The Red List

[Cryptoman]

As for those Bitcoin users who like their coins to be fungible, I'm one of a few people looking into how to create a mixing capability within Bitcoin itself that will let you automatically mix your coins with others, potentially as often as every transaction you make.

You're not alone.  Fungibility is an important property of money, and I'd be opposed to anything which reduces Bitcoin's fungibility and therefore value.

I think the OP's proposal does not take into account how the Satoshi client/server works.  Accounts are not equivalent to addresses.  If bitcoind is used to operate an online wallet, then a withdrawal from any given account will not necessarily use the same coins that were deposited.  It all depends on how many other transactions have occurred and in what amounts.  So, a thief could deposit his booty in an online wallet, and some innocent person will very likely receive the tainted coins.

[1713852560]

1713852560

[1713852560]

1713852560

[1713852560]

1713852560

[1713852560]

1713852560

[bytemaster]

The problem is how to define a 'guilty' party?   I could send you money, then claim you stole it.   How would you *prove* you didn't steal my money?   I suppose you could 'send it back'... But I already consumed what ever good/service you gave me 'under the table' for that money.   Thus to protect myself we would need to have receipts for every transaction.   Then we have the race condition on the receipts... if I give you the receipt before you give me the coin... opps..  if I give you the coin before you give me the receipt... screwed again.

End result is that you would need even more infrastructure along the lines of Open Transactions as well as custom block-chain support for 'conditional exchanges of information for coins'.

The result of this is that bitcoin could no longer be used for any transaction that you would want 'kept private'.  Ie:  I purchased sex then claim the prostitute 'stole' my money.   The prostitute would then have to 'prove' she gave me sex in exchange for that money AND what the agreed price was.  The mere existence of such proof would threaten her liberty in todays society.

Otherwise the red list can be abused like the no-fly list or any other 'list'.  What is the burden of proof for 'stolen' money?

[David Rabahy]

A case for multisig?  A mutually agreeable, er, discrete 3rd party is designated as the arbiter.  The Bitcoin transaction requires only 2 of 3 signatures.  If the original parties are, er, mutually satisfied then both sign and the arbiter is not engaged.  If there is a dispute then each makes their case and then the arbiter signs or not accordingly.

[franky1]

so let me get this right. an insurance company for bitcoins lol

what is the point. how about a few basic lessons in not trusting strangers that dont want to give out personal info, dont want to use escrow and don't have proof they have the product they wish to sell.

i see many people sending coins to a address owned by themselves and then claim that the funds are stolen or the recipient (nonexistant in reality) did not forfill their contract, thus doubling their coins.

bitcoin does not need insurance. what it needs is to teach the sheeple the proper etiquette and money management skills that they never learned as kids because they relied on the trust of banks so much.

basic lesson one.
legitimate and regulated insurance companies will NEVER get involved with a contract/payment transaction involving illegal products or services. so anyone wishing to claim a loss due to a dodgy deal for illegal goods (the only reason not to reveal true identity), the insurance company will not pay out, due to the funds being linked to funding drugs/weapons purchases ETC.

basic lesson two.
if your handing out coins to a legitimate business, then do some due diligence checks and gather intel about the company. EG there is enough information about bitcoinstore.com mtgox.com to trust them enough to do transactions with, without the need for insurance.

basic lesson three.
a 'person' saying they are an insurance company and promises to reimburse losses no matter what product/service/contract type was not forfilled obviously does not have an insurance license, so you are more then likey to get burnt twice, once for the so called loss and secondly from the premium costs that will never pay out.

[nwbitcoin]

This is a nice idea that will possibly serve better as a suggestion that bitcoin is regulated against fraud, rather than be a tool to prevent it.

There are far too many ways that fraud can take place, that I can't see this project being much more than the equivalent to Spamhaus for the Bitcoin community.

However, if it wasn't for the likes of Spamhaus, would email be used as much as it is today?  Would email be subject to far more regulation?

I like the Red List project, but please try to explain to some of the hard of thinking on this forum that its not a way to prevent crime!

It prevents crime by creating a psychological deterrent.

Here is a story to clarify:

My friend John insures his wallet in a custom insurance group in Bitinsure.

His wallet is hacked and 20 BTC are stolen and sent to the thief's wallet.

We submit the thief's first degree wallet address to The Red List.

Using the same wallet, the thief attempts to pay for an OKCupid subscription.

OkCupid runs the public address against The Red List using the API and gets a first degree match - a definite redlist.

Since the wallet is first degree, OkCupid decides to send personal information gleaned from the thief's OkCupid profile to The Red List for investigation.

Here is a second story:

My friend John insures his wallet in a custom insurance group in Bitinsure.

His wallet is hacked and 20 BTC are stolen and sent to the thief's wallet.

We submit the thief's first degree wallet address to The Red List.

The thief sends the BTC to two more wallets.

We submit the second degree wallet addresses to The Red List.

The thief uses one wallet to purchase cooking ware on Amazon via BitSpend.

BitSpend checks the wallet address against The Red List, gets a second degree match, and issues the thief a questionnaire asking where he got the money from at the time of purchase. BitSpend may also send minimal identifying information such as a piece of the address back to The Red List for private storage and factoring into the indefinite algorithm which will increase The Red List ranking if the same minimal identification information is flagged/sent again by the same or another business.  

The thief gets his cooking ware from Amazon via BitSpend but after the questionnaire is apprehensive so decides to use a mixing service on the contents of the second wallet.

The thief mixes his BTC and gets BTC transferred into a new wallet.

A different person who used the mixing service spends the BTC on a Gyft gift certificate. Gyft runs the public address against The Red List and issues that second person a questionnaire - that person reveals he recently used a mixing service and names the service. The results of the questionnaire are sent to The Red List.

The Red List now has money laundering evidence against the mixing service and suspicions against/algorithm inputs for an identifying piece of information from the first wallet.

What if John was lying and he did all the spending himself and just claimed, and even did the hacking himself - how does this prevent that?

[Aswan]

A Thief could just sent a few satoshis to the 1000 richest bitcoin adresses. That way either coins related to his adress will be accepted or most bitcoins wont be able to be used at places which use the red list.

The red list therefore would cause its users to lose a majority of their customers which would make them abandon the list asap.

[franky1]

so to add a insurance company think that a dating website and amazon would breach their data protection and privacy terms to hand out customer information and payment details without a court order??

goodluck

[datz]

so let me get this right. an insurance company for bitcoins lol

what is the point. how about a few basic lessons in not trusting strangers that dont want to give out personal info, dont want to use escrow and don't have proof they have the product they wish to sell.

i see many people sending coins to a address owned by themselves and then claim that the funds are stolen or the recipient (nonexistant in reality) did not forfill their contract, thus doubling their coins.

bitcoin does not need insurance. what it needs is to teach the sheeple the proper etiquette and money management skills that they never learned as kids because they relied on the trust of banks so much.

basic lesson one.
legitimate and regulated insurance companies will NEVER get involved with a contract/payment transaction involving illegal products or services. so anyone wishing to claim a loss due to a dodgy deal for illegal goods (the only reason not to reveal true identity), the insurance company will not pay out, due to the funds being linked to funding drugs/weapons purchases ETC.

basic lesson two.
if your handing out coins to a legitimate business, then do some due diligence checks and gather intel about the company. EG there is enough information about bitcoinstore.com mtgox.com to trust them enough to do transactions with, without the need for insurance.

basic lesson three.
a 'person' saying they are an insurance company and promises to reimburse losses no matter what product/service/contract type was not forfilled obviously does not have an insurance license, so you are more then likey to get burnt twice, once for the so called loss and secondly from the premium costs that will never pay out.

We have worked out a series of checks and balances. Bitinsure is not a typical insurance company like you assume. We have worked out a new schema only possible via the Bitcoin or Ripple protocols which avoids all regulation.  See the thread linked to on post #1.

[datz]

so to add a insurance company think that a dating website and amazon would breach their data protection and privacy terms to hand out customer information and payment details without a court order??

goodluck

They will not breach their privacy terms if asked to accept primary stolen funds. World governments may easily level regulation forcing them to do this or fining them for accepting stolen funds as payment. It is in their best interests to check addresses against the list at a bare minimum.   

[datz]

A Thief could just sent a few satoshis to the 1000 richest bitcoin adresses. That way either coins related to his adress will be accepted or most bitcoins wont be able to be used at places which use the red list.

The red list therefore would cause its users to lose a majority of their customers which would make them abandon the list asap.

We have a minimum threshold for taint unless those satoshis are eventually conglomerated into the same wallet again.

[datz]

This is a nice idea that will possibly serve better as a suggestion that bitcoin is regulated against fraud, rather than be a tool to prevent it.

There are far too many ways that fraud can take place, that I can't see this project being much more than the equivalent to Spamhaus for the Bitcoin community.

However, if it wasn't for the likes of Spamhaus, would email be used as much as it is today?  Would email be subject to far more regulation?

I like the Red List project, but please try to explain to some of the hard of thinking on this forum that its not a way to prevent crime!

It prevents crime by creating a psychological deterrent.

Here is a story to clarify:

My friend John insures his wallet in a custom insurance group in Bitinsure.

His wallet is hacked and 20 BTC are stolen and sent to the thief's wallet.

We submit the thief's first degree wallet address to The Red List.

Using the same wallet, the thief attempts to pay for an OKCupid subscription.

OkCupid runs the public address against The Red List using the API and gets a first degree match - a definite redlist.

Since the wallet is first degree, OkCupid decides to send personal information gleaned from the thief's OkCupid profile to The Red List for investigation.

Here is a second story:

My friend John insures his wallet in a custom insurance group in Bitinsure.

His wallet is hacked and 20 BTC are stolen and sent to the thief's wallet.

We submit the thief's first degree wallet address to The Red List.

The thief sends the BTC to two more wallets.

We submit the second degree wallet addresses to The Red List.

The thief uses one wallet to purchase cooking ware on Amazon via BitSpend.

BitSpend checks the wallet address against The Red List, gets a second degree match, and issues the thief a questionnaire asking where he got the money from at the time of purchase. BitSpend may also send minimal identifying information such as a piece of the address back to The Red List for private storage and factoring into the indefinite algorithm which will increase The Red List ranking if the same minimal identification information is flagged/sent again by the same or another business.  

The thief gets his cooking ware from Amazon via BitSpend but after the questionnaire is apprehensive so decides to use a mixing service on the contents of the second wallet.

The thief mixes his BTC and gets BTC transferred into a new wallet.

A different person who used the mixing service spends the BTC on a Gyft gift certificate. Gyft runs the public address against The Red List and issues that second person a questionnaire - that person reveals he recently used a mixing service and names the service. The results of the questionnaire are sent to The Red List.

The Red List now has money laundering evidence against the mixing service and suspicions against/algorithm inputs for an identifying piece of information from the first wallet.

What if John was lying and he did all the spending himself and just claimed, and even did the hacking himself - how does this prevent that?

If he used any personal information to do the spending and if he released any personal information on Bitinsure to increase his credibility we would detect the scam via The Red List. If his insurance pool decided to approve his claim that means they trusted him and the group is partially responsible for the loss. 

[datz]

The problem is how to define a 'guilty' party?   I could send you money, then claim you stole it.   How would you *prove* you didn't steal my money?   I suppose you could 'send it back'... But I already consumed what ever good/service you gave me 'under the table' for that money.   Thus to protect myself we would need to have receipts for every transaction.   Then we have the race condition on the receipts... if I give you the receipt before you give me the coin... opps..  if I give you the coin before you give me the receipt... screwed again.

End result is that you would need even more infrastructure along the lines of Open Transactions as well as custom block-chain support for 'conditional exchanges of information for coins'.

The result of this is that bitcoin could no longer be used for any transaction that you would want 'kept private'.  Ie:  I purchased sex then claim the prostitute 'stole' my money.   The prostitute would then have to 'prove' she gave me sex in exchange for that money AND what the agreed price was.  The mere existence of such proof would threaten her liberty in todays society.

Otherwise the red list can be abused like the no-fly list or any other 'list'.  What is the burden of proof for 'stolen' money?

There is no incentive to report money stolen unless it was actually stolen and you actually expect to get the money back. In order to get the money back you would have to prove via authorities you did not receive a given good or service. If you are Bitinsured, you simply have to convince your pool and establish trust so pool members will approve your claim. If you simply reported someone out of spite, the authorities would figure this out and prosecute you instead. The Red List does not necessarily limit red listed addresses in any way - just provides a mean of tracking suspected individuals - if the data matches up then The Red List produces evidence against individuals. 

I could go up to a homeless person and drop $20 cash in his hat and then claim he "stole" the money. The system of trust and persecution is actually the same.

[datz]

As for those Bitcoin users who like their coins to be fungible, I'm one of a few people looking into how to create a mixing capability within Bitcoin itself that will let you automatically mix your coins with others, potentially as often as every transaction you make.

You're not alone.  Fungibility is an important property of money, and I'd be opposed to anything which reduces Bitcoin's fungibility and therefore value.

I think the OP's proposal does not take into account how the Satoshi client/server works.  Accounts are not equivalent to addresses.  If bitcoind is used to operate an online wallet, then a withdrawal from any given account will not necessarily use the same coins that were deposited.  It all depends on how many other transactions have occurred and in what amounts.  So, a thief could deposit his booty in an online wallet, and some innocent person will very likely receive the tainted coins.

The Satoshi client/server system is common knowledge.

Most "online wallet" services do not automatically mix coins or spend coins from a mixed/common pool.

It's not really a "same coins" thing - but a "same address" thing.

We can still track most transactions.

If coins are mixed they become second degree, third degree, etc. and may prompt a one field form but that is all.

If an "online wallet" system mixes coins and is associated with first degree theft, it may be classified as a money launderer.

[smoothie]

Is this directly involved with ripple development?

[datz]

Is this directly involved with ripple development?

We are making suggestions for the Ripple API, but no, are not directly associated with the Ripple project.

We are fully interfacing with the Ripple protocol because of speed, reliability, connections to gateways, and the ability to transact with debt among trusted individuals, allowing for the complex social constructs and structures vital to the workings of the first "distributed" insurance platform and real time distributed claim payments.

[luv2drnkbr]

As long as this is a separate voluntary thing and not a protocol change (which looks to be true), I'm good with it.

[Littleshop]

I still dont know what you mean by a mixing service.
How about I take some of that stolen btc (from the wallet John should have secured) and make some bets at satoshi dice or play poker or something.
Are all of those gambling sites now 'contaminated'? All the money coming from them is considered 'secondary'?

So another person wins big playing poker and now can't spend the money without jumping thru hoops?

No, no wallets are ever "contaminated" except for the first degree wallet - just under surveillance.

The gambling site would be wise to run the wallet against The Red List before accepting payment.

If the gambling site registered with The Red List, it need not worry.

If not, the site may get prompted with a questionnaire if directly attempting to spend second degree flagged BTC at a legitimate business.

The person winning at poker would be third degree at most and if repeatedly spends surveilled BTC may have to answer a questionnaire or may make The Red List after repeated low degree BTC flagged purchases at legitimate businesses if statistically determined he is in possession of stolen funds at a statistically significant rate much higher (alpha of 0.02) than average possession of stolen funds.  

There would be almost no advantage and huge disadvantages for a poker (or any gambling) site dealing with something like the red list.  First of all there are many transactions and even a low percentage being flagged would be a huge increase in the labor for the site.  The poker site would then be asking power players where they got their BTC from?  Most gambling sites collect little or no data on a customer and the customers like it like that.  With no participation from gambling sites, especially ones like SD that are fully automated, gambling sites would act as complex mixers and render the red list useless.

[datz]

I still dont know what you mean by a mixing service.
How about I take some of that stolen btc (from the wallet John should have secured) and make some bets at satoshi dice or play poker or something.
Are all of those gambling sites now 'contaminated'? All the money coming from them is considered 'secondary'?

So another person wins big playing poker and now can't spend the money without jumping thru hoops?

No, no wallets are ever "contaminated" except for the first degree wallet - just under surveillance.

The gambling site would be wise to run the wallet against The Red List before accepting payment.

If the gambling site registered with The Red List, it need not worry.

If not, the site may get prompted with a questionnaire if directly attempting to spend second degree flagged BTC at a legitimate business.

The person winning at poker would be third degree at most and if repeatedly spends surveilled BTC may have to answer a questionnaire or may make The Red List after repeated low degree BTC flagged purchases at legitimate businesses if statistically determined he is in possession of stolen funds at a statistically significant rate much higher (alpha of 0.02) than average possession of stolen funds.  

There would be almost no advantage and huge disadvantages for a poker (or any gambling) site dealing with something like the red list.  First of all there are many transactions and even a low percentage being flagged would be a huge increase in the labor for the site.  The poker site would then be asking power players where they got their BTC from?  Most gambling sites collect little or no data on a customer and the customers like it like that.  With no participation from gambling sites, especially ones like SD that are fully automated, gambling sites would act as complex mixers and render the red list useless.

Gambling sites would probably not use The Red List and would not need to since they are illegal in many countries anyway.

Gambling sites are not a good way to mix funds/wash BTC since you have a potential to lose money.

[datz]

If the thief uses a mixing service, we will flag that mixing service as a money launderer and will flag wallets the funds ultimately get mixed to, disincentiving users of mixing services

As for those Bitcoin users who like their coins to be fungible, I'm one of a few people looking into how to create a mixing capability within Bitcoin itself that will let you automatically mix your coins with others, potentially as often as every transaction you make. This mixing is done in a trust-free manner; you're coins can-not be stolen by mixing them. This will increase financial privacy for all Bitcoin users, and as a nice side-effect reduce transaction costs by about %10 (large transactions are more efficient than multiple small ones)

I highly support this effort and I know many others do as well! Please keep working on it  

I support this effort as well but believe there will be scalability issues.

[datz]

As long as this is a separate voluntary thing and not a protocol change (which looks to be true), I'm good with it.

Yes, it is voluntary, outside the protocol, and does deter future regulation/allow compliance with anti-theft/anti-fraud laws already in place in many countries.