I'd previously run something similar on my miners.
Beyond encouraging behavior that improves privacy for everyone and making censorship more of a non-starter, this has a benefit of giving naturally more equitable access to the shared resource of the blockchain: If someone is self-identifying as a single user by using an address over and over again, why not use that information to give other transactions (which may all be from independent users) more equal access?
The specific details of what form the deprioritization takes are less clear. Right now this patch implements a hard prohibition on reuse that has a one block scope. E.g. if there are 10 transactions with 1APPLE and if all miners ran this patch it would take 10 blocks for them all to make it in. I'd probably prefer something softer (e.g. treat reuse as having half or quarter the fee/priority), but with longer memory... but the important thing is to get it out there and explore the ideas and effects, and also clean up some of the Bitcoin ecosystem which was lazily reusing addresses constantly for no reason except nothing was incentivizing them to fix it.
We need to get some things (like BIP32) deployed to eliminate some of the sources of reuse, but it does no good if only the paranoids use it, faster confirmations will be an added incentive for the changes than the amorphous and indirect benefits of inoculating our economy against censorship and loss of privacy.
|
|
|
I've been thinking some time that it would be good to have a certification— or more than one— for wallets, as I've been pretty disappointed by some of the feature gaps in some of the popular tools, especially in areas related to privacy.
It might be good to have a list of criteria that a wallet should meet, with each one traceable to ensuring the tool preserves the users privacy, security, and autonomy. I think that in some cases the criteria should mandate specific techniques, while in other cases it should just mandate the effect.
E.g. instead of requiring it to use CoinJoin (or any specific implementation), instead it could be that it make it convenient and inexpensive to transact in a way which provides at least plausible deny-ability about the common ownership of inputs or the specific sources/destinations of payments.
|
|
|
We have a legitimate requirement for transparency
Transparency is completely orthogonal. There is nothing preventing you from keeping transcripts of your own transactions, along with the signatures with the relevant keys to show that they are yours and present them to whomever you want. The distinction is that you control that, it's not something being broadcast to the entire world... to every thief, every competitor, every nosy neighbor, every ex-spouse, etc. The highly public transaction record in Bitcoin is unprecedented in financial systems. It is a weakness, but one that can be patched around, and not a virtue.
|
|
|
Exactly. But don't breath out too easily. Just because something is possible doesn't mean it will be done.
There is a lot possible, and I mean practically not just theoretically possible, which is not being done because it has a high up front development cost and the nature of truly decentralized systems is that they eliminate rent-seeking, including the kind of benign rent-seeking that would otherwise be used to fund the development.
|
|
|
In theory things like this are possible... an encrypted state with encrypted spends and proofs that the changes are faithful and following the rules, without disclosing what the changes actually were.
Making them practical is another matter, especially because we have some evidence that the expense of operating the Bitcoin network as its currently designed may be at the upper boundary of whats sustainable as a decentralized system. If such a system required 10x more bandwidth, cpu, disk space, or even lines of code— it's not clear to me that it could be practical. At least not today.
The explanation of how such a system works would be beyond the understanding of the majority of people who currently have a basic grasp of how Bitcoin works, which would lower trust.
I hope to see (and participate) in the development of technology in this space, but it's not an immediate thing we can apply. But the potential for things like that is certainly one reason I'm very excited about the recent advances in generic zero knoweldge proofs.
|
|
|
Gregory Maxwell gets it the Foundation should be nothing more than a privately funded public lobby and leave development to the community.
I don't see any problem with the "privately funded public lobby" kicking some funding to development. ... even if, because various political pressures, they can only fund work which is "boring" in certain respects. There is a lot of boring work to get done. All that means that the question of supporting development is not answered by just the foundation. I think Bitcoin is and must be a big tent that calls to people of all sorts of motivations and politics. We should welcome the confused people who think that privacy is bad to also use our money, but at the same time we should take care of our own values and make sure that their use of Bitcoin doesn't take away the freedom of others who do not share their politics. The essence of crypto-anarchism is that one does not generally need to fight oppressive systems of social organization directly, instead we use technology to make those modes of organization obsolete. Regulation serves a useful purpose, but it often comes with very high (often indirect) costs: The crypto-anarchist says: One does not need to regulate a bank which cannot steal, and in that statement we side-step a bunch of political mess... we don't need to debate the harms proposed regulation creates when we can use technology to provide the benefits without it. If too much of the Bitcoin ecosystem continues to rely on trusted systems we will be unable to resist being reshaped in the mold of the centralized systems which came before. We need something with absolute fungibility, blind sigs and homomorphic encryption really is the only way forward now....
I'm not sure I agree, in two respects: First, systems with absolute fungiblilty have significant technical costs— including the risk that the bleeding edge crypto behind them is inescure— which probably remove their viability for the time being. Heck. Until two weeks ago we were down to under 4000 reliably reachable bitcoin full nodes (we're up to maybe 5500 now), from over 40k at the peak people have moved to web-wallets and thin clients: It's not clear that _Bitcoin_ is technically viable in the long run, some system with substantially higher operating costs probably isn't. Second, I don't think we need absolute fungibility to thoroughly break efforts to destroy Bitcoin's fungiblity. We just need enough of it embedded in the common practices to make efforts to break the fungibility swimming up stream every step of the way. Some regulation paranoid bitcoin business will willingly lose 10% of their customers to some stupid blacklisting, but they won't tolerate 95% loss. From things like coinjoin and miners depriortizing address reuse we can make things substantially more private and harder to blacklist/whitelist without scraping the system and replacing it with a much more operationally expensive one.
|
|
|
Oh but they're not quite the same. Blacklists are easier to work-around. Mix your coins enough and there will be no meaningful taint anymore.
Thats not so, blacklisting increases the probability that you receive back blacklisted coins— even if you didn't have blacklisted ones going in. This increases the "cost" to you of using this approach, so only outlaws will think it worth the cost, and so you'll only receive outlawed coins while using such a system. It's self-fulfilling once it takes off. I don't think that things that have cost and take effort and which only a tiny fraction of (more likely than usual to be troublesome) users can really move the needle against efforts like this, or at least we shouldn't count on them to.
|
|
|
which is to be commended
I haven't seen anything to commend except their business savvy: Hashrate on their service is >2x more expensive than actually buying the hardware— more like 10x the price of stuff still in pre-order, and will never make a profit at those prices according to the calculator on their site. By doing so they centralize mining and create a moral hazard with apparent results like the one's we've seen here.
|
|
|
The only way to prevent this from happening is to get involved in politics and convince the decision makers to not do it
No, the only way we can prevent this from happening is adjusting the ecosystem— the software and the common behaviors of users— to make it non-viable. The challenge is that people who want it to happen will argue against those adjustments. Uncertainty around Bitcoin's regulatory environment already drives many Bitcoin businesses to extreme reputability theater ... things like exchanges in outer Mongolia enforcing a sad parody of mtgox's sad parody of the US AML compliance. This stuff doesn't actually accomplish anything but they hope it will be a totem to ward away disruptive regulators by virtue of it seeming like they were trying really hard. In may ways fear of regulation is much worse than regulation itself. When there is regulation it has boundaries, but fear has no boundaries. These bad ideas don't need government support or authority support, and they reoccur often enough that negotiating with everyone who promotes them will not scale. We don't have all the answers but there are immediate short term measures that can be taken to drastically complicate life for anyone trying something like this.
|
|
|
Even when the inputs can be trivially separated, a party trying to do automated analysis still gets their taint tracking degraded by widespread CJ usage since they won't be able to assume cases where two separable inputs happened was an indication that the two inputs were owned by the same party. Obviously, perfect output indistinguishably is best, but even when the outputs are fully distinguishable (and everywhere in between) there is value too. In other news, there is a Bitcoin-QT issue for this now: https://github.com/bitcoin/bitcoin/issues/3226
|
|
|
Not just the miners direct interest (say, related to 'tainted' fees), but it could even be argued as doing the users a favor: In a world with fungibility destroyed by blacklisting anytime you get paid you have to perform a query of the blacklist before deciding to accept the payment, or risk ending up with more black coins yourself. But if miners enforce the blacklist then some of their burden is outsourced. Bonus for the users but you can't count on it unless its behavior required of all miners, under penalty of orphaning…
|
|
|
can we stop this?
