A Business Primer on the Bitcoin Ecosystem - Erik Voorhees

[DublinBrian]

Under the section titled "Exchanges", one of the URLs is wrong. Bitstamp.com doesnt resolve. Their correct address is Bitstamp.net

[1714095670]

1714095670

[Stephen Gornick]

Excellent work.

I wasn't sure on the amount for the claim of "Fraud from the theft of credit card information and personal identities is in the hundreds of billions of dollars per year".  Sounded a little high (a lot high, actually).

Without researching it properly, I just Googled a little and got this:
 - http://www.forbes.com/sites/haydnshaughnessy/2011/03/24/solving-the-190-billion-annual-fraud-scam-more-on-jumio/

The number is from a study from Lexis-Nexis and the abstract simply says "over $100 billion".

I don't know that study, but another one I had read on chargeback fraud had grossly inflated numbers.  The actual cost of fraud incurred to the typical merchant was a relatively tiny fraction of the reported number.  

What those studies never seem to do is exclude purchases that wouldn't have occurred if there wasn't fraud.

Take a VirWoX for example.  They might see a third of their order volume include fraudulent attempts to buy SLLs (that number is one I just made up).  But that doesn't mean that if fraud was eliminated that any of those attempts would still be made using legitimate payments.   So while there might have been a million dollars worth of fraudulent attempts to purchase SLLs, VirWoX did not in any way lose a million dollars to fraud.  Those purchase attempts just would not have happened.

On the other hand, if you as a merchant aren't worried about a fraudulent chargeback, there are certain efficiencies that can occur as a result.  Just think of all the software written to do address verification for orders, for example.

With bitcoin:

 - If the customer wants to have the bill-to be in one country but ship-to another?  Go ahead, let them!
 - The customer wants to ship the package to a residential address (where it just gets left at the doorway)?  Go ahead, let them!
 - Customer wants to purchase but doesn't have their ID on them?  Go ahead, sell to them!
 - Need a DVR system and camera above each cashier lane so that you have photo evidence to help pursue fraudsters abusing the vulnerable credit card charge system?   Forget it, those cameras won't be necessary.

It is the costs of all these that add to Bitcoin's advantage over a reversible payment system.  

[cypherdoc]

nice work Erik.  much better written than the last one.

one note of concern.  you advertised your own site Feedzebirds within the document which i wouldn't have done in general.  but if you're going to do that you should at least put in a disclaimer.

[Stephen Gornick]

This sentence was kind of awkward.

Thus, a merchant can see profits increase by 100% when customers pay with Bitcoin (if they had a 3% profit margin, and then saved an additional 3% from the lack of Bitcoin fees, their profit margin has doubled, even before accounting for the zero chargeback risk savings).

Could it be revised to be more readable?

[Update: If this were given a Creative Commons license and then added to the wiki I think it would get revised into an even better piece.]

[Piper67]

Reading through the other thread, I doubt mcorlett understands the requirements, and limitations, of the 51% attack.

If you think I am at fault, please feel free to point out specifically what you're referring to. It's hard to respond when you don't know what someone is talking about.

Giving you the benefit of the doubt, and assuming you're truly concerned about the possibility of a 51% attack resulting in someone's ability to take back a specific transaction, please read through this thread:

https://bitcointalk.org/index.php?topic=52388.0

tl;dr: The cost of a 51% attack for a single transaction is prohibitive.

[mcorlett]

tl;dr: The cost of a 51% attack for a single transaction is prohibitive.

So we should completely disregard this when introducing new merchants and users to Bitcoin, rather than state that it is currently extremely difficult and improbable?

[acoindr]

tl;dr: The cost of a 51% attack for a single transaction is prohibitive.

So we should completely disregard this when introducing new merchants and users to Bitcoin, rather than state that it is currently extremely difficult and improbable?

Sure, put an asterisk on "not reversible" with an explanation for the sake of technical accuracy and completeness.

Edit: but at the same time Bitcoin is also technically experimental software, which is not the kind of software businesses use as a general rule... Do we prominently advertise that? We do want people to use Bitcoin. I guess it depends on your point of view.

The technically inclined can accurately evaluate risks associated with using Bitcoin, but that's the minority.

[mcorlett]

tl;dr: The cost of a 51% attack for a single transaction is prohibitive.

So we should completely disregard this when introducing new merchants and users to Bitcoin, rather than state that it is currently extremely difficult and improbable?

Sure, put an asterisk on "not reversible" with an explanation for the sake of technical accuracy and completeness.

Yes! For example, here's Firefox's "Technical Details" section when viewing an SSL certificate:

Encryption makes it very difficult for unauthorized people to view information traveling between computers. It is therefore very unlikely that anyone read this page as it traveled across the network.

[hazek]

Maybe I'm nitpicking a bit but:

These Users do not necessarily "use" Bitcoin for anything beyond merely taking possession of it and storing it for some period of time

I'd change this to:

These Users do not necessarily "use" Bitcoin for anything beyond merely taking possession of bitcoins and storing them for some period of time

to makes it clear what 'it' refers to. You can't take possesssion of Bitcoin and store it..

[Stephen Gornick]

tl;dr: The cost of a 51% attack for a single transaction is prohibitive.

So we should completely disregard this when introducing new merchants and users to Bitcoin, rather than state that it is currently extremely difficult and improbable?

A merchant doesn't have to worry about a double spend occurring as the result of a 51% attack (should that ever successfully occur), unless the attacker is specifically targeting that particular merchant with a large double-spend.

People, particularly those in business who manage money, know to weigh risk.

A merchant starting out using bitcoin might have 2% or 0.005% or whatever of its sales come from bitcoin transactions.  Thus, no -- the low risk  possibility of a 51% attack (i.e., has never happened in bitcoin's history) is not material to that merchant. (i.e., coherently weighing the risk, the rational merchant wouldn't change her mind after being informed of the risks associated with the 51% attack.)  

And please, ... let's consider how things work in the real world.  Merchants don't do business anonymously.  They know who their customer is.  Any transaction that is large enough to harm the company if there is a payment problem will probably have been been reviewed at multiple levels.  

When bitcoin starts to become a bigger percent of the business' income, that is when they might wish to weigh the risk that you describe.   This might include per-account caps, a pre-payment requirement.   Or simply, if there is any significant risk perceived they can simply choose to not accept bitcoins for the transaction.

But for a document that explains Bitcoin to someone who sells widgets online, ... no caution about a 51% attack would need to be raised, I wouldn't think.

[mcorlett]

A merchant doesn't have to worry about a double spend occurring as the result of a 51% attack (should that ever successfully occur), unless the attacker is specifically targeting that particular merchant with a large double-spend.

Should such an attack ever happen, I would think the attacker would try to recoup as much of their investment as possible by attacking as many merchants as possible, rather than targeting one specific merchant.

People, particularly those in business who manage money, know to weigh risk.

"...so let's not include it in this business primer, not even in the section titled 'Risks'"?

A merchant starting out using bitcoin might have 2% or 0.005% or whatever of its sales come from bitcoin transactions.  Thus, no -- the low risk  possibility of a 51% attack (i.e., has never happened in bitcoin's history) is not material to that merchant. (i.e., coherently weighing the risk, the rational merchant wouldn't change her mind after being informed of the risks associated with the 51% attack.)

1) Risk has nothing to do with precedent.
2) "Oh, they won't change their mind anyway, so let's skip this little detail right here and insert this little factually incorrect statement over there..."

And please, ... let's consider how things work in the real world.  Merchants don't do business anonymously.  They know who their customer is.  Any transaction that is large enough to harm the company if there is a payment problem will probably have been been reviewed at multiple levels.

"Even if it happens, it'll be a small transaction, so they won't lose that much money. Let's not mention the possibility of it happening."

[jgarzik]

A merchant starting out using bitcoin might have 2% or 0.005% or whatever of its sales come from bitcoin transactions.  Thus, no -- the low risk  possibility of a 51% attack (i.e., has never happened in bitcoin's history) is not material to that merchant. (i.e., coherently weighing the risk, the rational merchant wouldn't change her mind after being informed of the risks associated with the 51% attack.)

1) Risk has nothing to do with precedent.
2) "Oh, they won't change their mind anyway, so let's skip this little detail right here and insert this little factually incorrect statement over there..."

And please, ... let's consider how things work in the real world.  Merchants don't do business anonymously.  They know who their customer is.  Any transaction that is large enough to harm the company if there is a payment problem will probably have been been reviewed at multiple levels.

"Even if it happens, it'll be a small transaction, so they won't lose that much money. Let's not mention the possibility of it happening."

The standard recommendations for all bitcoin users includes waiting for 6 confirmations, before spending your coins.  This is why a transaction appears as "unconfirmed" in the original Satoshi client until such time.

One presumes a merchant will follow the standard recommendations, unless they have a specific reason to increase their risk by accepting fewer confirmations.

The chance of a 51% attack reversing your confirmed transactions is astronomically low.

[dooglus]

quick clarification: HTML is not a protocol

... and neither is VoIP.

[dooglus]

2) "Oh, they won't change their mind anyway, so let's skip this little detail right here and insert this little factually incorrect statement over there..."

