Coin Validation misunderstands fungibility and could destroy bitcoin

[adam3us]

http://www.forbes.com/sites/kashmirhill/2013/11/13/sanitizing-bitcoin-coin-validation/

Its based on significant misunderstanding about bitcoins value proposition - destroy its fungibility and the costs float up to meet credit cards and paypal.

It is also a ridiculous approach.  If they want to certify users, they should do that as optional KYC, AML certificates that regulated merchants in respective jurisdictions can request, which could be attached to wallets/identities, not to fully fungible coins.  The certificates should be non-transitive they attest to the identity of the user, not the coins.  They should be optionally sent - if the recipient does not request it, it is privacy destructive and a security risk to send identifying information to unregulated businesses and individuals.

Their technical representatives of Coin Validation should be ashamed.  How can someone who doesnt understand a concept as basic as fungibility and its relation to transaction costs, and the difference between identity and coins hope to exist in this ecosystem.  

What they are proposing so far at least as explained by the Forbes article is stupid, dangerous and just wrong.  

I am also incensed frankly that someone would step into the market with such a muddle-headed thinking, and attempt to sabotage or destroy the core bitcoin feature that gives its value, where the value has been created by Satoshi and a cast of millions of man-hours of contributions of the community and technical wizards developing it mostly on volunteer time.  I am not someone prone to swearing, but this is astonishingly stupid and dangerous.   Please stop now.  In the article it is claimed they sought advice from the Winklevoss twins, if the twins value their estimated $30million bitcoin holding they should advise them to stop: if fungibility is destroyed bitcoins value as a transaction currency is impacted.  

I encourage anyone with technical skills to put their thinking caps on to find ways to increase fungibility in the short term like CoinJoin, coin control in wallets, helping less technical people migrate to better wallets, educating people about privacy practices that defend fungibility.  And longer term privacy technologies like zero coin, homomorphic encrypted value and committed (hidden) transactions.

I encourage all bitcoin businesses to shun Coin Validation unless we see some major U-turn or corrections.  If your business depends on the success bitcoin, it depends on the fungibility of bitcoin, and Coin Validation seem to be set on destroying both.

You can quote me on that.

I welcome Coin Validations corrections of the claims in the Forbes article.  Tell me you were misquoted.

Adam

ps For people who have no idea who http://cypherspace.org/adam/ I am https://bitcointalk.org/index.php?topic=225463.msg237167 , my small part in bitcoin is I invented distributed mining in 1997 https://en.bitcoin.it/wiki/Hashcash (you can find the reference in Satoshi's paper) and worked on opensource ecash & crypto currency research & implementation for about a decade alongside Wei Dai & Hal Finney & others.

[1714931369]

1714931369

[1714931369]

1714931369

[1714931369]

1714931369

[1714931369]

1714931369

[1714931369]

1714931369

[K1773R]

Their technical representatives of Coin Validation should be ashamed.  How can someone who doesnt understand a concept as basic as fungibility and its relation to transaction costs, and the difference between identity and coins hope to exist in this ecosystem.

thats why i give a damn about media. they never understand what they are talking about...

[n8rwJeTt8TrrLKPa55eU]

Great post Adam.

In every superhero movie there's also a scumbag traitor who sabotages a noble cause for personal gain.  These guys are it.  They know perfectly well the full implications of what they propose.  To assume they are just stupid or careless or misunderstanding, is to let them off lightly.  They should be shunned and berated and boycotted to the point of never wanting to show their face again in any context related to Bitcoin.  

The many thieves and scammers in this community are an unpleasant reality, but these guys are an even lower life form.  Traitors and collaborators were rightly assigned by Dante to the very deepest circle of hell.


 

[powdabam]

Reality,

Boycotting won't stop them.  We need to put our thinking caps on, as Adam said, and figure out a better solution.  It seems the dark wallet and mixes is the best option.  If we figure out now what will fix the problem, we can popularize it while the coin is still young.

[ShadowOfHarbringer]

It is also a ridiculous approach.  If they want to certify users, they should do that as optional KYC, AML certificates that regulated merchants in respective jurisdictions can request, which could be attached to wallets/identities, not to fully fungible coins.  The certificates should be non-transitive they attest to the identity of the user, not the coins.  They should be optionally sent - if the recipient does not request it, it is privacy destructive and a security risk to send identifying information to unregulated businesses and individuals.

Their technical representatives of Coin Validation should be ashamed.  How can someone who doesnt understand a concept as basic as fungibility and its relation to transaction costs, and the difference between identity and coins hope to exist in this ecosystem.  

What they are proposing so far at least as explained by the Forbes article is stupid, dangerous and just wrong.  

Oh man, I'm sooooooo supporting you.

[solex]

It is also a ridiculous approach.  If they want to certify users, they should do that as optional KYC, AML certificates that regulated merchants in respective jurisdictions can request, which could be attached to wallets/identities, not to fully fungible coins. The certificates should be non-transitive they attest to the identity of the user, not the coins.  They should be optionally sent - if the recipient does not request it, it is privacy destructive and a security risk to send identifying information to unregulated businesses and individuals.

Their technical representatives of Coin Validation should be ashamed.  How can someone who doesnt understand a concept as basic as fungibility and its relation to transaction costs, and the difference between identity and coins hope to exist in this ecosystem.  

What they are proposing so far at least as explained by the Forbes article is stupid, dangerous and just wrong. 

Oh man, I'm sooooooo supporting you.

100% agree. This is the right approach.

[RichardForsyth]

I agree that this is the wrong approach to be taking cleaning bitcoin.  But I do think it will have to be cleaned before it can become mainstream.

[yayayo]

In every superhero movie there's also a scumbag traitor who sabotages a noble cause for personal gain.  These guys are it.  They know perfectly well the full implications of what they propose.  To assume they are just stupid or careless or misunderstanding, is to let them off lightly. They should be shunned and berated and boycotted to the point of never wanting to show their face again in any context related to Bitcoin.

The many thieves and scammers in this community are an unpleasant reality, but these guys are an even lower life form. Traitors and collaborators were rightly assigned by Dante to the very deepest circle of hell.

This!


Feel free to add information on these guys:

https://bitcointalk.org/index.php?topic=332918.0


ya.ya.yo!

[justusranvier]

Its based on significant misunderstanding about bitcoins value proposition - destroy its fungibility and the costs float up to meet credit cards and paypal.

I don't think there's enough evidence to assume that it's based on a misunderstanding.

Credit cards, PayPal, and many other existing players have a lot of investment at risk in the long term if Bitcoin manages to keep its value proposition. They have a very strong financial incentive to understand exactly how to bring Bitcoin down to their level.

Reality,

Boycotting won't stop them.  We need to put our thinking caps on, as Adam said, and figure out a better solution.  It seems the dark wallet and mixes is the best option.  If we figure out now what will fix the problem, we can popularize it while the coin is still young.

Give up on traditional business that have VC investors, physical offices, and bank accounts, and replace them with censorship-resistant organizations.

[Vycid]

http://www.forbes.com/sites/kashmirhill/2013/11/13/sanitizing-bitcoin-coin-validation/

Its based on significant misunderstanding about bitcoins value proposition - destroy its fungibility and the costs float up to meet credit cards and paypal.

It is also a ridiculous approach.  If they want to certify users, they should do that as optional KYC, AML certificates that regulated merchants in respective jurisdictions can request, which could be attached to wallets/identities, not to fully fungible coins.  The certificates should be non-transitive they attest to the identity of the user, not the coins.  They should be optionally sent - if the recipient does not request it, it is privacy destructive and a security risk to send identifying information to unregulated businesses and individuals.

Their technical representatives of Coin Validation should be ashamed.  How can someone who doesnt understand a concept as basic as fungibility and its relation to transaction costs, and the difference between identity and coins hope to exist in this ecosystem.  

What they are proposing so far at least as explained by the Forbes article is stupid, dangerous and just wrong.  

I am also incensed frankly that someone would step into the market with such a muddle-headed thinking, and attempt to sabotage or destroy the core bitcoin feature that gives its value, where the value has been created by Satoshi and a cast of millions of man-hours of contributions of the community and technical wizards developing it mostly on volunteer time.  I am not someone prone to swearing, but this is astonishingly stupid and dangerous.   Please stop now.  In the article it is claimed they sought advice from the Winklevoss twins, if the twins value their estimated $30million bitcoin holding they should advise them to stop: if fungibility is destroyed bitcoins value as a transaction currency is impacted.  

I encourage anyone with technical skills to put their thinking caps on to find ways to increase fungibility in the short term like CoinJoin, coin control in wallets, helping less technical people migrate to better wallets, educating people about privacy practices that defend fungibility.  And longer term privacy technologies like zero coin, homomorphic encrypted value and committed (hidden) transactions.

I encourage all bitcoin businesses to shun Coin Validation unless we see some major U-turn or corrections.  If your business depends on the success bitcoin, it depends on the fungibility of bitcoin, and Coin Validation seem to be set on destroying both.

You can quote me on that.

I welcome Coin Validations corrections of the claims in the Forbes article.  Tell me you were misquoted.

Adam

ps For people who have no idea who http://cypherspace.org/adam/ I am https://bitcointalk.org/index.php?topic=225463.msg237167 , my small part in bitcoin is I invented distributed mining in 1997 https://en.bitcoin.it/wiki/Hashcash (you can find the reference in Satoshi's paper) and worked on opensource ecash & crypto currency research & implementation for about a decade alongside Wei Dai & Hal Finney & others.

You're a good guy, Adam.

We need level-headed leaders like you. If we are to organize meaningfully, we should be represented by people who understand how to compromise without destroying the essence of Bitcoin.

[crazy_rabbit]

http://www.forbes.com/sites/kashmirhill/2013/11/13/sanitizing-bitcoin-coin-validation/

Its based on significant misunderstanding about bitcoins value proposition - destroy its fungibility and the costs float up to meet credit cards and paypal.

It is also a ridiculous approach.  If they want to certify users, they should do that as optional KYC, AML certificates that regulated merchants in respective jurisdictions can request, which could be attached to wallets/identities, not to fully fungible coins.  The certificates should be non-transitive they attest to the identity of the user, not the coins.  They should be optionally sent - if the recipient does not request it, it is privacy destructive and a security risk to send identifying information to unregulated businesses and individuals.

Their technical representatives of Coin Validation should be ashamed.  How can someone who doesnt understand a concept as basic as fungibility and its relation to transaction costs, and the difference between identity and coins hope to exist in this ecosystem. 

What they are proposing so far at least as explained by the Forbes article is stupid, dangerous and just wrong. 

I am also incensed frankly that someone would step into the market with such a muddle-headed thinking, and attempt to sabotage or destroy the core bitcoin feature that gives its value, where the value has been created by Satoshi and a cast of millions of man-hours of contributions of the community and technical wizards developing it mostly on volunteer time.  I am not someone prone to swearing, but this is astonishingly stupid and dangerous.   Please stop now.  In the article it is claimed they sought advice from the Winklevoss twins, if the twins value their estimated $30million bitcoin holding they should advise them to stop: if fungibility is destroyed bitcoins value as a transaction currency is impacted. 

I encourage anyone with technical skills to put their thinking caps on to find ways to increase fungibility in the short term like CoinJoin, coin control in wallets, helping less technical people migrate to better wallets, educating people about privacy practices that defend fungibility.  And longer term privacy technologies like zero coin, homomorphic encrypted value and committed (hidden) transactions.

I encourage all bitcoin businesses to shun Coin Validation unless we see some major U-turn or corrections.  If your business depends on the success bitcoin, it depends on the fungibility of bitcoin, and Coin Validation seem to be set on destroying both.

