Bitcoin Forum

I think Mike Hearn is way out of line with all his actions.

What is the correct and fair way to remove Mike Hearn from the Bitcoin development?

Can this be done by community vote?

Can this be done by developer vote?


I have nothing against this person and he can develop "bitcoinj" all he want's and stay a Bitcoin expert (at NSA and Circle or in the media). But he should not be part of the core Bitcoin client developtment.

Bitcoin is a decentralized system.

If you don't like the work Mike does, don't use it! If you don't like the direction he's going with that work, write some code yourself that goes in a different direction. If you don't like where "core" Bitcoin client development is "going", go to http://github.com/bitcoin/bitcoin and hit the "Fork" button and convince other people to join your development effort.

You people seriously misunderstand how Bitcoin works...

Incidentally:

pete@petertodd:~/src/bitcoin$ git log | grep Mike\ Hearn | wc -l
9
pete@petertodd:~/src/bitcoin$ git log | grep Peter\ Todd | wc -l
19
pete@petertodd:~/src/bitcoin$ git log | grep Gregory\ Maxwell | wc -l
117
pete@petertodd:~/src/bitcoin$ git log | grep Pieter\ Wuille | wc -l
583
pete@petertodd:~/src/bitcoin$ git log | grep Gavin\ Andresen | wc -l
939
pete@petertodd:~/src/bitcoin$ git log | grep 'Wladimir J. van der Laan' | wc -l
1013

Whether or not you're a "core" developer is a social statement about how much other people respect your work and opinions. If you don't like Mike's work, do some of your own in a different direction that other people respect. It doesn't have to necessarily be code, but calls for a community vote from a guy with twenty-something posts isn't it either.

If you mean bitcoind development, it would be by convincing the other developers to no longer accept his patches, and convincing the community to not use his patches either. The critical matter, as always, is one of trust.

Here's a good start: why not make the argument in this thread, right here and now, as to what is so "out of line" about "Mike's actions" that the community ought to reject him/his work?

Thank you Peter, so he did only 9 commits. Kinda strange or misleading to call himself bitcoin core developer then.
To give some explanation, I watched his London video and what he says there was finally enough for me.

There is a good discussion under: https://bitcointalk.org/index.php?topic=428777.0

Qoheleth/everbody:
I think he is out of line, pushing for blacklisting.
I think he is out of line, pushing for SSL as part of this payment protocol.
I think he way is out of line, trying to force everybody to proof their identity by verifying their passport.

This is against Satoshis and all earlier crypto-hackers spirit, ideas and dreams.

You're missing my point. Those 9 commits aren't why some people call Mike a core developer just as much as my 19 commits aren't why some people call me one - our contributions are to things other than some central repository of code.

Thus, there's no authority on who is or isn't a "core" developer beyond "people believe you are" - so if you don't like Mike's influence do something with more influence. This thread isn't one of those things.

These are just some proposed solutions to the known problems (he is not pushing anything). If you know better solutions, please share, so that we will be able to choose the best solution available.

I think this not right or misleading.

Who can really reject his patches? Only Gavin, right? Gavin won't reject his patches because they are buddies ...

That's why people are asking for a different way to stop Hearns involvement.

Oh, I didn't realize I was the only person working on that problem. Mind telling me who "they" are so I can ask for my paycheck? Thanks.

(fwiw litecoin hired me to implement or sub-contract someone else to implement pruning of some kind in a fairly open-ended contract)


You're welcome to implement the non-broken OpenPGP code, or fund someone to do so for you. I'd be happy to manage such an effort if the community wants to fund it and can find some developers - I've written extensively on how to do it elsewhere.

tl;dr: talk is cheap.

Is this a joke? How many millions did this foundation ripped of the community in member fees?
Why do we have to pay for development? This is absurd.

If PGP is a nonstarter, what would your preferred solution be to the problem which SSL integration purports to address?

People who control development control the future of Bitcoin. Better get used to it.

Wrong.

You guys don't hang around github much:

Enable tx replacement on testnet. (closed) (https://github.com/bitcoin/bitcoin/pull/2516)

Drop fees by 10x due to the persistently higher exchange rate. (not getting merged) (https://github.com/bitcoin/bitcoin/pull/3305)

Gavin doesn't have magical merge-by-fiat powers either:

Remove hard-coded fee rules (closed) (https://github.com/bitcoin/bitcoin/pull/3024)

Relay first-double-spend transactions (not getting merged) (https://github.com/bitcoin/bitcoin/pull/3354)

Nor does he have magical powers over the Bitcoin Foundation bylaws:

Add promotion and protection of decentralization to purposes (https://github.com/pmlaw/The-Bitcoin-Foundation-Legal-Repo/pull/4#issuecomment-17411824)

Even in the centralized development structure arguing things intelligently goes a long way, and when your ideas get rejected (https://github.com/bitcoin/bitcoin/pull/2900) in that central repository you can always take them elsewhere, or even to a different currency (https://github.com/litecoin-project/litecoin/pull/79) altogether.



Pieter Wuille is doing the bulk of the work getting pruning implemented actually. It's just taking awhile because the changes he needs to make to the networking code to enable it are quite complex and risky - he's already had to throw out his first attempt at solving it.

As for other scalability issues, Gregory Maxwell, Adam Back, Andrew Miller, Mark Freidenbach, and yes, Mike Hearn are all working on various aspects of the problem, among others. It's just a very, very hard problem.


OpenPGP is actually most interesting, and obviously valuable, for the person-to-person case; you're money would do good things there. (Dark Wallet people are interested in this too fwiw)



People who do development, control development...

+1

I think that Todd is ignoring/ignorant of a lot of the forces that are shaping the trajectory of the solution and placing to much emphasis on the actual codebase.  External factors tend to have a much bigger impact on a project's trajectory than code, and there is now a LOT of interest in Bitcoin from a lot of different directions.

Also, I wanted to get an entry in this thread to more conveniently follow it ;)

If I thought code was what mattered most, I might, you know, actually write some. :)

Yes, SPV clients and micropayment channels are preposterous!  ::)

Edit: I just heard that he's working on getting Tor on by default for Bitcoin wallets as well!  What a monster!

https://blog.conformal.com/redecentralization-robust-developer-network/

You're misinterpreting his point about passports. He was using it as an example of a trusted centralised token.

TOR integration is potentially dangerous at this stage because it's very low hanging fruit for media outlets/vested interests to attack.

If we delayed TOR integration until bitcoin has gotten over many of these attacks regarding its 'anonymity' and 'links to criminal organisations', then they won't be able to lump us in with 'paedophiles' and 'arms traders' quite as easily.

It's obvious you either didn't watch the video of my talk or didn't understand it. If you had understood it, you would know the difference between someone verifying their identity, and providing a zero-knowledge proof that they own a passport. These are entirely different things: the purpose of one is to avoid anonymity and the purpose of the second (what I was talking about) is to preserve it.

I must say, this is one of the most tiresome things about doing research on Bitcoin development - people who simply do not listen or understand yet have strong opinions anyway.

To summarise for other people who didn't/won't watch the talk: in a peer to peer network, there are times when it would be useful to know that the peers you connected to are not cooperating against you. This is obviously impossible to guarantee but we can make it significantly less likely with a variety of techniques, which we call anti-sybil techniques. Cases where it's useful to know this:

• Unconfirmed transactions with lightweight clients with no trusted third party, i.e. SPV clients like MultiBit, the Android wallet or Hive. Once you get a confirmation or two you can put your faith in majority hash power, but with Bitcoin as it works today, until then you have to just ask a bunch of peers if they believe it's valid. If you think you're talking to the real P2P network but in fact you're talking to a man in the middle attack, you could be misled into believing in a transaction that isn't valid.
• For floating fees, you need to poll random peers. You can't rely on the block chain here because it's being created by the parties that have most to gain from lying about fee levels.
• In Tor, you want to pick nodes/relays that aren't cooperating because if they were they could deanonymize you and Tor wouldn't work.

None of today's solutions are satisfying. Bitcoin Core relies on picking nodes spread out across a big range of IP addresses, but anyone with a botnet can beat that. SPV wallets (bitcoinj) just ask the DNS seeds and hope they're doing a good job, but DNS is insecure and the responses could be faked. Tor places much less emphasis on decentralisation than Bitcoin does and relies on a kind of central control by a group of "directory authorities", which can (and do) ban nodes.

So I discussed a couple of other solutions. One is proof of sacrifice, also known as fidelity bonds. For a while I called them "anonymous passports" but given the second line of research this name is ambiguous so I don't call them that anymore. Basically you throw some money away to miner fees and then use the Bitcoin addresses associated with that transaction to prove it was you who did it. With such a scheme if someone wanted to bring up 10,000 bitcoin or Tor nodes that were all run by the same person, that'd be very expensive.

But we don't want running Bitcoin or Tor nodes to require expensive sacrifices. We want them to be as cheap and numerous as possible. So, I suggest a second line of research - use some very advanced and modern mathematics to create a mathematical proof that you possess a passport (the government issued kind) without revealing any information from it. You would literally produce just a mathematical proof that you own a passport which hashes to a certain value. This does not require any co-operation from governments, it just processes data they already issued and they can't stop us doing it. This idea is useful because most people have one (or maybe two/three) passports, but it's very hard to own 10,000 of them. So you can easily get good diversity of nodes, and it's hard for Joe Hacker to flood the network with botnet bitcoinds that screw around with our system. Same for Tor.

Some people have noticed that although this approach would stop a large variety of different attackers, governments could make fake passports and use them. Yes, this is true. However they could also run fake Bitcoin/Tor nodes today too, so it's not making things any worse. And in fact there's a neat move we can make here too - an interesting thing about this new mathematical technique is you can potentially (I think) selectively reveal particular fields, like the country. So your wallet app could pick nodes run by citizens of the USA, Germany, China, Russia and Brazil. Because the worst attacks require the majority of nodes to be bad, this is strong - even if the USA decides to mint a pile of fake passports they still can't do anything bad. It'd require all those governments to co-operate to flood the network, which is a massive upgrade over the situation we have today.

Glancing at Reddit I see comments like "this is a statist solution". I guess a few people don't appreciate the irony of inverting an infrastructure of government control, to build strong anonymous peer to peer networks.

My approach to the solution would be to have a completely open hardware solution for TPM modules with design, manufacturing, and distribution overseen by a coalition including the likes of the EFF.  These would take the place of government issued passports, and would fit the bill of being relatively cheap, but not so cheap as to allow trivial mass accumulation.

To further gain confidence in the node distribution, employ methods like Kaminisky's 'nOOter' and Eli Ben-Sasson's 'PCPs' as presented at the SJ 2013 conference.

The proof technique I referred to in the talk is indeed what Eli Ben-Sasson presented at the conference. PCP's are just a part of it. You have to convert a C program into an arithmetic circuit nd then convert that into a quadratic arithmetic program before you can start creating a PCP from it.

Trusted hardware can be OK, but I think techniques based purely on maths can ultimately be more trustable when applicable.

I don't have a passport. My wife doesn't have a passport. Nobody in my extended family has a passport that I'm aware of.  

I don't think they're as common as you assume they are. You don't need one unless you travel out of the country and in these economic times I bet the number of people travelling is decreasing.

Thank you for working on improving the network but the closer Bitcoin is to digital cash; the better... We already have plenty of centralized and highly regulated options and we don't need Bitcoin turning into another one. There should be no link to your identity outside of a currency exchange for a centralized fiat currency.

The exchanges can deal with identity if you ask me...

If the solutions of today aren't satisfactory then wait for the solutions presented tomorrow. Don't just choose the least harmful out of a handful of poor solutions for lack of a good solution yet to be discovered...

There would be no link to your identity.

I think I'm going to have to find a simpler way to explain this. Maybe a diagram would help. A lot of people aren't getting it.

There's no irony in handing control of those systems to government. In a fantasy world these passport certificates aren't subvertable - they'll always be issued honestly, never duplicated, and the private keys in them will stay in them - but in the real world that's not something you can guarantee. People are worried that we'd find out in a few years for Snowden Jr. that the (three-letter-acronym) had been making up fake passports for the purpose of running Tor nodes - certainly possible - or had been issuing passports that they actually had the secret keys to after all and were signing anonymous signatures using that fancy crypto-math to run said Tor nodes.

Or hell, if this is one-passport-one-tor-node I'm sure these large surveillance/police/military government bodies could just ask their employees to donate their passports briefly to a good cause...

Anyway, two out of three of your examples have better solutions to them; notably there's no need to trust nodes to be "honest" anyway.



Something really interesting re: TPM is it appears you can make open-source community audited remote-attestation-capable hardware. The trick is that you can build hardware that creates the secret keys after manufacturing in some kind of initialization process, yet have the process itself verify the integrity of the "strong-box" the computer is in, and have the hardware implementing that process be designed such that third-parties can take it apart and verify that the hardware would have done that honestly. Pulling off this trick requires a minimal bootstrap routine in ROM that creates the keys on startup - since it's ROM you can pull the circuit itself apart to verify that the ROM was guaranteed to be executed and thus the keys generated securely when the internal batteries were connected the first time.

As for the "strong-box" to provide the tamper resistance, tempered glass and mirror silver work well. The glass is notoriously difficult to breach without causing it to shatter due to the internal stresses, and mirror silver lets you make tamper-detection circuits that detect that shattering and wipe the internal keys. Both techniques are low-technology, yet effective.

Now to verify the remote attestation, you take production lots of these boxes, have third-parties select sample boxes and tear them apart looking for flaws. The chance of getting away with shipping a bugged box is some function of how many sample devices were audited, the size of the production lot, and how good you are at detecting bugged devices. A secondary audit technique is to put Bitcoin private keys in the devicse, pay coins to them, and see if any get spent!

I spent some time a few months ago going through some of the details and think I covered them in principle, but just didn't have the time to pursue the project. There's a lot of details to cover, most of them nitty-gritty hardware level stuff, and you're likely to end up with "reasonable" assurance rather than anything all that convincing. But for Tor routers that's not a bad start. Combine it with Mikes passports maybe for more assurance.  ;)

You're really going to have to work to sell your idea... This isn't a friendly business arena you're operating within and people are used to being screwed sideways.

I'm not saying you operate the same way but you still have to convince people that you aren't.

But they can run fake Tor nodes today, without doing any work at all. And as I pointed out, nothing stops you from picking nodes run out of different countries. The NSA might be able to fake US passports just fine. If they can get the Russian and Chinese private keys, well .... at least all the incentives are right to make that hard.

It really can't make anything worse. You can easily run multiple nodes off one passport. Just don't expect the same wallet app to connect to more than one of them. Tor has the notion of families, it maps naturally to that.

This obligation flows both ways. If I explain why nobody is getting screwed, it's up to people who are worried to take time and understand those explanations. Some people are doing this, fortunately - thanks!

Very true. And you do not need Snowden to tell you this (a short story how espionage guys duplicate passports of ordinary people to run their operations): http://www.dailymail.co.uk/news/article-1261435/How-Mossad-blew-The-gripping-story-Israels-brutally-efficient-secret-service-botched-Dubai-assassination.html

Yes, but faking paper passports is probably a lot easier than faking the digital signatures. Unless the Mossad can break RSA, either:

1) They faked non-NFC passports (likely)
2) They managed to steal the UKPA private key

Given the date of when that event happened, not all passports were electronic back then (they still aren't) so there would have been no need to do anything with digital signatures.

Anyway, like I said, it's still better than the big fat nothing that P2P networks have today. Governments are not the only attackers we care about, remember!

Tor's got a structure that makes running fake Tor nodes not quite as trivial as it sounds. Remember that Tor node operators are not anonymous, and Tor on the other hand is a semi-centralized service.

In any case, my personal objection isn't so much the passports for Tor idea - that's a genuinely hard problem - it's the application of that to zeroconf and fee estimation where there's much better ways to do it by not relying on trusting third parties. That's an example of lazily resorting to centralization when there's better solutions out there.

You know, I don't think I've ever seen you advocate a genuinely decentralized solution to something. It's just not how you think, and the community recognizes this. I'll bet you had I advocated that passport idea people would have chalked it up as just another cool idea from Peter Todd, but I can do that because unlike you I seem to have a generally good reputation for honestly promoting decentralization - among other things I get the sense that people generally trust me not to gloss over the flaws.

Just an idea, but something like Ethereum can serve as the data layer for a fully decentralized reputation system... It seems to me that something along these lines would be less likely to be compromised than any central authority tied into a physical item with a key. a well connected trust web is equally hard if not harder to reproduce than a TPM chip.

of course its up to people as to whether or not they want to use it... If it gained traction i could see instant transactions requiring signing from a key with a trustworthy reputation, and large transactions requiring verification via confirmations as the preferable method.

This would also allow for people in less fortunate countries who are unable to get a passport to still benefit from the increased security.

Some people cannot visualize what they read because they lack the technical understanding of what you are talking about. I personally pretty much appreciate this approach which appears very interesting and not difficult to implement. Perhaps instead to use only passports to produce the mathematical proof, also government issued encrypted keys? I have one stored in an USB stick which is impossible to replicate.

I wrote earlier that Mike Hearn was just using the passport in his talk to demonstrate a centralised piece of ID and to show that there is a better way of issuing zero-trust non-centralised ID tokens based on some recent advances in mathematics.

I now stand corrected and am genuinely appalled at the idea of requiring a piece of real-world, centrally-issued ID to perform ANY activity with bitcoin.

Mike & Augusto - what do you say to the billions of poor and unbanked people around the world who stand to benefit from the personal-banking aspects of bitcoin, yet who don't have passports, encrypted USBs or other forms of trustworthy ID? Why are you interested in centralised solutions that only affect bitcoiners from wealthy nations?

"Don't run a node for SPV clients to hook up to."

People need to start view the Bitcoin network as it is going to look in the near future (if not already.)

(Actually, I have to wait until midnight my time to watch the presentation for bandwidth reasons, but my take is that this is method to limit the potential for that infrastructure providers to cheat.  Some dirt-poor tribesmen in Africa is not going to be an infrastructure provider.  Nor are you and I for that matter.  We are all just SPV clients.  (But that's OK, 'cuz they're so rich, and we ain't nothin' but a dopeman's bitch! (I'm on a bit of an NWA kick these last few days...)))

A lot of the inventive problems with the network right now are due to the anomaly of the block reward being larger than the transaction fee revenue. Subsidies always cause economic distortions, and Bitcoin is no different.

In a future where the transaction rate is high and transaction fee are more important than the subsidy in terms of miner revenue then things start to look a lot different in terms of the miner/full node dynamic.

Perhaps it's better to get the network to that state first as quickly as possible because that's what needs to happen for long term viability of the currency anyway, and then see what needs to be done.

On the contrary, I think many people are "getting it."

Nevertheless, please explain how using government-issued passports squares with "no link to your identity."

Further, what does "trustless" mean to you?

Has your vision of bitcoin always included state-dependent, centralized solutions?

Are you playing the role of "bad cop" to promulgate further regulation of bitcoin?

Is the mention of Tor a clever way to toss breadcrumbs to us while blacklisting some and and passport-linking others?

Are you attempting to establish the parameters of the narrative in a coercive way?

I ranted against core developers, too, only to be set right afterwards so I don't want to be too harsh with OP but I want to express my 100% confidence in Mike Hearn who does an excellent job at pushing Bitcoin in the right direction. Fortunately he is 2 steps ahead of most of us and sadly he's drawn into ridiculous threads like this due to a lack of … mind reading devices? Not sure what could fill that gap when there is such a small number of people that can code the future of Bitcoin/spend their time on explaining it to mere mortals.

I have yet to see Gavin, Mike or any core dev push for anything unethical in the sense of what most in this community see in Bitcoin and I wish OP would be satisfied with what he read so far and mark this thread as resolved to not draw more attention to this non-issue.

https://en.wikipedia.org/wiki/Zero-knowledge_proof

Why don't you actually educate yourself before making a bunch of cryptic accusations phrased as questions? This ridiculous bashing of Mike Hearn has to stop. I don't agree with all of his proposed solutions but I'd sure hate to see a smart, capable individual driven out of the community by a bunch of people who can't even be bothered to understand what they're talking about. This is why Gavin doesn't even bother visiting these forums anymore. Keep making inflammatory comments and all that will happen is that Bitcoin development will continue without any sort of community input.

The Bitcoin community needs both Mike Hearns and Amir Taakis. There is room for both solutions that work now and aren't as ideologically pure and solutions that will work later and are "perfect".  Hardcore cryptolibertarians aren't the only Bitcoin users nor should they be. Look up "Worse is better" vs. "MIT approach". Mike Hearn is proposing things that will work as quickly and easily as possible and advance Bitcoin's utility for your average person. This is hardly treason. None of his solutions will conflict with having the perfect solution later. Implementing X.509 certificates won't prevent PGP from being implemented later. Grandma probably doesn't have to worry about Verisign collaborating with the government to steal her morning coffee money.

This seems right in principle, but in practice I think it downplays the concerns of the OP.

Even if, or especially if, anyone deserves 100% confidence then expressions like this do more harm than good.

Put on your villain hat for a moment and ask yourself who you're going to try to bribe, blackmail, or extort in order to infiltrate and destroy a project. Do you pick the person who everybody is skeptical of and watches closely, or do you try to suborn the person who everybody trusts implicitly?

Skeptical scrutiny protects everybody, particularly people who want to do the right thing but may be under pressure to do otherwise. It's easier for honest actors to resist such pressure they can plausibly claim they would be instantly detected and countered if they tried to harm the project.

You think it's unethical that people get paid money to develop a system that supports a multiple billion dollar economy? That's ridiculous. So not only should the developers do everything your way, they shouldn't get compensated either?


If Satoshi is so offended by the current development team, then why doesn't he come back to denounce them and retake control of the project? He personally picked Gavin to lead the community and he obviously hasn't changed that opinion yet.


I've seen Bitcoin be worth far less.


So basically everybody should be forced to use the solution that meets your standards, even when two solutions can be implemented easily without conflicting with each other? That doesn't sound very decentralized to me.


This is a good point. I defend Mike Hearn because of his behavior, not because of some mythical confidence in him.

You're talking to a crowd who thinks Mike and Gavin are actively working to harm the decentralization of Bitcoin, especially with the NSA leaks showing that the US government actually does spend a significant amount of time trying to damage computer security via subverting standards processes and development efforts - it's a reasonable thing to think. I'm sure many of the posters above would be happy to see them driven out.


Nah, actually implementing X.509 certs for person-to-person stuff does prevent PGP from being implemented later. It's a standard network effect situation so ensuring that the right path is what people go down at the beginning is extremely important if we want to have a decentralized and secure system at the end. For person-to-business the existing infrastructure is sufficiently entrenched that it's not worth fighting against for now, but person-to-person that infrastructure just doesn't exist yet. Anyway, as I wrote elsewhere, you can easily use the PGP technology to get the best of both worlds, centralized CA's, multiple CA's and WoT.

But... if the above posters were serious they'd go do something other than just argue. Donating to the Dark Wallet effort is probably worthwhile for instance.

I don't really see this as being the case. They're two different standards that have two different ideal uses, so the "network effect" doesn't really apply. Plus, from the user perspective the difference between the two is not as large as it is from the developer perspective. To your average user that doesn't know that the differing standards exist, a PGP-based system would seem similar to an X.509-based system, just with some additional features. This would make the transition much easier.


So you'd rather that core developers be financially beholden to organizations like Google or Microsoft than organizations like The Bitcoin Foundation? Or should Gavin flip burgers before coming home to program?


That's a pretty flimsy argument. Satoshi has nearly a billion dollars in Bitcoin. I doubt that he'd stand by if he thought that something was going severely wrong with it.

Personal banking aspects of Bitcoin? Is this a joke? Let me refresh your mind: Bitcoin is a P2P software, not an bank emulator.

Not that it's on topic or anything but never expect an objective answer about Bitcoin from an economist, any more than you'd expect to hear objective criticism of IP from a RIAA employee. Bitcoin was invented to bring their entire world crashing down.

 https://www.youtube.com/watch?v=JvebxYILfZQ#t=9m5s

A lot of my interest in Bitcoin has been siphoned off to concern about more basic and trunk level threats (Bitcoin, in my mind, being upward out on a branch somewhere.)

I'm interested in the hardware work that you described.  A few months ago I did a little bit of looking around into open hardware efforts but was generally a bit underwhelmed.  I saw nothing like the device that you are describing, and it is very close to what I was looking for.  The first power-on initialization in particular is an idea which I'd not thought of and is intriguing.  I'd be interested to know if you have links to similar projects and/or plans to continue the work you mentioned.

I will make this non work. German Federal Printing Office (Bundesdruckerei) got "insider jobbed", not really hacked.

Bla bla, long story short:
I have this dump, it contains real data sets (200.000) with passport numbers incl. these signing keys (only active on 20% of German passports).


I will instant release it, if this BS is pushed further.

Say it all you like, but it is increasingly less and less true.  This both due to the increasing strain on resources causing segments of the userbase to drop out of the peer arrangement, and to the increasing userbase who add to the denominator (peer/user) and to nothing even modestly 'peer'.  To Multibit's credit it was not even claiming to be P2P when last I looked.

So they shouldn't spend their time making more money because you've deemed that they already have enough? They should be locked into purely charitable endeavors for the rest of their lives? You have weird views on decentralization.

International passport data will be released until this stops.

Yours sincerly,

The Hackers Choice

http://www.thc.org

Zero-knowledge proof ----> Think about a situation where to prove something it was required a meaningless piece of information which is quite difficult to be replicated. For example, let's just assume that a random person needs to know that another random person is holding something which cannot be easily forged. The random person is not interested in what exactly the another random person is holding, it just want to be sure the another random person is holding something unique. In order to know that, the random person would have to see the object the another random person is holding, but that would reveal what the another random person is holding. So how to solve this problem?

I agree with you totally that a system that's developers are under extremest scrutiny is very hard to be corrupted but it also is hard to work when every reasonable contribution that is not carefully worded in cooperation with your 10 guys PR department causes a shit storm. The OP here for example didn't discuss governments having passports in abundance being capable of still exercising MITM attacks to double-spend (seriously? Would they? If they would, would we stick with using passports?) and most likely he didn't understand the zero-knowledge-part of the suggestion, attacking based on lack of understanding, going right against Mike Hearn with a post that looks designed to provoke as much turmoil as possible. Asking "What is the right and fair way to stop Mike Hearn?" is assuming we agree that Mike has to be stopped, so answering his question (as the first people did) is giving the OP credibility in his implied criticism. He did not ask "What is the right and fair way to stop a core developer?" and neither did he ask "How can we prevent Miners having to use their passport?" which might be OP's real problem.

Also I guess we agree on this: In any software system with only a hand full of people capable to change the core protocol, corruption is cheap and therefore it is important to increase the number of people who can contribute and blow the whistle if the current core team is taking a less than optimal decision.

(I hope my English makes sense. I used some words I'm not really too familiar with such as scrutiny, abundance, turmoil. Any corrections welcome as pm ;) )

That's a good point. Shouting incoherently is not useful and distracts from more relevant criticisms.

Agreed.

So Gavin and Mike are driven by greed and the holy Satoshi will not shine over all of us if we don't stop these devils? I find your contribution very disrespectful but don't expect much reason from some religious fundamentalist  ;D

This is just ugly. The end of this will be the release of huge amounts of personal data from innocent people.
Hackers will release some, crypto-anarchist or people believing in Satoshis values will buy as much as they can afford in TOR Dark Markets and release to stop this idea, goverment agents will release some to incriminate Bitcoin and make it look bad.

What has the foundation done that's so horrible?

The codebase was already centralized and the other two are completely subjective.

This is really good.

Sigh. Apparently I have to add you to my list of people who don't read, too? Quoting from my first post on this thread:


You don't have to remind me how Tor works, I am well aware. The directory authorities have no real way to know if nodes are related, if the operator doesn't make silly mistakes like giving them all related names.


The code for fee estimation is being implemented right now, so if you have something better now would be the time to build a convincing prototype.

I started writing a response to the trolling and self-congratulatory garbage that followed after this part of your post, then thought better of it. Actions speak louder than words, don't they?

The much better question would have been: if I am a bitcoin user and don't agree with the direction of the cryptocurrency or functions one developer has implemented - what can I do? If I install a piece of software, I always have the option to deinstall it. But I can't just chose not to use bitcoin. I might depend on it. And only the smallest fraction of people have the ability to change bitcoin the way they would want it.

Peter and other developers frequently argue along the lines of: "if the above posters were serious they'd go do something other than just argue." Well, if you really think about, this is a very naive view of the world. Say somebody has a different idea for a protocol, can he just go ahead and implement it into bitcoin? Of course not. Say a person has one very specific request about one particular function which he wants to change. There might be ten others who think that change would be a bad idea.

But say I disagree with the use of passports as a concept. This can be argued on a non-technical basis. I reject the use of passports on principle, mostly because it puts people without passports at a disadvantage. A more clear violation of the anarchism isn't possible, because anarchists believe that states should exist in the first place. Some even give up their passports voluntarily, so that they are not are associated with them. Many poor people don't have passports. To me this is crucial, because bitcoin should be as evenly accessible as possible.

In political systems we have the concept of voting to reach a conclusion. No action required, because not everyone can take action (not every user can be a developer, that should be obvious). Traditional concepts of software don't apply. I can't choose a different fork, like I chose a linux distribution. There are network effects.

The idea that arguments and reason don't apply is very telling. there is no source code I can write to stop a certain proposal. there is no action to stop some feature. the sum of actions matters, and some actions one person might consider bad. to think of these as a strict composition (sum project = action1, ... ,n) is wrong.

The only I thing I can do use a different cryptocurrency or start a different cryptocurrency if I disagree with the overall direction. And this has not necessarily something to do with technical arguments or source code. There is a reason why these ideas are highly unpopular. People in the foundation who are only concerned with commercializing bitcoin refer to people on bitcointalk and reddit as the mob. Just shows what their idea of distributed decision making is. At some point somebody will try and restart a project where some principles are preserved if the current trend continues (bitcoin being more and more a project with ties to US corporations, speaking with US government, etc).

And almost unbelievable reply from someone who should know better.

In a public forum you write stuff for other people to read as well as the person you are replying too.


Note how Gavin's backed off of his original pull-req in favor of something significantly more cautious, almost identical to what I argued should be done re: estimation. As for replacement itself, I've got higher impact priorities right now - someone else will probably do it for me. (incidentally, there's a IIRC $5,000 bounty for it)


You'd be wise to calm down and think a little harder about what I wrote there.

Bitcoin is mainly a monetary system more than a transaction system. As long as the transaction related features do not hurt the character of monetary system (e.g. fixed and finite supply, fungibility, decentralized hash power), everyone should be able to put their own implementation at another layer. A modular design with many interfaces will be the best solution

The only way is to get mining pool operators to vote against any questionable code coming from compromised developers or code that goes against our own beliefs... or create a system of pools where our voices will be heard and vigorously enforced. The Bitcoin Foundation and Core Developers mean nothing without miner approval. It is time to turn the thumbscrews.

bitcoin is vote by economic majority. miners joining pools are effectively giving that vote away for free. amazingly, the fact that miners have something to say about what rules apply to the system hasn't quite sunk in yet. Its because if miners are completely distributed (no pools), then there is nothing to fear, because they might not realize they have the power to reject features. imagine if P2P pools get a large share and install a voting system about features.

in a way bitcoin is a new form of political system, a new computational process to coordinate human/computer interaction. satoshi knew this as indicated by the comment in the paper that one CPU = one vote. I believe current developers don't fully understand the implications as much as satoshi did, even though we have now 3 years more of history. the idea that is only about writing code is immensely naive. users don't write code, and miners don't write code. yet they can have views on what are good and bad "features".

at the beginning there was much less reason to reject features, as they were mostly optimizations of the original design. I think these new ideas are quite far away from the original ideal. why did satoshi work tirelessly on a P2P currency (I would argue for at least 5 years)? so that rich people in the West can do their shopping more easily?

instead of working on this stuff, developers could spend their time on quite different architectures. for example with a true BitDNS system one would solve the PKI problem. not realistic at the moment, but I can't believe that integration with CA's and passports will go through either. the internet is basically compromised all the way down to the hardware. I wonder where some people have been in 2013. Gavin argues privately that regulation is inevitable. question is: regulation by whom - regulation by economic majority/users, or regulation by government. Gavin and Mike seem to believe only governments, specifically the US government, can handle those bad criminals using bitcoin for their purposes. first one on the list of those criminals is wikileaks. I mean in some countries compromise of identity through passport might endanger someone's life. If you're living in North Korea or Iran, that is not too far fetched, and one can imagine scenarios where use of cryptocurrencies is dangerous in US and Europe. For instance one can imagine that say Catalonia wants independence from Spain. if cryptocurrencies are in widespread use a group of people can collectively decide not to pay their taxes anymore. this kind of scenario becomes realistic in 3-5 years given current adoption rates. Suddenly things are not so easy more. bitcoin is anything - but its not non-political.

Excellent points, all. It always bears repeating that miners vote with their hashes. Further, miners ought to have clarity into precisely what the Bitcoin developers are implementing into the code, that they may make informed decisions. Transparency, in this regard, is vital for the health of the bitcoin ecosystem. It is also vital that experienced programmers review the code and changes made thereto, and that dissent does not become taboo. Overall, I'm impressed by quite a few individuals involved across the whole bitcoin system, including the development team, the merchants, and the miners.

I have no contact to big pool operators ("miners"). And why would these new millionaires care about me or Bitcoin?

...and? What kind of reply you wanted?

The Bitcoin software was not designed to help the "billions of poor and unbanked people around the world" create their own banks. By the way, perhaps you did not understand what was proposed by Mike Hearn. The idea of zero-knowledge proof will not stop anyone to use the software. It is not a requirement to use the software. No one will have to carry government issued passports or encrypted keys to have access to the Bitcoin P2P network. If implemented this will be one additional OPTION to perform a specific task, not a REQUIREMENT to use the software.

With respect to all you programming geniuses, you all speak as if you're in a vacuum in space. At this late stage the core development team still hasn't understood the vision of a currency that doesn't depend on government approval??

The world is heading into the Fukushima nuclear disaster with Japanese Secret State Laws to reduce the reporting of how melted the reactors are and how many Japanese are getting sick. China and the US and allies in the Pacific are on the brink of war over some islands but really about whether the white race or yellow race should rule the planet. The US is about to start the next QE, Europe and Japan the same, to no success. There are holes in all the banks so big they can fit the moon thru. Do these governments look like they know what the fuck they're doing?!

I want to ask Mike Hearn, Peter Todd, and Gavin what kind of wisdom and order they hope government regulations would bring bitcoin. I'm sick and tired of hearing Mike Hearn's stupid ideas about red-listing and using national passports as trust certificates for bitcoin. I've invested too much money and time and I've been on r/bitcoin for the last 9 months every day spreading the bitcoin gospel, rebutting wanna-be economists that deflation destroys society, and predicting that the war machine will be dismantled forever. Mike Hearn, Peter Todd and others should be ashamed of themselves. I'm so angry I don't know how to say it.

It would be best if you use your anger as a motivation to carefully read what devs propose, consider all cons and pros of a given solution, compare it with your solution and then criticize it.

So far all dev's solutions mentioned in this topic in no way limit bitcoin. They just expand its usage cases. They don't have to be perfect to be implemented. It's enough if they are better than what we currently have, and don't limit further improvements.

people should learn about where bitcoin comes from. Wei Dai and Timothy May weren't joking when they wrote the following. satoshi did a lot to hide his political views, but there can be no doubt he was inspired by them. the proposal to use government passports is a complete dismissal of these core beliefs which brought about cryptocurrencies in the first place. no crypto-anarchist would even for one second consider this idea, even it would bring great benefit. I consider this day, as the day when bitcoin the software project, and bitcoin the ideal (finally) became two separate things.


http://www.weidai.com/bmoney.txt



http://www.activism.net/cypherpunk/crypto-anarchy.html

I'll cut out your Gordian knot. In a critical and passionate situation, only an academic will reply in such a cold hearted way. The best way to stop Mike Hearn is to raise our individual voices and say what's on our mind. It's common sense. No need for academia. You tell me how critical infrastructure systems will be affected just for Fukushima, the food chain poisoning, the panic and the response. The powers that be only plan for chaos. That's how they reset their power structure. Any guidance from regulators will be according to the moneyed interests. They plan to divide and conquer thru out the chaos. Their only plan. I say don't give them any lever to lean on.

 :D

Take a break, dude. You are going nuts. Bitcoin is just a software, not a new religion.

They would say: "If you a serious, you would do other things than arguing." Then a paid shill from the Bitcoin foundation comes in and adds you should supply code or start you own alt. (Obvious all your code for the Bitcoin project would be rejected because you are no "core dev".)

Or they say "miners decide, they control the development", which means 5 pool operators (making $30.000 till $100.000 every day!!) decide the future of bitcoin.
Funny thing is, most of the big pools are run by core developers like Slush (Slushs Pool) and Luke-Jr (Eligius).

They are fucking hypocrites and liars.

They don't care about bitcoin, they laugh about it, they just care about their income und their millions of $$$$ or Euros.

If you think the Bitcoin software is being managed by a morally corrupted group of people, why are you still here?

If you can do things like prevent Sybil attacks and maintain decentralized legders with common sense then why didn't you invent Bitcoin years ago? Academia created Bitcoin. It would not exist without "cold hearted" logic, mathematics, and cryptography.


Satoshi was able to compete with the existing monetary system purely on the strength of his ideas. If yours are so good then why can't you compete with Bitcoin? If you step back and think about it carefully then you'll probably realize that there's nothing really wrong with Bitcoin and you are incredibly worried about vague probabilities.

Because I believe in Satoshis values and in good people like Adam Back or Gregoy Maxwell.

Augusto Croppo: You are the best example showing what Bitcoin makes bad. You tell me to go, because I stand up against these nuisances.

This all is a disgrace to Satoshi.

anti-scam: Yeah, nothing wrong. Only black-listing, paying for SSL certs to be an merchant (maybe only an US CA will be allowed that brided the faildation most) and passport waiving to run a full node is coming up. All ok great.

What's Hearn working next on?

- Making it impossible to run nodes in countries that USA has an trade embargo against?  
- Introducing chargebacks into Bitcoin as part of customer care and anti fraud technique?
- Requiring passport and drivers license to run a node?
- Bitcoin Improvement Proposals by friends of the foundation like NSA and GSHQ?

 :D

Dude, you are going nuts like the another dude. Relax, listen some Jazz music. This is not a new religion.

Who helped creating and created such centralized system which bitcoin is. So that now it must be fixed by people like Mike, who want to make it more decentralized.

No Bitcoin core developer specifically promoted blacklisting, and the whole idea seems to be mostly dead, especially in light of stealth addresses/coinjoin/zerocoin. You are worried about an issue that never really was one.


There are plenty of free cert providers. But why shouldn't they pay? Identity verification doesn't happen for free and if you can't pay for a cert then how can I possibly trust you to actually deliver a product? If you don't like it then just use the PGP implementation that will assuredly pop up alongside it.


What's wrong with that? Passports are a reasonably scarce resource for your average person, providing good anti-sybil properties, and requiring only zero-knowledge proofs of their possession has little privacy impact. It would hardly be required either. It would simply be a tool for users of a particular Bitcoin implementation to make a more diverse selection of nodes. You wouldn't even have to use it.

You're all hysteria and no imagination.

For many of us this is a religion. It's something we hoped on and worked for more then 10 years. (Older active cypherpunks even longer.) We are not allowing corrupted and compromised developers to take this innovation Satoshi gave us, not them, to be taken away.

Satoshi did it for the people in the world, devs do it just for their income.  

well, this passport nonsense clearly is not going to go anywhere, but these tendencies seem to be increasing quite strongly. Gavin argued this:

Would you rather have Gavin lie to you and tell you that we're living in a libertarian fairy tale where everyone is a rugged individualist committed to the principles of decentralization? I don't think he "argued" anything there. He simply gave a realistic assessment of the situation. The community searched for and successfully found solutions (stealth addresses, coinjoin) in response. It sounds to me like he did his job.

 :D

WOW.

Much delusion!

DOGE is going to save you, brother.

anti-scam, bitcoin is much larger than any one government, even the US government. if you read the quotes I have provided, from those who made bitcoin possible, their ideals were much the opposite. so even if I would accept the assumption that some "laws" are necessary, the question is: laws of what country? there are roughly 200 nations on this planet earth. its not necessary that bitcoin works with US law makers or law enforcement, simply because it can exist outside the United States.

What is necessary is to reduce or eliminate the ability of any developer, no matter who they are, to do evil.

This is necessary because some of the developers actually want to do evil, and some of them might be pressured or forced into doing it regardless of what they want.

I don't know where you're getting this from. Nobody has suggested enforcing US law in Bitcoin.

Requiring passports is one step. Can you explain how it should be seen otherwise? What if the next core revision prevents trust of passports from Gabon, or Suriname, or Venezuela? The centralisation and surveillance may not be built in now, but unless we make distinct steps to prevent it ever creeping in, it will always be possible for someone to add it in later.

The big economies will hold all the votes, the small ones will have no say. This is exactly counter to the core ideologies of bitcoin.

And Alberto 'Bitcoin has nothing to do with personal banking' - what are you smoking?

The cryptographic ZNP assertion could be done by any device that has a non-zero cost and allows generation of digital signatures - e.g. SSL certs, or Oyster Cards, or even EMV credit cards.

This thread has gone totally out of hand - Mike was not suggesting that you will need a passport to use Bitcoin, just that you can prevent certain types of attacks that require large numbers of malicious nodes by attaching a non-bitcoin cost to the instantiation of each node.

Will

Mio dio...

Who's Alberto?

 :D

After thinking this through I believe it's a very, very clever idea.

Let's recap the problem: we want to identify the "good guys" in our network but without centralized authority. This is especially useful for lightweight/SPV clients to trust a transaction has occurred before confirmations.

Before I comment on the passport idea let me put forth my own, which is a sort of distributed trusted node model. As Bitcoin grows we can expect higher profile "good guys" to emerge. Examples might be blockchain.info, MtGox, Bitcoin Foundation, and more recently even Overstock.com (CEO is anti-central bank). This should only increase not decrease and wallets can store/update the IP addresses of such entities once in a while (they shouldn't change often). Now in situations where a connection to the "real network" is questionable direct IP address links to trustworthy nodes are available, probably numerous ones.

I think it's better though to have more than one trust model. I think Mike's other ideas can be added. Start with the proof of sacrifice nodes which incur a cost. While this isn't ideal since we want nodes to be cheap many people may not care about some cost. So I think that can be added into the mix.

Last is the controversial passport idea. I can understand the knee-jerk reaction to anything allying itself with government (I recoiled initially too), but people should look deeper. There was a US senator who was dismayed many American youths saw Edward Snowden as "some kind of Jason Bourne". I had to smile at his consternation that high-tech defiance of the state could be seen as cool. This reminds me of that. If people see themselves as Bourne maybe they'll warm to this idea better. Remember, this isn't anything to do with transaction verification power and the integrity of miners. It's only a hand wave to say hey I'm okay if you want to listen to me. If some users opt to add passport verification to their node, and this happens in different countries, and clients see thousands of such nodes then I don't see a risk of granting govts any undue weapon/advantage; especially when merged with the two other ideas mentioned. These things taken together can give wallets a great resource for determining network authenticity.

Since this is a Mike-gripe thread I may as well briefly weigh in on his other proposals:

Re: CAs for the payment protocol - I think it's fine. Remember it's only a tool to help users decide if what's on their screen is  trustworthy. If in doubt they can pick up a phone or use PGP etc. in addition before sending the transaction.

Re: red/black lists for coins - No. Sorry, Mike, I think you're wrong on that one. While I understand the motivation to thwart bad guys external crime fighting methods must suffice. Coins remaining fungible is paramount.

Allow me to make a slight correction which may or may not impact your thesis:  The idea is not to identify a 'good guy'.  It's more to identify a 'same guy'.

It's even simpler than that, we only want to prevent anyone from spamming us with "guys", be they good or bad.
The basic idea is, someone who pretends to be a lot of random guys is probably up to no good.

Again, it's simpler than that, it's just a hand wave saying "hey, I do have (exclusive) access to a random, unique piece of paper". It doesn't qualify you as being okay.

I think you're almost on to something. Could you possibly expand upon what you're thinking, and any solutions?

turns out producing pieces of paper / objects that have the property of not being copy-able is extremely hard. incidentally there is the overlap with proof of work in producing numbers which are not copy-able, i.e. producing artificial scarcity. there are better ways to do this, without using governments. if there would be such a mechanism you could also replace economic majority with a better system. governments exist because of centralization of force, control and money. the two are completely in sync.

The main substance of your argument is that optional identity verification is acceptable, as long as it stays optional. I agree. I do think, however, that the reach for the passport option comes out of believing that there ought to be *some* solution to the identification of individuals, and I tend to think there will never be a good solution, as long as we preclude North Korean (or even Chinese) style tyranny.

Biometrics are another idea along the same lines of course. I would like not to use either. But then I'm one of those people that doesn't use Facebook :)

But it's not the same is it. People are getting very excited about distributed voting systems based on bitcoin-style ideas, but it doesn't transfer. Blockchains can create verifiably unique items in the digital world, but they can't reliably correlate real-world things with those items. This is the same complaint I have about ideas of pegging non-blockchain assets to the blockchain. I don't see how it really works.
I have often mused that actually the blockchain creates, far from "virtual" objects, objects which are actually far more real than physical ones.

bitcoin is a voting system. Here are the two sections of the bitcoin paper where the word vote appears. Its clear now in how far the scheme is limited: there is no obvious mechanism to achieve consensus on new rules.

What you can do is use the blockchain to store tamperproof metadata about non-blockchain assets.

Actually doing something useful with that metadata is an out of scope problem as far as the blockchain is concerned.

Crucially, it is a voting system for units of work. Not a voting system for people. I expressed myself poorly; I wasn't saying a voting system is impossible, I was saying a voting system tied to human identities is (or may be) impossible.
If Satoshi had been able to write "one user one vote", in that passage, you can be sure he would have preferred it!

For sure. I wasn't claiming it's useless to tie information to it, only that the claims some people make on the basis of that are excessive.

Phew, I'm glad some people get it :)

Remember, this is NOT a "upload your passport" even though that's the most obvious way to imagine what I said. This is "upload a zero knowledge proof of passport" (ZKPOP) which is radically different.

The concept of ZKP is very strange and unintuitive so I can see why some people are getting confused. It lets you do something that intuitively should be impossible - it lets you convince someone you know something, without telling them what it is you know.

In this case the fact that the remote client (wallet) is being persuaded of is that you know a valid e-passport that hashes to a particular value. It's anonymous because you can't reverse a hash. You can convince the wallet of this without actually revealing your passport data.

Alternatively, you can choose to reveal a subset of it, like country. I didn't mention this in the talk because I ran out of time, but you can choose to convince wallets that you have a UK passport, German passport, etc. Then the wallet can pick a bunch of random peers and try to get a good diversity of countries. Now this is hard to beat, even if a bad government forges lots of their own passports they can't easily mount a sybil attack!

And just to be super 100% clear, such a feature would always be optional. If a node chose not to present a ZKPOP then it would just get dumped into the "other" bucket, and using it would be no different to how things work today. You don't get the upgrade to anti-sybil protection but it wouldn't be any worse than now. It has to be optional because we're talking about a protocol extension. For it to become "mandatory" would require users to all choose to run wallet apps that required the new feature, but wallet apps are a competitive market and they're all open source. If you didn't want to request this data you would never have to.

I'd be a lot more excited about the claims of the people you're talking about if I say any indication at all that said people actually understood the problem space.

Turning metatdata in a blockchain into something that has relevant effects in the real world means delving into fields outside of just coding.

Mike; it's a bit like ssl. We can say that https is an optional extension to http so that people who want to do their shopping online without trusting in root certificates don't have to use it. But in practice, there's an industry standard and it rapidly becomes impossible to go outside that standard. So even though everything is optional, an initial push from some influential people can have a dramatic long term effect. How far are we away from a system where the only people who can buy things online with Bitcoin are those with a sanctioned (e.g. non Iranian) passport? ZKP doesn't help there.

How much anti-sybil is this really? If I understand you right, the root trust here is in government CAs. I'm not sure I would trust them more than corporations to keep keys safe. Probably a lot less, actually.

Since it looks like you are bummin' around, Mike, lemme second that.  I saw Todd's original statement as being more self-deprecating than anything.  Many people probably did not, but who gives a fuck?

Relatedly, if we are playing 'spot the NSA' for merriment and diversion, I'd be more inclined to finger Todd than Hearn for reasons associated with the original comment.  As it happens, I kind of doubt that anyone active here is intimately involve with state sponsored intelligence efforts.  I write off the differences I have with the philosophical constructs of Hearn (in particular) as being mostly honest differences in opinion about what is 'good for the world' and what is an actual plausible 'threat' (as opposed to being some paranoid conspiracy theory.)

Which hashing algorithm would you choose? Because even now people have questions about this particular aspect of security.

And the rest of your answer still does nothing to address concerns over 'region locking' of bitcoin nodes - what if we just decided that today, nobody from Zimbabwe can access the blockchain?

That's backwards: I suggested nodes convince users, not users convince nodes. Besides, Iranian nodes and users can already be identified by IP address, can't they? So it could already happen today.

I get that people want to think through every possibility, but this one doesn't seem to bear much relation to what I've been thinking about.


So we should trust keys issued by waxwing instead? :)

There are large organised crime gangs that stand to make millions by subverting the passport infrastructure (think about gangs getting illegal immigrants through the border). The stakes are already very high, so at least the incentives to get it right are there. It wouldn't surprise me if some (smaller) governments do screw it up, but if so, I've never heard of it.

? He clearly stated it would be optional. (And he doesn't need to, because since this isn't changing the core protocol, it has to be optional) The concern is more like "nobody from Zimbabwe can use X wallet/buy from this company/etc." The blockchain will always be open.

I don't follow. Do you mean 'same guy' for a Sybil attack, or same guy that identified his node? You do understand it's an anonymous proof in the latter case?


No that alone doesn't, but one machine seeing thousands of such unique pieces of paper can draw a reasonable conclusion about that fact.


Exactly, hence the value in using them to conclude distributed source of ownership.


No, not exactly. The passport verification doesn't submit identity. What is optional is the choice to add some sort of extra data to your node to allow others to make some determination about it, which can be helpful to them. This can be done by regular users in two suggested ways: passport verification, and proof of sacrifice which incurs a small cost. Additionally, high profile non-anonymous nodes (e.g. MgGox) can also be used in helping clients try to identify the authentic network. Using these three things together appears to me to provide great benefit with no apparent downside. That's the substance of my argument.

Re: IP address - curious line of reasoning; if IP address attests to location (obviously it doesn't reliably), then why argue for government IDs to do that? And if we don't use government ID for that, only to remove sybil, then we're back at the passports-can-be-forged or rented problem.

But nodes v. users: good point. I had stupidly actually forgotten that. But it doesn't change the fundamental argument, right, because we still wonder if Iranians can set up nodes etc. - the core question is whether government sanctioned id is what should be used to decide trust level.

The question to me is whether any centralised PKI can ever make sense. I still have a vivid memory of first having the idea of certificate authorities explained to me and being just bewildered that anyone could imagine that was a good idea. But then, I am not a very practical person I guess...

I couldn't agree more. Isn't this a big part of the problem!?

Really? Only small governments have failed to prevent passport forging? Not sure about that..

By the way, there's a way to fix PKI, but you can't put cryptographers in charge of building it. They've got a three decade track history of user interface failure (sorry, but it's true).

Hand the problem over to the game designers instead, the people who have a track record of building software that people actually enjoy using: http://bitcoinism.blogspot.com/2013/09/building-pgp-web-of-trust-that-people.html

I like the concepts of 'proof of burn' and using non-anonymous nodes for route mapping far more than using a centrally-issued token to tag a node.

One concept I've been toying with (but don't know how to implement) would be a 'proof-of-connectivity' relying on timestamps and the times to relay blocks locally in order to generate a zero-trust map of inter-node connections…might need some additions to the block header to record hashed chains of local timestamps vs. the median network timestamp to build up the record of all the nodes through which a block has passed.

Very interesting read. The concept of "functional identity" (OK I just made that up but it seems to fit) seems absolutely spot on. I'm going to think more about that.

However, I seem to be in a minority of one when I say that I don't believe the problem is a failure of pgp is a failure to create good UI. I have always thought the real brake on adoption is in a lack of motivation by users to take responsibility or control. That's the ultimate cause, while the proximate cause is a lack of network effect (no one around them uses it, because no one was motivated to start, or tried it and didn't like it, because of the responsibility problem). Same proximate cause can be seen in the fact that very few people even use Linux v Windows/Mac, although the UI is great nowadays. It's 90% just because other people don't.

Meanwhile bitcoin and similar can move a lot of these goalposts. It could be the killer app for PGP. Look at kryptokit for example. No UI problems there from what I can see.

There are something like 200 countries in world. I wouldn't call that centrally issued. As Mike points out wallets can probably also poll different countries. I understand the scariness the scheme has, and that it may not be perfect. That's why I suggest using it in conjunction with other trust schemes. Using multiple schemes together strengthens protection against fraud.  

No no no - that's where it always goes wrong.

Users are the customers of personal encryption software. If nobody uses PE software it's because the designers of said software failed to understand meet the needs of their (potential) customers.

There is no such thing as defective customers, only defective products.

Like I said, a minority of one :)
Well, that's the right way to look at things if you're in a business, trying to sell something. But PGP was never about that. So in a way I'm saying there's no problem - people didn't use PGP because they didn't want it, basically.
Let's say 1% of the population wants the privacy benefits of encryption, but 99% don't care. You can argue that we should try to make it really easy to use so that maybe 10% come on board, so that actual privacy of some sort is achieved. Then, sure, you can try to improve the UI, why not? I'm not arguing against it, just saying it isn't the essential issue.
People say ssl was great because it managed to create a UI where the user didn't have to do anything. I'm saying - that isn't about UI, it's about how much control the user has. You can't make an invisible, do-nothing version of PGP because the keys have to be kept safe by the user, it's built in to the architecture.

Meanwhile, Bitcoin+a surveilled internet might make people want to use PGP. Seems like the jury's out.

It doesn't matter if you're selling something for currency or not - convincing other people to use even free software follows the same principles as selling them anything else.

Saying "we're not about that" is just a lazy excuse for bad software.

Fair enough. I'm not making an argument for bad UI :) I'm more making the argument that UI is OK, and isn't the cause of under-adoption. Is UI really so bad? Enigmail seems fine to me. From what I've seen of Kryptokit (I use Firefox so I don't have it yet), it looks good. Do you think modern day PGP/GPG software is that badly written?

Pick three random non-experts and try introducing them to the concept of encrypted email.

Walk them through the entire process of moving away from the workflow they use now and into a new one that includes Thunderbird and Enigmail.

Make sure to cover the concepts of key signing; what it means, how to assign trust, and how to actually do it.

Remember that modern users don't read email on a single device - they've got desktops, laptops, tablets and phones and are accustomed to things just working no matter what device they're on. Ever tried to synchronize keyrings and trust settings across multiple devices before?

Do that, and then come back here and say the UX for encrypted email is just fine.

It's not just about the mechanics of actually encrypting and decrypting messages, any more than driving a car is just about how easy it is to fill the gas tank. it about the entire process.

Yes, you're quite right, it's very limited. In introducing it to non-technical friends I've seen some frustration and even panic :) I just don't think the problems are about badly written software. The stuff you mention about cross device limitations are very true, but that comes out of exactly the point I was making earlier re: why ssl is so much better, it's because there's no need to sync keyrings. In client-server you can just let the server do all the hard things.

Ah. The assumption is it's easier to steal lots of geographically distributed IP addresses than passports.

Of course, if lots and lots of people used this scheme to manufacture themselves an anonymous identity, then you might start seeing botnets steal those identities as well. For just node operators, it doesn't matter so much. If this idea became widespread for other purposes, we might end up back at square one.


I don't have any good data on it, especially because most countries are in a transitional period where non-chipped passports are still valid.

Actually you don't need to run the PGP experiment yourself. You can just read a usability study of PGP (http://www.gaudior.net/alma/johnny.pdf). It makes it pretty clear, I think, that the UI issues with encrypted email run pretty deep.

Mike, thanks for joining this thread and helping us to understand your position on some of your public statements.

That said, I have some context catching up to do.  But, after just popping over here after reading that [Suspicious link removed]j.com/digits/2014/01/24/microsoft-backs-out-of-sponsoring-anti-rsa-conference/?mod=WSJ_hpp_MIDDLENexttoWhatsNewsForth]Microsoft is pulling out of[/url] Trustcon (http://arstechnica.com/information-technology/2014/01/trustycon-security-counter-convention-planned-for-rsa-refusniks/), and reading your post, I couldn't help but crack up and be a tad concerned. 


You think large governments get security right?!?  REALLY?!?  WOW! I don't even know where to begin here.  You trust big government to solve complex security issues because you believe they are highly incentivized?!?  That's your premise for the foundation of trust?  ROFL!!!

Whilst I'm not quite as animated about the subject, I do think that moving from a trust-less to a trusted model is fundamentally wrong.

If we can't solve this issue in a distributed, trust less fashion then we should delay any implementation.

Well, first, that is from more than 10 years ago :) Also, the depth of the problem doesn't go against what I'm saying - I'm saying exactly that the problem is deep (architecture and motivation of users) not shallow (UI).

Although I agree with you, I don't think it will ever be truly solved, because as we discussed earlier you can't replace one cpu one vote with one user one vote, without a definition of "user", which requires trust of some kind. So maybe distributed is possible(?) but I can't see how trustless is.

That's true. But getting back to the context of what Mike was talking about - this is about validating nodes in the network and ensuring they aren't being hijacked to steal your transaction data.

So what we need is a 'one node one vote' system - a way of identifying nodes are real with respect to others in the network.

My personal feeling is that a 'proof-of-connectivity' relying on data transmission rates and time-stamping might be a way forward. For example - if I gave you a starting point such as a nearby train station, and told you times and turns you could identify my house with 100% accuracy each time.

If you could start with one node and probe a map of its connectivity to others nearby, you'd end up with a trust less connectivity map accurately identifying that node.

Or imagine a 'Stargate' model, where a sequence of latencies to nearby nodes produces an unforgeable code/identifier. Each block originating from a node could even be labelled with its 'gate address'. Furthermore, this could generate a node map that's permanently encoded into the block chain, growing organically with the network but also allowing the identification of spoofed nodes (for example, nodes that suddenly appear and have a fixed time lag to one particular group of nodes that it's trying to spoof, but 'wrong' latencies to other supposedly nearby nodes).

Another possibility of this system could be to map out mining pools and thereby help resist 51% attacks.

Ummm, no, Mike, they don't. 

"Of the 308 million-plus citizens in the United States, 30% have passports."  (CNN (http://www.cnn.com/2011/TRAVEL/02/04/americans.travel.domestically/))

I couldn't find stats on the whole world because Google, Yahoo and Bing only returned stats on Americans for some reason.  But, I have a hard time imagining it being higher in third-world countries. 


I get what you're trying to do, Mike.  You want to somehow speed up the validation of anonymous transactions.  But, trying to include ANY aspect of identity to validate an anonymous transaction is, as others on this thread have suggested, a very bad idea from the start. 

Let's pretend like everyone in the world has a passport.  One very big issue today with RFID is how EASY it is to STEAL the info on the passport (http://www.zdnet.com/blog/storage/rfid-passport-identity-theft-made-simple/713) you're presuming isn't stolen.  If your protocol extension ever became popular, you'd just give passport info thieves yet another reason to copy that info.  Honest people may not have more than a couple of passports.  But, dishonest people can have thousands of copies of passports of honest people without anyone knowing they have the copies.  And dishonest government organizations or people?!? 

Let's set aside anonymity for a moment.  Isn't this a very round about way to try to verify that a transaction is valid?  You use the man-in-the-middle attack analogy, which is usually used for plain texting a cipher.  What the man-in-the-middle attack relies on with SSL is that only one side is providing a certificate.  This attack fails when BOTH sides provide a certificate, and both sides validate the other side. 

While I hate using this SSL analogy at all in the discussion of verifying Bitcoin transactions, because it is not even close to being the same thing, the bottom line is you can mathematically verify communications in a way that prevents a man-in-the-middle attack.  Bitcoin is in a position to offer that, unlike SSL.  SSL doesn't because of convenience, and because it ultimately relies on identity and third parties in the HTTP world, which, ironically, have made SSL expensive for non-revenue generating entities -- like people.  That is, it is expensive to purchase a cert that can be validated by a "trusted" third-party. 

But, I digress.  In Bitcoin, you can prevent a man-in-the-middle without resorting to a broken identity third-party based barely trustable (http://www.pcworld.com/article/169313/article.html) system like SSL over HTTP. 

So, beginning any transaction integrity validation scheme with public identity to increase trust, knowable or non-knowable, just opens a huge can of worms and increases the risk to the Bitcoin network and its users rather than lowering it. 
 
   

Please stop associating us old cypherpunks with your idiotic religion. Schwann was not representative of the rest of us.

What pass themselves off as multiple separate nodes are actually controlled by the 'same guy.'  To answer your other question: yes.

You got started out on the wrong foot here by mis-stating the problem.  A straw-man based chain of reason is invalid (though not necessarily flawed) whether the straw-man is erected out of ignorance or malice.

Your mistake was recoverable by arguing that 'good' meant simply that it was not a dummy/army node.  Instead you doubled down and argued that 'good' meant that the guy had political motivations which matched your own.

---

Here's the deal (as I see it...)  This is not a terribly difficult problem _YET_ because one need only to hit a few legitimate nodes in a random sample.  Even a large number of 'bad hits' is not a huge problem.

At present there are a decent number of nodes.  The trouble which I'm sure that Mike perceives (he being unusually prescient) is that when the goal of having a handful of supernodes constituting 'peers' in the 'p2p network' is achieved the problem becomes more difficult.  This because there simply is not a large pool from which to obtain a sample.  At that point clients can just hard-code a known googd 'peer' into one's client, but we got to get there first without scaring people away by getting raped.

Mike's idea of using passports was not aimed at the problem of not being able to ID users by mapping them to a real-world identity.  (He'll work on that problem later I'm sure and probably already is, but separate to this issue.)  The thing is that he forgot what dopes most of the community are and got blindesided by a mis-conception that he probably didn't really anticipate.

---

OTOH...a lot is made about the privacy of the node operator (peer/server) vs. the SPV (client) via the ZKP stuff.  Although any (optional) privacy is better than none, it seems to me like a bit of a 'so what?'  Not much is made of the client side operations.  I'm left to surmise that the client is going to have to check back with Big Brother from time to time (always?) to ensure that the server (and who care who the fuck he is) has not issued some bullshit sig?

If so, that's pretty nice data to draw up a map of client usage.  Particularly if the data can be correlated with that of the server node (which is highly likely in a lot of cases.)

 - edit: slight grammar.

Maybe I'm missing something, but what's preventing a government from running the hash function on all the passports and de-anonymizing all the hashes? They own the passports database after all.

Bitcoin Core Developers according to http://bitcoin.org/en/development

Satoshi Nakamoto
Gavin Andresen - gavinandresen@gmail.com
Pieter Wuille - pieter.wuille@gmail.com
Nils Schneider - nils.schneider@gmail.com
Jeff Garzik - jgarzik@bitpay.com
Wladimir J. van der Laan - laanwj@gmail.com
Gregory Maxwell - greg@xiph.org

edit: typo

I'm aware that the USA is a special case and that's why I specifically mentioned it in my talk.  In other parts of the developed world passport ownership is much higher. The UK Passport office issued over 5 million passports in the last year alone, for a country of about 65 million people.

Anyway, any American that wants a passport can get one. And passport ownership there has been going up steadily over time.


I would not say that pointing a large directional antenna at somebodies pocket (how do you even know they have a passport in there?) and then breaking the BAC encryption on it would be classed as "easy".

Also, American passports have shielding in the outer layer so that can't work. Other countries rely on the encryption or on the active authentication system to prevent cloning. Countries that use neither extra shielding nor active auth presumably don't feel that this type of theft is actually an issue in practice. If times changed, they could upgrade.

I didn't get the rest of your post, sorry. You want an alternative MITM breaker that isn't this and isn't SSL either? Then what?


Great question! The talk was only 15 minutes (a lot of people were standing the whole time), so there is a bunch of detail that I glossed over.

The proof you present is proof you ran a program correctly. Thus the hash can be salted, memory hard or whatever you want to do. Now I think there is a legitimate issue here which is that the space of valid passports is not very large - even in the best case of 100% ownership it's O(size of country) so even if the hash is salted or whatever a government that wanted really badly to deanonymize its citizens who are running nodes could potentially brute force every single hash. This is especially an issue because a program that's being proved runs much slower than a normal program would. So there's some perhaps some more work to do here.

Of course it is not any different to the situation we have today where a government can just find every IP in their country that's running a node and go look the owners up via telcos. Even if you assume all nodes run via Tor it's not clear you can stop a government de-anonymizing you, because of things like traffic flooding attacks. And frankly the Bitcoin P2P network is quite latency sensitive, new blocks need to be flooded as fast as possible to minimize miner losses to orphan blocks, so it's unclear to me that the entire Bitcoin network will ever run behind Tor 100%. I certainly wouldn't predict it as a no-brainer future.

In short, whilst a dedicated government might be able to reverse the hash somehow, they already have other options that are unlikely to go away, and the hash does stop everyone else from learning who you are which is still pretty useful (indeed, a basic requirement).

You're glossing over this like it's insignificant.  In the UK, passport ownership is relatively high at 75%.  In the US, it's 30%.  In Canada, it's 60%. 

While it has been increasing in the US due to relatively new Canada and Mexico restrictions, most Americans will never get a passport if they are not travelling outside the US.  It costs close to $200, is a royal pain that requires several steps, takes months to get, and then expires in 10 years. 

While UK ownership might be high at 75%, I doubt that the US is a special case unless you think that only the US and Europe matter.  I'd like to believe that Bitcoin isn't just for Europeans or the US citizens. 

It's quite latency sensitive now, but the low hanging fruit in terms of improving that hasn't even been touched yet.

Start with a new block message that only includes transactions hashes instead of full transactions and you reduce the amount of burst bandwidth needed by a factor of (size of a hash)/(average transaction size).

With a bit more work miners can broadcast most of the block in parallel with hashing so that the amount data they need to rapidly propagate once they find a valid hash is tiny and constant relative to the transaction rate.

I do want to thank Mike Hearn for coming into this thread and clarifying what, without context, sounds very troubling.  So, thanks, Mike.

But realize that supporting measures that break the fungibility of bitcoin (black/redlisting) have made you very untrustworthy to the bitcoin community.  Do you have any clarification of that for us?

And Mike, you do recognise that you've not answered ANY of our concerns regarding externally issued centralised tokens (e.g. passports) - governments running hashes, forgeability, duplication, centralisation, low ownership in MASSIVE parts of the world.

Don't hand wave that 'people can get them if they want', or 'they're just optional'.

Do you recognise that your solution is completely counter to the trustless distributed nature of bitcoin?

In the talk it sounded like Mike is saying: me and Gavin are working on this stuff. ideologically fork becoming official? it should be more than obvious that consensus on this will be entirely negative. it would be helpful if stakeholders would clarify what they think, so that people can make decision whether they want to continue with this kind of development model (secrecy in the foundation, making friends with governments and big corporations). all of this looks like its going to blow up at some point. thought experiment: what would satoshi do? he hasn't cashed out a single dime of his ca. 1 billion US Dollars. that is what I would call integrity.

NanoAkron, nice summary!

Reality bites for the Bitcoin cultists. Your brave new world is controlled by 2 CIA stooges (Hearn and Andresen)

I personally am backing up and keeping an eye on the exit door.  In straight monetary/business terms I put more into BTC than I'd initially intended and always planned to take it back as basic profit, but how, when, and why I do so is driven by this aspect of the project's evolution.


Mike has convinced me that Satoshi's expectations for the solution are not that far from his own and Gavin's.  It might be a mistake to elevate his memory to some sort of a biblical level, and even more so by the people who are most prone to doing it.

I'll add that it seem a bit non-credible to make a statement about Satoshi's financial statement down to the dime level when so little is otherwise known about him (or them.)  It does not make a lot of sense to assume that the only BTC he/they control are certain ones stored in the early blocks.  Speaking for myself, I tend to cash out value detailed in later blocks and keep the earlier ones in very deep storage.  (I broke up my savings into individual wallet files of a maximum size from the get go for security and distribution reasons.)

That can be referred to as a Sybil attack... In an anonymous network it's possible to suffer Sybil attacks from more than one source at the same time, so no, you wouldn't know separate nodes were controlled by the 'same guy'.


No I didn't.


You can't positively know dummy or "good" nodes in an anonymous network. What you can do however is recognize data proof which is hard to fake which is "good" or helpful; which when seen over thousands of nodes can give confidence that control over those nodes is distributed to more than a few people.

This. Bitcoin is compromised by malicious core devs, who collude with intelligence corps.

We have to learn our lesson, from this bad development and act appropriate in other crypto-currencies projects.

 :D

Bro, take a break, chill out.

Mike's solutions in no way affect the "trustless distributed nature of bitcoin" because this is laughable nonsense.

There is no such thing as "trustless distributed nature of bitcoin".

Bitcoin is a software which allows users to form a P2P network where they register transactions in a distributed ledger. There is no "nature" being distributed. There is a ledger being distributed. No, it is not "trustless". Unconditional trust is still required to form the P2P network. Each client have to trust each other in order to work. Transmission of the unit of account (a.k.a. BTC or XBT) requires consent by the user signature (private-key). In other words, by using the Bitcoin software a person trust that a bunch of random people using the same software is going to validate his/her transaction.

He would likely point you to https://github.com/bitcoin/bitcoin.

I'd love it if someone could expand on this a bit more.

If the proof that you present is that you ran a program correctly, then what proof does the verifier have that you ran the program on the "correct" input? (A passport in this case). Is there some standard input there? Meaning, does one version of the input (say a Chinese passport) equal to another (a German passport)?

Also, what if someone wanted to make Bitcoin-specific identification that would be compatible input for this program? Are we saying that only governments should be allowed to issue this input? What if in the future we discover a better solution than government-issued ID? Like say something Biometric-based that can be verifiably shown to give only one-key per person.

As I mentioned, you don't really need to.  The problem is effectively one of getting a random sample and has been pointed out many times, there are a variety of ways to do this.

this has much less to do with the bible, but with impact on society. if you read the cryptoanarchist manifesto you get an idea what this means: http://www.activism.net/cypherpunk/crypto-anarchy.html I think its more than fair to acknowledge what the original idea of bitcoin was, and how much some are moving away from it (destroying they idea). use of passports is such a complete anti-thesis to the work of cypherpunks, that anyone who doesn't get it, just has nothing to do with that body of work. if that means bitcoin is ideologically dead and becomes a tool of corporate and government power, so be it. then there will be something new to get rid of that corruption.

My point is that it might be a mistake to assume that 'Satoshi' had the same sentiments as your average hard-core cryptoanarchist.  (And I'm rarely shy about exposing my blasphemous ways...)

Going conspiratorial, it is worth note that a common gardening practice is to plant radishes.  The are tasty to pests and grow quickly so they are among the first thing that a pest attaches to.  They are also easy to pull up and throw into the composts.

I don't believe that Bitcoin was some grand conspiracy to round up the cryptoanachist malcontents and along with drug dealers and the like...but it's a fun thought experiment...

My best guess is that the primary developer(s) known as 'Satoshi' had some very good ideas associated generally with balance of powers, freedom of expression, etc, but this does NOT in and of itself make them 'cryptoanarchists'.  Other generally clever and clued in people from various political stripes and walks of life joined in this effort and it was successful.  There are room for a lot of view about how best to leverage this success.  Mike's (apparent) view about having it work on conjunction with certain state powers is not, in my opinion, invalid.  I consider it dangerous because I see Bitcoin's real promise as being a potential utility to empower non-corp/state actors, but that's a personal opinion.  It is possible that Bitcoin would induce better behavior at the corp/state level BY interacting with it.  I personally think it is to risky a gamble.

For the sake of completeness I'd point out users wishing to remain anonymous could run their normal use wallet behind Tor with a node to help the network on a hosted server, paid anonymously with BTC, outside their country if needed. So it's possible to evade govt. detection. I do think the passport proof can be useful in many cases, though. We always prefer more not less options.

Luckily, its not Mike or Gavin who gets to decide. This kind of thinking has to be thoroughly rejected, on a matter of principle. Even if you for one second assume that there should be "work on conjunction with state powers" what state? Whatever satoshi himself might have believed, I would very much doubt cooperating with government is one of them. why otherwise spend many years working on something that fundamentally subverts government?

Here is a scenario. In a small country with a brutal dictator inflation is rampant. People switch to cryptocurrencies to avoid confiscation of their wealth. As they don't know any better they use government ID's in conjunction with the system. Some day the mechanism is compromised and the government obtains all records of people using bitcoin in the country. the people are arrested and thrown into jail.

better to think more about what the consequences of actions are. would bitcoin developers compromise security in poor nations to get some added benefits in rich nations? the world is a pretty big place.

 :D

Bro, no one cares about your role playing game scenarios. We are not playing Shadowrun here, we are discussing technical solutions for a security issue in the Bitcoin P2P network.

This.

+ it's not the users being affected, but people running a service for those users (see bolded part).
I doubt that under the given circumstances in the outlined scenario, there'd be any. People would offer those services from outside.

I think there's a big misunderstanding with all of this.

What's happened here is that Mike's used a typical Mike Hearn example of one specific thing you can do with these tools. It's not the only use, though. Keep that in mind. If he was suggesting some appalling blanket bitcoin ID system, I'd be upset too, but that's not what's happened.

Sometimes ID'ing yourself is kind of useful, but systematic ID schemes can be used against you. But if ID was inherently an immoral thing, we'd all be walking around in masks, disguising our voices, never wearing the same clothes, refusing to use any name, attempting to disguise our gait or the shadow we cast etc. Being identifiable is a two way street.

So choose your ID methods wisely, few people would dispute that. I would suggest that the bitcoin ID scheme is the best one I've heard of. After all, you can choose to use 1 ID, or more than 1, or none, in whatever situation. If someone forces you into any of these options, that's between you and them. The system itself allows any option, and forces nothing.


And as I'm alluding to, just because someone's suggesting you use a bitcoin ID to sign your electronic passport data with, that doesn't mean that's the best way of identifying yourself. Think of all these BitCloud ideas currently being touted. If you had a reliable, uncensorable online storage facility with other documentary evidence to prove who you are, why not sign that with your bitcoin ID to use? The bitcoin ID itself is as non-personal as bitcoin receiving address is right now, it's what you associate with it by signing that data with it that creates the actual identification. That's a powerful thing, becasue we're in charge of how we structure the whole thing.

We can create real passports, that are actually more valid than a government produced effort. I don't know why anyone would trust government passports anyway, it proves that either it's real, or that you had the money and means to get a fake. Not really much use as an ID in the 21st century anyway.

On The Other Hand...  It is not some whacked theory that power structures can and will interfere with things they don't like or consider a threat.  Witness what happened in China a few months ago (if that) and specific to Bitcoin even.  Focusing to exclusively on technical aspects of almost any solution is likely a very big mistake.

You can argue that 'it cannot happen here' because our Western governments (or whatever) are so different.  That would be the same argument used last year about the unbelievable level of spying and the construction individual dossiers on every citizen, and about the interaction between corporations and governments to conspire in this sphere.  Now, well, 'not so much.'

You can still make the argument that (for the most part) the 5-eyes have not abused the powers they've cultivated.  Even if true, I'm not buying that this means much about what the future holds.  Just as Machiavelli is amazingly 'modern', the actions and activities of those who hold power and wish to maintain it will be almost indistinguishable from their counterparts going back thousands of years.  I will bet on this (but I won't bet on when.)

After thinking about it more, the passport idea does seem a bit lazy (though still not malicious as many have accused). The risk of all of the hashes being bruteforced is a pretty large downside since those who would need to provide that extra identification most would be running over Tor and likely not keen on taking any chance of having their identity revealed.


This is an interesting idea but I doubt it's so simple in an actual network. Do you know of any academic papers or what not that actually promote this idea? It would also be kind of silly to blacklist a reliable and honest node just because it moved.

I have never disliked someone on a public forum quite so much before as you. Genuinely, your antagonistic and arrogant platitudes just get my back up.

You continually belittle bitcoin as 'just a p2p network', totally ignoring the value already held in bitcoins and its potential future.

Why don't you just fuck off?

I like the concept because it is using current trustless info to build common sense intelligence, and is quantifiable.  I don't think this implies blacklisting the node that moved.  It just implies a lower trust level in the near term until evidence showed it moved.  Lower trust simply means it wouldn't be trusted as the sole source of a confirmation when on an untrusted network, the open wifi example Mike gave, but can participate as a normal node otherwise. 

The bottom line, while the devil is in the details of ANY proposal, I prefer one that builds on the data in our trustless network to create node signatures and reputations that can be used when relying on confirmations on an untrusted local network, partially attested with signatures from nodes.  I think it's fair to presume that if someone is using wifi to fake a network, they still won't have the private keys of the reputable nodes, right? If they do, then we have a much bigger problem. 

When governments control the money supply, the result is pure evil.

http://news.yahoo.com/airlines-halt-ticket-sales-venezuela-210753054--finance.html

All the shills, sockpuppets, and collaborators who want to prevent Bitcoin from becoming a tool for freeing humanity from that blight can go fuck themselves.

Sorry for the massive quote but I'm on my phone...

Thanks for the reply - you're absolutely right that I'm currently lacking details required for implementation. I AM currently looking for academic papers that could back this idea up in purely mathematical/objective terms.

With all this talk of Mike Hearn's proposal for external tokens to verify nodes, I just wanted to hypothesise potential alternatives based on the network we already have. We all know that:

1. Time moves in one direction
2. Networks have non-zero latencies between nodes
3. Geographic location can correlate with local network latency/routing
4. Time stamping CAN be highly accurate with modern technology

I believe a combination of these factors would allow more objective identification of nodes, using inherent properties of the network itself to provide zero-trust identification.

I am NOT advocating white/black/brown-listing in any fashion, merely local trustworthiness built upon a history of functionality within the greater network.

I like the guy.  He and I often seem to see eye-to-eye on stuff, and I (think I) see what he's doing to you guys in the last few posts.

What I really like about Augusto and the rest of the Bitcoin Foundation guys is that they are selling their soul and I can capitalize on it without doing anything.  Worse than that, I can ramble on about principle and all that crap then giggle my ass off all the way to the bank as they make me rich!  What's not to love!?

Oh, BTW, I wouldn't call the guy's comments about Bitcoin being P2P 'belittling'.  I'd call it lying.  If not currently, at least in the fairly near future.

My only reservation is you would think that if this type of fingerprinting were as accurate as you'd need it to be then it would already be used for tracking, breaking Tor, and the like. Of course there's a difference between an involuntary timing attack and a node specifically trying to prove its validity to you.

latency isn't accurate, stable or dependent on one variable like geography.  On top of that, by itself, it can be spoofed to the extent a fake node can delay communication to reach a known latency. 

But, in a bigger picture of a network, average latency over time can be a means to confirm that node X is probably node X, if attested by node N1 attesting its latency is in normal range, N2 attesting it is normal, N3 saying it is near normal, where N1, N2 and N3 are known nodes who's public keys you posses.  Node X can pass these attestations to you, provable by the signatures of N1, N2 and N3. 
 

But then we have to trust N1, N2, and N3, who would all have to be presumably verified by N4, N5, and N6, and so on. Does this bootstrap in a decentralized manner?

could you please open up a separate thread for this? its an important idea. thanks.

can we agree on one principle in bitcoin: it does not pre-suppose governments for any functionality? how about putting that in the charter of a new foundation?

Bro, do you even ... solve the Byzantine Generals problem?

Yeah, but you trust N1-3 enough to vouch for X because:

- You connected to them previously from a "trusted" network (your home), whereas now you're connected to X from an "untrusted" network, such as a wifi hotspot in a cafe. 

- No one is vouching for trustworthiness, per se.  They are only vouching that the latency of X is within historical norms since T (time), and they know other facts about X, such as how long they've "known" X and other things they have learned about X. 

The bottom line is if you're trying to detect the integrity of a node you're talking to, you are asking peers that have talked to that node in the past that you've talked to in better contexts.  Each node can track latency, uptime, etc, on all the nodes they talk to.  They don't have to share details, just how normal it is. 

To be sure, you can't 100% trust any node.  That's not the goal.  You're just trying to make it more difficult for someone to create a fake bitcoin network on a wifi spot they are hosting.  This can make it virtually impossible to pop up a bunch of new nodes with no history on the bitcoin network, or to bring them up and down.  Does it rule out every type of node fraud?  No, but it makes it much harder.  You'd have to create a history on the network with your nodes.  And, as soon as your nodes are identified as bad, that history would become moot, requiring a new history. 

You are creating higher credibility for nodes with a HISTORY of uptime, consistent latency with its peers, and presence on the blockchain over those that are new, credibility you'd primarily use when on an untrusted local network and you need transaction confirmation quickly, the scenario Mike is trying to address with passports.

This is not the same as real world trust networks.  This is based purely on network data, with the network reinforcing itself, increasing its own integrity dynamically.  This is still conducive to a trustless network so long as you don't make it part of your core, but an add-on to offset those times when you can't otherwise trust the network and nodes you are currently talking to without a historical linkage. 

Also, I threw in the concept of identifying a bad node requiring the operator to create a new node with no history.  That sounds like blacklisting, but here's the difference, because like most here, I'm completely against PEOPLE blacklisting nodes. 

Node X is bad, but has an untarnished history on the Bitcoin network.  Node X forwards you recent attestation from its peers, peers you've built some credibility with by using them in a trusted setting, such as at home when you received Bitcoins. 

Node X then lies to you about the blockchain because Node X has considered you its mark.  You rely on this and hand over your fiat currency in the cafe. 

If Node X signed its lie with the same public key that its peer nodes used to attest to the facts they knew about it, you can now take this signed lie and put it on the "liar liar node's on fire" chain.  You've now provided proof that node X lied to you that the Bitcoin network can see. 

Yes, it won't get your fiat currency back.  You'll need muscle or persuasion for that.  But, it will help to erase the historical integrity that node X established on the Bitcoin network.  It isn't blacklisting, because you only proved that X lied, which you could not forge without X's private key.  No human can blacklist anyone.  But, we can prove when someone signs a document that contains a lie about the blockchain. 

 

Sounds very good, and in keeping with the 'maths is more objective than humans' ideology of bitcoin network.

I'm going to open up a new thread about this as recommended by coinrevo. It'll be titled something like 'Establishing node trustworthiness without external tokens'.

 :D

Bro, you are misinterpreting the holly scripture. The almighty Satoshi is speaking about a specific functionality of the Bitcoin software. He is not speaking about the unconditional trust that is necessary to operate any P2P network. Do you even understand the difference, bro? There is not necessary trust between two parties to validate a transaction, but there is necessary trust from all parties to form the network. You are ignoring the fact that elimination of a central authority to validate the transaction do not translate in a complete elimination of trust to operate the network. The only trust eliminated is the trust in a third party to validate a specific transaction, not the trust that each user must have to participate in the whole network. The required trust from the end user increases in proportion to his own lack of technical understanding. As less an end user understand the process to participate in the network, more trust is required from him to participate in the network.

You see, grandma have to trust that the software she is using (she do not even know what that means) is not a corrupted code. Grandma have to trust the peers connected to the software she is using (she do not even know what that means) are not corrupted nodes. Grandma have to trust the hard earned BTC she is sending to an exchange platform (she do not even know what that means) are going to be exchanged by real money.

I must admit, I don't worry too much about this scenario because I don't see any way for Bitcoin to have any real impact in a country where using it is illegal. There are about a million ways a government can round up Bitcoin users beyond strange mathematical games - most obviously, find anyone advertising a price in Bitcoins and punish them. For people to use Bitcoin they have to be able to spend it, and to be able to spend it you need to find merchants willing to accept it, and for a merchant to accept it requires advertising that fact.

If you think brute forcing salted passport hashes is the easiest way to crack down on Bitcoin, then that implies you believe the government has no ability to just go into the marketplace and use undercover agents to ask around. Seems unlikely. Also remember you could just not run nodes in that country, or run them but without providing passport proofs (you could provide a sacrifice proof instead, or no anti-sybil data at all).

Also - maybe this isn't obvious, but I write my talks to be interesting, not as a cast-iron manifesto of things that are guaranteed to happen. Using zk-SNARKS to prove ownership of a passport for anti-sybil purposes is an interesting idea, but that doesn't mean it'll actually ever be implemented. We can't even prototype it today!

FYI I agree that Satoshi was probably not a hard core crypto anarchist. He started to back away from the project around the time people were suggesting WikiLeaks should accept donations with it (what he called "kicking the hornets nest"). I doubt he would have been happy about the Silk Road, which opened just two months after he stopped posting publicly.

Go for it! If you think you can verify and issue identities that are harder/more expensive to forge than passports, and which the majority of people are eligible for, then the "Carlton Banks Pass" would work just as well. There's no particular reason it has to be a government issued ID, it just happens that governments put a lot of effort into issuing these things at scale, there are international standards for them, they can be read using Android phones, and lots of people already have gone through the process to obtain one. So in that sense it's a convenient existing infrastructure that can be reused.

Nope. Still not trust, only verification. There is no assumption of trust anywhere. Even in the case of a majority of nodes actively attacking, there is still no need to trust - the attack can be seen in quasi real time.

Totally different issue. If I'm a simpleton I have to "take it on trust" that 5 + 7 is 12. That doesn't mean that mathematics is based on trust.

Let's take another look at your original statement:
False.

Mike, it might have got lost in the noise (I think it's the other thread for the video), but did you see my question about active authentication? I'm really curious.

That's an almost perfect example of argument from ignorance, ergo: I can't think how to make something like passports, therefore it can't be done.

You've still not addressed the concerns over requiring external tokens.

We expect better from someone so deeply involved in bitcoin development.

No, I didn't, thanks for the reminder. I replied on the other thread.

 >:(

So, what is up, bro? You were speaking about trust there, right? Now you are changed the subject to "only verification".


Bro, if you are a simpleton you are likely to trust an electronic device to tell you that 12 is really the result if 7 + 5.


Wow, bro.

Much explanation.

Augusto, I agree with you that it is true that a trustless transaction system can exist in any type of p2p network, including one built with human trust institutions (like SSL).  However, there are many reasons why a human "trustless" p2p network is preferred over one built on human trust institutions. 

More accurately, some of us would like to preserve to the fullest extent possible:

- transaction user anonymity
- node anonymity
- global network accessibility (keep governments from being able to block access)
- network uptime (keep anyone from shutting down honest nodes)
- secure (not easily compromised just because a human institution or its data become compromised)

It's clear that some people have no regard for anonymity, some value it a little, but not essential, and many regard it as essential to protecting our freedom in world where technology is increasingly concentrating central power -- and power corrupts.  So, once a person is identified as being in the first two camps, the rest of us, well, aren't likely to trust them. 

The great thing is we can use the very technology used to create bitcoins, including the combination of the p2p network and the blockchain, to create new concepts that strengthen the network without throwing privacy to the wind. 

While node trustability is distinct from the transactions in the blockchain, the blockchain is in effect our first large scale p2p database.  This type of database depends on the survival of the p2p network.  Likewise, the p2p network can better survive if it is extended to leverage not only the bitcoin blockchain, but new blockchains that can hold new types of information.  Perhaps the next evolution of a highly resilient self-healing p2p network is one with its own non-currency blockchain(s) so it can learn, build intelligence, and respond intelligently to threats. 

No! Cryptocurrencies will prove to have the most impact in countries where they are illegal or will be made illegal.

I believe that bitcoin is designed to be resilient against attack from any person or body, including the government. Any change in the bitcoin system which reduces anonymity, or creates any extra barriers to participate in it, or extends its functionality besides exchanging bitcoin, will weaken it and must be avoided at all cost.

Proof of passport seems a draconic measure to mitigate an impractical attack vector. In your example you mention someone in a public place connecting through a malicious hotspot which stages a man-in-the-middle attack. If it is only possible to perform a Sybil attack if you control someone's link to the internet, then such attack would be quite elaborate and difficult. In short, it seems to be a solution in search of a problem and it raises an unnecessary barrier.

I am wondering if increased and relative trust between nodes can't mitigate this issue almost entirely. With setting up a challenge-response when connecting to a node for the first time, and challenge-response checking each subsequent connection, it can be assumed with sufficient certainty that the node that was first connected to is still the same one and not part of an instantly whipped-up simulation. If I do this for a number of nodes, then it becomes impractical to do a Sybil attack. And a node should not even care if the other node can be fully trusted - as long as enough nodes are present that have been seen before, it can be reasonably assumed that the link to the internet has not been tampered with.

Bro:

No results found for “trustless”. (http://www.oxforddictionaries.com/spellcheck/all/?q=trustless)


You still need to trust the network is preserving the anonymity.


You still need to trust the network is preserving the anonymity.


You still need to trust the network is blocking government intervention.


You still need to trust the network is verifying the node uptime.


You still need to trust the network is secured against data corruption.


Agreed, bro.

I think a viable "BitCloud"-type documents storage solution is a pre-requisite for my idea. There was a more convincing proposal than actual BitCloud in the Projects sub-board, I remember you contributing to that discussion. Combine that with a WoT tiered access and verification for the stored documents, and you've got a very 21st century system, with bitcoin ID protocol as the base level binding it together, providing a monetary incentive not to deceive.

If you could have your personal details (birth certificate, driving licence, street address, telephone+VOIP handle, e-mails, social networks pages etc) all stored and publicly accessible on a decentralised cloud platform, you could offer tiered access to the details fields and documents pertaining to you (I think with cryptographic access so that it can't be browsed without owner permission). You could have various zero-knowledge proofs to ascertain ownership of documents (as in your suggestions), and you could additionally offer proof that the same street address information that your siblings or parents have is the same that you're offering to the company you have your new phone contract with (using the same mechanism WoT has to cross-check fingerprints). Proof of genuine family ties could be a zero-knowledge DNA fingerprint comparison between you and your ostensible family members, or perhaps instead cross referencing with social network pages for friends that can vouch for your address (perhaps weighted by the length of time you've been associated on that network)

That's the sort of direction I believe this technology could and should be heading in. Passports are primarily international travel permits, not ID's. The centralised model has allowed them to be abused by some government departments, so they're not reliable as ID's really.

Mike Hearn isn't stupid. He knows pretty well that his proposals aren't going to be popular with the average Bitcoin demographic. His arguments (not only in this thread) may seem "ignorant", but that's because he simply doesn't care what the average bitcoiner thinks, he has his own game going.

Does anyone really believe that Mr. Hearn invests 6 months (!) into preventing some rather obscure attack scenario without carefully evaluating the pros and cons? He probably has some good reason which he isn't intending to make public (yet).

In my opinion, he probably wants to have the proper preparations ready to turn Bitcoin into "Paypal 2.0", for when the media begins to call for hard regulations. I think it is very likely that sooner or later Bitcoin will get connected to some terrorist act or some other large scale crime (and I don't mean some guys selling a bit of weed and ecstacy on the silkroad). At that point, global media will pummel the public with demands of either eradicating Bitcoin completely or implementing very tight restrictions. Then Mr. Hearn will be there to offer his services, probably together with a business like CoinValidation (http://www.coinvalidation.com/), to seemlessly make the transition from the old Bitcoin to the new Bitcoin, where all participants in the network are known to the authorities. Miners will be required to only allow transaction from/to verified addresses, with known identity of the owner. Unlicensed miners will get punished harshly. Even if they do not get caught by authority, they will be mining coins that will not be accepted by addresses in the "new Bitcoin", so most miners will probably get their license or risk getting rewarded with coins that only have a fraction of the worth of the coins that are inside the authorized system. No upstanding citizen will want to touch those coins and their usability and their dollar value will drop harshly. The prohibited part of the system will probably fade into obscurity, only being used by criminals.

Like it or not (I certainly do not), but from this point of view it seems like a smart move to prepare for this kind of scenario right now. Bitcoiners will attack Mr. Hearn for his ideas at this point, but the majority of them will be glad to get a Paypal-Bitcoin-hybrid instead of having no Bitcoin at all.

Disclaimer: I am not a smart man and everything I write may be complete nonsense.

Trustless means: not having to trust a single entity. "Trusting the network" is pretty much the definition of trustless.

Augusto, I'm not arguing that we are not trying to define node trust.  We are.  But, in the words of the great hen master:

"What is needed is an electronic payment system based on cryptographic proof instead of trust,
allowing any two willing parties to transact directly with each other without the need for a trusted
third party."

In this debate, we discuss the important distinction of trust in human third-party institutions and human perceptions versus purely machine derived trust.  Even PGP's web of trust requires human input, where as Bitcoin, using a combination of cryptography, p2p and probability, today does not.  

To sum up these concepts, let's coin a new phrase: "human (http://www.merriam-webster.com/dictionary/human) trustless (http://www.merriam-webster.com/dictionary/trustless)".  Combining those two Websters definitions, a "human trustless" solution is one that does not require trust in humans.  

I like trillion's definition, too. 

"'Trusting the network' is pretty much the definition of trustless."

Uncomfortably enough, this makes actual sense. How can we trust Mike Hearn not to have a double agenda? Anyway, the more bitcoin will be regulated, the more likely it will be that at some point it is going to be dropped in favor of a cryptocurrency which regains resilience and privacy, such as Zerocoin.

You don't need to - you can verify him now (slide 10,11): https://docs.google.com/file/d/0B4t9VJLm_PWhRkFKa1pQTm54WU0/edit?hl=en&forcehl=1

:D

Slightly more than zero knowledge, though ;)

I haven't "invested six months". As I said in the talk that apparently nobody bothered listening to, I started thinking about it six months ago. Very different things!

As I also noted in the talk, the ZKPOP idea cannot be implemented today because the necessary code isn't even available.

Will you continue your efforts regarding ZKPOPs? And if so, would you mind sharing your thoughts on why you think it is a good idea? Perhaps you can respond to some critiques, mostly which real world issue ZKPOP stops, and why you think it is better than for instance a solution based on challenge-response?

I would genuinely appreciate it.

If we're going to nitpick specific words in your presentation, can we get a transcript?  I'd like to quote the Iowa statement.  lol

The quote I'd really appreciate you giving us is:

"You know, the passport thing seemed like a good idea. It is certainly interesting. But, now that I've learned more about its cons through the concerns of others, I think I'd rather focus on solutions that don't require trusting third parties, human input or human identity.  It is clear that Bitcoin will be better off if we create security solutions independent of changes to the outside world...  solutions that will be available to all users of Bitcoin, regardless of citizenship, financial position or political affiliation."

Am i reading this right? Passports? Like physical government - issued ones?

Afaict this solution might be a very clever one to reduce the possibility of a sibyl attack but it's one of the
least elegant things that i 've heard in the context of bitcoin. It just doesn't feel right.

Ps. The "propose something else/better or stfu" argument, is NOT an argument whatsoever.

 ;D

No, bro. The Oxford English dictionary disagree with you nonsense. Trusting the network is pretty much the definition of... Trusting the network!

Augusto, as someone who's been programming computers for 35 years, I can testify that the Oxford English dictionary is not where new technology and the concepts it introduces is born. 

Being able to reliably execute code on another person's machine and trust the results (and do so with reasonable resource usage) is a stunningly powerful thing.

It might be pointed out that there is a difference between trusting a third-party a few microseconds and trusting them forever (or a longer duration) since if you rule out attacks which require some setup the attack surface narrows significantly.  The PCP work opens up the former case and that is what really got me off.

I was under the impression that the work described at the 2013 SJ conference (Eli Ben-Sasson, et-al) was available.  I was planning to build their compiler and piddle around with a hello-world class experiment when I got home, but never got around to it.

I've not watched this presentation (for bandwidth reasons) but I assume it's similar to what he presented that the Bitcoin conference:

  http://www.youtube.com/watch?v=CjUNj8ow6UE

If nothing else, the comments section alludes to why the developments are so exciting.

 :D

You are funny, bro.

The Bitcoin software still need human input to work. Trust is still necessary to operate the Bitcoin software. The end user still need to trust the whole network will accept the private-key in his wallet to sign a transaction. Sometimes the end user will have to trust a third party to hold a wallet with his/her private-keys because he/she lacks the skills to install the Bitcoin client.

"Trusting the network' is pretty much the definition of trustless" is just laughable nonsense.

I read a thread where it was unanimously claimed that a team of yours had been working on this stuff for 6 months. I am sorry for misrepresenting the facts, should have listened to the talk instead.

If he has genuinely been thinking about this for 6 months, how come he hasn't considered any of the oppositions we've raised inside just a couple of days?

Probably because a vast majority of the gripes are based on a gross misunderstanding of both the problem and the solution.  If one has been thinking about a problem, one can easily lose sight of what types of misunderstandings are possible (or even likely in certain social conditions.)

Sounds to me like Mike has been doing mostly other things while he waits patiently for the code to be released so work could begin in earnest.  The code is complex enough so that it will probably be many years before it is even close to being fully vetted.  But it would still be mighty useful for non-core addons and such (which is what is under discussion here.)

Mike said it himself. Quoting his talk in London, at 10:54 into the video:

"So lately, what I've been looking at, actually for the last six months or so, but I haven't been able to try it yet - the code isn't open source - is something new. And this is a proof of a passport."

So not "Starting thinking about". Very different things!

;p


Which is why we are here.  We're concerned because Mike is responsible for bitcoinj, which many use and trust today.  It is better to resolve concerns now before they become code than to have to fork, fix and convince later. 


We trust Bitcoin because it is not based on third parties.  We just the algorithms and the probability because they are built on a foundation of distrusting people in contrast to prior competitors. 


True.  Individuals will always be free to trust third parties and, to some extent, the wallet they downloaded.  The risk of wallets is partially mitigated by them being open source, subject to open source peer review, binaries having MD5s, knowing that the developers don't have an obsession with passport integration, etc,...  To be sure, there are ways to improve this in light of recent back door discussions driven by NSA revelations.  But, the general shortcomings to wallet security that require end-user trust are not deliberate and by design by the majority of us.  We do the best we can today while striving to make it better tomorrow.       

The important thing is that the protocols and blockchain are not built based on this type of third-party trust, which is what we're discussing here.   Yes, I get that Mike is not completely trusting a third party with passport authentication in the traditional sense.  But, it is clear that not only does it introduce assumptions that depend on third parties, such as the ability of governments to protect the data, it introduces new potential vulnerabilities and is actually less useful than a solution that is "human trustless", particularly if we want to solve this problem for everyone rather than just have a UK-centric solution where everyone without an ePassport lives in Iowa. 

Also, the problem Mike brought up includes when you don't want to rely on a third party to mediate the transaction.  If you are willing to use escrow services, then this whole discussion isn't nearly as relevant, because the third party you choose to trust becomes your direct counter-party rather than the person you are talking to at the cafe. 


 

Man, I couldn't dis-agree more.  To my way of thinking Bitcoin won't have any real impact in a country where using it is LEGAL.  This because there are plenty of solutions for the 'tards-n-trinkets' sphere (cash, visa, paypal, gold, etc) and they work fine.  Who needs yet one more?  And Bitcoin with its half-baked stabs at privacy, p2p function, security paradigmn, etc, starts out with a disadvantage to competition operating in the 'fat tail' region of the exchange economy.

Bitcoin might be a good way to obtain high quality beacon data to target users for marketing campaigns (or worse), but that only benefits a small sub-set of society.  And nobody who I personally give a shit about (any more...)


All very valid and good points.  For that reason it is also the area that Bitcoin (or some project) should be working on.  It's not like totalitarian regimes are especially rare or impact only a small group of unfortunates today.  Nor is it like totalitarian regimes are not a legitimate threat for a larger group of people tomorrow.

A reliable and transferable value solution is very possible (as evidenced by Bitcoin's performance up till now) and I strongly disagree that it could not be useful to individuals and groups working under totalitarian regimes where it would, of course, be 'illegal'.  I use 'useful', and your 'have a real impact' interchangeably..


In my brief looking, it seemed to me that 'Satoshi' was amazingly mum on almost any political issues.  I remember running across the text you reference.  It could easily be explained by his understanding of the state of the project at that time and the risks to it without inferring anything one way or another about his politics.  I'll defer to your judgement on the rest of his attitudes because you seem to be one of the people who had the most contact with him.

I'll note that I myself became aware and interested in Bitcoin as a direct result of the Wikileaks thing, and it's a good bet that a lot of other people from a lot of other walks of life and affiliations did as well.  Surely 'Satoshi' would have recognized this and contemplated it's ramifications.

Indeed. Ironically enough given the contents of this and other threads, it was the Wikileaks blockade that brought me back to Bitcoin as well, after leaving it in 2009.


No disagreement that Bitcoin in totalitarian countries would be a great thing, but I don't have any ideas about how to make it work. Advertising that you accept a currency seems fundamental.


Perhaps this is a British English thing? When I say I'm "looking at" an idea, what I mean is that I've been examining it and thinking about it. If I had actually made it work I'd have said so!

When the code comes out I still intend to try out making a ZKPOP, just because it'd be interesting scientific research and hey, if I'm ever going to publish a crypto paper, this would be a good candidate. Also it's useful in contexts outside of Bitcoin, like for Tor and anti-spam systems.

I don't plan to try integrating it with Bitcoin itself, because unlike MITM attacks, flooding Bitcoin with bogus peers is a somewhat theoretical attack. Flooding Tor with bogus peers is not theoretical, so if it works OK I might give a heads up to those guys and they can investigate more if they find it interesting. Tor relay operators are already not anonymous and Tor's architecture places less emphasis on decentralisation, so it'd be less of a culture clash for them.

And so it begins: http://www.businessinsider.com/report-ceo-of-major-bitcoin-exchange-arrested-2014-1

So whenever you transact Bitcoin to someone, you will possibly become an accomplice in criminal activity conducted with these coins.

Man, who wants to take such a risk? Luckily, CoInvalidator are here for the rescue. They will make sure our coins are only coming from and going to upstanding citizens (unlike that naughty, naughty Charlie Shrem person).  :D

What you need to do is spend 2+ weeks outside the G7 and pay close attention to how average people go about their lives and businesses outside of the tourist areas.

Wander around Lima, Peru, for example and you'll find plenty of unlicensed currency exchangers who operate in defiance of the law because enforcing those laws would require more resources than the regulators have at their disposal.

It's a bit different in the digital realm since there are plenty of talented programmers in the US and Europe who are willing to sell every tinpot dictator in the world monitoring technology in exchange for blood money, but that just means the programmers inventing circumvention measures have to work a bit harder.

I just read this after I sent you the PM summarizing my perceptions, and I'd like to say, this the best response you've provided so far towards clarifying your intentions.  All of us can respect scientific curiosity, and can see contexts outside bitcoin where ZKPOP could be a better fit. 

It would be a nice plus if, in addition to "a somewhat theoretical attack", your reasoning supported the concerns others had and some of the overall principles of how new Bitcoin networking capabilities could continue to live to a higher standard than its counterparts.  For now, though, I'm glad to hear you at least have no intention of trying to pursue this in the context of bitcoin. 

   

This is untrue. Many TOR relays and exit nodes are run anonymous.
Offshore providers don't do KYC and accept anon payments like Bitcoin, Webmoney and many more.

Why are you telling lies?

I run 3 TOR relays anonymously.

I always like to bring up Argentina when I do presentations on bitcoin.  They pay a premium of 60% in the black market for the US dollar because their peso suffers 30% annual inflation.  They pay a similar premium for bitcoins and gold.  For them, they are looking for any store of value that protects them from inflation. 

Interestingly, I don't know how legal it is to pay their citizens in bitcoins with all the regulations they have, but if US companies who convert US dollars to Argentine Pesos (ARS) to pay employees there chose instead to pay with bitcoins purchased with USD, they could save a lot of money.  Presuming that Argentine people pay a 60% premium for bitcoins in ARS when compared to the official US dollar exchange rate and the price of bitcoins in USD, if they offered to let the employees volunteer to be paid any percent of their pay in bitcoins at a 5-10% discount when purchased in USD, the employees would still flock to it because they'd still effectively be getting bitcoins at a huge discount over ARS/BTC market rates, equating to a huge raise.  In other words, US companies could save 10% while giving their employees a 50% raise!  lol   

The reality is that global companies operating in Argentina, though, tend to pay employees there with revenues they earn there, keeping ARS circulating in Argentina. 

I wish there was an easy way to know the legal requirements in Argentina or any other high inflation nation to determine if they either restrict or permit pay in bitcoins.   
 
Bitcoin's Promise In Argentina (Forbes - Apr 2013) (http://www.forbes.com/sites/jonmatonis/2013/04/27/bitcoins-promise-in-argentina/)

From the perspective of "can we shut down Tor" all it means is that the hosting provider ends up being considered the owner. It's still possible to find and shut down the nodes, obviously.

If you want to shut down Tor, just DDoS 6 of the 10 authoritative directory servers to keep them down for a few days, and the whole network will break. Or compromise these servers and you can umask any Tor user. Unlike Bitcoin, Tor is 100% centralized.

The problem has to be addressed at the source.

That place is the Bitcoin Foundation. They are the ones that give Mike Hearn the power to be core developer.

So you need to convince the foundation, or you need to be hire as core developer by the foundation in order to over ride Mike.

Goodluck

nobody needs a foundation to tell people how the network should be run. distribute developer control and make sure the goals are inline with the users goals. such a mechanism is needed in any case.

From this what I understand, authorities can get control of these 10 authoritative directory servers to get their pas data. These data will have the IP details of Satoshi... right ?

That's the crux of it. Well said.

Maybe, though the servers are located in a few different countries.


No, the attacker would only be able to affect new Tor connections.

Vote NO to XT!