Topic: IOTA: Snake oil insecurity with a centralized kill switch to shut off your money - page 3. (Read 2148 times)

For me to say, “I prefer Paypal to IOTA” is damning Paypal with faint praise—to make a point about IOTA.

My point is that Paypal does what it says on the tin, and does it much more efficiently than anything like IOTA.

This is not to promote Paypal:  To the contrary, it is a reductio ad absurdum.  If I wanted a centrally-controlled system that is poison to privacy, is cheerful about financial censorship, and can arbitrarily revoke transactions at any time, then I would rather use a system which frankly admits to being exactly that—and which does it using technologies that make sense (I am guessing an enterprise RDBMS), rather than pouring on buckets of snake oil crypto just to make the whole thing look fancier.  Or for a different metaphor:  IOTA is a Rube Goldberg contraption with the disadvantages of a centralized system, plus many additional complications.

Although I do NOT trust Paypal’s security, and past performance is no guarantee that they won’t later suffer an Experian-tier giant hack or other systemic failure, I will also note that in the past 20 years, they have not suffered the sorts of “oopsies” that IOTA seems to have almost on a regular schedule.  Two years ago, the big IOTA news was their broken homebrew hash—two months ago, they had that “corrupted ledger” downtime—now, this...  If Paypal had IOTA’s record for security and reliability, would they still be in business?

That Experian is still in business is not a counterargument here:  You have no way to opt out of Experian, and their customers are others who are paying them for your information.  If Paypal were to suffer extreme and/or chronic security breaches, then I would think—well, I would hope that lots and lots of people would close their accounts and run away!  And that is the point of this thread:  Avoid IOTA, due to a high risk of losing money.

I would not like a Chaumian/Digicash-style bank. Digicash does not require the issuing bank to confirm the identity of transaction participants, but there is nothing preventing a bank from collecting information about transaction participants as a condition of signing new certificates. There is also the risk that the bank will become insolvent, or will issue unbacked certificates, or will simply run away with customer deposits.

Lighting is very similar to Digicash, except without the risks related to having a central issuing authority. There do appear to be some problems with it in practice. 

I find the idea of a DAG and having transaction fees that are too small for the average user to measure (a small amount of POW per tx) interesting. The IOTA foundation appears to have a goal of eventually removing their central authority in favor of a decentralized authority who validates transactions, however I am unsure if this is possible in light of the fact that transactions are (virtually) free.

To be fair to IOTA, this is a single instance of reversing transactions in a case of alleged large scale theft, there is a 'slippery slope' argument, but this is not worse than what PayPal does every day. PayPal will routinely reverse transactions, block access to funds, and will blacklist individuals/entities who are doing things that PayPal does not like, even if not against any rules/regulations that PayPal has published.  There is no slippery slope argument with PayPal because they are already at the end/bottom of the slope.

tyKiwanuka, JollyGood, and Lauda:  Thank you.  OP was promptly updated with flag #1392 against iotatoken.

Ratimov:  Thank you for the translation.  I have linked to it in my thread metadata post.

---

Laud Lauda: Credit where due!

Quote from: The Sceptical Chymist on February 19, 2020, 06:11:55 PM

I appreciate Nullius breaking everything down here (and for starting the thread in the first place), as I wouldn't have read anything about this scam otherwise.

Thanks, but Lauda deserves the credit for the initiative.  When the story broke about the IOTA network “pause”, she asked me for my opinion due to my technical expertise and the fact that I have discussed IOTA’s failings before, as quoted above.

I am not easily shocked.  I was shocked that IOTA has a centralized kill switch; I did not know that, until they used it!  How do ordinary investors stand a chance with them?

I thereupon decided that I needed to do more to warn people so that they don’t risk losing their money.  Whereas that is always Lauda’s goal.  It was easy, too easy for me to sit back in the Development & Technology forum two years ago and sneer at IOTA’s broken homebrew hash—then ignore IOTA, because I would never risk my money on it.  Lauda has a more practical focus on helping others here.

Thank you, Lauda.

---

IOTA is the worst of all worlds

Quote from: PrimeNumber7 on February 20, 2020, 03:01:49 AM

I don't like the use of a centralized validator, and would not trust any coin that uses one.

I think there is a place for centralized technologies:  Chaumian banks.  It is a matter of trade-offs.  Digicash had excellent privacy and fungibility, but was centralized; Bitcoin is decentralized, but lacks Digicash’s privacy and fungibility on the blockchain layer.  (Lightning mostly solves this problem in a different way.)  Centralized solutions also have high performance and low overhead, generally.

Whereas IOTA has none of these advantages.  It promises to be a Bitcoin-style cryptocurrency, but better than Bitcoin—which it is not!

In the practical terms which matter to the average user, I think that IOTA is really a Paypal-style solution, but with much higher overhead and, I think, lower security than Paypal—and it is a financially unstable altcoin which makes an even worse investment than government-issued fiat currency.  Why would anybody want this?  It combines the worst of all worlds!

Indeed, if I had an exclusive choice between IOTA and Paypal, the answer is easy:  Paypal.  I say that as a Bitcoin maximalist who holds almost all his own money in Bitcoin.

Quote from: PrimeNumber7 on February 20, 2020, 03:01:49 AM

It appears they are rolling back the IOTA blockchain to reverse the transactions involving the stolen coin. Etherum did something very similar in it's early days when a hacker exploited a flaw and drained coin out of the DAO, although it has something resembling consensus before doing this.

I also had that thought about Ethereum.  The form that my thought took was, “This is even worse than Ethereum—much worse.”  The comparison is damning, whereas I myself have previously called Ethereum a...

Quote from: nullius on February 01, 2018, 09:39:01 PM

...Bolt A Turing Complete VM Onto A Blockchain Security Nightmare With Centrally Controlled Promise-Breaking Via “Irregular State Change” Exploding Clown Car Cryptokitties Toy Coin...

...among many similar words of endearment in various other posts.

Ethereum rewrote the history of its blockchain with a hardfork; but it had a blockchain, and even the top-down Vitalik Says So order took some time and effort to push through.  By comparison, IOTA can also rewrite their transaction history with much less effort—and IOTA just recently demonstrated that the people who run it can shut the whole thing off with the push of a button!  Much, much worse.

This might be a bit off-topic, but gives some insight about the whole incident. The IOTA Foundation has released a three-part series, where they explain (in part 1) how an attacker could successfully steal around 8.5TI (around USD 2,550,000).

This was the main issue:


Pretty careless and there is no way this should have happened.

See the whole story here: Trinity Attack Incident

Flag has been supported. A massive thank you to all contributors to this thread for bringing any information of substance about the IOTA team.

Thanks. Here is also the flag against that account:
https://bitcointalk.org/index.php?action=trust;flag=1392

Excellent post. Thank you for the links and background information.

By now CfB has nothing to do anymore with IOTA other than his company using the Tangle - or intending to do so, but he will probably fork it. David Sønstebø and CfB have been bff for a long time until the moment they had different opinions about the future of IOTA. You can read what David has to say about that here.


https://twitter.com/c___f___b/status/1224039770499796993

To my knowledge, this is the Bitcointalk account David is in control of: iotatoken

---

During the split-up drama between David and CfB some weeks ago, CfB posted some private (and most likely sort of confidential) conversations on his Twitter account and Paracosm Discord.


Source: Paracosm Discord

Most of these leaks are already deleted, but they revealed some shady things waiting to happen as you can see in the screenshot above. There are still unclaimed IOTA from the ICO and David wants (wanted) to give them to JINN.

JINN is a private company in stealth mode, that was founded by David, CfB and some other unknown third guy. See more here.

 

They changed their mind later, apparently it was written by an AI.  

While people have the right to keep any ridiculous belief that they want to, the above is not based on science and is thus incorrect. I am not interested in unbacked opinions - this case was constructed very objectively, hence why I created a flag.

Last sentence: There's a very good reason for that - think about it using Occam's razor.

Which is a - pun intended - very laudable thing to do. For the noobs getting educated, this is a huge plus, considering large corporations like Volkswagen, Bosch, Microsoft etc. didn't get that opportunity.
While most of those announcements of cooperations with companies are surely exaggerated (many of such cooperations merely consist of a company having a "blockchain research unit" which checked out the IOTA repo to take a look at it… bit offtopic, but that Tweet about sums it up: https://twitter.com/CryptoCronkite/status/1227320690321297409), I can see how they scratched their heads when they saw in what terrible way CfB etc. interacted with researchers who took their valuable time for pointing out weaknesses a.k.a. helping to make the product better.

For me, this project was over when CfB told the researchers that they implemented the "colission feature"  in curl to protect IOTA from copycats, what the actual fuck.

