Pages:
Author

Topic: The flaw of Bitcoin economic/security model. (Read 2554 times)

sr. member
Activity: 269
Merit: 250
August 02, 2012, 02:02:35 PM
#21
What if someone created a Bitcoin Exchange where in order to trade, you first place the order on the site. Let's say it's a sell order. Then the site gives you a Bitcoin address to send the funds to for the order. You send the BTC to the address, and when the order is filled the fiat currency is sent to Dwolla. It isn't imperative that the payment processor be Dwolla obviously, I just can't think of a better payment processor for this use-case ATM.

It might not be good for some uses because of the increased transaction fees compared to MtGox (bots and trading methods that use many transactions), but there would be less trust involved, as the site would not need to hold funds for long. One would only have to trust the exchange to not run away with one's order funds while the order is still in the book.

What are the reasons this would not work?

An exchange that would use Trustless, instant, off-the-chain Bitcoin payments, would have similar idea behind it, but the transaction to place the order would be instant, free and off the blockchain so it won't bloat it.



Bitcoin system assumes that a business with a good reputation has the integrity to deliver goods in exchange for received bitcoins and would not disappear with customers money because it had to spend a lot of time to build the reputation in the first place.

The bitcoin system makes no such assumptions. Bitcoin is just a tool. What you do with it, whom you choose to trust is up to you.

Saying that bitcoin security is flawed because people choose to give up control of their private keys is like saying that the security of a door lock is flawed because you gave the key to a caretaker who emptied your house while you were on holiday.

Of course, for the economy to function, a good trust management system is required as a layer on top of bitcoin.  But the two systems are independent of each other.


Bitcoin as piece of code is a tool, and everyone free to use it as they wish. Bitcoin as payment system encourages businesses, that have to hold customers bitcoins, to steal it and bankrupt the company. The assumption was that Bitcoin as payment system would work fine for exchanges and eWallets because customers would be able to make informed decision about the company based on its reputation.
hero member
Activity: 616
Merit: 500
Firstbits.com/1fg4i :)
...

So the flaw is that the incentive to steal emerge the moment a business finds it self in a situation where a theft would earn more money than any possible future profit...

...

Actually, it starts way before that; studies have shown that humans have a tendency of preferring smaller short-term gains over larger long-term ones.
legendary
Activity: 1072
Merit: 1181
In my opinion, Bitcoin is a digital currency, and not a payment processor. Since it is digital, one can much more easily build payment processors on top of it.

Currencies do not provide the ability to revert transactions. You cannot ask a paper dollar to return to your hand when the other party does not provide a requested service. The only difference is that in the Bitcoin world, the other party is rarely physically close while doing the transaction. If that means you require a money-back guarantee, I suppose it shows the need for payment processors (that you can trust...).

I don't think this is an issue. Over time, solutions will develop that work similarly to what you're used to, if they are needed.
legendary
Activity: 938
Merit: 1001
bitcoin - the aerogel of money
Bitcoin system assumes that a business with a good reputation has the integrity to deliver goods in exchange for received bitcoins and would not disappear with customers money because it had to spend a lot of time to build the reputation in the first place.

The bitcoin system makes no such assumptions. Bitcoin is just a tool. What you do with it, whom you choose to trust is up to you.

Saying that bitcoin security is flawed because people choose to give up control of their private keys is like saying that the security of a door lock is flawed because you gave the key to a caretaker who emptied your house while you were on holiday.

Of course, for the economy to function, a good trust management system is required as a layer on top of bitcoin.  But the two systems are independent of each other.
sr. member
Activity: 800
Merit: 250
TL/DR
1) Deal with public companies
2) Don't deal with companies which "hang on" to huge amounts of customer funds.

Every noticeable eWallet and Bitcoin Exchange falls under second category.

What if someone created a Bitcoin Exchange where in order to trade, you first place the order on the site. Let's say it's a sell order. Then the site gives you a Bitcoin address to send the funds to for the order. You send the BTC to the address, and when the order is filled the fiat currency is sent to Dwolla. It isn't imperative that the payment processor be Dwolla obviously, I just can't think of a better payment processor for this use-case ATM.

It might not be good for some uses because of the increased transaction fees compared to MtGox (bots and trading methods that use many transactions), but there would be less trust involved, as the site would not need to hold funds for long. One would only have to trust the exchange to not run away with one's order funds while the order is still in the book.

What are the reasons this would not work?
sr. member
Activity: 269
Merit: 250
The problem solves itself over time. It's a process.

I assume you are referring to the fact that Free Market can solve a lot of problems over time.  But in order for that to work a customer has to be able to make informed decision about competitors. But we know almost nothing about internal procedures of exchanges and eWallets, so Free Market is not going to work, or it will be a very slow process, like decades slow, unless businesses would start to disclose information about how they operate.
legendary
Activity: 1008
Merit: 1023
Democracy is the original 51% attack
EDIT: TL;DR: The problem of integrity of certain business models is fundamental because of how Bitcoin works, and it's not going to go away with time on its own.


