not use that feature, but that doesn't keep it from being there. To me, accepting and using money that has been involved with a theft is wrong. Obviously there are many people here who think that handling stolen property is just dandy. That is perfectly fine, but I do not have to do business with them. There is no law stating that I must accept their coins, at any value. I can establish my own criteria with whom I conduct transactions. If that criteria includes vetting the history of their money to satisfy my conscience, then c'est la vie.

"A coin is a coin" is often a moral cop out (for those that have them) because it lets a person ignore the possibility that some of the coins in their wallet are only there because they were stolen from somebody else. It lets them turn blind eye to the possibilty that their profits may be because somebody else is suffering. Of course there are people whose morals allow them to simply not care if coins are stolen, and others such as the original thief that are simply amoral.

Tell me, if gpumax paid you 15 btc tomorrow, and you found 10 of them came from slush's theft, would you give them back to slush?
full member
Activity: 153
Merit: 100
March 08, 2012, 09:55:18 PM
#99
Because the standard line is "Should've had more security" and then everybody goes on like nothing happened. Ho-hum, another large theft, wasn't my coins, you just should've had better security bro. It's your fault the coins were stolen, b/c you didn't have better security. Sorry about your loss. And now I will completely ignore where those coins went and look the other way as the thief sends me those stolen coins for whatever good/service I am selling.

People use the 'better security' excuse as a cop-out. It lets them place full blame on the victim while letting the thief get away scott-free. Letting the thief spend their coins wherever they want is fencing stolen goods and tacit approval of the theft. And the 'a coin is a coin' thing is also a moral cop out. If Al-Qaeda bought a backpack nuke w/ bitcoins and used it, I damn sure wouldn't use any of those coins. I can't speak for anyone else's conscience, but I can speak for mine.

I think you take this to the opposite extreme though. The thief is always the aggressor, but people need to be responsible for their property. This is why we have locks, security systems, etc. How can I feel bad for everyone who has their coins stolen when I've taken the steps to protect mine? At some point you have to realize that you need to be responsible with your own property instead of relying on everyone to protect you.

Security = proactive. Blacklist = reactive. Which method is preferred? Which method should we be pushing users towards? Why would I bother with the reactive one when I can help prevent people from having their coins stolen in the first place?

I'm not saying forego personal security and rely solely on a blacklist. There is no reason you can't do both. A blacklist is also proactive in that it removes much of the profit motive from theft. As an anaolgy, an off duty cop in a bank lobby is both proactive and reactive. He will help deter most casual bank robbers, but he is there to respond against determined attackers. Security is never 100% effective, somebody will always find an exploit. And in Bitcoin world this means the victim will be blamed for not having enough personal responsibility to get better security.

You can have the same potential abuse with cash, and banks will absolutely blacklist serial #'s they know were stolen.

I've never seen anyone checking serial numbers on cash, ever. Perhaps banks do, and maybe this is how it will play out in the Bitcoin world. Banks (exchanges) will check, merchants and users won't.

They don't always know , but if they just got a shipment of new bills in, they do. Also in the event of a ransom situation they always write down the serial numbers. A better analogy would be the way the US system handles counterfeit notes. Merchants check most bills they get and any that fail the pen test are refused. If any get through and the merchant tries to deposit them, the bank confiscates them and they are a loss on the business for not doing its due dilligence. The same thing if a person tries to deposit them into their personal account. A blacklist for stolen coins would pretty much be the same thing. Failing to check for validity is not the fault of the bank(exchange), but that of the business/end user. Especially since it can be seamlessly integrated into the client. And before the peanut gallery chimes in, yes I know bitcoins can't be counterfeited.

The quick answer is only do business with trusted parties.

Yes, as I expected. Well, this is why I use Bitcoin. So...

Meaning use a system like bitcoin-otc or somesuch. While I have never been there I would be extremely shocked if SR didn't have at least some kind of informal trust system. So if you are doing business with people that have no references anywhere, then don't be surprised if those transactions don't always turn out satisfactorily. Also, how does your purchaser know that you just didn't steal the gold that you are selling to him, or that you will even send him that gold?

People are going to get hurt regardless of what you do or do not do. Blacklists help make sure less people overall get hurt. Removing profit incentive from thefts will greatly lower the rate of thefts. Of course thieves will attempt to find a way to make their thefts profitable even quicker, but it will help deter most large thefts (unless those are just being done maliciously).