You can quote me on that.

I welcome Coin Validations corrections of the claims in the Forbes article.  Tell me you were misquoted.

Adam

ps For people who have no idea who http://cypherspace.org/adam/ I am https://bitcointalk.org/index.php?topic=225463.msg237167 , my small part in bitcoin is I invented distributed mining in 1997 https://en.bitcoin.it/wiki/Hashcash (you can find the reference in Satoshi's paper) and worked on opensource ecash & crypto currency research & implementation for about a decade alongside Wei Dai & Hal Finney & others.

Brilliantly explained. 

[adamstgBit]

it would do wonders for confidence if this the dev of the project would say something like " after hearing the communities concerns, we have decided to change are our plans for a black-list,  thank you for you input."

something to that effect, please.

[Carlton Banks]

Yep, and Mike Hearn really does not understand all this, despite his capabilities as a software engineer and systems designer. Show yourself, Mike. It's trial by fire time, you're gonna have to get this out of the way.

This violates funds security (exceptionally ironic), privacy and fungibility.

We must institute some new behaviour of the block construction functions in the main client, such that miners can reject transactions from a list of their choosing. This is fraught with danger, as it could be used to enforce a blacklist instead of disparaging a whitelist. But I do not see how anonymising can help in the long term, it's characterisitics can be recognised in the anonymised transcations, and so there will be little point to trying to send these transaction to sanitised addresses. You will be banned from sanitary address schemes, and added to blacklist addresses, along with your anonymising buddies that make up the "suspicious" transactions.

[justusranvier]

Yep, and Mike Hearn really does not understand all this, despite his capabilities as a software engineer and systems designer. Show yourself, Mike. It's trial by fire time, you're gonna have to get this out of the way.

He's hiding in the shadows of the private Bitcoin Foundation forums, where he doesn't need to answer inconvenient questions posed by the hoi polloi.

[BldSwtTrs]

But isn't the purpose of CoinValidation to label adresses and not coins?

I don't get why the fungibility of coins is destroyed if only adresses are impacted?

[adamstgBit]

But isn't the purpose of CoinValidation to label adresses and not coins?

I don't get why the fungibility of coins is destroyed if only adresses are impacted?

if sending coins to a new address makes them all clean again then this idea is beyond retarded and we need not care about anymore.

[Carlton Banks]

But isn't the purpose of CoinValidation to label adresses and not coins?

I don't get why the fungibility of coins is destroyed if only adresses are impacted?

if sending coins to a new address makes them all clean again then this idea is beyond retarded and we need not care about anymore.

This assumes clean addresses will be the only list. Dirty addresses are being touted by Mike Hearn, when the real solution to theft and ransomware should be technical. And it's not like technical solutions don't exist, Mikes very own face and spiel are advertising the Trezor hardware wallet on it's front page.

[BldSwtTrs]

But isn't the purpose of CoinValidation to label adresses and not coins?

I don't get why the fungibility of coins is destroyed if only adresses are impacted?

if sending coins to a new address makes them all clean again then this idea is beyond retarded and we need not care about anymore.

Reading the Forbes article I think it's pretty clear it's only what they are talking: a base of adresses link to a real world identity.

So I don't see where is the huge problem, like you said sending coin to a new adress destroy the identity link.

[Carlton Banks]

But isn't the purpose of CoinValidation to label adresses and not coins?

I don't get why the fungibility of coins is destroyed if only adresses are impacted?

if sending coins to a new address makes them all clean again then this idea is beyond retarded and we need not care about anymore.

Reading the Forbes article I think it's pretty clear it's only what they are talking: a base of adresses link to a real world identity.

So I don't see where is the huge problem, like you said sending coin to a new adress destroy the identity link.

Read it again.

They say that Avalon mining devices will not be available to people that don't use identified addresses. This is a way of destroying the concept of using multiple addresses at all, and it also compromises the security of the address. The more you re-use addresses, the easier some criminal will find it to synthesize a valid signature for that address, and steal any money sent to it. This is one of the reasons why address re-use is discouraged.

[BldSwtTrs]

But isn't the purpose of CoinValidation to label adresses and not coins?

I don't get why the fungibility of coins is destroyed if only adresses are impacted?

if sending coins to a new address makes them all clean again then this idea is beyond retarded and we need not care about anymore.

Reading the Forbes article I think it's pretty clear it's only what they are talking: a base of adresses link to a real world identity.

So I don't see where is the huge problem, like you said sending coin to a new adress destroy the identity link.

Read it again.

They say that Avalon mining devices will not be available to people that don't use identified addresses. This is a way of destroying the concept of using multiple addresses at all, and it also compromises the security of the address. The more you re-use addresses, the easier some criminal will find it to synthesize a valid signature for that address, and steal any money sent to it. This is one of the reasons why address re-use is discouraged.

I understand how this is a privacy and security issues but I don't get why this is a fongibility issue ?

[Carlton Banks]

It attacks the property of one Bitcoin being as good as any other. If you can't understand why, well, I can't turn the cogs of logic in your head for myself.

[adam3us]

But isn't the purpose of CoinValidation to label adresses and not coins?

I don't get why the fungibility of coins is destroyed if only adresses are impacted?

All previous addresses that received the coin are listed on the public blockchain ledger.  From what was said I believe Coin Validation plans to look at the history of the addresses associated with coins.  If your coin was used 10 transactions ago by a silk road user, (eg seen entering the silk road address) then likely implications are you will not be able to spend your coin on any site using their system.

They hope it will be viral, ie because you dont want to hold coins you cant spend, you may also refuse to accept coins they do not white list.  Having them validate your coins will not be free and the uncertainty arising from not knowing if your coins will suddenly become less spendable will create fungibility problems.

There are costs associated with the fraud tracing validation, blacklisting and payment revocation.  eg its bad for merchants too, they cant rely on receiving money they can spend themselves.  This is why credit cards are expensive for merchants (3-5% + 30c).  This is one thing that makes bitcoin attractive for merchants and users - the fees are close to zero in comparison.  Coin blacklist/whitelistng (just different names for the same trend) damage the underlying  irrevocability which enables low cost transactions, and pulls bitcoins transaction cost up towards credit cards and paypal.

The problem is when fungibility degrades because everyone is mutually scared of accepting blacklisted coins the utility of the coin goes down, the cost of using the currency goes up and so its price falls.  It might literally collapse if the feedback loop picks up momentum as people sell non-white listed coins at steeper discounts in a race to the door.

This makes as much sense as a $100 note in your pocket disabling itself because 10 previous holders ago, someone stole it from a convenience store.

Someone posted on reddit about a 17th centur scottish court case (cant find the link now), where a bank was able to prevent legislation that would've had that implication - if you're left holding a stolen note, you lose it.  The court rejected the case based on the argument that doing so would be unfair and also destroy the fungibility and value of the currency.  Coin Validation want to reopen that 17th century mistaken (but defeated) court case.

Adam

[Carlton Banks]

Even this uncertainty has made one decision for me.

I've been thinking over getting new mining equipment. This confirms to me that it's definitely, definitely too much risk. Until we have a clear way forward, I cannot commit to something that could be a dead loss in 6-12 months.

If a movement amongst miners started to use mining to ban clean addresses from the blockchain, I would step up and even swallow a loss, but only if it had a good chance to break the usability of the clean list.

[solex]

Even this uncertainty has made one decision for me.

I've been thinking over getting new mining equipment. This confirms to me that it's definitely, definitely too much risk. Until we have a clear way forward, I cannot commit to something that could be a dead loss in 6-12 months.

If a movement amongst miners started to use mining to ban clean addresses from the blockchain, I would step up and even swallow a loss, but only if it had a good chance to break the usability of the clean list.

Don't get depressed by events such as coin validation / redlist censorship proposals. This is all part of the Gandhi ignore/laugh/fight/you-win paradigm.

The solution is a formal community funded bounty for CoinJoin and Zerocoin enhancements to the btc protocol.

Most bitcoiners are against address censorship. Software solutions are the defense and need to be built.

[BldSwtTrs]

But isn't the purpose of CoinValidation to label adresses and not coins?

I don't get why the fungibility of coins is destroyed if only adresses are impacted?

All previous addresses that received the coin are listed on the public blockchain ledger.  From what was said I believe Coin Validation plans to look at the history of the addresses associated with coins.  If your coin was used 10 transactions ago by a silk road user, (eg seen entering the silk road address) then likely implications are you will not be able to spend your coin on any site using their system.

They hope it will be viral, ie because you dont want to hold coins you cant spend, you may also refuse to accept coins they do not white list.  Having them validate your coins will not be free and the uncertainty arising from not knowing if your coins will suddenly become less spendable will create fungibility problems.

There are costs associated with the fraud tracing validation, blacklisting and payment revocation.  eg its bad for merchants too, they cant rely on receiving money they can spend themselves.  This is why credit cards are expensive for merchants (3-5% + 30c).  This is one thing that makes bitcoin attractive for merchants and users - the fees are close to zero in comparison.  Coin blacklist/whitelistng (just different names for the same trend) damage the underlying  irrevocability which enables low cost transactions, and pulls bitcoins transaction cost up towards credit cards and paypal.

The problem is when fungibility degrades because everyone is mutually scared of accepting blacklisted coins the utility of the coin goes down, the cost of using the currency goes up and so its price falls.  It might literally collapse if the feedback loop picks up momentum as people sell non-white listed coins at steeper discounts in a race to the door.

This makes as much sense as a $100 note in your pocket disabling itself because 10 previous holders ago, someone stole it from a convenience store.

Someone posted on reddit about a 17th centur scottish court case (cant find the link now), where a bank was able to prevent legislation that would've had that implication - if you're left holding a stolen note, you lose it.  The court rejected the case based on the argument that doing so would be unfair and also destroy the fungibility and value of the currency.  Coin Validation want to reopen that 17th century mistaken (but defeated) court case.

Adam

Thanks. Now I understand why it's such a huge deal, it's so huge that it will probably destroy Bitcoin.

It's so big that I wonder how these guys can have such a retarded idea. Are you sure they plan to track all the history of previous adresses and don't plan to only validate the adress that send bitcoins to the merchants?

[Pente]

Reusing an address allows for a possible security breach in the ECDSA algorithm. Many random number generators are not truly random. If the same number is used twice while sending money from an address, then the private key can be calculated as per this paragraph from the wikipedia article on ECDSA:

When computing s, the string z resulting from \textrm{HASH}(m) shall be converted to an integer. Note that z can be greater than n but not longer.

As the standard notes, it is crucial to select different k for different signatures, otherwise the equation in step 6 can be solved for d_A, the private key: Given two signatures (r,s) and (r,s'), employing the same unknown k for different known messages m and m', an attacker can calculate z and z', and since s-s' = k^{-1}(z-z') (all operations in this paragraph are done modulo n) the attacker can find k = \frac{z-z'}{s-s'}. Since s = k^{-1}(z + r d_A), the attacker can now calculate the private key d_A = \frac{s k - z}{r}. This implementation failure was used, for example, to extract the signing key used in the PlayStation 3 gaming console.

The odds of using the same random number from a faulty RNG goes up as y=x!/2 (as long as x>1, otherwise y=0), where x is the number of transactions sent from the address. I feel safe reusing an address after swiping it once, even though it is only protected by the strength of irreversibility of the ECDSA algorithm. However, I will not reuse an address after pulling funds out of it a second time.

For people who trust their RNG algorithm, this may seem to be mute issue. But I am sure that people using the SecureRandom() call in Java on their Android phones felt pretty safe. As we all know, they weren't.

[Carlton Banks]

Even this uncertainty has made one decision for me.

I've been thinking over getting new mining equipment. This confirms to me that it's definitely, definitely too much risk. Until we have a clear way forward, I cannot commit to something that could be a dead loss in 6-12 months.

If a movement amongst miners started to use mining to ban clean addresses from the blockchain, I would step up and even swallow a loss, but only if it had a good chance to break the usability of the clean list.

Don't get depressed by events such as coin validation / redlist censorship proposals. This is all part of the Gandhi ignore/laugh/fight/you-win paradigm.

The solution is a formal community funded bounty for CoinJoin and Zerocoin enhancements to the btc protocol.

Most bitcoiners are against address censorship. Software solutions are the defense and need to be built.

I have plenty of time for optimistic plans and determined action. But I don't think CoinJoin and ZeroCoin come without their problems.


CoinJoin use with clean addresses can get you kicked out of the scheme, your addresses and your CoinJoin anonymous buddies may end up on Mike Hearn's red/black list.

ZeroCoin isn't implemented, and therefore untested. And has a problem in that the Genesis Block requires trust that the progenitor does not record the value of the accumulator, and use that to steal or track funds.

WE CAN FIGHT THIS, though. With the miners. Miners must be encouraged to reject clean addresses from the blockchain, it's the only way to kill this.

[EhVedadoOAnonimato]

Coin blacklist/whitelistng (just different names for the same trend)

Oh but they're not quite the same. Blacklists are easier to work-around. Mix your coins enough and there will be no meaningful taint anymore.

Whitelists, OTOH, are an entirely different matter. Authoritarian governments may force every business in their jurisdiction to only accept money from the whitelist. Everything not whitelisted should be taxed or even seized. That's the real danger.

Since I'm replying to the bright mind behind Zerocoin, I'll use the opportunity to ask: does it make sense to talk about whitelisting Zerocoin transactions/addresses? I confess I tried to understand how your system works, but I'm just too dumb to actually get it.

WE CAN FIGHT THIS, though. With the miners. Miners must be encouraged to reject clean addresses from the blockchain, it's the only way to kill this.

Whitelists do not need to be public.

[gmaxwell]

Oh but they're not quite the same. Blacklists are easier to work-around. Mix your coins enough and there will be no meaningful taint anymore.

Thats not so, blacklisting increases the probability that you receive back blacklisted coins— even if you didn't have blacklisted ones going in. This increases the "cost" to you of using this approach, so only outlaws will think it worth the cost, and so you'll only receive outlawed coins while using such a system. It's self-fulfilling once it takes off.  I don't think that things that have cost and take effort and which only a tiny fraction of (more likely than usual to be troublesome) users can really move the needle against efforts like this, or at least we shouldn't count on them to.

[ColinTulloch]

I think there's a misunderstanding around the use of the term fungible here...

To me fungibility describes the ability of a good to be divided and recombined to the same value... With varying degrees of divisibility and recombine-ability but same term...

This thread somehow confuses governmental violent coercion through white-lists with fungibility... Violent coercion, that is using violent force to get what you want is obviously going to end bad for the person who isn't going to get what they want, or the person who is going to be a victim of violence/jail/etc... In this case the groups utilizing violence to force others into using their products, their coin outputs etc, are obviously going to benefit from that ability...

I should also mention that it doesn't seem like Coin Validation is asking for government force to backup their white-list at this point, but there's an assumption that it won't be long before they likely will.

White-lists might have real market value in specific cases - Market value is determined by a free market though. - A market ceases to be free when a government, or a few individuals who control or manipulate government, use it to force a markets participants to act a certain way.

So this no doubt bad because it looks like Coin Validation is only building towards government backed white-lists - but it shouldn't be called a fungibility issue.

I haven't looked into the details of Coin Validation, but is there some kind of *whole coin* limit, where they want to limit people to use whole coins behind addresses and not any smaller amounts? In this case you can call this a fungibility problem - but I don't think this is the case...

White-listing != fungibility

[franky1]

after reading the forbes news report and then investigating coinvalidation themselves.. i have come to this conclusion

never take whats written on the news as gospel.. (a lesson i learned way back, but recently got reminded)
secondly, there is alot of hysteria without much investigation by people.

so here it is short ans sweet.
coinvalidation are not government. they cannot freeze, seize funds
coinvalidation are just business advisors with a data base.
coinvalidation cannot make it a requirement to use their service. they are a business. people are free to choose to use it or not.

now lets talk about this database.
this database will not store every public key and eventually link it to users.
it will however list pubkeys of businesses that are fully fincen compliant and also seek out to list blackmarket addresses, again i highlight businesses not personal keys.

think of it like a santas "naughty or nice list" for BUSINESSES not individuals.

coinvalidation is not seeking to get every USERS identification , much like the government does not request everyone to write their name and zipcode on every bank note they spend. all its for is to increase the ability to see the source of funds. much like banks look at serial numbers of bank notes to see if they come up with flags that funds once got blacklisted/marked as part of a drugs cartel blackmarket

EG have funds come from a compliant exchange, or a blackmarket recently.

how will businesses use coinvalidation services.
(a) alpaca socks shop wont need to check TXID for its origins as they only accept small amounts, meaning low risk and no need for the AMLKYC stuff
(b) real estate agent will check every TXID for its origins due to higher value transactions. and if within 3 hops they notice a legitimate bitstamp address, great no risk. if its silkroad with 3 hops *, then the real estate agency will assess the risks of money laundering and do all the fincen checks required of them and report to fincen if serious crime criteria is met.


parts of finCEN require compliant members to:
do AMLKYC on customers transactig over $10k
monitor for serious crimes.

now a serious crime is NOT selling a dimebag of weed for $20 of bitcoin. a serious crime is a druglord with over $10k of funds for instance. or a murderer for hire, etc etc

so for businesses to monitor serious crimes they need to look out for large amounts of money that come pretty much directly * from drug websites for instance. small amounts like $20-$100 or even $1000 can be weighed up by the business as a low medium or high risk themselves.
*businesses will decide how many hops are deemed high/low risk for validation checks as part of their own policy handbooks

now then
all of this only applies to businesses that have to deal with FIAT exchanging for customers and its purely about sniffing out large transacting serious crimes and tax evaders. so all those businesses that dont do customer FIAT-bitcoin transactions dont need compliance. but businesses that do handle FIAT on behalf of customers do.

so chill out on the hysteria. bitcoin anonymity wont change, infact the FINCEN regulations wot/havnt changed in decades. the only difference is that coinvalidation will make it easier for bitstamp to recognise a 1-2-3-4-or 5 hop TXID as coming from a notorious website to then assess the requirement to report it to fincen.

[DeeSome]

Even this uncertainty has made one decision for me.

I've been thinking over getting new mining equipment. This confirms to me that it's definitely, definitely too much risk. Until we have a clear way forward, I cannot commit to something that could be a dead loss in 6-12 months.

If a movement amongst miners started to use mining to ban clean addresses from the blockchain, I would step up and even swallow a loss, but only if it had a good chance to break the usability of the clean list.

I like your idea Carlton, get the miners to stop it in it's tracks. I bet Xperian and Equifax are salivating at Mike Hearn's suggestion.

[Carlton Banks]

Even this uncertainty has made one decision for me.

I've been thinking over getting new mining equipment. This confirms to me that it's definitely, definitely too much risk. Until we have a clear way forward, I cannot commit to something that could be a dead loss in 6-12 months.

If a movement amongst miners started to use mining to ban clean addresses from the blockchain, I would step up and even swallow a loss, but only if it had a good chance to break the usability of the clean list.

I like your idea Carlton, get the miners to stop it in it's tracks. I bet Xperian and Equifax are salivating at Mike Hearn's suggestion.

I'm not sure that this is possible in the way I'm presenting it without a change to the current mining protocol. There are sensible reasons to prevent it, as it creates a market for miners to accept personal vendettas against certain addresses, which is precisely the mechanism I'm arguing for. But in the name of only targeting the clean list.

Perhaps it might be possible to query all public Bitcoin nodes to see which addresses they are blacklisting. Then at least you can identify who is blocking you. The truth is that all solutions to this problem are a compromise, we're working with an information system here, and for it to be in any way useful, it must permit misuse as well. Storing non transaction information in the blockchain being just one example of misusing the innovation, people always worked around any attempt to stop it, so Gavin Andresen moved to standardise it instead.

[cypherdoc]

But isn't the purpose of CoinValidation to label adresses and not coins?

I don't get why the fungibility of coins is destroyed if only adresses are impacted?

All previous addresses that received the coin are listed on the public blockchain ledger.  From what was said I believe Coin Validation plans to look at the history of the addresses associated with coins.  If your coin was used 10 transactions ago by a silk road user, (eg seen entering the silk road address) then likely implications are you will not be able to spend your coin on any site using their system.

They hope it will be viral, ie because you dont want to hold coins you cant spend, you may also refuse to accept coins they do not white list.  Having them validate your coins will not be free and the uncertainty arising from not knowing if your coins will suddenly become less spendable will create fungibility problems.

There are costs associated with the fraud tracing validation, blacklisting and payment revocation.  eg its bad for merchants too, they cant rely on receiving money they can spend themselves.  This is why credit cards are expensive for merchants (3-5% + 30c).  This is one thing that makes bitcoin attractive for merchants and users - the fees are close to zero in comparison.  Coin blacklist/whitelistng (just different names for the same trend) damage the underlying  irrevocability which enables low cost transactions, and pulls bitcoins transaction cost up towards credit cards and paypal.

The problem is when fungibility degrades because everyone is mutually scared of accepting blacklisted coins the utility of the coin goes down, the cost of using the currency goes up and so its price falls.  It might literally collapse if the feedback loop picks up momentum as people sell non-white listed coins at steeper discounts in a race to the door.

This makes as much sense as a $100 note in your pocket disabling itself because 10 previous holders ago, someone stole it from a convenience store.

Someone posted on reddit about a 17th centur scottish court case (cant find the link now), where a bank was able to prevent legislation that would've had that implication - if you're left holding a stolen note, you lose it.  The court rejected the case based on the argument that doing so would be unfair and also destroy the fungibility and value of the currency.  Coin Validation want to reopen that 17th century mistaken (but defeated) court case.

Adam

+1

[EhVedadoOAnonimato]

Thats not so, blacklisting increases the probability that you receive back blacklisted coins— even if you didn't have blacklisted ones going in. This increases the "cost" to you of using this approach, so only outlaws will think it worth the cost, and so you'll only receive outlawed coins while using such a system. It's self-fulfilling once it takes off.  I don't think that things that have cost and take effort and which only a tiny fraction of (more likely than usual to be troublesome) users can really move the needle against efforts like this, or at least we shouldn't count on them to.

A blacklist need to have a threshold, otherwise it's meaningless (you could distribute taint to people you don't like, if you happen to have tainted coins). If the percentage of taint is below a certain level, you can't really consider that input as linked to the originally tainted output.

And concerning the fact that most mixers would contain mostly tainted coins, even if that becomes the case, they would still be able to cover tracks.
Let's say a non-violent, honest individual does something perfectly ethical but which governments tend to punish, like, say, not paying taxes, selling cocaine or whatever. If governments manage to identify a particular address as participant in a particular "made-up crime", they'll taint it for that reason. If the said individual mixes his coins enough, even if in the end he gets lots of tainted coins still, the original reason his coins got tainted for is practically lost. Yes, there may still be lots of tainting in his coins, for many different reasons, what indicates with a decent probability that he did something the government does not approve. But you can't really know what. Legally, they can't hold anything on him, other than the fact that he probably tried to cover his money tracks. Yeah, perhaps they can criminalize that with some scary wording like "money laundering". But, well, if wallets do it automatically on the background once in a while, it would be hard to criminalize it.

