Bitcoin Forum
November 19, 2024, 12:25:51 AM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Dark Wallet Certification  (Read 5593 times)
hivewallet (OP)
Sr. Member
****
Offline Offline

Activity: 378
Merit: 325


hivewallet.com


View Profile WWW
November 15, 2013, 01:59:01 AM
Last edit: November 15, 2013, 02:56:15 AM by grabhive
 #1

Ref: Let There Be Dark!

Greetings from Bitcoin Singapore!

Hive will be attending unSYSTEM's DarkWallet meeting in Milan on the week of the 24th. We propose that the outcome of this meeting be, at minimum, the establishment of a v1 "Dark Wallet Certification", a set of best-practice guidelines for wallets focused on decentralization and anonymity.

This topic is has been opened in order to get the community thinking about what exactly a "Dark Wallet" should be: We assume the use of Tor, CoinJoin, CoinSwap and other such developments. We assume the lack of centralized services wherever possible. We presume that we can evolve ideas about authentication (see the work of John Light, Joe Casico etc)... Still, our ignorance is vast and we would like to come armed at this meeting, with your feedback.

What ideas or thoughts do you all have?

Hive, a beautiful, secure wallet with an app platform for Mac OS X, Android and Mobile Web. Translators wanted! iOS and OS X devs see BitcoinKit.
Tweets @hivewallet. Skype us here. Donations appreciated at 1HLRg9C1GsfEVH555hgcjzDeas14jen2Cn
gmaxwell
Staff
Legendary
*
Offline Offline

Activity: 4284
Merit: 8808



View Profile WWW
November 15, 2013, 04:15:00 AM
 #2

I've been thinking some time that it would be good to have a certification— or more than one— for wallets, as I've been pretty disappointed by some of the feature gaps in some of the popular tools, especially in areas related to privacy.

It might be good to have a list of criteria that a wallet should meet, with each one traceable to ensuring the tool preserves the users privacy, security, and autonomy.  I think that in some cases the criteria should mandate specific techniques, while in other cases it should just mandate the effect.

E.g. instead of requiring it to use CoinJoin (or any specific implementation), instead it could be that it make it convenient and inexpensive to transact in a way which provides at least plausible deny-ability about the common ownership of inputs or the specific sources/destinations of payments.

hivewallet (OP)
Sr. Member
****
Offline Offline

Activity: 378
Merit: 325


hivewallet.com


View Profile WWW
November 15, 2013, 08:42:11 AM
 #3

I've been thinking some time that it would be good to have a certification— or more than one— for wallets, as I've been pretty disappointed by some of the feature gaps in some of the popular tools, especially in areas related to privacy.

It might be good to have a list of criteria that a wallet should meet, with each one traceable to ensuring the tool preserves the users privacy, security, and autonomy.  I think that in some cases the criteria should mandate specific techniques, while in other cases it should just mandate the effect.

E.g. instead of requiring it to use CoinJoin (or any specific implementation), instead it could be that it make it convenient and inexpensive to transact in a way which provides at least plausible deny-ability about the common ownership of inputs or the specific sources/destinations of payments.

Agreed.

About the non-requirement, why not just have it target some specific goals and specific technologies/implementations under the "Dark Wallet" certification, and simply update the standard as better methods are discovered? That does nothing to stop other certifications from coming into being, after all.

Hive, a beautiful, secure wallet with an app platform for Mac OS X, Android and Mobile Web. Translators wanted! iOS and OS X devs see BitcoinKit.
Tweets @hivewallet. Skype us here. Donations appreciated at 1HLRg9C1GsfEVH555hgcjzDeas14jen2Cn
tgerring
Full Member
***
Offline Offline

Activity: 142
Merit: 100


Hive/Ethereum


View Profile WWW
November 15, 2013, 03:46:34 PM
 #4

Piggybacking on gmaxwell's idea, perhaps we can come up with a list of DarkWallet expectations and keep a running list of who's implemented what, much like a feature compatibility matrix.

Maybe just surfacing the gaps in a very public way (wikis, websites, etc.) will help to create more awareness and the community will naturally gravitate towards those that implement a minimum feature set to ensure privacy, security, and usability.

Hive, a beautiful wallet for Mac OS X, now available for testing. Follow the story here.
BitcoinKit.framework and Tor.framework, now available to iOS and Mac OS X developers
Tweeting at @hivewallet. Donations appreciated at 142m1MpXHhymF4aASiWwYohe1Y55v5BQwc
genjix
Legendary
*
Offline Offline

Activity: 1232
Merit: 1076


View Profile
November 15, 2013, 04:35:59 PM
 #5

Maybe Dark Wallet can be one project, but unSYSTEM (the organisation) can have a set of basic principles for wallet developers about what we are working for, some practical advice and guidelines about doing certain things. They are voluntary but if you want to be part of the community, well you should be respecting and working for the people. It'd be cool to have other projects come join unSYSTEM and help establish a support network for Bitcoin projects and cool initiatives.
hivewallet (OP)
Sr. Member
****
Offline Offline

Activity: 378
Merit: 325


hivewallet.com


View Profile WWW
November 15, 2013, 09:55:18 PM
 #6

If you want to build a single product called "Dark Wallet" under a specific umbrella, more power to you Amir. That said, there's a pretty good reason to split certification, product and organization: Developers may not agree with the politics (or anti-politics) of the organization, but still appreciate the features. Being monolithic in that respect will likely just end up alienating a lot of legitimate use cases.

Hive, a beautiful, secure wallet with an app platform for Mac OS X, Android and Mobile Web. Translators wanted! iOS and OS X devs see BitcoinKit.
Tweets @hivewallet. Skype us here. Donations appreciated at 1HLRg9C1GsfEVH555hgcjzDeas14jen2Cn
Ecurb123
Full Member
***
Offline Offline

Activity: 182
Merit: 100


View Profile
November 16, 2013, 09:55:50 PM
 #7

I'm going to try to make it for at least a couple days. Being this is such a long running meeting, is there any sort of agenda being drawn up?
jedunnigan
Sr. Member
****
Offline Offline

Activity: 279
Merit: 250


View Profile
November 17, 2013, 04:18:47 AM
 #8

Someone's name needs to change. I like the idea of a standard vetted and approved by the community, but conflating the unSYSTEM project and the certification names is misleading and a bit odd.
didjaydisteele
Member
**
Offline Offline

Activity: 96
Merit: 10


All For Bitcoin!


View Profile
November 17, 2013, 04:32:48 AM
 #9

Is this free?
hivewallet (OP)
Sr. Member
****
Offline Offline

Activity: 378
Merit: 325


hivewallet.com


View Profile WWW
November 17, 2013, 11:52:35 AM
 #10

Someone's name needs to change. I like the idea of a standard vetted and approved by the community, but conflating the unSYSTEM project and the certification names is misleading and a bit odd.

Let's call it a tentative name then. Any suggestions for the long-term one?

More importantly, does anyone have anything to contribute to the meat and fabric of this discussion? It would really be nice if Peter Todd and gmaxwell could speak up here with more leading direction.

Hive, a beautiful, secure wallet with an app platform for Mac OS X, Android and Mobile Web. Translators wanted! iOS and OS X devs see BitcoinKit.
Tweets @hivewallet. Skype us here. Donations appreciated at 1HLRg9C1GsfEVH555hgcjzDeas14jen2Cn
jedunnigan
Sr. Member
****
Offline Offline

Activity: 279
Merit: 250


View Profile
November 17, 2013, 12:45:51 PM
 #11

Yea sorry that was a pretty empty comment on my part. I'll think of a name today.

Well, I guess we can start a running list of features a wallet that meets the standards support out of the box:
Like you said, CoinJoin, CoinSwap, most of the features of Bitcoin OMG (Coin Control, gmaxwell's privacy enhancement, etc...), extended public keys/HD wallets, and others I don't have time to list right now... will come back later.

Like gmaxwell said, none of these things should be forced on the end user, but should be available at the very least.