I think the thieves will just find new ways around the blacklist. The silk road, for example. I'm sure those people could care less about any blacklist, that should be obvious. It will also create a black market for blacklisted and clean Bitcoins, and then we get all the wonderful things that come with a black market...

There is a black market for counterfeit US bills too, ones that no bank will take, drug dealers will etc etc. Not so different. I hate to keep going back to that analogy but it is pretty apt.
It is this attitude that will relegate Bitcoin to being nothing more than a marginalized hacker currency.

The attitude that I want financial privacy? Why use something as volatile as Bitcoin otherwise?

Is that the only reason for people to use Bitcoin? If so, then we just need to stop wasting resources on trying to get any normal users to start using Bitcoin. Because whether or not it is true, the public perception is that if you need 100% financial privacy, it is usually for something illegal.

Only those who can deploy large byzantine security solutions should be able to have bitcoins without fear of them being stolen.

Well, as I've pointed out several times, there are new features that will make security quite simple for the average users. Multi-sig functionality in the default client, and Armory offline transactions. One of them is working and available today! And let's not forget, this is all beta software.

Awesome. If it is all beta software, then there is no harm in trying out a blacklist feature. If it works, great! If not, well its just beta software and we'll drop that feature in the next revision Wink (and yes I already use Armory)

Any security a user can implement can be overcome by a determined enough person or group. And most security isn't going to help if someone knowledgeable has physical access to your server (*cough* datacenter employees *cough*) --but TPM looks interesting.

With multi-sig I could give you my computer containing my unencrypted wallet, and you won't be able to steal my coins. 

Multi-sig is definitely a huge step in the right direction. Most users don't have access to a secure offline computer to sign all of their transactions though. Is there a solution that would have helped Slush or Zhou out? Meaning multi-sig with businesses that need to do instant payouts. And yes, I know Zhou really did need 'better security' in the 1st place.

Also, precisely what advantages of Bitcoin are being given up here?

Financial privacy.


How? Nothing new is in the block chain that wasn't already there. If this stripped anonymity then it could be used to identify thieves, but it cannot. If your transactions were private before, they still are. Enhanced scrutiny of the block chain does not change this. If your transactions cannot bear close examination via the block chain, then you never were private.
donator
Activity: 980
Merit: 1000
March 08, 2012, 06:32:58 PM
#98
Saw this paper, Lupus? http://fc12.ifca.ai/pre-proceedings/paper_84.pdf

How do you feel about their proposals to IMPROVE anonymity by mixing/laundering coins? from an academic paper no less?

Only lunatic and authoritarians think it's a good idea to control every little monetary exchange made by people. Money doesn't commit crimes.
donator
Activity: 1218
Merit: 1079
Gerald Davis
March 08, 2012, 06:04:53 PM
#97
3)sleep with both eyes open.  reg.

I tried that but then I was so tired I fell asleep during the day and got robbed.
donator
Activity: 1218
Merit: 1079
Gerald Davis
March 08, 2012, 06:03:57 PM
#96
People use the 'better security' excuse as a cop-out. It lets them place full blame on the victim while letting the thief get away scott-free. Letting the thief spend their coins wherever they want is fencing stolen goods and tacit approval of the theft. And the 'a coin is a coin' thing is also a moral cop out. If Al-Qaeda bought a backpack nuke w/ bitcoins and used it, I damn sure wouldn't use any of those coins. I can't speak for anyone else's conscience, but I can speak for mine.

Why would your conscience be affected by what currency was used for in the past?  Its asinine but it explains a lot.

You do understand that if you go to a bank and get one a hundred different bills the odds are some of those in the past were used for just to pay for just about every evil in the world from human trafficking, to murder for hire and arms sales to child porn. 

With modern currency they have a relatively short lifespan but very old gold coins were probably involved in one (or a couple dozen) slave trades during their time in active circulaiton.  Should most ancient gold coins be melted down or blacklisted because they have the taint of slavery, genocide, rape, pillaging, etc?


