 Show Posts
|
|
Pages: [1]
|
|
If the blacklist is opt-in and "personal" anyway, you might as well just have the client send the coins back if it doesn't like them. This can be done today. It's just pointless.
|
|
|
|
|
I think the argument is based on a "what if" scenario for the protocol being amended to include blacklists for wallet addresses in the database so that when a transaction is verified it is also checked against the receiver's blacklist prior to "approving."
|
|
|
|
|
Well, as I said, a statistically significant number of people would never blacklist them unless there is a centralized blacklist, and even if there isn't, that doesn't stop anyone from making a client that syncs with a centralized blacklist. Bad.
|
|
|
|
Hahaha, I just "got" it. Left it for its comedic value, I am rather fond of that typo  |
|
|
|
@smoothie: Perhaps, but contributing quality posts is more important to me than my post count or member status. Thanks maged |
|
|
|
Yes indeed. I was alluding to that with "It is also technically immensely difficult (if not impossible) to actually implement based on the way bitcoins work in a manner that is secure and not prone to tampering of some sort." That's not to say that the protocol can't be updated at some point to support user blacklists being included in the replicated database, where blacklist entry changed get validated the same way transactions are. But, it would add overhead, complexity, require every supernode to have a list of ever user's blacklist, and either be completely useless or completely devastating to the goals which bitcoin wants to achieve in addition to adding an attack vector for manipulating the bitcoin market. So, all in all, a horrible idea |
|
|
|
|
Yeah, sorry, it would just need the previous TX value so it can send back the signing hash.
|
|
|
|
|
Actually, I can take this one step further - your secure wallet device can plug directly into the computer and compute the updated blockchains, send them back. When you want to send money, you just plug the device into your computer and scan your finger to approve the transaction. The device is designed to never send the private key out of the USB port unless you physically flip a switch to enable encrypted backup of your wallet file.
[EDIT] If its unclear, the physical switch makes it impossible for a virus that has complete control over your PC to affect the money transfer. The device can have an LCD that says "swipe finger to approve the following transaction: 100BTC to account 9fj57whf754ivn484cdfmsweh".
|
|
|
|
|
After reviewing the protocol, I can tell you that a completely offline wallet is entirely possible on the client implementation level, even for sending coins out from the wallet. Your online computer is used to track your balance and transactions, your COMPLETELY offline computer/wallet device is used to validate send requests via USB key. Perhaps if I have time after the summer after wrapping up some other projects, and if this hasn't been done by then, I will contribute to the client code to support this scenario.
Here is how it works:
Setup:
Offline device: Generate wallet file with public/private keys. Put public key on USB key.
Online computer: Track my wallet balance with the public key.
Receiving money:
Any computer: Send money to wallet with the public key.
Online computer: ooo, you have money! Look at your new awesome balance!
Sending money:
Online computer: Create "send money request" on a USB key that contains the amount and relevant blockchain(s) for the coins you want to send.
Offline device: plug in the USB key, compute the new updated blockchains using the private key.
Online computer: plug in USB key, propogate new blockchains across the network.
---
It would also be fairly easy to create a "secure wallet device" that has a fingerprint reader on it and a USB port, nothing else. The device stores your public and private keys, lets you export an encrypted copy to the USB key for backup purposes. You can store large amounts of money on it, keep it in a safety deposit box until you want to pull some money out. When you do, jump on your PC, fire up your client that is tracking the wallet from the public key and put in a USB key, hit the "send money" button, enter an amount. Plug into your secure wallet device, scan your finger, plug back into your PC and off go the new updated blockchains. Your private key never sees an internet connected device.
Thoughts?
--Mike
|
|
|
|
|
Hey guys,
First post, mostly registered to reply to the rediculous, thoughtless, completely unworkable suggestion in the infamous allinvain 25k loss thread that blacklisting be supported, only to find out I can't actually post in his thread because I'm a newbie. So, here I am.
If you are annoyed by rants, stop reading here.
You will have to read the last couple pages to allinvain's infamous "I lost 25k BTC" thread (currently on page 30) to sort of catch up. The discussion is revolving around supporting personal blacklists that stop you from receiving money from any blockchain that at any point contains a blacklisted address.
I would just like to say, thanks for the suggestion, but it should be left at that by people who aren't qualified to understand what a horrendously bad idea that is. It isn't doable or feasible or even remotely good for bitcoins. Seriously, all the back and forth discussion by people who really have no understanding of how bitcoins work is annoying and futile. Please, for the love of God, just drop it as something that "can't be done" and "shouldn't be done." Even worse, although it is a horrible idea on a technical level, its just as horrible idea on a logical level, yet people are getting their panties all in a bunch trying to defend it as a good idea. It's just infuriating
There are exactly two ways blacklisting like this will go, both with retarded outcomes. I will try to put this thorough analysis of the pitfalls of your proposition as plainly as possible so that there is no need for further debate on this topic. Here are the only two ways blacklisting can go:
#1: The way that will result in blacklisting being complete and utterly useless:
This is where everybody maintains a truly personal blacklist, as some people have stated is what this feature would be intended for. Everybody individually opts into every blacklist address they don't want to receive funds from.
Seriously? You think that a statistically significant number of users in a system with ambitions to grow to millions of users, many of whom are intended to be "average joe" users, are going to monitor this forum, read everybody's claims of "evidence" that their bitcoins were h4x0r3d, and put them on a blacklist if the evidence is compelling? Ummm....yeahhhh, right-o.
Because it's going to be soooo hard for the crook to find someone who isn't one of the 5 people who have "personally" added the account to their blacklist to transfer the funds to, right? How is that a deterrent to the crime or punishing anyone? If they *really* want to send money to one of those 5 people who have personally blacklisted the coins after reading your sad story on this forum, they will just exchange the coins with someone whose coins aren't blacklisted. I'll be the first to offer a coin exchange service - send me your "personally blacklisted coins" that you want to send so badly to someone who is personally offended by your set of coins and I will exchange them for a different set of coins that somebody else using my service couldn't use for a 2% fee.
"You can blacklist coins that came from the company that kills whales" - okay...so, let's see - company that kills whales purchased computers from CompCo. CompCo paid its employee with bitcoins sold them for USD using an exchange, some other dude purchased those coins from the exchange and bought a car from dealership, dealership bought some furniture, and now furniture store is trying to buy some contractor services from you but you are going to refuse those coins because somewhere down the line, they were associated with a company that kills whales. Sorry, you aren't hurting the company that kills whales with your personal blacklist. Maybe it gives you a warm fuzzy feeling to know your coins didn't kill whales, but that isn't a good reason to overhaul the protocol to support blacklisting. Limiting your blacklist to the last X hops does't help, anybody can generate 100 wallets in about 5 seconds of compute time if they want and transfer between them.
Exchanges would be a mess. Lets pretend for a second that 50% of people "personally" blacklisted EvilCo's coins. What is the exchange supposed to do when EvilCo exchanges those coins for USD? Maintain it's own blacklist? Decide coins are worth less based on the number of blacklists? Can I buy coins that are highly blacklisted at a discount?
It just turns into a giant clusterf*&#. It is also technically immensely difficult (if not impossible) to actually implement based on the way bitcoins work in a manner that is secure and not prone to tampering of some sort.
#2: People subscribe to blacklists that automatically update
Okay, so, bitcoins are around for 5 years with blacklisting support and there are potentially millions of possible "bad" addresses I could blacklist, such as hacker groups, thieves, evil corporations, etc. To get any statistically significant number of users add those addresses to their list, they would have to subscribe to a blacklist. Then we are back to the original problem of having a central authority (i.e. the biggest blacklist provider) having subjective power over screwing people they don't like. Imagine if the US gov't created a public blacklist, in the name of "protecting americans" - 99% of average joe's in the US would subscribe to the US government's blacklist if this ever caught on. Companies would only ever accept payments from government approved sources to protect their asses. Central regulation authority problems all over again, essentially reducing bitcoins to being completely useless.
Even if the official bitcoin client didn't support a central blacklist, what would stop the US government from forking the client and creating a US Government Approved and Secured BitCoin Client that auto-syncs your blacklist with their central database? Again, US businesses would likely use it to protect themselves.
---
If you've read all that and you still think blacklisting can be reasonably implemented then I can't help you, you are a lost cause. All I can add is to say that it is technically likely impossible to implement in a fashion that doesn't enable tampering. And even if it is possible, it would be so complex and contrived and rediculous that it's rather pointless.
This is the end of my rant. Feel free to reply to any future "maybe we should have a blacklist" posts with a link to this one. It would make me immensely happy.
Cheers,
--Mike
|
|
|
|
|
