Topic: CASASCIUS PHYSICAL BITCOIN - In Stock Now! (pic) - page 53. (Read 130354 times)

Not me I checked. Maybe I need to order some more

I ruin about 1 in 10 of the stickers, so they may have gone to nobody.  I asked for the strongest adhesive and the most tamper proof hologram and that's exactly what I got.  At least 1 in 10 times, I ruin the sticker just peeling it off the original backing, exposing the "honeycomb" tamper-evident grid, as the tamper evident pattern is literally hair-trigger sensitive.  There is absolutely NO FREAKING WAY anyone is going to get those stickers off without making the honeycombs visible, and if I have to throw away a sticker, the address is thrown away too.  So, at least 1 in 10 chance you may have sent 0.001 BTC to the bees.

I'd be overwhelmingly flattered to see that happen.

It's only incomplete to the extent I only published from the beginning of the list.  The whole project is sorted alphanumerically by bitcoin address - this makes sure I don't have a tough time matching the private key to the correct pre-printed hologram.  (I, of course, did not send private keys to the hologram printer).  I simply published all the bitcoin addresses that begin with two digits (11* thru 19*).  If I published them all, the pastebin would be huge and full of addresses that won't be used anytime soon.

well, you already have RSantana in the bitcoin coin biz.  given his comments i bet its crossed his mind to counterfeit Casascius.

but you yourself said the 8 char can be searched from Block Explorer for verification of 1 BTC. 

why maintain an incomplete list?  shouldn't it be all or none?  preferably none?

Lol, go check your addresses, I'm not telling.

Maybe I should make it more

But you're doing such an awesome job. I don't know what potential competition could do better. Also 0.20 BTC per coin seems reasonable. I predict you're not going to get serious competition any time soon.

which address?  it might be me!

Here is one other thing to consider as a benefit to having published that list.  I PGP signed it with my real identity.  If I somehow start burning people en masse (e.g. kept private keys, and screwed you all later), and you guys have a PGP signed message from me clearly identifying the addresses I've promised are legitimate, you'd have a solid trail of evidence that would ensure I could be held liable for any fraud along with an exact accounting of how many coins I supposedly stole.  I'm pretty easy to find - my real name and address are not a secret (try googling Casascius), and I'm not exactly insolvent either.

The list is so people can match the 8-character substrings to the full bitcoin address.  It is also incomplete, I have plenty of addresses NOT on the list.

The list would be pretty easy for someone else to come up with from the block chain.  The loading coins transactions are quite characteristic and would be easy to search for or spot - they don't look like typical transactions - they're made with the rarely used "sendmany" RPC call and already stand out for that reason alone.  It is no different with BitBills.  It is fairly easy to find the addresses of other Bitbills.  Here is a transaction that loads 90+ BitBills.  http://blockexplorer.com/tx/661c4f738aab05dc57030814dec5b581793967c5a21b845c4ed9ef3dbf3030a3 , if I were more nimble at mass-searching the block chain with a script, I wouldn't be surprised if I could come up with a nearly accurate list of all circulating BitBills.  Here's another, http://blockexplorer.com/tx/c262797f2d7c790db63a4e5ce4b4bb2a511de2c0e1516dd6d7b6b6f0c749f5ea

While the concerns are valid from an information-theoretical perspective, I am really not concerned about counterfeiting in a practical sense.  For one, Casascius bitcoins are never going to get to the point of ubiquity because I already know that I am only going to have the time and patience to produce so many, and by then, I expect someone else will have outdone me both in quality and price.  And who's going to pass them, and how?  It's a limited audience, a small community.  USD counterfeiting is commonplace yet the odds of me selling something on Craigslist and being offered counterfeit USD as payment, even in a large city or community, is very low... the odds of getting fake Casascius physical bitcoins has got to be an order of magnitude lower.

If the most I plan to create is a few hundred or a few thousand, that's just not worthwhile for a counterfeiter to even bother.  By making them, I really just want to tell the world that this is possible, that bitcoins don't have to be purely digital, and that they should copy me.  Here you have me in the rare position of begging for competition, sort of the same odd way I promoted mining months ago when common sense would say that I should help keep the difficulty as low as possible.

I agree with you. This is why I suggested a way to verify the address and the values stored in them using an online method, probably over one of these secure connections (SSL is it?)

