Bitcoin Forum
December 14, 2024, 09:28:18 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 [23] 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 »
  Print  
Author Topic: XMR vs DRK  (Read 69791 times)
This is a self-moderated topic. If you do not want to be moderated by the person who started this topic, create a new topic.
smooth
Legendary
*
Offline Offline

Activity: 2968
Merit: 1198



View Profile
March 26, 2015, 10:45:29 AM
 #441

If I wanted to do something safe from the NSA I don't even know where to begin. Wouldn't even want to touch a computer while doing it that's for sure.

Agree on that point. Maybe the DRK advocates who are claiming otherwise can take some good advice from two people on opposite sides of the coin battle and stay safe on this one. If you are trying to hide something from the NSA (or their allies) the answer to the question of "XMR vs DRK" is neither.


quite possibly, which renders obsolete all the argument in here about global TLA/governemnt conspiracies to compromise the MN network.

So, DASH is fit-for-purpose as an enhanced Bitcoin clone with decent privacy features, instant transactions and other cool stuff in the pipleine

Again, if you are talking about today, sure do what you want and for low-resource to medium-adversaries you are fine, probably even with Bitcoin alone.

But,

There is a huge middle ground here. Like for example, your neighbor or business competitor pays a competent private investigator. Currently that means they probably are going to get into a lot of your information that you normally think of as private. Any system like this that becomes popular will spawn a cottage industry of compromising it if there are weak spots.

Even the concept of "private investigator" is quite broad. There is the guy you hire to find out if your wife is cheating and the guy a major multinational corporation hires who is former FBI or NSA (director/AD level even) or whatever, and who has a blackberry full of contacts to show for it, plus everything in between.
majamina
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
March 26, 2015, 10:49:20 AM
 #442

If I wanted to do something safe from the NSA I don't even know where to begin. Wouldn't even want to touch a computer while doing it that's for sure.

Agree on that point. Maybe the DRK advocates who are claiming otherwise can take some good advice from two people on opposite sides of the coin battle and stay safe on this one. If you are trying to hide something from the NSA (or their allies) the answer to the question of "XMR vs DRK" is neither.


quite possibly, which renders obsolete all the argument in here about global TLA/governemnt conspiracies to compromise the MN network.

So, DASH is fit-for-purpose as an enhanced Bitcoin clone with decent privacy features, instant transactions and other cool stuff in the pipleine

Again, if you are talking about today, sure do what you want and for low-resource to medium-adversaries you are fine, probably even with Bitcoin alone.

But,

There is a huge middle ground here. Like for example, your neighbor or business competitor pays a competent private investigator. Currently that means they probably are going to get into a lot of your information that you normally think of as private. Any system like this that becomes popular will spawn a cottage industry of compromising it if there are weak spots.

Even the concept of "private investigator" is quite broad. There is the guy you hire to find out if your wife is cheating and the guy a major multinational corporation hires who is former FBI or NSA (director/AD level even) or whatever, and who has a blackberry full of contacts to show for it, plus everything in between.


OK so we've moved down a few rungs from a global Government / TLA conspiracy.

Now the argument is that a sophisticated 'private investigator' or 'multinational corporation' or some facet of a 'cottage industry' is going to compromise the MN network....how are they going to do that exactly?

smooth
Legendary
*
Offline Offline

Activity: 2968
Merit: 1198



View Profile
March 26, 2015, 10:56:50 AM
Last edit: March 27, 2015, 04:00:22 AM by smooth
 #443

If I wanted to do something safe from the NSA I don't even know where to begin. Wouldn't even want to touch a computer while doing it that's for sure.

Agree on that point. Maybe the DRK advocates who are claiming otherwise can take some good advice from two people on opposite sides of the coin battle and stay safe on this one. If you are trying to hide something from the NSA (or their allies) the answer to the question of "XMR vs DRK" is neither.


quite possibly, which renders obsolete all the argument in here about global TLA/governemnt conspiracies to compromise the MN network.

So, DASH is fit-for-purpose as an enhanced Bitcoin clone with decent privacy features, instant transactions and other cool stuff in the pipleine

Again, if you are talking about today, sure do what you want and for low-resource to medium-adversaries you are fine, probably even with Bitcoin alone.