Does it affect your conscience that you may be passing along "bad" money everyday?
Or is this moral poutrage merely limited to Bitcoin?
reg
sr. member
Activity: 463
Merit: 250
March 08, 2012, 05:30:20 PM
#95
to holiday and kjj, generally I think holiday is thinking along the correct path for the future of BTC and kjj has single-handedly converted me to multisig. But consider this, the largest hacks have occurred via online services and exchanges. These have shown fundamental flaws in security and their resolution has strengthened BTC. However no-one has any real idea who perpetrated these acts and there effect was to undermine confidence in BTC. If they are thieves there is nothing practical we can do if we want to maintain anonymity (I think that is essential to safeguard the individuals freedom in finance). If they are agents of an existing authoritarian agency they will be UPSET that the attack did not greatly undermine BTC prices. Adopting similar systems of control and monitoring that exist in fiat currencies plays into their hands and should be avoided.  BTC will be fine if users adopt appropriate strategies 1) do your best to secure and diversify your own BTC's. 2) avoid exchanges that control you or your funds. 3)sleep with both eyes open.  reg.
kjj
legendary
Activity: 1302
Merit: 1026
March 08, 2012, 01:12:06 PM
#94
Perhaps services will spring up that maintain lists. The more accurate ones will largely agree with each other, inaccurate ones or ones not kept up to date will fall by the wayside. Feedback loops can be introduced for those who feel their coins are wrongly listed. In all cases the lists should be advisory with specific reasons posted for each entry, with the end user deciding whether or not they want to use the data. I have no intention of runnning such a service, but I am positive someone can make a working business model. After that, let the market decide. Will people try to spam/abuse such services? Absolutely. That's why the good ones that can effectively filter and correctly identify suspect transactions will succeed, and the other ones will fail.

Yes.  Because that is exactly how it worked when the spam fighters had the exact same idea.   Roll Eyes
full member
Activity: 153
Merit: 100
March 08, 2012, 11:08:56 AM
#93
You are wrong. I abhor theft. Yet, I oppose a blacklist. I honestly feel that any blacklist will only serve to hurt regular users, and create a situation where malicious individuals can take advantage of the blacklist to cause more damage.

In other words, I think the negative unintended consequences of a blacklist outweigh the potential positive consequences.

By the way, I didn't arrive at this conclusion lightly. I spent a lot of time considering it after the allinvain theft. In fact, I can link you to some posts where I defended a the idea of a blacklist rather fervently.

https://bitcointalksearch.org/topic/i-just-got-hacked-any-help-is-welcome-25000-btc-stolen-16457
https://bitcointalksearch.org/topic/i-just-got-hacked-any-help-is-welcome-25000-btc-stolen-16457
https://bitcointalksearch.org/topic/i-just-got-hacked-any-help-is-welcome-25000-btc-stolen-16457
https://bitcointalksearch.org/topic/i-just-got-hacked-any-help-is-welcome-25000-btc-stolen-16457

And several more posts in that thread and others.

But then I thought about it, and realized how this blacklisting could be abused to cause more harm than good. If I could snap my fingers and return all the stolen coins to their rightful owners, I would gladly do it, but I am against a blacklist.

Perhaps services will spring up that maintain lists. The more accurate ones will largely agree with each other, inaccurate ones or ones not kept up to date will fall by the wayside. Feedback loops can be introduced for those who feel their coins are wrongly listed. In all cases the lists should be advisory with specific reasons posted for each entry, with the end user deciding whether or not they want to use the data. I have no intention of runnning such a service, but I am positive someone can make a working business model. After that, let the market decide. Will people try to spam/abuse such services? Absolutely. That's why the good ones that can effectively filter and correctly identify suspect transactions will succeed, and the other ones will fail.

Quote
I also don't understand how calling for more secure practices from users equates to approval of theft or blaming the victim...

Because the standard line is "Should've had more security" and then everybody goes on like nothing happened. Ho-hum, another large theft, wasn't my coins, you just should've had better security bro. It's your fault the coins were stolen, b/c you didn't have better security. Sorry about your loss. And now I will completely ignore where those coins went and look the other way as the thief sends me those stolen coins for whatever good/service I am selling.

People use the 'better security' excuse as a cop-out. It lets them place full blame on the victim while letting the thief get away scott-free. Letting the thief spend their coins wherever they want is fencing stolen goods and tacit approval of the theft. And the 'a coin is a coin' thing is also a moral cop out. If Al-Qaeda bought a backpack nuke w/ bitcoins and used it, I damn sure wouldn't use any of those coins. I can't speak for anyone else's conscience, but I can speak for mine.

Quote

Just answer what would be done in one example.

