Bitcoin Forum

I got a suggestion to remedy the "stolen coin problem".

Make like a list in the bitcoin client, that you can freely fill and delete with bitcoin adresses.
This list could be linked to a file on your harddrive that autoupdates the list. (so you could automagically update the taint list by removing or adding entires by writing to a file on your harddrive, like taintlist.txt , so you can update it with a scheduled task or cron script at regular intervals, or have a "report stolen coin" feature on your webshop that populates the receiving end on your webshop taintlist.txt with the adress in question)

Everytime a payment is received, bitcoin checks the whole trace (blockchain) for the whole chain of the coin until it reach the coinbase.
If a adress on your list is found, the payment is rejected by sending it back to the sender in complete, without involving any change, thus it does not taint your adress.
Also, any event that would indicate that you received payment, would not fire. (so any webshop script would still wait for payment).
If this becomes too computationally intensive for the clients, the taint list could have some sort of "depth" option that allows the taint list owner to set how deep it will check for taints, and -1 would then mean "to the coinbase".
The depth could be set per address tainted, so you can select a depth depending on how "dangerous" the address in question is. (but it will always search deep as the address on taint list with highest depth).
So adding addresses with a depth of 0 would make these addresses blacklisted, so money coming direct from these adresses are sent back, but not if they passed a untainted address before reaching you.
depth=3 would mean the latest 4 adresses the coin passed may not match the entry in taint list.

Note that this is a feature that everyone would be free to use or not use. Keeping the list blank would make the bitcoin client behave as usual.
This does not change the network at all, since it would be the users themselves that elect to download taint lists and populate their lists with. Simply, the taint lists is "I DONT want to receive ANY coins that have been touched these adresses:"


Then MtGox and other people, such as companies that get their funds stolen, can publish lists of coins they will groan upon, and then ordinary bitcoin users could download these lists and populate their taint lists with. MtGox and such can select to keep "stolen" money for the purpose of recovering it to original owner, by not using taintlist feature at all, thus accepting all payments.

The taint list could simply have so you can even "add" a list to the list, and "remove" a list from the list.
"add" a list to the list, would simply add all adresses in the selected text file, checking for duplicates, to the taint list, keeping any records already in taint list.
"remove" a list from the list, would simply remove all entires found in taint list, that match all entires in a selected text file. (This is good if a trusted web site says these coins have been recovered).

Also "addtaint <address> <depth>" and "removetaint <address>" could be added as RPC calls.

Also a new event could be added, like "checktaint <receiveaddress>" that will return you with a list for your backend system that someone attempted to send you tainted coins that matched <taintedaddress> on your taint list, and coming from <senderaddress>, that was sent back.

If you own a private key that correspond to a adress on your taint list, the client will never use those coins as inputs. All coins contained in that adress would be consideded tainted. The balance would show the balance excluding coins in any tainted adress, and those adresses will be highlighted in some way in taintlist, so you can easly remove these adresses from your taint list.
Same would apply if you own any tainted coins, but only those coins would be tainted, not the whole adress you own that the coins belong into. (and the adress that "triggered" tainting of the coins you already own would get highlighted in your taintlist with another color)

Taintlist would simply be for ordinary people to not get stolen coins into their account and then get their account locked at MtGox and such.

I think one problem with this would be the tx fee (although perhaps not much of a problem now but certainly down the track) as it is quite possible you may have to pay a tx fee in order to "return" the tainted coins (this of course would depend upon the miners).

Since the return transactions are always 1:1 (1 input, 1 output), I dont think they will cause a tx fee so often because the transactions will be small in regards of "byte size", compared to the money value.
And in the cases they would cause transaction fees,  the coins could be simply locked (like you owned the coins at the time at when you added it to taint list) instead of sent back. Then the node operator can force a sendback at his own expense. This can also be accomplished by a rpc command: "CleanTainted" which will send back all coins that are currently tainted and owned by you. (not including any untainted coins in a tainted adress owned by you)
This can then be precalculated, so it knows in advance if the transaction requires a fee, and then lock the coins instead of auto-sending them back.

Coins can be sent back at the first adress in the transaction spending the tainted coins to you.

Also to make this clear, there is 4 states a coin can have regarding tainting:

1: Untainted coin in a untainted adress: The coins have never touched a adress that matches a condition in the taint list. The adress that the coin is placed, is not on taint list. Those coins MAY be used as inputs.
***In other words, the coins are completely clean***
CleanTainted will NOT send back these coins.

2: Untainted coin in a tainted adress: The coins have never before touched a adress that matches a condition in taint list. But your adress that currently are storing the coins are tainted. ANY coins in this adress will NOT be used as input.
This means that anyone that receives coins from this adress from you (if you manually remove the adress from YOUR taint list and then resend coins), and also have downloaded the same taint list, (lets say "MtGoxTaintList.txt") will reject your coins.
***In other words, you have added one of your own addresses to your taint list, but the coins themselves are clean***
This can happen if you download a taint list from somebody and this taint list contains one of your adresses.
CleanTainted will NOT send back these coins.


3: Tainted coin in a untainted adress. The coins have touched a tainted adress, but your adress is not tainted. This means this specific coin will NOT be used as input, but any other coin in this adress MAY be used as input as long as it not tainted.
***In other words, the coins have touched a taint-listed adress***
CleanTainted WILL send back these coins.

4: Tainted coin in a tainted adress. The coins has touched a tainted adress, AND the adress currently storing the coins are tainted too. No coins from that specific adress will be used as input.
***In other words, the coins come from a taint-listed adress, also, one of your own adresses are listed too***
CleanTainted WILL send back these tainted coins. (not untainted coins, see case 2)



Such a tainting system, will allow people to create and publish taint lists. Think taint list like these URL Blacklists and lists of malware-infected sites out there. You can hand-pick the best lists of tainted adresses, you can download them all and then auto-update taintlist, or you can modify the taint lists, for example removing (whitelisting) entires before importing the taint list.
Or you can create your own taint lists.

Its up to each end user how they use the taint list feature.

Also, taint list will not only list "bad" adresses. Taint lists can for example list all adresses that have been published on the internet (like those DNSRBL's that list every end customer that is not expected to have a mail server) or whatever. Its up to each user which taint list they download and use.

A lack of fees doesn't invalidate a transaction, it merely delays it.  Assuming that something like this catches on (and I pray it won't, but fear it will), a no-fee return will loiter on the network until someone includes it for free.  Some miners will probably even make a point of including them as a public service.

Speaking of fees, how will you handle that?  If I spend some "tainted" coins and include a fee, will the coinbase of the block including that transaction be tainted?  All of it, or just part?  And which part?

(In case anyone is wondering what I mean by that last part, pay attention:  coinbases are atomic.)

Nope. Coinbase will never be tainted, since mtGox and such does not consider them tainted. Its possible for to example MtGox to dig deeper into such blocks and check the taint, but that would punish the miner because the miner cannot help that he got a tainted coinbase as reward.

I don't think exchanges like MtGox and such would lock accounts belongning to miners that mined a stolen TX fee. That would be counterproductive for the BitCoin network since it discourages mining. Miners can also not say no to a TX fee, the reward (50BTC current) and TX fee are melted together and cannot be separated without tainting both coins if we were for checking tainted TX fees.

So I agree with you, no taint checking on fee's.

So...  All I need to do is modify my mining rigs to launder all of my taunted coins by including (but not broadcasting) transactions spending the tainted coins, but with generous fees.  That was sure easy to bypass.

Miners can decide which transactions to include in their blocks.  It's well within their power to refuse to mine transactions with 'tainted' inputs.  Then they don't end up with tainted mining fees.

Not that I think anyone should care.  It's hard to know whether the person sending the tainted coins had anything to do with the alleged theft.  We can't always know for sure whether there even was a theft.

dooglus: Yes, but we still need to have incentive for mining, regardless of if the funds are stolen or not. And yes, you can send your coins to null and put the whole coin as fee, but then it would be random if you get the coins or not. Another miner might be lucky and "pick" up your coins.

I still think that MtGox wouln't "care" about stolen TX fees. They just track everything until their coinbase transaction, and not going any further. Since of the nature of TX fees, you cannot know which part of the coinbase that is stolen.

The proposed taint checker list is for ordinary people that want to avoid ending up with thier exchange account locked and/or confiscated due to stolen coins.

T'aint a good idea. 

Who decides if a coin was stolen?  Who really knows exactly what happened?  The best answer is "nobody".   Do you trust somebody you don't know to tell you if some other people or transactions you didn't know were in the right or wrong?  Maybe you do, maybe you don't.  The point is, the network shouldn't care. 

After all, the coin was never stolen: only the private key may have been.  The coin is right there in the block chain where it always was.  Coins can be marked, and tracked, but they are still coins.  The marking is just that, a mark (a unique history of public keys), and it is up to you to interpret that.     

If you want to analyze the block chain to follow transactions and track down an enemy, go ahead.  However if you ask me to keep a list of coins you like or don't like, I'm gonna say no thanks. 

   
 

If you take a withdrawal from Seals and don't like the coins you can send them back to the address they came from and you will not get credit to your account for them or you can send them to a deposit address and you will get credit for them. I imagine this will be how most sites work, so be careful.

Likewise if a friend sends you coins from a webwallet and you return them to the sending address neither of you will have the coins anymore.

This.

We need a form letter for these threads.  Something like this (http://craphound.com/spamsolutions.txt), but customized for bitcoin.

Tainted Coins bullshit = death of Bitcoin.  Period.

Bitcoin is already more complex than most users have the patience for.  Adding a whole level of complexity trying to make irrevocable coins revocable is just pointless and stupid.

1) How do you prove theft? Lets say hypothetically that Bitcoinica was lying and they were never robbed.  Oops you just started tainting coins based on a lie.

2) If you base tainted coin database on investigations who does the investigations?  A central agency?  Great concept for a decentralize currency.  If it is just based on hearsay then those who wish to do Bitcoin harm can simply make up thefts and report them adding noise to an already noisy system.

3) You have also created the ability to create the ability to generate revocable irrevocable transactions.  I send you coins, you send me product I decide I don't like the price/quality/your attitude so I say "give me a 10% refund" or I claim the coins in transaction xyz were stolen.  So you refuse I claim coins are stolen and now tada you lose 100% instead of 10%.  Maybe next guy decide 10% blackmail is cheaper than 100% loss.  Irreovacability is a cornerstone of Bitcoin.  It is a selling point to merchants.  Saying unlike Paypal payments are irrevocable (except when they aren't due to theft fraud and blackmail) is hardly a selling point anymore.

4) What happens when a naive user accepts tainted coins?  They just are just fucked?  Thief gets the money and sucker is holding a bag of worthless coins  When that start happening in mass (and yes it will be the naive and new who feel the brunt) they will leave, bad mouth Bitcoin and the currency becomes less accepted and more fringe. Try explaining to potential users that scenario and how it isn't Bitcoin's fault and they just need to be sure to check this database (or set of databases) and they are safe as long as the theft isn't in database yet in which case they still might lose even if it isn't there fault.  Potential user says "fuck that" and uses Paypal.

5) If transaction fees are always free from taint well I will take my stolen coins and launder them through blocks I mine (or blocks I pay other people to mine).  Nobody thought of that aircraft hanger sized loophole?  I create bogus transaction from x to y w/ generous transaction fee.  I never broadcast it to the network but I include it in a block I am mining (along w/ other transactions for camouflage).  Over time all the stolen coins will slowly be converted into transaction fees.  Tada all taint-free!

6) What happens if a theft isn't discovered right away.  Say Bitcoinica didn't notice the theft until 3 days later.  Thief sells the coins to third party (who diligently checks the stupid "Tainted coin database" and they show as clean.  Thief gets cash/blow/hookers/gold and 3rd party gets stolen coins.  When 3rd party tries to transfer them Bitcoinica (as an example) detects theft and reports it.  Coins becomes blacklisted but theif has already escaped.  Thief = 100% profit, Bitcoinica = 100% loss AND 3rd party = 100% loss.  The flip side of that is what if the the "3rd party" is the thief just using the delay to create plausible deniability.  How many times does that have to happen before someone doesn't trust Bitcoin.  Say a major gold exchange accepted Bitcoin and found out 4 days after a $200K irrevocable transaction that the coins are worthless.  Oops?  Think they are going to endorse bitcoin?

7) You will have to pay a fee to return the coins because the age of coins reset to 0 after a transaction.  Miners don't include free spam transactions for a reason.  Your transaction will be indistinguishable from spam.  Miners who foolish allow these transactions without fee will also allow the network to be attacked with terabytes of spam.  

8 ) The coins being blacklisted will simply create an opportunity to sell coins back to the owner.  Say thief couldn't transfer coins (unlikely given #1 to #7 above but lets pretend),  thief could contact Bitcoinica and offer to sell them the tainted coins for 30% on face value.  This simply makes Bitcoin like any other stolen property.  Thieves rarely get face value for anything from hub cabs to priceless works of art.  If Bitcoinica accepts they still lose 30%, thief is still profitable and the incentive for theft exists.  If Bitcoinica says no they lose 100%.

TL/DR
Keeping uniform accurate accounting of reported thefts, lies, blackmail, etc is simply impossible in an anonymous decentralized network.  At best it will still be based on incomplete information and inconsistent.  Thus those advocating for a tainted coin database are advocating centralized control using verifiable identities.    If I need to prove each transactions, show my identity and get it cleared through a central agency why am I using Bitcoin again?

When people lose confidence a currency has the value they think it has as the time of the transaction it ceases to be a currency.

DeathAndTaxes: I think you misunderstand now.

The idea of the Taint list is not to have some central authority.

Anyone can host a taint list, like those DNSRBLs. I can host a anti-spam DNSRBL. You can host a DNSRBL.
Then everyone is free to use the DNSRBL or not. So you can select to use for example my DNSRBL in your mailserver, and reject mails to your server based on my criterias.

Same with taint list, you select which taint lists you want to use, and you reject coins to your account (=all adresses your bitcoin client recognize as yours) based on these lists.
And taint list does not only need to include stolen coins, it can be "bad" coins in other ways.

The *each end user* decides if they want to use taint list or not, and downloads the taint list they want.


"Who decides if a coin was stolen?"
You decide. Taint list is a tool that lets you reject depoist in your account that have been in touch with a specific adress.
You decide if you want to download a taint list from Bitcoinica listing addresses that Bitcoinica had their coins stolen to.
You decide if you want to download a taint list from me where I list adresses where coins were stolen from me.
You decide if you want to download a taint list from MtGox which MtGox list addresses they deem contain "stolen coins" and not accept any exchanges for.


About TX fees: How long do you need to wait for a small 1:1 transaction to be admissable on the network without fee? Maybe the taint list feature could wait so long.

That doesn't solve the problems listed and only compounds the complexity (and user unfriendlyness).  Can you not see that? Person can use coin A with merchant 1 & 2, but not 3 & 4 and coin C with all merchants except 4 and Coin B with only merchant A and nobody takes coin D.  Each sale would require the buyer to check with merchant determine which taint list they are using, ensure they have latest list, scan their coins to find acceptable coins and send them.

Yeah new users looking to buy a game on steam, some weed from SR, or play some online poker are going to go through all that bullshit.  New user who is savy enough to check 9 tainted lists only to find out his coins are rejected on 9 more lists he didn't even know exist is unlikely to be holding coins he can't spend WHERE he wants to spend.

Have you ever heard of: http://en.wikipedia.org/wiki/Fungibility

If a coin is accepted by less than 100% of the community it has less value.  How much value depends but it will never be face value.  So some coins are worth 1 BTC and some <1 BTC.  Someone agree upon a trade for 10 BTC only to find out the 10 BTC he got other people consider "bad" and thus are only worth <10 BTC IF he can find someone willing to trade them for "good coins" is not viable for a currency (any currency).

HELLO FUNGIBILITY IS THE CORNERSTONE OF ANY CURRENCY OR COMMODITY.  
No fungibility = no currency.
No fungibility = no commodity.

I am going to put you on ignore so I won't see any responses.  It isn't you it is me, this kind of short sighted "do something" just burns me up.   The wish to block tainted coins reminds me of people after 9/11 pushing to do something and we are stuck with the fucked to all hell Patriot act.   Maybe take a step back and look at how you are acting from a place of fear and what you are proposing would kill Bitcoin.   If that happens any successor will be built to make tracking impossible.  Now the good news is that if we are lucky taint databases won't go further than you can throw them but that doesn't make the idea any less dangerous or stupid.


My promise:
If tainted databases do exist I will be buying tainted coins for the sole purpose of spamming them to people who use tainted coins databases and let them rack up massive fees in trying to return them.  The bad news is that means I might have to deal with filth like coinexchanger to get my spam currency.  (shudder)

But what should we do? MtGox and such exchanges are locking the accounts of people who use "stolen coins".

We need to have something so people can avoid any coins that for example MtGox has deemed as "stolen".
If this feature would be included, most merchants would have a "stolen coins we don't accept" list on their website.

Its the same as IRL. When there has been a big robbery (and with big I really mean BIG robbery), the bank publish a list of serial numbers that is "blacklisted" and merchats are told not to accept these notes/bills (Often in the form "Do not accept a 500 SEK bill that is beginning on 4567 or 8723"). And if they accept, the bank will refuse to cash in their notes/bills to their company account.

Holiday: You would notice if there was such a "blacklist" of certain notes. We have had some in a suburban area here in sweden. The bank putted up notes on windows to shops telling people "Not to trade with any 500SEK bills beginning on digits XXXXXX" and the note had a image of a 500SEK bill with its first digits of the serial number circled.

Probably a robbery in the local bank so they made sure to recover the money by "blacklisting" it.


Hollyday: I don't understand? Why boycott MtGox? Its not their fault that people hack other merchants/echanges and steal their coins/private keys.

D&T's post is spot on.  There are too many unsolvable problems that taint tracking introduces: it will hurt honest actors more than thieves.

That's a waste of time.  The only way to combat this problem is to increase the cost of coin-stealing attacks-- namely, by decreasing the cost of implementing decent security for coins that are stored online.  Otherwise you'll continue to see hair-brained coin-taint tracking schemes pop up.

Irreversibility without freely accessible (and easily implemented) security will always be seen as a bug.

A solid perfect argumentation as much as I can see.

Plus the good news is: You do not have to deal with the filth. Let the rest of the world accomplish this task.
My promise: They will! They have no choice.

I understand the problems. Thats why the taint list should be entirely optional, and that theres not a central authority of taint list, instead each other uses any taint lists they want to use (like DNSRBL's).

The problem we need to solve is that exchanges start locking accounts because the money come from a stolen source, like paypal does.

This will hurt bitcoin webshops, that have delivered the goods but have got worthless money they can't do something with, because nobody wants it, altso the webshops gets their other money locked too. Look at the person who got 7BTC stolen money into his MtGox account and his whole account was locked, even with all other bitcoins.

Thats why we need some easy feature, that indivuals can use to reject any "stolen" money. I saw a handshake idea in the forum that prevents sending money to somebody that does not want it, that would be a good idea, then the money can be rejected before it even are transferred.


What about whitelist then? Same feature, but instead you whitelist trusted senders and nobody else can send money to you.


Try to brainstorm about this, it must be some solution there that prevents peoplr from getting their exchange account locked because the money was stolen.

Now im not talking about that single piecie of stolen money when talking about locking the account. Think of 1BTC that was stolen, and I depoist it in my 1000BTC MtGox account. Now 1001BTC is confiscated if I don't have a good explaining of why I got 1BTC of stolen bitcoins. Thats why we need taint list.

So people receiving stolen money can prevent it from being used, and webshops can prevent getting stolen money into their webshop wallets, because even 1BTC of stolen money can lock the webshop's MtGox account with tousands of BTCs, even if the webshop would happily return that 1BTC to the rightful owner.

The worst part is that I don't think that anyone can stop such a service from existing.  Misguided as it may be, enough people are going to want it.

All Coins = whitelist + blacklist + unkown
Everything that is just a subset of all coins can be used as replacement for the term Tainted Coins bullshit
The argumentation will work the same way.
Think of bitcoins as if they were firewood, once in the stove ... lost for you ... regardless whomsoever had put them in the stove. Heat is there wood is gone. Now you can ask for a refund for stolen wood in heat or wood. But what if this was stolen before?

The difference is you can´t tell firewood apart but you can tell bitcoins apart.
But that doesn´t solve the issue. It just says you know your money is dirty. It does not help you to decide on any money on its way to you.

Translation: Play the way I tell you to play or I'll shit in the sandbox.

People should be free to choose whether or not they accept certain coins for transactions. Forcing them to accept and deal in stolen property is wrong. If they choose to do so then so be it, but nobody should force them to. I thought one of the benefits of a free market meant you could choose who you do business with, and why. Guess I was wrong.

Let me put my tinfoil hat on and speculate that those who are crying loudest against this have a vested interest in keeping the status quo because they know they have stolen coins in their possession.

And they're going to continue to want it if a large enough amount of coins regularly get stolen from well-known Bitcoin services.

Remember that when Mt. Gox got hacked, one guy claimed to have bought over 250,000 coins and withdrew only about 650 of them because he thought withdrawing all of them would have been exploiting a bug.  That's quite a large percentage of the total coins mined, the potential theft of which hinged on one guy simply deciding whether or not he wanted to try to take all of them!

The fact that people are actually storing sizable numbers of Bitcoins online, before there is widespread, simple support in the client for multisignature transactions is just ridiculous.  So is trying to convince the same people _not_ to concoct coin-taint tracking schemes by any means other than direclty improving Bitcoin security and making it easier to implement.

Sounds jolly good in my ears, too good to be true.
Question: How will they decide?
They have to decide in advance about a thing they can´t see.
Ok they can reject those coins later, but how to get the firewood returned?

Assume me having false coins in the wallet. Should I return them to the so called appropriate owner or the one whom I just sent some of my coins as he has tainted coins now. What if I mixed some tainted with non tainted coins and spent all of them?

Off the top of my head, I'd say a hotwallet to for incoming transactions, if the coins pass inspection then they get put into the main wallet. You don't ship whatever good or perform whatever service until you are satisified with the coins. There are very few businesses that require an instantaneous response when someone sends them bitcoins, so a minor delay to verify coins won't hurt. If the coins are tainted it would be up to the recipient to determine what they do with them.

This could, in fact, be written right into the bitcoin client. User provides a list to the client of what he feels are tainted coins and the client then scans incoming transactions and compares them to the blockchain. The user is alerted if there is a problem. I wonder if etoh can't be convinced via a rather large bounty to implement such a feature in his Armory client.

For those of you who think this will kill Bitcoin, then perhaps Bitcoin was never a viable project anyway and should die in a fire and we should move on to Bitcoin 2.0.

You cannot prevent people from transferring coins to your address.  So people who disagree with the tainted coins system could browse the blockchain for "clean" addresses, and do giant batch transactions sending each address a satoshi.

If they are mining as well, they can include the transactions in their own blocks, so transaction fees for sending large, spammy transactions will be sent back to themselves. 

If you send these satoshis back, you will still have to pay the transaction fee: they can make your coins tainted, or make you go broke trying to prevent them from being tainted.

I think you misunderstand.  Addresses don't get tainted, transaction outputs do.  It's possible to have clean and tainted coins at the same address, from different transactions.

You only get the transaction fee if you are the miner that actually finds the block. Otherwise someone else gets it. This mechanism protects Bitcoin from spam attacks disrupting the network. Otherwise a malicious attacker could try to spam the network with millions of transactions. The transaction fees make this too expensive to pull off. So no, somebody isn't going to perform an attack like that.


The Bitcoin protocol allows you to specify the number of and the precise transaction inputs to use in a transaction. Meaning if you sent me 10,000 satoshis from 10,000 different wallets, I could send them all back to you in a single transaction, and *only* those satoshis regardless of the other coins in my wallet. Or, I could (one day) simply blacklist those transaction inputs so my client never uses them. Meaning that the tainted coins die right there. They never get used, they are out of circulation, and the rest of my coins are pristine. If you follow the coins via the blockchain they will simply stop at that address. Bitcoins are atomic, they have to be or the entire system falls apart. You can trace every single satoshi in your wallet all the way back to its genesis block.

 

As a miner, you can hoard a transaction.  So you could create a transaction that does not get broadcast unless your miner finds it, in which case it goes through.

I was talking about sending 10,000 satoshis to 10,000 clean addresses, rather than what you are saying, because I think this sort of "shotgun spray" would be much more effective at tainting.

As for the last part of your response, that is entirely true.  But with current software there is a high chance of making a mistake and accidentally sending the tainted satoshi through, tainting your target recipient.

Dooglus is right though: a smart implementation of taint could prevent many of these problems by tainting transaction outputs rather than whole addresses. 

+1

That's a stupid idea.

If this goes through, I'll buy up tainted coins for cheap. Then I'll mine dummy txs to myself, using the tainted coins for huge txs fees. Since I won't broadcast them, sooner or later ... PROFIT

Now if someone decides to taint coinbases too if they include tainted fees that's even worse. In this case miners will start a war, because they won't like having their blocks taken from them when I declare some of my satoshis used in fees stolen retroactively. And I'll make sure to include a satoshi in every mined block, thus sabotage mining completely.

Either way, the potential for abuse and damage is huge and far outweighs benefit.

-coinft.

That should only take you 6 or 7 months mining by yourself, provided the difficulty stays the same (and it won't). Again, spotting the outsize txn fee won't be hard and marking the entire block as tainted will be easy to do.


You will be a long time including a tainted satoshi with every mined block. Also, why do you think 1)anyone would care about your 'stolen' blocks, and 2)people would declare an entire block tainted because of a single tainted satoshi in its coinbase?

If you think you can destroy Bitcoin, then please try. Personally I think that it is a bit more robust than that and can withstand whatever you can throw at it.

Someone that stole thousands of coins could easily include overly generous fees in lots of blocks, not just their own.  Spotting those fees won't be hard, but most of them will be decoys.

Real life money laundering also has poor returns, so don't imagine that someone would be unwilling to lose 90% to have a clean 10%.

What about w/ 20 GH/s.  What about if mining pools did it to increase revenue?  Marking whole block as tainted?  So if I include a tainted laundry transaction and 999 other valid transactions then all the unrelated transactions become tainted too?  Wow.  I think you realize how foolish that is. 

If any element of the block is "taint free" (like transaction fees paid to coinbase) one can simply funnel the coins there.  You claim it will take a long time but a 20 GH/s farm will find about 2 blocks per week.  If 2% of transaction is cleaned via fees per block then roughly 1/2 of the tainted amount will be clean in 3 months.

Are you going to taint the coinbase of every block w/ >=2% fees?  If so some sabotage is very easy.  Simply submit some tainted transactions w/ 2%+ fee to the network and let a pool pick it up.  If deepbit picked up one then 2,000+ innocent miner's now have tainted coins according to your precious database.