Also, there would probably be multiple different blacklists. Victims of one particular blacklist have an interest in working together with victims of other blacklists in order to mix their coins. Assuming the place you want to spend your coins block coins from blacklist A but not blacklist B, exchanging your taint from A to B would make you clean.

Further on, from an tyrannical surveillance POV, blacklists don't easily allow a government to know everything you do with your money. Whitelists allow them to track each little spending of yours. When they control your money, they control you.

Anyways, I'm not trying to say that blacklists offer no danger and that people should not try to fight them, quite on the contrary. I'm just trying to point the fact that it's easier to work around them, when compared to whitelists. Mandatory whitelists could render the Bitcoin payment network almost as awful as credit cards. We'd still have an inflation-proof currency, what's great, but the payment network value would considerably decrease.

[Luckybit]

http://www.forbes.com/sites/kashmirhill/2013/11/13/sanitizing-bitcoin-coin-validation/

Its based on significant misunderstanding about bitcoins value proposition - destroy its fungibility and the costs float up to meet credit cards and paypal.

It is also a ridiculous approach.  If they want to certify users, they should do that as optional KYC, AML certificates that regulated merchants in respective jurisdictions can request, which could be attached to wallets/identities, not to fully fungible coins.  The certificates should be non-transitive they attest to the identity of the user, not the coins.  They should be optionally sent - if the recipient does not request it, it is privacy destructive and a security risk to send identifying information to unregulated businesses and individuals.

Their technical representatives of Coin Validation should be ashamed.  How can someone who doesnt understand a concept as basic as fungibility and its relation to transaction costs, and the difference between identity and coins hope to exist in this ecosystem.  

What they are proposing so far at least as explained by the Forbes article is stupid, dangerous and just wrong.  

I am also incensed frankly that someone would step into the market with such a muddle-headed thinking, and attempt to sabotage or destroy the core bitcoin feature that gives its value, where the value has been created by Satoshi and a cast of millions of man-hours of contributions of the community and technical wizards developing it mostly on volunteer time.  I am not someone prone to swearing, but this is astonishingly stupid and dangerous.   Please stop now.  In the article it is claimed they sought advice from the Winklevoss twins, if the twins value their estimated $30million bitcoin holding they should advise them to stop: if fungibility is destroyed bitcoins value as a transaction currency is impacted.  

I encourage anyone with technical skills to put their thinking caps on to find ways to increase fungibility in the short term like CoinJoin, coin control in wallets, helping less technical people migrate to better wallets, educating people about privacy practices that defend fungibility.  And longer term privacy technologies like zero coin, homomorphic encrypted value and committed (hidden) transactions.

I encourage all bitcoin businesses to shun Coin Validation unless we see some major U-turn or corrections.  If your business depends on the success bitcoin, it depends on the fungibility of bitcoin, and Coin Validation seem to be set on destroying both.

You can quote me on that.

I welcome Coin Validations corrections of the claims in the Forbes article.  Tell me you were misquoted.

Adam

ps For people who have no idea who http://cypherspace.org/adam/ I am https://bitcointalk.org/index.php?topic=225463.msg237167 , my small part in bitcoin is I invented distributed mining in 1997 https://en.bitcoin.it/wiki/Hashcash (you can find the reference in Satoshi's paper) and worked on opensource ecash & crypto currency research & implementation for about a decade alongside Wei Dai & Hal Finney & others.

I agree with a lot of what you have to say but how can we have transparency with privacy?

For instance if I want to claim my transactions under a pseudo-nym as being transactions I have made then this would be possible with a digital signature and public key. It is also possible that I could have that digital signature verified by Coinbase. My personal identifiable information does not need to be shared with anyone other than Coinbase and then Coinbase could verify me and all of my transactions would be connected to a real world identity. My public key could be uploaded to a decentralized blockchain/database along with a verified digital signature.

I don't really like the idea of tainting coins but no one is offering a better alternative either. So what is an alternative idea which does not involve tainting coins which can preserve privacy, pseudo-anonymity and fungibility while also removing bank secrecy and providing transparency?

I think in order to have democracy we cannot have bank secrecy and must have transparency. In order to combat institutionalized corruption we must have the ability to follow the money trail and this means transparency. So I don't want to remove the ability of the community to use the tactic of sousveillance to investigate itself and I do not want to remove the ability of law enforcement to investigate (with the cooperation of the global Bitcoin community).

I want the ability to be able to claim my transactions under a pseudo-anonymous but verified identity so that I can be cleared if there is an investigation. Is it possible to do this?

[Luckybit]

Reality,

Boycotting won't stop them.  We need to put our thinking caps on, as Adam said, and figure out a better solution.  It seems the dark wallet and mixes is the best option.  If we figure out now what will fix the problem, we can popularize it while the coin is still young.

All of these sorts of reactions only will make the situation worse. Darkwallet is not a solution, it's a patch.
We have a legitimate requirement for transparency and the ability to investigate the blockchain.

Whether it's journalists trying to uncover corruption, or law enforcement, or members of a community trying to determine whether or not to vote for certain politicians. If we do not focus on solving the problem of institutional corruption then Darkwallet will be used by the corrupt institutions to maintain their corruption.

The same technology you build for anonymity to be used by you could also be used by the people in power to control you through corrupting your community with bribes and other tactics. So no I don't think Darkwallet will fix anything. It does produce greater privacy but it also removes the ability to follow the money trail which enables and helps the corrupt individuals already in power.

If a law enforcement officer is corrupt and taking bribes behind the scenes I'm sure Darkwallet will be what they'd use. We need the ability to apply sousveillance to follow the money trail to the corrupt police officer so I'm on the side of transparency.

But I'm also on the side of privacy. I don't think every coin should be subject to scrutiny. I don't think every transaction should be carefully analyzed by law enforcement to determine whether or not a crime took place. The reason is that if you allow that then whoever has enough power to hire private investigators can simply watch their political enemies until they commit a crime and then the private investigator can pass the evidence to law enforcement.

So we must care about privacy to protect the community from fishing expeditions but we also have to care about transparency to protect the community from institutionalized corruption, hackers, scams, etc. We need a balanced approach which attempts to solve the problem while upholding both of these critical ideals.

Darkwallet is good for hackers, for corrupt politicians, cops, and perhaps some paranoid individuals, but it can also be abused if taken too far. Balance is necessary.

[Carlton Banks]

how can we have transparency with privacy?

They're the logical opposite of one another. The likely answer is, not with this design.

[TraderTimm]

adam3us - I know you'll be flooded with replies, but I just wanted to say THANK YOU. You have perfectly encapsulated why Coin Verification is a bad idea, and I'll do my best to protest this and boycott the individuals and their associated businesses.

Mike Hearn, Yifu, etc.. you should be ashamed of yourselves for trying to undermine the core tenet of Bitcoin - FREEDOM.

[jedunnigan]

All previous addresses that received the coin are listed on the public blockchain ledger.  From what was said I believe Coin Validation plans to look at the history of the addresses associated with coins.  If your coin was used 10 transactions ago by a silk road user, (eg seen entering the silk road address) then likely implications are you will not be able to spend your coin on any site using their system.

They hope it will be viral, ie because you dont want to hold coins you cant spend, you may also refuse to accept coins they do not white list.  Having them validate your coins will not be free and the uncertainty arising from not knowing if your coins will suddenly become less spendable will create fungibility problems.

This is what I thought too, but now I am looking closer and it appears that Forbes may have misrepresented the tech. Read Alex's reddit posts from the previous day: http://www.reddit.com/user/alex_waters :

we're not planning on tracking coins... so go ahead and send coins to those coins

As mentioned above, if there were "clean coins" and "unclean coins" - we would quickly run out of clean coins. That is a ridiculous model that we have worried about for some time, and its advent is likely impossible.

It is very easy to taint "clean coins" with the current protocol - so that would be a fruitless endeavor to pursue.

Please stop confusing "clean coins" with KYC'd Bitcoin addresses.

I agree, KYC Bitcoin addresses != blacklist.

I think the quote you are referring to, and the one that has people upset is somewhat out of context. We are not looking to create a distinction for clean / unclean coins or even clean / unclean addresses for that matter. It is simple as you stated, creating a list of known addresses. This is something that has been thought about and worked on for years.

BIP 15 https://en.bitcoin.it/wiki/BIP_0015 is an example of how much this has been thought about. In fact, Satoshi himself originally thought about using IP addresses as an alternative to Bitcoin addresses, and it existed in the client for some time.

There was even some work done by some prominent core devs to explore using DNS or email addresses in conjunction with or as an alternative. Ultimately the new payment protocol was developed: https://bitcointalk.org/index.php?topic=300809.msg3225143#msg3225143

"Is this just about creating known addresses?" Yes

"Let's say I buy some coins on an exchange, and a couple hops ago they passed through some illicit site's wallet. Does your system track that?" No

"Am I going to be able to spend my coins with a company using your system?" Yes, I hope so

"Do I just have to send them to my personal known registered address first?" Probably, depending on how strict the company receiving them is about receiving coins from KYC'd addresses.

It is beginning to sound a bit more like what you proposed Adam.

[adam3us]

all its for is to increase the ability to see the source of funds. much like banks look at serial numbers of bank notes to see if they come up with flags that funds once got blacklisted/marked as part of a drugs cartel blackmarket

This is not about crime, nor identifying perpetrators, its about fungibility, they are (perhaps surprisingly) orthogonal payment system properties.


An electronic cash system, must have irrevocability, which as we discussed here is how bitcoin can achieve low cost and efficiency relative to credit cards & paypal.   Coin anonymity is necessary for fungibility, but that is strictly about fungibility, identity level privacy is separate.

Bitcoin makes attempts to achieve irrevocability via blockchain hardening (so it is expensive to undo or change the transaction) and also via using fresh addresses to add coin-level anonymity.  CoinJoin and mixes are technical solutions to improve on just using fresh addresses.


However that does not mean the user is anonymous.  The user is identified  because they have an identity, they interact with multiple coins and identify themselves to businesses.  Police investigators can ask normal businesses they interact with to identify them.  And users identify themselves via street address for delivery, IP address (unless using Tor), username/password on web site, and email address for receipt, bank account for exchange, AML/KYC identities at the exchanges, geo-location of their smart phone, IP address log of their DSL connection, and (without CoinJoin) because their payments link different addresses when a transaction is made using multiple coins, and change is given.

The bitcoin user is far from anonymous.  The full transaction log is public.  (Bitcoin really is not that private nor anonymous: if someone offered to make your bank account or credit card statement as public as bitcoin does we would be angry about it.)

As I said in the original post:

If they want to certify users, they should do that as optional KYC, AML certificates that regulated merchants in respective jurisdictions can request, which could be attached to wallets/identities, not to fully fungible coins.

Now in an ideal world how it is supposed to work is the fungibility/anonymity is secure like zerocoin.   And identity is managed between people sending and receiving bitcoin.  Many variants are possible:

1. public (everyone can see amount, and sender/recipient addresses - current bitcoin)
2. private (encrypted so only recipients see value and address information)
3. private but identified (encrypted between recipients, but recipient and/or sender is identified)

I prefer user choice of 2 or 3. We use SSL for web commerce for a reason, confidentiality of the transaction, and bitcoin does not encrypt transactions.  It means only parties to the communication see the value and decide what level of identification they want if any.  This supports buying ebooks without a dossier of what books you read.  Its no ones business.  And it supports AML/KYC for large for regulated businesses.  And identifying the customer account so the business can account eg with repeat customers.   And it supports criminal investigation also.  The police go subpoena information from businesses the criminal interacted with to track him down.  Same as in real life.

(This is what committed transactions try to do, though it so far has inefficiencies for SPV, and has imperfect privacy as people on the transaction see previous transactions; however it is much more efficient than zerocoin.)


The problem with Coin Validation arises because bitcoins coin-level fungibility/anonymity is imperfect, so it is somewhat possible to correlate users via coins.  It depends if the user follows technical advice, what wallet they use, and if they use coin privcacy enhancing tools like coinjoin.
There are two approaches: cryptography like zerocoin/committed tx; and stirring coins together like coinjoin and mixes - so their whitelist attempts see a jumble of spagetti and reject all transactions and so are ignored.  CoinJoin works now the others are future projects.

Bitcoin identification is also adhoc.  However any regulated bitcoin processor asks for AML.  Most business sites will have an address for delivery, an email for a receipt, an IP address from the web, cookies linking to other sites.  Hence my suggestion to them: issue AML certs in their jurisdiction that the user can show when requested its the sane way to do it within the architecture of an ecash system without destroying its fungibility and hence destroying the currency itself.

(btw fungibility to the other reader, has a second standard meaning: that each coin should be considered equal value).

the only difference is that coinvalidation will make it easier for bitstamp to recognise a 1-2-3-4-or 5 hop TXID as coming from a notorious website to then assess the requirement to report it to fincen.

I hope contrarily that to quote John Gilmore the internet views Coin Validation as censorship and routes around it.  Meaning the coin graph is stirred to a blur via coinjoin integration in all major clients, or Matthew Green & Ian Miers figure out a faster zerocoin or something else figures something else out.

Please do not feed the "oh but the criminals" meme.  We're not encouraging or facilitating crime.  Before it was shutdown silk road accounted for < 1% of transaction volume/month and falling.  Paper cash has worse statistics and is less traceable.   HSBC laundered $880m of dirty money for drug cartels and worse, and walked away with a fine, no sanctions.  http://www.reuters.com/article/2012/12/11/us-hsbc-probe-idUSBRE8BA05M20121211  

We just want an efficient fungible payment system that works without the reputation (equifax etc) costs and revocability (credit card charge backs, paypal freezes etc) that come with credit cards and paypal.   Do NOT invite currency destruction via fungibility attacks it WILL pull the costs up to credit cards and paypal levels.

Adam

[Luckybit]

how can we have transparency with privacy?

They're the logical opposite of one another. The likely answer is, not with this design.

No they are not logical opposites. Secrecy is the opposite of transparency. Privacy is not the same as secrecy.

Transactions should be private but not secret. If an investigation takes place it should be possible to follow a money trail. If there is secrecy in a system such as then then the secret money would have to show up somewhere.

So if politicians start dressing nice and driving in brand new cars, living beyond their means, then of course it's reasonable to consider the possibility that they could be taking a bribe. If you were a journalist trying to uncover all this then secrecy wouldn't help you. If information is private but not secret then it can be uncovered if you interview the right people or ask the right questions, but as a considerable enough cost that it couldn't be a situation where everyone is investigated by a machine.

At the same time most of us don't want to be associated with corrupt social networks, but that has nothing to do with fungibility. If Bitcoin is not fungible then you have dirty and clean Bitcoins and that cannot work. If Bitcoin is fungible then it means we don't have to care where our Bitcoins come from and this is a necessary requirement for Bitcoin.

[Carlton Banks]

how can we have transparency with privacy?

They're the logical opposite of one another. The likely answer is, not with this design.

No they are not logical opposites. Secrecy is the opposite of transparency. Privacy is not the same as secrecy.

Um, whatever you want to believe, then.

[Luckybit]

how can we have transparency with privacy?

They're the logical opposite of one another. The likely answer is, not with this design.

No they are not logical opposites. Secrecy is the opposite of transparency. Privacy is not the same as secrecy.

Um, whatever you want to believe, then.

It's semantic pedantry but it's still fact. Private information is your name, address, social security number, or whatever you don't want everyone to know. Secret information is a level higher than that. People will kill each other to protect secret information because the level of seriousness is higher.

Usually when you have networks of people in authority keeping secrets you have corruption of whatever that institution is. That is because you cannot vet anyone without a background check and you cannot trust anyone who has secrets. If a human being is in a position of authority then secrecy is risk.

While we don't need to know exactly what was transacted it's a good thing that we can see the movement of money. If a lot of people give money to a particular address that is something which should be known to anyone. We don't have to know who they all are to know that.

Personal information is your identity. Public information is a lot of people who use Bitcoins like to buy books. Private information is the particular books that you chose to buy. If you don't want the world to see what you chose to buy then you need pseudo-anonymity to mask your email address, personal information, etc. It is still important for a society to know that certain books are popular without knowing which individuals are buying the books.

[adam3us]

I don't really like the idea of tainting coins but no one is offering a better alternative either. So what is an alternative idea which does not involve tainting coins which can preserve privacy, pseudo-anonymity and fungibility while also removing bank secrecy and providing transparency?

Its a subtle point but there should ideally be two layers. 

A. Coin layer, the coin is anonymous and fungible (like zerocoin if they can get the CPU & storage efficiency and another issue fixed). 

B. User layer: the users send each other encrypted transactions for commercial sensitivity and user privacy, within the encryption the users identify to the degree they choose, if any.   If the recipient is a regulated, it asks for AML/KYC level identification.

Bitcoin is not so far able to meet this normal ecash design.

Bitcoin is cutting edge, the blockchain design is an elegant all-new design to handle double-spend protection for distributed ecash.   But it lost some crypto ecash features of fungibility via cryptographic blinding (Chaum) because they are harder to do in a distributed system.  As close as we have so far is the ZeroCoin proposal of Matthew Green & Ian Miers which improves on a 1999 paper by Sanders & Ta-Shma.

It is very complex to improve bitcoin features, to do it with practical efficiently, and to get them implemented securely, tested as rigorously as a jumbo jet autopilot, and deployed.  There are hard cryptography problems.  People are working on it as hard and as fast as they can, most of them volunteers but enthralled by the new possibilities bitcoin enables for society, with smart-contracts, user self-determination etc.

I think in order to have democracy we cannot have bank secrecy and must have transparency.

I think you have been reading too much David Brin    While corruption is bad, as Assange says, there should be transparency for the powerful, and privacy for the weak.  Current financial systems have the reverse.

In fact a further future, smart-contracts (that bitcoin includes an early version of) should allow rules to be apriori enforced.  This is because smart-contracts act like a scrupulously honest virtual AI that always follows the rules and cant be influenced.  Technically its just that all recipients of proceeds of contracts, and he network itself validate the transactions before they rely on the money.  But its a very powerful effect.  Mike Hearn made a presentation on smart contracts www.youtube.com/watch?v=mD4L7xDNCmA

I do think in principle we could build a future with less systemic risk, less scope for fraud with more sophisticated smart-contracts apriori enforcing rules.  It is better to prevent a crime than occasionally catch these people, and mostly they are smart-enough and connected-enough to avoid sanctions anyway.

In order to combat institutionalized corruption we must have the ability to follow the money trail and this means transparency.

Or strong legal protections and government funded support for whistle-blowers.  Whistle-blowers of corporate and government crimes should be lauded as heroes.  Take Snowden: should be nominated for Nobel prize, not grounded in Russia.

So I don't want to remove the ability of the community to use the tactic of sousveillance to investigate itself and I do not want to remove the ability of law enforcement to investigate (with the cooperation of the global Bitcoin community).

I think investigation should work as at present.  Subpoena people and businesses the criminal interacted with to track down.

I want the ability to be able to claim my transactions under a pseudo-anonymous but verified identity so that I can be cleared if there is an investigation. Is it possible to do this?

Typically the user can keep receipts and present them afterwards in event of dispute or to prove what happened.

Adam

[adam3us]

This is what I thought too, but now I am looking closer and it appears that Forbes may have misrepresented the tech. Read Alex's reddit posts from the previous day: http://www.reddit.com/user/alex_waters :

He probably is spinning PR or focusing on short-term implementation plans to avoid discussing the longer term plans discussed in the article.  If you read it with the PR-interpretation mindset its not so good.  

Whatever his intentions, he is not thinking through the implications or just selfishly doesnt care for quick buck reasons,  I dont know him so I cant tell.  Either way I think this will not end well.  I've been in the privacy tech / crypto business for 15 years, its quite common to encounter and have to navigate around people of all stripes: well meaning, neutral, dont care, and anti-privacy.  Even the ones that are neutral or well meaning often dont think about the long or even mid-term implications of what they are doing.  Thinking about implications is complex, requires concentration, deep understanding across many fields, and may conflict with short term objectives (ie rush something ill-thought-out but  "pragmatic" to get something out the door).  Sometimes making a buck even conflicts with user interests, or even the survival of the system.  Some of these people might even show concern and genuine remorse afterwards when it predictably blows up (to their genuine surprise because they didnt think more than the first chess move.)  Most probably though they'll be onto their next venture and pretend it never happened or more likely not even make the connection between their actions and the outcome.

The technology space is littered with implications from ill considered decisions.  Eg web pages are not signed, and jscript is not signed; a single server key is used for combined tunnel auth/encryption but no transferable signature on the content.  So people can hack servers and modify and replace code and steal eg jscript bitcoin wallets.

These things matter because architecture defines the internet.

“We don’t want to be the sheriff of the Bitcoin community. We just want to create an ecosystem of clean addresses.”

So first they want to identify clean addresses (from the forbes article).

Please stop confusing "clean coins" with KYC'd Bitcoin addresses.

And then they want to distance themselves from clean addresses (from reddit).

So whats a clean address?  Its one that according to them has not got taint on it according to some threshold they decide against some blacklist.  Seems squarely what we are talking about.
Thats my interpretation.  Waters or the other people at CoinValidation are welcome to clarify.

It is beginning to sound a bit more like what you proposed Adam.

The KYC part yes, the clean coins I am not so sure - they really do seem to think longer term that tracing coins is somehow a useful thing to do, which can only harm fungibility.  We may need a priority deployment of CoinJoin option into multiple clients before they get far with that.

DarkWallet could probably do with some funding help also.

Adam

[BittBurger]

How do we get Adams suggestions before the people who can make it happen?

-Burger-

[DoomDumas]

It is also a ridiculous approach.  If they want to certify users, they should do that as optional KYC, AML certificates that regulated merchants in respective jurisdictions can request, which could be attached to wallets/identities, not to fully fungible coins.  The certificates should be non-transitive they attest to the identity of the user, not the coins.  They should be optionally sent - if the recipient does not request it, it is privacy destructive and a security risk to send identifying information to unregulated businesses and individuals.

Their technical representatives of Coin Validation should be ashamed.  How can someone who doesnt understand a concept as basic as fungibility and its relation to transaction costs, and the difference between identity and coins hope to exist in this ecosystem.  

What they are proposing so far at least as explained by the Forbes article is stupid, dangerous and just wrong.  

Oh man, I'm sooooooo supporting you.

+1

This

Doing any sort of redlisting would destroy the essence of Bitcoin.

[charleshoskinson]

As a cryptographer who worked for a government agency that shall remain nameless, I agree completely with Adam's statements. Fungibility is a core tenet of our ecosystem and attacks upon it present massive challenges for us.

We need to take this threat seriously and react quickly with both innovation and education.

[kwest]

All I can say is that if we (the bitcoin community) survive this very serious threat, we will come out the other side much stronger and safer than we ever were before. Here's hoping we do.

This is a test of our abilities to stand together and solve our problems.. a bump in the road, but hopefully it won't make us crash and burn.

[charleshoskinson]

We will  survive and  get stronger. Bitcoin is an idea. Nothing is stronger than ideas that are necessary for both freedom and liberty. 

[Carlton Banks]

We will  survive and  get stronger. Bitcoin is an idea. Nothing is stronger than ideas that are necessary for both freedom and liberty. 

Novel use of cryptography will save us yet again. It will take many forms, and may be alot of work in some cases. But this brand of toothpaste will not go back in the tube.

[tvbcof]

Yep, and Mike Hearn really does not understand all this, despite his capabilities as a software engineer and systems designer. Show yourself, Mike. It's trial by fire time, you're gonna have to get this out of the way.
...

Baloney.

Mike has shown probably the highest level grasp of the system and foresight about things then almost anyone to date.  Much beyond Gavin's, for instance.  This dates back to before my interest in the system which happened in mid 2011.

Early on in some thread which was musing about how to destroy Bitcoin, I posited that an effective way might be to grow it and burn it out of it's (happily still) current phase as a distributed system.  Everything tells me that Mike's efforts have been to promote this outcome.  Unfortunately or fortunately depending on one's outlook, this is not going well.  The system is naturally moving to an 'off-chain' form because that is how it remains safe and scalable.  The low and defensible transaction rate remains sufficient to service the load even without 'excessive' fees.

[n8rwJeTt8TrrLKPa55eU]

For anyone in doubt as to what these guys are angling for.  Look how within hours of their first public appearance they are being solicited into the inner chamber at Mordor.  Opt-in, my arse.  Their endgame is personal fame and profit via endorsement and imposition through governments.

Matthew Mellon ‏@asliceofmellon
#coinvalidation meeting with Homeland Senate Comittee regarding Bitcoin http://instagram.com/p/gtm7bdvQHE/

https://twitter.com/asliceofmellon/status/401122715605934080

[Carlton Banks]

Yep, and Mike Hearn really does not understand all this, despite his capabilities as a software engineer and systems designer. Show yourself, Mike. It's trial by fire time, you're gonna have to get this out of the way.
...

Baloney.

Mike has shown probably the highest level grasp of the system and foresight about things then almost anyone to date.  Much beyond Gavin's, for instance.  This dates back to before my interest in the system which happened in mid 2011.

Early on in some thread which was musing about how to destroy Bitcoin, I posited that an effective way might be to grow it and burn it out of it's (happily still) current phase as a distributed system.  Everything tells me that Mike's efforts have been to promote this outcome.  Unfortunately or fortunately depending on one's outlook, this is not going well.  The system is naturally moving to an 'off-chain' form because that is how it remains safe and scalable.  The low and defensible transaction rate remains sufficient to service the load even without 'excessive' fees.

I can't tell from how you've worded this whether or not you're implying that Mike Hearn is actively seeking to undermine Bitcoin. Clarify.

[gmaxwell]

We have a legitimate requirement for transparency

Transparency is completely orthogonal. There is nothing preventing you from keeping transcripts of your own transactions, along with the signatures with the relevant keys to show that they are yours and present them to whomever you want.

The distinction is that you control that, it's not something being broadcast to the entire world... to every thief, every competitor, every nosy neighbor, every ex-spouse, etc.

The highly public transaction record in Bitcoin is unprecedented in financial systems. It is a weakness, but one that can be patched around, and not a virtue.

[tvbcof]

Yep, and Mike Hearn really does not understand all this, despite his capabilities as a software engineer and systems designer. Show yourself, Mike. It's trial by fire time, you're gonna have to get this out of the way.
...

Baloney.

Mike has shown probably the highest level grasp of the system and foresight about things then almost anyone to date.  Much beyond Gavin's, for instance.  This dates back to before my interest in the system which happened in mid 2011.

Early on in some thread which was musing about how to destroy Bitcoin, I posited that an effective way might be to grow it and burn it out of it's (happily still) current phase as a distributed system.  Everything tells me that Mike's efforts have been to promote this outcome.  Unfortunately or fortunately depending on one's outlook, this is not going well.  The system is naturally moving to an 'off-chain' form because that is how it remains safe and scalable.  The low and defensible transaction rate remains sufficient to service the load even without 'excessive' fees.

I can't tell from how you've worded this whether or not you're implying that Mike Hearn is actively seeking to undermine Bitcoin. Clarify.

Yes, that is what I am implying, but with the caveat it really depends on one's frame of reference.

Mike has been clear for years that a desirable solution is one with fairly fine-grained control of who uses the system and how, and a distributed system is obviously not a good way to achieve this.  This is not necessarily an invalid point of view.  I just strongly dis-agree that it is the right way to go.  It would damage the real utility of the solution in my conception of things.

[Carlton Banks]

Yep, and Mike Hearn really does not understand all this, despite his capabilities as a software engineer and systems designer. Show yourself, Mike. It's trial by fire time, you're gonna have to get this out of the way.
...

Baloney.

Mike has shown probably the highest level grasp of the system and foresight about things then almost anyone to date.  Much beyond Gavin's, for instance.  This dates back to before my interest in the system which happened in mid 2011.

Early on in some thread which was musing about how to destroy Bitcoin, I posited that an effective way might be to grow it and burn it out of it's (happily still) current phase as a distributed system.  Everything tells me that Mike's efforts have been to promote this outcome.  Unfortunately or fortunately depending on one's outlook, this is not going well.  The system is naturally moving to an 'off-chain' form because that is how it remains safe and scalable.  The low and defensible transaction rate remains sufficient to service the load even without 'excessive' fees.

I can't tell from how you've worded this whether or not you're implying that Mike Hearn is actively seeking to undermine Bitcoin. Clarify.

Yes, that is what I am implying, but with the caveat it really depends on one's frame of reference.

Mike has been clear for years that a desirable solution is one with fairly fine-grained control of who uses the system and how, and a distributed system is obviously not a good way to achieve this.  This is not necessarily an invalid point of view.  I just strongly dis-agree that it is the right way to go.  It would damage the real utility of the solution in my conception of things.

I agree that preservation of the distributed model should be the main long term goal. But this will have to be dictated by the limits of the tools we can use at a given point in time; without the development of SPV, alot of the real world utility would be missing from the picture right now. There is serious practical impediment to people downloading gigabytes of blockchain data to their phones, and Mike's work has bridged around the problem. But we can, of course, re-popularise full mobile nodes when technology catches up. The work-around will have served it's purpose, and supported a valuable bit of uptake and usability right when it was needed. We can hardly begrudge Mike for that.

If having Mike Hearn talking to the Washington control freaks is the bulwark we need between us and them for the medium term, then I'd rather it was someone who will do a believable job like he will, than someone doing a bad job of faking it. Unless he is actually Satoshi just enacting an elaborate gameplan  . Because he may as well be, the reality is that we can innovate our way out of whatever corner the government tries to paint us into, the discussions that have come out of this listing business have convinced me of that.

[tvbcof]

Yes, that is what I am implying, but with the caveat it really depends on one's frame of reference.

Mike has been clear for years that a desirable solution is one with fairly fine-grained control of who uses the system and how, and a distributed system is obviously not a good way to achieve this.  This is not necessarily an invalid point of view.  I just strongly dis-agree that it is the right way to go.  It would damage the real utility of the solution in my conception of things.

I agree that preservation of the distributed model should be the main long term goal. But this will have to be dictated by the limits of the tools we can use at a given point in time; without the development of SPV, alot of the real world utility would be missing from the picture right now. There is serious practical impediment to people downloading gigabytes of blockchain data to their phones, and Mike's work has bridged around the problem. But we can, of course, re-popularise full mobile nodes when technology catches up. The work-around will have served it's purpose, and supported a valuable bit of uptake and usability right when it was needed. We can hardly begrudge Mike for that.

I don't downplay Mike's work on this at all.  It was highly impressive and much needed.  Especially the database re-implementation which I believe he at least had a lot to do with.  That, in particular, was badly needed, but I kind of got the impression that it was mostly out of frustration because nobody else was doing it and he wanted the system to thrive so it could move on to the next stage.  The one we are looking down the barrel of now in fact.

I'm luke-warm about the SPV, but not because it isn't good work.  It just works against my personal philosophies of how I would like to see Bitcoin evolve.

If having Mike Hearn talking to the Washington control freaks is the bulwark we need between us and them for the medium term, then I'd rather it was someone who will do a believable job like he will, than someone doing a bad job of faking it. Unless he is actually Satoshi just enacting an elaborate gameplan  . Because he may as well be, the reality is that we can innovate our way out of whatever corner the government tries to paint us into, the discussions that have come out of this listing business have convinced me of that.

My point is that there is absolutely nothing new about Mike's proclivities here.  It matches perfectly with pretty much everything else he's said and done since I've been paying attention.  At least that is my read on things, and I pretty much always call it as I see it.

[btc4ever]

hear.  hear.    In fact, I wish that the 0.9 release had been focused on getting real anonymity into the system rather than a bunch of merchant tools.

coinjoin, privacy and fungibility need to be our priorities.  Mixing should be automatic and the common case, not the exception.

When that is solidly in place, then we can think about more tools for mass adoption.

I hope the dark wallet people get their system up fast, and also provide a nice API for developers.

I encourage anyone with technical skills to put their thinking caps on to find ways to increase fungibility in the short term like CoinJoin, coin control in wallets, helping less technical people migrate to better wallets, educating people about privacy practices that defend fungibility.  And longer term privacy technologies like zero coin, homomorphic encrypted value and committed (hidden) transactions.

[User705]

Coin Validation strikes to the heart of what Bitcoin is and that is who really owns your money/coins/assets.  The Bitcoin method which is anathema to the modern financial system requires no third party to validate your ownership rights.  It can be said that with such validation you don't truly own your money/coins/assets which benefits the current money controllers elite at the expense of users.  This proposal is a veiled attempt disguised as crime prevention to bring Bitcoin back down into the current system.  Not a surprise.  Bitcoin is either a monetary revolution or a ponzi trading card fad.  If it is a revolution then it is simply incompatible with the old system.  Jim Crow laws were separate but equal too.  I guess colored coins is an appropriate moniker then.

[gmaxwell]

Most bitcoiners are against address censorship. Software solutions are the defense and need to be built.

The strongest defense is complete immunity.

Within the design of Bitcoin today we cannot (yet) have the kind true anonymity which would make Bitcoin completely immune to censorship. Instead, Satoshi envisioned a system of pseudonymous addresses (Bitcoin.pdf (section 10: Privacy)) where your non-anonymity was inconsequential because the addresses were meaningless.

Unfortunately, to enact that vision original Bitcoin wallet software needed to use pay-to-ip-address to fetch a new address for every transaction. Pay to IP had issues and so it was largely replaced with addresses. Convenience and ignorance, distractions like vanity addresses caused people to begin constantly reusing addresses. Wallet software was release that made avoiding reuse hard or nearly impossible.  The vision of privacy through pseudonymous addresses has been broken, Bitcoin has lost its privacy. The result is that white/green/black/red/etc listing addresses is not technologically impossible in our ecosystem today.

But, no biggie, we can fix that. Tools like BIP32 let third parties generate fresh, never before used addresses for you without your help, etc.  Of course, this has been possible before, but there was no immediate benefit to fixing your privacy for the bulk of the users— who aren't paranoid enough to worry about their privacy. But to stop the colored lists we need the _default_ behavior of nearly everyone to be behavior that will make those lists ineffective. Only by changing what most users do can we gain immunity.

Thats why I think it's a good step forward that we now have a large mining pool (Eligius) experimentally giving priority to transactions which use never-before-used addresses. Now people who were squishy on the benefits of privacy and immunity to censorship (and the resulting loss of fungiblity) can get a concrete benefit from switching their software or practices to ones which improve everyone's privacy.