Someone steals coins robs a bank and then uses them the cash for a local anonymous purchase. This is many users primary motive for using Bitcoin cash, privacy from anyone who might be interested in how you spend your money. They time the purchase so it occurs immediately after the theft. Let's say the transaction was for several ounces of gold. So, the theft is finally reported, and now the coins serial numbers on the bills are blacklisted. But they are no longer in the possession of the thief, he has traded them to an innocent individual for several ounces of gold. Yet, this innocent individual has no way to prove that he isn't the thief, he used Bitcoin cash specifically to keep the transaction private and required no information from the individual purchasing the gold (the thief). In this situation, a blacklist hurts an innocent man as his gold is gone and his coins are cash is now worthless. So, due to a blacklist, the thief has injured two individuals instead of one. The innocent individual could return the coins cash to the original victim of the theft, but how do we prove that the victim didn't arrange the "theft" to purchase some gold and get his coins cash returned after the fact? In either case, someone is getting hurt.

You can have the same potential abuse with cash, and banks will absolutely blacklist serial #'s they know were stolen. The quick answer is only do business with trusted parties. We can sit here and make conjectures about "If x, y, and z conditions are all fulfilled, then some innocent person will get hurt." People are going to get hurt regardless of what you do or do not do. Blacklists help make sure less people overall get hurt. Removing profit incentive from thefts will greatly lower the rate of thefts. Of course thieves will attempt to find a way to make their thefts profitable even quicker, but it will help deter most large thefts (unless those are just being done maliciously).

Quote
Some of the properties of Bitcoin are useful for some individuals, these properties come with the responsibility to protect yourself from theft. What's so hard about accepting that and understanding that maybe it's not for everyone. I personally don't expect Bitcoin to become the reserve currency of the world or anything like that. But it has some very specific advantages over other currencies, and people who appreciate those advantages don't want to give them up in exchange for some pretend theft protection. I say pretend, because I don't think a blacklist will protect people from theft, and certain users won't care if they receive blacklisted coins or not, i.e. criminals.

It is this attitude that will relegate Bitcoin to being nothing more than a marginalized hacker currency. Only those who can deploy large byzantine security solutions should be able to have bitcoins without fear of them being stolen.  Any security a user can implement can be overcome by a determined enough person or group. And most security isn't going to help if someone knowledgeable has physical access to your server (*cough* datacenter employees *cough*) --but TPM looks interesting. Of course this does not mean that security should be forsaken entirely, but neither is it the end-all be-all everyone tries to make it. Good security + blacklists can do a lot to cut down on theft.

Also, precisely what advantages of Bitcoin are being given up here? Being easily stolen and fenced? I don't expect Bitcoin to ever be the world's reserve currency either, or even 1% of US GDP, but the perception out there is that Bitcoin is the currency of choice for thieves, drug dealers, gun runners, and all other sorts of ne'er do wells. I am quite frankly surprised they haven't thrown child pr0n at us yet. Every large scale theft that hits the news reinforces that opinion of us. Which sucks b/c this technology has the chance to be so much more.
legendary
Activity: 1526
Merit: 1001
March 07, 2012, 10:01:13 PM
#92
Leaving 43000 bitcoins in unencrypted wallets at an inexpensive hoster is in fact very careless. So, yes - people who hold other people's coins need more security if they want to be responsible for third parties values. With normal safety measures I think most people will be secure enough to hold their own BTC. Encrypt your wallet, have a firewall and virus scanner, spyware detector, keep some backup on a usb stick - such stuff is fairly easy for most users in order to protect their own money. Multi-signatures will probably also help a great deal soon.

If you are holding other people's coins in the thousands and are unable to encrypt your wallet, whole different story.

We don't have to dumb everything down to make BTC more mainstream but coin origin shouldn't be something to deal with at all times. I can't remember when I last checked my banknotes for authenticity. In fact, I hardly ever use cash anymore. If individuals are willing to check their transactions for purity in order to decline stolen coins, it's a good thing. If they are not, they are not. And who's to blame if they don't know how to even do that. I'm sure a lot of people who also have no clue how to track satoshies will take their coins. If word spreads that there is even a chance MtGox takes your coins as you have no idea how to even look for taint, I'm certain the market will take care of the problem.

Actually, I think the whole thing will be forgotten soon since I doubt MtGox will scare away their customers for X% tainted coins. 40k coins aren't much compared to the millions anyway.
full member
Activity: 153
Merit: 100
March 07, 2012, 08:34:55 PM
#91
Unlike any other currency in all of human experience, a bitcoin's entire history from the time it was minted (mined) all the way until it reaches my hand, is available. Dealing in stolen property rewards the thieves who stole it, and not only hurts the person it was stolen from, but the community as a whole.

This is because bitcoin is not really a currency like any other. It's a cryptocurrency. All efforts to make it less like a normal currency will make the system harder to understand to new adopters, who would then be wise not to enter something they don't understand.

