Topic: Taint checker list - page 2. (Read 5053 times)

That's a stupid idea.

If this goes through, I'll buy up tainted coins for cheap. Then I'll mine dummy txs to myself, using the tainted coins for huge txs fees. Since I won't broadcast them, sooner or later ... PROFIT

Now if someone decides to taint coinbases too if they include tainted fees that's even worse. In this case miners will start a war, because they won't like having their blocks taken from them when I declare some of my satoshis used in fees stolen retroactively. And I'll make sure to include a satoshi in every mined block, thus sabotage mining completely.

Either way, the potential for abuse and damage is huge and far outweighs benefit.

-coinft.

+1

As a miner, you can hoard a transaction.  So you could create a transaction that does not get broadcast unless your miner finds it, in which case it goes through.

I was talking about sending 10,000 satoshis to 10,000 clean addresses, rather than what you are saying, because I think this sort of "shotgun spray" would be much more effective at tainting.

As for the last part of your response, that is entirely true.  But with current software there is a high chance of making a mistake and accidentally sending the tainted satoshi through, tainting your target recipient.

Dooglus is right though: a smart implementation of taint could prevent many of these problems by tainting transaction outputs rather than whole addresses. 

You only get the transaction fee if you are the miner that actually finds the block. Otherwise someone else gets it. This mechanism protects Bitcoin from spam attacks disrupting the network. Otherwise a malicious attacker could try to spam the network with millions of transactions. The transaction fees make this too expensive to pull off. So no, somebody isn't going to perform an attack like that.


The Bitcoin protocol allows you to specify the number of and the precise transaction inputs to use in a transaction. Meaning if you sent me 10,000 satoshis from 10,000 different wallets, I could send them all back to you in a single transaction, and *only* those satoshis regardless of the other coins in my wallet. Or, I could (one day) simply blacklist those transaction inputs so my client never uses them. Meaning that the tainted coins die right there. They never get used, they are out of circulation, and the rest of my coins are pristine. If you follow the coins via the blockchain they will simply stop at that address. Bitcoins are atomic, they have to be or the entire system falls apart. You can trace every single satoshi in your wallet all the way back to its genesis block.

 

I think you misunderstand.  Addresses don't get tainted, transaction outputs do.  It's possible to have clean and tainted coins at the same address, from different transactions.

You cannot prevent people from transferring coins to your address.  So people who disagree with the tainted coins system could browse the blockchain for "clean" addresses, and do giant batch transactions sending each address a satoshi.

If they are mining as well, they can include the transactions in their own blocks, so transaction fees for sending large, spammy transactions will be sent back to themselves. 

If you send these satoshis back, you will still have to pay the transaction fee: they can make your coins tainted, or make you go broke trying to prevent them from being tainted.

Off the top of my head, I'd say a hotwallet to for incoming transactions, if the coins pass inspection then they get put into the main wallet. You don't ship whatever good or perform whatever service until you are satisified with the coins. There are very few businesses that require an instantaneous response when someone sends them bitcoins, so a minor delay to verify coins won't hurt. If the coins are tainted it would be up to the recipient to determine what they do with them.

This could, in fact, be written right into the bitcoin client. User provides a list to the client of what he feels are tainted coins and the client then scans incoming transactions and compares them to the blockchain. The user is alerted if there is a problem. I wonder if etoh can't be convinced via a rather large bounty to implement such a feature in his Armory client.

For those of you who think this will kill Bitcoin, then perhaps Bitcoin was never a viable project anyway and should die in a fire and we should move on to Bitcoin 2.0.

Sounds jolly good in my ears, too good to be true.
Question: How will they decide?
They have to decide in advance about a thing they can´t see.
Ok they can reject those coins later, but how to get the firewood returned?

Assume me having false coins in the wallet. Should I return them to the so called appropriate owner or the one whom I just sent some of my coins as he has tainted coins now. What if I mixed some tainted with non tainted coins and spent all of them?

And they're going to continue to want it if a large enough amount of coins regularly get stolen from well-known Bitcoin services.