[justusranvier]

Unfortunately, to enact that vision original Bitcoin wallet software needed to use pay-to-ip-address to fetch a new address for every transaction. Pay to IP had issues and so it was largely replaced with addresses. Convenience and ignorance, distractions like vanity addresses caused people to begin constantly reusing addresses. Wallet software was release that made avoiding reuse hard or nearly impossible.  The vision of privacy through pseudonymous addresses has been broken, Bitcoin has lost its privacy. The result is that white/green/black/red/etc listing addresses is not technologically impossible in our ecosystem today.

When is Blockchain.info going to implement BIP32? They are the single worse offender when it comes to promoting address reuse.

[jedunnigan]

This is what I thought too, but now I am looking closer and it appears that Forbes may have misrepresented the tech. Read Alex's reddit posts from the previous day: http://www.reddit.com/user/alex_waters :

He probably is spinning PR or focusing on short-term implementation plans to avoid discussing the longer term plans discussed in the article.  If you read it with the PR-interpretation mindset its not so good.  

Whatever his intentions, he is not thinking through the implications or just selfishly doesnt care for quick buck reasons,  I dont know him so I cant tell.  Either way I think this will not end well.  I've been in the privacy tech / crypto business for 15 years, its quite common to encounter and have to navigate around people of all stripes: well meaning, neutral, dont care, and anti-privacy.  Even the ones that are neutral or well meaning often dont think about the long or even mid-term implications of what they are doing.  Thinking about implications is complex, requires concentration, deep understanding across many fields, and may conflict with short term objectives (ie rush something ill-thought-out but  "pragmatic" to get something out the door).  Sometimes making a buck even conflicts with user interests, or even the survival of the system.  Some of these people might even show concern and genuine remorse afterwards when it predictably blows up (to their genuine surprise because they didnt think more than the first chess move.)  Most probably though they'll be onto their next venture and pretend it never happened or more likely not even make the connection between their actions and the outcome.

The technology space is littered with implications from ill considered decisions.  Eg web pages are not signed, and jscript is not signed; a single server key is used for combined tunnel auth/encryption but no transferable signature on the content.  So people can hack servers and modify and replace code and steal eg jscript bitcoin wallets.

These things matter because architecture defines the internet.

“We don’t want to be the sheriff of the Bitcoin community. We just want to create an ecosystem of clean addresses.”

So first they want to identify clean addresses (from the forbes article).

Please stop confusing "clean coins" with KYC'd Bitcoin addresses.

And then they want to distance themselves from clean addresses (from reddit).

So whats a clean address?  Its one that according to them has not got taint on it according to some threshold they decide against some blacklist.  Seems squarely what we are talking about.
Thats my interpretation.  Waters or the other people at CoinValidation are welcome to clarify.

It is beginning to sound a bit more like what you proposed Adam.

The KYC part yes, the clean coins I am not so sure - they really do seem to think longer term that tracing coins is somehow a useful thing to do, which can only harm fungibility.  We may need a priority deployment of CoinJoin option into multiple clients before they get far with that.

DarkWallet could probably do with some funding help also.

Adam

Thank you for that thoughtful analysis. There are clearly mixed signals being sent; given their limited response it appears that they may purposely disseminating varying information to create a smoke screen while they speak with the DHS.

Either way, like you I am deeply concerned and the community response to this will make or break this moment. Interesting times ahead; this is good that this is happening now, we need to face these hurdles.

[tspacepilot]

Almost everything I've read on Forbes about bitcoins has been misguided or wrong.

[btcdrak]

Unfortunately, to enact that vision original Bitcoin wallet software needed to use pay-to-ip-address to fetch a new address for every transaction. Pay to IP had issues and so it was largely replaced with addresses. Convenience and ignorance, distractions like vanity addresses caused people to begin constantly reusing addresses. Wallet software was release that made avoiding reuse hard or nearly impossible.  The vision of privacy through pseudonymous addresses has been broken, Bitcoin has lost its privacy. The result is that white/green/black/red/etc listing addresses is not technologically impossible in our ecosystem today.

When is Blockchain.info going to implement BIP32? They are the single worse offender when it comes to promoting address reuse.

Create pressure on reddit....

[amincd]

It is also a ridiculous approach.  If they want to certify users, they should do that as optional KYC, AML certificates that regulated merchants in respective jurisdictions can request, which could be attached to wallets/identities, not to fully fungible coins.  The certificates should be non-transitive they attest to the identity of the user, not the coins.

+1

If they take Adam's advice and change their approach, they will have proven that they're not out to harm Bitcoin. If they don't, then it's evident they don't care about Bitcoin.

[adam3us]

[...]The bitcoin user is far from anonymous.  The full transaction log is public.  (Bitcoin really is not that private nor anonymous: if someone offered to make your bank account or credit card statement as public as bitcoin does we would be angry about it.) [...] It means only parties to the communication see the value and decide what level of identification they want if any.  This supports buying ebooks without a dossier of what books you read.  Its no ones business.  And it supports AML/KYC for large for regulated businesses.  And identifying the customer account so the business can account eg with repeat customers.   And it supports criminal investigation also.  The police go subpoena information from businesses the criminal interacted with to track him down.  Same as in real life.

This thread has focused on technical reasons why coin-level privacy is necessary for fungibility and bitcoins value (and that CoinValidations proposals seem likely to sabotage both).  

User level identity privacy was mentioned in passing above.  Privacy does not prevent legal investigation.  The system of courts and subpoenas for information, is societies way of balancing and asking unrelated people to disclose information that may hep track a crime.  

A better background explanation of the motivation and reason society includes privacy as a fundamental human right, and why financial privacy is actually important and necessary for individuals, businesses and finance to function is given by gmaxwell on this thread.  

[...fungibiility...]
Financial privacy is an essential criteria for the efficient operation of a free market: if you run a business, you cannot effectively set prices if your suppliers and customers can see all your transactions against your will. You cannot compete effectively if your competition is tracking your sales.  Individually your informational leverage is lost in your private dealings if you don't have privacy over your accounts: if you pay your landlord in Bitcoin without enough privacy in place, your landlord will see when you've received a pay raise and can hit you up for more rent.

Financial privacy is essential for personal safety: if thieves can see your spending, income, and holdings, they can use that information to target and exploit you. Without privacy malicious parties have more ability to steal your identity, snatch your large purchases off your doorstep, or impersonate businesses you transact with towards you... they can tell exactly how much to try to scam you for.

Financial privacy is essential for human dignity: no one wants the snotty barista at the coffee shop or their nosy neighbors commenting on their income or spending habits. No one wants their baby-crazy in-laws asking why they're buying contraception (or sex toys). Your employer has no business knowing what church you donate to. Only in a perfectly enlightened discrimination free world where no one has undue authority over anyone else could we retain our dignity and make our lawful transactions freely without self-censorship if we don't have privacy.

Most importantly, financial privacy isn't incompatible with things like law enforcement or transparency. You can always keep records, be ordered (or volunteer) to provide them to whomever, have judges hold against your interest when you can't produce records (as is the case today).  None of this requires _globally_ visible public records.

Globally visible public records in finance are completely unheard-of. They are undesirable and arguably intolerable. The Bitcoin whitepaper made a promise of how we could get around the visibility of the ledger with pseudonymous addresses, but the ecosystem has broken that promise in a bunch of places and we ought to fix it. Bitcoin could have coded your name or IP address into every transaction. It didn't. The whitepaper even has a section on privacy. It's incorrect to say that Bitcoin isn't focused on privacy. Sufficient privacy is an essential prerequisite for a viable digital currency.

So, again, I ask—let's see your bank records; I'm sure there is an export to CSV.  Mtgox transaction dumps? Stock trading accounts. Let's see you—even just you—post all this before you presume to say that you think that's what the public wants forced on everyone.

Adam

[bitjoint]

http://www.forbes.com/sites/kashmirhill/2013/11/13/sanitizing-bitcoin-coin-validation/

Its based on significant misunderstanding about bitcoins value proposition - destroy its fungibility and the costs float up to meet credit cards and paypal.

It is also a ridiculous approach.  If they want to certify users, they should do that as optional KYC, AML certificates that regulated merchants in respective jurisdictions can request, which could be attached to wallets/identities, not to fully fungible coins.  The certificates should be non-transitive they attest to the identity of the user, not the coins.  They should be optionally sent - if the recipient does not request it, it is privacy destructive and a security risk to send identifying information to unregulated businesses and individuals.

Their technical representatives of Coin Validation should be ashamed.  How can someone who doesnt understand a concept as basic as fungibility and its relation to transaction costs, and the difference between identity and coins hope to exist in this ecosystem.  

What they are proposing so far at least as explained by the Forbes article is stupid, dangerous and just wrong.  

+1000

Adam for president!!!

[qwk]

WE CAN FIGHT THIS, though. With the miners. Miners must be encouraged to reject clean addresses from the blockchain, it's the only way to kill this.

Rejecting "clean" addresses would be the same as blacklisting, though.
I don't see how fighting fire with fire will get us anywhere close to a solution of the underlying problem.

[wtfvanity]

I think Satoshi's arguments should be seriously entertained. Adam has spent many years, long before Bitcoin, developing the proof of work idea and continues today to stand for the principles of the bitcoin white paper. Of course, Bitcoin is going to change. The original implementation has developed considerably. Keep up the good fight Adam.

[Carlton Banks]

WE CAN FIGHT THIS, though. With the miners. Miners must be encouraged to reject clean addresses from the blockchain, it's the only way to kill this.

Rejecting "clean" addresses would be the same as blacklisting, though.
I don't see how fighting fire with fire will get us anywhere close to a solution of the underlying problem.

Same concept, specific target.

All listing is political, it's just that the proposition is to use listing to enforce identity. Not my political opinion, not complying. Most people agree on basic morals, but the trouble is that some people try to conflate morals with political opinions. If using money anonymously were such a big problem all on it's own, fiat cash would be banned.

This is DESIGNED to act as a digital cash system. That was always the point. Buyer beware. If you can't handle the risk and responsibility, using your intellect, of being scammed or robbed then don't get involved. Everyone, all the way from the main Qt wallet's lead developer all the way out to the conservative financial press, says this is a risky system. 

[notthematrix]

Clean bitcoins PLEASE , it is not possible to do this its a misunderstanding of the protocol.
why?
Bitcoins dont MOVE ...... its like http://quezi.com/14671 YAP STONE MONEY , in 2 weeks all bitcoins are dirty
its like the coke traces on the $ bill! 96% has them.....
But new billes can be printed new bitcoins CANT.

 

[Voodah]

100% Agree.

+1

[xavier]

Coin Validation strikes to the heart of what Bitcoin is and that is who really owns your money/coins/assets.  The Bitcoin method which is anathema to the modern financial system requires no third party to validate your ownership rights.  It can be said that with such validation you don't truly own your money/coins/assets which benefits the current money controllers elite at the expense of users.  This proposal is a veiled attempt disguised as crime prevention to bring Bitcoin back down into the current system.  Not a surprise.  Bitcoin is either a monetary revolution or a ponzi trading card fad.  If it is a revolution then it is simply incompatible with the old system.  Jim Crow laws were separate but equal too.  I guess colored coins is an appropriate moniker then.

Massive +1

Coin Validation really has the potential to screw up bitcoin. Anybody who has invested in or holds bitcoin should be worried.

If bitcoin looses its fungability and becomes centralized , it becomes no different from existing payment mechanisms. It can be manipulated at will by a third party elite.