If fees remain taint free then cleaning coins via private mining becomes trivially easy.  With a higher % going to private fees and more hashing power one could clean funds even faster. 80%+ of the principal in 30 days.  Using transactions w/ 3% fee rate and 100 GH/s you could clean 70% of any principal amount in 30 days, and 99% in 90 days.

Miners will do a lot for > PPS.  You don't think someone will start a 100%+ PPS service to get 100 GH/s+ and use them to launder coins?  Someone either could do it for themselves or they could do it as a service for clients.  Charge someone 5% to launder coins, pay miners 103% PPS, keep 2% profit.

Starting to see how the only people snagged by your asinine "taint list" would be noobs, 3rd parties, and patsies.

You seem to be dead-set to it, together with some folks at MtGox.

What you made here, my sir, is a really great post. I see a brilliant future in mining. Maybe its time to start thinking about funding a dark mining pool.

Agreed.

I meant the coinbase portion of the block, obviously the inputs and outputs of all the legitmate txns don't matter and can be sorted normally. Sorry I wasn't clearer  ::)


I'm gonna go out on a limb here and say that none of the major pools are going to start laundering coins. Any pools that do will be quickly spotted in the blockchain. Your 2% fee of your private 20 GH/s is also BS. 2% of what? Currently fees for most blocks are well under 1btc per block. You will mine for a very long time if you are finding a block every two weeks and have fees that are under 1 btc. Any blocks with greater fees can be flagged and examined. 1btc is arbitrary, that can change (and probably will).


You assume every miner is as mercenary as you are. They are not. And again, any coinbase found by said service can simply be marked as tainted. Most miners won't mine somewhere that pays them in coins they can't sell at the exchange.


What I am starting to see is the noobs and patsies being snagged by your hyperbolic rhetoric. It is readily apparent that checking for stolen coins will hurt your profits somehow, given the virulent 'sky is falling' assault on the idea. If you don't like the fact that someone can go through the blockchain and trace every single transaction (and then make decisions based on it), you can try to change the protocol (HA!) or start your own blockchain. Your willingness to attempt to destroy Bitcoin if anybody tries this says a lot about your character (or lack thereof). As I have stated before, Bitcoin is far more robust than you think, and if it is not then it should die in a fire and we should move on Bitcoin 2.0

Actually, I think making bitcoin more anonymous and fungible is a worthy cause. The right thing to do.

As for mercenaries, you only need a small % of all miners to enter a scheme like this and fascist exchanges would be completely overwhelmed in their regulatory mess.

The 2% transaction fee (in example above) would go back to the owner of the input address via another address thus it has no cost.  The fee is simply a mechanism to obfuscate the ownership of the owner to obfuscate the ownership of the coins.  The higher the fee and/or hashing power the faster you can funnel but there is no reason it couldn't work at any fee level.

You are really thinking you can taint the transaction fee of any tainted transaction which is too "high"? Honestly have you thought this through?  How high is too high?  2%, 1%, 0.5%?  What happens when someone puts transaction involving tainted coins w/ "too high of a fee" (how high is too high?) on the network as a poison pill.  They will get picked up by pools and hashed into the next block.  The transaction fee will go to hundreds (or thousands of miners).  You think every pool (and that includes all 300+ nodes on p2pool) is going to run your checks and exclude that transaction from the block. As block rewards decline do you think any pool can afford to exclude valid paying transactions?  If a single one doesn't then tainted coins from a transaction w/ "too high of a fee" (as absurdly vague as that is) is now in hundreds of wallets.  Their coins are now tainted forever?  

If you don't taint the transaction fees of transactions which have "too high of a fee" then coins can be funneled through transaction fees.  If you unilaterally decide 2% is too high then it is trivially easy to create "cleaning" transactions with random fees between 0.2% and 1.3%?  By combining these with clean inputs, and real transactions, and hundreds of addresses one can make it difficulty to identify which coins if any should be blacklisted. 

So which is it?
transaction fees of tainted transactions are taint free (which allows laundering funds through bogus transaction fees)

OR
transaction fees of tainted transactions are tainted (which allows a single transaction to taint the wallets of hundreds of innocent miners)?


As far as your personal attacks.  FUCK OFF.  I don't use stolen bitcoins, I have never stolen Bitcoins.  Me pointing out the ridiculously easy flaws in your scheme is academic.  If I can think of giant exploits in 5 minutes an attacker sitting on $250K will certainly have the motivation to think of more elaborate bypasses. Idiotic systems like yours will hurt fungibility of Bitcoin and that hurts all users including myself.

Currency must be fungible to be effective.  This basic fundemental of economics is why countries pass legal tender laws.  A dollar is worth a dollar because it is accepted everywhere in the US and buys you a dollars worth of goods.  If some dollars were worth more, and some worthless, and some accepted by some merchants and some by others it would fail as a currency.

Less fungible Bitcoin = less effective Bitcoin = less adoption = less value.  Given I have 20GH/s farm and have been mining a long time yes that means idiots like you have the potential to hurt my financial stake in Bitcoin.   If it means me running a transaction fees laundering service or regularly putting poison pills on the network tainting thousands of wallets to show you the futility of your (and Mt.Gox's) actions I will.

The same day MtGox publish their "taint list" I'm cheking my addresses for stolen coins and sending poisonous pills to the blockchain as transaction fees in order to shotgun-spread the stolen coins to the miners.

Let's see where all this madness lead us.

There are two possibilities for tainting: either when coins are mixed together, all of them are tainted, or just the tainted amount that was put in.

The first one has the problem of spreading like a disease.  Whenever someone accidentally accepts tainted coins, it taints all of their other coins.  Someone with tainted coins who did not realize this could spread taint to 100x the # of coins that were tainted to start.

The second one has the problem of being able to create a plausible deniability that you have in your possession any stolen coins. 

Say you have 9 stolen coins, and 1 legit coin.  You mix the coins together, and send 1BTC to each of 10 addresses.  Each of those addresses can plausibly argue, "This is the clean coin, the other 9 are tainted". 

Now, say the police have all 10 recievers in a room.  Which Bitcoin should they confiscate?  0.1 from each person?  1BTC from a random one?  There is no just way to reclaim the stolen material once it has been mixed like this.

You'll have my help when it happens :)

Back when currency used to be metal coins, people would clip them. Merchants would weigh the coins and then determine their value. So for thousands of years, one coin was not worth exactly what another one was. Obviously they were not very fungible, and somewhow they survived until currency went to paper much later on. Are you proposing we should have legal tender laws for Bitcoin?

We can also debate back and forth on the minutiae of attacks and defenses, but the reality is that people much smarter and far more intimate with the inner workings of the block chain will come up with better attacks and better defenses. Just as there is the perpetual arms race in cybersecurity, this too will be one. I don't have the skill to write the code for the client, or the knowledge to solve all the problems, but I can damn sure pay generous bounties to those who do.

And for the rest of you, please, attack the block chain as best you can. That which does not kill Bitcoin makes it stronger. At the end we will have a far more robust and secure system than you think, or we will have nothing. Either way it will be a grand adventure.

The metal weight of the coins was still fungible (if you know their composition), so merchants just had to use a scale to measure rather counting. Some coins had their silver content diluted, leading to them bein devalued or no longer accepted for trade in outside nations, and contributed to their issuers destroying huge amounts of wealth in their own nations.  This is why paper is now generally preferred, because a bill is exact, and you don't need a scale to measure it.

What do legal tender laws have to do this this?  Seems like a non sequitor.

I don't think "Someone is probably smarter than both of us so we should just give up trying to understand the problem" is a very healthy perspective to have on the pursuit of knowledge.  It doesn't have to be an arms race if you know the other side will outpace you, and it will be a net waste of time and money  ;)

D&T mentioned that every government has legal tender laws. Forcing everyone to place the same value on every bitcoin is much the same.


I do not have the ability to write a firewall or antivirus software, does that mean I should just give up now and not purchase/use any?

Oooh, I see.  We are just abandoning logical arguments and distorting each other's viewpoints now.   Well, in that case:
http://www.blogcdn.com/www.urlesque.com/media/2009/11/roflbot-zjmh.jpg

I'm out.

I don't think that any major pool will support this "blacklist" or "tainting". At least I'm not going to use it.
Tainting is a very bad idea.

There is also another very bad idea that comes to many minds: trying to detect and re-mine "forgotten/lost" coins.

Well, if you think just by speculating about how to exploit a proposed new change I can ruin bitcoin, you are right. Obviously I am much more smart than all the bad guys out there, who would never think of this themselves. That's flattering, thank you.

But you are delusional. I don't want to ruin but protect bitcoin. The problem is the bad idea, not a quickly made up plan showing how to exploit it, written in first person for dramatic effect.

-coinft

We are in the early development stage of Bitcoin. This talk of law enforcement is premature. While there should be tools to track transactions, Bitcoin security should be the priority to prevent theft. Other than providing a ledger, Bitcoin doesn't cause crimes. I don't see why there should be any reason to refuse bitcoin transactions because of tainted addresses. Restitution of stolen money rarely happens anyway and because Bitcoin is so secure, it will hardly be worth worrying about.

Obvious sockpuppet is obvious. But we understand the need to hide your true identity.