Really? *That* is your argument? You don’t want it to be too hard for new adopters? What about the “better security” that people have to have on their systems in order to (supposedly) prevent theft? Is that easy for new adopters?  You know what they do understand? They understand all the high profile thefts and scams that continually plague us. They understand that every time a bunch of bitcoins get stolen that the mantra is always “should’ve had better security.” They understand that not one single solitary person has ever been brought to justice for stealing or scamming bitcoins. Those are usually amongst the first things they learn about Bitcoin from the wider ‘net, long before they get to learning how to actually using it.

Haven't seen anyone encouraging theft or a culture of theft.
The absolute willingness to traffic in stolen property as well as the full throated defense against any possible action that might harm thieves or return the ill-gotten gains to their original owner is tacit approval of their actions. The continual blaming the victim mentality for all crimes also indicates approval of the criminals’ actions.

What we don't want is an arms race between people who want their BTC anonymous and those who want to be able to pinpoint the origin of all transactions down to every person. We also don't want to have to deal with a purity measure in BTC and I don't want the risk of having BTC confiscated because of actually buying and selling in BTC.

People who have adequately protected their anonymity should not be affected by enhanced scrutiny of the block chain. If they were not sufficiently protected then they should have had “better security”.
Whether or not you want to deal with purity, others will. If you choose not to perform due diligence, then you can deal with the consequences. Almost every single gas station in the US checks their bills with a counterfeit pen. Those that do not are soon out of business.

As a community, we actually have the ability to de-incentivize theft. For the first time in history we can actually identify every piece of currency in a theft and render them valueless. Granted people will still steal for the lulz, but most steal for profit. But as a community we will not, because of greed. The hope that some of those ill gotten gains will flow through our hands, that the thieves involved in those heists will grace our businesses or buy our goods, when in reality they usually just try to cash out.

You don't seem to understand that this comes at the total expense of centralisation and debunking yet another one of bitcoin's main tenets: anonymous money and transactions.

There is no centralization. Users should be free to determine if they want to deal in stolen property (and to what degree.) Transaction details of all the major thefts are widely publicized and available. There should be no central anything. The user should be the one to choose which addresses or transactions they find suspicious.
Also, Bitcoin by default is not anonymous. You have to work very hard to make it so. So hard, in fact, that you
make the system harder to understand to new adopters, who would then be wise not to enter something they don't understand.
We wouldn’t want to make it harder for new adopters now would we? That would scare them off. Or something. Roll Eyes

The obvious alternative looks a lot better to me: don't get your BTC stolen. This was perfectly feasible in the Linode case, you just keep your private keys private. I can have sympathy for Slush since he had tight margins and no capability to run operations in a different way. So let's say he had a significant pressure to run things the way he did. But Zhoutong? he was just reckless. Hope they both learnt their lesson and we can move on.

Yes because they chose to get their btc stolen. Oh wait, they “should have had better security”. It’s like a Pavlovian response around here when dealing with thefts. “I feel bad and all for the victim, but really, if they just had better security, none of this would have happened.” Horseshit. There isn’t enough security out there to protect a hot wallet from a truly determined group of hackers. Not at any amount of money that normal people/businesses can afford, and probably not enough protection for those that can afford it at anything less than bank grade security (if then). So the ‘better security’ idea that continually gets pushed around here is nothing more than a canard.

And you wonder why many in the wider world view this place as a wretched hive of scum and villany. Bitcoin: the currency of choice for thieves, drug dealers, and gun runners. Bitcoin: a ponzi scheme, a scam. All these things are said about us on the wider 'net. These perceptions are what inhibits widespread adoption. Eventually, without new blood, the Bitcoin ecosystem will grow stagnant. It is apparent that many do not care. That is their decision, of course. My personal decision is not to promote theft and corruption.

This is all about "feelings" and nothing about logic.

Again, nobody is promoting theft and "corruption" (whatever you mean with that).

If something is going to thwart growth, that is destroying anonymity of transactions and fungibility. Bitcoin has the word "coin" in it because it strives to be anonymous. You may want to rename it to bitcredit if you intend to stamp people's real names in transactions or have them give their ID on request, as if it was a credit card.

As has been discussed many times, Bitcoin is not inherently anonymous. You do people a disservice by making them think so. Tracking tainted coins does not attach real names to transactions. If it did catching thieves would be easy. So please stop being disingenuous.
Pages:
Jump to: