Bitcoin Forum
September 23, 2019, 04:38:44 PM *
News: Latest Bitcoin Core release: 0.18.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 [11] 12 13 14 15 16 17 18 19 20 21 22 23 24 »  All
  Print  
Author Topic: Mike Hearn, Foundation's Law & Policy Chair, is pushing blacklists right now  (Read 83651 times)
Peter R
Legendary
*
Offline Offline

Activity: 1162
Merit: 1007



View Profile
November 15, 2013, 02:38:21 AM
 #201

If somebody should be thrown under the bus here it should be Microsoft for being unable or unwilling to build secure operating systems.

+1

The problem is 50% Microsoft and 50% people not being as careful as they should.

Run Bitcoin Unlimited (www.bitcoinunlimited.info)
1569256724
Hero Member
*
Offline Offline

Posts: 1569256724

View Profile Personal Message (Offline)

Ignore
1569256724
Reply with quote  #2

1569256724
Report to moderator
1569256724
Hero Member
*
Offline Offline

Posts: 1569256724

View Profile Personal Message (Offline)

Ignore
1569256724
Reply with quote  #2

1569256724
Report to moderator
1569256724
Hero Member
*
Offline Offline

Posts: 1569256724

View Profile Personal Message (Offline)

Ignore
1569256724
Reply with quote  #2

1569256724
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1569256724
Hero Member
*
Offline Offline

Posts: 1569256724

View Profile Personal Message (Offline)

Ignore
1569256724
Reply with quote  #2

1569256724
Report to moderator
1569256724
Hero Member
*
Offline Offline

Posts: 1569256724

View Profile Personal Message (Offline)

Ignore
1569256724
Reply with quote  #2

1569256724
Report to moderator
Quetzalcoatl_
Newbie
*
Offline Offline

Activity: 26
Merit: 0


View Profile
November 15, 2013, 02:42:33 AM
 #202


So it's a very serious problem which I think people on this forum are underestimating. Cryptolocker could destroy Bitcoin just like the blacklist can.

Mike's core concern, based on the thread on the Foundation forums, is that Cryptolocker is a serious problem, and because it's such a demonically simple way to extort cash from people, it's going to become a huge problem. There will be many, many copycats soon, and you get enough non-techies getting ripped off and having their first experience with bitcoin this way, and suddenly govs around the world become very hostile to bitcoin (vs barely caring about it, and figuring out how they feel about it as is the case now). And then (or perhaps before), you can kiss any hope of business acceptance of bitcoin (something we all dream of, I'd imagine, so that we can transact in bitcoin without having to resort to exchanges) goodbye.


The moral panic has long been a powerful weapon in the arsenal of authority. Let's look at a similar "serious problem" from recent history: 9/11. It was so "demonically simple" to hijack airliners and fly them into buildings, that Something Had To Be Done. Similar to Mike Hearn's proposal, the US Government took the opportunity to "temporarily" severely curtail our freedom and massively expand police authority. They also used 9/11 as an excuse to get into some wars that they wanted to fight anyway, even though these wars obviously had nothing to do with 9/11. "Temporarily" has since proven to be "permanently." Bush is long gone, yet the government still hasn't rolled back its expanded powers.

Mike Hearn is participating in the same sort of thing that the Bush Administration did in 2001. He is proposing that Bitcoin businesses voluntarily help the US Government seize worldwide control of Bitcoin for the mere perception that something is being done about CryptoLocker. Meanwhile, there are obvious ulterior motives in play. To achieve a critical mass that would harm all users of Bitcoin, he only needs to get BitPay and Coinbase on board.
Peter R
Legendary
*
Offline Offline

Activity: 1162
Merit: 1007



View Profile
November 15, 2013, 02:42:51 AM
 #203

So you're telling me that if each Bitcoin is worth $1 million dollars ransomware or other sophisticated malware and spyware wont be developed to target Bitcoin users? This isn't paranoia it's common sense. Governments may or may not have hit any of us already with advanced persistent threats. Do you think they'll tell us?

This seems disingenuous.  Gold and cash are worth lots too.  If you advertise the fact that you have a big hoard under your bed, and then leave your doors unlocked, then, yeah, you'll be a target.  

Just like gold or $, if you don't want to secure your money, pay a service that will.  

The beauty of bitcoin is that everyone is free to make the choice that is right for them.

Run Bitcoin Unlimited (www.bitcoinunlimited.info)
Kouye
Sr. Member
****
Offline Offline

Activity: 336
Merit: 250


Cuddling, censored, unicorn-shaped troll.


View Profile
November 15, 2013, 02:43:19 AM
 #204

No it's not easy to defend yourself against extortion or identity theft. It's almost impossible to be sure your computer is malware/spyware free and if a government wants to spy they can see everything.

Can we stay on-topic, please? We're talking about redlisting bitcoins as a solution to kill CryptoLocker copycats, here, not your current doubts about internet security.

[OVER] RIDDLES 2nd edition --- this was claimed. Look out for 3rd edition!
I won't ever ask for a loan nor offer any escrow service. If I do, please consider my account as hacked.
Ipsum
Member
**
Offline Offline

Activity: 62
Merit: 10



View Profile
November 15, 2013, 02:45:50 AM
 #205


Ransomwares are as old as internet. They've always been around, and they have no more power than they had before bitcoin.

It's not as old as the internet, but you're right that it is pretty old - the first was in 1989. They have far more power now though, because of bitcoin.

Typically, the best way to shut down ransomware criminals is to use the payment method as an attack vector. Shut down the payment vector, shut down the motivation for the person or organization trying to extort people that way. Cryptolocker currently accepts bitcoin and Greendot Moneypak. The latter vector is going to get shut down, because it's via a centralized system owned by a company that has executives who don't want to go to jail for money laundering.

You can't just shut down the bitcoin vector in the same way though, as we all know. And that makes bitcoin the not-so-secret weapon that ransomware is going to exploit to hell and back. Just think for a minute how many people's computers are zombie'd/slaved or otherwise infected with viruses. Now add a very lucrative, direct way to collect money from individual victims, in an essentially anonymous way (if they're careful). I don't know about you, but I think that sound in the distance is half the black hat hackers in the world's drool collectively hitting the floor.

Quote
And even if you are right, Ipsum, can you PLEASE explain to me how redlisting coins would help fighting CryptoLocker copycats ?

Well, Mike's a very smart guy, and an expert in security, so I may not understand his proposal with precision, but I'm pretty sure the outrage on this thread is a result of people just flying off the handle for no good reason. To be very clear, he's calling it a red list specifically because it's not the same as a blacklist. He's not proposing auto-filtering out 'tainted' coins. Here's the short summary:

"Consider an output that is involved with some kind of crime, like a theft or extortion. A "redlist" is an automatically maintained list of outputs derived from that output, along with some description of why the coins are being tracked. When you receive funds that inherit the redlisting, your wallet client would highlight this in the user interface. Some basic information about why the coins are on the redlist would be presented. You can still spend or use these coins as normal, the highlight is only informational. To clear it, you can contact the operator of the list and say, hello, here I am, I am innocent and if anyone wants to follow up and talk to me, here's how. Then the outputs are unmarked from that point onwards. For instance, this process could be automated and also built into the wallet."

This is basically a reputation service. There could be many of them, though it's a network on top of a network, so I'd have to imagine the network effect is pretty huge in terms of winner-takes-all.

He had written more about it here earlier: https://bitcointalk.org/index.php?topic=157130.60

And to be clear, he's not even proposing it. He's just pointing out that there is a potentially huge problem with cryptolocker and other methods of clear crime (I don't know anyone who thinks extortion is ok, vs Silk Road, where there's legitimate debate) where what bitcoin does is completely shut down the attack vector law enforcement can most easily use to shut down the incentive to commit the crime.

Neither I nor Mike nor anyone else know what the solution (if there is one) to the problem is, but it certainly deserves discussion, and redlisting is one idea. That's all his post was. A discussion. Blacklisting (distinct from and way worse than redlisting) would be completely off the table for everyone I know in the Foundation, for what it's worth.

Luckybit
Hero Member
*****
Offline Offline

Activity: 714
Merit: 500



View Profile
November 15, 2013, 02:46:10 AM
 #206

I don't think -anybody- at the Foundation is happy about even having to have this discussion. But the discussion has to happen, because Cryptolocker is a real issue that's going to become a lot bigger soon. There are very few vectors of attack against Cryptolocker (and inevitable copycats), whereas stuff like Silk Road is almost guaranteed to fail long-term due to the huge number of vectors for law enforcement to use against it. Unfortunately, one of those very few vectors usable against Cryptolocker is bitcoin.
Cryptolocker is not Bitcoin's issue any more than it's Ford's issue if a bank robber drives off in one of models.

If somebody should be thrown under the bus here it should be Microsoft for being unable or unwilling to build secure operating systems.

Anyone who says they are worried about Cryptolocker's effect on Bitcoin adoption is lying. By every objective measure: transaction rate, blockchain.info wallets, frequency of conferences, exchange rate, etc, growth is exponential and shows not the slightest sign of being negatively affected by Cryptolocker.

This idea of a Cryptolocker backlash is a fake problem used to scare the community into accepting a compromise that's against their best interests. These plans have been in the works for years, as evidenced on this very forum, and the proponents have just been waiting for a suitable excuse the put their plans into effect.

It's not a fake problem at all. If in 6 months magically Bitcoins are $100,000 each then the incentive to target users is now much much higher. Malware will be written by the best of the best and you wont be able to detect it with any sort of virus scanner software or countermeasure. Nothing can be done to stop undetectable malware attacks, randomware attacks, or anything else. The best idea we have from the community is the Trezor wallet and they are taking too long to make it.

It will be interesting to see how secure the Trezor actually is and whether or not it can pass the security checks but if it does then that is part of it. The point is that not enough time and effort is being put into protecting the users of Bitcoin from being targets of hackers precisely because a lot of the old time Bitcoin users are security experts who can tell newbies to compile their Bitcoin wallet, to put their Bitcoins in cold storage, to use a 25 character password or a brain wallet. Let's be honest here and admit that security is not easy even for the experts. The more you know about security the more paranoid you tend to be.

So when people say I'm being paranoid it might be because I know a lot about this subject and have reason to be.
Luckybit
Hero Member
*****
Offline Offline

Activity: 714
Merit: 500



View Profile
November 15, 2013, 02:51:15 AM
 #207

So you're telling me that if each Bitcoin is worth $1 million dollars ransomware or other sophisticated malware and spyware wont be developed to target Bitcoin users? This isn't paranoia it's common sense. Governments may or may not have hit any of us already with advanced persistent threats. Do you think they'll tell us?

This seems disingenuous.  Gold and cash are worth lots too.  If you advertise the fact that you have a big hoard under your bed, and then leave your doors unlocked, then, yeah, you'll be a target.  

Just like gold or $, if you don't want to secure your money, pay a service that will.  

The beauty of bitcoin is that everyone is free to make the choice that is right for them.

The fact is that it already is advertised who has a big stash. Anyone could be analyzing the blockchain as we speak and connecting those wallet accounts to email addresses. An unregulated exchange could collect email addresses and wallet addresses to put into their database. That exchange could then be hacked or perhaps the government sponsored hackers put the malware on that exchange. Perhaps the exchange itself is merely a front, a honeypot to attract high net worth Bitcoin holders to capture intelligence (which can then allow the database owner to sell the database for Bitcoins to hackers).

Once intelligence has been captured then you know how many coins are in certain addresses and you have their email addresses. So what stops you from sending them attachments with malware? What stops you from targeting them for scams or phishing for more information for even better targeted advanced persistent threats, malware or ransomware?

When you're talking about someone with a million dollars in their wallet and their email address is public information because its associated with an exchange, why wouldn't hackers target that email address? Why wouldn't hackers be looking for personally identifiable information? The same way KYC can be used by regulated exchanges nothing stops unregulated exchanges from collecting information about users and then hacking them.

Ipsum
Member
**
Offline Offline

Activity: 62
Merit: 10



View Profile
November 15, 2013, 02:51:30 AM
 #208


Mike Hearn is participating in the same sort of thing that the Bush Administration did in 2001. He is proposing that Bitcoin businesses voluntarily help the US Government seize worldwide control of Bitcoin for the mere perception that something is being done about CryptoLocker. Meanwhile, there are obvious ulterior motives in play. To achieve a critical mass that would harm all users of Bitcoin, he only needs to get BitPay and Coinbase on board.


Take a deep breath, remove the tinfoil hat.

Please read my previous post. Mike started a discussion about what is effectively a reputation service for coins. He didn't even propose that the Bitcoin Foundation adopt promoting the idea of one as policy, or that he himself is convinced a redlist is a good idea.

They're going to spring up regardless of Mike's proposal, though. Some bitcoin services will use them, some won't. They'll be full of holes and cannot, by the nature of bitcoin, be 100% effective.

A reputation system is a way for individuals and entities (companies, whatever) to communicate information to each other. I thought we're about free speech here, and freedom of individuals and entities to transact (money, information, etc) with each other?

moderate
Member
**
Offline Offline

Activity: 98
Merit: 10

nearly dead


View Profile
November 15, 2013, 02:53:43 AM
 #209


snip snip

So when people say I'm being paranoid it might be because I know a lot about this subject and have reason to be.

Hate to go even more offtopic here, but the ones that know something would never bother adding the words "I know a lot about this" for reasons such as not needing to tell they know a lot about the subject, and by knowing that they have a lot to learn.
Quetzalcoatl_
Newbie
*
Offline Offline

Activity: 26
Merit: 0


View Profile
November 15, 2013, 02:54:28 AM
 #210


Well, Mike's a very smart guy, and an expert in security, so I may not understand his proposal with precision, but I'm pretty sure the outrage on this thread is a result of people just flying off the handle for no good reason. To be very clear, he's calling it a red list specifically because it's not the same as a blacklist. He's not proposing auto-filtering out 'tainted' coins. Here's the short summary:

"Consider an output that is involved with some kind of crime, like a theft or extortion. A "redlist" is an automatically maintained list of outputs derived from that output, along with some description of why the coins are being tracked. When you receive funds that inherit the redlisting, your wallet client would highlight this in the user interface. Some basic information about why the coins are on the redlist would be presented. You can still spend or use these coins as normal, the highlight is only informational. To clear it, you can contact the operator of the list and say, hello, here I am, I am innocent and if anyone wants to follow up and talk to me, here's how. Then the outputs are unmarked from that point onwards. For instance, this process could be automated and also built into the wallet."

This is basically a reputation service. There could be many of them, though it's a network on top of a network, so I'd have to imagine the network effect is pretty huge in terms of winner-takes-all.


You have to make a lot of assumptions to conclude that this "redlist" won't behave exactly like a blacklist. Especially when government joins in on it by punishing people for accepting coins they "should have known" were used for illegal activity. What you'll end up with is an ecosystem where nobody accepts "red"listed coins as payment, even if the network will still let you move them around. If you are innocent, sure, you can contact the operator of the list, but the operator will have no obligation to assume you're innocent. You'll be expected to prove your innocence to the operator's satisfaction.
justusranvier
Legendary
*
Offline Offline

Activity: 1400
Merit: 1006



View Profile
November 15, 2013, 02:56:47 AM
 #211

It's not a fake problem at all. If in 6 months magically Bitcoins are $100,000 each then the incentive to target users is now much much higher. Malware will be written by the best of the best and you wont be able to detect it with any sort of virus scanner software or countermeasure. Nothing can be done to stop undetectable malware attacks, randomware attacks, or anything else. The best idea we have from the community is the Trezor wallet and they are taking too long to make it.
Now you're trying to play the bait and switch game.

Fixing the catastrophe that is PC security, or at least figuring out decent workarounds, is not the topic at hand.
Luckybit
Hero Member
*****
Offline Offline

Activity: 714
Merit: 500



View Profile
November 15, 2013, 02:58:37 AM
 #212


Mike Hearn is participating in the same sort of thing that the Bush Administration did in 2001. He is proposing that Bitcoin businesses voluntarily help the US Government seize worldwide control of Bitcoin for the mere perception that something is being done about CryptoLocker. Meanwhile, there are obvious ulterior motives in play. To achieve a critical mass that would harm all users of Bitcoin, he only needs to get BitPay and Coinbase on board.


Take a deep breath, remove the tinfoil hat.

Please read my previous post. Mike started a discussion about what is effectively a reputation service for coins. He didn't even propose that the Bitcoin Foundation adopt promoting the idea of one as policy, or that he himself is convinced a redlist is a good idea.

They're going to spring up regardless of Mike's proposal, though. Some bitcoin services will use them, some won't. They'll be full of holes and cannot, by the nature of bitcoin, be 100% effective.

A reputation system is a way for individuals and entities (companies, whatever) to communicate information to each other. I thought we're about free speech here, and freedom of individuals and entities to transact (money, information, etc) with each other?



The point I'm trying to make is that you're right they will exist either way and will be used by everyone. Hackers could create target lists of people who have a high net worth in Bitcoin. So even if we didn't have corporations doing the redlist and blacklist nothing would stop underground hacker groups from doing it and the result would be just as bad.

Honestly I don't want these lists to destroy Bitcoin but I also do not want hackers to destroy Bitcoin. If you say no corporation can create a known list then you still have to deal with the possibility of unknown secret lists floating around among hacker networks. I don't think these coin taint lists will do anything to protect us from randomware and I think the best ideas so far are Keyhotee and the Bitcoin identity protocol. This could allow the user to selectively identify themselves to clear themselves if there is an investigation. It is also necessary to allow users to access services without them having to give their email address or identity. You cannot trust every service. Finally it is important to allow users to have a trusted list of businesses, that part of the idea I do support. I need to know I'm contacting a trusted business and that they really are who they claim to be. No more shit like Inputs.io or Labcoin.

It's not a fake problem at all. If in 6 months magically Bitcoins are $100,000 each then the incentive to target users is now much much higher. Malware will be written by the best of the best and you wont be able to detect it with any sort of virus scanner software or countermeasure. Nothing can be done to stop undetectable malware attacks, randomware attacks, or anything else. The best idea we have from the community is the Trezor wallet and they are taking too long to make it.
Now you're trying to play the bait and switch game.

Fixing the catastrophe that is PC security, or at least figuring out decent workarounds, is not the topic at hand.

It's related. If your PC is insecure then you only have the illusion of privacy. Instead of big corporations spying on you through the web and tying your email address and password to your real world identity to sell to whomever now you're at the mercy of foreign hackers who will have databases of their own, potentially with lists of their own, and they exchange information too.

When thinking about privacy and security you have to think about the whole picture and not just the Bitcoin client but the operating system it runs on and the PC that operating system runs on. A security vulnerability in any of that and all privacy is removed.
Peter R
Legendary
*
Offline Offline

Activity: 1162
Merit: 1007



View Profile
November 15, 2013, 02:59:53 AM
 #213

So you're telling me that if each Bitcoin is worth $1 million dollars ransomware or other sophisticated malware and spyware wont be developed to target Bitcoin users? This isn't paranoia it's common sense. Governments may or may not have hit any of us already with advanced persistent threats. Do you think they'll tell us?

This seems disingenuous.  Gold and cash are worth lots too.  If you advertise the fact that you have a big hoard under your bed, and then leave your doors unlocked, then, yeah, you'll be a target.  

Just like gold or $, if you don't want to secure your money, pay a service that will.  

The beauty of bitcoin is that everyone is free to make the choice that is right for them.

The fact is that it already is advertised who has a big stash. Anyone could be analyzing the blockchain as we speak and connecting those wallet accounts to email addresses. An unregulated exchange could collect email addresses and wallet addresses to put into their database. That exchange could then be hacked or perhaps the government sponsored hackers put the malware on that exchange. Perhaps the exchange itself is merely a front, a honeypot to attract high net worth Bitcoin holders to capture intelligence (which can then allow the database owner to sell the database for Bitcoins to hackers).

Once intelligence has been captured then you know how many coins are in certain addresses and you have their email addresses. So what stops you from sending them attachments with malware? What stops you from targeting them for scams or phishing for more information for even better targeted advanced persistent threats, malware or ransomware?

When you're talking about someone with a million dollars in their wallet and their email address is public information because its associated with an exchange, why wouldn't hackers target that email address? Why wouldn't hackers be looking for personally identifiable information? The same way KYC can be used by regulated exchanges nothing stops unregulated exchanges from collecting information about users and then hacking them.


Thank you for the civilized response, Luckybit.  

I would argue that your last points are only likely if you're "not locking your doors," if I may extend my previous analogy.  Since bitcoin is so new, we don't fully know what it takes to "securely lock your doors," but we are slowly learning.  

It is my opinion that trying to "regulate-away" this learning curve would just create a more catastrophic problem down the road. 

I view this learning curve as an opportunity to create more secure ways to store and transact with bitcoin!

Run Bitcoin Unlimited (www.bitcoinunlimited.info)
Carlton Banks
Legendary
*
Offline Offline

Activity: 2492
Merit: 1893



View Profile
November 15, 2013, 03:01:18 AM
 #214


Mike Hearn is participating in the same sort of thing that the Bush Administration did in 2001. He is proposing that Bitcoin businesses voluntarily help the US Government seize worldwide control of Bitcoin for the mere perception that something is being done about CryptoLocker. Meanwhile, there are obvious ulterior motives in play. To achieve a critical mass that would harm all users of Bitcoin, he only needs to get BitPay and Coinbase on board.


Take a deep breath, remove the tinfoil hat.

Please read my previous post. Mike started a discussion about what is effectively a reputation service for coins. He didn't even propose that the Bitcoin Foundation adopt promoting the idea of one as policy, or that he himself is convinced a redlist is a good idea.

They're going to spring up regardless of Mike's proposal, though. Some bitcoin services will use them, some won't. They'll be full of holes and cannot, by the nature of bitcoin, be 100% effective.

A reputation system is a way for individuals and entities (companies, whatever) to communicate information to each other. I thought we're about free speech here, and freedom of individuals and entities to transact (money, information, etc) with each other?



It politicises the use of coins. My political opinion is that your coins should be redlisted, I don't like people like you, just because. There's your free speech.

Vires in numeris
oakpacific
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1000


View Profile
November 15, 2013, 03:02:38 AM
 #215

It's all just a bluff. Hearn is just going there testifying that he can serve bitcoin up on a platter for the sitting mob to control and manipulate... and they will believe it... and they'll finally feast on some of the lies they've been serving up forever... consider it a vision.

