Pages:
Author

Topic: Illegal content in the blockchain (Read 23587 times)

hero member
Activity: 588
Merit: 500
Hero VIP ultra official trusted super staff puppet
May 06, 2013, 07:26:23 AM
*Wow a Necro thread* lol

It's the appropriate thread to necro considering the "kiddy porn in blockchain" drama thread that popped up last week. It would do people good to realize that their ideas have not only been thought about before, but extensively argued, and they should learn how to use the search function before posting new drama.
sr. member
Activity: 406
Merit: 250
May 06, 2013, 07:22:03 AM
Did you add those classified UFO documents that I sent you?!   Shocked

*Wow a Necro thread* lol
newbie
Activity: 28
Merit: 0
May 06, 2013, 07:18:11 AM
Over the last weeks I managed to use steganographic methods to store custom data in the block chain. The only required information to retrieve the data is the starting block number and information about the algorithm that was used to store the data.

This data contains information that is considered illegal in most Western countries. In fact, most countries are likely to send you to jail, if you knowingly spread this data. Which is exactly what you're doing right now - if you're running a Bitcoin client.

Please consider this as a warning. In exactly one week from now I will inform US police departments about the way how the data can be retrieved from the block chain and how IP addresses of nodes distributing this data can be collected. I can't tell you what to do, but by running a Bitcoin client right now you're in legal jeopardy.

I guess you forgot about the part of how many people now actually use the bitcoin wallet program? Somehow I don't think it's that many. And even still to go ahead and say that there is illegal content that "you" supposedly injected would be like shooting yourself in the foot. Good job troll
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
August 24, 2011, 07:55:37 AM
somehow this discussion got back to "with the right key any sequence of bits can be illegal".

Guess this is pointless as it is possible for sure to get any data into the chain. Just donate x satoshi to the faucet every hour with x being the ascii value of a letter of for example the "satanic verses". 8bph is slow. 2 months per page. but who would stop you? Later you announce that transactions from this one address form the satanic verses if read in sequence of their occurrence. No way to remove. Easy to decode. No bogus one time key needed.


the other thing was: if i open a letter with child porn/get such stuff smuggled into my browser cache ... no: those are examples where you don't know of the illegal content. this thread is about what if you know it is there and know how to decode but don't want it? so the analogy with the newspaper would rather be: what if somebody gets miniature child porn into a magazine add? the answer is quite clear: the magazine would not be allowed for sales from the moment they know about it.

i still see this could be a serious problem that might require drastic measures at some point like "genesis block 2" with all the balances but without the transactions to clean up the mess and i see no way to prevent such data from getting in. in some countries judges might be relaxed about it but some might make bitcoin illegal for such illegal content in the chain.
legendary
Activity: 1400
Merit: 1005
August 11, 2011, 10:21:15 PM
Alternatively, if you DO know it is there, is it criminal?  If anyone did embed something illegal into the blockchain, then released the decryption method to the public, then everyone would know it was there, and anyone could extract it.  But whether it is illegal to have such content in the blockchain has yet to be determined.

If I know "something" is there, but don't know what, maybe I'm just paranoid rather than criminal.

It's like a whole lot of wiki-leak files that are available but not unlocked - someone knows the key, and someone could find the key, but just because I could access it (locked or unlocked) doesn't turn me into a criminal.  If I did access the file in a locked state, but not know it's contents, that would also be a hard point to press.  (reference receipt of stolen goods - there is a difference between knowing they are stolen or not)
Sorry, in my scenario, I meant to infer that you would also be informed of what was there.
hero member
Activity: 518
Merit: 500
August 11, 2011, 09:30:49 PM
Alternatively, if you DO know it is there, is it criminal?  If anyone did embed something illegal into the blockchain, then released the decryption method to the public, then everyone would know it was there, and anyone could extract it.  But whether it is illegal to have such content in the blockchain has yet to be determined.

If I know "something" is there, but don't know what, maybe I'm just paranoid rather than criminal.

It's like a whole lot of wiki-leak files that are available but not unlocked - someone knows the key, and someone could find the key, but just because I could access it (locked or unlocked) doesn't turn me into a criminal.  If I did access the file in a locked state, but not know it's contents, that would also be a hard point to press.  (reference receipt of stolen goods - there is a difference between knowing they are stolen or not)
legendary
Activity: 1736
Merit: 1006
August 11, 2011, 07:36:15 PM
RE: protecting an innocent person:  any lawyers here?

I have trouble believing that you could get into legal trouble for having illegal incidental data from legitimate activities on your computer. If you can, then we're all in trouble, because it is very easy to put illegal data in your web browser's cache (JPEG and other image file formats let you store arbitrary, not-normally-shown metadata, for example). I don't think it would be hard to convince a jury that the block-chain is like your web browser's cache-- full of lots of incidental stuff that is needed for the system to work, but doesn't have anything to do with you.  Now if you happen to have one of the private keys involved in the illegal transactions, THEN you should go directly to jail....