See also http://evoorhees.blogspot.ca/2012/04/bitcoin-libertarian-introduction.html:

You only need to back up the wallet file once at the beginning (you don't need to do it every day or week, etc)

I'd much rather see true statements than comfortable ones when having to chose between the two.

[evoorhees]

Quick note as I've gotten some PM's on this:  I wrote this Primer so that it could be used, referenced, republished, edited, etc in any way for any purpose. No permission is needed by me to copy/edit/redistribute.  I'd like to be credited if it's used somewhere, but even if that doesn't occur it's no biggie.

It is published under Erik's "Do What You Wish License"

[mcorlett]

2) "Oh, they won't change their mind anyway, so let's skip this little detail right here and insert this little factually incorrect statement over there..."

See also http://evoorhees.blogspot.ca/2012/04/bitcoin-libertarian-introduction.html:

You only need to back up the wallet file once at the beginning (you don't need to do it every day or week, etc)

I'd much rather see true statements than comfortable ones when having to chose between the two.

Yep, this was pointed out, but Mr. Vorhees' response was that most users probably wouldn't reach more than 100 transactions(!). Other editorial mistakes were pointed out and fixed in a matter of hours.

I'm yet again very disappointed. You would expect an accurate and fair representation of the topic, not some pro-Bitcoin propaganda ad.

[jgarzik]

2) "Oh, they won't change their mind anyway, so let's skip this little detail right here and insert this little factually incorrect statement over there..."

See also http://evoorhees.blogspot.ca/2012/04/bitcoin-libertarian-introduction.html:

You only need to back up the wallet file once at the beginning (you don't need to do it every day or week, etc)

I'd much rather see true statements than comfortable ones when having to chose between the two.

I agree, the above needs changing.

The size of the pool of reserved keys -- the keypool -- is 100.  By default, you absolutely must backup every 100 transactions, or risk opening a window in your backups where keys may be missing.  A wise person backs up much more frequently than that, say every 25 transactions or so.

However, it is standard practice to increase the keypool size to 1,000 or 10,000 ("-keypool=10000").  Merchants would definitely want to do this.

[mobile4ever]

The article talked about

"Because the currency units themselves are stored on a physical device (whether one's home computer, phone, or on a cloud-based webservice), the security of that physical device must be ensured."


This is an upcoming problem, now that mobile devices are gaining in popularity. Plus, that tablet company (What is their name?) in China that is installing BTC software on all their devices is going to give a lot of publicity to BTC in an area of the world where money is regulated heavily. I would not put it past the Chinese government to try and put a stop to BTC.

Plus:


Firefox and Telefoníca have gotten together to make "Boot2Gecko".

Its a mobile browser that is purely open source that I think will give other mobile operating systems a run for their money. But... it is not going to be secure for quite a while.


Link:

http://techcrunch.com/2012/07/02/mozillas-boot-to-gecko-becomes-firefox-os-scores-support-from-sprint-deutsche-telekom-zte-and-more/


Boot2Gecko is renamed:

http://www.wired.com/gadgetlab/2012/07/mozilla-dumps-boot2gecko-name-firefox-os-tktktk/

[MoreCowbell]

The comparison to email and VOIP was priceless.  That should help a lot of people understand the technological breakthrough that is happening. It might even help convince some of the "gold bug" types that think it isn't worth anything if you can't hold it in your hand.

Enter constructive criticism.  From the primer:

Because the currency units themselves are stored on a physical device (whether one's home computer, phone, or on a cloud-based webservice)...

The "wallet" name rears its ugly head again, although in a roundabout way.  Aren't we talking about the "keys" needed to access a user's balance here?  The currency units are actually stored in the blockchain.  I know this is a small difference, and no doubt many believe it is better for general users to just "black-box it," but I think an accurate explanation will help even novice users. 

Example:  If they think they are storing the actual bitcoins on their computer or phone, users are less likely to grasp the value of backing up their wallet file (you can't backup a real wallet or physical currency).  If it is conveyed that their bitcoins are on the internet, and only their keys/passwords are local, they they might more readily take to the backup concept, and end up with a better overall grasp of bitcoin too!

[Ichthyo]

I'm yet again very disappointed. You would expect an accurate and fair representation of the topic, not some pro-Bitcoin propaganda ad.

It looks like you misunderstood the intent of this writing.
The article wants to "sell" the Bitcoin idea to business people.

Nitpicking on technical details won't help with that goal -- this is a typical geek's mistake.

For example: does the article even mention mining?
No (and IMHO it was a tactically clever decision to leave that out)
 -- so what would be the point of explaining a 51% attac??