Finally someone with some ideas about how politics works, the geeks' ignorance about which on this forum is just frustrating...

https://tlsnotary.org/ Fraud proofing decentralized fiat-Bitcoin trading.
Ipsum
Member
**
Offline Offline

Activity: 62
Merit: 10



View Profile
November 15, 2013, 03:04:14 AM
 #216


Well, Mike's a very smart guy, and an expert in security, so I may not understand his proposal with precision, but I'm pretty sure the outrage on this thread is a result of people just flying off the handle for no good reason. To be very clear, he's calling it a red list specifically because it's not the same as a blacklist. He's not proposing auto-filtering out 'tainted' coins. Here's the short summary:

"Consider an output that is involved with some kind of crime, like a theft or extortion. A "redlist" is an automatically maintained list of outputs derived from that output, along with some description of why the coins are being tracked. When you receive funds that inherit the redlisting, your wallet client would highlight this in the user interface. Some basic information about why the coins are on the redlist would be presented. You can still spend or use these coins as normal, the highlight is only informational. To clear it, you can contact the operator of the list and say, hello, here I am, I am innocent and if anyone wants to follow up and talk to me, here's how. Then the outputs are unmarked from that point onwards. For instance, this process could be automated and also built into the wallet."

This is basically a reputation service. There could be many of them, though it's a network on top of a network, so I'd have to imagine the network effect is pretty huge in terms of winner-takes-all.


You have to make a lot of assumptions to conclude that this "redlist" won't behave exactly like a blacklist. Especially when government joins in on it by punishing people for accepting coins they "should have known" were used for illegal activity. What you'll end up with is an ecosystem where nobody accepts "red"listed coins as payment, even if the network will still let you move them around. If you are innocent, sure, you can contact the operator of the list, but the operator will have no obligation to assume you're innocent. You'll be expected to prove your innocence to the operator's satisfaction.


I'm not making any assumptions. I'm saying that it's a preliminary discussion where nobody knows if or what a workable solution would look like. Could be a total dead-end and very well may be, but no reason not to explore the idea to see if there's a way to make it work.
Luckybit
Hero Member
*****
Offline Offline

Activity: 714
Merit: 500



View Profile
November 15, 2013, 03:07:24 AM
 #217

If in 6 months magically Bitcoins are $100,000 each then the incentive to target users is now much much higher.

What does the BTC/USD ratio have to do with the incentive to target users?

Do you really have to ask that question? Hackers typically go after the easiest targets. They don't and wont typically go after the security experts using cold storage (at least not at first). However they'll collect information on everyone and gather intel through services which will ask for information to help them with their scams. They will then use this intel as part of the recon so that when they do launch their attack they'll know exactly your strengths and weaknesses.

If you're someone who likes to gamble and you log into a gambling site you could find that the whole site gets mysteriously hacked and shut down with all the coins missing. The whole event could have been planned as a honeypot to attract suckers into putting their money on the site and when enough money is given to the site the hackers could roll it all up and take all the money. The higher the price for BTC at the time the more incentive they'll have to do stuff like that. The more anonymous BTC is the more likely they'll do it thinking they can get away with it.

snip snip

So when people say I'm being paranoid it might be because I know a lot about this subject and have reason to be.

Hate to go even more offtopic here, but the ones that know something would never bother adding the words "I know a lot about this" for reasons such as not needing to tell they know a lot about the subject, and by knowing that they have a lot to learn.
I know a lot but not everything. Someone here probably knows more.
There is a lot of inherent risk involved in using Bitcoin services at this time, and while the client itself may be secure we don't vet third party services at all and that is a real problem.

I'm not saying taint lists are a good solution.
oakpacific
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1000


View Profile
November 15, 2013, 03:08:04 AM
 #218


Well, Mike's a very smart guy, and an expert in security, so I may not understand his proposal with precision, but I'm pretty sure the outrage on this thread is a result of people just flying off the handle for no good reason. To be very clear, he's calling it a red list specifically because it's not the same as a blacklist. He's not proposing auto-filtering out 'tainted' coins. Here's the short summary:

"Consider an output that is involved with some kind of crime, like a theft or extortion. A "redlist" is an automatically maintained list of outputs derived from that output, along with some description of why the coins are being tracked. When you receive funds that inherit the redlisting, your wallet client would highlight this in the user interface. Some basic information about why the coins are on the redlist would be presented. You can still spend or use these coins as normal, the highlight is only informational. To clear it, you can contact the operator of the list and say, hello, here I am, I am innocent and if anyone wants to follow up and talk to me, here's how. Then the outputs are unmarked from that point onwards. For instance, this process could be automated and also built into the wallet."