I am glad that each hologram is unique for each coin.

The two risks in this, as with any currency, is trust in the issuer and trust in its protection against counterfeiting. When security measures increase/change will there be a plan to ensure owners of earlier coins don't lose out?

Isn't this just a resource which assists counterfeiters?
Without this list - counterfeiters would need to re-use addresses from a small pool in order for their coins to pass the basic 'public-address shows value in blockchain' test.

What is the motivation for publicly releasing this list?   Are you likely to do this in future?  (I'm hoping not)

Even if you have no intention of maintaining any sort of dupe-public-key tracking/reporting app - someone else might want to, and having a list of *all* released coins might reduce the usefulness of that.  Being able to verify a key by search once you know it is fine - but I don't think they should be listable.

Did some checks: 231 of the addresses had 1 BTC sent to them. The other 3589 have nothing sent to them yet.

So I'm assuming you fill them up with BTC just before you send out the coins. Makes sense.

None of the addresses has any money redeemed as of now (block 144449).

Also: one of you buyers are lucky, I sent 0.001 BTC to one of the already used addresses for testing purposes

Ok, I agree. Let me rephrase: "These are physical tokens for access to a virtual commodity". Well, this doesn't sound as exciting as "This is physical money", though

I don't completely agree here. Say this runs for a while and the coins gain a lot of trust and are maybe even used in real life in some community as a local currency commodity of value-exchange.

Some thousands of $ to counterfeit the hologram would then be negligible. Your argument that the counterfeiter could instead just make his own coins is weak, because of all the trust your coins have already gained (no incident of money missing from coin addresses, usage over many months, you being a responsive and respected guy over a long period of time), that cannot be as easily reproduced as the coins themselves.

I think you did a good enough job with the holograms for now, though. It'll do for quite a while.

Thanks for a great job! Any news on international shipping? If I wasn't going on vacation soon I'd offer to be european shipping hub...

cascascius, I can't find where you say this and it's kind of important, but you destroy all existing copies of the privkeys, right?

How do you ensure all copies are destroyed. Are you giving them out to be printed on the back of the hologram or are you doing this yourself?

Some of this could be reduced with the assistance of a website application which allowed public reporting of coin location by date. (postcode or equivalent)
Phone-apps could be used to quickly scan the public key and check not only that the value exists in the block chain - but to semi-automatically report where the coin is.
e.g push a button that says 'yes - report coin was here now' and the phone uses it's geolocation magic to do it (for some user-determined vagueness of 'here' and 'now')

Some people may have no interest in doing that for privacy reasons - but it could be fun to see where a coin has been.  If you see from the history that the coin was supposedly somewhere that you know it couldn't have been at the time (or already flagged as suspicious due to failed redemption of same code) - you should refuse to accept it - or if too late for that, immediately attempt to redeem the coin on the blockchain and report it if it fails.
Any other people scanning a coin with the same public key would then know also to attempt redemption (or to quickly risk passing it off if they're dishonest!)

Any large scale counterfeiting operation would need to have legitimate public keys still showing value on the blockchain - so if even a few users and especially point-of-sale systems used the casascius website verification app - the profitability and therefore motivation for the counterfeiting would be significantly smaller.

Sound reasonable?
It might be open to some trolling by false reports - but people would have to have come into contact with the coin to learn it's public key to do that I assume.


EDIT:
oh, I just noticed this:


That would scupper my idea above.  If it's possible for the public to determine a complete list of coins - then false reporting by counterfeiters/jokesters would be a problem.

It would be more profitable to counterfeit the coin than to make a legit coin.

You identified the problem when you said "for the time being". It wouldn't take long for people's trust in the coin to falter.

If your CoinedBits had a flat surface about an inch in diameter on them, they could be made to contain bitcoins and people would still happily buy them.

If someone wanted to throw resources at counterfeiting the coin, seeing as people are already willing to pay a 25% premium and shipping on top of that to acquire the coins, why wouldn't they just throw those same resources at legitimate coins and not risk getting their cover blown?  One could just as well counterfeit Bitbills or FRN's.  Further, people are going to be peeling and redeeming a percentage of the coins... until people start complaining in the forums about the existence of counterfeit Casascius bitcoins, for the time being, one can be pretty sure that the Casascius hologram is an accurate indicator of origin.