But,

There is a huge middle ground here. Like for example, your neighbor or business competitor pays a competent private investigator. Currently that means they probably are going to get into a lot of your information that you normally think of as private. Any system like this that becomes popular will spawn a cottage industry of compromising it if there are weak spots.

Even the concept of "private investigator" is quite broad. There is the guy you hire to find out if your wife is cheating and the guy a major multinational corporation hires who is former FBI or NSA (director/AD level even) or whatever, and who has a blackberry full of contacts to show for it, plus everything in between.


OK so we've moved down a few rungs from a global Government / TLA conspiracy.

Now the argument is that a sophisticated 'private investigator' or 'multinational corporation' or some facet of a 'cottage industry' is going to compromise the MN network....how are they going to do that exactly?

Among other methods that are unknown and unknowable, an industry will develop to own the masternodes or pay masternode owners for their data and sell it or use, just as an industry has developed to collect, sell, trade, and use web tracking data

It's all nice and cute how people run their own masternodes on raspberry pi's today, but over time, assuming a relevant level of success, that will certainly all shift to a commercial model, and those commercial operators will maximize profit by collecting and selling data, the same way the web industry does.

We don't know in advance what that industry will look like just like no one in 1995 no one could have created this graphic showing (part of) the structure of the web tracking industry:

majamina
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
March 26, 2015, 11:03:12 AM
 #444

If I wanted to do something safe from the NSA I don't even know where to begin. Wouldn't even want to touch a computer while doing it that's for sure.

Agree on that point. Maybe the DRK advocates who are claiming otherwise can take some good advice from two people on opposite sides of the coin battle and stay safe on this one. If you are trying to hide something from the NSA (or their allies) the answer to the question of "XMR vs DRK" is neither.


quite possibly, which renders obsolete all the argument in here about global TLA/governemnt conspiracies to compromise the MN network.

So, DASH is fit-for-purpose as an enhanced Bitcoin clone with decent privacy features, instant transactions and other cool stuff in the pipleine

Again, if you are talking about today, sure do what you want and for low-resource to medium-adversaries you are fine, probably even with Bitcoin alone.

But,

There is a huge middle ground here. Like for example, your neighbor or business competitor pays a competent private investigator. Currently that means they probably are going to get into a lot of your information that you normally think of as private. Any system like this that becomes popular will spawn a cottage industry of compromising it if there are weak spots.

Even the concept of "private investigator" is quite broad. There is the guy you hire to find out if your wife is cheating and the guy a major multinational corporation hires who is former FBI or NSA (director/AD level even) or whatever, and who has a blackberry full of contacts to show for it, plus everything in between.


OK so we've moved down a few rungs from a global Government / TLA conspiracy.

Now the argument is that a sophisticated 'private investigator' or 'multinational corporation' or some facet of a 'cottage industry' is going to compromise the MN network....how are they going to do that exactly?

Among other methods that are unknown and unknowable, an industry will develop to own the masternodes or pay masternode owners for their data and sell it or use, just as an industry has developed to collect, sell, trade, and use web tracking data

It's all nice and cute how people run their own masternodes on raspberry pi's today, but over time, assuming a relevant level of success,  that will certainly all shift to a commercial model.

We don't know in advance what that industry will look like just like no one in 1995 no one could have drawn this graphic to describe the (part of) the web tracking industry:




so you are suggesting that an industry akin to the web tracking industry will pop up to gather Masternode transactions from Masternodes, which don't know themselves what the transactions are doing (due to Masternode blinding)?

If so, instead of a global government / TLA conspiracy we now have a commercial initiative to control a decentralized global network which spans 30+ countries, all to spy on people's private financial transactions. I'm not sure how you think these companies will compromise the MN network, as if that even matters - this kind of commercial activity would be highly illegal in most countries.

Is it just me or is this getting silly now?
smooth
Legendary
*
Offline Offline

Activity: 2968
Merit: 1198



View Profile
March 26, 2015, 11:06:31 AM
 #445

If I wanted to do something safe from the NSA I don't even know where to begin. Wouldn't even want to touch a computer while doing it that's for sure.

Agree on that point. Maybe the DRK advocates who are claiming otherwise can take some good advice from two people on opposite sides of the coin battle and stay safe on this one. If you are trying to hide something from the NSA (or their allies) the answer to the question of "XMR vs DRK" is neither.


quite possibly, which renders obsolete all the argument in here about global TLA/governemnt conspiracies to compromise the MN network.