For me , this is a big "plus one" for alt coins. Really, it's no surprise to me that the Litecoin price has doubled alongside the posting of this article.

I have said from the beginning that the Bitcoin Foundation would be the death of bitcoin. The biggest risk to bitcoin has always been it implodes, and we are seeing it begin now.

The biggest oportunity now is for someone to implement Zerocoin or CoinJoin (I am not familiar with CoinJoin, but I understand it is an anonymity mechanism) into an alt coin, to make up for bitcoins failiure in this regard. We need a currency that cannot be manipulated by any elites or manipulators. Bitcoin came close to that, but sadly it looks like it will never arrive. Right now, the door is wide open for an alt coin to take the stage like never before.

Things are starting to get interesting.

[virtualmaster]

http://www.forbes.com/sites/kashmirhill/2013/11/13/sanitizing-bitcoin-coin-validation/

Its based on significant misunderstanding about bitcoins value proposition - destroy its fungibility and the costs float up to meet credit cards and paypal.

It is also a ridiculous approach.  If they want to certify users, they should do that as optional KYC, AML certificates that regulated merchants in respective jurisdictions can request, which could be attached to wallets/identities, not to fully fungible coins.  The certificates should be non-transitive they attest to the identity of the user, not the coins.  They should be optionally sent - if the recipient does not request it, it is privacy destructive and a security risk to send identifying information to unregulated businesses and individuals.

Their technical representatives of Coin Validation should be ashamed.  How can someone who doesnt understand a concept as basic as fungibility and its relation to transaction costs, and the difference between identity and coins hope to exist in this ecosystem.  

What they are proposing so far at least as explained by the Forbes article is stupid, dangerous and just wrong.  

I am also incensed frankly that someone would step into the market with such a muddle-headed thinking, and attempt to sabotage or destroy the core bitcoin feature that gives its value, where the value has been created by Satoshi and a cast of millions of man-hours of contributions of the community and technical wizards developing it mostly on volunteer time.  I am not someone prone to swearing, but this is astonishingly stupid and dangerous.   Please stop now.  In the article it is claimed they sought advice from the Winklevoss twins, if the twins value their estimated $30million bitcoin holding they should advise them to stop: if fungibility is destroyed bitcoins value as a transaction currency is impacted.  

I encourage anyone with technical skills to put their thinking caps on to find ways to increase fungibility in the short term like CoinJoin, coin control in wallets, helping less technical people migrate to better wallets, educating people about privacy practices that defend fungibility.  And longer term privacy technologies like zero coin, homomorphic encrypted value and committed (hidden) transactions.

I encourage all bitcoin businesses to shun Coin Validation unless we see some major U-turn or corrections.  If your business depends on the success bitcoin, it depends on the fungibility of bitcoin, and Coin Validation seem to be set on destroying both.

You can quote me on that.

I welcome Coin Validations corrections of the claims in the Forbes article.  Tell me you were misquoted.

Adam

ps For people who have no idea who http://cypherspace.org/adam/ I am https://bitcointalk.org/index.php?topic=225463.msg237167 , my small part in bitcoin is I invented distributed mining in 1997 https://en.bitcoin.it/wiki/Hashcash (you can find the reference in Satoshi's paper) and worked on opensource ecash & crypto currency research & implementation for about a decade alongside Wei Dai & Hal Finney & others.

Correct. I fully agree with you Adam..
If Bitcoin will be not fungible than it is like forking it in more parts.
When the USA makes his blacklist, whitelist, redlist, greenlist, then China and Russia will do it also.
Then we must look for each coin that could be:
USA - black, China - white, Russia - red
USA - white, China - red, Russia - green
Than you must check every time where we pay in what country is and on what list are the coins in this country.
That could be even worse. This lists could be hidden so you transfer your coins and they will be confiscated.
This coins will be then used to confiscate new coins and to finance drone killings in sovereign countries or to finance secret operations to overthrow legitimate governments.

[jedunnigan]

This is what I thought too, but now I am looking closer and it appears that Forbes may have misrepresented the tech. Read Alex's reddit posts from the previous day: http://www.reddit.com/user/alex_waters :

He probably is spinning PR or focusing on short-term implementation plans to avoid discussing the longer term plans discussed in the article.  If you read it with the PR-interpretation mindset its not so good.  

Whatever his intentions, he is not thinking through the implications or just selfishly doesnt care for quick buck reasons,  I dont know him so I cant tell.  Either way I think this will not end well.  I've been in the privacy tech / crypto business for 15 years, its quite common to encounter and have to navigate around people of all stripes: well meaning, neutral, dont care, and anti-privacy.  Even the ones that are neutral or well meaning often dont think about the long or even mid-term implications of what they are doing.  Thinking about implications is complex, requires concentration, deep understanding across many fields, and may conflict with short term objectives (ie rush something ill-thought-out but  "pragmatic" to get something out the door).  Sometimes making a buck even conflicts with user interests, or even the survival of the system.  Some of these people might even show concern and genuine remorse afterwards when it predictably blows up (to their genuine surprise because they didnt think more than the first chess move.)  Most probably though they'll be onto their next venture and pretend it never happened or more likely not even make the connection between their actions and the outcome.

The technology space is littered with implications from ill considered decisions.  Eg web pages are not signed, and jscript is not signed; a single server key is used for combined tunnel auth/encryption but no transferable signature on the content.  So people can hack servers and modify and replace code and steal eg jscript bitcoin wallets.

These things matter because architecture defines the internet.

“We don’t want to be the sheriff of the Bitcoin community. We just want to create an ecosystem of clean addresses.”

So first they want to identify clean addresses (from the forbes article).

Please stop confusing "clean coins" with KYC'd Bitcoin addresses.

And then they want to distance themselves from clean addresses (from reddit).

So whats a clean address?  Its one that according to them has not got taint on it according to some threshold they decide against some blacklist.  Seems squarely what we are talking about.
Thats my interpretation.  Waters or the other people at CoinValidation are welcome to clarify.

It is beginning to sound a bit more like what you proposed Adam.

The KYC part yes, the clean coins I am not so sure - they really do seem to think longer term that tracing coins is somehow a useful thing to do, which can only harm fungibility.  We may need a priority deployment of CoinJoin option into multiple clients before they get far with that.

DarkWallet could probably do with some funding help also.

Adam

He has responded to you directly and confirmed my suspicions, although I am with you that this is probably just a primer and we will start slipping down the slope in no time.

[jonat3]

Can't we just build a digital version of something like how the cascasius coins work? With those coins, it's useless to whitelist them, since these coins can change owners. Similarly, instead of using coinmixing, do something like address mixing, where the participants can securely trade their addresses (ideally, with these addresses having the same amount of BC), where these addresses switch owners. Doesn't this essentially solve the problem of whitelisting and blacklisting? The only problem is that the ones doing the switch must be made unaware of what the private keys are, so they don't have access to each other's wallets.

If there's anything wrong with this solution, I would like to know.

[adam3us]

He [Yifu] probably is spinning PR or focusing on short-term implementation plans to avoid discussing the longer term plans discussed in the article.  If you read it with the PR-interpretation mindset its not so good.  [...]
The KYC part yes, the clean coins I am not so sure - they really do seem to think longer term that tracing coins is somehow a useful thing to do, which can only harm fungibility.  We may need a priority deployment of CoinJoin option into multiple clients before they get far with that.

He [Waters] has responded to you directly and confirmed my suspicions, although I am with you that this is probably just a primer and we will start slipping down the slope in no time.

Yifu also responded via tweet.  Now Waters via reddit.  I responded to them on reddit and tweeted also.

https://twitter.com/adam3us/status/402370818232958976

http://www.reddit.com/r/Bitcoin/comments/1qmude/yifu_guo_is_conspiring_to_make_his_own_coins/cdgn3fu

Here is what I put on reddit.

From the Forbes article:

It’s a tracking system for Bitcoin ownership that would theoretically weed out ‘bad actors’ – like the Dread Pirate Roberts – from the legitimate Bitcoin business world. Their plan is to compile a database of the known identities associated with Bitcoin addresses in the hope that Coin Validation will become the one-stop-identity shop for law enforcement when trying to find out who’s doing something nefarious with Bitcoin, while providing a red-flag system for businesses who have customers trying to use Bitcoin that’s associated with illicit use.

Would you be able to explain how the above is not taint tracing? I know you and Yifu (who replied to me tweet) focus now on talking about the KYC, AML certs, however the majority of the article was actually about taint tracing/clean coins/red-flag, which seems something quite different and with potentially dangerous adverse effects on fungibility. The bad actors are not going to buy AML certs, and you cant provide "red flags" to businesses based on absence of AML certs. I do not think you can fairly characterize articulating the risks to fungibility of taint analysis based red-flags as FUD. It seems hard to reconcile the above forbes article quote with what you are now saying. It seems more like you are starting with AML, KYC certs (good) and considering taint-tracing (dangerously bad) for the longer term, and so choosing to focus more on the less controversial former and gloss over the forbes articulated longer term plans. I welcome your clarifications. I see someone posted my full comments and it has worked its way up to the forbes top comments.

Adam

[jago25_98]

When a new technology comes along fighting against it is always going to be an uphill battle.

In this case we're looking at the development of coin tracking. Like it or not there has been various heists and as a result of that people have started coin tracking. This has already happened. It is not a threat for the future, it is a threat that has already been applied. It may have been used by the FBI already.
(If only it was applied to the MyBitcoin wallet thefts and Mt.Gox thefts so I can get some of majority of coins lost back...)

When a technology such as coin tracking starts to come into play you have to go with the flow because fighting it is like trying to make water flow uphill or dam a river. It's better to divert it into something positive.
What would the interpretation of that be in this situation? That's where it gets interesting.

As a start I think the best thing to do is put coin tracking into the hands of community and democracy in order to prevent it from tyranny. In order to do that there has to be a way to easily share feelings of trust regards each address - a distributed credit rating... only this time it really is a credit rather an debit rating!

For anybody reading this thread not up to speed on the history there was a paper written on coin tracking... anyone have the link (I can't find it)?

[spooderman]

What of the coin validation project now? I see that this thread "expired" at least 120 days ago. I'm hoping that the community is moving in the "fungible, anonymous 1 btc = any other 1btc" direction. But idiots keep coming out from under rocks that want to turn bitcoin into more of an Orwellian nightmare.

[Carlton Banks]

The Mellon/Waters/Guo company has apparently dropped the idea. This is according to Matthew Mellon himself, in an interview with Max Keiser a couple of months ago.

That's not to say that someone else couldn't decide to do it. The idea of a commercial player doing so has too much negativity associated with it now, though.

[spooderman]

Great death to those who would destroy our currency of peace!

[Ragnarly]

There's still this guy.
http://www.reddit.com/r/Bitcoin/comments/241zk3/wouldnt_it_be_cool_to_have_a_centralized_service/

[jonald_fyookball]

As long as bitcoin code isn't changed, it's all good.  Let people create tracking services, labeling, etc. as outside layers looking at the blockchain.

you can't stop that anyway. (Blockchain already provides taint report)

Let the market decide if they will use those services.

[MarketNeutral]

The Mellon/Waters/Guo company has apparently dropped the idea. This is according to Matthew Mellon himself, in an interview with Max Keiser a couple of months ago.

That's not to say that someone else couldn't decide to do it. The idea of a commercial player doing so has too much negativity associated with it now, though.

I was unaware of this. Thank you for the update of this important topic.

[tspacepilot]

I'm also glad to see that sanity seems to be prevailing on the topic of coin validation/central authorities, etc.   Glad to hear the update, to be honest it had fallen off my radar which was not necessarily a good thing.