Mike Hearn, Foundation's Law & Policy Chair, is pushing blacklists right now

[Kouye]

Stay focused, please.

Discuss how redlisting coins will help fight crime, and especially CyptoLock copycats.

[1714493143]

1714493143

[1714493143]

1714493143

[1714493143]

1714493143

[Ipsum]

Take a deep breath, remove the tinfoil hat.

Not an attack on your argument, but the term "tinfoil hat" has to be retired now, considering that half the people wearing tinfoil hats were validated by Snowden.

Now when someone says tinfoil hat, the first thing I think of is "They are probably right, if history is any indicator"

I'm not sure I know anyone reasonable who didn't think the NSA was widely spying on the world. Snowden confirmed it and provided valuable details as to just how watched we are, but come on.

This guy just claimed that Hearn's proposal was a way for the US gov to seize control of bitcoin worldwide. That's a tinfoil hat statement. Patently ridiculous.

(Maybe not ridiculous at some time in the future when bitcoin is large enough to actually raise any existential alarms in the halls of power, but we're a couple orders of magnitude from that, and nothing the federal government does is as subtle as co-opting a google security engineer living in Switzerland to start a discussion on a small (the foundation does not have that many members) message board.)

[Luckybit]

If in 6 months magically Bitcoins are $100,000 each then the incentive to target users is now much much higher.

What does the BTC/USD ratio have to do with the incentive to target users?

Do you really have to ask that question? Hackers typically go after the easiest targets. They don't and wont typically go after the security experts using cold storage (at least not at first). However they'll collect information on everyone and gather intel through services which will ask for information to help them with their scams. They will then use this intel as part of the recon so that when they do launch their attack they'll know exactly your strengths and weaknesses.

If you're someone who likes to gamble and you log into a gambling site you could find that the whole site gets mysteriously hacked and shut down with all the coins missing. The whole event could have been planned as a honeypot to attract suckers into putting their money on the site and when enough money is given to the site the hackers could roll it all up and take all the money. The higher the price for BTC at the time the more incentive they'll have to do stuff like that. The more anonymous BTC is the more likely they'll do it thinking they can get away with it.

I'd say you didn't answer the question at all. If USD/BTC is $400,000 instead of $400, surely people will keep less BTC lying around on their computers.

That isn't the case. A lot of people including Mike Hearn have lost their BTC wallet from back when they first mined BTC. A lot of people who aren't paranoid about being hacked will leave some satoshi laying around. And not everyone is a security expert who even knows what the phase "cold storage" means. Why do we have to act like snobs about this?

Sure we could start businesses to secure people's wallets for a fee but then we'd be acting like banks and would probably have to be regulated.

[Luckybit]

Stay focused, please.

Discuss how redlisting coins will help fight crime, and especially CyptoLock copycats.

Redlisting does not help fight crime. Criminals already have databases and probably have lists which they are exploiting as we speak. If they have lists we should be discussing how to make their lists less effective by improving the privacy functionality so that they cannot track our money.

We should also be discussing what we can do to protect users from being targeted in general. There are a lot of potential attacks and coin taint lists are just one.

[oakpacific]

Keep focused, please.

Discuss how redlisting coins will help fight crime, and specifically CyptoLock copycats.

Easy, criminals can remain uncaught because innocent people are willing to hide them among us, or just do not object to it. If everyone thinks someone is a scumbag deserving some punishment, they will all actively participate in spotting him, like if he tries to use Coinjoin everyone will refuse to mix with his coins, then he has no place to hide.

The law-enforcement could even be compelled to be more transparent, because they have to do so to get our help, rather than forcing it upon us.


This should be Hearn's original idea: https://bitcointalk.org/index.php?topic=157130.0

What he is trying to present to the politicians may be a cooked-up version.

[Ipsum]

Stay focused, please.

Discuss how redlisting coins will help fight crime, and especially CyptoLock copycats.

Redlisting does not help fight crime. Criminals already have databases and probably have lists which they are exploiting as we speak. If they have lists we should be discussing how to make their lists less effective by improving the privacy functionality so that they cannot track our money.

We should also be discussing what we can do to protect users from being targeted in general. There are a lot of potential attacks and coin taint lists are just one.

You've either not read or not understood what Mike wrote.

Redlisting does not involve blacklisting or whitelisting coins. Think of it as attaching a breadcrumb trail to coins that someone suspects are illicitly gained. It doesn't stop anyone from accepting them or spending them. It does, however, provide kind of an informational bread crumb trail for law enforcement to later track if it's necessary.

[Amitabh S]

This is indeed worrying. Hope this never gets implemented.

[Luckybit]

Stay focused, please.

Discuss how redlisting coins will help fight crime, and especially CyptoLock copycats.

Redlisting does not help fight crime. Criminals already have databases and probably have lists which they are exploiting as we speak. If they have lists we should be discussing how to make their lists less effective by improving the privacy functionality so that they cannot track our money.

We should also be discussing what we can do to protect users from being targeted in general. There are a lot of potential attacks and coin taint lists are just one.

You've either not read or not understood what Mike wrote.

Redlisting does not involve blacklisting or whitelisting coins. Think of it as attaching a breadcrumb trail to coins that someone suspects are illicitly gained. It doesn't stop anyone from accepting them or spending them. It does, however, provide kind of an informational bread crumb trail for law enforcement to later track if it's necessary.

I don't think it's a good idea to start making lists unless you don't mind being on someones list. I think it can easily spin out of control where hackers have lists, law enforcement have lists, and everyone is caught in the middle of being scrutinized by both hackers and law enforcement.

If you want to be on a list it should be voluntary. The list idea needs to be more well thought out, that is all.


https://bitcointalk.org/index.php?topic=157130.0

The idea Mike Hearn presents here has some merit but once again how to implement it in a way which is voluntary, preserves privacy, and does not give control to any centralized government or group?

If each community had its own lists there would still be problems though. Some communities will do business with you while others wont. Also making a list of coins isn't smart. Why not just have verified users, trusted users, trusted accounts or trusted identities? Why do we need to track coins when the bad actors are the ones the community is concerned about?

[CoinHoarder]

This tool will kill Bitcoin as we know it. I wouldn't mind if it was only used to go after thieves, but there is no way to know and/or stop the government for using it however they see fit. The problem in my opinion is when they start using the tool to go after "Silk Road" types of people. I believe as long as someone is doing no one else harm, them and only them should be able to choose what is put into their body. The drug war has failed and the government is starting to realize it, the more the people push for policies such as decriminalization/legalization of marijuana, the more obvious this will become to the government over time. If this tool is used to further the government's agenda on the failing drug war, then I strongly oppose it.

Another problem... who enforces the basic American principal of innocent until proven guilty? How would the due process be like to be able to black list coins? Would there have to be a criminal court case, or can they decide to blacklist coins on a whim whenever they deem that someone is doing something illegal? This could be very dangerous against freedom of speech. If the government doesn't like what you're saying, who's to say they can't just blacklist your life savings? What recourse would there be in that situation? Are you going to call the Bitcoin police?

I'm afraid such a tool would be horribly misused by the government. We cannot trust them with such power, because eventually it will be used against us. Where would it end? Blacklisting coins because of parking/speeding tickets, past due taxes, unpaid Obamacare taxes? Anyone that thinks for a second the government will use this tool only for its intended purpose of going after thieves is slightly naive. This would just be another step in the wrong direction as far as personal liberties go. This is like the patriot act for Bitcoin... sure it's built for a good purpose, but they can also easily misuse it however they see fit.

[solex]

Stay focused, please.

Discuss how redlisting coins will help fight crime, and especially CyptoLock copycats.

Redlisting does not help fight crime. Criminals already have databases and probably have lists which they are exploiting as we speak. If they have lists we should be discussing how to make their lists less effective by improving the privacy functionality so that they cannot track our money.

We should also be discussing what we can do to protect users from being targeted in general. There are a lot of potential attacks and coin taint lists are just one.

You've either not read or not understood what Mike wrote.

Redlisting does not involve blacklisting or whitelisting coins. Think of it as attaching a breadcrumb trail to coins that someone suspects are illicitly gained. It doesn't stop anyone from accepting them or spending them. It does, however, provide kind of an informational bread crumb trail for law enforcement to later track if it's necessary.

That would be fine if that is where it stopped. But it becomes a slippery slope. The next logical step is enforcement in the protocol that such coins can't be spent. The other problem is that it is an avenue of attack. What is to stop someone getting their enemies coins redlisted?

The BF should not be dreaming up law-enforcement applications. Let LE do that. I don't like hearing that people are being forced to buy btc because of ransomware, but this situation is not unlike the invention of email which resulted in hundreds of people falling for Nigerian scams. It was not the fault of smtp.

The correct course of action would be for the BF to set up a charity. Hardship cases can be given compensation from funds donated for the purpose of helping people harmed during the growth phase of Bitcoin.

[Carlton Banks]

Redlisting does not involve blacklisting or whitelisting coins. Think of it as attaching a breadcrumb trail to coins that someone suspects are illicitly gained. It doesn't stop anyone from accepting them or spending them. It does, however, provide kind of an informational bread crumb trail for law enforcement to later track if it's necessary.

It does encourage people to check whether they are receiving redlisted coins, precisely because of what you're outlining. If you know coins are redlisted, you will prefer not to accept them, as they are potentially the proceeds of a crime. This means they can be legitimately removed from your possession, they are someone else's property.

This is a much more difficult problem with a finite money supply. In the fiat system, banks and credit card companies insure against thefts, and the central bank can just print whatever is required to offset such losses as demanded by the treasury department of the government. The money supply expands and contracts to suit all sorts of needs. Bitcoin cannot adhere to this model, whoever ends up with provably stolen funds can only conscionably return them to the original owner.

The solution, therefore, is prevention, not cure. Hard currency limit dictates this. Hardware wallets and cold storage are new concepts that are only for the "experts" and "snobs", as some would say. Let's encourage the developers to make them easy enough for anyone to use with comfort. Let's encourage users to want these things, by talking about them positively, not negatively.

[oakpacific]

Or maybe we should just use passive crime fighting? Law enforcement announces an address which is believed to be used to store illegal funds, then everyone participates in coin mixing can be notified and decide for himself if he is willing to mix his funds with that of a suspect, it can even be built into the clients to automatically receive notice from the government, oh wait, law enforcement prefers to remain obscure, so forget about it....

[Luckybit]

Or maybe we should just use passive crime fighting? Law enforcement announces an address which is believed to be used to store illegal funds, then everyone participates in coin mixing can decide for himself if he is willing to mix his funds with that of a suspect, it can even be built into the clients, oh wait, law enforcement prefers to remain obscure, so forget about it....

There are a lot of technical solutions which could empower the community without dividing it.

This idea you present actually isn't all that bad. If individual users want to set their client to only deal with other trusted users that actually would be an excellent feature. No one wants to get scammed to find out that they cannot trust. The principle is that it should be voluntary.

[oakpacific]

Or maybe we should just use passive crime fighting? Law enforcement announces an address which is believed to be used to store illegal funds, then everyone participates in coin mixing can decide for himself if he is willing to mix his funds with that of a suspect, it can even be built into the clients, oh wait, law enforcement prefers to remain obscure, so forget about it....

There are a lot of technical solutions which could empower the community without dividing it.

This idea you present actually isn't all that bad. If individual users want to set their client to only deal with other trusted users that actually would be an excellent feature. No one wants to get scammed to find out that they cannot trust. The principle is that it should be voluntary.

If individual users want to set their client to only deal with other trusted users... then they can use Ripple, backed by Google Ventures, employer of Mike Hearn!

Or you could rather say: what Ripple implements is just some trivial features that can be done on the Bitcoin network easily.

