Topic: Proposal to help stop thieves (Read 4696 times)

All bad ideas/laws stem from some very reasonable-looking special one-time needs.
 

Also, if it is easy to add a transaction to a black list then you can DOS the chain by blacklisting all over.

If it is not easy to add a transaction to a black list then a theif will have time to send it through an anonymizing/mixing service BEFORE it ends up on the black list.

I see blacklist management as the fatal flaw in this idea.

You cannot just return a payment. Many wallet and exchange services send from a common address and if you send the money back from the sending address it will not go to the correct person. You will need to ask the sender for an address to return it to.

You cannot reject payments as you say, you can refuse to spend them, you can refuse to honor the payment but not automatically reject them.

Please give up on this tainted coins idea. There have been enough threads discussing this, each showing a multitude of reasons why it won't work as expected. Just don't waist any more time on this topic. Thank you.

+1
atm i cant imagine how this would work but i would really like it

i just hope that more people see bitcoins like gold: you just dont have any chance to see the route the gold has taken until it reached you.

the whole idea about "good" or "bad" bitcoins is just crazy

edit: bad typo

I look forward to the day when the Bitcoin client and/or protocol are "fixed" to make all transactions fully anonymous by default (as per various proposals floating around, the latest of which I saw at London conference from the Russian guys), if only so that any schemes to trace/block coins quickly get shut down as technically impossible.

It's not like a large fee is going to go unnoticed, nor the output tx feeding the fee would be hidden. As long as the miner is totally hidden and unknown it could perhaps work but the thief would likely have to trust the miner enough to be sure he didn't mine all the fees into his own wallet.

And in that case why bother mining it? Why not just make a deal to take the coins and for a cut launder/mix them? Any fees in the generation tx are going to end up in the miners address and be just as tainted as the input fee tx.

I guess what I mean eg. the bitfloor hack btc are just sitting there. If they were to be paid in fees and with people watching the btc sitting there it would be visible that they end up in a new block.

After reading some parts of this thread, my conclusion is that this will NOT work now, will NOT work in the future, and can NEVER work. Taint has been discussed before and in the end, it won't work. None of the developers would also work on this as this is not a priority.

This is a problem outside of bitcoin, outside of the protocol, outside of the technology. Bank robbers will always steal banks and use the money. You just have to have the bank better protected.

Of course one interesting thing about "coin-melting" would be the incentives it'd give to mining. If people handing out 12,000BTC fees was ever common, pools would be willing to stop working on the latest block and work on the second, or even third, latest to attempt to reverse the high-fee mined block and collect the fees for themselves. Of course, you could wait until you got really lucky and found, say, two blocks in a row and spread fees between them. Or just melt a small amount of fees per block, maybe spread over a boatload of transactions to obscure what you were doing.

Now, does the honest miner who takes a risk to steal a thief's fees by working to reverse a block rather than extend the chain deserve to keep those fees as their reward? Some of those fees? How do you know they're an honest miner?

My bad. I thought it was added as a side transaction but I didn't go check.

The fee IS part of the generation tx.  The difference of the sum of inputs and sum of outputs of all tx in the block is added to the current block subsidy to form the block reward.  


As for "coin-melting" being silly.  If there was enough demand I am sure some botnets or some large hashing farms would be happy to "coin-melt" your blacklisted coins for a cut of the profits.  I mean blacklisting is going nowhere (just like it didn't the 99 times in the past it was proposed) and the OP is delusional but for the sake of the argument lets pretend it existed and was ironclad.   So as a thief if you could have 24,000 BTC which were completely unspendable and worthless or 12,000 BTC in brand new generated coins which would you pick?  Where would the other 50% go?   How about send 10% to random addresses to taint their existing coins (and add a hell of a lot of noise to any blacklist system), send another 15% as fees in random txs to be picked up by legit miners (every pool on the planet would be "polluted" with coinbase tx which include blacklisted fees, the last 25% goes as a fee/bonus (no top of normal block rewards) for the coin-melting private farm and/or botnet.  

