Topic: Myth: the Payment Protocol is bad for privacy - page 2. (Read 4623 times)

He's got a point there.

@piotr: If you were more polite people might listen more to what you say.

You and me perceive security differently.
Digital identity is something that you need to establish - gpg solution is very specific about it. But also provides a very useful web of trust.
Your solution is for kids - it isn't a security.
Your argument is that I first need to send my pgp key via email anyway.
You obviously don't understand what it is all about.
No sane pgp user will trust a key that he received only by email - and the system informs a user about it, all the time.
What you have made is a solution that you advertise as something that can verify identity, while in fact it doesn't seem to be more secure than just exchanging plain bitcoin addresses by email.
You've made a great job hiding from a user a misery of your lame security feature.
It is not a secured payment system - deal with it.
And it does not increase privacy - sooner endangers it.

Well, I certainly do see plenty of cheap propaganda hereabouts, but not coming from the side you seem to think it is coming from.  So far, every objection against the payment protocol that I've seen has been emotional.  With the exception of your current post, the one quoted above.

I have two objections to your objection.  First, you are throwing the baby out with the bath water.  Having an optional easy to use signed invoice is a vast improvement over the alternatives.  Note that I said "easy to use", which disqualifies PGP, and probably bitcoin message signing.

Second, you don't even need to lose control of your email account for someone to create a bogus PGP key in your name.

I have option on many things, but all of them would be off topic, except the one that some of you guys serve us a cheap propaganda in this topic. Seriously, don't you see it?
As for the other things I know, knowledge is power, so don't think my friend that I will just share mine with you for free.

So it doesn't bother you that the payment protocol that took you few years to develop guarantees that a guy who had an access to your email address at any time in past can just issue payment requests in your name?
You still think it's great and people should use it for making sure that they send coins to the right address?
Well, I don't

Wow.  I thought he was just using a clever analogy, but it appears the arrow hit the mark anyway.  Do you have any opinions on the moon landing?

Sure: conspiracy theorists blew up three WTC towers into pieces in 2001, just to blame it on the government.
And in 2014 the same conspiracy theorists try to break Bitcoin by not embracing the new payment protocol and speaking against increasing the block size, in favor of off-chain transactions.
It's all because we "repeatedly fail to listen to rational arguments"... and our arguments are obviously never rational, so it is completely fine to not listen to them.

Do we really need to call this guy a lead bitcoin developer? Because it seems like an insult for an actual bitcoin developers.
If he doesn't understand that gasoline has no potential to blow up buildings into pieces, then he doesn't even deserve to be called an engineer.
Unless in America you have different laws of physics. Or different criteria to become an engineer...

What is the Chief Scientist doing about our outrageous conspiracy theories, concerning his biased involvement in bitcoin development?
Just as every professional media puppet, he is debunking myths - that is his way of presenting "rational arguments".

How can you trust such a guy to develop a bitcoin wallet for you?
A wallet that should be able to resist the government's pressure!
If anyone can be forced or otherwise corrupt to put a backdoor into software, these kind of people are the first candidates.
Be careful trusting him - he is obviously not a honest person. He clearly acts like this lady: https://www.youtube.com/watch?v=NOnwdmpButo
States something like it was a fact, but when confronted, just does the standard "I think I already answered this question, we are ready to move to another topic".
Don't you see it?

That is like 9/11 conspiracy theorists saying "there is a real debate to be had!"  ... after they repeatedly fail to listen to rational arguments ("Jet Fuel doesn't burn that hot! It cannot melt steel!" ... after being patiently told about the physics of furnaces: burning in a heat-trapping chamber).

I still haven't heard any rational arguments on how the payment protocol is worse for privacy. If piotr_n makes one, please let me know.

Is that supposed to be a punishement?
If so, please be informed that you have been on my dicklist for like years already - never removed, not even planed.
But your posts don't scare me, so I have no reasons to hide them from reading - some of them are actually quite entertaining.



Wow - now you really assured all of us, what a great security you managed to develop for the comminuity during these couple of years of your intense work.
Man, you are a genius. Whenever I will need a real expert on IT security, now I know where to find one
You and Mike - he is another security expert: whenever NSA breaks his security, he says loudly: fuck you NSA!
It is definitely the kind of security experts that bitcoin development needs, isn't it?
You guys clearly identify all the possible points of failure and address them in the most efficient way; usually through deeper integration with openssl, or another useless lib, like protobufs.

Joking aside.
To those who don't ignore me, if you don't mind me asking:
Now, knowing how "simple" it is to create a "secured" certificate, are you seriously going to trust this payment system?
Because apparently, as Gavin has just explained, the entire payment system comes down to the security of an email address.
What they have done is just replacing the original satoshi's system where you could do MITM attacks on the IP end, to a system where you just need to attack an email address.
And you don't need to be a security genius to know that the later is often even easier to conduct.
But hey, if someone steals you money using the secure payment protocol, at least you will have a receipt

From other interesting facts:
 * satoshi needed like a month to implement his system, while these geniuses needed years.
 * satoshi quickly realized that his system wasn't secured and just abandoned it. these guys are too proud for it and are going to defend it as long as they can, using all kind of silly propaganda.

