There is very little technology development in the altcoin space... but there sure is a lot of deceptive hype from people eager to separate people from their money, no surprise when many of the people creating altcoins hardly know how to work a compiler. Most of the time when there are non-strings changes at all, it's just another worthless ill-considered proof of work variant that hasn't seen a drop of peer review (and which is compromised, e.g. failing to meet its "cpu only" promises, the moment someone does review it). In the rare event that there is interesting technological development that I'm aware of— I credit it— which is why I brought up the bytecoin&forks in the context of privacy technology, even though I think creating an altcoin for it is not a good idea and I'm not involved with its development.

I review many interesting looking things as I have time available, but only if they are open source. I am uninterested in handling anyone's private code, however.

It's getting a little late. This system was created month and months ago, but there is still nothing for me to look at... and now aggressive promoters are spilling into other threads and degrading other efforts that are already delivering or are at least out in the open.  I hope you can understand how this creates a very negative impression from my position.

I can't figure out what you're saying here. Is the idea that I can't say anything at all about something thats closed?

Thats not my position at all. My position is that that a closed source cryptographic currency is inherently centralized (via control of the source), and that experience suggests that most such systems are snake oil (they don't deliver the things they claim to) if not being outright trojans.  Indeed, you can't tell— maybe it's actually great, but great things usually don't need to hide in the shadows. The safe assumption is that they're not great at all.

I've never been involved in Bitcoin to make a profit. If I add up the tips and such I've received for hard technical work I've done it would be well below minimum wage. I've been involved a long time— since before it was worth much of anything, and seemed like an insane dream that it ever would be— because the technology is interesting and important. I've also sold most of my Bitcoins since long ago— was never looking to win the lottery. And yes, I feel completely comfortable looking down my nose at people who showed up late rabid with dreams of effortless profit, at least when they go around promoting zero-sum trades to enrich themselves— not pointing any particular fingers here... I assume the people I'm talking about know who they are.

I'd do mostly what I did anyways— say nothing and see if anything interesting happened. I only piped up recently because of what I perceive to be misinformed heavy handed promotional efforts spilling out into threads where they are off-topic.

No, in fact I already previously _demanded_ they stop promoting it with my name, which they were doing initially.
Yes, you came and trolled all over the CoinJoin thread in a desperate attempt to convince people of your untrue comparative claims wrt darkcoin. While I'm normally content to more or less ignore this hive of scum and villainy that is the altcoin subforum, when it spills over and interrupts discussion elsewhere, pinging my email with report-to-mod hits, it gets my attention.  So… you have my attention now. Lucky you.

Right, this is a centralized approach... a central server can deanonymize people. There may be many of these servers, but you're still trusting them to not be bad.  It may be acceptable— it's probably better than nothing at all.  But things like this is precisely what Ozziecoin is slamming.  Ironically, because the CJ thread post 5 describes how you can deal with the dos attacks while actually being private for everyone:  If the transaction fails, everyone deanonymizes their attempt, and anyone who fails to deanonymize (or is directly shown to be the party refusing to sign) is banned. It's a PITA to actually implement, I agree.

Having something in the protocol doesn't mean that there is an interface to it. I was doing CoinJoins back in 2011-2012, in public too— https://bitcointalk.org/index.php?topic=139581.0 ... no software was required for it once the raw transaction interface made it into a release. The point here being that none of this needs an altcoin, yes it may need all sorts of client software and such, but there is no need to invoke another currency except to Make Money Fast.

CoinJoin isn't a service, ... I guess you've pretty conclusively shown you have no clue what you're talking about.

Nor have I promoted Bitcoin here— I haven't said anything positive about it at all.  WRT the Bytecoin & forks I don't really believe that I'm promoting them, they suck in a number of ways unrelated to their privacy features, and the decision to make an altcoin out of it seems shameful and greedy to me... but the privacy part is really quite brilliant, and thats just my opinion as someone who has been working on privacy in this space for a long time.

Nope. I have a bit so I could try them out, and some people have made use of my monero tip address, but its all trivial amounts. I think altcoins are generally inadvisable, and in the long term I have plans that should remove all reasons for having them. I think the promotion or opposition to these things based on profit motives is incredibly sleazy.

I've seen no concrete evidence to support this. Can you point me to some?  I'd certantly be happy to find that I was incorrect, I think privacy technology is interesting and important and while I think creating an 'altcoin' for it is counterproductive (immediate loss of anonymity set) and pointless, if something good is developed I'd welcome it.  But after sitting quietly for some time the indications that darkcoin is largely substance-less vaporware and hype have grown stronger, not weaker.

I haven't done any "coinmixing work"— if you're talking about CoinJoin, darkcoin threw around my name quite liberally initially until people warned them not to. I don't want my name anywhere near this thing.

Maybe it is— how would you know?  ... in any case, randomly selecting a server is distributed but not decenteralized. The "random" servers are well positioned to track every user using them.  A well implemented coinjoin would combine users with multiple other users in a way that _no one_ knows what the input/output correspondence is beyond each user knowing his own inputs and outputs.

I haven't promoted anything here, except arguably the Bytecoin/etc. ones which aren't mine by any means.

You're asserting this but you haven't justified it. I can't counter an assertion because I don't even know what you're saying is centeralized or how you believe it could be co-opted.

Because it's closed source stuff of dubious quality which appears to being deceptively marketed.

This isn't how cryptosystem development works. History supports taking the position that is closed should be automatically assumed to be snake-oil if not an outright trojan until proven otherwise. It's highly suspect. Systems which are good do not need to hide their operation, not if you're going to ask other people to use it.

Why do you ask why and then claim disinterest? I am prejudiced against vaporware, closed source, and pump and dump nonsense. I am prejudice against things which exploit the technical work I've done, trade on it's name (as Darkcoin did at first, until I started blasting it it), to the apparent purpose of extracting funds from people who are less technically sophisticated. Beyond the basic immorality of it, I worry that this fundraising style will remove people's willingness to support real improvements that aren't scams, since its hard for them to tell them apart.

What are you talking about here?  Nothing I've ever described involved a singular "coinmixing" server.

I'm now suspecting that you've never read the CoinJoin post at all— pointing out that it was part of the protocol was the point. It's also inherently a part of Litecoin or anything else that copied the bitcoin code slavishly. It's a result of how signatures work in Bitcoin. Getting wallet interfaces and such developed for it was the motivation for the CoinJoin post, and now there has been good movement on that front.

Closed source? It's not actually implemented yet, but unlike "DarkCoin" they've extensively described their approach in their academic publications and subjected it to extensive peer review. I'm not a fan of the security assumptions it makes, but the privacy properties the system should achieve are basically perfect.

All cryptographically strongly-private decenteralized cryptocurrencies are going to be unprunable to some degree, which is an unfortunate scalability tradeoff— but considering that no Bitcoin implementation in production today implements pruning anyways, it's hardly a fatal one— at least in the medium term. The tradeoff here is fundamental: if you don't know what coin has been spent, you can't forget any of them.  Of course, a system could have less privacy and things forever out of the anonymity set could be forgotten but thats the tradeoff you get.

Most of HF's customers have no idea about the bankruptcy at this point.  I've received no communication about it.

Ozziecoin, Your pump and dump dance would probably be more effective if you were less transparently dishonest in your approach.  I'm normally happy to ignore the nonsense in the altcoin subform, but since you saw fit to go distrupt the coinjoin thread with some offtopic insult hurling I thought I'd bring the extensive response back here where its topical.

CoinJoin is trustless— which is orthogonal with centralized or decentralized, it could be implemented several ways (though trustlessness is usually a prerequisite to a decenteralized implementation). Post 5 in the CoinJoin thread writes in depth about implementing it in a decenteralized way, none of which appears to have been implemented by the darkcoin developers as far as I can tell— from what I've heard it seems that they're not even able to understand it. (This is a disappointment to me, since I was trying to describe these ideas clearly so others could understand them.)

More amusingly, what DarkCoin does is highly centralized because the software is closed— you can't get more centralized than closed source. What the actual behavior is, is anyone's guess— it's impossible to review due to it being closed— though "masternodes" does not sound like something decenteralized, it sounds like something that creates a small chokepoint which could be used to deanonymize its users, like a server based CoinJoin but worse since you have to hold a huge pile of coins to run a server.

As I've said before CoinJoin is interesting because it's inherently part of Bitcoin already— it just needed better tools (and now there are some, e.g. darkwallet) to make it available to people.  It's a privacy improvement over not having it, but it isn't perfect, but it also didn't require any changes to Bitcoin (much less a whole altcoin) to deploy it.  In an incompatible system much better is possible as is proposed by ZeroCash and much better is actually _realized_ by Bytecoin (and its forks... Monero, Fantomcoin, etc.), the later are actually working (if immature, due reinventing many wheels) implementations of much stronger privacy, decenteralized in their implementation, all released under a good open source license.

From what I can tell the only purpose DarkCoin serves is to depress me about the state of humanity.

I think you should keep your garbage pump and dump crap out of this thread, put it someplace people won't annoy me by reporting it.

The things I described above in this thread can be implemented in a decentralized manner, as is described in some depth in post five. What darkcoin does doesn't sound decentralized at all— it depends on selected servers— but whos to say? Last I checked software was both closed source and not even working. When darkcoin was announced it claimed what it was implementing, however, was coinjoin.

Bitcoin is openly developed software, anyone who wants to work on it can contribute to it, and last I checked none of the people who have ever worked on it are your payroll. If you're honestly concerned about privacy in Bitcoin you could do some things to help improve it. Pumping some sketchy altcoin in the wrong sub-forum, however, is not going to help, nor is attacking people who have no responsibility to serve your interests.

For some context for those confused about where this little OT tangent came from, someone wrote a fairly scathing analysis of DarkCoin, basically making a case that it's a substanceless effort promoted by misleading marketing. Unfortunately, in making their argument they linked back here... drawing along some vigilant defenders. I'll continue deleting any more darkcoin posts that show up.

