Proposal to help stop thieves

[markm]

TL;DR: usually we only know someone stole some value; claims that some coins on the blockchain were stolen are usually being made by the primary suspect, that is, the person who is refusing to pay people owed money and claiming coins on the chain are somehow an excuse for not paying people what he owes them. ("Someone stole from me so I am now going to steal from you (with no proof anyone stole anything from me)...")

For example we have no way of proving any coins were stolen from bitfloor at all.

They could have been stolen by bitfloor.

I suppose in both cases they are stolen though so watching them to see if they ever fall into the hands of any friend or relative or business associate of bitfloor could have merit... until a thief figures that out and makes sure to use them to implicate a victim.

About the only cases in which you actually know coins are stolen is cases like this, where you do not know whether the person claiming they have been stolen is lying or not, all you really know is that person owed money to people. Given fungability, it is not really any particular coins that have been stolen, all that has been stolen is value, and the person who stole that value is claiming some coins on the blockchain represent that value.

It seems wrong to screw around with those coins, we have only a suspect's word for it that he is not the current owner of those coins.

Better would be to consider who owns which coins currently irrelevant to the fact that he owed people a certain amount of value.

-MarkM-

[01BTC10]

Stolen coins should still be spendable as stolen paper money. I don't care about tracking stolen coin to catch the thieve but blocking transaction is bad for Bitcoin. Adding an additional layer of complexity to an already hard to grasp protocol will confuse and turn off the average user.

[Joe200]

Stolen coins should still be spendable as stolen paper money. I don't care about tracking stolen coin to catch the thieve but blocking transaction is bad for Bitcoin. Adding an additional layer of complexity to an already hard to grasp protocol will confuse and turn off the average user.

Stolen coins should still be spendable as stolen paper money. - Yes and no. Paper money that you got from a thief is spendable. If it was a big theft, wait until the cops trace the money back to you...

I don't care about tracking stolen coin- That's fine. You don't have to use a blacklist. I will. It's all voluntary.

Adding an additional layer of complexity to an already hard to grasp protocol will confuse and turn off the average user.- Maybe. Or maybe what's turning off the average user is the fear and uncertainty from hacks and thefts. And we should have several methods in place that are very easy to use to both prevent thefts and make unloading stolen coins difficult. More methods = more security = more better.

[Joe200]

For example we have no way of proving any coins were stolen from bitfloor at all.

They could have been stolen by bitfloor.

You are right. In this context, it does not matter who stole the coins: bitfloor or someone else. They were stolen. I don't want to take them. I can refuse to take them right now, but it's difficult. All I'm asking for is an easy way to do what I can already do anyway.

[DigitalHermit]

This is a proposal to help stop bitcoin thieves. Especially pertinent in light of recent thefts. The coins stolen from bitfloor have not been spent yet! We still have a chance to make this thief's life more difficult. Please discuss.

Your proposal is hardly new or novel. It's just another variant on tainted coins and I will resist any such proposals by personally rejecting and opposing use of any such clients.

https://bitcointalk.org/index.php?topic=85433.0

What you are discussing is deliberately destroying one of the most important characteristics a currency can have, namely Fungibility:

http://en.wikipedia.org/wiki/Fungibility

[01BTC10]

What stop someone to attack someone else wallet saying the coins was stolen?

[Joe200]

What stop someone to attack someone else wallet saying the coins was stolen?

You send me coins. Then you claim that I stole those coins from you. If everyone believes you, and if everyone puts those coins on their blacklist, then I am screwed.

In reality, if you don't have ironclad proof that I stole the coins, no one is going to put them on their blacklist.

This is the key difference between people optionally using their own blacklist and a centralized blacklist that is forced on everyone. With a centralized blacklist, you have to ask, who makes the decisions, how, etc. Here, you are just giving people a choice to easily do what they, in theory, can already do.

[Joe200]

What you are discussing is deliberately destroying one of the most important characteristics a currency can have, namely Fungibility:

http://en.wikipedia.org/wiki/Fungibility

Cash is one of the most fungible things there is. Yet, it's not 100% fungible. In cases of major bank robberies, stolen cash is traced back from the people using it to the thieves.

I am all for bitcoins to be as fungible as cash.

[markm]

Maybe you should not be alerting the sender that you realise the coins are stolen, instead you should quietly call the cops. Rejecting the coins could tip them off that the jig is up so they run away before the cops get there...

-MarkM-

[OneEyed]

Blocking the coins makes no sense in many scenarios:

• If the coins are reused before being signaled as stolen, an innocent person will suffer from having received worthless coins before it was known that they were worthless. And you cannot distinguish between coins having been moved by the thief in his own wallet from coins having been used to pay a service or a good, so as soon as the coins have been moved, you can no longer blacklist them.
• If the coins have been sent through a mixer, then you will now blacklist any output which contains even one satoshi from the stolen coins.
• You can attack someone by convincing people that 1 BTC mixed with their 10,000 BTC has been stolen, thus rendering the whole 10,000 BTC worthless.

Can't you see the dozens of way your proposal could go wrong?

[Joe200]

Maybe you should not be alerting the sender that you realise the coins are stolen, instead you should quietly call the cops. Rejecting the coins could tip them off that the jig is up so they run away before the cops get there...

Maybe. But even to alert the cops, you still need to know that the coins are blacklisted. So your client needs to be able to use a blacklist.

This is great. It's exactly this type of discussion that we need to have to come up with a good idea that people like.

[Joe200]

Blocking the coins makes no sense in many scenarios:

• If the coins are reused before being signaled as stolen, an innocent person will suffer from having received worthless coins before it was known that they were worthless. And you cannot distinguish between coins having been moved by the thief in his own wallet from coins having been used to pay a service or a good, so as soon as the coins have been moved, you can no longer blacklist them.
• If the coins have been sent through a mixer, then you will now blacklist any output which contains even one satoshi from the stolen coins.
• You can attack someone by convincing people that 1 BTC mixed with their 10,000 BTC has been stolen, thus rendering the whole 10,000 BTC worthless.

Can't you see the dozens of way your proposal could go wrong?

All good points. But here, I think you are discussing how to construct the blacklist / which addresses should go on the blacklist.

Before we get there, we need to have the ability for the client to easily flag blacklisted coins. I think after that, different people will have different ideas about how to construct a blacklist. They will try different lists, some will become popular, others won't.

To address your specific points:
- Yes, when you accept coins, there is the risk that they are stolen. If you are OK with accepting stolen coins, that's up to you. If you are not, then you would want to at least know that the coins you just received are stolen.
- If you care about avoiding using stolen coins, use mixers at your own risk. That is true even now. Right now, you know that if you use a mixer you might get stolen coins. If you don't want to deal in stolen coins, perhaps you should avoid using a mixer. Or, if people start using blacklists, maybe someone will create a mixer that is careful about which coins it accepts.
- As I said before, unless the proof that coins were stolen is ironclad, most blacklist users will not add them to their list.

[DigitalHermit]

What you are discussing is deliberately destroying one of the most important characteristics a currency can have, namely Fungibility:

http://en.wikipedia.org/wiki/Fungibility

Cash is one of the most fungible things there is. Yet, it's not 100% fungible. In cases of major bank robberies, stolen cash is traced back from the people using it to the thieves.

I am all for bitcoins to be as fungible as cash.

Cash does not have a complete public audit history of all transactions going back to its creation. Bitcoin does. Your proposal tries to leverage this fact to make Bitcoin distinctly less fungible than cash.

While it's true that in major bank robberies bills can be marked with exploding ink bags or traced to a set of serial numbers, in those instances there is major corroborating evidence that a robbery actually occurred (police reports, camera evidence etc...). There is no similar reliable way to mark Bitcoin transactions as a robbery.

The situation grows even more fragmented over time as each Bitcoin balance has the potential to be stolen or claimed stolen multiple times over:

https://bitcointalk.org/index.php?topic=83794.0

Sorry, but this proposal is DOA.

[markm]

Maybe a better way than a blacklist would be to allow people who want this to simply publish their addresses along with their contact information, so that if any of their addresses do ever turn up in the course of tracing coins they can be contacted to ask them who exactly they got those coins from.

It would also help for givernments to issue signed PGP identities people can use to sign things in a way that proves it was them that signed it, so anyone concerned about this can simply insist on a signed transaction record as a condition of accepting any coins, so that when the tracers of stolen coin do come knocking on their door they will have good proof that the person they received the coins from really was who they claimed to be thus that they accepted the coins in good faith...

</tinfoil>

-MarkM-

[jancsika]

Before we get there, we need to have the ability for the client to easily flag blacklisted coins.

Letting the client flag blacklisted coins is easy.  Using those blacklists to create a meaningful/workable system that deters theft is hard.

Anyway, there's an easy way to measure the effectiveness of any proposed blacklisting system-- just implement the same system as a way to prevent double spends.  If you're really proposing that a blacklisting system can effectively prevent stolen coins from being spent a second time, then it follows that the same system should be as effective in solving the double spend problem.  If preventing double spends doesn't seem feasible without the proof-of-work blockchain, then what makes you think the flagging system is feasible?  Or if it does seem feasible, then why not release it as a blacklist-based altcoin that uses orders of magnitude less resources and blow Bitcoin out of the water?

[Joe200]

Anyway, there's an easy way to measure the effectiveness of any proposed blacklisting system-- just implement the same system as a way to prevent double spends.  If you're really proposing that a blacklisting system can effectively prevent stolen coins from being spent a second time, then it follows that the same system should be as effective in solving the double spend problem.  If preventing double spends doesn't seem feasible without the proof-of-work blockchain, then what makes you think the flagging system is feasible?  Or if it does seem feasible, then why not release it as a blacklist-based altcoin that uses orders of magnitude less resources and blow Bitcoin out of the water?

There are problems without clean, elegant solutions. For these problems, you use several solution which don't eliminate the problem but hopefully lessen it. That's all I am talking about. Optional blacklisting will not stop thefts. Together with other measures, it will make thefts more difficult. Why not try it? It should be easy to implement. Instead of arguing, let's just try it. You think it won't work, great. Let's try it.

[OneEyed]

There are problems without clean, elegant solutions. For these problems, you use several solution which don't eliminate the problem but hopefully lessen it. That's all I am talking about. Optional blacklisting will not stop thefts. Together with other measures, it will make thefts more difficult. Why not try it? It should be easy to implement. Instead of arguing, let's just try it. You think it won't work, great. Let's try it.

Please go ahead. Go through the bitcoins in your own wallet, and check to see if any bit of them relates to the various thefts related on the forum (you can find the transaction id in many cases). Note it can take a long time doing so, as it will require that you go up the transaction chain (each transaction having one or more inputs) until you hit either the coinbase (zero input) or a transaction that uses stolen funds.

By doing so, you should get an idea of the work it represents to do that for every transaction. And maybe you will identify some stolen satoshis (if that ever makes sense in a fungible currency) in some of your wallet inputs, and you will throw those transactions away to avoid using stolen funds.

Oh, and you haven't considered this case: S come from stolen funds, C are clean funds, S+C are sent in one transaction as T (the sender does not have the same blacklist as you do) and thus tainted flagged by your client, so T is sent back (because you can no longer distinguish S from C since those outputs are now spent) as U, and now U is unusable as well because it got tainted by S. As a result, now more funds are marked as unusable by you and those using the same blacklist.

Chances are that f you do the test with your wallet and all the known stolen funds, you will throw away (or at least refuse to use)) your whole wallet.

[Gavin Andresen]

Why not try it? It should be easy to implement. Instead of arguing, let's just try it. You think it won't work, great. Let's try it.

Yes, go ahead and implement it.  Here's a thumbnail sketch of one way to start:

+ Create a web service that lets anybody upload their email address and a list of public keys.

+ Send the user an email whenever 'tainted' coins are sent to any of those public keys, telling them how tainted they are and where they came from.

That's it.

For extra credit, you could let users upload their wallet.dat files (private keys encrypted, I would hope) and auto-extract all the public keys in the wallet.  Heck, if you stored the private-key-encrypted wallet.dats you might be able to charge a little for both blacklist detection and wallet backup.

[Gabi]

Blocking the coins makes no sense in many scenarios:

• If the coins are reused before being signaled as stolen, an innocent person will suffer from having received worthless coins before it was known that they were worthless. And you cannot distinguish between coins having been moved by the thief in his own wallet from coins having been used to pay a service or a good, so as soon as the coins have been moved, you can no longer blacklist them.
• If the coins have been sent through a mixer, then you will now blacklist any output which contains even one satoshi from the stolen coins.
• You can attack someone by convincing people that 1 BTC mixed with their 10,000 BTC has been stolen, thus rendering the whole 10,000 BTC worthless.

Can't you see the dozens of way your proposal could go wrong?

+1

[BkkCoins]

OP doesn't seem to realize the thief can simply move the coins to another address in his wallet in just a few seconds. Impossible to say whether they were spent or moved from left hand to right.

So this introduces situations where people accept coins without knowing if they can be spent later.

Extremely bad for the Bitcoin network overall. People need to trust that coins they receive can be spent otherwise the value of Bitcoin becomes questionable and the market price will reflect this.

Hence, a system like this socializes the cost of a theft over the whole network as reduced utility and lower value. But doesn't stop the thief at all from spending to users who choose not to accept blacklists - which I expect should be almost everyone.