Can you explain how you would do it? So first you would mandate a service like imgur to give up the IP's of visitors going to some image... ok so you got a visitors IP... now how would you relate that to some person who accepts an offer? What if that person uses another computer at another time to accept the offer that doesnt visit the image URL? So you have an IP, you are going to track this person who may be sitting in a public setting say Starbucks to do business? the messages are still encrypted and can point to a meeting place or a destination for cargo that an eavesdropper can't read.
Like I said its very far fetched... and something you should not be worrying about at this point. That's assuming no TOR... and with TOR improving in the future it makes it even more far fetched... bottom line is.. if you are doing something frisky and your not supposed to, use a public computer! why would you use your personal computer at home for doing such a thing anyway? The key is to send encrypted syscoin messages for actual instructions.
In software there is a standard golden rule called "seperation of concerns" and by imposing privacy measures which are aggegrated and not needed for 99% of the use-cases you are not only complicating things where they don't need to be but are making things less efficient and more prone to vulnerabilities to your system as a result because of more moving parts. SDC has already been hacked once, maybe it will be hacked again. Once you claim your 100% anon, it just takes one example to turn the whole project on its head and for what 1% of the use-case? Doesn't make sense. I already know what you are thinking now, and like I said to you before we have clearly different goals. Your goal is to become the defacto ANON decentralized marketplace, and ours is to become the defacto decentralized marketplace... you are targeting a subset of users while we are leveraging blockchain technology to reach out to an exponentially larger audience.
So first you would mandate a service like imgur to give up the IP's of visitors going to some imageLOL, you're seriously thinking that a mandate is needed to get that information? Quite a few agencies around the world are participating in mass surveillance, they collect EVERYTHING.
now how would you relate that to some person who accepts an offer?You would look up the node in the syscoin network and hijack its peer list by sending out a bunch of IPs ran by malicious nodes.
Anything that goes in and out of that node, you know it. Filter out the escrow transactions and link it to the offer.
you are going to track this person who may be sitting in a public setting say Starbucks to do business?Well if he uses his own computer the above mentioned attack would persist on his system unless he deletes the peer.dat file.
The only way to prevent it is by using a new computer, and are you REALLY going to download the whole sys blockchain on a public computer? Are you really thinking any sane person would do that?
why would you use your personal computer at home for doing such a thing anyway?Because people are lazy, stupid or tricked by false promises that sys protects their privacy.
I agree, the attack is far fetched and the chances that at this very moment anyone caring about transactions happening on sys is close to 0.
But some governments collect everything and the blockchain does that for you too. Makes it easy for correlating things, sys is doing mass surveillance a pleasure by timestamping and authenticating everything so neatly
There are other attacks that I have in the back of my mind, but I have given you enough of my time and advice. You should start paying me for this to be honest!
imposing privacy measures which are aggegrated and not needed for 99% of the use-cases you are not only complicating thingsA human without privacy is a powerless entity. The world is full of sheep putting every piece of their life on facebook, basically doing the things spies used to do 30 years ago.
History has worked so well for us because we as the people had privacy and thus power to change things. Now we're trusting the internet with our data like there is no harm to it, even with the recent snowden leaks.
We had a bug in our key image, which is a pretty important part in ring signatures. That has been fixed, the bug bounty program was there for a reason, to motivate researchers to attack our system to help us harden it. We're not going to act like we didn't expect things like this to happen. I have reviewed the ring signature cryptography and it is now fully compliant with the scheme proposed by Adam Back. I'm fairly confident that in terms of cryptography it is secure to modern standards.
We have our bugs and flaws, just like any open source project. If you think sys is free of those then you're being arrogant. I don't see sys having a bug bountry program in place? There is nobody on the world inspecting your code.