This is basically a reputation service. There could be many of them, though it's a network on top of a network, so I'd have to imagine the network effect is pretty huge in terms of winner-takes-all.


You have to make a lot of assumptions to conclude that this "redlist" won't behave exactly like a blacklist. Especially when government joins in on it by punishing people for accepting coins they "should have known" were used for illegal activity. What you'll end up with is an ecosystem where nobody accepts "red"listed coins as payment, even if the network will still let you move them around. If you are innocent, sure, you can contact the operator of the list, but the operator will have no obligation to assume you're innocent. You'll be expected to prove your innocence to the operator's satisfaction.


I'm not making any assumptions. I'm saying that it's a preliminary discussion where nobody knows if or what a workable solution would look like. Could be a total dead-end and very well may be, but no reason not to explore the idea to see if there's a way to make it work.

I would say "no way to make it work" is exactly how it would work, we can make all kinds of assumption about Hearn's morality, but I doubt he is silly enough to believe a government-style blacklist will be successful, he was also an active participator in Maxwell's Coinjoin post.

https://tlsnotary.org/ Fraud proofing decentralized fiat-Bitcoin trading.
drawingthesun
Legendary
*
Offline Offline

Activity: 1148
Merit: 1002


View Profile
November 15, 2013, 03:09:28 AM
 #219

Take a deep breath, remove the tinfoil hat.

Not an attack on your argument, but the term "tinfoil hat" has to be retired now, considering that half the people wearing tinfoil hats were validated by Snowden.

Now when someone says tinfoil hat, the first thing I think of is "They are probably right, if history is any indicator"
Ipsum
Member
**
Offline Offline

Activity: 62
Merit: 10



View Profile
November 15, 2013, 03:09:51 AM
 #220


Mike Hearn is participating in the same sort of thing that the Bush Administration did in 2001. He is proposing that Bitcoin businesses voluntarily help the US Government seize worldwide control of Bitcoin for the mere perception that something is being done about CryptoLocker. Meanwhile, there are obvious ulterior motives in play. To achieve a critical mass that would harm all users of Bitcoin, he only needs to get BitPay and Coinbase on board.


Take a deep breath, remove the tinfoil hat.

Please read my previous post. Mike started a discussion about what is effectively a reputation service for coins. He didn't even propose that the Bitcoin Foundation adopt promoting the idea of one as policy, or that he himself is convinced a redlist is a good idea.

They're going to spring up regardless of Mike's proposal, though. Some bitcoin services will use them, some won't. They'll be full of holes and cannot, by the nature of bitcoin, be 100% effective.

A reputation system is a way for individuals and entities (companies, whatever) to communicate information to each other. I thought we're about free speech here, and freedom of individuals and entities to transact (money, information, etc) with each other?



It politicises the use of coins. My political opinion is that your coins should be redlisted, I don't like people like you, just because. There's your free speech.

Sure, that's fine. And the three people that will care about your opinion there can redlist my coins, which won't affect me at all. Likewise, I could redlist your coins, and the three people that would care won't affect you at all, because neither of us run a largely trusted service passing information to its clients.

For a site where so many people give lip service to freedom, it's incredible how many people have such opposition to the idea of entities (people, companies, etc) passing information to each other in a mutually willing exchange of value.

Pages: « 1 2 3 4 5 6 7 8 9 10 [11] 12 13 14 15 16 17 18 19 20 21 22 23 24 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!