Adding code to "shun" certain spend-able transactions wouldn't be hard, although I think that's a bad idea for the same reason it is a bad idea to respond to trolls on forums-- you'd just encourage the bad guys by drawing attention to their misbehavior.


90% of all US bills carry traces of cocaine. Are 90% of all US currency holders potentially arrestable on charges of narcotics possession?

http://articles.cnn.com/2009-08-14/health/cocaine.traces.money_1_cocaine-dollar-bills-paper-bills?_s=PM:HEALTH

legendary
Activity: 1400
Merit: 1005
August 11, 2011, 06:59:21 PM
A more simple example (and quite made up) is if you apply the correct cyptographic key to this post you will get a defamatory statement (with is illegal).  Is this post therefore illegal?
Depends on the jurisdiction and what the court rules. For a defamatory statement it would be worth the risk, but would you want to take the risk of uploading child porn given the life-ruining consequences of even being accused?

I think that this is a very real risk to the current system.

I just used defamation as an example (and as you say, it depends of jurisdiction).  I was more making the point that with the correct key or filter you could make anything look like anything else.  And if you don't know it's there and can't extract it, is that criminal?
Alternatively, if you DO know it is there, is it criminal?  If anyone did embed something illegal into the blockchain, then released the decryption method to the public, then everyone would know it was there, and anyone could extract it.  But whether it is illegal to have such content in the blockchain has yet to be determined.
hero member
Activity: 518
Merit: 500
August 11, 2011, 06:55:02 PM
A more simple example (and quite made up) is if you apply the correct cyptographic key to this post you will get a defamatory statement (with is illegal).  Is this post therefore illegal?
Depends on the jurisdiction and what the court rules. For a defamatory statement it would be worth the risk, but would you want to take the risk of uploading child porn given the life-ruining consequences of even being accused?

I think that this is a very real risk to the current system.

I just used defamation as an example (and as you say, it depends of jurisdiction).  I was more making the point that with the correct key or filter you could make anything look like anything else.  And if you don't know it's there and can't extract it, is that criminal?
sr. member
Activity: 321
Merit: 250
Firstbits: 1gyzhw
August 11, 2011, 06:23:43 PM
A more simple example (and quite made up) is if you apply the correct cyptographic key to this post you will get a defamatory statement (with is illegal).  Is this post therefore illegal?
Depends on the jurisdiction and what the court rules. For a defamatory statement it would be worth the risk, but would you want to take the risk of uploading child porn given the life-ruining consequences of even being accused?

I think that this is a very real risk to the current system.
hero member
Activity: 518
Merit: 500
August 11, 2011, 02:18:34 PM
It's a bit like Schrödinger's cat.

If I have an unopenable box and tell you there is something illegal in it, is that illegal.  You can't rove it or see it or know that it exists, therefore no harm is done.  Something embedded in a block isn't visible unless you know the key, and on simple viewing would not be illegal.

A more simple example (and quite made up) is if you apply the correct cyptographic key to this post you will get a defamatory statement (with is illegal).  Is this post therefore illegal?
hero member
Activity: 686
Merit: 564
August 11, 2011, 01:48:12 PM
Theymos' entry is incomplete, so I extended it. There's another situation in which it's safe to delete transaction data: if you can prove it'll never be used. The transactions that embedded flags, ASCII Bernanke etc could be deleted without risk because the chances of finding a private key that hashes to a line of English text is extremely remote. What's more, transactions with non-random looking hashes or pubkeys can be automatically identified.
This is true, but with a major caveat: the only way to prove to someone else that the transaction data is safe to delete is to give them a copy of it, which means you need to have a copy of it. Without the ability to prove this, newcomers have to trust they aren't being lied to. I think this may open up a potential double-spending attack or possibly worse; while the nodes that had a copy of the expunged data at some point can safely mark the correct transaction outputs as spent no-one else can confirm what it spent.

(Also, if someone manages to get non-standard scripts into blocks, they can create transactions that are spendable but require you to keep a copy of arbitrary data in order to be able to validate future transactions that spend them.)

Data can also be included in tx input scripts. However data blocks there don't have any effect on anything, ie, with the right database structure you can record the original hash of the transaction, then delete the unneeded data blocks if they have no effect on the connected output script.
Of course, as I understand it the transaction ID is computed as the hash of the transaction, so you can no longer prove that the transaction in question has the ID you claim it has, that the block that contains it or any blocks building on that block are valid, or even that the block that contains it does actually contain it rather than some other transaction you want to maliciously replace.