The coinbase transaction is allowed to have a value of up to subsidy+fees; the thief most certainly could move value into it. You aren't proposing blocking the transactions themselves, which would split the network anyway, so any thief, or even a group of them, can get together and buy some mining hardware to find blocks faster. Or rent time on gpumax, or, for now, buy time on a botnet.

On top of this once you can mine some blocks you can also use non-standard transactions to spend your loot, complicating any code designed to taint transactions.

More importantly they can cause miners a lot of pain by simply moving coins around, spending fees, and casting others under suspicion if you start calculating taint on coinbases.


I second Gavin's response: go and implement it for us and we'll see what happens.

The fee is not part of the generation transaction so I don't think this would make any difference as far as it being a normal transaction in the blockchain. Plus, he would only be able to keep the funds if he found the block. This could only be done if he mined solo or controlled the pool that mined the block. And the second option would be silly as it would expose the thief.

Not to mention the thief can turn coins into block rewards by spending them on transaction fees.

Is mining income tainted too now?

OP doesn't seem to realize the thief can simply move the coins to another address in his wallet in just a few seconds. Impossible to say whether they were spent or moved from left hand to right.

So this introduces situations where people accept coins without knowing if they can be spent later.

Extremely bad for the Bitcoin network overall. People need to trust that coins they receive can be spent otherwise the value of Bitcoin becomes questionable and the market price will reflect this.

Hence, a system like this socializes the cost of a theft over the whole network as reduced utility and lower value. But doesn't stop the thief at all from spending to users who choose not to accept blacklists - which I expect should be almost everyone.

+1

Yes, go ahead and implement it.  Here's a thumbnail sketch of one way to start:

+ Create a web service that lets anybody upload their email address and a list of public keys.

+ Send the user an email whenever 'tainted' coins are sent to any of those public keys, telling them how tainted they are and where they came from.

That's it.

For extra credit, you could let users upload their wallet.dat files (private keys encrypted, I would hope) and auto-extract all the public keys in the wallet.  Heck, if you stored the private-key-encrypted wallet.dats you might be able to charge a little for both blacklist detection and wallet backup.

Please go ahead. Go through the bitcoins in your own wallet, and check to see if any bit of them relates to the various thefts related on the forum (you can find the transaction id in many cases). Note it can take a long time doing so, as it will require that you go up the transaction chain (each transaction having one or more inputs) until you hit either the coinbase (zero input) or a transaction that uses stolen funds.

By doing so, you should get an idea of the work it represents to do that for every transaction. And maybe you will identify some stolen satoshis (if that ever makes sense in a fungible currency) in some of your wallet inputs, and you will throw those transactions away to avoid using stolen funds.

Oh, and you haven't considered this case: S come from stolen funds, C are clean funds, S+C are sent in one transaction as T (the sender does not have the same blacklist as you do) and thus tainted flagged by your client, so T is sent back (because you can no longer distinguish S from C since those outputs are now spent) as U, and now U is unusable as well because it got tainted by S. As a result, now more funds are marked as unusable by you and those using the same blacklist.

Chances are that f you do the test with your wallet and all the known stolen funds, you will throw away (or at least refuse to use)) your whole wallet.

There are problems without clean, elegant solutions. For these problems, you use several solution which don't eliminate the problem but hopefully lessen it. That's all I am talking about. Optional blacklisting will not stop thefts. Together with other measures, it will make thefts more difficult. Why not try it? It should be easy to implement. Instead of arguing, let's just try it. You think it won't work, great. Let's try it.

Letting the client flag blacklisted coins is easy.  Using those blacklists to create a meaningful/workable system that deters theft is hard.

Anyway, there's an easy way to measure the effectiveness of any proposed blacklisting system-- just implement the same system as a way to prevent double spends.  If you're really proposing that a blacklisting system can effectively prevent stolen coins from being spent a second time, then it follows that the same system should be as effective in solving the double spend problem.  If preventing double spends doesn't seem feasible without the proof-of-work blockchain, then what makes you think the flagging system is feasible?  Or if it does seem feasible, then why not release it as a blacklist-based altcoin that uses orders of magnitude less resources and blow Bitcoin out of the water?