[drawingthesun]

Oh no please no more Ripple! Ew!

[oakpacific]

Oh no please no more Ripple! Ew!

It's actually on topic, that Chris Larsen is also present at the hearing maybe why Hearn has to practice doublespeak.

[enquirer]

Don't forget that Mike Hearn works for G$$gle, which allegedly has close ties to NSA/CIA.
NSA's one known attack vector is to infiltrate protocol development committees and influence their decisions to compromise security.

[Luckybit]

https://www.virustotal.com/en/file/43e315a525dade2bb23e8071619677caf58ecb381a56019fb740a23bf6a8f211/analysis/

So if we do nothing about security then we cannot even mine without worrying about viruses hidden in the miner. Of course you can be a security snob and say compile it yourself but at some point we need trusted sources.

And no, a really good virus writer wouldn't be caught. It would be undetectable.

[kjj]

I don't think it's a good idea to start making lists unless you don't mind being on someones list. I think it can easily spin out of control here hackers have lists, law enforcement have lists, and everyone is caught in the middle of being scrutinized by both hackers and law enforcement.

If you want to be on a list it should be voluntary. The list idea needs to be more well thought out, that is all.

Yeah, that's how lists work.  </sarcasm>

Seriously, how do you expect to prevent other people from making lists?  For all you know, I have a list.  Maybe you are on it now.

That would be fine if that is where it stopped. But it becomes a slippery slope. The next logical step is enforcement in the protocol that such coins can't be spent. The other problem is that it is an avenue of attack. What is to stop someone getting their enemies coins redlisted?

If the protocol had a mechanism that prevented spending of listed coins, there would be no point in notifying users.

But first, how would you convince people to use the fork with enforcement?



The bottom line is that right now today, with no changes to anything, if you end up with coins bearing an interesting history, you take the risk of someone becoming interested in you.  You cannot prevent this risk.  You cannot mitigate it.  If you ditch the coins, you are still part of the chain, and you may get a knock on your door from people wondering how they came to you.

Widespread mixing, if and when it arrives, will hopefully muddy the trail of every transaction, maybe even to the point that most investigations become futile.

[Luckybit]

I don't think it's a good idea to start making lists unless you don't mind being on someones list. I think it can easily spin out of control here hackers have lists, law enforcement have lists, and everyone is caught in the middle of being scrutinized by both hackers and law enforcement.

If you want to be on a list it should be voluntary. The list idea needs to be more well thought out, that is all.

Yeah, that's how lists work.  </sarcasm>

Seriously, how do you expect to prevent other people from making lists?  For all you know, I have a list.  Maybe you are on it now.

We can't. But we can do what we can to protect privacy and security of the user. We can make all lists voluntary. Part of that means we have to keep pseudo-anonymity because without that anyone who doesn't like you from anywhere on the Internet could put you on a "scam" or "hack' list. Law enforcement is no better and they could target people for political reasons like with Aaron Swartz.

Don't forget that Mike Hearn works for G$$gle, which allegedly has close ties to NSA/CIA.
NSA's one known attack vector is to infiltrate protocol development committees and influence their decisions to compromise security.

if an intelligence agency wanted to hack Bitcoin they could infiltrate with malware. Why would they even have to make it known? They might always have backdoors. I'm sure if you're using closed source Windows that there could be a backdoor since you didn't inspect every line of code and can't trust Microsoft.

Bitcoin could be infiltrated upon compilation. It's not really possible to stop the NSA when you're using pre-compiled software. If you compile it yourself then you have to trust the source. This is why Linux repositories have public keys.

We probably need something like this for Bitcoin service businesses too. If you deal with a business in a trusted network then you're alright. If you take your chances then your take your chances. And the list should be compiled by the community of which businesses to trust and why.

And no we wont agree on who makes each list. There will probably be lists of different businesses which are trusted by one faction of the community or another for various reasons. Trust is critical and so is reputation for business. I suggest an open wiki.