The TRUTH about Darkcoin: ZERO Anonymity, EASY DOS attacks, & Amateur code base!

[Zawamiya]

i agree that darkcoin can be easily crashed
someone can destroy it if he got a lot of mining power, and it won't cost a lot of money to do so

[thundertoe]

anon coins.. uhm no.

unless its so good you don't even know if you have your own coins lol....

check this video out for an idea how easy it can be with the right analysis to see right through mixing and obfuscation.

A Quantitative Analysis of Altcoins — Princeton Bitcoin seminar final project http://youtu.be/x23C1sQg6wQ

[stonehedge]

And so begins the promised barrage of FUD about Darkcoin that has been seen being planned in various IRC channels for the past few weeks.  Question is, why did ***** ***** choose 25th Feb for it to start?  And if you coin is better than Darkcoin then why not just win out by, er, being the better coin?

[solid12345]

And so begins the promised barrage of FUD about Darkcoin that has been seen being planned in various IRC channels for the past few weeks.  Question is, why did ***** ***** choose 25th Feb for it to start?  And if you coin is better than Darkcoin then why not just win out by, er, being the better coin?

If the best software won in life Windows wouldn't exist today unfortunately.

[mullick]

I normally stay well clear of these debates, for obvious reasons, but I do get frustrated when I see well-articulated responses from people who are clearly intelligent advocating this obviously broken architecture, mostly through much hand-waving and placating each other.

Masternodes have to be available and connected to in real time in order to be used. Mixing is based entirely on their availability. Thus, in order to control a substantial number of masternodes one merely has to own a handful, and make the rest of the masternode network unreachable.

For even a script-kiddie-level attacker these techniques and funds are easily found.

Need to render 1100 masternodes unreachable? No problem - SNMP amplification attacks will let you use a handful of boxes to amplify the bandwidth under your control. When a datacenter sees a clear flood of traffic for a particular IP address at the datacenter their response is always automatic and the same - their upstream data provider blackholes that IP address at the upstream bordergate. This means that you can use SNMP or DNS amplification attacks to render a dedicated machine (never mind a VPS) inoperable and unreachable to the outside world.

The most critical take away for you today is that this problem is unsolvable at the userland level. In other words, no matter how much dev worship there is there isn't a magical line of code that can be written that can prevent amplification attacks from devices and servers that are unrelated to and unconnected to the Darkcoin network. It is something that cannot be controlled or influenced.

The solution would literally be for Darkcoin to scrap masternodes and go back to the proverbial drawing board to find an architecture that uses passive blockchain mixing or similar, but I suspect it is too late and there are too many stubborn heads for that.

The problem I see with this is.

Say there are 1,240 master nodes on the network. Lets say they are each feeding off a 1Gb pipe

In order to take out 1,240 masternodes you would need at least 1,240Gbps sustained ddos attack. Pretty hard to pull off

You would also have to own a few masternodes to pull off the attack. Therefore making an sizeable investment. And then attempting to destory the value of that investment

Your essentially saying the bitcoin network is just as vulnerable. If thats the case you could ddos 1,240 pools and gain 51% hashing power. Its just not as easy as your making it seem I dont think

[barwizi]

Quite simply, unless the BTC price falls to 0.0001 and the cost of spinning up enough fire power to destroy the network becomes negligible, this simply wont happen.

The cost currently and probably alway will outweigh the benefits. If you wish to argue anonymity and some of the bad decisions , then yeah maybe you could prove something. The rest is just nonsense. 

[stopsigningbitch]

I normally stay well clear of these debates, for obvious reasons, but I do get frustrated when I see well-articulated responses from people who are clearly intelligent advocating this obviously broken architecture, mostly through much hand-waving and placating each other.

Masternodes have to be available and connected to in real time in order to be used. Mixing is based entirely on their availability. Thus, in order to control a substantial number of masternodes one merely has to own a handful, and make the rest of the masternode network unreachable.

For even a script-kiddie-level attacker these techniques and funds are easily found.

Need to render 1100 masternodes unreachable? No problem - SNMP amplification attacks will let you use a handful of boxes to amplify the bandwidth under your control. When a datacenter sees a clear flood of traffic for a particular IP address at the datacenter their response is always automatic and the same - their upstream data provider blackholes that IP address at the upstream bordergate. This means that you can use SNMP or DNS amplification attacks to render a dedicated machine (never mind a VPS) inoperable and unreachable to the outside world.

The most critical take away for you today is that this problem is unsolvable at the userland level. In other words, no matter how much dev worship there is there isn't a magical line of code that can be written that can prevent amplification attacks from devices and servers that are unrelated to and unconnected to the Darkcoin network. It is something that cannot be controlled or influenced.

The solution would literally be for Darkcoin to scrap masternodes and go back to the proverbial drawing board to find an architecture that uses passive blockchain mixing or similar, but I suspect it is too late and there are too many stubborn heads for that.

The problem I see with this is.

Say there are 1,240 master nodes on the network. Lets say they are each feeding off a 1Gb pipe

In order to take out 1,240 masternodes you would need at least 1,240Gbps sustained ddos attack. Pretty hard to pull off

You would also have to own a few masternodes to pull off the attack. Therefore making an sizeable investment. And then attempting to destory the value of that investment

Your essentially saying the bitcoin network is just as vulnerable. If thats the case you could ddos 1,240 pools and gain 51% hashing power. Its just not as easy as your making it seem I dont think

do you really think so? If someone wanted to destroy darkcoin's anonymity to say, catch someone whos engaging in illegal activity, then they(law enforcement) would probably have no issue ddosing all the masternodes, and what makes it even easier is that all the masternode's ip's are in the open.

[Anon136]

Darkcoin is prone to several cost-less DOS attacks that can destroy the whole network.

If its true do it and I'll pay you. I hold a certain interest in dark coin competition. Also it would be better for everyone involved if this monster was killed before it becomes any bigger and hurts even more people. But lets just say ill believe its THIS easy when i see it myself.

[barwizi]

I normally stay well clear of these debates, for obvious reasons, but I do get frustrated when I see well-articulated responses from people who are clearly intelligent advocating this obviously broken architecture, mostly through much hand-waving and placating each other.

Masternodes have to be available and connected to in real time in order to be used. Mixing is based entirely on their availability. Thus, in order to control a substantial number of masternodes one merely has to own a handful, and make the rest of the masternode network unreachable.

For even a script-kiddie-level attacker these techniques and funds are easily found.

Need to render 1100 masternodes unreachable? No problem - SNMP amplification attacks will let you use a handful of boxes to amplify the bandwidth under your control. When a datacenter sees a clear flood of traffic for a particular IP address at the datacenter their response is always automatic and the same - their upstream data provider blackholes that IP address at the upstream bordergate. This means that you can use SNMP or DNS amplification attacks to render a dedicated machine (never mind a VPS) inoperable and unreachable to the outside world.

The most critical take away for you today is that this problem is unsolvable at the userland level. In other words, no matter how much dev worship there is there isn't a magical line of code that can be written that can prevent amplification attacks from devices and servers that are unrelated to and unconnected to the Darkcoin network. It is something that cannot be controlled or influenced.

The solution would literally be for Darkcoin to scrap masternodes and go back to the proverbial drawing board to find an architecture that uses passive blockchain mixing or similar, but I suspect it is too late and there are too many stubborn heads for that.

The problem I see with this is.

Say there are 1,240 master nodes on the network. Lets say they are each feeding off a 1Gb pipe

In order to take out 1,240 masternodes you would need at least 1,240Gbps sustained ddos attack. Pretty hard to pull off

You would also have to own a few masternodes to pull off the attack. Therefore making an sizeable investment. And then attempting to destory the value of that investment

Your essentially saying the bitcoin network is just as vulnerable. If thats the case you could ddos 1,240 pools and gain 51% hashing power. Its just not as easy as your making it seem I dont think

do you really think so? If someone wanted to destroy darkcoin's anonymity to say, catch someone whos engaging in illegal activity, then they(law enforcement) would probably have no issue ddosing all the masternodes, and what makes it even easier is that all the masternode's ip's are in the open.

There are currently too many barriers for this kind of attack to even make sense. Even governments have spending oversight (lax as it is)
I'd like to see the agent in charge try to explain expenditure in the 10 million range , just to catch one or three traders of 50k worth of DRK.  

[stopsigningbitch]

I normally stay well clear of these debates, for obvious reasons, but I do get frustrated when I see well-articulated responses from people who are clearly intelligent advocating this obviously broken architecture, mostly through much hand-waving and placating each other.

Masternodes have to be available and connected to in real time in order to be used. Mixing is based entirely on their availability. Thus, in order to control a substantial number of masternodes one merely has to own a handful, and make the rest of the masternode network unreachable.

For even a script-kiddie-level attacker these techniques and funds are easily found.

Need to render 1100 masternodes unreachable? No problem - SNMP amplification attacks will let you use a handful of boxes to amplify the bandwidth under your control. When a datacenter sees a clear flood of traffic for a particular IP address at the datacenter their response is always automatic and the same - their upstream data provider blackholes that IP address at the upstream bordergate. This means that you can use SNMP or DNS amplification attacks to render a dedicated machine (never mind a VPS) inoperable and unreachable to the outside world.

The most critical take away for you today is that this problem is unsolvable at the userland level. In other words, no matter how much dev worship there is there isn't a magical line of code that can be written that can prevent amplification attacks from devices and servers that are unrelated to and unconnected to the Darkcoin network. It is something that cannot be controlled or influenced.

The solution would literally be for Darkcoin to scrap masternodes and go back to the proverbial drawing board to find an architecture that uses passive blockchain mixing or similar, but I suspect it is too late and there are too many stubborn heads for that.

The problem I see with this is.

Say there are 1,240 master nodes on the network. Lets say they are each feeding off a 1Gb pipe

In order to take out 1,240 masternodes you would need at least 1,240Gbps sustained ddos attack. Pretty hard to pull off

You would also have to own a few masternodes to pull off the attack. Therefore making an sizeable investment. And then attempting to destory the value of that investment

Your essentially saying the bitcoin network is just as vulnerable. If thats the case you could ddos 1,240 pools and gain 51% hashing power. Its just not as easy as your making it seem I dont think

do you really think so? If someone wanted to destroy darkcoin's anonymity to say, catch someone whos engaging in illegal activity, then they(law enforcement) would probably have no issue ddosing all the masternodes, and what makes it even easier is that all the masternode's ip's are in the open.

There are currently too many barriers for this kind of attack to even make sense. Even governments have spending oversight (lax as it is)
I'd like to see the agent in charge try to explain expenditure in the 10 million range , just to catch one or three traders of 50k worth of DRK.  

Really? 10million dollars is pocket change to a government that "controls" a country with a GDP of 17 trillion(America), and yearly budgets in the high multi- billions. I have no doubt in my mind that they would ddos darkcoin's masternodes if it meant that they could catch a serious drugdealer or terrorist for example. The difference between ddosing darkcoin and bitcoins nodes, is that darkcoin's masternodes is what gives darkcoin its "anonymity", and when those nodes are gone or limited(not a lot of nodes), its anonymity is gone as well.

[Btcvilla]

Darkcoin is such a scam. I never put a penny into it.

[illodin]

Darkcoin is prone to several cost-less DOS attacks that can destroy the whole network.

If its true do it and I'll pay you. I hold a certain interest in dark coin competition. Also it would be better for everyone involved if this monster was killed before it becomes any bigger and hurts even more people. But lets just say ill believe its THIS easy when i see it myself.

Cool, hiring someone to do criminal activities for your benefit - check with your momma first if she thinks it's a good idea.

[illodin]

do you really think so? If someone wanted to destroy darkcoin's anonymity to say, catch someone whos engaging in illegal activity, then they(law enforcement) would probably have no issue ddosing all the masternodes, and what makes it even easier is that all the masternode's ip's are in the open.

Problem for trying to deanonymize DRK by ddos'ing is that the coins are pre-anonymized before they can be used.

So people will have anonymous coins in their wallet, and someone starts the attack and manages to take out every masternode except their own. People will send their anonymous coins to purchase whatever, and the attacker will be none the wiser as the coins and transactions are already anonymous. At that point people would notice the number of masternodes dropping from > 2000 to 20 for example, and realize what's going on, and wouldn't try to anonymize their standard coins. I've suggested earlier that the wallet would automatically detect this and prevent the user from mixing their coins while the attack is going on, and I believe it's a feature that will come at some point. So, the outcome would be that someone has just spent a lot of time and resources for no gain.

[stopsigningbitch]

do you really think so? If someone wanted to destroy darkcoin's anonymity to say, catch someone whos engaging in illegal activity, then they(law enforcement) would probably have no issue ddosing all the masternodes, and what makes it even easier is that all the masternode's ip's are in the open.

Problem for trying to deanonymize DRK by ddos'ing is that the coins are pre-anonymized before they can be used.

So people will have anonymous coins in their wallet, and someone starts the attack and manages to take out every masternode except their own. People will send their anonymous coins to purchase whatever, and the attacker will be none the wiser as the coins and transactions are already anonymous. At that point people would notice the number of masternodes dropping from > 2000 to 20 for example, and realize what's going on, and wouldn't try to anonymize their standard coins. I've suggested earlier that the wallet would automatically detect this and prevent the user from mixing their coins while the attack is going on, and I believe it's a feature that will come at some point. So, the outcome would be that someone has just spent a lot of time and resources for no gain.

Absolutely not true. Please dont tell lies in an attempt to invalidate my words. This "pre-anonymization" is mixing, and mixing takes time(Ive used darksend before). If darkcoins anonymity was cut off, youd see all "premixed"(coins that havent been mixed yet) darkcoins, and be able to trace back all premixed darkcoins through the blockchain.

So again, you can end darkcoins "anonymity" and trace back the coins on the blockchain.

[illodin]

Absolutely not true. Please dont tell lies in an attempt to invalidate my words.

Ok, let's see..

This "pre-anonymization" is mixing

Yes, true so far..

and mixing takes time

Still true..

If darkcoins anonymity was cut off, youd see all "premixed"(coins that havent been mixed yet) darkcoins, and be able to trace back all premixed darkcoins through the blockchain.

Now this doesn't even make any sense. First of all, "premixed" coins are not "coins that havent been mixed yet". Second, if "anonymity was cut off" (I guess you mean the masternodes were all ddos'ed), that wouldn't help you to interpret the blockchain at all. The anonymous transactions that have already happened, stay anonymous. And the anonymous coins you already have, will be anonymous even if you send them while all the masternodes (except for the attacker's) are down.

[Anon136]

Darkcoin is prone to several cost-less DOS attacks that can destroy the whole network.

If its true do it and I'll pay you. I hold a certain interest in dark coin competition. Also it would be better for everyone involved if this monster was killed before it becomes any bigger and hurts even more people. But lets just say ill believe its THIS easy when i see it myself.

Cool, hiring someone to do criminal activities for your benefit - check with your momma first if she thinks it's a good idea.

Criminal? How? I mean if its some sort of crime than never mind. What law are you referencing?

[alani123]

Why do all accusative topics have to be self-moderated? I'm feeling like this is going to be like the "ltc is dead" topic where darkota deletes everything positive about litecoin.

[stonehedge]

This thread is gold to be honest.  I'll bump this in 6 months if nobody else has and we'll see what is what.

Most of the FUD is out of date, incorrect or just lies.  Why not pick on the real shortcomings of DRK?  Dark supporters discuss these issues openly and the dev team to do list gives a few more pointers towards real (fixable) problems.

Problem is that the truth is not inflammatory if everybody agrees with it and the issues are being dealt with.

[toknormal]

This thread is gold to be honest.  I'll bump this in 6 months if nobody else has and we'll see what is what.

Most of the FUD is out of date, incorrect or just lies.

Amen to that.

[solid12345]

The biggest weakness of Darkcoin I think is if the regime decides that coin tumbling is illegal and akin to money laundering and all it will take is a quick court order to go yank all those Amazon cloud servers hosting the Masternodes real fast.