Bitcoin Forum

Introduction

One of most commonly raised issues with Bitcoin is that of crime and punishment. Over the past 40 years our societies have, through both fair means and foul, built an integrated anti-money laundering system that attempts to let governments trace the proceeds of crime.

Trying to fight crime through chasing money flows is an intuitively attractive proposition - much crime is motivated by profit, so it stands to reason that if you could somehow make it hard to use the profits of crime, you’d reduce all kinds of unrelated crimes simultaneously. Killing N birds with one stone, so to speak.

Evidence that existing AML approaches are worth the cost is limited - governments seem to rarely study the topic and when they do, findings that it isn’t working very well are simply used to justify making the system ever more pervasive and extreme (e.g. lower reporting thresholds).

However, crime (or fear of crime) is a very common concern amongst citizens and politicians are highly responsive to that, and therefore also highly responsible to requests from law enforcement. The worst case scenario is for Bitcoin vs fiat to be presented as a choice between either freedom or the rule of law because most people would prefer to have both, but given a binary choice we know that many will actually choose the latter over the former. The approach of the USA post 9/11 being a good example.

Can we have our cake and eat it? By that I mean, can we build an approach to fighting crime through finance which is Bitcoin-ish, that is:

• Decentralized
• Open
• Democratic (or market based, take your pick)
• Private
• Effective at raising the bar for criminals
• Potentially acceptable to lots of people with a wide range of political views, so it can be positioned as a credible alternative to just banning Bitcoin or imposing untenable AML requirements on its users?

I think the answer is yes, and we can do it by combining tainting with private set intersection protocols.

Note that the definition of “crime” is not what you might expect and I will go into that later.

Overview

PSI protocols allow a client in posession of a set to intersect its set with that of the server, such that the client doesn’t learn what’s in the servers set (beyond the elements that intersect), and the server doesn’t learn what’s in the client’s set at all (not even the intersection). PSI can be implemented using garbled circuits. Huang, Evans and Katz showed that with optimization generic MPC can either beat or match custom protocols but with greater genericity in their paper “Private Set Intersection: Are Garbled Circuits Better than Custom Protocols?”:

http://rt.cs.virginia.edu/~evans/pubs/ndss2012/psi.pdf

Let us imagine that in the market there is an arbitrary number of what I’ll call blacklist providers. Some may be operated by governments, others may be operated by communities that self police (for instance, the Bitcoin Police group here on this forum). To give an extreme example, the Silk Road might operate one themselves for the purposes of handling scammers. Blacklist providers maintain sets of outputs that are blacklisted or tainted in some way, for instance because the owner reported them stolen or because it’s believed they are owned by some criminal enterprise.

End users have wallet apps that subscribe to zero or more blacklists. The users themselves choose which blacklists to use. On receiving a payment they proceed to trace backwards recursively adding outputs to their client set. The depth to trace is discussed later. Once that set is calculated they do a private set intersection with their chosen blacklist providers.

If a transaction is flagged this way, what to do is up to the end user. They could report it. They could not report it but refuse to deal with the counter-party. They could ignore it. If the counterparty is trusted, they could be asked where they got the money from and the process of walking backwards through the graph of real people or entities can begin to try and identify the culprit.

The privacy provided by these protocols is important in two ways:

• End user privacy: the provider of the blacklists doesn’t know what is in the users output set, nor when there’s a hit. This prevents blacklist providers trying to engage in global surveillance. It also means that providers cannot easily mandate any kind of action when a flagged transaction is found, because they do not even know when it occurs.
• Server privacy: the blacklist themselves can be secret, encouraging usage. In many cases victims of theft don’t want to announce to the world that they were hacked or scammed, this scheme means only the blacklist operator needs to know of their predicament. It also means outputs can be tainted or blacklisted without the target necessarily finding out - even if the blacklist is open access and not restricted to particular parties, they’d have to be constantly checking it and repeat queries could be identified and blocked by simply requiring an anonymous account (or passport/fidelity-bond).

Definition of crime

One issue with trying to fight crime in an international, decentralized financial network is the fact that there’s no one definition of what bad behaviour is. Most obviously, different jursidictions have different laws. Less obviously, the laws of a country may not accurately reflect the feelings of its citizens, e.g. in oppressive regimes or when large numbers of ordinary people end up criminalized (war on drugs, etc).

Fortunately, a list-of-blacklists approach automatically solves this problem for us. If each blacklist represents a particular class of behaviour and nobody except the user knows when there a hit on the blacklist, then the difficulty of tracing a “guilty” party increases dramatically with each hop in the chain of trades which does not result in blocking/reporting.

Let’s make this concrete. On this forum there are lots of libertarians. The libertarian philosophy emphasizes private property rights (theft is bad), and individual freedom (you should be able to get high if you want to). In a highly libertarian society, whilst some entity may serve a blacklist of outputs involved in the drugs trade many people may choose not to check it - or alternatively, to check it and then ignore the outcomes. Even if the government runs that blacklist there’s no way to know when there was a hit.

Alternatively, some private institution may run a blacklist that deals only with theft - if money is stolen via hacking then the outputs can be added to the blacklist set so people who believe theft is bad (ie, nearly everyone) and that the provider is trustworthy can check against it. Note that there’s no automatic punishment of these transactions here, so there’s no concern with people maliciously reporting their own legitimate payments as theft … all that would happen is when the legitimate receiver tries to respend the coins and is questioned/reported/flagged they would show evidence that the payment was real (like, a signed payment request) and the malicious party would be ignored by the blacklist provider in future.

In this way, investigation of crime can be decentralized, both allowing far more huge and effective scale than existing AML whilst simultaneously allowing people to exercise their own judgement over what is bad. The fewer people that are checking a particular blacklist, the more effort is required to recursively ask  people “where did you get this money from?” and therefore the likelyhood of prosecution drops in line with societies collective lack of interest.

How deep to trace

One obvious problem is that if the taint depth is fixed, then any bad guy can just generate a tree of transactions deeper than that and know they won’t ever be flagged. The depth can be specified in terms of time rather than tree depth, but this is also an arbitrary magic number that can be gamed - for many crimes waiting a while may not be a big deal.

One possibility is to use whitelists for tracing. Let’s call a hub of economic activity like an exchange, popular merchant or even tax collector a nexus. Nexuses can serve private sets of outputs that they have themselves checked against blacklists. Therefore you can keep tracing until you find a hit against one of the whitelists, at which point you don’t need to go any further - you know that part of the tree is clean. If you're a nexus you then add those outputs to your own private set. Eventually the outputs can be dropped according to some specific formula determined by the cost of the nexuses resources.

If the recursive exploration gets too large without hitting a nexus, that is itself a sign that the transaction may be suspicious, but it’s a signal that’s hard to game because in most cases the counterparty won’t know what the depth profile of your average transaction looks like.

Resource consumption and full-set attacks

PSI protocols can be implemented using generic multi-party computation but it was previously assumed that this would be too slow, and special protocols had to be designed. The previously linked paper dispels this notion with measurements of real implementations and shows that with sufficiently smart optimization, generic MPC with Yao’s garbled circuits can match or beat the best known specific protocols. Note that the paper also contains a nice overview of how garbled circuits work if you aren’t familiar with the topic.

The UTXO set size is currently 4M. Even with a 32 bit set size (4 billion possible outputs in the blacklist), according to their results it is possible to run the multi-party computation in around 10 seconds. Admittedly that is with a LAN and desktop computers, not smartphones and WANs. However there have been more optimizations since and real-world demonstration of intersection of sets from large universes such as contact lists that run on Android phones, so by the time anyone actually implements this scheme it’s very likely to be feasible due to better algorithms and hardware.

One advantage to using generic garbled circuits is that you can easily add auditing on top to prevent a client attempting to upload, for example, the entire UTXO set and thus stripping server privacy. The size of the set to intersect can be limited to some reasonably small value and accounts/passports/fidelity bonds used to prevent or block scraping attacks in which someone tries to enumerate the entire set by submitting lots of queries.

Government attacks

It should be obvious that this scheme is not intended to resist a maximally coercive government. Bitcoin itself cannot work inside a totalitarian police state because a currency must be widely accepted to be useful, and thus people must publicly advertise that they accept it. An unconstrained government can just fine, jail or kill anyone who advertises that they accept Bitcoin.

Instead this scheme is designed to be an acceptable proposal to existing western governments that are somewhat democratic. It balances the desire to fight crime with the need for privacy and blocking abuse by the state. In practice, all democracies recognize this balance is important and (try to) constrain what the police can do.

One failure mode is that governments may try to mandate police produced “superblacklists” that merge things the user cares about stopping with things the user doesn’t - given a match, it’s impossible to know what the reason for blacklisting was, and given the requirement for everyone to use it, auditing compliance is fairly easy using sting operations.

There isn’t any good solution to this beyond the people demanding that the blacklists be fine grained (i.e. one for drug offences, one for theft, one for corruption, etc). It’s hard to argue against such a setup because it only adds information to the system: having undifferentiated blacklists is tantamount to admitting that some laws don’t enjoy wide support but you want to enforce them anyway. It’s a position that’s trivially reduced to “I don’t believe in democracy”, which is a difficult position for a politician to hold over the long run.

The problem I see is that users will converge on a set of blacklists whether they agree with the reason for blacklisting or not. Here's how (so you can explain what I've missed :) )

Suppose someone obtains some coins through a drug deal, and I don't care about that, so I happily accept his drug money for some other service. When I later try to spend that drug money, a large number of people refuse to accept, so I'm forced to use clean money for that transaction. This essentially means that the drug money is unspendable, and hence worthless, or simply worth less than clean money. I decide I'm not making that mistake again, so even though it's against my political principles, I refuse to accept drug money in future. I'm now one more person who has cut off anyone using drug money.

Combine the above with the fact that the majority of people don't want any trouble at all - even when completely innocent, and so will choose not to accept money on any of the blacklists run by governments, and you end up with a situation where your money is worth the most if it's not on any of the blacklists.

People in general are lazy, stupid and only willing to fight for their political beliefs when they personally are being persecuted, so I think the idea that we'll have some happy equilibrium representing what the majority believe in will not happen.

If the only people who think that crime is acceptable are you and the drug dealer, then yes, you're hosed. But then you should be hosed because the group consensus is that this behaviour is very bad and should be stopped.

For something like selling some weed, probably you can find other people who don't care. The money isn't quite as convenient as regular money and that would be reflected in, perhaps, you charging a higher cost to accept blacklisted coins (that is another action you can take beyond reporting, refusing or ignoring). But ultimately by the time it hits someone who does care, you might be three or four hops along in the trading chain and then the cost to the police to recursively figure out who got the money from who (and get warrants, etc) is so high that it's not worth it anymore and they move on to fry bigger fish.

Your example might be more applicable to crimes with a much stronger group consensus, like trading hard-core child porn.

Mike this is really cool and thought provoking. How did this come up? Is this your work? Is bitcointalk.org the first place it appeared? What is the motivation behind the work?

Thanks

I don't know of any other proposals to use PSI protocols for crime fighting, but the general idea of taint has been around for a while. And yes this post is written and researched by me. I try and find ways extensions to Bitcoin could impact on society, in particular, to solve common objections to the concept of crypto-currency.

Maybe we should also add RFID chips to paper money and keep databases of 'bad paper notes' so criminals can only trade between themself so their money isnt worth as much as 'clean money' anymore.

Or maybe you should quit working on bitcoin, makes me sad to hear something like this from a bitcoin dev :(

do you hear the words coming out of your mouth???   taint the blockchain...are you fucking nuts?  letting people get to pick and choose who can or cant use their money? ummm..cause we dont like you? I think this goes against the whole principle of btc.

" Even if the government runs that blacklist"  ...wow.

Won't this make vigilantes pop up? wanna be superheroes? death squads?

These technologies should be anticipated and discussed because if feasible it is likely they will be built eventually. He did not suggest adding this to the protocol itself. It would be an additional service provided on top of Bitcoin. The technical considerations are interesting ones and this is worth discussing even if one disagrees for political reasons.

The proposed my Mike technology is potentially making Bitcoin less perfect currency because it is an attack on one important property which is necessary for money. I refer here to fungibility http://en.wikipedia.org/wiki/Fungibility.

It will anyway be countered by more advanced mixers and in the end will not be effective and will only increase amount of dust in the blockchain.

Another way it can be countered is by off-chain transactions, for instance with chaum banking that provides absolutely secure privacy with math, or by trusted hardware coins.

Of course, one of the first blacklists will be for anyone providing or using genuinely private off-chain transactions...

Look...I am neither young nor dumb enough to not realize that there WILL be regulations...and I am for the rule of Law. Criminals just plain suck. At least career criminals do in my mind. Everyone makes mistakes tho. What happens to those people? Added to a blacklist...for...say a DUI. Now that persons coin is not worth as much because they are a credit risk? That being said I dont think whitelists and blacklists will sell very well to the masses anyway. Who is to say what is put on such lists and by whom? Some as yet to be named central authority? Yes...these concepts do need to be discussed. I fear something like this would lead to stratification and classification of individuals.

I am still trying to wrap my head around the whole bitcoin concept to be completely honest...I have this feeling that it will be the catalyst for a brighter future for mankind and I am humbled and honored to be a witness.
Let's not fuck it up.

zif

Who do we appoint to operate said blacklists?  And how do we enforce them?  If nobody cared about setting their clients up to reject flagged coins, it wouldn't matter.  It would have to be enforced by law for it to catch on, as the vast minority which chooses a couple of flags will find it very troubling when Jack wants to send Sally some coins but Sally can't accept his money when it's tainted by a flag passed down by 20 people who don't care for flagged coins.  So Sally would either have to turn her flags off temporarily to trade with her good friend Jack, or tell Jack off.

Now lets say blacklist operators are privately owned (which they cannot be, for nobody will pay for this service, so they will have to be subsidized)  Privately owned blacklist operator owner Sandy agrees that if you slip her a small fee, she'll scrub your coins off (by deleting their flags)  Now you have clean coins, ready to make a drug purchase all over again.  Uh oh!  Time to invoke a law: coin scrubbing is now illegal.  The blacklist operators continue to decline as their non-businesses conduct non-business, and the general public continues to pay for them to perform a service of figuring out which coins need flags and why.  By the time any court can figure out what theft has officially happened (or any crime involving the coin, really) the coins could be passed down several, several times, either to mules, or actual people.  So the guy holding the tainted coin attempts to pass it down, but the next guy has all his flags checked, not because he gives two bits about crime, but because he doesn't want someone else's tainted coin that is now completely worthless.  Ensue a downward spiral of money being rendered useless and people finding it harder and harder to conduct business as they realize they're holding onto hot money.

Now let's assume half of a society has their flags on, and are not accepting tainted coin.  This creates a subculture, the same one we've always had, which is perfectly a-okay in trading their tainted coin for criminal goods.  We can now call these coins blackcoins: the coins which are blacklisted.  It's like black market credit, at that point.  Unless people are forced to refuse flagged coins, they won't, or won't always.  You still have a system for people to commit criminal acts, and as long as a large portion of the population is okay with using the blacklisted coins as tender, they will continue to be used.  At least until Sandy lowers her prices.

A system such as this will go against everything Bitcoin is designed for: privacy, and freedom.  Privacy and freedom mean, however you feel about crime, that it is private, and free.  It cannot be used as a tool to fight crime and remain completely functional.  Assigning a system such as this to Bitcoin would be the same effect as banning guns; the coin isn't committing any crimes, and should not be held suspect.  If Sally wants to buy headphones from Jack, she shouldn't have to worry if her money was suspected of being used to hire a hitman several years prior.  Doll over a few years, and all 21 million eventually become tainted--do they reset the flags?  And if they do, why bother with the system?  It's an inconvenience, and will hinder trade in the hopes of moral correctness.

Thank you Mike! You addressed a very valid obstacle to adaption and present danger to our investment. We have to show the way otherwise we will be shown and possibly wont like it.

Since block chain traversing algorithms are not feasible on an SPV or a server trusting client, this flagging might be service(s) that customer could consult. Mining pools might also differentiate themselves by mining "clean" blocks according to their definition of purity.

How do you separate good and bad and what levels of tainted coins is acceptable? Why wouldn't someone just go collect some very tainted coins, and then dust a many good addresses.

Problem really is that once you have transaction the coins are yours. And if client's flag it the receiving address is also bad. Tough luck if you didn't use fresh one... I just see too many problems and issues...

Tracking the stuff is all fine, but not-accepting them is hard and destructive...

There are a few misconceptions in the comments, maybe not everyone fully understood what I was getting at.

• Who is appointed to run the blacklists? Nobody in particular. That's the point. It is or can be a form of community self policing. Silk Road could run a blacklist. The police could run a blacklist. In the eyes of the system they'd be equals. Who pays for them? Depends on the kind of issue we're talking about, right? Any time you have a community that wants some kind of self-policing, there could be such a thing. I doubt it'd be expensive to run. If you want some kind of ultra-libertarian completely privatised police force you could use assurance contracts to pay for them.
• How do we enforce them? We don't. It's up to the users to decide what to do when a transaction is flagged. Rejection is not necessary, you can as well just accept the coins and then inform someone else who can follow up/investigate. If you think the whole system is bullshit, then just don't check any lists or ignore any flaggings if you do. Problem solved.
• What if everyone ends up with tainted coins? Taint can be removed because when it passes through the hands of a nexus that is known to take some kind of useful action on a blacklist hit, they can add their own outputs to the whitelist and the graph traversal stops there. Eg, if somebody steals coins and sends them to Mt. Gox, then Mt. Gox can go ahead and file a police report and then add their own outputs to their nexus whitelist. Wallets stop searching at that point because you trust Mt. Gox to "clear the taint". So it isn't possible for taint to last forever (you'd eventually have to stop searching due to resource usage anyway, even if you don't hit a nexus).
• How can this be used against the innocent? If a blacklist routinely ends up including outputs that are not associated with any kind of real criminal activity (as judged by the person/entity checking it), then it'd make sense to just stop using it. Remember, this is a community based solution. Nobody has the power to centrally stop or block transactions. If your salary ends up on a blacklist intended for identifying money used in the child porn trade, and you're innocent, then you should be able to make a loud noise through the press, etc, and people would realize that this list is being abused. So they'd stop checking it.

Vladimir says, people would just use coin mixing and the system wouldn't work. Yes, indeed, tx graph obfuscation breaks such an approach. At least if they don't take each other into account. It'd be up to the user community to trade those things off. For instance, you could engage in a mix but only accept old coins that don't appear in any of your blacklists.

But there's something to consider - we all benefit from a stable society that isn't overrun by murderers and thieves. If you're deliberately impeding legitimate investigations into real crimes, whether it be by the police or otherwise, you're really just undermining the source of your own wealth. I think most people would understand that.

Here's an example. Let's say there's a blacklist called the emergency response list. It's used only in the most serious and time critical cases. The operator is the police and they ask subscribers to inform them immediately on encountering a hit. Bob the executive comes home from work early one day and discovers his girlfriend in bed with another guy. Enraged, he grabs a hammer and smashes both their skulls in. Realising what he's done he goes on the run. The girlfriends mother comes round an hour later and discovers the crime scene. She phones 911 and says that her daughter is dead along with another man, and Bob has disappeared.

The police ask the mother who Bob's employer is, and they then phone up the employer and ask them for the output set used to pay Bob's last salary. Those outputs are added to the emergency response list. Bob goes into a gas station and tries to refill his getaway car, when he pays the shopkeepers terminal flags the transaction. Bob still gets his gas but once he's out the door, the shopkeeper phones up the police and reports the guys location.

What about someone else who Bob paid money to? Their coins are also tainted. They're in a fashionable chain of restaurants and when they try to pay the bill, their transaction is flagged too! The restaurant owner also calls the police and describes the guy at the table, the response is "ah nope, that's not him", the bill is paid and the guy goes on his way - moderately inconvenienced for a few minutes, but not hopelessly so. What's more, because the restaurant chain is big, well known, and has policies for what blacklists they check and what they do, they are a nexus. When the chain pays its waiters at the end of the day it puts the salary outputs onto its own whitelist and then when the waiter spends his money, nothing is flagged.

Mike, this is not black and white. And I do not think any side of the argument has a clearly winning argument. Yes your scenario is understandable and "Bob the Murderer" is a bad guy and cops shall go after him and apprehend him etc... Nobody wants to save his behind. But now replace "Bob the murderer" by "Bob the Human Rights activist" who pissed off "Mallory the Drone herder" and in similar scenario Bob is being taken out together with the gas station and its owner by a drone.

I personally would prefer if some aspects of society such as money remained neutral and cops instead of spying on everyone would just do their job without unlimited Orwellian powers.

But again this is political and philosophical issue. Technically your proposal is sound and even in spirit of Bitcoin decentralization. If such solution is available it is up to the society to figure out how to use it and how to not.

 

First Jeff Garzik says to the WSJ: "We want to work with authorities".
Now Mike Hearn with this post.

Can I say these 2 dudes are now officially creeping me out without you guys calling me paranoid?  :-\

Yes. The assumption is that if Bob is really a human rights activist, then he either won't get blacklisted (because that kind of nonsense would result in people quickly abandoning the list), or he'll be able to persuade whoever he trades with not to report him. That lack of central control is key.

I don't know if it's really worth trying to implement such a scheme but whether we like it or not, Bitcoin is born into a world run by people who strongly believe in "follow the money" as a crime fighting technique. And if the people with an agenda are able to scare the other people into thinking Bitcoin means unstoppable crime waves then it's going to end up banned, simple as that. And then you won't be able to use it either.

That's why it's important to have credible proposals that meet-in-the-middle with acceptable compromises for everyone.

"A pack of wolves and a flock of sheep voting on what's for dinner" is the phrase that immediately springs to mind. You forget how easily these systems are exploited, and assume that ordinary human beings are clinically rational automatons.

This is sad. ''He who sacrifices freedom for security deserves neither''

I wouldn't be surprised if Bitcoin was to be forked, with some people continuing to use normal Bitcoin and some following Mike's steps in using its castrated counterpart, preferably with in-built tools aiding the State in controlling its minions' monies.  ::)

Mike has been advocating for removing the blocksize limit, which even he thinks can lead to there being only a few hundred, and as little as a dozen, validating nodes handling Bitcoin. Implement blacklists on that tiny number of validating nodes and you now have Bitcoin under central control, and opposing that control will be extremely expensive to downright impossible.

Not to mention how with small blocksizes the lack of privacy inherent in Bitcoin - every transaction goes on the public blockchain after all - puts you on an equal footing with big businesses and governments in monitoring and auditing the actions of other Bitcoin users. On the other hand, with large blocks you can't afford the computer equipment required to run a validating node, and thus while you have no ability to to monitor the network and follow the movement of funds but they do.

EDIT: s/will lead/can lead/


Well removing the blocksize limit is a fork, and more to that, it's not a technical "bug-fix" fork like is happening on May 15th - it will radically change what Bitcoin is.

re: Jeff Garzik, I can't speak for him, but personally I would be happy making a similar statement myself. But there is a big difference between working with authorities and educating them about how Bitcoin works and what the vulnerabilities are and introducing brand new vulnerabilities into the system itself.

I typed out maybe 8 different, very long, detailed responses to this, but in the end all I can really say is meh... not a fan.

I can't see it being terribly useful beyond the transaction immediately following the "taint".

retep, please don't put words in my mouth. I have never said I think there will be a few hundred or a dozen validating nodes, where did you get that from? Nobody knows how many there will end up being, but on a global scale I'd expect hundreds of thousands if not more.

Regardless, the entire point of this proposal is it is not state control. It's a system based on majority consensus, just like Bitcoin. malevolent clearly hasn't read what I wrote because there's no fork of Bitcoin needed. Checking blacklists is an optional extra layer on top.

Well, I can admit I hyperbolized, hence the use of the '::)' smiley at the end. What I wrote is what can happen - first we start with your proposal, 5 years later we end up with developers being paid by govt. agencies to introduce some change or two in the protocol that may aid in tracing 'laundered' coins, of course the change could at first and second sight appear to most insignificat enough as to make it easy to convince most of the network to adapt for their own safety; how many people are there out there that are very well-versed with the Bitcoin protocol, cryptography and networks among the Bitcoin users as to not be fooled by this? I am sure less than 50%  https://bitcointalk.org/Smileys/default/rolleyes.gif. The point I am trying to make is that what you are proposing is not something that should be of Bitcoin developers' concern and that you should remain neutral. Let the state figure it out for themselves because your solution, despite good intentions, may be a step back from what Bitcoin was destined to become.

No Mike, it's nesting an undefined number of majority consensus systems within Bitcoin, and these will be based on the moral judgements of potentially pernicious actors. The whole point of Bitcoin is to de-politicise money, and you're attempting to argue for an overlay that explicitly politicises transaction acceptance. Continue with this, and you will end up arguing in favour of a different protocol to the one that users want. Majority consensus does not make for a good solution to every problem, hence voting rights being rescinded from the mentally deranged.   

This is a trend toward mediocrity, diluting what's good about the system. It's as bad as gold derivatives.

So long as none of this enters the protocol itself, it may be very difficult to gain widespread usage of such blacklists - or hard to act upon. May it remain disused and ignored for as long as possible.

What about someone else who Bob paid money to? Their coins are also tainted. They're in a fashionable chain of restaurants and when they try to pay the bill, their transaction is flagged too! The restaurant owner also calls the police and describes the guy at the table, the response is "ah nope, that's not him", the bill is paid and the guy goes on his way - moderately inconvenienced for a few minutes, but not hopelessly so. What's more, because the restaurant chain is big, well known, and has policies for what blacklists they check and what they do, they are a nexus. When the chain pays its waiters at the end of the day it puts the salary outputs onto its own whitelist and then when the waiter spends his money, nothing is flagged.

Is that all that would happen? Wow. People calling the cops on me cause someone gave me tainted coins and I used them.

I do not like this idea

This concept has been discussed at length before and vigorously rejected:

https://bitcointalk.org/index.php?topic=85433.0

Following these principles merely serves to destroy the important property of Fungibility which all currencies should have. Any attempts to move in this direction should continue to be rejected for this reason alone.

:o WUT? This is a terrible idea!

Mike, this is vigilantism at it's utter worst. It would drive people away from Bitcoin faster than you can say, "we're taking 10% for all accounts over 100k Euros and 6% for all accounts under 100k Euros", noone can ever be certain the coins they currently hold will be accepted under a system like this. It also completely ruins the fungibility of Bitcoins that makes it such a good form of money.

We have courts and agencies in each country to deal with crimes committed on sovereign soil, this is their problem, not the Bitcoin network's. No person should EVER have to prove their innocence in order to spend their money. To think that it is the network's moral responsibility to ostracise payments based on an arbitrary and nebulous consensus is manifestly absurd. This kind of dangerous interference subverts due process in the country where the crime is being committed and would completely undermine the trust people have in the value of Bitcoin as a store of value.

Since when did we get the right to assign ourselves the position of multinational and morally righteous financial police?

HATE TO SAY I TOLD YOU ALL SO:

https://bitcointalk.org/index.php?topic=114372.0

But I did...

I don't know if it's good or bad I predicted this last year...

This not the first time Mike is taking up the same rhyme:

Freezing BitCoin addresses by regulating miners
April 17, 2011
by Mike Hearn
https://bitcointalk.org/index.php?topic=5979.0 (https://bitcointalk.org/index.php?topic=5979.0)

There is some hidden agenda, isn't it?

More on the same topic:

What if bitcoins that can be tracked back to Silk Road are declared 'illegal'?
June 22, 2011
https://bitcointalk.org/index.php?topic=20979.0 (https://bitcointalk.org/index.php?topic=20979.0)

Governments/regulators may eventually actually *like* Bitcoin. - coin blacklists
December 02, 2011
https://bitcointalk.org/index.php?topic=53539.0;all (https://bitcointalk.org/index.php?topic=53539.0;all)


EDIT:
My opinion: Bitcoin (as public ledger) is information. 'Tainted'/blacklisted/whitelisted coins are censorship in the purest form. When has censorship served for the good of humankind?

And he didn't get a good response then, either.


Mike Hearn clearly advocates Bitcoin as a means of diminishing financial liberty, not that of improving it. Please go somewhere else with this Mike, I am beginning to find your rhetoric rather deceitful. By all means, create an establishment conformant alt-coin, but stop trying to turn Bitcoin into one. Satoshi's intentions quite clearly never included rationalising for increased state control of the monetary system, in fact, it was quite clearly and consistently the precise opposite.

+1

I can only reiterate my concerns, but this is a very important topic and seeing Mike Hearn continue to vote in favor of it is even more unsettling. While your approach is intriguing from a technological point of view, the scenarios you describe don't seem very plausible to me and once such a system would be in widespread use it will just provoke countermeasures resulting in an arms race that will only lead to Bitcoin being a miserable experience for everybody in the end.

As the recipient of a transaction you will always bear the risk of receiving coins that will end up being blacklisted, because the crime of the sender was not yet reported or the verdict was not yet final (assuming the verification process is at least somewhat thorough). This will lead to everyone applying the most restrictive blacklists with the fastest and least false negative prone approval process possible before accepting any payment.


A decentralized blacklist approach sounds nice, until you factor in that most people are neither interested in nor able to personally assess the guilt of some suspect. Just have a look at how much debate there is over the scammer label in this forum and how time consuming these debates are. Do you really think each and every merchant will take the time to listen to your life story before accepting your payment? Who is going to pay for that time and effort? Also this merchant will have to convince their supplier as well to take the money, etc. Adding coin mixing to that equation will make it even more complicated.

Don't get me wrong: the fact that some crimes (especially corruption) will be much harder to trace with Bitcoin is one of my biggest concerns about Bitcoin in general, but I just don't see tainting coins as an acceptable way to go.

Think about it this way: would you argue that it is justified to require all Internet communication to be personalized and enforcing crime blacklists at the TCP level? Surely this would be an even more effective measure against crime but where do you draw the line?

Bitcoin is a tool for payments and not a tool to prevent or punish crime or to enforce arbitrary social concepts of justice!

Lets see....

Mike wants Bitcoin to be more appealing to mass adoption by giving Governments options.

But isn't that pointless since Cryto-currency is open-source?

How can this be implemented on all alt-coins to fight AML?

No, it would not converge. Should something like this ever reach a critical mass it will grow like cancer. The cleaner the coins the better so everybody tries to subscribe to as many lists as possible and goes down as many levels as possible.

This is a very bad idea.

Should it ever take foot there will soon be a new system to replace Bitcoin that is more anonymous and immune to this kind of control.

I'm curious about how people here would react if it became clear that a government ban on Bitcoin was being considered for the reasons Mike mentioned, and your political action wasn't likely to change this outcome.  Would you be willing to compromise and participate in such a self-policing proposal?  Would you thumb your nose at the authorities, and let them ban it?  Or would you perhaps go along with this for Bitcoin, but while participating in an underground fork (which avoids the chaos of transactions being valid on both chains somehow) whose focus was on extreme technical countermeasures to censorship and surveillance?  Or some other option?

This is bad

This already happens. What do you think SpamHaus is? That's right - a community run IP blacklist.

Spam RBLs are a good example of what I'm talking about. They were created because in most parts of the world spamming is either not a crime, or not an enforced one, but the internet community needed to beat spammers or  have email become completely worthless. So you started getting private blacklist operators and email servers check some subset of these blacklists.

Did some of the fears expressed on this thread become true? A little bit. Yes, spam RBLs reduced the "fungibility" of IP space because you might request some IPs and then discover they were already abused by their previous owners, so now not all IPs are created equal. SpamHaus and friends do sometimes blacklist people who are "innocent" or at least walking the line.

But at the same time, a lot of the more paranoid concerns never came true. Blacklists that were too aggressive and included too many innocent parties DID end up getting a poor reputation and being abandoned (I've seen this happen). Governments never seized control of the RBLs to censor email, even though they could have. Getting IP addresses didn't turn into a nightmare of endless blacklist checking. People did not abandon email en masse and it did not become a centralized system.

More importantly, because the internet community came up with its own solutions for fighting spam there wasn't much justification for governments stepping in and coming up with their own ideas, which would have been a disaster. If that'd happened you could pretty much expect an AML type solution for online communication, in which running an email server required licensing, ID verification of users, etc. Urgh.


They're incentivised in other direction by actually receiving money, right?

I think a lot of people have missed that one of the available actions is just to report a flagged transaction but carry on with it anyway. That way you get the money, the other guy gets to spend it, but there's some paper trail should somebody want to follow up. This is how AML actually works today anyway, banks don't have to reject suspicious transactions, they just report them.


That's not how it works. Let's say this forum operates a scammer blacklist and you and your money end up in it. OK, now when you try and spend that money, the other guy sees a message saying the money came from a scam. Firstly, that's probably a good thing - they're now informed whereas previously they weren't. Maybe they know your story and don't think the tag was deserved so they just go ahead and accept the transaction. Maybe they don't and decide they don't want to deal with scammer, OK, that's what the blacklist is for.

If they re-spend the money, it'll get reflagged again to the next guy. Maybe he doesn't know the underlying story and doesn't care, he just doesn't want any hassle so he refuses the payment.

You aren't hosed. You can "clean" those coins via a nexus. In other words, you take your probable-proceeds-of-scamming money and send it to a nexus who then goes ahead and takes some reasonable action, like recording who you are so if an investigation takes place in future there's some kind of trail to follow. Then they mark those outputs as clean in their whitelist and send them back to you. Now you can spend them without problem because the next guys wallet walks backwards, sees that the coins passed through a nexus and thus that it's all sorted.


Forum posts hardly count as a hidden agenda ;)

By the way, for those frothing at the mouth about "censorship", that's something which is done by the state. Private individuals cannot censor each other. They can only decide whether to trade or not to trade.


As usual d'aniel nails it.

Way too many posters here seem to have a naive belief that Bitcoin is indestructable. Governments cannot do anything against it because ...... peer to peer!!!1!

But that isn't true. It is completely trivial for a government to squash Bitcoin out of existence with the stroke of a pen. All they have to do is say, of course you can accept and use coins! We just need you to take a few small measures to help us fight the terrorists. You can start by filling out this 100 page form, and registering with your local regulator. By the way, they will charge a fee of several thousand dollars to consider your application. After a few months they will evaluate your risk to the system and decide on the level of surety bond required, normally half a million dollars will do. Don't forget to do this in every state where you might have a counterparty!

An outlaw currency is not even useful to outlaws. So that would be the end of Bitcoin.

The absolute best way to bring this scenario about is to engage in a dick-waving contest with the police. How many politicians got elected by promising to be soft on crime? Zero. It never happens. So if the police go to your local representatives and say, "it feels like half of our investigations come to a dead end because the scammers are using Bitcoin" suddenly the idea of just regulating it out of existence will seem like an awfully good one to the decision makers, especially if 90% of the electorate just hasn't heard about Bitcoin or doesn't care yet.

That's why it's important for Bitcoin users to recognise that one day we might be asked, "what's your solution?" and an answer of "we don't have one" will result in regulation. And no amount of bitching or posting cute quotes from historical figures will change it.

I like the idea, but it should NOT be integrated with bitcoin.  Bitcoin is supposed to be CASH.  Cash is cash, good or bad.  Still, you preemptively answered a lot of immediate questions and concerns I had with such an idea in your OP Mike.  Well though out, and interesting idea.

Fungibility, a Bitcoin fundamental, and must remain this way. At any cost.

As usual, you're only going to prove how ignorant you are, and how dogmatically you are willing to pursue your point of view. Your point of view seems largely unappreciated, no-one is or has been arguing for this except you.

Yeah, so to be clear, there are no extensions or changes to Bitcoin necessary for this. So it'd never be required to use the system. It's an optional thing that people can take part in if they want to help raise the bar for criminals.

A lot of posts are of the form, "but eventually governments will mandate the use of a blacklist!". Reality check, they already do (see, the SDN list) and those blacklists apply regardless of what currency you use to trade. So you're worried about an eventuality that is already here. The system I've proposed is in every respect better than what is actually deployed by governments today - it has better respect for civil liberties, is more decentralized, etc.

Maybe one day society will give up on the idea of fighting crime through finance. I wouldn't cry about such an outcome - it's complicated and has all kinds of issues. But there is a 40+ year track record of doing so, hundreds of thousands of people who do it full time, etc. That isn't going to change overnight.

Mike, despite any good intentions on your part, any intent of changing any Bitcoin fundamentals will ever be seen as a betrayal by the majority of Bitcoin community. And fungibility is one of that most appreciated fundamentals.

You are US-centric here, half the nodes are outside the US and probably more than half of all users are outside the US. I can wipe my ass with those 100 page forms  :P

Bitcoin can be used over TOR, not sure about I2P but IIRC there is a functional implementation of Namecoin over I2P (https://bitcointalk.org/index.php?topic=60879.0) (the same developer is working on DIANNA (http://dianna-project.org/old/dianna_en.pdf)) and there are some plans of Bitcoin over Freenet although the works have stalled (probably until there is more demand for it). People are involved in cjdns and mesh networks, hopefully one day the Internet infrastructure will be operating independently of the governments ('I have a dream...').

The best the govts can do is follow North Korea's steps - allow only a few selected individuals to access the Internet. I don't believe they would go as far. Despite China's Great Firewall people are still able to bypass the censorship, same would happen to Bitcoin users if it was to be outlawed.

And this is how china gains control of the the financial world. 1 billion people forced to follow their government blacklist.

And trying to appear reasonable about pursuing something that is not reasonable just makes you look even more manipulative, Mike. You will end up with "torches and pitchforks" situation, directed entirely at you, and while I don't advocate making you or anyone else into a pariah, I wouldn't be especially inclined to stand in their way either.

Drop it, or people may prefer to drop you, however useful you are to the dev team. A divisive character with divisive viewpoints is just that, and it's not good for the community or the project.

Just because they do now doesn't mean it is good, or should be done this way in the future, the whole point of bitcoin is to make it decentralized, and under nobodies control. What you are suggesting will destroy bitcoin. We need to make bitcoin transactions even more anonymous instead of giving in to government control.

I have no idea how you are on the development team, you are proposing really horrible things that would make bitcoin no better than regular currencies.

Unfortunately most countries have similar laws. Not as extreme or bureaucratic as in the US, thank goodness. By the way, I'm a Brit who lives in Switzerland.

One reason every country has AML laws is that they're forced to through threat of sanctions :( That's why simply saying, hey, let's try and dismantle the system ... it's a huge risk because your chance of convincing everyone, everywhere simultaneously that they've been doing it wrong for 40 years is very low.


Yes you can go fully underground. But then how do you exchange Bitcoins against the money you earn with your salary? How do you buy anything from a normal business? If your income is in Bitcoins earned via a hidden service how do you pay your rent?

Trying to build an entirely separate parallel economy that never touches the real one isn't going to work. That really would destroy Bitcoin!


Yes, how dare I appear reasonable! It doesn't get worse than that! Watch as I quake in fear in front of the almighty Carlton Banks!

I think some people here need to get real - nobody gives a shit what some random anonymous forum user posts, because talk is cheap and anonymous talk is free. See, when Vladimir posts, I read carefully because he has actually stood up in the past and set up real Bitcoin businesses, under his real name where people can find him. He's made himself accountable and taken risks for the project. When d'aniel posts, I read carefully because even though I don't know who he/she is, I find his/her posts to be highly insightful.

When Carlton Banks or mik3 posts? Who cares. They do no work. They don't take any risks. Their posts contain no new insights. They have no credibility and might as well not have posted at all.

:(

I bet if we had a discussion about legalizing child pornography here because of the ultimate existence of Tor and other services, people would be much more receptive to the theory and willing to discuss it, despite how disgusting the concept would be to so many people. Why can't the logic apply here? This thread is just being hijacked by vocal anti-intellectual forum users. How many people effectively calling Mike a statist conspirator even know what game theory is and how it applies here? This idea doesn't advance the libertarian utopia you all want, but it's still worth considering because governments will eventually consider imposing these types of restrictions anyway. We should think of reasons why it can't work, or any tangential discussions which have implications for Bitcoin's acceptance. Mike clearly loves Bitcoin and isn't suggesting something which would be imposed on others.

Controversial discussions are the best discussions.

I think Mike puts too much faith in the ability of people to stop accepting a blacklist if it's being abused. Rather, the blacklists will cascade because it puts the value of your business or coins at risk in future commerce otherwise. At best, through the ability to tailor your coins to trigger the fewest blacklists in certain contexts, the entire system would be balkanized by each country.

Maybe there is a way to democratically reject a blacklist if abuse occurs, so people aren't scared of putting their coins at risk?

A comment in the Reddit post (http://www.reddit.com/r/Bitcoin/comments/1awu5j/decentralized_crime_fighting_aka_blacklists_for/) that sums it up:

http://www.reddit.com/r/Bitcoin/comments/1awu5j/decentralized_crime_fighting_aka_blacklists_for/c91lonj (http://www.reddit.com/r/Bitcoin/comments/1awu5j/decentralized_crime_fighting_aka_blacklists_for/c91lonj)

+1

edit; for those who dont have time to visit, the user is calling for a developer black list.

+2

Are you really resorting to ad hominem attacks now? I think you should take a time out for a few days before you post again, for your own sakes.

Then when you have cooled down, I would be very pleased if you read my post from september 2012, where I discuss issues similar to the ones your proposal could result in: https://bitcointalk.org/index.php?topic=114372.0

Or maybe you will not deem me worthy of a response, seeing how I value keeping my physical persona detached from my online one?

Mike, this attitude is thoroughly bizarre, but your attitudes overall are appearing increasingly so.

Is there a way that we can blacklist all coin outputs from your addresses? It'd probably be the biggest blacklist in your entire system, Mike.  

Seems unpractical. All the perpetrator has to do is to launder his tainted coins (by using a mixer service, or by exchanging them for gold/fiat and back) before it goes into blacklist.

It's typical g$$gle attitude. Spy on everything that moves.

How is the majority just switching off a blacklist different to democratically rejecting it? It's the same thing, no?

Also, remember the whitelisting aspect. Once the coins pass through someone who you trust to have done something reasonable, the taint is gone.


What power?

Yes, Bitcoin is ultimately built by people who do things with it. Create businesses, sell goods and services, provide infrastructure, write software, design hardware, etc. Buying some coins and sitting on them exposes you to risk in some sense, but not of the same level as say running an exchange. The guy who runs Mt Gox has to follow rules that can result in him being jailed if anything goes wrong.


I'm responding to people who aren't doing or posting anything beyond, "zomg mike is an evil statist!" ... and pointing out that these posts don't carry much weight.

Dansker, I already read that thread. The concept of taint isn't new, for sure. But I think the concrete objections in that thread are addressed in this one. For instance, "what happens if coins get tainted after you already accepted them" - no problem. You could report it (to whomever), if you wanted to. Maybe someone will follow up later if it doesn't seem like too little bang for buck. Or you could do nothing, depending on your wish. If you are known to reliably take some useful action when coins get tainted then you are or could be a nexus and others can check your own whitelist, so then you'd effectively clear the taint. It isn't intended to last forever. Indeed it physically can't, the tracing process has limits even without whitelisting.

Fungibility is an essential property for money to have.  If this idea is implemented bitcoin will no longer be money.  It will be worthless.

I am not surprised that this fatal idea is still around, because there are always more newbies picking up bitcoin every day.  I am surprised that an established bitcoiner would have this idea.

Mike Hearn, next time you have an idea please post under a pseudonym.  That will allow people to judge your ideas on their merits.  Posting under your main account is irresponsible.

I heard Jacob Applebaum (from the Tor Project) say once that "the architecture defines the political situation", and like it or not, Bitcoin's architecture easily permits this, regardless of Mike's opinion about it.

Lol!

This is the great thing about keeping the blocksize small: when you get tired of this Peter Todd guy blattering endlessly about fidelity bonded distributed hash table fraud proofs or whatever the fuck he's smoking with his art school buddies, you can put him on ignore and never deal with him and his complex payment systems again. Just tell whomever you want to pay that you're going to use some other solution. On the other hand, with the One True All Encompassing Blockchain I simply have to use the reference client with Mike's (quite good) LevelDB database patches for every payment I make.

You have a choice.

Doesn't this make the entire idea worthless? The bad guys just have to create a bunch of new wallets, transfer money to them, then use them to buy things from "trusted" people to remove the taint... In which case the bad guys still have full use of the coins.

Please dont regulate bitcoin and destroy it.

"REALLY worries me to see one of the core developers trying to get support for making blacklists a part of Bitcoin! If Mike wants a currency with blacklists he should go back to working on Google Wallet! I support censorship free currency, not one with authorities trying to freeze my funds!" -jedironpaul

"The road to hell is paved with good intentions. He's just trying to make Bitcoin better, but I'm not sure he realises just how flawed and dumb it is.
"He who sacrifices freedom for security deserves neither".
Since time immemorial we have wrestled with what is good and bad, and legal and illegal. It's not fucking black and white like Mike seems to think. If it was we wouldn't need courts, every circumstance is different." -ferretinjapan

from:

http://www.reddit.com/r/Bitcoin/comments/1awu5j/decentralized_crime_fighting_aka_blacklists_for/

That seems disingenuous.  What do small blocks do to prevent coin blacklists from being enforced by governments?

Outlaw currencies are useful to outlaws all the time - you just need a currency that's only locally outlawed. Look at Argentina right now with US dollars, or the US decades ago with gold itself.

More importantly, regardless of what does or doesn't happen, Bitcoin as a technology can, with 1MB blocks, survive in the event of fairly severe oppression. I'd much rather have such a technology exist and have that option than not have it. It might not be as valuable as a BitcoinLite without those strong security guarantees, but the world is a better place when we have every option available to us.

That's why I work on Bitcoin.

The point is that the "trusted" people take some action when they see a blacklist hit. So the act of buying something from them results in something happening. If the blacklist is a criminal one like "money obtained by selling child porn" then the trusted nodes probably would file a police report and then continue about their day. Maybe a month later an investigator will come back and follow up that lead.

Once something has been done, there's no point in everyone further down the chain doing anything else. The money moved into the hands of an innocent party and tracking things further is pointless. Hence, whitelisting.

See the "Bob the Murderer" example I posted further up the thread for a concrete illustration of this.

The reddit comments are funny. I am not sure any of them actually read the proposal. Probably it was too long.

now you have jumped the shark

With small blocks when "outlaw" transactions become difficult to get mined due to blacklists, the senders of those transactions simply need to up the fees to the point where it is profitable to setup an anonymous mining operation behind Tor or some other anti-censorship technology and start mining those transactions. Provided >50% of the hashing power is willing to build on those blocks the transactions will get into the blockchain.

With large blocks, setting up that anonymous mining operation at best requires access to large quantities of anonymous bandwidth - not a trivial thing to obtain - and at worst is impossible because getting a copy of the UTXO set can be made impossible without revealing your identity.

I'm not proposing any changes to mining rules. So block size limits are irrelevant (for this thread).

Why not just log every transaction which you know the other party? Much simpler way. The transactions are traceable mostly anyway.

Also I don't think there is any mechanism to reverse transactions. And not accepting bad transactions is unhealthy...

The majority could switch a blacklist off, but if it didn't do it simultaneously, everyone who rejects the blacklist would put their business at stake by accepting coins that might remain tainted. If we used "whitelisting" like you suggest, we are effectively trusting another party to make blacklist decisions for us. If that's the case, it's no longer voluntary. If we're willing to do that, why not just allow the blacklists themselves to blacklist other blacklists? This would remove some of the confusion anyway.

Another aspect in this: Say we have 10 "tainted" bitcoins. The theif or w/e then sends them, in parts of 0.00001 to everyone and everybody, without prior warning.

Do you want thousands of people to call the police all over the world then? Who is going to pay for all these peoples time? How do we know if they actually do it? What happens if they say they do, but don't? Do they get to keep the coins?

What if the criminal sends his 10 btc to his own legitimate business as payment for a mock purchase, and then refuses to deliver to himself because he was paid in tainted coins? The coins are now no longer tainted, at no loss.

This is a disastrous idea, and you have yet to even address the issue of the fundamental loss of fungibility. This loss happens even if only say 10% of users use a blacklist, and will make sure that bitcoins are no longer equal to cash payments.

I don't think so. Maybe I should have been clearer what the penalties are for not checking any given list - zero. So it wouldn't put your business at risk to accept coins that appear on some blacklist.

The basic assumption behind this kind of system is that if it works properly, people should volunteer to be a part of it, because it will correctly fight real criminals and won't be subject to abuse. Doing business in a lawless country is really hard, and that's the incentive for people to take part.

So if someone switches off a list and accepts some coins, then re-spends them on to someone who is still checking, OK, what does the recipient do? Well, they could do nothing. Or file a report saying "Bob Smith gave me coins that appeared on a blacklist" (and now the taint is cleared for people who trust you to take action for that blacklist). Bob Smith didn't do anything wrong though. He might get a visit from the police some time later and they'll ask him where he got the coins from. "I don't know" is an acceptable answer.

This might seem pointless, why would anyone co-operate with the police if they didn't have to? Well, because as I said, there's a lot of value to stopping really bad crimes. Running a shop is tough if people break in and steal your inventory every week.

Existing AML systems make reporting mandatory in some cases (over a particular threshold) or when you personally deem a transaction "suspicious". The reason is that the way AML works today is, all the costs fall on banks, and the costs are really high in terms of paperwork and so on. So banks are incentivized to not do it because that way they can undercut their competitors. If you have a very efficient system and the costs are spread out across all participants in the economy, then you shouldn't need coercion anymore.

A lot of replies here and on reddit are based on the assumption that governments will force people to check blacklists and so on, so my proposal is evil. But that's arguing with a proposal I have not made. It's a description of the existing system, which I agree has a lot of problems. My proposal is for a system that shares the same overall goals (keep crime in check) but doesn't have those problems and isn't subject to government abuse in the same way.

What stops governments passing new laws that aren't in my proposal? Nothing, of course. But they're much more likely to pass bad laws if nobody proposes better laws. I mean, politicians aren't going to come up with a system that uses crypto to limit the governments power.


Just don't take any action and keep the coins. Even the existing AML systems have thresholds because police time is limited. It isn't worth chasing small transactions. So configure your wallet to ignore taint on transactions of less than a given value.

In the past the AML reporting thresholds (below which nobody cares) were pretty high. When the BSA was first passed they were about $50,000 in todays money. Unfortunately they were never adjusted for inflation and today $10,000 isn't as much as it once was. Also they've tried to push the thresholds down over time, but in the system I propose there wouldn't actually be any central regulators. The right thresholds to use would be decided by the participants.

The proposal seems to be a good compromise as there are many arguments for and against it. What seems to be most misunderstood is the term "blacklist". As I understood it, it's not some kind of "filter", which tells you "Don't accept this coins! You won't be able to spend them!", but rather some kind of "hint" like "Hey, these coins have a shady history. Do you want to do something about that?". Nevertheless, I'm currently a bit skeptic about the list maintainance process. I think this is the weak link in the system, where some further thoughts are needed.

I stopped reading this authotorative fantasy here:



Hell NO.

Yeah, probably I should have used the term hint list or something. People stop reading at the term blacklist and then start arguing with a proposal that wasn't made. The post from hazek just now being a good example of that ...

No matter which term you choose to sugarcoat it, it remains an incredibly dangerous idea.

Crime fighting by "following the money" is absolutely incompatible with free (as in freedom) transactions. As soon as you have a centralised way to make anonymity opt-in, it can potentially be enforced on everybody.


NO.

What I find kind of ironic about all of this is that the first time I'd heard a proposal similar to yours for using a linkable digital currency for decentralized crime fighting was from a prominent anarcho-capitalist named Stefan Molyneux.  I guess they're just more receptive when these ideas are coming from one of their own. ;)  Not to mention yours is vastly superior due to the cryptographic privacy guarantees.

One less reason to use google wallet....

You know, if you want to argue that the financial system should be completely off limits to law enforcement and "follow the money" should be abandoned, definitely feel free to do that. Heck, maybe I'll be there arguing that along side you. Although it may not seem like it, I too appreciate the simplicity that comes with that approach.

The problem is, it's going to be a really tough argument to make, because law enforcement will have lots of examples of real cases where the technique worked. They will say, what about this case, or that case. How will we do our jobs if this tool is taken away from us?

The people listening to that debate will ultimately be politicians, who are trying to decide what to do with Bitcoin. They'll want to do whatever is most likely to get them re-elected. You know, they're faced with this system, how do they respond to it? So what happens if you can't manage to convince people (the voters) that "follow the money" is a fundamental infringement on peoples freedoms?

Well, you can propose a compromise solution in which "follow the money" is still possible, but designed such that it doesn't allow global surveillance or abuses of power by governments. Politicians are often open to such compromise solutions. Look at the DMCA. It balanced the needs of the content and tech industries via the safe harbor provisions: the whole thing is a giant compromise. So there is precedent for it.


By the way, I don't work on Google Wallet.

This is one of the first posts that makes me think twice about being on the bitcoin bandwagon to the extent I've been. The thought of cashing out some bitcoins even crossed my mind. It crossed my mind. That's all I'm saying. I continue to be skeptically optimistic and mindful.

It's destructive to promote an obvious, recurring concept that makes Bitcoin (big B) far more susceptible to collectives that set restraints and often have ulterior motives that employ force. It destroys the fungibility of bitcoins. Destroying (i.e. supplanting) a relatively freely-trading thing with a system that makes those things less free and depletes their intrinsic worth?

No, sir, I don't like it.

It would mean starting fresh. People who care about bitcoin's original intrinsic value would be forced to design a system that's substantially less susceptible to the central hierarchy of a small development crew, "feature" creep, mass pooling, and provider dependency. That would not be an easy task. ...To say the least. If, however, bitcoin ever fell to that point, it would be both a shame and an honorable endeavor.

Wow, this system has the exact same flaws as capitalism, democracy and Bitcoin's consensus model!  What a terrible idea!  Burn the witch!

It is obvious for a government to force merchants to use it's blacklists, just pay to a merchant with tainted coins for what seems like a regular purchase and then see if he is going to report it, use fines and so on if merchant didn't report it. And before you are going to resort to the usual argument that democracy will sort it out, Bitcoin was created in the first place because democracy doesn't work in the matter of regulating financial system, majority of the people can't make an informed decisions about the matter, otherwise we wouldn't have Ben Bernanke printing money or almost legalized theft from Cyprus bank accounts. Bitcoin can bring free market into financial system, in free market smart individuals who get it right take all the benefits even if majority think they are wrong, they will be able to invent useful services and continue their work if there won't be majority of uninformed people standing in their way.

The fundamental problem with combating crime is the definition of crime.

Who gets to decide what is a crime and who gets to decide who is guilty of it. If you're proposal is opt in and just some layer on top of bitcoin that people may opt in and thereby agree, CONTRACTUALLY with 100% explicit consent, to be governed by certain rules about what crime is and by certain people who get to decide whether they are guilt of it or not, then I'm perfectly fine with your proposal.

But correct me if I'm wrong, I just assumed you wanted this to be mandatory for all Bitcoin users, right? I would never ever agree to that. Ever. No matter how many children would need to die, I would not.

lol, are you being sarcastic? Almost everything in this comment is addressed in his original post. In fact, it's described very explicitly as a voluntary system.

hazek, please read the first post in this thread all the way through. It has an entire section on the definition of crime. And it should be clear that it's an optional layer on top. Actually I thought you would quite like it, it's a rather libertarian way to handle (the proceeds of) crime as the whole thing is more or less market based and government is not a special player.

But clearly appeasing the authorities to a reasonable extent can also lead to Bitcoin being more freely traded.  It's pretty hard to freely trade an outlaw currency.  Let's face reality like adults.

Haha, I know where that's from :)

Not starting fresh at all though.  Cryptocurrency would have already made a big name for itself.  The UTXO set (current spendable coins) can be forked, so use is incentivized, and there's no speculative risk of being "on the wrong chain".  The weaknesses and proper countermeasures would be much clearer.  I'm sure there's more.

Thanks for the thoughtful post.

Edit: Though I hope it wouldn't ever come to having to create a separate underground chain, it's nice to have a contingency plan in mind.

Ok, I'll read all of it.

In fairness, this proposal does represent a well thought through attempt at a compromise; if I had significant numbers of coins stolen from me then perhaps I'd want a taint depth equivalent to Elvis' copyright extension (till they caught the thieving bastards!).

But the fungibility issue could have more macroscopic effects: multiple blacklists, each with differing reporting/fee hiking/acceptance across the network, all operating with a single USD price? Sounds unlikely. Not only could it justify more exchange rate volatility in general, it could also cause a more significant differing in the exchange rate in a given currency depending on the way each exchange handles flags.

Yes indeed, increased complexity of valuing tainted coins is a problem. Probably the easiest way to solve it is just clear the taint. Exchanges already have to go through all the ID verification and AML stuff, file suspicious activity reports, etc. If you send some "hint listed" coins to an exchange, they could just file a report and then treat the coins as normal. Because they're a nexus lots of other people will accept their removal of the taint/hint.

By the way, whilst looking for info on how existing AML controls influence law cases, I discovered FinCEN publish a magazine for the banking industry that summarizes cases where police reports have been used. Here's an old one.

http://www.fincen.gov/news_room/rp/files/sar_tti_07.pdf

I think it's a pretty mixed bag. A lot of these are what you might call reporting violations - the "crimes" are meta-crimes, that is, if the AML system didn't exist then those people wouldn't have been considered criminals either. So they aren't really convincing for the value of the system. On the other hand, there are also a few real cases of fraud and embezzlement that were solved thanks to "following the money". In that report there's a case of a guy who was stealing money from a health insurance fund. Pretty nasty to screw with peoples health care in that way.

I find this political view rather naive, as if this good faith act of providing a compromise will count for anything in the eyes of those who don't like Bitcoin. Instead it simply provides a platform and a foothold on which to build. You cite DMCA as a good example, but ignore SOPA  ???

This isn't really a compromise at all,
- the regulatory side are given a tool for free which may or may not be helpful, depending on the adoption of users (assuming no legislation to make it mandatory).
- the users of bitcoin get a more complicated system where some coins are less than others, in exchange for the hope that governments don't ask for more.

SOPA didn't pass, did it?

You're quite right in that law making, democracy, the systems we have today are all flawed in many ways. But let me quote Churchill. Democracy is the worst form of government known, except for all the others.

I think most politicians will come to these debates without much of an opinion on Bitcoin. It's a new technology. It has benefits and costs, like any other. On one hand, maybe law enforcement is complaining about it. On the other hand, their constituents hate banks and are clamouring for a real alternative to the existing financial systems. So they're going to be looking for some kind of middle road that tries to make everyone happy, or at least, not too unhappy.

That's why it's worth thinking about reasonable proposals. Like I said, left to their own devices and if put under pressure lawmakers will come up with regulations that are completely un-Bitcoinish, because they will just automatically assume the state can be trusted, they'll impose lots of costly paperwork, etc. There won't be any real usage of advanced technology because they don't understand it.

A lot of law makers do understand this problem, by the way, they understand that the costs of regulations can be really high. It's quite common to see them propose that an industry self-regulates with actual, real laws only as a last resort. So if the Bitcoin world can show that it isn't just blowing off the whole issue of crime, that it's able to come up with interesting solutions to its own problems, that's a very strong argument for just leaving it alone.

I'd have to respectfully disagree with that reasoning then. If the thought is that appeasing authorities is ever a route one should take just to make bitcoin more traded, it's usually inconsistent with bitcoin. I would rather spread solutions that are less dependent on central authorities and utilize more aspects of information transmission and helping others to make it more traded. It's easy to trade bitcoin already. It will get much easier and secure with more hardware wallets. The most adult way to face this, from my perspective, is to both preserve the intrinsic properties of bitcoin and to support a bitcoin-based economy -- away from the constraints of outside forces. Tainting and limiting at the majority level is one of the greatest threats to an independent bitcoin economy.

It would be like scientists someday discovering a technique to implant gold with molecular signatures or additives and then heads of centralized gold exchanges promoting this "feature", where people give more power to other collectives (e.g. uncontrollable states and others) through gold tainting, merely to be in "compliance," merely so that gold itself can be traded more by the masses. That's somewhat circular reasoning too. That in and of itself would decrease the intrinsic property of gold: a substance essentially not prone to tampering and duplication at its fundamental level. Smelting/mixing pools would form. Then to combat mixers a collective could declare that too much taint in the mix needs to be further regulated, limited, or seized -- effectively fully controlling [people and their trade] completely when it comes to gold. It's just an analogy and it applies to anything.

That betrays the original aspect of bitcoins. If people really cared about fighting crime, they'd stop funding the largest entities' (various governments, shall we say) actions and sub-entities that directly perpetrate mass, global violence and bankroll war contractors and the prison industrial complex via draconian lawmaking. That's why a lot of people were originally choosing to use bitcoins in the first place: to ethically object to violence and promote peaceful trade. Funding "criminals" is a matter of perception that's contingent entirely upon choice and consent. For instance, I would think most people here support ending the drug war. Thus, people who support bitcoin as a mechanism of free trade for those reasons (ending the drug war) are conscientiously acting.

Bitcoin itself must -- ironically, in a sense, to some -- remain free/fungible for any entity that wishes to use and exploit it.

Crime is an artifact of perception; democracy (otherwise known as mob rule) is too. It requires significant proof and authority to even begin to support systems of law, judging, and jury -- which are often wrong or morally wrong -- let alone to allow Bitcoin as a so-called-independent medium to become subject to every whim of authoritative entities.

That's why it's special: ...like gold. ...like the internet. ...like free speech. ...so long as it's freer.


I was hoping someone would.  ;D

OK, time to make a meme pic (http://www.quickmeme.com/meme/3tidx4/) for good measure:

http://i.qkme.me/3tidx4.jpg


So true! That's a very good point as it wouldn't start fresh per se. There's far more understanding now of why bitcoin is/could be so valuable. There's a great movement behind anything that would preserve it or something better. Thank you. :)

I'm not sure I expressed quite what I intended: I didn't mean that differently tainted outputs could be valued differently on an individual exchange. Your system seems to only reveal the tainted outputs to those that transact with them, the taint is therefore private data to these transacters and the blacklister while the taint is still being enforced. I was suggesting that this property of limited knowledge of the identity of tainted outputs in itself creates price uncertainty, as depending on the point in time that coins become listed, a given user could easily have accepted the coins before the taint was applied, and due to transaction finality, denied the opportunity to accept/hike/report/reject. This uncertainty about whether already accepted funds can have taint retrospectively applied damages Bitcoin's value storage property, and could justify wilder price swings.

Well... where to begin. So I've read the whole thing and here is why this is idea is unworkable (I didn't say bad.):

First, I support prevention of the violation of ownership of private property through tracking. Getting your car voluntarily protected by an agency which will monitor it's whereabouts and return it in case it's stolen or just make it so damn hard to steal and get away with it no one would even try? Yeah I'm down with that.

However Mike's idea is unworkable. For two reasons:

1) bitcoins are not unique like a physical car, they are all fungible, numbers in a ledger, you only think you can tell them apart by their trail of transactions but you can't really. It's just way too hard to know whether someone being on a blacklist actually committed that crime and it would simply punish way too many users through false positives and invade their privacy if you wanted to investigate every false positive not to mention this would cost a shit ton of bitcoins

2) it's unworkable for the same reason racism will bankrupt a business. If you are a business and you decide to discriminate against your customers, you'd need a really good monetary incentive to do so, otherwise someone else will open up the same shop and outcompete you simply because they by definition have a broader customer base. It's why banks like HSBC will launder money and it's why Bitcoin transactions can't be blocked. If the current providers of these services start to discriminate someone will open up shop and put them our of their business.


So, yeah. Instead of running after criminals, why don't we instead find ways to prevent crime? Why don't we figure out how to increase security, how to get each person personal protection, how to raise kids into better people etc. IMO that's a much more sensible route to take if one wants to reduce crime.

Ah, I see. Well, I suppose it depends on how often people actually end up with tainted coins. In practice, I doubt it'd be very common - you have to identify particular funds as the result of some crime and want to catch up with the owners, which is itself not that common, and then as soon as the 'bad guy' puts the money through a nexus/participant in the system they can take some action and clear the taint by whitelisting the outputs. So the actual amount of time the taint lasts should be very low unless they try and keep the coins circulating in the black economy.

How often do you think you receive the proceeds of an identified crime today? Probably never. And when you do, how often is it a crime you would personally care about? Even less common, I bet.

So the practical impact on volatility might be very small.

The solution is to let them try.

...and to fight back with more instruments of decentralization, not less.
...and to most certainly not aid them.


I dare not even get started on this line of anecdotal reasoning (which, by the way, was temporarily halted specifically because people vocally resisted and rightfully shamed supporters). Yikes. Meanwhile, many of those same entities are determined to bring more convincing, slippery-tongued legislation that will eventually pass because the system is inherently dictatorial. Regarding the US, a small group of [535+1+etc] kings/queens -- [Congress + Executives] -- ruling over and deciding everyone's fate and abilities is by no definition a "democracy" either.

I don't think the comparison with Spamhaus as an example of how privately run blacklists can aide a community is very accurate. Spamhaus has made many mistakes with their blacklist, but that's okay because if you ignore Spamhaus the worst that can happen is that you receive spam.

On the other hand, if you ignore a Bitcoin "hint list", the end result could be much worse. You'd be settled with the tainted coins. If the "hint list" you ignored was from your government, you might go to jail or be aggressively interrogated to track the money if you transmit that money onwards.

So it'll be in your best interest to pay attention to as many official sounding "hint lists" as possible to avoid buying tickets in the go to jail lottery.

Now an excellent point here, I think, is that prosecution of individuals based on taint is of course already possible to do today with no change to the Bitcoin protocol. Your favourite evil government could announce a list of tainted coins and say they'll line you up against the wall if you don't surrender and report them in when you receive them.

The real question is, if Mike Hearn's idea was implemented and it staved off worse coin tain systems, would that be an improvement? This question can be considered independently from the wider question of what we can do to defend against taint tracking in general at the protocol level.

This.

At this point, I'd really only want to know if I'm receiving stolen coins. I'm not sure how to implement this, other than some sort of insurance/revocation program. "If you want to ensure your stolen bitcoins may be returned, 1) use a monitor that alerts via email, SMS, or other electronic method, on withdrawals from each address 2) sign messages of 'stolen key' with your private keys containing BTC and keep paper backups of the signatures 3) input the signatures to our system as soon as they are stolen from. We will blast an alert to all participating clients that any BTC detected to be sent from your keys within {a certain period of time just before inputting the signatures} should be suspected stolen."

I'm not that familiar with it, but it seems sort of like a PGP revocation certificate.

Obviously there are some more details to work out, such as confirming identity of the original keyholder for returning their BTC safely, but I think it would deter crime, be pro-victim, and still maintain liberty. Much like concealed weapons under the clothes of law-abiders deter violent criminals because they don't know who is armed, the thieves would have to fear that they are dealing with a participating client who will see a red flag pop up when they receive the stolen BTC, and hold the coins for return to the victim rather than receive any benefit. The only way for thieves to get around this would be to immediately mix the coins at a service they know they won't be red-flagged at, or hope the reaction time of the revoker is slow, so they can benefit before then.

I think it is helpfull to think of Gold in this discussion.

Guld used in chrims is still just gold. No reason to blacklist it or burn it in hell.

Chriminals should be delt with in court not in the money transfer system.

This.

And on that note, let's let this thread die.

Mike did you go and meet the CIA with Gavin, is this your brief, to see what the consensus is on this idea?


So many problems with this for a start you underestimate the size of the black market, if this was implemented every 3rd coin would be tainted thereby reducing spendable coins in the "normal economy",

Also you propose that anybody can lodge an addition to the blacklist with an acusation of fraud and the owner of these coins has no idea, sounds like flight lists, one should have the right to face his his accuser or at least know he has been accused!


Also this whole system would enforce guilt by association, If i live next door to Osama Bin Ladin and he seems like a pleasant guy so i do a small job for him and then I can't spend my money and have law enforcement after me.


Money is an exchange of labour or goods, I do not want my sweat going to waste because of some do-gooder- Statist-sheeple didn't like the guy I bought my bitcoins off.


Money should be neutral, nobody wants to know that the paper fiat they got given in change from the corner shop was used by some pedo, or hooker, some things we do not want to know.

Mike, did you say DMCA was "balanced"?  As are all laws written by industry.

In the present design, trackability and fungibility are more or less the same.  Trackability and fungibility are (or should be) distinct properties and the discussions should be independent.

I'm sorry, Mike, but this thread demonstrates quite clearly that Bitcoin is the most Orwellian currency in the history of mankind.  (Trackability)

Without fungibility, I think Bitcoin is doomed.  Rather than spending time figuring out how to ruin Bitcoin, effort should be spent on how to adapt Bitcoin (or another cryptocurrency) to be completely fungible.

Agreed, I quite like it.  It's amazing and disappointing how many people apparently lack reading comprehension, or the ability to understand an argument with a bit of subtlety to it.

Particularly when they've already had to make such steps in accepting bitcoin anyway.

Thanks for the informative and interesting post Mike.

This whole discussion shows one thing: Bitcoin is not safe because it is not anonymous enough.

We will have to find ways to make it resistant to control or come up with a better solution altogether.

Whoa, ease off on the hyperbole.  I don't think you're giving our modern fiat currencies nearly enough credit (especially where physical cash will be phased out).  For example, how do you freeze an account under this proposal?  Can you still keep the existence of bitcoins you own secret?  Is (worldwide) coin mixing still a (potential) option when necessary?  Are anonymous, off-blockchain transactions still a (potential) option?

I also think you're underestimating how much serious coordination among all the governments of the world it would take to force a non-voluntary, repressive version of this that's actually effective.  This is not to say a voluntarily used version couldn't be effective - or at least more effective than the current tracking systems in place, whatever that's saying.  But it would at least be harder to abuse, and police would have to actually make phone calls and knock on doors, rather than simply scrape a database without any meaningful consent.

And all the while, as adoption spreads, the human component of the network expands, along with awareness of monetary privacy issues and the political capital required to actually resist, rather than simply hide from, such abuses of power.  I believe people would be much more willing to make a fuss about something that affects them directly, like being enlisted as spies to their fellow citizens, than the current situation where they never actually see the abuse of privacy.  I also believe more aware people will be more willing to adopt better solutions as they may arise.

As many others here, I'm very uneasy with the possibility of Bitcoin losing fungibility.

But anyway, this is undeniable:

It's perfectly possible to implement such thing. It's actually possible to implement much nastier things (think of a government-mandated whitelist). Mike Hearn has a point when he says that, in the event of a government trying to impose its regulation, the usage of a totally voluntary and decentralized system like this is preferable. But, should we be "compromising in advance"? Wouldn't that be "negotiating against ourselves" (http://www.bigbigdesign.com/2006/06/never-negotiate-against-yourself-and-other-key-tips-for-negotiating-well/)?

Governments can do much worse than killing Bitcoin fungibility. The problem, as always, are governments themselves, not this voluntary system Mike is proposing.

Perhaps we should focus on implementing p2p, anonymous mixing services. Such mixing systems would be essential to keep the "market-based checks-and-balances" Mike describes in OP, if such system ever comes to existence.

If I didn't think my blacklist providers or their investigators were abusing their authority, then I'd participate in this, and I probably wouldn't even feel like I was "compromising" in doing so.  If it proved effective, then I'd continue to participate.  At the very least it shows a good faith effort by the community, and helps build political capital.  And maybe it even helps to track down some legitimately shitty people.

operating blacklists for tainted coins is an exercise in futility. i understand that mike and others want to "play ball" with the authorities and give them similar abilities to what they currently have to stave off negative regulatory action.

my immediate response to this push for self-regulation is that LE needs to do their own damn homework. the inventor(s) of bitcoin clearly put a lot of thought and work into the system in an attempt to empower the individual at the expense of the state. if the state wants to clamp down on nefarious activity on bitcoin, they can dig through the public tx ledger like anyone else.

the idea of blacklisting currency because it was misused is as stupid as sitting in a bank for 3 hours to open an account.

Thanks for sharing thought process with us. 

However this is not the way to go about fighting crime, whatever that might mean to you.  No matter how fancy your money is, if people are mentally ill, children abused, adults sexually repressed, people put into top-heavy power roles with no checks, facism not avoided, mental illnesses allowed to spread from generation to generation, and inefficient and short-sited resource division is continued, we all know what the result will be.  More crime.  Freezing peoples money isn't going to do shit apart from getting the people who control the freezing to be tempted to join the corruption.   

TL/DR:  Regulatory Capture. 

The people who run the blacklists WILL become the people doing whatever it is you are trying to stop. 

This whitelist/blacklist approach to criminality linked bitcoins seems very interesting due to its decentralized aspect, at least in theory. I find the Spamhaus analogy to be quite appropriate. While I am uncertain of the overall efficiency of AML laws in our societies, I agree that some compromise will probably have to be done eventually.

However, the loss of fungibility still makes me uneasy. Would it be easy/free to get a coin whitelisted? I believe the hassle of tainted coins not being accepted or causing a delay in a restaurant might be excessive. A more reasonable option would be if the restaurant accepting the payment without a word and then reporting the event to the appropriate authorities if they deem it necessary. Thus regular users really wouldn't care if their coin was tainted or not, and enterprises would not want to discriminate for fear of driving away consumers with tainted coins. The downside I see is that enterprises would have no real incentive to do appropriate reporting other than being good citizens, and I believe that mandatory reporting would be against the spirit of Bitcoin although this might end up being what happens.

Sadly, it seems to me that this whole proposal would be made useless by the use of mixers. Bad guy Bob could simply use a mixer and be done with it, having received fresh coins. Some mixers, centralized or decentralized, could adopt as a policy to only accept untainted coins, but then that might incentivize some mixers to accept tainted coins and change a higher fee. While I would think that most people who use these tainted mixers would have something to hide (otherwise why pay the extra fee and received possibly tainted bitcoins?), these mixers would still provide plausible deniability for the origin of the coins. This would make the whole proposal useless. I also believe in the necessity of mixers for the anonymity of Bitcoin and I wouldn't want them banned if that were even possible.

In any case, I believe that the Bitcoin community needs to address these concerns and discuss them instead of doing witch hunts for statist pawns. Mike's proposal might not be perfect both for technical and ideological reasons, but the community needs to seriously consider what is going to happen when governments around the world start making laws.

If the majority of coins being mixed are tainted, you would still get tainted coins out. True, that should make it difficult to discover which particular taint applies to you, but tainting only should never be enough to criminalize anybody anyway. The whole idea, if I got it right, was to help law enforcement to find criminals.
What I'm saying is that the coins getting out of this "blacklisted mixers" would still sound some alarms...

Yes, it will sound some alarm, but whoever is receiving these tainted coins does not know, by design of the mixer, who sent them these coins. They have an address since the transaction is visible in the blockchain, but they may not know anything about whom that address belongs to.From a law enforcement perspective, the trail dies. In this case, is there anyone that benefits from the knowledge that these coins are "tainted"?

Edit: quote formatting

It seems you made some mistakes with your quotes there...

Answering your question: If mixers end up segregated among "blacklisted" and "non-blacklisted", somebody receiving coins coming out of "mostly blacklisted mixers" would be able to:

• Know the coins have a high degree of blacklisted taint
• Know the coins likely got through some mixer (that's visible)

These two things might lead people to believe that those coins might be hiding something. That alone is not enough to prosecute anybody (at least not in places where the most basic justice principles are still respected, like innocent until proven guilty), but it might give some tips.

Indeed, anyone can see that the coins might be hiding something: that is why they are tainted.  One point I didn't mention is that the coins might be recognized as tainted only after a mixing or after a transaction. Just imagine Bob steals some bitcoins and quickly uses a mixer, tainted or untainted. After an hour or so, the coins are reported stolen and whoever got them in the mixing is "stuck" with tainted coins. Now what? The fact that the coins are tainted does not give any "tips" to anyone. People knew that these coins were shady, which is why some entity marked them as tainted in the first place. The only information you gain on the perpetrator is that he used a mixer, which can be seen by observing the blockchain anyways. All this information could have been derived without this whole taint proposal.

Thus, in this case, the taint is useless.

It gets better than that: the tainted coins can be thrown away by spending them to transactions, either obviously in one big high-fee transaction, or as a bunch of low-fee transactions - possibly even as an input to a network security assurance transaction.

Now are all coins derived from the coinbase outputs of the blocks in question tainted? It's easy to argue that they should be: miners can easily accept transactions privately with little risk of losing the fees due to an orphan, and large miners can still afford to return the fraction of the transaction corresponding to the hashing power they control even if the transaction is submitted to the network normally. It's already common for money to be laundered through gambling establishments by simply accepting the cut the casino takes as overhead.

While this is true, it would be hard to launder large amounts of money in that way due to the rather small tx fees at the moment. I understand the analogy with a Casino's profits, but it seems to me that the creation of a block is a rather hefty price to pay for laundering such a sum. Take into account that a miner who is able to mine a bloc and "clean" such shady transactions could instead have cashed in on regular tx fees for other transactions. These regular tx fees not received represent a loss for the miner. Thus, it seems to me that the coins should become clean once they are included in a tx fee simply because it is not efficient for a miner to participate in such a cleaning scheme.

And you are not alone. There is a lot of talent and money currently not flowing into the Bitcoin economy due to such concerns. Today, it is the wild west. If you want to make Bitcoin a currency mainstream users feel comfortable with, there must be some possibilities to track down severe criminals. What if Bitcoin becomes the first choice for ransom? After the third time you read a headline like "kidnappers demand 10'000 BTC ransom to release 5-year old Alice", you will start to doubt whether you still want your friends and relatives to think of you as the "bitcoin-guy". What will happen sooner or later is that someone opens a database of stolen Bitcoins. Once it becomes relatively easy to verify whether a Bitcoin was stolen or not, legal pressure will form on exchanges and merchants to not accept them. In most countries, knowingly handling stolen goods is a crime. So step by step, we will get those blacklists in one form or another. And it is better to get them sooner and in a way we can shape - than to passively watch them appear.

To conclude: I'm with Mike on this.

(emphasis mine)

If you want your Bitcoins to remain fungible, not just not, but also in the future when a crime is detected long after it was committed you are better off ensuring it isn't possible to know where they came from.

I'm reminded a bit of John Dillon's pull request (https://github.com/pmlaw/The-Bitcoin-Foundation-Legal-Repo/pull/4), particularly the replies by Mark Karpeles (MtGox) and Gavin Andresen. Neither sees anonymity as valuable or something the Foundation should push for, particularly Mark, yet if you receive Bitcoins that you know are anonymous and/or know you can spend anonymously you have a very solid guarantee that you will be able to spend them later without having to worry that a theft may be discovered after the fact, retroactively causing them to be blacklisted.

If Bitcoin wants to be the electronic cash of the internet, it has to be possible to break the inherent lack of anonymity the blockchain implies, or a Bitcoin will never be as fungible as a dollar bill.

A dollar bill is not as fungible as you think. All bills are numbered. There are blacklists of bills (e.g stolen from a bank heist). When you are detected giving such a blacklisted bill to the bank, you will be asked a few questions, but the bill won't loose its value. Same could happen for blacklisted Bitcoins: as Mike and others have described, they could get white-listed again if you are willing to identify yourself and can make plausible that you are not connected to the reason for their blacklisting (e.g. by showing a receipt that says where you got them from).

Yeah, coins are closer, but there are even efforts to have every individual coin serialized.

Right now the serial numbers on dollar bills aren't too much of a worry but there are a lot of efforts underway to incorporate bill scanners into ATM's and even cash registers (with RFID) combined with massive databases to track the movement of every last bill. It might not be many more years where even if you could pay cash, if you did so at most places a RFID scanner in the till would cause an alarm had your bill come from a blacklisted transaction.

Bitcoin doesn't have to go this route if we don't want it too. Provably anonymous trust free mixing is possible among many other solutions: https://bitcointalk.org/index.php?topic=172047.msg1790026#msg1790026 It's actually possible for every single transaction you make to participate in a trust-free mix, and doing so is actually a bit cheaper because making multiple payments in one transaction costs less in transaction fees than doing one payment per transaction.

Can someone explain to me how taint would be calculated?

Say we have three inputs:

And three outputs:


So we now have three new outputs, Out1, Out2, and Coinbase of the block which contains the Tx and thus gets the Tx fee.

What is the "taint level" of each output? I haven't seen a demonstration of a way to calculate it that isn't easily exploitable.

If Bitcoin is widely adopted I think that many people will opt to use tools that increase their privacy. I fear blockchain analyzing tools will increase removing peoples privacy. Imagine going to a store and buying a pop and the store computer has software installed by the worker that instantly shows I'm likely rich and also like to purchase embarrassing item A. Perhaps he's trying to decide who to rob. Or even corrupt states around the world monitoring it's citizens. If tools, such as zerocoin, or methods of mixing coins become popular to protect our right of privacy, would that make your scheme pretty much useless?

Excellent question. I don't think there is one single "right" answer that always works. Depending on the severity of the crime, the size of the transaction, the time passed since the crime, and many other factors people will apply different methods. One might even try to follow the transaction fee, as someone might use that to launder his Bitcoins by issuing a transaction whose fee is 100% and mining the block himself.

Here are a number of approaches:

Full taint: every output of a transaction involving tainted coins gets fully tainted as well. One might even want to taint the transaction fee the miner gets from the theft-transaction. This is the most radical approach and only makes sense when trying to track down a once-in-a-decade scale crime. Applied to your example, all outputs as well as the transaction fee would be considered tainted.

Diluted taint: works like dirty water. You start with 100% dirty coins and dilute them as they get combined with clean coins. In your example, the transaction's outputs would be 25% dirty, including the transaction fee. Combined with the other say 99 BTC mined in that block, the miner would get 1% dirty coins. Note that in this case it is reasonable to have a closer look at the miner since a 0.5 BTC transaction fee is somewhat suspicious. If the acceptable dirtiness of a coin is 0.1%, then it takes 999 clean BTC to launder 1 dirty BTC.

Compact taint: here, we try to keep the tainted coins together by applying some more or less random rules to artificially separate the tainted coins from the rest. In your example, one could say that Out2 will take the tainted coin (consisting of 1 dirty and 0.5 clean BTC). The rule behind this is that the tainted coins are always assigned to the output such that dilution is (locally) minimized. So normally, it would go to the smalles output that is at least as large as the amount of tainted coins. You might be bothered by this rule being somewhat unpredictable and random. However, the goal here is not to have a philosophically pure solution, but to find a pragmatist rule to say who is responsible to clean the mess. In your example, it would give the recipient of the 1.5 BTC the responsibility to get the Bitcoins into a clean state again (e.g. by helping to track down the thief). It might not be entirely fair, but effective. It's a little like the rule "the last one leaving the building locks the doors", which also works even though it does not assign that piece of work very fairly considering that it might always be the same one leaving last.

There might be other mechanisms to handle taint. I don't think it is necessary to stick to a specific one. Each blacklist-providing service might apply their own heuristics, depending on the type of crime they are after. Unlike Mike, I don't think we need an elaborate technical solution here. A simple API like "how tainted is address X" is ok in most cases, even though it reveals the fact that someone is interested in that address to the provider. The provider will notice that anyway when a transaction involving that address appears in the block chain. The "private set intersection" proponents have found a very sophisticated hammer, and now they are desperately looking for a nail.

Tainted money schemes are completely, idiotically misguided.

This particular idea is an attempt to find the "fairest" way to oppress people. This is totally stupid.

If you use your mind for 5 minutes and follow any tainted money scheme, no matter how "decentralized" or "fair" you think it is, down every path it could possibly take, you will always end up in a place of oppression and control.

Public consensus on any issue, including what dirty money is, is heavily manipulated. Just watch the "news".

When you have a media cartel like we have, public consensus is what they tell you public consensus is, not what it really is. Actual events are what they tell you actual events are, not what they really are. Things the media cartel omits, didn't happen, even though they really did. Issues whose importance is artificially inflated aren't really very important compared to issues that are not reported.

This is the unavoidable, indisputable reality in an environment where the mainstream media outlets are a non-competitive cartel, which is the environment most people trust to get their information from this very day.

Are we going to use misinformation and propaganda to taint people's money?

Furthermore, any other system you can think of to label money as dirty will be manipulated. It already is.

Hermel thanks for the reply. I have some concerns with the methods you described:

Full taint:
 - Thief cycles stolen coins through mixer and/or e-wallet before tainting services mark the output(s). Now many people have tainted coins.
 - Thief sends small Tx with fee every block for a while, tainting the Coinbase. Mining pools would distribute tainted coins to participants.

Diluted taint:
 - Assume 0.1% acceptable taint level
 - Thief makes 1000 even bets with SatoshiDice 0.09% (http://blockchain.info/address/1dice2zdoxQHpGRNaAWiqbK82FQhr4fb5) which pays out 999.429x the bet
 - At the end, he has 98.1% of original value on average with less than 0.1% taint to all his coins, because SD pays winnings from different coins.
 - Mixers/e-wallets could also dilute the taint enough

Compact taint:
 - Thief creates Tx with 51% of coins to random address and 50% back to him at new address.
 - He now has 50% of the stolen coins taint free

There are ways to mitigate these exploits, but they require compliance from services. For example, force e-wallets to broadcast a Tx for internal transactions and put coin control methods in place that don't mix one account's coins with another. Most major services would have to run blacklists so they could ignore tainted coins sent to them. Basically, non-fungibility requires changes to much of the way bitcoin services currently operate.

Now, we can still use the concept of taint without burdening users. That is, law enforcement can analyze the blockchain after the theft in the same way taint is calculated, but users/services don't have to implement taint avoiding rules. The downside is of course eliminating the possibility of preventing the thief from spending coins in certain ways.

If taint becomes prominent, there will basically be a short window of opportunity for thieves not using the aforementioned exploits or other obfuscation methods. If the time between the theft and the marking as tainted is longer than an hour, then the thief can successfully send someone a 6-confirmation Tx without them knowing the coins will soon be marked. Anonymous P2P cryptocurrency exchanges could be a major victim of this.

If you have 1 tainted BTC and split it into 0.49 BTC and 0.51 BTC, then both these outputs will be considered tainted, and not just the bigger one. But I did not mention that.


Taint should always be looked at with reason. If you steal a car and then sell it to someone before the car got reported as stolen, the police won't punish the buyer either. Of course, they will question him to find out how he got the car, but as long as he can make plausible that he is innocent, he won't get into trouble.

Generally, I think a lot of the "reasons" people bring forward here against taint are only valid when thinking in absolutes. But the reality is more differentiated. Sherlock Holmes combines a multitude of hints to catch the criminal. Taint analysis can provide leads, but it cannot automagically bring justice.

I have no problem with people using taint analysis techniques on the blockchain to investigate. I do have a problem with taint-marked coins being in any way less spendable than unmarked. I think encouraging people to check public taint-lists before accepting payment is bad for the network. It is in effect guilty-until-proven-innocent.

Nonetheless I remain skeptical of taint analysis until we have seen it in practice. I would like to see someone set up a taint test service which allows one to mark an output as tainted and compare what various taint calculating algorithms say about subsequent outputs. This would allow people to test out exploits and use cases to see if such analysis is worthwhile or not. I know Blockchain.info has a taint analysis tool but it's address-based and I'm not sure how it's calculate.

Exactly this, look at the founding fathers and what America is currently is and then think about what will happen to your decentralized crime fighting about 50 years, it will be a mere tool to enforce a system of modern imperialism upon the free.

This is good shit, Mike.


As a supplement to law and order this is a good idea.  I think it has it's place.  The concept of Nexus to define scope is good.


And I would like to see this realized.  Society's collective apathy let's far too many of ill repute continue to operate without repercussions.


If something like this can be designed to not be gamed by a rogue or powerful entity, and is voluntary - then why not?

The problem with this idea is that it does not address the real problem, crime, but instead attempts to provide a decentralized solution to an existing tactic (following the money).    Unfortunately, following the money is a terrible and ineffective tactic that has tremendous negative externalities.

I have been playing with various ideas on providing decentralized 'law enforcement' with the ultimate goal being that it should, in theory, be able to also prevent 'legal plunder' and 'official crime'.

The problem is how do we define 'crime' in a universal / decentralized manner that 'no one can disagree with'.   It seems to me that the only standard that anyone can be held to is 'their own standard' and if someone were to break their 'own law' as judged by 'their own court' that it indisputable that they are in the wrong and owe RESTITUTION to someone.    What is needed is the following:

1) A crypto-graphic secure / unique identity.
2) A set of laws 'independent' laws that are 'brand name' and widely known.  The market would provide these contracts.
3) An individual would select the subset of these laws they agree to follow and sign them with their ID.
    - this subset need not be public, but can be presented only to those you do business with.
4) An individual would select a subset of trusted courts to be judged under.
5) Before doing business with an individual, validate that they have agreed to a compatible subset of laws  AND that they have no judgements against them by their own courts.
6) Shun anyone who has unsatisfied judgments against them.
7) Charge people without a trusted ID more than those who validate their ID.

I started to put my ideas together on a new website: the-iland.net 

The iLand is a new free market solution that aims to secure life, liberty, and property for its members.

The key ingredients to this solution include:

• Individuals publicly commit to abide by their own standard of law.
• Individuals publicly commit to arbitrate via one or more courts of their own choosing.
• Individuals deposit a security bond with one or more trusted agencies.
• Individuals share the burden of injustice by contributing to a common fund.
• Individuals shun anyone whom fails to arbitrate or abide by the outcome.

If such a system could gain wide-spread adoption (read details on my website) then ultimately peer pressure and 'self interest' would eliminate anti-social behavior by government agents.  Public judgements could be issued against cops, IRS agents, etc and these people will end up having to change their ways.  Politicians would have to explain why they will not abide by the same laws as the rest of us or why they will not appear for arbitration in a 'fair court'. 

It's unavoidable.

There's no way to taint money accurately. There's no way to do it securely. There's no way to do it impartially. There's no way to keep it out of hands that will ultimately use it to suit themselves. Quit trying already.

Money itself should not become unspendable anyway. That's a harmful solution. Fight crime the real way instead of being a control freak and grafting a tumor onto the monetary system. What's going to happen after a long period of time when half the money is tainted?

A criminal steals a bunch of bitcoins and then all of a sudden he can't spend them? Big effing whoop, he doesn't lose anything. And this is pretty much the best case scenario. It's hilarious.

It's a total waste of time. A control freak's fantasy toy. It's a boondoggle. It will cause 100 times more problems than it will fix. It will be controlled by people and those people will use it for their own purposes. Forget about it.

You won't be able to do this. This is a subjective matter, not an objective problem that a computer can be programmed to get "right" every time.

I dont follow, is mike trying to get a government job?

I couldn't agree more as I have already pointed out in this thread. Following the money, especially following bitcoins is untenable.


Now this is starting to sound a lot like what I envision is the solution. I will definitely check your site although I'm still clueless how once can create a secure unique and yet anonymous digital ID which is essential for any type of such a solution.

with just one exception: provable BTC theft. In spite of this, I think the personal responsibility route is the right one. I've given it some careful thought, and there's no way around how it damages Bitcoin's acceptance. You just wouldn't accept BTC if it could be labelled tainted at any given time in the future, it's pretty much taking the uncertainties of future chargebacks when using electronic payment cards and giving Bitcoin it's own (worse) version of the problem.

It damages Bitcoin's properties as a medium of exchange, hence, no.

Who said anything about a computer doing it?   Bitcoin doesn't solve banking/money on its own, it is just a tool for people to use.   My system would only be software tools to facilitate the creation of:

  Secure Identity that can be used to sign 'open contracts' or 'commitments' to follow well published and accepted 'laws'.
  Software to quickly validate in seconds whether the person you are about to transact with has already signed a minimum subset of laws and a compatible arbitration path.
  Software to do a 'background check' for published arbitration decisions that have not been followed.
  Software to quickly verify surety deposit for an individual.
  A website to publish / publicly shame individuals whom fail to agree to ANY arbitration path or whom have to followed the result.

In theory the purpose of this software is to allow 'instant' background/credit checks on the individuals you associate with.  It would be a tool to allow honest individuals to recognize one another at a distance and have a high degree of confidence in their transactions. 

   There is nothing for the computer to 'get right' every single time, the computer is merely indexing / searching / comparing digital signatures and web-of-trust graphs.   Ultimately this is enforced by people choosing to trust one or more surety funds, arbitration courts, and insurance funds.

bytemaster this is different than what im talking about which is the btc network tainting money that was somehow deemed stolen, used in commerce for "contraband", being the victim of abuse of the term "terror", or for whatever future arbitrary politically correct reason, etc, making it unspendable and extinguished no matter who owns it at the time, decided by what algorithm or person it doesn't matter, it's a bad idea IMO.

It sounds like you're talking about something like bitcoin-otc, except not with trading integrity reputation, but whatever law abiding reputation people choose to care about in their counterparty. People already do this face to face or by word of mouth with local transactions, so i don't really have a problem with it. Your thing might be subject to the same abuses like slander, fraud, pseudonyms, etc that word of mouth or bitcoin-otc might be prone to, just saying. Sounds like you got a lot of thought in it though. Sounds pretty useful actually

- Let us say somebody has a high hashing power and is thinking to attack the bitcoin network. He realize than he has more to profit if he uses his hash power if he begins to mine bitcoin and will make the network stronger with it.
- Now let us say a government agency knows that a specific bitcoin address is hold by an unpleasant person, human right activist or drug dealer or terrorist. The government will spend millions of dollars to find out the real person behind the bitcoin address and may be will prosecute bitcoiners and damage the network. Now we should use the same principle as with mining. Let us redirect their efforts for the benefit of the network.
We could introduce a specific transaction which can block spending from a specific address. If somebody pays 1% from the amount hold by any bitcoin address for each found block for the miners the miners will rather accept his reward than to introduce the transaction for a low transaction fee.
For ex. a drug or weapon dealer want to pay for a deal from a known address with 2.000 BTC. The government can buy bitcoins and pay a blocking fee available from the satoshi client 20 BTC/block and 100 BTC/h. In a critical deal for 1.000 BTC (50% ff the hold amount) they can block a trade. This fee would be necessary to avoid misuse against concurrents and to limit for really important cases. It would be to costly to block BTCs hold by human right organizations but it would be payable to stop terrorist transactions in critical moments

This approach is much more to my liking as it is entirely free market, there is only one problem.  As law enforcement you would pay money only to DELAY their spending of that transaction.   The costs will exceed the value of the blocked money eventually and eventually that money would become available again.  Because the 'bad guys' can also run a mining pool they could profit and earn 'interest' on having their money held.

The most that this could accomplish is to slow down 'rapid movement' of funds at a very high price to society.

Correct. This would be not a perfect solution but would solve some high security problems. If terrorists run a mining pool that would make additional costs and effort for them and would provide also an additional profiling info so it would contribute this way also to catch them.
For terrorism the society pays anyway a high price and this solution could be in some situations cheaper then pursuing with only conventional methods.
For example governmental agencies find out about a weapon deal between terrorists and weapon dealers and they know the BTC address from where should be payed.
A 100.000 $ deal they could block for 50.000$ network fee for 10h and in the mean time they catch the terrorists. If they wouldn't do that the terrorists could make a damage with the acquired weapons worth of 100 million $. If they would move 10.000 police officers to make investigations it would cost also much more.

Terrorism is a non-existent structural problem. First of all, it's not structural. It's not ongoing. Second, it's not political. It's not achieving anything. Third, it's not economical. It's not consistent. Fourth, it's not even cultural. It's a bunch of losers.

Anti-terrorism is the biggest nail hunting hammer that could possibly exist.

Tainting is a solution from someone who can't come to terms with the reality that perfecting a system is not the same as improving it and in most cases it leads to mass graves.

I will collect tainted coins and hand them out at a premium.

"Of all tyrannies a tyranny sincerely exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies. The robber baron’s cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good will torment us without end for they do so with the approval of their own conscience." - C S Lewis

I'm sure some of you taint supporters will feel outraged at my post.

How dare he?
Does he not trust me?
I've never stolen from anyone!
I am only trying to help!

Please get over yourselves.

You're insignificant in my position. I have not considered your personal special unique individual character at all. It's your entire species I have a problem with.

"If they wouldn't do that the terrorists could make a damage with the acquired weapons worth of 100 million $."

Does this guy visit you every night?

http://24.media.tumblr.com/tumblr_lmhzw718vW1qjheq2o1_500.jpg (http://24.media.tumblr.com/tumblr_lmhzw718vW1qjheq2o1_500.jpg)

Reminds me of: http://www.youtube.com/watch?v=rU6-D3_2j5A

This is so true, and I kind of assumed that at this stage still, the type of people attracted to bitcoin for its differences with regular money already knew this, and are attracted to it because of this.

"The war on terror" is just an excuse to erect police state infrastructure, just like the "war on drugs" is, perpetrated by the power elite, their media cartel, and the posturing stooges they make available for us to elect.

If you can't see it, then ask, would real people, who actually value freedom, be truly scared enough about these or any boogeymen to strip, bend over, and throw away the vaseline? Because that's what's going on. Ask yourself how this is even possible.

Tainting money is part of this infrastructure. This same trinity waging these fake fear wars will already control, by default, what money gets tainted, starting the very moment such a system were to come online, instantly. This is enabled and allowed by sheep.

Today, they want to taint "dirty" money, tomorrow it will be to bail out a giant crooked irresponsible bank. Oh wait, that's also today.

It is hilariously ironic that the currency being talked about is bitcoin, but people who appreciate a decentralized currency for its actual decentralized nature will never go for a scheme used by self-styled protectors to abuse users of a currency in the name of a bullshit "war on whatever-we-hype-to-get-your-panties-in-a-knot".

that's a resounding no to Taintcoin, then. Maybe someone should try this out as an alt-coin first, see how popular it becomes in an open market. Perhaps the average person really would sign up, so that political opponents can be labelled as monsters naughty people can have their ability to spend money punished, instead of their actual alleged crime

edit: in fact, the potential for the whole system to descend into a farce of claim and counter-claim, that I suspect it couldn't even work as an alt-coin, it's basically a trolls paradise. All the more reason to never accept such a change to Bitcoin itself

I know this is an old message but I couldn't help but add my 2 cents as a so-called newbie (I've been into bitcoin for 2 years but never posted until the penny dropped last year) and whilst looking for discussion around identity.

What is really needed is a system where the onus is on the individual to demonstrate their trust worthy-ness much like you do on ebay with ratings but also with upload able documents for identification with select institutions.

We are humans after all and need to know to some degree the person we are dealing with. No point sending money to a wallet address to a guy who 'says' he's 'The Next Jesus' if he is actually just 'The Next Scammer'.

My point is, the individual should be in control of their own identity which can be verified by cross reference from a third party after the  identity holder volunteers information to that 3rd party. Users should also be able to rate trustworthiness of other identities associated to wallet addresses for others to see. (i.e. This guy's great. Sold me some trainers)

The coins themselves are free to do whatever they want. A criminal could have a nice proven identity with associated bitcoin address showing that he's a trustworthy office clerk with a nice job. Meanwhile, he might also have another bitcoin address which he uses for nefarious purposes. He's free to send money too/from his addresses. This won't stop law enforcement from being able to do their job which is track down criminals by following the money trail and it also allows humans to build trust between users/companies/institutions.

The problem with tainting coins is that criminals would just stop using bitcoin as a form of transacting. It would no longer be useful for them. Instead, a separate blockchain would be created that allows criminal transactions to occur with translation between bitcoin and these dark coins happening off the chain... i.e. anonymously. So you'd still end up using bitcoins that were from criminal proceeds. You just wouldn't know it.

We live in a mixed world of opportunists. Money needs to flow freely even through black markets and as a transaction tool for nefarious purposes. That's why the USD has traces of cocaine on nearly every bill.

Just my 2cents.