There have only been a few bad apples, and this is to be expected of any new blooming industry. Deal with people who are reputable, and give your money in direct proportion to the entities you trust. The problem solves itself over time. It's a process.
sr. member
Activity: 269
Merit: 250
Again, when I write "profitable" I am not referring only to monetary value..
Money is a good servant but a terrible master.

You believe that everyone else share those values, but security model shouldn't rely on a faith.
legendary
Activity: 1221
Merit: 1025
e-ducat.fr


Every entrepreneur knows it's a lot more profitable to build value over time than to take the money and run which is a one-time gain.

If it is more profitable to build a company with long term strategy in mind and provide good service, then this is how the company would conduct its business. For example, the company may provide free training that is not directly related to work tasks, strangely enough, but it may result in better profit in the long term. In my original post I described that in Bitcoin environment a business owner that holds customers bitcoins have strong incentive to steal it, even if it means destroying his company, because it would earn more profit then any long term strategy.
Again, when I write "profitable" I am not referring only to monetary value..
Money is a good servant but a terrible master.
hero member
Activity: 756
Merit: 501
There is more to Bitcoin than bitcoins.
Can you recall a situation when you were offered something for "free" and it was really free, so you could just take it and not give anything back?

Yeah, most of good things in life. Perhaps you happen to live in a terrible place, surrounded with assholes?
sr. member
Activity: 269
Merit: 250
There is no such thing as a "trustless" transaction.

When I use bitcoin I trust that 51% of the network hashing power is held by "honest" miners.

I didn't come up with the proposal and its name, the credit goes to Meni Rosenfeld. I guess that by "trustless" he ment the vast difference of required trust between what we have today and his solution.


Every entrepreneur knows it's a lot more profitable to build value over time than to take the money and run which is a one-time gain.

If it is more profitable to build a company with long term strategy in mind and provide good service, then this is how the company would conduct its business. For example, the company may provide free training that is not directly related to work tasks, strangely enough, but it may result in better profit in the long term. In my original post I described that in Bitcoin environment a business owner that holds customers bitcoins have strong incentive to steal it, even if it means destroying his company, because it would earn more profit then any long term strategy.


Most entrepreneurs are not in it for the money.

Can you recall a situation when you were offered something for "free" and it was really free, so you could just take it and not give anything back?
legendary
Activity: 1221
Merit: 1025
e-ducat.fr
@OP

There is no such thing as a "trustless" transaction.

When I use bitcoin I trust that 51% of the network hashing power is held by "honest" miners.

Every entrepreneur knows it's a lot more profitable to build value over time than to take the money and run which is a one-time gain.
And guess what ? Most entrepreneurs are not in it for the money. Money is a result, not an objective.
hero member
Activity: 756
Merit: 501
There is more to Bitcoin than bitcoins.
The only purpose of a business is to make profits as big as possible. An overwhelming majority of examples prove that any other motivation, including personal moral values, doesn't matter in the long term.

...stated with a confidence of a North Korean high-school class president. That aside, I like the technical solution you are promoting.
donator
Activity: 1218
Merit: 1079
Gerald Davis
Every noticeable eWallet and Bitcoin Exchange falls under second category.

But doesn't have to if multi-sig is used.  Also I would say blockchain.info has limited access to funds.  While they could modify their javascript to steal keys it would be a situaiton similar to our enterprise.  They could at most get away with it for a short period of time and the amount of funds at risk would be limited.
sr. member
Activity: 269
Merit: 250
If the business owners are know it shouldn't matter.  Company loses customer funds through employee theft, inside job, scam, hack.  It doesn't matter the company is liable.

I was taking about a theft that destroys company's reputation and forces it out of business, it's a one time thing (three in case of Bitcoinica). If the company goes bankrupt, then there is nothing could be done to recover customers bitcoins.


One way to reduce the risk is to change the risk vs reward ratio.  You can raise the risk (for the scammer) by dealing with public companies.  You can lower the reward by dealing with companies which don't hold a huge amount of customer assets.  We bought 40,000 BTC this month however we never hold client's funds.  We payout the same day.  If Tangible Cryptography starting stealing customer funds how long do you think we could get away with it.  A day?  two days?  How quickly would sales slow to a tickle when dozens of users reported not getting paid?  The reward goes way down because we are never in a posistion to steal the full 40,000.  We might get away with a couple thousand BTC at most.   Even if the risk was 0% (and it isn't) honestly it is more profitable being legit.

Hopefully Tangible Cryptography will continue this practice of not holding significant amount of customers money, so there wouldn't be any temptation to run away with it. In my original post I have detailed description of why and how it could happen.
The exact same idea of holding customers funds for the shortest possible amount of time is behind the proposal: Trustless, instant, off-the-chain Bitcoin payments . A company holds customer's bitcoins only for seconds and only those required to complete transaction.


TL/DR
1) Deal with public companies
2) Don't deal with companies which "hang on" to huge amounts of customer funds.

Every noticeable eWallet and Bitcoin Exchange falls under second category.
donator
Activity: 1218
Merit: 1079
Gerald Davis
If the business owners are know it shouldn't matter.  Company loses customer funds through employee theft, inside job, scam, hack.  It doesn't matter the company is liable.

One way to reduce the risk is to change the risk vs reward ratio.  You can raise the risk (for the scammer) by dealing with public companies.  You can lower the reward by dealing with companies which don't hold a huge amount of customer assets.  We bought 40,000 BTC this month however we never hold client's funds.  We payout the same day.  If Tangible Cryptography starting stealing customer funds how long do you think we could get away with it.  A day?  two days?  How quickly would sales slow to a tickle when dozens of users reported not getting paid?  The reward goes way down because we are never in a posistion to steal the full 40,000.  We might get away with a couple thousand BTC at most.   Even if the risk was 0% (and it isn't) honestly it is more profitable being legit.

TL/DR
1) Deal with public companies
2) Don't deal with companies which "hang on" to huge amounts of customer funds.
sr. member
Activity: 269
Merit: 250
hmmm, nothing there that can't or doesn't happen with fiat money. Dodgy businesses are dodgy businesses no matter the payment system.
I guess you send your cash off to anonymous people and hope they send you goods? -unlikely, why would you send "digital cash" to anonymous people
Bitcoin is not responsible for the people that use it any more than the USD can be blamed for drug trafficking.

Privacy provided by Bitcoin encourages fraud on business side, because it is possible to steal without anyone be able to prove that it was an inside job, even if identity of every employee is well known.
vip
Activity: 980
Merit: 1001
EDIT: TL;DR: The problem of integrity of certain business models is fundamental because of how Bitcoin works, and it's not going to go away with time on its own.

Bitcoin system assumes that a business with a good reputation has the integrity to deliver goods in exchange for received bitcoins and would not disappear with customers money because it had to spend a lot of time to build the reputation in the first place.

The only purpose of a business is to make profits as big as possible. An overwhelming majority of examples prove that any other motivation, including personal moral values, doesn't matter in the long term. Reputation is built by a business in order to gain profit, therefore trashing it is irrelevant if stealing would result in even bigger profit.

So the flaw is that the incentive to steal emerge the moment a business finds it self in a situation where a theft would earn more money than any possible future profit, and the level of anonymity provided by Bitcoin makes the theft probable because it is very hard to legally pursue those responsible. Scams happened over and over again, and with each iteration it's getting bigger. Reputation system works well when customer has the ability to recover funds in case of a fraud, but it doesn't work very well in Bitcoin environment. Escrow system can help with the problem but there is a business cases where it can't.

A business that holds customers bitcoins such as eWallet and Trading Platform has to have full control because it needs two features, instant transactions and scalability, for example, it is not possible for a Trading Platform to settle Bitcoin transactions between its users using blockchain, there is just too many of them and Bitcoin Network wouldn't be able to sustain it.

There is a technical solution, that's waiting to get implemented, it provides those two features without giving full control over bitcoins: Trustless, instant, off-the-chain Bitcoin payments . In short, the business would have control over only executed transactions and not full balance, if a customer doubts its integrity then he could just stop using the service and that will guarantee full recovery of his balance.
hmmm, nothing there that can't or doesn't happen with fiat money. Dodgy businesses are dodgy businesses no matter the payment system.
I guess you send your cash off to anonymous people and hope they send you goods? -unlikely, why would you send "digital cash" to anonymous people
Bitcoin is not responsible for the people that use it any more than the USD can be blamed for drug trafficking.
sr. member
Activity: 269
Merit: 250
There is no difference between what you describe, and any other currency.

Zhou Tong for example was not anonymous -- he is liable for damages just the same as if he transacted only in dollars.

Long term profit generation is maximized by maintaining an ongoing business. Zhou Tong would have made much more by continuing to operate Bitcoinica or maintaining a significant share in the company.

/thread

Bitcoin is pseudonymous, yet this is not a requirement.

Simple answer, don't do business with the pseudonymous.

It could be possible to prove that Zhou is responsible for the third hack of Bitcoinica because he was very very stupid. But what about the second hack, would we get a definitive answer about Zhou involvement?
member
Activity: 111
Merit: 100
There is no difference between what you describe, and any other currency.

Zhou Tong for example was not anonymous -- he is liable for damages just the same as if he transacted only in dollars.

Long term profit generation is maximized by maintaining an ongoing business. Zhou Tong would have made much more by continuing to operate Bitcoinica or maintaining a significant share in the company.

/thread
Pages:
Jump to: