Mike Hearn, Foundation's Law & Policy Chair, is pushing blacklists right now

[WillBit]

Mike Hearn:

http://www.youtube.com/watch?v=9vkF-k56b2g

[1715295172]

1715295172

[drawingthesun]

I had a friend call me and tell the story of a small company (20 PCs) catching cryptolocker and needing bitcoin from him.

What if the virus just destroyed all his files?

Why does his business have no backup solution?

I can catch cryptolocker right now and everything will be back to normal in 10 minutes. Just because of other peoples stupid I will not be happy my Bitcoin becomes listed and compromised.

Now is the age of backups and security, tell your friend and that grandma from earlier, their files are gone! Deleted! Make up a story that cryptolocker has actually deleted the files and wants money even though the files are forever gone.

People need to start learning that no backups equals no files!

[oakpacific]

Mike's core concern, based on the thread on the Foundation forums, is that Cryptolocker is a serious problem, and because it's such a demonically simple way to extort cash from people, it's going to become a huge problem. There will be many, many copycats soon, and you get enough non-techies getting ripped off and having their first experience with bitcoin this way, and suddenly govs around the world become very hostile to bitcoin (vs barely caring about it, and figuring out how they feel about it as is the case now). And then (or perhaps before), you can kiss any hope of business acceptance of bitcoin (something we all dream of, I'd imagine, so that we can transact in bitcoin without having to resort to exchanges) goodbye.

Here's a thought - why don't people keep their virus definition files up to date? Microsoft deserves a huge amount of blame for leaving their OSes unprotected for such an incredibly long time, but windows 8 actually does include Microsoft Security Essentials for free.

Anyway, how many people have actually gotten the cryptlocker virus?  I think it's pretty unlikely that this will be anything more then a fringe thing affecting people who probably don't have any valuable files anyway, because they don't even know how to use their computer. A virus writer will have to be extremely selective in targeting people if they don't want their virus to end up in virus definition, which in turn means not very many people will be effected.  If they try to spread it all over the place it'll end up blocked everywhere, which in turn, again, means no one gets it.

I had a friend call me and tell the story of a small company (20 PCs) catching cryptolocker and needing bitcoin from him. It is a problem and it could become big. Unfortunately it also is a problem for Bitcoin (by association). The answer to this threat however, does certainly not lie in trying to render Bitcoin payment less attractive for those criminals. It lies in tightening your security and making regular backups... which you should do anyway.

The reason why Cryptlocker is putting people in misery is not too much Bitcoin, but too little, and too late, Bitcoin should have been invented right at the beginning of the internet.

Cryptlocker relies on some command and control servers on the botnet to send it the public key, the reason botnet exists? It doesn't cost any energy to send spam E-mails,  which is exactly how Cryptlocker spreads. Bitcoin, created to thwart the botnet, shows how useful hashcash is, and how irresponsible the E-mail providers are. Responding to ransomware threat by proposing to regulate Bitcoin is another step towards the wrong direction.

And we should really regulate RSA, really really should do that, Ransomware will be useless without it.

[drawingthesun]

Cryptlocker just shows how people have no idea about security. So many people have so little clue that cloud backup is the only solution for most people.

Hint: Get all your relatives using crashplan, I don't care if the NSA looks at their photos its better than keeping all your digital photos on a single spinning disk.

[ShadowOfHarbringer]

If the foundation chooses to support this idea, it will be the day when Bitcoin splits.

If that happens, then...

OH BABY, I'M SOOOOOOOOOOOOO GONNA FORK IT AGAIN !

[BigJohn]

It seems the problem is that the users have control over address generation. But I constantly see in various Bitcoin FAQs on the web that it's good practice to use a new address every time. This seems like a constant source for problems. Couldn't the protocol be amended so that each address is only good for 2 transactions? 1 incoming and 1 to spend it? This would render this whole issue moot. Or am I missing something?

That's not very good either since it breaks Bitcoin in a different way.

Satisfying the conditions of the appropriate script must always be both necessary and sufficient to spend an output.

Could you please explain this further?

I'm under the impression this is how the client currently works. It spends the entire sum of what's in the address, sending the desired amount to a target address and the change to a new address. Wouldn't it make sense to make that behavior part of the protocol, so that when a sum is spent, that address is then null?

[Ytterbium]

This is just the beginning.
Satoshi would be ashamed.

its so sad too, because Satoshi reached out to Mike to get him more involved (as I understand it). Now he appears to be looking to effectively kill the whole thing.

Q: I'm not technically savvy, but wouldn't the solution be CryptoLocker counter-measures on client computers?
A: (Mike's own words) "That's certainly a solution yes, but unfortunately it's sort of like saying the solution to burglary is having locks ondoors and windows, so we don't need the police."

And this guy is important for bitcoin? SMDH.

(edit: source: https://jumpshare.com/v/FCGnW40vMhG8ETE8i57h?b=rJU3YwFcBYWUD5X0bbqR)

It's more like saying you should put a lock on your bicycle.

If you don't have a lock on your bike, someone will steal it. Guaranteed. So people put locks on their bicycles. It's cheap, simple, easy, and everyone does it.  And as a result you can be relatively secure riding your bike around and leaving it locked and unattended.

Of course, bikes still get stolen every once in a while, and do the cops care?   Pretty much they don't give a shit.

[matonis]

While I genuinely appreciate community feedback, I dislike the misleading title of this thread. It's one individual's opinion and it may not even be actionable.

Committee chairs, just as board directors, are free to have their own opinions on issues. It doesn't automatically imply that it is the policy of the entire Foundation or even that the Foundation has in a mandate in that particular area. Just as forum members here disagree and debate, the members of the Foundation have similar disagreements and debates on a consistent basis. In the end, we represent the makeup of our membership and you can see from the latest election results that it is a wide variety of opinion.

[tvbcof]

While I genuinely appreciate community feedback, I dislike the misleading title of this thread. It's one individual's opinion and it may not even be actionable.

Committee chairs, just as board directors, are free to have their own opinions on issues. It doesn't automatically imply that it is the policy of the entire Foundation or even that the Foundation has in a mandate in that particular area. Just as forum members here disagree and debate, the members of the Foundation have similar disagreements and debates on a consistent basis. In the end, we represent the makeup of our membership and you can see from the latest election results that it is a wide variety of opinion.

Why do it in secret?

[matonis]

Why do it in secret?

I believe the thread was originally posted in the open on the membership forums.

[ErisDiscordia]

Oh dear, a centralized institution thinking about protecting the stupid masses from some imaginary threat by implementing freedom-reducing actions. What a surprise.  

It has been pointed out several times in this thread already: the most effective way to combat fraud and things like cryptolocker is increasing the general amount of knowledge about security among users. Unfortunately that involves trusting in peoples ability to learn and think for themselves. Not a very popular stance today.

So yeah I just want to echo the general sentiment here: even though this may be just a call to discussion, I feel this idea needs to be opposed vehemently. I just want to add that there are no political solutions, only technological ones. That's where the focus should lie.

[kerogre256]

They wasn't built in to protocol to let some corrupted dick head in washington to decide which bitcoin is good on bad ? lolol first update you will have to register voluntary secound update if you not registered yours coins are automaticli tinted lolo. But you know whan? if bitcoin miners are so retarded, to want do j,ob for some corrupted oficials in washington(FED )then let them. We see how fast bitcon network will go back to cpu minig.

[maz]

Doesn't Electrum already have cryptoransom prevention built in? you need to prove you have backed up your seed before it allows you to create a new wallet, and your wallet needs to be passworded? Implement these features as standard into the default client and you have a wallet which the funds cant be stolen from and a backup that can be recovered from. Plus we have the Trezor coming out soon which will hopefully come with plenty of hardware wallet competition soon, another saving grace. Why are we even having this discussion with the little old lady story in an attempt to give it significance?

[Valerian77]

Blacklists are ridiculous because of two facts:
1. the owner of blacklisted cowns can change them into not listed coins within minutes
2. the blacklist must be accepted legally worldwide . otherwise the listed coins can be spend for services which do not care for the list

Finally it is what I wrote at a different point. If the US goverment decides to declare use of bitcoins illegal or blacklist a subset of the coins they just separate themself from the international market. And the latter one is growing faster in Asia than in the US.

The only feasible way to control the use of Bitcoin (that is core point) is to trace the Bitcoin addresses. And that is already part of the blockchain. The longer I think about Bitcoins (since one year now) the more respect I have to Satoshi Nakamoto who really created a genius system.

[jobe451]

Well not that rediciouls because

1. the owner of blacklisted cowns can change them into not listed coins within minutes

You can declare all outputs illegal which had part of the coins origin from that address.

2. the blacklist must be accepted legally worldwide . otherwise the listed coins can be spend for services which do not care for the list

The us can impose FATCA onto the rest of the world, why should they not be able impose any other law to the rest of the world. If a major part of economics would happen in Bitcoin and they would enforce that their companies/citizens must only accept clean coins, then you would have two prices on MtGox (for clean and unclean coins).

[LiteCoinGuy]

first they forbid coins that are connected with crime. after that, they forbid coins that are connected with kuba, iran etc etc.

thats the wrong way. bitcoin should be free international, unbounded money (but not anarchy).

[bg002h]

I think the foundation needs to have a policy on the issue. It think it's a non-starter, but, the foundation will be asked about it and the entire community needs a reply better thought out than "no."

Besides, the government doesn't need permission to make it's own such list. It's not on the table to put this inside the protocol (the wallet, sure, but not the protocol).

The answer is "no." If Bitcoin conflicts with AML/KYC laws, then those laws have to go. They are dragging down the non-bitcoin financial system for the same reasons they are not acceptable to Bitcoin users.

Money tainting hurts fungibility. Without fungibility, you don't have money. "Know your customer" means that you lose a lot a privacy even in the traditional banking system. With Bitcoin, the transaction record is public. "knowing your customer" means killing pseudonymity (and privacy).

Blockchain.info reports taint analysis. Is this bad or wrong?

What do you think of this company that is creating a whitelist? http://www.forbes.com/sites/kashmirhill/2013/11/13/sanitizing-bitcoin-coin-validation/

Tge question is, how are we gonna point out the ill defined nature of such a task and the impossibility of doing it perfectly? The people who will be making decisions that will heavily effect the value of your bitcoins are likely to want this in the Bitcoin protocol. That's not on the table, but, they might even think they can demand it.

We done white or black list our dollar bills by serial number. Why should we do this to our bitcoins? Such arguments are more helpful than an angsty "NO NO!".

[ErisDiscordia]

What opposed vehemently, tracking coins and maintaining blacklists? ITS ALREADY POSSIBLE WITH JUST THE BLOCKCHAIN. Mikes inviting discussion on it and implementing it in the reference client would do is make it accessible to all instead of the small number capable of doing it atm.

I get the fact that creating such a list is possible right now. And people are free to do so. I'm just here arguing, that it is a VERY BAD idea to take such lists seriously on any sort of voluntary basis and that implementing them into wallets or satoshi-forbid, the protocol is unacceptable to me.

[niothor]

Well , I have the feeling the Bitcoin foundation is taking the wrong road here


*it was supposed to be a national road

[Valerian77]

1. the owner of blacklisted cowns can change them into not listed coins within minutes

You can declare all outputs illegal which had part of the coins origin from that address.

2. the blacklist must be accepted legally worldwide . otherwise the listed coins can be spend for services which do not care for the list

The us can impose FATCA onto the rest of the world, why should they not be able impose any other law to the rest of the world. If a major part of economics would happen in Bitcoin and they would enforce that their companies/citizens must only accept clean coins, then you would have two prices on MtGox (for clean and unclean coins).

Within the US they can do anything what they want - even make war against their own citizens. But in Asia their influence is very limited. Since Edward Snowden each and every country is aware of the danger going out from the US espionage. My opinion is that firstly the world with the US as a leading country may be stabil in some aspects. But on the other side they have no chance to continue in the future. For Bitcoin it means - forget US regulations and blacklists - they cannot make war against the whole world.