If you encrypt the data before putting it into the block chain, the bad transactions probably can't be reliably identified. However they also shouldn't pose any legal threats to the miners. If the key is publically revealed, the same as above applies - the outputs can be removed without risk.
Which again pretty much requires some kind of trusted central censorship body, with all the transparency problems that entails. At the very least they could maliciously render particular bitcoins unspendable, which means that someone could get a court injunction forcing them to do so.
o
member
Activity: 76
Merit: 10
August 08, 2011, 03:31:29 AM
The generation of vanity address just remind me the possibility of embedding arbitrary file and information into the block chain, particularly, a transaction record. An attack would look like this:

Embedding arbitrary file

  • Convert a file (with encryption) into a string of Base58
  • Split the string into, say, 4 characters per piece
  • Generate vanity addresses with the 4 characters at the beginning
  • Order them in a transaction
  • Send money to the address and pay some transaction fee

The information will then permanently embedded into the blockchain. The only way to solve this problem is to change the transaction record into a simple account balance periodically. Since now the ordering disappear, so you cannot extract the information anymore.
hero member
Activity: 531
Merit: 505
August 07, 2011, 11:57:40 PM
The problem isn't that some wrong text will show up in the chain, but the fact we will not be able to remove it.

Its like your house got sprayed with a very wrong graffiti and you (as it may look for others) REFUSE to repaint it.
member
Activity: 64
Merit: 10
August 07, 2011, 11:49:44 PM
I really don't think this is an issue. If Oprah opens some of her fan mail and there is child porn inside, would she get arrested and go to jail for being in possession of child pornography? What if someone turns in a paper to a professor and it has illegal things in it? It would set a dangerous precedent I think.

I don't know the answer to this, but what if someone ran a Tor node and illegal things were sent through it? Same with proxy and VPN services. I'd think that VPNs would be non-existent if this was the case.
member
Activity: 78
Merit: 10
August 07, 2011, 11:10:19 PM
IF (big if) somebody managed to insert a noticable amount of real child porn in such a way that a simple one line command could extract it, waits for it to be really deep in the chain before announcing it to the public, and if this happened before the filtering and pruning mechanisms are implemented - I'd imagine we could have a problem. Or maybe embed ROT13s of phrases that are highly offensive and inflaming to lots of religious people and would likely prevent them from ever accepting bitcoin as long as they remain in the chain - say "Allah is evil and not a true god" or some such. Again in such a way that anybody could extract them with a simple command.

In such a case what could be done after the fact? Could they still be trimmed out of the chain without invaldiating the block links and the whole transaction history after they were included? Or is that impossible at this point?
legendary
Activity: 1652
Merit: 2311
Chief Scientist
August 07, 2011, 08:03:02 PM
RE: protecting an innocent person:  any lawyers here?

I have trouble believing that you could get into legal trouble for having illegal incidental data from legitimate activities on your computer. If you can, then we're all in trouble, because it is very easy to put illegal data in your web browser's cache (JPEG and other image file formats let you store arbitrary, not-normally-shown metadata, for example). I don't think it would be hard to convince a jury that the block-chain is like your web browser's cache-- full of lots of incidental stuff that is needed for the system to work, but doesn't have anything to do with you.  Now if you happen to have one of the private keys involved in the illegal transactions, THEN you should go directly to jail....

Adding code to "shun" certain spend-able transactions wouldn't be hard, although I think that's a bad idea for the same reason it is a bad idea to respond to trolls on forums-- you'd just encourage the bad guys by drawing attention to their misbehavior.
hero member
Activity: 518
Merit: 500
August 07, 2011, 06:31:46 PM
Just as an observation, OP was 2 June and now it's August - what happened to the police bust after one week?  Are we still waiting, or did the OP get jailed for some attempted framing.
full member
Activity: 372
Merit: 114
August 07, 2011, 04:52:43 PM
Gavin I think you're missing the point of this thread: we are certainly not advocating people do this, nor trying to protect people who do.  Rather we are trying to figure out a way to protect innocent users from a bad person who does this while maintaining the integrity of the blockchain/ledger.

I still think it would be nice to know what exactly the protocol would be if this happens.  Again, the semi-unique thing about bitcoin is that the data could be injected in a way that you can't reasonably remove it.  In most other contexts, upon being notified of such data's existence we could just delete it and be on our way.

Mike mentioned one could prune these things if it they were known, but it's conceivable that data could be stored in a way that would still enable coins to be spent (using OP_DROP, or just using low order bits etc).

My concern is that in this instance one could end up knowingly being in possession of bad things.
legendary
Activity: 1652
Merit: 2311
Chief Scientist
August 07, 2011, 04:36:24 PM
Putting illegal content in the block chain and announcing it as an attempt to undermine Bitcoin seems like a good way to get yourself arrested.  Much better than tweeting about exploits.

You'll have both law enforcement and techies trying to track you down, and given that people are already deploying de-anonymizing tools it seems pretty darn likely that you'd get caught.
Pages:
Jump to: