Bitcoin is no longer decentralized

[Zangelbert Bingledack]

I'll admit that gmaxwell brought up some potential issues I hadn't considered. Most of the centralization alarmists have painted a less nuanced picture, leading me to think economics and incentives were being ignored. With that consideration understood, becoin is correct in saying that despite this natural order or free market being able to adapt, the time frame for adaptation matters. If miners don't detect a problem in a matter of minutes, Bitcoin could possibly suffer a major setback and PR fiasco. The market would adapt, but its solution might put a damper on Bitcoin growth for a few years, or the market's solution might even be a (good) protocol change or a new coin.

Nevertheless, the question remains: why would bad acters refuse to take advantage of vulnerabilities as the ongoing centralization makes them available? Why would they hold off their attacks until Bitcoin is so centralized that they could do extreme damage, especially given only one criminal gets only one shot? Every incentive seems to point to being the first to exploit a centralization weakness, which should lead to a smaller issue, or at worst a series of smaller issues that would make miners steadily more wary of large mining pools. Why aren't these supposed weaknesses being exploited right now? Hackers don't seem to generally shy away from taking free money, even if the stakes aren't yet as high as they could be.

Ultimately there needs to be a reason why a bad acter would choose not to "get while the getting's good," and in so doing actually do Bitcoin a favor by waking people up to any actual vulnerabilities as they arise. Centralization is a gradual process, so why wouldn't vulnerabilities open up (and be exploited) gradually rather than suddenly and catastrophically? Only a government or other entity wishing to do damage to Bitcoin (a competing system or altcoin, etc.) would have the right incentives to wait.

[1714779406]

1714779406

[1714779406]

1714779406

[1714779406]

1714779406

[1714779406]

1714779406

[1714779406]

1714779406

[1714779406]

1714779406

[Wary]

The same with all other vulnerabilities: the more rich bitcoiners are around, the more money will be spend on developing de-centralized solutions.

History proves you're wrong. The rich people of a certain guild will always form a club that will put every aspect of the source of their wealth under control and regulation.

Exactly. In our case the source of their wealth is untamperability (is there such a word? ) of bitcoin so they will look at it. And regulation works just fine without any centralisation, ask any libertarian

[Zangelbert Bingledack]

The same with all other vulnerabilities: the more rich bitcoiners are around, the more money will be spend on developing de-centralized solutions.

History proves you're wrong. The rich people of a certain guild will always form a club that will put every aspect of the source of their wealth under control and regulation. Control and regulation is just another name of centralization!

Whether power can centralize in a given environment depends on "environmental factors," in this case the awareness level of individual acters, their ability to communicate, the level of education and free time (affluence), and other things. These aspects have changed notably with the advent of the Internet, and again with Bitcoin. Centralization of power to some degree is inevitable, but that degree can change whenever the underlying factors change.

[becoin]

Why aren't these supposed weaknesses being exploited right now?

Why do you think they aren't? Why do big bitcoin accounts being robbed prefer to keep silent in public space? Why do Chinese prefer to keep their US treasuries even when Fed's printing press is running on 3 shifts? Because if they sell just 10% of their US debt the value of the rest 90% will immediately drop in half! So, like most of you they wait and hope that problem will self-correct, but it is getting worse instead. Eventually comes the time when you have to say "enough is enough" and this is the point where seismic shifts happen!

Whether power can centralize in a given environment depends on "environmental factors,"

If power can not centralize it is not power!

[ILoveUBtc]

I do think it is a very big problem.

And the bitcoin may some day become another  LR, which means some one or some organization will take control of it.

Then this game is over.

[crumbs]

I'll admit that gmaxwell brought up some potential issues I hadn't considered. Most of the centralization alarmists have painted a less nuanced picture, leading me to think economics and incentives were being ignored. With that consideration understood, becoin is correct in saying that despite this natural order or free market being able to adapt, the time frame for adaptation matters. If miners don't detect a problem in a matter of minutes, Bitcoin could possibly suffer a major setback and PR fiasco. The market would adapt, but its solution might put a damper on Bitcoin growth for a few years, or the market's solution might even be a (good) protocol change or a new coin.

Nevertheless, the question remains: why would bad acters refuse to take advantage of vulnerabilities as the ongoing centralization makes them available? Why would they hold off their attacks until Bitcoin is so centralized that they could do extreme damage, especially given only one criminal gets only one shot? Every incentive seems to point to being the first to exploit a centralization weakness, which should lead to a smaller issue, or at worst a series of smaller issues that would make miners steadily more wary of large mining pools. Why aren't these supposed weaknesses being exploited right now? Hackers don't seem to generally shy away from taking free money, even if the stakes aren't yet as high as they could be.

Ultimately there needs to be a reason why a bad acter would choose not to "get while the getting's good," and in so doing actually do Bitcoin a favor by waking people up to any actual vulnerabilities as they arise. Centralization is a gradual process, so why wouldn't vulnerabilities open up (and be exploited) gradually rather than suddenly and catastrophically? Only a government or other entity wishing to do damage to Bitcoin (a competing system or altcoin, etc.) would have the right incentives to wait.

This thread has been focused on "government[ s] or other entity[ s] wishing to do damage to Bitcoin" -- not opportunists wishing to increase their bitcoin wealth.
To answer your question, "bad actors" have taken advantage of the weaknesses created by ongoing centralisation -- they *are bringing it about*.

Inb4 "tinfoil hat!":  I'm not suggesting The Gob'ment, the Rosicrucians or Cthulhu cultist mainlining Drano are behind centralization.  It's nothing more interesting than the desire to maximize profits & the fact that centralized mining happens to be more profitable at this point.
Just like clearcutting a forest is more profitable for Logging Company A if Logging Company B already started doing it on the other side of the forest.

As far as invisible hand & "self-correction"?  Look at yeast gobbling up sugar & dying in their communal excrement to make teh delicious brewski.  Negative feedback doesn't solve every problem, neither does the invisible hand.

[Dabs]

You could help. Get a miner that you could run. Get others to do the same. No single drop of rain thinks its responsible for the flood. Every single person who runs a miner, no matter how small, helps keep bitcoin decentralized.

[crumbs]

You could help. Get a miner that you could run. Get others to do the same. No single drop of rain thinks its responsible for the flood. Every single person who runs a miner, no matter how small, helps keep bitcoin decentralized.

You mean like this?

Code:

10 Pre-order from ASIC makers (who will use my money to fund their mega-farms  & next gen ASICs), which i
20 pre-order & mine at a loss so that i could fund the next gen ASICS, which i
30 GOTO 10
40 YOU ARE WIN!!!

[BitCoinNutJob]

move to litecoin?

[ronimacarroni]

Anyways.
Most of the hashing power comes from the btc guild with a small piece of the pie going to corporations like ASICminer.
Its like you guys are doing preemptive whinning.

[cypherdoc]

I'll admit that gmaxwell brought up some potential issues I hadn't considered. Most of the centralization alarmists have painted a less nuanced picture, leading me to think economics and incentives were being ignored. With that consideration understood, becoin is correct in saying that despite this natural order or free market being able to adapt, the time frame for adaptation matters. If miners don't detect a problem in a matter of minutes, Bitcoin could possibly suffer a major setback and PR fiasco. The market would adapt, but its solution might put a damper on Bitcoin growth for a few years, or the market's solution might even be a (good) protocol change or a new coin.

Nevertheless, the question remains: why would bad acters refuse to take advantage of vulnerabilities as the ongoing centralization makes them available? Why would they hold off their attacks until Bitcoin is so centralized that they could do extreme damage, especially given only one criminal gets only one shot? Every incentive seems to point to being the first to exploit a centralization weakness, which should lead to a smaller issue, or at worst a series of smaller issues that would make miners steadily more wary of large mining pools. Why aren't these supposed weaknesses being exploited right now? Hackers don't seem to generally shy away from taking free money, even if the stakes aren't yet as high as they could be.

Ultimately there needs to be a reason why a bad acter would choose not to "get while the getting's good," and in so doing actually do Bitcoin a favor by waking people up to any actual vulnerabilities as they arise. Centralization is a gradual process, so why wouldn't vulnerabilities open up (and be exploited) gradually rather than suddenly and catastrophically? Only a government or other entity wishing to do damage to Bitcoin (a competing system or altcoin, etc.) would have the right incentives to wait.

this is the dynamic "tension" that exists in Bitcoin.  since there is no CEO you can call up to ask questions or try to manipulate for inside information, we find ourselves constantly evaluating the technology itself.  this is difficult b/c we are dealing something none of us has ever seen before so we find ourselves injecting our own personal biases into how we look at the situation.

i am not saying bury our heads under the sand and ignore what potentially could be centralizing factors.  we always have to live on the edge and assume bad things.  but at the same time i do not share gmaxwell's concerns as to where we are now in the evolution of they system.  i remember having a conversation with theymos way back in Jan 2011 when he predicted we'd be where we are now with a few thousand listening nodes.  now, just b/c he predicted it doesn't mean we are in a safe situation.  the point is that many of us from the early beginnings thought this would happen yet this didn't scare us into participating and helping to build Bitcoin to where it is now.  the question is, has this "centralization" weakened or in fact strengthened Bitcoin?

it's too early to say but i don't think it has weakened the system.  gmax keeps saying someone could hack into BTCGuild and cause havoc right now.  well, as Zangle has pointed out, why haven't they done it yet if it's so easy?  i think it's b/c the pool operators are all over security as much as they can be.  look how fast everyone responded to the hard fork; within minutes.  they have the capacity to cut off an attack immediately if one occurs.  gmax, i don't think you gave a full characterization of the motivations behind what happened either as i read the IRC transcripts from that event very carefully.  Eleuthria was never promised to be paid back as a quid pro quo for his cancellation of the 25 blocks he mined on 0.8.  from what i've read, he "voluntarily" did what was right for the community as a whole first and then was only "reimbursed" by Gavin from his personal faucet (or something like that) much later after the resolution of the fork.  there is a big difference in the interpretations of Eleuthria's motivation btwn this and what you implied.

i also wonder why the top 250 addresses haven't been hacked yet if there truly were a fault in the ECDSA system.  i don't buy the supposition that an attacker is waiting for a more opportune time.  there would be no point in doing so especially as the hashrate and network continues to strengthen in what is a parabolic fashion.  if anything the alarm bells should be ringing full on in NSA if their underlying motivation is to eventually destroy Bitcoin.  same thing goes for any attacker that might try to co-opt the pools.  the best time, in fact, was over a year ago when the network was much weaker.  and as for collusion btwn the pool operators?  ain't gonna happen.  it would've happened long ago.  we all know that slush, Eleuthria, and Deepbit are hard core Bitcoin supporters.  they won't do anything to damage Bitcoin and a collusion to inflate would be just the thing they would seek to avoid.  on top of that, Deepbit is known to be a lone wolf and does what he wants to do.  as i recall, he was still running some pool software based off of 0.3.* (very old) when the hard fork hit and was one of the ones left behind old 0.7 chain as the miners went off on 0.8.  why would he do that?  it's b/c he is happy with the system as it stands, ie, decentralized.  why change anything if it's working out well?

[Dabs]

I meant like, buy one of those miners that cost less than a bitcoin. People worry too much about ROI.

Instead of a few doing everything, the goal is to make everyone do a little something. Lots of people with only 2 GH/s each add up.

[cypherdoc]

I meant like, buy one of those miners that cost less than a bitcoin. People worry too much about ROI.

Instead of a few doing everything, the goal is to make everyone do a little something. Lots of people with only 2 GH/s each add up.

yes, this is exactly right.

they're like little cockroaches that can be scattered worldwide and hidden inside a tower.  more of a quiet revolution in money.

[Raize]

BC.i webwallet users out number all time downloads of the reference software by a significant multiple.

There are a number of reasons for this. I still have the reference client, but the reference client doesn't allow me to keep my "anonymous" Bitcoin separate from my "pseudo-anonymous" Bitcoin. I have some coin where the inputs are coming in from someone who doesn't know me and I don't know them and we both mutually would prefer to keep it that way. I also have those that would like to obtain coin from me, and we also would both prefer that neither know the source of the coin and that future destinations not be able to tie it back to that source.

BC.i webwallet provides the only method I know of whereby, through archiving addresses, I can ensure that coin coming in and going out from a merely psuedo-anonymous address is not being mixed with a wallet that I want to maintain this full anonymity with. Sometimes I don't even trust this fully and use a completely separate BC.i webwallet. I understand the risks, and I am worried about ultimately trusting piuk & co. with excessive amounts of coin and other related info, but until we have a zerocoin or other system whereby we can purposely keep our coin anonymous, I don't know how I can really justify installing the reference client anywhere else outside my main PC.

EDIT: On another side note, I don't think the current Bitcoin developers have any direct incentive to implement a zero-knowledge protocol anonymity system into the Blockchain. Moreover, I know that, as the Bitcoin Foundation has more and more "conversations" with lawyers, politicians, and bureaucrats, immense pressure will be put on the developers to *not* implement such full anonymity.

I'll be quite frank with everyone, Bitcoin is still niche, and will stay niche without completely anonymity. We are doing ourselves a disservice to ignore the fact that black and grey markets (not just in the US, but other countries) are still our primary customers. Additionally, by not implementing such features, the resulting flight-of-intellect risk from first-world countries is going to grow greater. The smartest people on this planet want to be free, too, not just criminals. Implementing such features benefiting criminals in one country will undoubtedly benefit freedom advocates in another.

[gmaxwell]

why haven't they done it yet if it's so easy?

Four lines of code in pynode or whatever could be used to currently crash 86% of publicly reachable Bitcoin nodes— it was 100% before a month or so ago, for at least the last year. This is only a single known and fixed problem. Make the appropriate transaction first and the nodes won't come back up without upgrading their software. I could make more examples, but I'm somewhat wary of stuffing beans up my nose.

Why hasn't someone done it yet?


Because attacks aren't like random process failure. They're generally completely absent, until they're not. You cannot infer security from a lack of failure, only insecurity from the presence of them— it isn't symmetrical.

[Peter Todd]

BC.i webwallet provides the only method I know of whereby, through archiving addresses, I can ensure that coin coming in and going out from a merely psuedo-anonymous address is not being mixed with a wallet that I want to maintain this full anonymity with.

Armory can do this too as it supports multiple wallets. Unlike blockchain.info's wallet Armory also is designed to not re-use addresses and by default will use a new address for change. It also implements some fairly sophisticated techniques like significant figure matching to hide what the change address is.

The only reason this stuff isn't in Bitcoin-QT is because no-one has gone to the effort required to implement it, and because in the long-term many developers think wallet support should be removed from the reference client entirely to make it purely a full-node implementation. If Armory had a better design from the start, with reasonable memory usage, we would probably have already done that and Armory would be the "official" wallet.

EDIT: On another side note, I don't think the current Bitcoin developers have any direct incentive to implement a zero-knowledge protocol anonymity system into the Blockchain. Moreover, I know that, as the Bitcoin Foundation has more and more "conversations" with lawyers, politicians, and bureaucrats, immense pressure will be put on the developers to *not* implement such full anonymity.

Here is 16BTC worth of direct incentive from core developer Gregory Maxwell: https://bitcointalk.org/index.php?topic=279249.msg2983911#msg2983911

Zerocoin-style protocol anonymity just doesn't work because the math is currently too slow, but CoinJoin-style systems can be implemented in a way that allows all Bitcoin users can use it for every transaction. Maaku is trying to raise 85BTC to fund his efforts to develop CoinJoin to that level: https://bitcointalk.org/index.php?topic=291283.0 (I have some disagreements with him on exactly what implementation should be prioritized, but our basic goals are the same)

[Wary]

As far as invisible hand & "self-correction"?  Look at yeast gobbling up sugar & dying in their communal excrement to make teh delicious brewski.  Negative feedback doesn't solve every problem, neither does the invisible hand.

People are a bit smarter than yeast. Especially rich people, because ones without foresight won't stay rich for long. Invisible hand, you know . And the "invisible hand" is just another name for "people acting", fearmongers you are also important finger of this self-correcting hand.

[Wary]

By the way, if bitcoin get banned the centralisation problem will be solved. Because you'll get prosecuted for possessing more that 1 gram 1 petahash/sec 

[smoothie]

Bitcoin to me is still decentralized and a free-market.

It is expected that there will be growing pains, as Gavin suggested a while back. It is expected.

[crumbs]

As far as invisible hand & "self-correction"?  Look at yeast gobbling up sugar & dying in their communal excrement to make teh delicious brewski.  Negative feedback doesn't solve every problem, neither does the invisible hand.

People are a bit smarter than yeast. Especially rich people, because ones without foresight won't stay rich for long. Invisible hand, you know . And the "invisible hand" is just another name for "people acting", fearmongers you are also important finger of this self-correcting hand.

I see you have a clear understanding of the Invisible Hand.  Yes, fear-mongerers are a part of it.  As is strict government regulation, taxation, wars, and economic collapses.  The Invisible Hand is a tautology -- everything that exists.  As the joke goes:
"Dad, what's that white stuff in birdshit?"
"Son, that's birdshit too."