Yes, but not by negotiating with every fool who attempts it, for there are far too many fools in the world. I've personally talked two startups out of similar business models in the past. We can stop this by making sure that its not viable, by tweaking our practices and the ecosystem to be an environment that things like this just can't work in. This means: Anonymous mining, Discouraging address reuse, coinjoin, etc. Importantly, people need to step up and fund the development of privacy tools. Today there is no business model for decenteralized privacy tools that people can use casually and thus pervasively. We must vote with our wallets— not our spending, but how we choose to transact and what developments we fund. As a spending group the people who really realize the importance of privacy and fungiblity will always be a small enough minority that short-sighted business people will find it all too easy to go without their business.
|
|
|
The things I could suggest here have more negative uses than positive ones, I fear. I think its more important that we do all we can to preserve and improve mining privacy and decentralization so that misguided regulatory attempts can be met by miners disappearing into the mists. I've been recently excited by some far out cryptographic techniques which can be used to bind transactions together so that miners can't mine them separately... but I think we're a long way from having anything like that in a Bitcoin like system. ... but we can approximate it somewhat if non-blacklisted people start joining coinjoins with possibly blacklisted people, so miners must choose to take all or none.
|
|
|
We're not going to be able to prevent well funded business people from attempting to promote horrific architectures against the long term interest of Bitcoin and the public... if we could, the same stupidity would have been prevented in the wider world and there would be less need for Bitcoin. It's hard to count the number of times newbies have made proposals which would have centralized Bitcoin completely in the name of some fool result or another. Powerful businesses interests are now reliving the same history of bad ideas, but this time the bad ideas will be funded and they don't care if luminaries tell them that they're horrible ideas, they don't necessarily care about any of the principles that make Bitcoin a worthwhile contribution to the world. It's not, of course, a question or "anonymity": thats silly. If you have "good" and "bad" coins, that destroys fungibility, rapidly everyone must screen coins they accept or risk being left holding the bag. Fungiblity is an essential property of a money like good and without it the money cannot remove transactional friction. Privacy is also essential for fair markets: Without privacy your counter-parties and competition can see into your finances— get a raise and get a rent hike, and as long as there are power imbalances between people privacy is essential for human dignity. To stop this nonsense we have to make it impractical to pull off by changing the default behavior in the Bitcoin ecosystem: We consider the lack of a central authority to be an essential virtue, which means that we can't be protected by one either. We must protect ourselves. This means things like avoiding address reuse, avoiding centralized infrastructure, adopting— and funding!— privacy enhancing technology. Miners can play a role in this as Bitcoin users, but also by supporting mining pools and methods that promote privacy. They want to force people to use identified addresses so they can blacklist? What happens when miners start deprioritizing transactions that use addresses that have been previously seen?
|
|
|
Hm. Is there a way to replace pending work without potentially producing a pipeline stall?
E.g. is a RESET of the pending work followed by new work guaranteed to either successfully replace the work, or provide the next work, without ever halting processing?
For longpolling for transaction updates (or for P2Pool sharechain motion) you want them to happen as fast as possible, but not at the expense of stalling the pipeline (because the work is still useful).
For longpolling for chain motion, you also want to switch as fast as possible, but a stall is irrelevant since the work is actually useful (and stalling can be beneficial if it saves power over just waiting for the stale work to finish).
|
|
|
Colliding with yourself is uninteresting, so you actually don't want the birthday problem formula. There can currently never be more than 21e14 addresses with things assigned to them. Best (for the attacker) case probability of a hit is 2.1e15/2^160 ≈ 1.4e-33 per attempt.
|
|
|
In case you're too lazy to follow Mike's first link: The main theoretical problem with your idea is that SSL/TLS doesn't provide non-repudiation.
The server does not sign the data it's sending to you— it signs a session key, but that means that the party creating the transcript could take the signed session key and attach it to a forged transcript.
|
|
|
Your wallet trusts itself to not double spend itself, so they won't even disappear after you send them.
|
|
|
If I understand the CEX.IO website correctly, it's a place where you can temporarily buy mining power that runs onto your own node? We've seen one of those before, didn't we? I am curious who is stupid enough to rent their hardware out to random strangers over the internet and whether they understand what the point of mining actually is. Someone who no longer has an ownership interest in it. CEX.IO doesn't rent out hashpower. They actually sell hardware "ownership" by the GH/s. You pay them some amount upfront per GH/s, equal to a fairly high price for mining hardware ($36.6/GH/s), and you "forever" own an interest in some hardware. If you own enough to equal at least one board worth, you can pay for shipping and have some gear de-racked and sent to you. They also provide a market where current owners of hardware can sell it to new owners. They charge maintenance fees on the hardware (denominated in USD, currently about 2.78% of your income). All of this hashrate, while in their hands, is currently required to be pointed at their "partner" mining pool, GHash.io which is an invite only pool. Maybe a larger CEX.IO hashrate owner could get them to redirect their hashrate to something else, but thats not advertised anywhere, it's not clear to me that they'd have any obligation to do so... though I was unable to find a lot of detailed T/C for owning the hashrate, their contract mostly seems to focus on their exchange business.
|
|
|
|