The attacker knows everything in the blockchain. The attacker knows the identity of the payer or payee of some small number of transactions. The attacker wants to follow these identified funds forwards or backwards and expand their knoweldge recursively. The CJ users want the attackers analysis to fail, for themselves (most importantly) and for third parties.

I think of two main attack objectives— where the attacker is trying to identify a single user and where success/failure depends on how persuasive the evidence the attacker can extract for that single user.  And one where the attacker is trying to broadly deanonymize everyone in order to feed larger scale analysis. For this latter attack the defender's is successful if they're able to increase the noise level of the analysis by a non-trivial amount at low cost to themselves, e.g. success in this latter cases is completely continuous.

I outlined some more specific attack objectives in the original post— things like people you do business with being able to determine your income, net worth, supplies costs, or prices.

The privacy tech is indeed very interesting, the rest of the tech... uh. some is very clearly ill-advised (e.g. the "CPU-only" pow is now much faster mined with propritary gpu software— now it's just acting as an albatross, the slowest to verify POW yet deployed and failing at the advertised goal in record time—  the blocksize control algorithm is totally incentive-busted in the long term) and the software is very immature.

The history around the launch is pretty sketchy, and as far as I know there is no evidence that it's as old as it claims to be, but why the heck would anyone lie about such things? It isn't like anyone is really going to believe it or that it matters if they do or don't. Now there are a zillion forks, it's not clear which will survive, they're also being secretive for "competitive" reasons  ... in any case, this is the tech subforum, and the tech is interesting without regard to the (usual) altcoin drama.

Back to the question, it would be trivial to prove something— like a blockchain or a program— existed at particular point, it would have only taken someone who knew about the something to have posted a hash of it someplace durable, like in the Bitcoin blockchain. This doesn't seem to have happened here, but instead things outside were very aggressively committed in that chain, which proves the other side of the boundary (it wasn't created any earlier), so aggressively that the absence of any proof in the other direction is additional suspect.

But perhaps who cares? Alt these "CPU" altcoins seen to end up sending most of their coins to a small number of fast speculators, seemingly powered by stolen computing power and private optimizations... if you go by hashrate you'd see numbers like a coin that hardly anyone has heard of having 60k fast cpus worth of mining a month after it was created... Uh yea, right. The unfairness of some launch or another I suspect mostly impacts the squabbling between very early speculators, and fairness to other people depends more on transparency and on "fitness to purpose", allowing people who are not speculators to participate in the economy. So the bigger question is if anyone is going to go complete anymore of the ecosystem, rather than if someone got an early advantage, because its very clear that in all these things someone did.

There are a healthy amount that are configured to accept connections— its a default in full nodes— but simply don't because some NAT/FW prevents it. SPV nodes do not advertise themselves.

It's not completely clear to me that the nodes in question there actually weren't accepting connections either, but in any case it's expected that there be a large number of advertising nodes which are actually unreachable.

They don't, what you're describing isn't how the Bitcoin protocol works at all.

Other peers don't share information about you, you broadcast it— or  you don't. If your node is not configured to accept incoming connections (e.g. listen=0), knows its not in sync with the network, or is unable to determine a plausible external IP it won't broadcast an addr message for itself.

Andytoshi and I spent some time trying to formalize a notion of "coinjoin entropy"— e.g. how many possible mappings of inputs to outputs are possible given the values. A result of that was that discussion was the realization that if you allow for the possibility that coinjoin participants might also be paying each other then basically all coinjoin's have perfect entropy because there is some payment matrix that permits any of the output parties to be any of the input parties.

We didn't actually solve the entropy question for the non-concurrent payment case, it's an interesting question.

Yes, — since we can't distinguish tor clients from each other banning them would just ban all tor peers, which isn't helpful so we don't do that.

I'd like to have some costly resource peers can optionally use to get themselves a preferred position, see the link I gave for some thinking about that... but absent any smarts it's still best to not increase an attackers power by letting them ban other nodes.

Right, most 'smarter' topologies are highly vulnerable... And bitcoin only requires one of its peers to be working well for the node to work well, so connecting to a couple nodes should provide  pretty reasonable performance most of time without further intelligence.

Having different or the same IPs doesn't prove anything.  (I don't have access to that info, but MinerTechnologies asked me to— I think doing so would be pointless).

No it doesn't, as change can still be taken. For all combinations of inputs and outputs there is some party/party payment matrix that allows any output party to be any input party, though indeed, some are more plausible than others.

WRT payment protocol, indeed, you'd want the receiver to also be able to specify additional inputs you'd like them to include, which is also good for consolidating the receivers wallet— sort of the opposite of merge avoidance, but privacy superior because it results in confusing merges... but the payment protocol is extensible, so it just requires someone who cares to specify that out and get it implemented.

This is getting offtopic, but you cannot distinguish a "careless join" from one with different correspondence  which transferred value. E.g. A provides 1 btc, B provides 2 BTC,  C takes 2 BTC, D takes 1 BTC. Is it a trivial B->C A->D or is B paying A and the roles reversed or is it a single party transaction with change and some odd coin selection?  If you'd like to discuss this further, take it to the CoinJoin thread— better to discuss this there than half of what has been there recently.

It can't in that case, thats why it has an optional scriptpubkey argument.