So, DASH is fit-for-purpose as an enhanced Bitcoin clone with decent privacy features, instant transactions and other cool stuff in the pipleine

Again, if you are talking about today, sure do what you want and for low-resource to medium-adversaries you are fine, probably even with Bitcoin alone.

But,

There is a huge middle ground here. Like for example, your neighbor or business competitor pays a competent private investigator. Currently that means they probably are going to get into a lot of your information that you normally think of as private. Any system like this that becomes popular will spawn a cottage industry of compromising it if there are weak spots.

Even the concept of "private investigator" is quite broad. There is the guy you hire to find out if your wife is cheating and the guy a major multinational corporation hires who is former FBI or NSA (director/AD level even) or whatever, and who has a blackberry full of contacts to show for it, plus everything in between.


OK so we've moved down a few rungs from a global Government / TLA conspiracy.

Now the argument is that a sophisticated 'private investigator' or 'multinational corporation' or some facet of a 'cottage industry' is going to compromise the MN network....how are they going to do that exactly?

Among other methods that are unknown and unknowable, an industry will develop to own the masternodes or pay masternode owners for their data and sell it or use, just as an industry has developed to collect, sell, trade, and use web tracking data

It's all nice and cute how people run their own masternodes on raspberry pi's today, but over time, assuming a relevant level of success,  that will certainly all shift to a commercial model.

We don't know in advance what that industry will look like just like no one in 1995 no one could have drawn this graphic to describe the (part of) the web tracking industry:




so you are suggesting that an industry akin to the web tracking industry will pop up to gather Masternode transactions from Masternodes, which don't know themselves what the transactions are doing (due to Masternode blinding)?

If so, instead of a global government / TLA conspiracy we now have a commercial initiative to control a decentralized global network which spans 30+ countries, all to spy on people's private financial transactions. I'm not sure how you think these companies will compromise the MN network, as if that even matters - this kind of commercial activity would be highly illegal in most countries.

Is it just me or is this getting silly now?

You are overstating the effect of masternode blinding. It just requires data from more masternodes to correlate transactions. There is not one masternode that knows everything but getting data from enough masternodes will still allow you to piece it together. Sort of like multiple rounds happening at once (which is one of the stated goals, since people waiting hours for their coins to be ready to spend is pretty bad).

As for the argument about it being illegal, I highly doubt it is illegal to use data sent to you over the internet for tracking purposes and I also highly doubt that governments are going to pass laws to mandate that masternodes behave themselves. It's like a million times more likely that governments actively work against such a system than try to protect it.

majamina
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
March 26, 2015, 11:11:18 AM
 #446


Quote

You are overstating the effect of masternode blinding. It just requires data from more masternodes to correlate transactions. There is not one masternode that knows everything but getting data from enough masternodes will still allow you to piece it together. Sort of like multiple rounds happening at once (which is one of the stated goals, since people waiting hours for their coins to be ready to spend is pretty bad).



Quantify 'more masternodes'?

How many nodes must be compromised to track Darksend transactions?
smooth
Legendary
*
Offline Offline

Activity: 2968
Merit: 1198



View Profile
March 26, 2015, 11:12:49 AM
 #447


Quote

You are overstating the effect of masternode blinding. It just requires data from more masternodes to correlate transactions. There is not one masternode that knows everything but getting data from enough masternodes will still allow you to piece it together. Sort of like multiple rounds happening at once (which is one of the stated goals, since people waiting hours for their coins to be ready to spend is pretty bad).



Quantify 'more masternodes'?

How many nodes must be compromised to track Darksend transactions?

Get back to me when there is a white paper, but as I said, I expect all or nearly all masternodes to be commercial operations that are more interested in maximizing profit than supporting your particular idealistic view of how it is supposed to work.


majamina
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
March 26, 2015, 11:18:08 AM
 #448


Quote

You are overstating the effect of masternode blinding. It just requires data from more masternodes to correlate transactions. There is not one masternode that knows everything but getting data from enough masternodes will still allow you to piece it together. Sort of like multiple rounds happening at once (which is one of the stated goals, since people waiting hours for their coins to be ready to spend is pretty bad).



Quantify 'more masternodes'?

How many nodes must be compromised to track Darksend transactions?

Get back to me when there is a white paper, but as I said, I expect all or nearly all masternodes to be commercial operations that are more interested in maximizing profit than supporting your particular idealistic view of how it is supposed to work.




OK fair enough, we'll wait for a full description of MN blinding. In the meantime your argument is pure conjecture.

Commercial operations are interested in profit for sure, I'm just not sure many boardrooms will be voting through the 'lets spy on private financial transactions' project...

smooth
Legendary
*
Offline Offline

Activity: 2968
Merit: 1198



View Profile
March 26, 2015, 11:23:16 AM
 #449


Quote

You are overstating the effect of masternode blinding. It just requires data from more masternodes to correlate transactions. There is not one masternode that knows everything but getting data from enough masternodes will still allow you to piece it together. Sort of like multiple rounds happening at once (which is one of the stated goals, since people waiting hours for their coins to be ready to spend is pretty bad).



Quantify 'more masternodes'?

How many nodes must be compromised to track Darksend transactions?

Get back to me when there is a white paper, but as I said, I expect all or nearly all masternodes to be commercial operations that are more interested in maximizing profit than supporting your particular idealistic view of how it is supposed to work.




OK fair enough, we'll wait for a full description of MN blinding. In the meantime your argument is pure conjecture.

I would call it a conclusion based on an analysis of the incentives.

Quote
Commercial operations are interested in profit for sure, I'm just not sure many boardrooms will be voting through the 'lets spy on private financial transactions' project...

I'm still trying to figure out how you think this is going to be illegal. If you are relying governments to pass laws regulating masternodes, they will certainly also require that the data be available for what amounts to "lawful intercept" and probably a whole bunch of other things that seem like completely defeating the purpose. Which means you are basically at the same level of privacy as a bank (i.e. safe from neighbors), with a system that is enormously less efficient.

majamina
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
March 26, 2015, 11:31:15 AM
 #450

Quote

I would call it a conclusion based on an analysis of the incentives.


I would call it a conclusion based on incomplete information, which is fair enough.


Quote

I'm still trying to figure out how you think this is going to be illegal. If you are relying governments to pass laws regulating masternodes, they will certainly also require that the data be available for what amounts to "lawful intercept" and probably a whole bunch of other things that seem like completely defeating the purpose. Which means you are basically at the same level of privacy as a bank (i.e. safe from neighbors), with a system that is enormously less efficient.


Yes this is a fair point, I was thinking along the lines of hacking, which is generally illegal....but you are saying that companies will run self-compromised Masternodes and gather data to sell for profit. So assuming that spying on private financial transactions is OK in a particular territory (I'm thinking blanket regulations around data protection etc) then we are back to how meaningful this data is and how many nodes you need to compromise....guess we'll wait for the MN blinding white paper.

smooth
Legendary
*
Offline Offline

Activity: 2968
Merit: 1198



View Profile
March 26, 2015, 11:43:28 AM
 #451

Yes this is a fair point, I was thinking along the lines of hacking, which is generally illegal....but you are saying that companies will run self-compromised Masternodes and gather data to sell for profit. So assuming that spying on private financial transactions is OK in a particular territory (I'm thinking blanket regulations around data protection etc) then we are back to how meaningful this data is and how many nodes you need to compromise....guess we'll wait for the MN blinding white paper.

Let me give you thought exercise on the self-compromised nodes.

Let's say I ran a masternode right now and posted real time transaction data on a web site. I could put ads or trackers on the web page and generate revenue, like a chain explorer. Even if the data by itself wasn't that useful, people might still be curious about it, so I'd get traffic. (Of course I could promote on twitter, post links to interesting transactions, etc.)

In fact, given that this data doesn't even really expose anyone (after all its just one masternode, right?), it wouldn't hurt the price of DASH, so my collateral isn't impaired. Nothing has been really compromised.

What would happen?

As far as I can tell, I'd continue to get my masternode payments, people would still use my node, and I would get extra revenue from traffic on my masternode explorer.

I guess Evan could do something to ban my node from the list or something. Maybe miners could do that if they even cared, but its not clear they would. Then I could just create a new one I think.


xxxgoodgirls
Legendary
*
Offline Offline

Activity: 1092
Merit: 1001


View Profile
March 26, 2015, 11:51:20 AM
 #452

Yes this is a fair point, I was thinking along the lines of hacking, which is generally illegal....but you are saying that companies will run self-compromised Masternodes and gather data to sell for profit. So assuming that spying on private financial transactions is OK in a particular territory (I'm thinking blanket regulations around data protection etc) then we are back to how meaningful this data is and how many nodes you need to compromise....guess we'll wait for the MN blinding white paper.

Let me give you thought exercise on the self-compromised nodes.

Let's say I ran a masternode right now and posted real time transaction data on a web site. I could put ads or trackers on the web page and generate revenue, like a chain explorer. Even if the data by itself wasn't that useful, people might still be curious about it, so I'd get traffic. (Of course I could promote on twitter, post links to interesting transactions, etc.)

In fact, given that this data doesn't even really expose anyone (after all its just one masternode, right?), it wouldn't hurt the price of DASH, so my collateral isn't impaired. Nothing has been really compromised.

What would happen?

As far as I can tell, I'd continue to get my masternode payments, people would still use my node, and I would get extra revenue from traffic on my masternode explorer.

I guess Evan could do something to ban my node from the list or something. Maybe miners could do that if they even cared, but its not clear they would. Then I could just create a new one I think.


Why would someone pay you for useless data?

In summary, the Intel Management Engine and its applications are a backdoor with total access to and control over the rest of the PC. The ME is a threat to freedom, security, and privacy, and the libreboot project strongly recommends avoiding it entirely. Since recent versions of it can’t be removed, this means avoiding all recent generations of Intel hardware. details https://libreboot.org/faq.html#intelme --- https://tehnoetic.com/laptops --- https://store.vikings.net/x200-ryf-certfied
BlockaFett
Sr. Member
****
Offline Offline

Activity: 392
Merit: 255


View Profile
March 26, 2015, 11:51:47 AM
 #453

I would urge DRK people not to get involved in the debate here.  The idea is to try to legitamise XMR as a contender to DRK by giving the pumpers on Poloniex text they can link to to show how 'xmr is the next dash!!! when XMR takes over LTC...!'.  Any argument you make will just get drowned out by one of the 5 Monero devs trolling here and you will never get a straight answer as they just repeat the same accusations whatever you say and avoid backing anything up.

check the market situation and how no one on big exchange like Bittrex or BTER will touch XMR and hence why the big exchanges never added it even after 1 year...no Poloniex pumping and XMR market cap will go < $100k like all the other cryptonote hack jobs...



bump
smooth
Legendary
*
Offline Offline

Activity: 2968
Merit: 1198



View Profile
March 26, 2015, 11:55:49 AM
 #454

Yes this is a fair point, I was thinking along the lines of hacking, which is generally illegal....but you are saying that companies will run self-compromised Masternodes and gather data to sell for profit. So assuming that spying on private financial transactions is OK in a particular territory (I'm thinking blanket regulations around data protection etc) then we are back to how meaningful this data is and how many nodes you need to compromise....guess we'll wait for the MN blinding white paper.

Let me give you thought exercise on the self-compromised nodes.

Let's say I ran a masternode right now and posted real time transaction data on a web site. I could put ads or trackers on the web page and generate revenue, like a chain explorer. Even if the data by itself wasn't that useful, people might still be curious about it, so I'd get traffic. (Of course I could promote on twitter, post links to interesting transactions, etc.)

In fact, given that this data doesn't even really expose anyone (after all its just one masternode, right?), it wouldn't hurt the price of DASH, so my collateral isn't impaired. Nothing has been really compromised.

What would happen?

As far as I can tell, I'd continue to get my masternode payments, people would still use my node, and I would get extra revenue from traffic on my masternode explorer.

I guess Evan could do something to ban my node from the list or something. Maybe miners could do that if they even cared, but its not clear they would. Then I could just create a new one I think.


Why would someone pay you for useless data?

It's a web site. People curious about how masternodes work will visit it. I imagine it gets mentions in press coverage about DASH (watch a masternode in operation here), leading to more traffic. Plus probably some people trying to deanonymize transactions, whether or not that is futile. Either way, I get paid by ad/traffic revenue.
xxxgoodgirls
Legendary
*
Offline Offline

Activity: 1092
Merit: 1001


View Profile
March 26, 2015, 12:09:01 PM
 #455

Yes this is a fair point, I was thinking along the lines of hacking, which is generally illegal....but you are saying that companies will run self-compromised Masternodes and gather data to sell for profit. So assuming that spying on private financial transactions is OK in a particular territory (I'm thinking blanket regulations around data protection etc) then we are back to how meaningful this data is and how many nodes you need to compromise....guess we'll wait for the MN blinding white paper.

Let me give you thought exercise on the self-compromised nodes.

Let's say I ran a masternode right now and posted real time transaction data on a web site. I could put ads or trackers on the web page and generate revenue, like a chain explorer. Even if the data by itself wasn't that useful, people might still be curious about it, so I'd get traffic. (Of course I could promote on twitter, post links to interesting transactions, etc.)

In fact, given that this data doesn't even really expose anyone (after all its just one masternode, right?), it wouldn't hurt the price of DASH, so my collateral isn't impaired. Nothing has been really compromised.

What would happen?

As far as I can tell, I'd continue to get my masternode payments, people would still use my node, and I would get extra revenue from traffic on my masternode explorer.

I guess Evan could do something to ban my node from the list or something. Maybe miners could do that if they even cared, but its not clear they would. Then I could just create a new one I think.


Why would someone pay you for useless data?

It's a web site. People curious about how masternodes work will visit it. I imagine it gets mentions in press coverage about DASH (watch a masternode in operation here), leading to more traffic. Plus probably some people trying to deanonymize transactions, whether or not that is futile. Either way, I get paid by ad/traffic revenue.


The incentive for MN operators is to cooperate on this.
Anyway MN binding will make no single masternode will have knowledge of all the inputs and outputs on a round of Darksend. So what is bad in a scenario like the one you just drew where MN operators sell their data (assuming someone is willing to pay/visit your website)?

In summary, the Intel Management Engine and its applications are a backdoor with total access to and control over the rest of the PC. The ME is a threat to freedom, security, and privacy, and the libreboot project strongly recommends avoiding it entirely. Since recent versions of it can’t be removed, this means avoiding all recent generations of Intel hardware. details https://libreboot.org/faq.html#intelme --- https://tehnoetic.com/laptops --- https://store.vikings.net/x200-ryf-certfied
majamina
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
March 26, 2015, 12:11:14 PM
 #456

Yes this is a fair point, I was thinking along the lines of hacking, which is generally illegal....but you are saying that companies will run self-compromised Masternodes and gather data to sell for profit. So assuming that spying on private financial transactions is OK in a particular territory (I'm thinking blanket regulations around data protection etc) then we are back to how meaningful this data is and how many nodes you need to compromise....guess we'll wait for the MN blinding white paper.

Let me give you thought exercise on the self-compromised nodes.

Let's say I ran a masternode right now and posted real time transaction data on a web site. I could put ads or trackers on the web page and generate revenue, like a chain explorer. Even if the data by itself wasn't that useful, people might still be curious about it, so I'd get traffic. (Of course I could promote on twitter, post links to interesting transactions, etc.)

In fact, given that this data doesn't even really expose anyone (after all its just one masternode, right?), it wouldn't hurt the price of DASH, so my collateral isn't impaired. Nothing has been really compromised.

What would happen?

As far as I can tell, I'd continue to get my masternode payments, people would still use my node, and I would get extra revenue from traffic on my masternode explorer.

I guess Evan could do something to ban my node from the list or something. Maybe miners could do that if they even cared, but its not clear they would. Then I could just create a new one I think.


OK so 'nothing has been compromised' and you have a bunch of completely random MN data. What's the point? You earn a bit of ad revenue? So what? The only way this poses a threat to the network is if enough MN owners collude and do the same, which makes a number assumptions:

- that enough people are willing to invest 1000 DASH in masternodes to take part in an excercise that compromises the security of the coin they're invested in

- that all these people are savvy enough to set their nodes up to gather data in a common format and share this with their counterparts

- that this data, when re-assembled, provides any meaningful information (back to MN blinding)

- that the community or devs do nothing to counter this kind of behaviour


I think what you have described poses no threat to the network whatsoever.

edit: that's a bit absolute, I would revise to 'what you've described poses a negligible threat to the network'
smooth
Legendary
*
Offline Offline

Activity: 2968
Merit: 1198



View Profile
March 26, 2015, 12:15:32 PM
 #457

Yes this is a fair point, I was thinking along the lines of hacking, which is generally illegal....but you are saying that companies will run self-compromised Masternodes and gather data to sell for profit. So assuming that spying on private financial transactions is OK in a particular territory (I'm thinking blanket regulations around data protection etc) then we are back to how meaningful this data is and how many nodes you need to compromise....guess we'll wait for the MN blinding white paper.

Let me give you thought exercise on the self-compromised nodes.

Let's say I ran a masternode right now and posted real time transaction data on a web site. I could put ads or trackers on the web page and generate revenue, like a chain explorer. Even if the data by itself wasn't that useful, people might still be curious about it, so I'd get traffic. (Of course I could promote on twitter, post links to interesting transactions, etc.)

In fact, given that this data doesn't even really expose anyone (after all its just one masternode, right?), it wouldn't hurt the price of DASH, so my collateral isn't impaired. Nothing has been really compromised.

What would happen?

As far as I can tell, I'd continue to get my masternode payments, people would still use my node, and I would get extra revenue from traffic on my masternode explorer.

I guess Evan could do something to ban my node from the list or something. Maybe miners could do that if they even cared, but its not clear they would. Then I could just create a new one I think.


OK so 'nothing has been compromised' and you have a bunch of completely random MN data. What's the point? You earn a bit of ad revenue? So what? The only way this poses a threat to the network is if enough MN owners collude and do the same, which makes a number assumptions:

No collusion is necessary. Each individual masternode owner has the same incentive on his own to get some extra revenue.

Quote
- that enough people are willing to invest 1000 DASH in masternodes to take part in an excercise that compromises the security of the coin they're invested in

It doesn't compromise anything if I do it, so why shouldn't I?

Quote
- that all these people are savvy enough to set their nodes up to gather data in a common format and share this with their counterparts

No sharing is required in this thought experiment. Just a web site. In fact maybe I put my web code on github as open source.

Quote
- that this data, when re-assembled, provides any meaningful information (back to MN blinding)

Already discussed.

Quote
- that the community or devs do nothing to counter this kind of behaviour

Sounds like whack-a-mole to me. This sort of incentive failure is inherent in the design.

Quote
I think what you have described poses no threat to the network whatsoever.

I disagree.
majamina
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
March 26, 2015, 12:28:18 PM
 #458

Quote

It doesn't compromise anything if I do it, so why shouldn't I?

-

because you're contributing to a potential security issue that could devalue your 1000 DASH investment

Quote

No sharing is required in this thought experiment. Just a web site. In fact maybe I put my web code on github as open source.


fair enough

Quote
that this data, when re-assembled, provides any meaningful information (back to MN blinding)

Already discussed.


yep, will be interesting to see how far this thought experiment needs to spill from our minds to present any meaningful threat

Quote

Sounds like whack-a-mole to me. This sort of incentive failure is inherent in the design.


MN hardening appears to be a dev priority...I expect your theoretical threat is mitigated, if not in the present code but in coming releases. Concreting over the garden, rather than whacking the moles.

Quote

I disagree.


i did revise that statement before you posted back...
smooth
Legendary
*
Offline Offline

Activity: 2968
Merit: 1198



View Profile
March 26, 2015, 12:45:17 PM
 #459


Interesting discussion. Thanks for the responses.

illodin
Hero Member
*****
Offline Offline

Activity: 966
Merit: 1003


View Profile
March 26, 2015, 01:11:46 PM
 #460

They can snoop on your data all day long and you will never know about it... the downside of virtualisation!

Can you explain what is the data that they would snoop after hacking into a masternode?

Pretty much anything in/out of that VPS ...

so IPs connecting on the drkcoin p2p network

Like typing "getpeerinfo" in Bitcoin wallet?


DS transactions

These are already in the blockchain.


ssh logins

If the attacker is already in the system, this helps to snoop the data further how?


grab the wallet.dat file and pull all the address this MN has used for DS transactions

The masternode wallet is empty, and doesn't participate in any transactions. There's zero information in the wallet.dat.


now if you have access to lots of MN with this data you could start to slowly piece things together.

The data you listed doesn't help anyone to put anything together.
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 [23] 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!