Is this mainly to enable network-wide privacy or are we trying to enforce more feature rich wallets in general? or both
corebob
Full Member
***
Offline Offline

Activity: 238
Merit: 100


View Profile
November 17, 2013, 12:57:50 PM
 #12


... We assume the lack of centralized services wherever possible...

What ideas or thoughts do you all have?

Can you, or anyone really, see a situation where this is not possible?
Peter Todd
Legendary
*
Offline Offline

Activity: 1120
Merit: 1160


View Profile
November 17, 2013, 09:07:30 PM
 #13

Touching on gmaxwell's point about whether or not features should be forced, I think we can divide the features into two main categories:

  • Individual protections: Anything where the strength of the protection is not dependent or is only "linearly" dependent on how many other people also use it. For instance local encryption of wallets, encryption of p2p communication channels, etc.
  • Communal protections: Anything where the protection is made significantly stronger as more people use it. Examples include CoinJoin, CoinSwap and mix networks.

Now what really distinguishes those two situations is that for the former, whether or not everyone adopts the same standard doesn't matter all that much, so a certification should be about what goals were achieved, not how.

However with the latter, there are really good reasons to try to get as many users on the same underlying protocol. For instance with CoinJoin/CoinSwap, you want the anonymity set to be all Bitcoin users, not "recent versions of electrum". This is especially important because CoinJoin won't get used if it's not convenient - the more people using it, the faster a join can be arranged and the more likely a casual user who mainly just wants his transaction to go through will be protected.

That doesn't mean every CoinJoin implementation has to be the same, but I do think we should make sure we come up with a lowest-common-denominator form of CoinJoin that is reasonable for any implementation to support and participate in. In this case I think we want the standard to eventually specify that common denominator explicitly.

hivewallet (OP)
Sr. Member
****
Offline Offline

Activity: 378
Merit: 325


hivewallet.com


View Profile WWW
November 18, 2013, 01:38:09 AM
 #14

I'm going to try to make it for at least a couple days. Being this is such a long running meeting, is there any sort of agenda being drawn up?

That's precisely what we are trying to encourage here.

Is this free?

The meeting or the certification? They are both free/should be free, presumably.

Hive, a beautiful, secure wallet with an app platform for Mac OS X, Android and Mobile Web. Translators wanted! iOS and OS X devs see BitcoinKit.
Tweets @hivewallet. Skype us here. Donations appreciated at 1HLRg9C1GsfEVH555hgcjzDeas14jen2Cn
crazy_rabbit
Legendary
*
Offline Offline

Activity: 1204
Merit: 1002


RUM AND CARROTS: A PIRATE LIFE FOR ME


View Profile
November 18, 2013, 03:19:39 AM
 #15

Who is going to implement certification? And check it? And enforce it? And Pay for it? Or is it just voluntary and you get to throw a gif up on your webpage that says your a member a-la Bitcoin foundation?

more or less retired.
moderate
Member
**
Offline Offline

Activity: 98
Merit: 10

nearly dead


View Profile
November 18, 2013, 03:55:03 AM
 #16

Who is going to implement certification? And check it? And enforce it? And Pay for it? Or is it just voluntary and you get to throw a gif up on your webpage that says your a member a-la Bitcoin foundation?

All idiotic questions, goes well along the idiotic topic's title.

What should be done instead is just create a page with the features expected for An (Vaporware) App With a Name I Like. Then if you make My App I Like Best with those features, you just say that you have all the features for that (Vaporware) App With a Name I Like with a reference to that page created previously.

After reading some of the comments here, I'm surprised that the bitcoin-qt client is still free and open source. Calling for certifications (even more than one, lol) is certainly a joke, a bad one.
hivewallet (OP)
Sr. Member
****
Offline Offline

Activity: 378
Merit: 325


hivewallet.com


View Profile WWW
November 18, 2013, 05:06:29 AM
 #17

Who is going to implement certification? And check it? And enforce it? And Pay for it? Or is it just voluntary and you get to throw a gif up on your webpage that says your a member a-la Bitcoin foundation?

Let's figure that out together. It will be discussed, so if you are not attending the Milan meeting and have some ideas, please throw them out here. What we can definitely tell you is that we would keep this as open and democratic as possible. Certification could be anointed by vote, or by self-appointment (with justification). Probably the latter is best, so we can spawn thousands of additional threads on bitcointalk where we bicker about this-or-that detail. Who knows.

All idiotic questions, goes well along the idiotic topic's title.

What should be done instead is just create a page with the features expected for An (Vaporware) App With a Name I Like. Then if you make My App I Like Best with those features, you just say that you have all the features for that (Vaporware) App With a Name I Like with a reference to that page created previously.

After reading some of the comments here, I'm surprised that the bitcoin-qt client is still free and open source. Calling for certifications (even more than one, lol) is certainly a joke, a bad one.

Are you interested in privacy, security and decentralization being a standard part of wallets? If so, please consider taking a less cynical attitude towards the proposal. It's understandable (especially lately) that there is a lot of fear and doubt lingering around, but on the other hand that's all the more reason to push forward. It may be that the initial attempt goes nowhere... But let's try.

And please see our comment above to crazy_rabbit. We don't yet know how this could be done without corruption in some respect, but openly discussing it without blind dismissal is surely the best way to figure that out, no?

*hug*

Hive, a beautiful, secure wallet with an app platform for Mac OS X, Android and Mobile Web. Translators wanted! iOS and OS X devs see BitcoinKit.
Tweets @hivewallet. Skype us here. Donations appreciated at 1HLRg9C1GsfEVH555hgcjzDeas14jen2Cn
moderate
Member
**
Offline Offline

Activity: 98
Merit: 10

nearly dead


View Profile
November 18, 2013, 05:11:01 AM
 #18


All idiotic questions, goes well along the idiotic topic's title.

What should be done instead is just create a page with the features expected for An (Vaporware) App With a Name I Like. Then if you make My App I Like Best with those features, you just say that you have all the features for that (Vaporware) App With a Name I Like with a reference to that page created previously.

After reading some of the comments here, I'm surprised that the bitcoin-qt client is still free and open source. Calling for certifications (even more than one, lol) is certainly a joke, a bad one.

Are you interested in privacy, security and decentralization being a standard part of wallets? If so, please consider taking a less cynical attitude towards the proposal. It's understandable (especially lately) that there is a lot of fear and doubt lingering around, but on the other hand that's all the more reason to push forward. It may be that the initial attempt goes nowhere... But let's try.


And why exactly do you believe certifications are the way to go here ? For this specifically I'm not taking into consideration any of the recent events, so you can scrap that from your line of thought towards me.
gmaxwell
Staff
Legendary
*
Offline Offline

Activity: 4284
Merit: 8808



View Profile WWW
November 18, 2013, 02:29:42 PM
 #19

Touching on gmaxwell's point about whether or not features should be forced, I think we can divide the features into two main categories:
  • Individual protections: Anything where the strength of the protection is not dependent or is only "linearly" dependent on how many other people also use it. For instance local encryption of wallets, encryption of p2p communication channels, etc.
  • Communal protections: Anything where the protection is made significantly stronger as more people use it. Examples include CoinJoin, CoinSwap and mix networks.
See also Eben's brilliant comments regarding privacy problems as an ecological disaster.
tgerring
Full Member
***
Offline Offline

Activity: 142
Merit: 100


Hive/Ethereum


View Profile WWW
November 18, 2013, 03:23:51 PM
 #20

And why exactly do you believe certifications are the way to go here ? For this specifically I'm not taking into consideration any of the recent events, so you can scrap that from your line of thought towards me.

In the end, "certifications" are a public knowledge campaign. How that's carried out remains to be seen, but I think we're all pretty open-minded here, so if you've got a more polished idea, we're all ears.

Hive, a beautiful wallet for Mac OS X, now available for testing. Follow the story here.
BitcoinKit.framework and Tor.framework, now available to iOS and Mac OS X developers
Tweeting at @hivewallet. Donations appreciated at 142m1MpXHhymF4aASiWwYohe1Y55v5BQwc
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!