Depends on what point of view you have (some would even say that Bitcoin is not a decentralized, Peer-to-Peer Electronic Cash System ^^): those who were following the project closely knew about the coordinator, and that it was a centralized element which was intended to kickstart the network and to be removed, later. The "later" got delayed again and again, making the description of IOTA a concept rather than an actual product, thus vaporware.

For somebody who only read the catchy phrases and didn't bother taking a very close look at what he throws his money at, it might well be described as a scam. To be fair, the IOTA team did not put much effort into explaining IOTA's weaknesses.

Thanks for the link. I did not know this.


Wow..

According to the IOTA documentation, the coordinator (aka kill switch) is to prevent certain types of attacks related to double spending. IOTA does not have any miners, and it does not cost any coin to send a transaction (only a trivial amount of POW effort), and there is the risk that someone could do something very similar to a selfish mining attack that does not cost anything to try. 

The way I read the documentation, I don't think the coordinator was intended to be used as a kill switch, or more specifically, this is not how it is presented.

I don't like the use of a centralized validator, and would not trust any coin that uses one. It appears they are rolling back the IOTA blockchain to reverse the transactions involving the stolen coin. Etherum did something very similar in it's early days when a hacker exploited a flaw and drained coin out of the DAO, although it has something resembling consensus before doing this.

Any crypto having a kill switch is rather far-fetched. Why did they have it in the first place? Any centralised project can have a lot of things their way or unconventional but when I read about the whole project going off-line for those two days or so it shows exactly why IOTA should and any other centralised crypto should be avoided unless they show exactly what cards they are holding.

Back in January 2018 this project had a market capital of over $14 billion but IOTA now has just $770 million market capital and it is dropping fast. Here is yet another of many mismanaged projects that had too much talk and not enough action and development therefore it fell from massive all time highs to a fraction of that.

It is a very different case that needs to be handled on its own. Evidently, Ripple does not claim to be a cryptocurrency such as Bitcoin AFAIK (they are something else entirely) - despite their frequent attacks and public lies by their CEO (public as in in interviews and similar). They will get their chance in the spotlight as soon as there is more time.

Lol, I probably wouldn't understand a thing that they were saying--but I definitely see where this shit took a nosedive (and why).

Before reading this thread I really didn't know anything about IOTA.  It was just a project whose name I saw from time to time on the forum, and I had no idea how centralized it was.  I appreciate Nullius breaking everything down here (and for starting the thread in the first place), as I wouldn't have read anything about this scam otherwise.

Wouldn't this sort of shenanigans be a problem with Ripple as well?  And I have to profess ignorance about how Ripple works, but I'm pretty sure it's just as centralized as IOTA is. 

This space (today) consists of probably >99% people who are unable to research these things sufficiently for themselves due to lack of technical knowledge et. al. They are easy targets for fraudsters and scammers, and I do not blame them. We are here to educate and protect as many as we can.  

---

If you say you are developing X, and it does not get released within 3-5-10 ETA's, then it is very probably vaporware.
If you say that the thing that you have released today is X, and it is actually not even close to that, but Y, then that is fraudulent advertising i.e. scamming.

Keep this important distinction in mind.

I see correlation rather than causation. There just is no real connection between how / if a product works and its market share.

Fact is, though, that IOTA has always overpromised and underdelivered. It was (like most cryptocurrencies) hyped like there's no tomorrow. At the end of the day, people who lost money on it lost it because of their greed, not because IOTA is a "scam", or, as I prefer, vaporware.

For those who need a TL;DR:  There Ain’t No Such Thing As A Free Lunch!  (Link for Tor users, whom that website blocks—or see Wikipedia.)

That is just common sense, the general concept of which has been the stuff of proverbs for thousands of years.  Crypto newbies may not know Schneier’s warning signs of snake oil cryptography.  Whereas every reasonable person should know that “free” is the most expensive—especially when it comes to financial investments.


People need MIT wizards to lay that out for them? 

From iota.com blog

https://blog.iota.org/instant-feeless-flash-channels-88572d9a4385?gi=9eb5072573c4


Free and instant transaction.  Fully scalable.

But everything has a price. Looks like iota price is very expensive

This scalability drama is just ridiculous. An stupid idea which became a marketing z to make fools  by shitcoins and stay away from bitcoin because it is "old slow and expensive "