I mean, lets face it: "Myth: the Payment Protocol is bad for privacy" - this is a typical topic template for a propaganda content.
I wasn't born yesterday and I know very well what propaganda looks like.
What I don't know though is: who pays for it? Obviously they won't say and it's going to come down to my tinfoil hat again.

You are going back on my ignore list, because you have no idea what you are talking about.

Maybe if I use simple, easy-to-follow steps I can convince you that you are wrong:

1.  Copy and paste this URL into your web browser:
  http://www.comodo.com/home/email-security/free-email-certificate.php

2. Click on the "Free email certificate: sign up now" button (the big orange one).

3. Enter whatever name you like, and a valid email address (an anonymous one, if you like) and a revocation password.

I just used "[email protected]" to make sure it actually does work to give a fake name, anonymous email address (and no address or phone number).

Done deal, you've now got a certificate-authority-signed X.509 certificate for an anonymous email address that you can use for the payment protocol.

That wasn't so hard, was it?

CA's are not independent actors. There is 1 (one) root for the Internet's DNS. What any user thinks about how the DNS performs is completely irrelevant. The DNS is controlled by ICANN and various corporations with some interference of governments. If I don't like how the system works there is nothing I can do. There is no feedback from users, other than through corrupted channels. In Namecoin users can suggest changes. It solves the problem of key storage, but unfortunately not the problem of key <> identity assignment. The original BitDNS discussion contained some interesting material on the subject.


Well, there is a tension between those who want to have a Bitcoin system which operates above the law (darkmarkets) and those who want to integrate it with law (US law, I presume). I don't have an opinion, but one should recognize what this is about. One can start with the simple question what actually happens if two people transact on a public network with untraceable cash. What language does one use to describe the process ("merchant", "customer"), what is the role of intermediaries of all sorts (courts, law enforcement, transportation systems, etc.). I believe it's impossible to make any sense of this by focusing on "technical" issues alone. People on the Bitcoin dev list actually believe that economics is off-topic. Well, that leads to pretty strange and unproductive discussions.

Er, they're funded by the people who buy certificates, i.e. their users. I know how CAs work thanks.


Just numerically, this is true. There are 7 directory authorities that matter in Tor, vs over 100 certificate authorities.


This is a widely known fact, you could verify it by just reading the Tor wikipedia page. But here's some links to save you a few clicks:

http://www.washingtonpost.com/blogs/the-switch/wp/2013/09/06/the-feds-pays-for-60-percent-of-tors-development-can-users-trust-it/
http://www.reddit.com/r/TOR/comments/1cq46y/til_80_of_tors_annual_budget_comes_directly_from/

But I'm not sure it's worth arguing with you, seeing as you think Bitcoin is related to Chaumian e-cash (they have no technical relationship at all beyond both being systems for electronic money).

Not too bright.

It is better, because I don't need to send a stool sample to a corporation, in order to receive the signing key.



So what the court would do differently, with your digital receipt?
It would go just the same way; whoever signed it can simply testify that someone hacked his server, stole the key and therefore it wasn't him who signed this data.
Or better: the key leaked out through the heartbleed issue. Go ahead and prove that it didn't...

And at that moment the case is closed - you cannot use such a receipt even to wipe up your own ass.



Right... that must be the kind of signatures you use under the death sentences, when executing people all over the world. Shortly before the missile hits a peasant, or his kid, there is a quick and efficient algo, built into the system, that digitally signs the sentence, so they'd get executed in compliance with your very democratic constitution end extremely solid justice system.

If I'm following you correctly, you think that there should be no courts because they can't help in all disputes?  That every transaction should be spelled out in complete detail, even though it is pointless because neither party needs to follow it?

The vast majority of internet transactions are "local" to one judicial system, and also follow a standard template (I pay you X, you send me Y).  A signed statement of X and Y, along with blockchain evidence that X was completed, gives the purchaser some confidence that they will have some useful recourse in the event that the vendor fails to complete Y.


And how is PGP or bitcoin signing any better?  Do you ask the court for a subpoena to search all of their records for evidence that they possess the private key that signed your receipt?  Or do you think that the judge will take your word for it that you've brought suit against the correct party?

One nice thing about being an American is knowing that our courts do, for the most part, understand cryptography and digital signatures.

Well, if I didn't know a few people who were told by their lawyers that digital receipts (issued by localbitcoins) would not be accepted as an evidence in court, then I would have also thought like this.

The problem is that our justice system is still in a previous century. They don't know what a digital signature is and they are more likely to accept a piece of paper that came from a printer, rather than a digitally signed file.

