Mike Hearn, Foundation's Law & Policy Chair, is pushing blacklists right now

[Luckybit]

Advanced persistent threats can exist in any and every one of our computer systems. At any time a government can flip a switch and force us to pay some tax in Bitcoins?

No, they cannot.

And...

Have you been hit by a ransomware before?
Do you know anyone who have been?

Quit being paranoid. Ransomware did exist, still exist, and will exist. With no more power than they had before, provided you have a safe backup of your wallet.

So you're telling me that if each Bitcoin is worth $1 million dollars ransomware or other sophisticated malware and spyware wont be developed to target Bitcoin users? This isn't paranoia it's common sense. Governments may or may not have hit any of us already with advanced persistent threats. Do you think they'll tell us?

http://en.wikipedia.org/wiki/GhostNet

[1714093952]

1714093952

[p2pbucks]

Foundation should be dismissed right now  ! They are Bitcoin Destroyers!

[playtin]

Developments like this redlist thing played a big role for us in our decision to add a wallet and off-chain transactions to our service. Especially off-chain transactions can help to fight such nonsense. https://bitcointalk.org/index.php?topic=333350.0

[Kouye]

So you're telling me that if each Bitcoin is worth $1 million dollars ransomware or other sophisticated malware and spyware wont be developed to target Bitcoin users? This isn't paranoia it's common sense. Governments may or may not have hit any of us already with advanced persistent threats. Do you think they'll tell us?

You're a persistent one.
I'm just telling you that ransomware will not magically become more efficient than it is now just because people acknowledge bitcoin being worth more than murrikan dollar.

Ransomware today is a pain. Ransomware tomorrow will be a pain. Ransomware won't be more dangerous tomorrow than it is today.
Your coins are safe as long as you have a backup+strong passphrase or cold wallets.
Just smile and go to sleep.

[Ipsum]

So it's a very serious problem which I think people on this forum are underestimating. Cryptolocker could destroy Bitcoin just like the blacklist can.

Mike's core concern, based on the thread on the Foundation forums, is that Cryptolocker is a serious problem, and because it's such a demonically simple way to extort cash from people, it's going to become a huge problem. There will be many, many copycats soon, and you get enough non-techies getting ripped off and having their first experience with bitcoin this way, and suddenly govs around the world become very hostile to bitcoin (vs barely caring about it, and figuring out how they feel about it as is the case now). And then (or perhaps before), you can kiss any hope of business acceptance of bitcoin (something we all dream of, I'd imagine, so that we can transact in bitcoin without having to resort to exchanges) goodbye.

Mike's example is Tor, which is a network that failed to clean up the abuse that goes through it, resulting in all sorts of networks and sites now banning access from Tor exit nodes, drastically reducing the ability of someone to use Tor to normally use the internet. The same thing can happen with bitcoin, and as someone who does want to be able to transact in bitcion someday, failing to look at ways to isolate bad actors from the bitcoin network is a mistake.

I don't think -anybody- at the Foundation is happy about even having to have this discussion. But the discussion has to happen, because Cryptolocker is a real issue that's going to become a lot bigger soon. There are very few vectors of attack against Cryptolocker (and inevitable copycats), whereas stuff like Silk Road is almost guaranteed to fail long-term due to the huge number of vectors for law enforcement to use against it. Unfortunately, one of those very few vectors usable against Cryptolocker is bitcoin.

I think it's unlikely the Foundation will end up making coin redlisting/tainting/blacklisting/whatever an official policy they try to push, but the idea that we shouldn't even be having the discussion is crazy. The process at arriving at a solution for problems usually involves many dead ends and dark caves before you find the route to the top of the mountain.

[Ytterbium]

This doesn't even make any sense.  Coins already carry "taint", you can see where they come from. If someone wants to publish a list of transactions they don't like, they're obviously free to do that. I could setup a website with my own "redlist" today. What problem is this even supposed to solve?

The problem of course, is who maintains this list? The bitcoin foundation? every government in the world? If I'm in Iran do I have to apply the US government's redlist?  What happens when the US government tries to use the redlist to help stop the Iranian nuclear program, is some Iranian nuclear scientist supposed to reject his own paycheck?

It does illustrate the importance of keeping mining decentralized, though. If there are a few central, major mines in the world, they'll have an incentive not to mine blocks with 'redlisted' addresses, and on top of that they can even refuse to mine off blocks with redlisted addresses in a government-coordinated 51% attack.

[drawingthesun]

The only solution is to fast forward development of CoinJoin/ZeroCoin type systems.

If Mikes/US Governments lists all work based on tracking coins ("taint analyses") then now moving towards a fully anonymous Bitcoin is the only way to go.

I argued almost a year ago (different account I think) that the future must be Bitcoin with some built in anonymous capability otherwise evils like coin tracking will emerge.

Already if you make a payment you risk the merchant discovering your a millionaire and risk life and limb (In this way Bitcoin can be less private than a normal bank account, at least my local IGA has no idea what my bank balance is)

The solution is to make it commonplace to anonymize almost every transaction or set of transactions by default. This will stop NSA tracking, the redlist and people discovering your networth.

[tvbcof]

...
Hearn posted the following message to the legal section of the members-only foundation forum:
...

This was exactly my biggest concern when the idea of the foundation was initially floated, and I stated it.  Fungus grows in the dark.  As it happened, the level of opacity is far worse than I even dreamed it might be.

In order to protect my own ass I need to understand the way things are progressing and I'm not going to buy a seat at the foundation just to do this because I feel that they are not acting in the best interests of what I'd like to see Bitcoin become.

[Kouye]

Mike's core concern, based on the thread on the Foundation forums, is that Cryptolocker is a serious problem, and because it's such a demonically simple way to extort cash from people, it's going to become a huge problem. There will be many, many copycats soon, and you get enough non-techies getting ripped off and having their first experience with bitcoin this way, and suddenly govs around the world become very hostile to bitcoin[...]

Ransomwares are as old as internet. They've always been around, and they have no more power than they had before bitcoin.
And even if you are right, Ipsum, can you PLEASE explain to me how redlisting coins would help fighting CryptoLocker copycats ?

I think it's unlikely the Foundation will end up making coin redlisting/tainting/blacklisting/whatever an official policy

That's a relief. I guess.

[Wary]

Its easy to redlist someone/something, but its a career ending move to clear the wrong person.

Good point!

[Ytterbium]

Mike's core concern, based on the thread on the Foundation forums, is that Cryptolocker is a serious problem, and because it's such a demonically simple way to extort cash from people, it's going to become a huge problem. There will be many, many copycats soon, and you get enough non-techies getting ripped off and having their first experience with bitcoin this way, and suddenly govs around the world become very hostile to bitcoin (vs barely caring about it, and figuring out how they feel about it as is the case now). And then (or perhaps before), you can kiss any hope of business acceptance of bitcoin (something we all dream of, I'd imagine, so that we can transact in bitcoin without having to resort to exchanges) goodbye.

Here's a thought - why don't people keep their virus definition files up to date? Microsoft deserves a huge amount of blame for leaving their OSes unprotected for such an incredibly long time, but windows 8 actually does include Microsoft Security Essentials for free.

Anyway, how many people have actually gotten the cryptlocker virus?  I think it's pretty unlikely that this will be anything more then a fringe thing affecting people who probably don't have any valuable files anyway, because they don't even know how to use their computer. A virus writer will have to be extremely selective in targeting people if they don't want their virus to end up in virus definition, which in turn means not very many people will be effected.  If they try to spread it all over the place it'll end up blocked everywhere, which in turn, again, means no one gets it.

DPR tried to have people whacked for bitcoin, and this stupid virus is what people are worried about "ruining bitcoin"?

[Peter R]

So it's a very serious problem which I think people on this forum are underestimating. Cryptolocker could destroy Bitcoin just like the blacklist can.

Mike's core concern, based on the thread on the Foundation forums, is that Cryptolocker is a serious problem, and because it's such a demonically simple way to extort cash from people, it's going to become a huge problem. There will be many, many copycats soon, and you get enough non-techies getting ripped off and having their first experience with bitcoin this way, and suddenly govs around the world become very hostile to bitcoin (vs barely caring about it, and figuring out how they feel about it as is the case now). And then (or perhaps before), you can kiss any hope of business acceptance of bitcoin (something we all dream of, I'd imagine, so that we can transact in bitcoin without having to resort to exchanges) goodbye.

CryptoLocker is forcing people to rethink their computer security.  In our post-Snowden world, I believe this is a long-term good thing, despite the harm and frustration it is causing people in the short term.  

I actually met one of the victims, BTW.  A late-60's women from Vancouver trying to buy coins from the Robocoin ATM:

https://bitcointalk.org/index.php?topic=330720

What she didn't like about bitcoin was the difficulty she had in buying one.  I thought it was interesting that in her mind cryptolocker was "evil Russian hackers" and bitcoin was just some unrelated thing she could buy from the ATM.

[Kouye]

CryptoLocker is forcing people to rethink their computer security.

no, No, NO, NO.
Ransomware have existed before most bictoiners were born.
This is very, very old news.

[millsdmb]

This is just the beginning.
Satoshi would be ashamed.

its so sad too, because Satoshi reached out to Mike to get him more involved (as I understand it). Now he appears to be looking to effectively kill the whole thing.

Q: I'm not technically savvy, but wouldn't the solution be CryptoLocker counter-measures on client computers?
A: (Mike's own words) "That's certainly a solution yes, but unfortunately it's sort of like saying the solution to burglary is having locks ondoors and windows, so we don't need the police."

And this guy is important for bitcoin? SMDH.

(edit: source: https://jumpshare.com/v/FCGnW40vMhG8ETE8i57h?b=rJU3YwFcBYWUD5X0bbqR)

[Peter R]

CryptoLocker is forcing people to rethink their computer security.

no, No, NO, NO.
Ransomware have existed before most bictoiners were born.
This is old news.

So if you or someone you know was a victim of cryptolocker, you wouldn't rethink your computer security?  I know the old lady and I both re-thought our computer security (https://bitcointalk.org/index.php?topic=330720)

The fact that cryptolocker was not the first instance of ransomware does not make my statement false.

Haha: CryptoLocker: not the first, just the best.

[Kouye]

The fact that cryptolocker was not the first instance of ransomware does not make my statement false.

It does not, indeed.
If you agree explaining to me how redlisting coins would help, and how bitcoin make you more vulnerable to ransomware...
I'll tell you a nice story called Reveton.

[Peter R]

The fact that cryptolocker was not the first instance of ransomware does not make my statement false.

It does not, indeed.
If you agree explaining to me how redlisting coins would help, and how bitcoin make you more vulnerable to ransomware...
I'll tell you a nice story called Reveton.

What I said had nothing to do with red-listing coins!  I was just pointing out two things:

1. That after meeting a CryptoLocker victim in person, I could tell that they did not relate bitcoin to CryptoLocker.  She thought the virus was "evil Russian hackers" and that bitcoins were these things she could buy from the Robocoin ATM in downtown Vancouver.  

2.  That CryptoLocker, in a twisted sense, may actually be teaching mankind an important lesson in computer security. 

I think any change to bitcoin based on "CryptoLocker" would be unwise ridiculous.  
I think any change to bitcoin based on "CryptoLocker" would be unwise ridiculous.
I think any change to bitcoin based on "CryptoLocker" would be unwise ridiculous Bitcoin is great as is.

[justusranvier]

I don't think -anybody- at the Foundation is happy about even having to have this discussion. But the discussion has to happen, because Cryptolocker is a real issue that's going to become a lot bigger soon. There are very few vectors of attack against Cryptolocker (and inevitable copycats), whereas stuff like Silk Road is almost guaranteed to fail long-term due to the huge number of vectors for law enforcement to use against it. Unfortunately, one of those very few vectors usable against Cryptolocker is bitcoin.

Cryptolocker is not Bitcoin's issue any more than it's Ford's issue if a bank robber drives off in one of models.

If somebody should be thrown under the bus here it should be Microsoft for being unable or unwilling to build secure operating systems.

Anyone who says they are worried about Cryptolocker's effect on Bitcoin adoption is lying. By every objective measure: transaction rate, blockchain.info wallets, frequency of conferences, exchange rate, etc, growth is exponential and shows not the slightest sign of being negatively affected by Cryptolocker.

This idea of a Cryptolocker backlash is a fake problem used to scare the community into accepting a compromise that's against their best interests. These plans have been in the works for years, as evidenced on this very forum, and the proponents have just been waiting for a suitable excuse the put their plans into effect.

[Luckybit]

So you're telling me that if each Bitcoin is worth $1 million dollars ransomware or other sophisticated malware and spyware wont be developed to target Bitcoin users? This isn't paranoia it's common sense. Governments may or may not have hit any of us already with advanced persistent threats. Do you think they'll tell us?

You're a persistent one.
I'm just telling you that ransomware will not magically become more efficient than it is now just because people acknowledge bitcoin being worth more than murrikan dollar.

Ransomware today is a pain. Ransomware tomorrow will be a pain. Ransomware won't be more dangerous tomorrow than it is today.
Your coins are safe as long as you have a backup+strong passphrase or cold wallets.
Just smile and go to sleep.

I think Keyhotee is part of the solution to some of these problems. Look at this:
https://www.youtube.com/watch?feature=player_detailpage&v=3pZaTdEtK-8
The other idea I heard which was very good was the Bitcoin identity protocol. Both of those ideas need to be implemented immediately.

And I don't assume my coins are safe enough. I don't trust hardware or software but at this point we have to because this is all we have. Bitcoins are not currently worth enough money for sophisticated and targeted attacks and I don't have a lot of Bitcoins anyway to be worth attacking. But some people have 1000 coins or 10,000 coins and they'll be in danger today. In the future people having just a few coins will have to worry about being cyber robbed.

No it's not easy to defend yourself against extortion or identity theft. It's almost impossible to be sure your computer is malware/spyware free and if a government wants to spy they can see everything. We can only do the best we can with our software implementations and use stuff like raspberry pi for hardware. Paranoia is actually necessary to defend valuable information which is why we typically pay experts to do it.

[Peter R]

If somebody should be thrown under the bus here it should be Microsoft for being unable or unwilling to build secure operating systems.

+1

The problem is 50% Microsoft and 50% people not being as careful as they should.