Remember that when Mt. Gox got hacked, one guy claimed to have bought over 250,000 coins and withdrew only about 650 of them because he thought withdrawing all of them would have been exploiting a bug.  That's quite a large percentage of the total coins mined, the potential theft of which hinged on one guy simply deciding whether or not he wanted to try to take all of them!

The fact that people are actually storing sizable numbers of Bitcoins online, before there is widespread, simple support in the client for multisignature transactions is just ridiculous.  So is trying to convince the same people _not_ to concoct coin-taint tracking schemes by any means other than direclty improving Bitcoin security and making it easier to implement.

Translation: Play the way I tell you to play or I'll shit in the sandbox.

People should be free to choose whether or not they accept certain coins for transactions. Forcing them to accept and deal in stolen property is wrong. If they choose to do so then so be it, but nobody should force them to. I thought one of the benefits of a free market meant you could choose who you do business with, and why. Guess I was wrong.

Let me put my tinfoil hat on and speculate that those who are crying loudest against this have a vested interest in keeping the status quo because they know they have stolen coins in their possession.

All Coins = whitelist + blacklist + unkown
Everything that is just a subset of all coins can be used as replacement for the term Tainted Coins bullshit
The argumentation will work the same way.
Think of bitcoins as if they were firewood, once in the stove ... lost for you ... regardless whomsoever had put them in the stove. Heat is there wood is gone. Now you can ask for a refund for stolen wood in heat or wood. But what if this was stolen before?

The difference is you can´t tell firewood apart but you can tell bitcoins apart.
But that doesn´t solve the issue. It just says you know your money is dirty. It does not help you to decide on any money on its way to you.

The worst part is that I don't think that anyone can stop such a service from existing.  Misguided as it may be, enough people are going to want it.

I understand the problems. Thats why the taint list should be entirely optional, and that theres not a central authority of taint list, instead each other uses any taint lists they want to use (like DNSRBL's).

The problem we need to solve is that exchanges start locking accounts because the money come from a stolen source, like paypal does.

This will hurt bitcoin webshops, that have delivered the goods but have got worthless money they can't do something with, because nobody wants it, altso the webshops gets their other money locked too. Look at the person who got 7BTC stolen money into his MtGox account and his whole account was locked, even with all other bitcoins.

Thats why we need some easy feature, that indivuals can use to reject any "stolen" money. I saw a handshake idea in the forum that prevents sending money to somebody that does not want it, that would be a good idea, then the money can be rejected before it even are transferred.


What about whitelist then? Same feature, but instead you whitelist trusted senders and nobody else can send money to you.


Try to brainstorm about this, it must be some solution there that prevents peoplr from getting their exchange account locked because the money was stolen.

Now im not talking about that single piecie of stolen money when talking about locking the account. Think of 1BTC that was stolen, and I depoist it in my 1000BTC MtGox account. Now 1001BTC is confiscated if I don't have a good explaining of why I got 1BTC of stolen bitcoins. Thats why we need taint list.

So people receiving stolen money can prevent it from being used, and webshops can prevent getting stolen money into their webshop wallets, because even 1BTC of stolen money can lock the webshop's MtGox account with tousands of BTCs, even if the webshop would happily return that 1BTC to the rightful owner.

A solid perfect argumentation as much as I can see.

Plus the good news is: You do not have to deal with the filth. Let the rest of the world accomplish this task.
My promise: They will! They have no choice.

D&T's post is spot on.  There are too many unsolvable problems that taint tracking introduces: it will hurt honest actors more than thieves.

Holiday: You would notice if there was such a "blacklist" of certain notes. We have had some in a suburban area here in sweden. The bank putted up notes on windows to shops telling people "Not to trade with any 500SEK bills beginning on digits XXXXXX" and the note had a image of a 500SEK bill with its first digits of the serial number circled.

Probably a robbery in the local bank so they made sure to recover the money by "blacklisting" it.


Hollyday: I don't understand? Why boycott MtGox? Its not their fault that people hack other merchants/echanges and steal their coins/private keys.

But what should we do? MtGox and such exchanges are locking the accounts of people who use "stolen coins".

We need to have something so people can avoid any coins that for example MtGox has deemed as "stolen".
If this feature would be included, most merchants would have a "stolen coins we don't accept" list on their website.

Its the same as IRL. When there has been a big robbery (and with big I really mean BIG robbery), the bank publish a list of serial numbers that is "blacklisted" and merchats are told not to accept these notes/bills (Often in the form "Do not accept a 500 SEK bill that is beginning on 4567 or 8723"). And if they accept, the bank will refuse to cash in their notes/bills to their company account.

That doesn't solve the problems listed and only compounds the complexity (and user unfriendlyness).  Can you not see that? Person can use coin A with merchant 1 & 2, but not 3 & 4 and coin C with all merchants except 4 and Coin B with only merchant A and nobody takes coin D.  Each sale would require the buyer to check with merchant determine which taint list they are using, ensure they have latest list, scan their coins to find acceptable coins and send them.

Yeah new users looking to buy a game on steam, some weed from SR, or play some online poker are going to go through all that bullshit.  New user who is savy enough to check 9 tainted lists only to find out his coins are rejected on 9 more lists he didn't even know exist is unlikely to be holding coins he can't spend WHERE he wants to spend.

Have you ever heard of: http://en.wikipedia.org/wiki/Fungibility

If a coin is accepted by less than 100% of the community it has less value.  How much value depends but it will never be face value.  So some coins are worth 1 BTC and some <1 BTC.  Someone agree upon a trade for 10 BTC only to find out the 10 BTC he got other people consider "bad" and thus are only worth <10 BTC IF he can find someone willing to trade them for "good coins" is not viable for a currency (any currency).

HELLO FUNGIBILITY IS THE CORNERSTONE OF ANY CURRENCY OR COMMODITY.  
No fungibility = no currency.
No fungibility = no commodity.

I am going to put you on ignore so I won't see any responses.  It isn't you it is me, this kind of short sighted "do something" just burns me up.   The wish to block tainted coins reminds me of people after 9/11 pushing to do something and we are stuck with the fucked to all hell Patriot act.   Maybe take a step back and look at how you are acting from a place of fear and what you are proposing would kill Bitcoin.   If that happens any successor will be built to make tracking impossible.  Now the good news is that if we are lucky taint databases won't go further than you can throw them but that doesn't make the idea any less dangerous or stupid.


My promise:
If tainted databases do exist I will be buying tainted coins for the sole purpose of spamming them to people who use tainted coins databases and let them rack up massive fees in trying to return them.  The bad news is that means I might have to deal with filth like coinexchanger to get my spam currency.  (shudder)

DeathAndTaxes: I think you misunderstand now.

The idea of the Taint list is not to have some central authority.

Anyone can host a taint list, like those DNSRBLs. I can host a anti-spam DNSRBL. You can host a DNSRBL.
Then everyone is free to use the DNSRBL or not. So you can select to use for example my DNSRBL in your mailserver, and reject mails to your server based on my criterias.

Same with taint list, you select which taint lists you want to use, and you reject coins to your account (=all adresses your bitcoin client recognize as yours) based on these lists.
And taint list does not only need to include stolen coins, it can be "bad" coins in other ways.

The *each end user* decides if they want to use taint list or not, and downloads the taint list they want.


"Who decides if a coin was stolen?"
You decide. Taint list is a tool that lets you reject depoist in your account that have been in touch with a specific adress.
You decide if you want to download a taint list from Bitcoinica listing addresses that Bitcoinica had their coins stolen to.
You decide if you want to download a taint list from me where I list adresses where coins were stolen from me.
You decide if you want to download a taint list from MtGox which MtGox list addresses they deem contain "stolen coins" and not accept any exchanges for.


About TX fees: How long do you need to wait for a small 1:1 transaction to be admissable on the network without fee? Maybe the taint list feature could wait so long.