I am not saying that no court would ever accept a digitally signed receipt, but I am saying that they are very reluctant to do so.

It will work for the same jurisdiction, but not cross-jurisdiction. It could even be such that a merchant has to automatically acknowledge if a payment was received via the public blockchain. One example implementation would be forcing the merchant to use a certain address which is attached to the name (the merchant wouldn't be able to generate arbitrary addresses). In effect that's what the DAC/smart contract ideas are about. Registering a corporation is equivalent to assinging a payment address to a legal entity. A limited liability company is in a sense nothing else than a restricted account. Some of this can be implemented today, but I very much doubt that Bitcoin is going to be the system doing this (i.e. anything interesting in the future).

Who said anything about screenshots?

I meant something like the receipts localbitcoins issues. Or whatever message "pay this amount, to this address, for this product", signed with a private key - that's all you need for a digital receipt, mr big smartass but small imagination.

And BTW, good luck taking your payment protocol receipt to court when the merchant claims you didn't pay.
You are obviously living in a dream world. Though most Americans do, so you are just following the pattern.

Which court? If the merchant is in Chile and the customer in Russia, what use is this? Bitcoin is a global system, but there is no world court people can go to, to settle disputes. This can in theory only apply if the two parties agree which court settles disputes, and the court even considers itself responsible. If you're drafting social protocols you should have some understanding of how economic transactions work. Commercial transactions consist of much more than just the payment itself (what happens if there is no delivery, delivery not on time, bad deliveries, ...). And if you want to integrate with legal systems via software, you better clearly specify what you're talking about. Since when is the Bitcoin network dependent on courts?! And if the payment protocol addresses any of these issues, why is it not stated in the draft protocol. That's what these kinds of documents are there for. You would find that it would be much like writing law, because you would have to first define merchants, customers, payments. And then Bitcoin is not about "payments" between merchants and customers. It's about transactions between peers. So the nature of the system and the debate already has shifted dramatically.

Good luck taking your screenshot of the "SSL authenticated bitcoin deposit address and the amount" to court when the merchant claims you didn't pay.

In other words, you don't really understand which problems the payment protocol is trying to solve.

This is the crux of the issue - the payment protocol is bad for privacy because of what it doesn't do.

One of the biggest problems for Bitcoin privacy is that the way we use it now does not allow for merge avoidance strategies. A good (privacy-respecting) payment protocol would not deliver to the client a fixed list of outputs - it would deliver information that would allow the client to construct as many outputs as it desired.

That also ties in with the plague of address reuse, which is still an unsolved problem since the standardization on deterministic wallets hasn't happened yet.

I said it, but if you insist, I can elaborate.

In order to acquire a certificate (which you need to sign the payment requests with), you must leave your personal details at a CA.
Your full name, your email, where you live, even your phone number.
Who is going to do this? Basically only corporations. Plus maybe a couple of crazy people..

Now, as a payer, you do not need a certificate, but then how does the payment protocol help you with anything?
Obviously you are not going to use it for sending money to your friends or buying stuff on black markets. You are also not going to use it for p2p bitcoin trading, nor for withdrawing your bitcoins from exchanges.
You may only be using it for sending your bitcoins to corporations (or the few crazy people). But each corporations already had a web page secured by SSL certificate - so why the hell to waste bitcoin development resources on them?
Better security? Give me a break! It does not make it anyhow more secure, to let a client extract a payment address from a binary file, rather than to let me just copy it from a web page, protected by the very same certificate.

Also, when you provide the refund address, this address identifies your wallet - another privacy concern.
And of course the recipient - a "very useful" thing, as someone has just said. The thing is that storing the receipts also keeps track of your past payments, which not everyone may be a fan of.
Not to mention that both; receipts and return addresses are already used in the bitcoin world, yet without the payment protocol.

In other words: they spent couple of years of development to reinvent the wheel.
A wheel which now needs a permission from a central certificate authority in order to work.
How crazy is that?


Moreover, let me remind you that very soon after 0.9.0 was released, there was a critical security issue reported in OpenSSL.
Basically a backdoor that could even cause your private keys to leak out from your wallet, through the "secured" payment protocol channel.
It was fixed - yes, but do you really believe that this is going to be the last critical security issue ever discovered in OpenSSL? Well, if you do, then you must be a very naive person and have no much experience with software development. Everyone who is so stubborn to build secured applications around the messy openssl lib is IMHO insane.

BTW, I remember someone once assured me that the bitcoin client would not connect to any server when doing the payment protocol things. No matter what, it wasn't supposed to connect anywhere!
But then it makes me wonder: how is it possible that a payment protocol was vulnerable to the heartbleed bug, if it wasn't connecting anywhere?
Obviously someone had lied to me - obviously there are some connections, just not quite official.
So why did that someone lie to us?
Well, either because he is incompetent and he has no clue what kind of software he develops, or because he is just a liar.
Either way - a wrong person to develop a software for my needs.