Don't forget, your project is still young and fragile. It only takes one clone and a ton of marketing money to destroy sys at once.
borderline paranoia and not worth my time to worry about such things currently. If market demands it, the technology will be created and it will happen. You are trying to create demand by telling people they care, when its 1% of the people that care. I get it, your aiming for network affect through a niche market within a niche market.. but I'm not aiming so small. The ringsig stuff makes syncing slower, instead i'm allowing people who care to use external tools that are enabled/disabled instead of making it mandatory on every user even if they don't care.. its like saying I know whats best for you let me do it anyway and we know that is a bad design, at least I know it is. Based on Anonymint's observation and I would have to say he has to be one of the better guys around here when it comes to privacy the only way to have true anonymity is through micro-transactions, because none of these algorithms are truly anonymous and push-comes-to-shove will be comprised... pretty much reinforcing the reason i'm not catering to 1%.
So you would get an IP for someone who clicked a link and then spam his node to see if he's running syscoin (you have to hope hes on a default port which is probably isn't) and then basically watch for a relay message that is for an offeraccept of the item in question... that way you can track the BUYER.. you can't get the seller. So you solve only half the problem and you can't prove that the person isn't just sending coins and not getting delivery because that happens outside the system and communication done through encrypted messages. I still find it very unlikely any agency will be able to find out who's who to track these people to their location. Those that will conduct business in this way have to take simple measures to make it increasingly difficult to track....
We actually had a bug bounty program i think it was $5k (obviously wasn't broken) and we also got a code review done by Bryce Weiner who said "it looks very awesome" with some semantics like variable naming as things to update. Sebastien Schepis who created the initial design for Syscoin also reviewed the code and thinks it looks great. Saying nobody in the world is inspecting your code is arrogant of yourself especially coming from someone who keeps things private and closed source lol! I'm developing in the open and im sure there are other people reading it especially since my commits are logged in slack every time I push. The design was reviewed by Vitalik Buterin who I am in contact with regularily.. actually hes the one who pushed me for AE instead of DDE and we are on the same wave-length... I may do DDE still for 2.1 depends on timeline.
Again Syscoin is not condoning darkmarkets and not saying your IP is private just like Bitcoin is not saying that... we provide a tool built-in called TOR and if you know how to use it you can do your best to hold your anonymity but we don't guarantee it... something you are claiming with your technology that has been broken already. It's a problem i'm not willing to take on to target 1% of the audience especially because you need a full on cryptographer to really understand what's happening on the lowest level, I think to be taken seriously as anon you will need to have one or a team of actually cryptographers who know what they are doing instead of copying from other projects. Again its a business decision that doesn't make much sense currently.
You can correlate all you want, the core benefit of a decentralized marketplace is being able to open your trade to a wider audience with little to no fees and not have to worry about backups and/or hosting of that data. A subset of users will care about evading taxes and darknet offers but when technology exists that lets you plug in to bitcoin to do that (a better TOR) then we will easily migrate it over to Syscoin because of the way I developed Syscoin 2 keeping portability in mind.
Cloning is encouraged! take a look at the unit tests and you can extend functionality pretty easily... I tend not to think like you because I'm open source while your stuff is not... you're scared of a "first-to-market" hit while I know that if someone clones it will benefit Syscoin. Any marketing they do will indirectly benefit marketcap for Sys.
I never said Sys is free of bugs.. take a look at the open issues theres tons... but I am not a cryptographer so I don't have to worry about bugs in the core related to cryptography. I know if I just copied that stuff I won't be able to support it or make it flexible enough for what I wanted to do in Sys. You do have to wrry about these things.. its your core goal. So your project requires intensive cryptographic knowledge and anyone not trained formally in the area will i'm afraid be developing something that will most likely be compromised (it already has). Sure it's been fixed, but how can we be sure it won't break again (coming from someone who doesn't know or doesn't care about anon as much as you?). You can't. It's one less thing to worry about for me.. when the time to care for it arrives, I will look for things already developed like Tor to solve the problem.
For me, I only have to worry about the layer above which is crypto agnostic for the most part but blockchain oriented, so I gotta pay attention to security but in the mindset of not allowing services to be used in an unintentional manner ie: taking money from an offer that's not yours, or sending a message to an alias impersonating someone else. This is the value add im bringing to the blockchain world and I can say I'm trained to do such work because its not specialized in a field I do not know. Sure you can learn it, but you can only learn so much from the internet unless your IQ is 160 like Vitalik.
