What's wrong with Bitcoin?

[rezin777]

unjustified inferences that CS is a student are unhelpful, and who cares if he is anyway?

Do you mean unhelpful in the same way that CS unjustly infers that the bitcoin forum users are extreme anarchists and pro-"assassination markets" in 5.b? If you are going to chide one, it would benefit your argument to chide the other. Yet, you don't. You link his posts throughout the forums here without a mention of this.

b. More obviously, the official forum is filled with disturbing and juvenile, extreme anarchism. Comments like "I reject all systems of human morality and law" are common. Uses of Bitcoin to encourage trading in illegal goods and services are routine; even "assassination markets" are encouraged.

[1714696866]

1714696866

[1714696866]

1714696866

[1714696866]

1714696866

[unk]

i don't agree with everything he (or she) says, but it was the first smart critical commentary i saw about bitcoin, and there's a lot in it that's correct and very important. he directly shows a flaw in the logic of satoshi's original bitcoin paper's threat analysis, and nobody has yet addressed the flaw, which may be impossible to address. you don't think that's important?

benjamin's argument was 'i bet this anonymous critic is a student or out-of-work person and thus we shouldn't listen to his or her'. that's manifestly silly, and very different from considering the community of early adopters as an asset or liability for a fledgling technology.

and the assassination-market stuff doesn't seem like a guess. i recall whole multi-page discussions myself on the matter, with many people voicing support. it may be useful to disaggregate 'support': maybe some people don't 'want' such markets, but they use the possibility to try to promote the value of a bitcoin in the current block chain. a member called dacoinminster has done that tirelessly for some time now, for example.

[matonis]

most of what he has been saying around the web is accurate and interesting, and those of you with the angry tirades are dismissing him and ben laurie way too easily.

unk, woooaaaa, you're the one that needs to take a chill pill. Most of the people on this forum are not dismissing CS and Ben Laurie. It's just that most of their criticisms have already been refuted and they are the ones that did not expend the energy to properly research the arguments that they were jumping into.

if we prevent ourselves from learning from anyone with real experience in these matters, it's our loss.

These same discussions have been going on for over a year.  It says a lot about a cryptographer's relevance if they are just now discovering bitcoin!

See my initial reply to Ben at my blog (link below).  I can happily say that Ben did not delete my comment so I am glad for that. The cryptographers mailing list thread from 2008 is where Satoshi vetted his approach and his protocol with fellow cryptographers (link to that exchange is also on my Ben Laurie blog post http://themonetaryfuture.blogspot.com/2011/05/ben-laurie-blathering-on-bitcoin.html ).  Come on, please don't cater to Ben.  Just because he's late is not what makes him wrong, but he is far from objective.  First of all, he designed a brilliant, albeit centralised, system and he has periodically dismissed the 'proof of work' concept, so a bitcoin recognition from him now would essentially invalidate 10+ years of his own work. You just have to see it for what it is.

[unk]

do you have any idea who ben laurie is? he wrote a good chunk of the cryptography software that the public uses every day in its ordinary work. i doubt he has much personal stake in seeing a technology that happens not to use one of his ideas fail. to suggest that is just casual bullying; it's armchair psychology at its worst, and it's very immature.

there's an ongoing, remarkable lack of perspective in this forum. why haven't people heard about bitcoin? because it was a tiny project that wasn't in the news. it's still a very small project. nobody on any mailing list has the time to follow up on all projects. it's almost impossible to stay current. to say that a cryptographer who didn't use bitcoin in 2010 is irrelevant is like saying that a media expert who didn't use facebook in 2003 is irrelevant.

and my point is that CS and laurie are pointing out new criticisms, and they have not yet been addressed. a repeated error in this forum is to assume that all criticisms are old. maybe it's because so many criticisms of bitcoin are bad that people assume all of them are going to be bad, but that's a poor way to think and argue. it's like people's rhetorical techniques were trained upon teaching bitcoin to incompetent newbies on a forum, and they adapt poorly to responding to serious criticism.

related to 'lack of perspective', many of you seem to have lost track of how fringe the political and economic ideas on which you base your reasoning are. pretty much all mainstream economists regard the austrian school's assumptions and normative propositions as silly at best, and saying 'but mainstream economists have a vested interest in preserving the status quo because they leech off the teat of the state' is not a very persuasive response to that. it is the austrians who are more or less irrelevant and behind the times, and bitcoin could grow ten times and still not suggest otherwise.

[rezin777]

i don't agree with everything he (or she) says, but it was the first smart critical commentary i saw about bitcoin, and there's a lot in it that's correct and very important. he directly shows a flaw in the logic of satoshi's original bitcoin paper's threat analysis, and nobody has yet addressed the flaw, which may be impossible to address. you don't think that's important?

I do think it's important to discuss. I also think if you are serious about discussing the technical nature of Bitcoin, you would avoid the silly forum politics that people like me tend to get involved in. The fact that he does include it leads me to believe he is more interested in discrediting Bitcoin, for whatever reason, instead of actually discussing the technical merits of the project with those capable of doing so.

[Mike Hearn]

Hmm, as I got called out in this post I guess I should respond to (parts of) it.

1. Most of the exchanges between Bitcoin and other currencies are illegal or, at the very least, unlicensed and illegitimate.

I disagree. Whilst "most" might be in some technical sense accurate as there are quite a few tiny or abandoned exchanges, the big ones at least try to be legitimate. MtGox is run by Tibanne Co, Ltd which is a trading firm registered in Japan. They limit withdrawls to $1000 per day and if you go through the US KYC requirements they can lift it higher.

However whilst it doesn't address your point, I think it's worth noting that the laws around money laundering and movement of money are generally:

a) Very new
b) Very vaguely written

A lot of them have been driven by the US PATRIOT act. For example the US Govt requires submission of transactions that are merely "suspicious" without clearly defining what that means. Likewise the $1000 per day limit includes rules against "structuring", ie, trying to avoid hitting the limit by breaking things up. Again, very poorly defined.

As a result whether any given exchange is in compliance with the law isn't something that can really be decided in a web forum. The relevant regulations are just way too open to interpretation. It's quite possible to get legal advice saying you are in compliance and then be found to not be. A few high profile prosecutions for "money laundering" were in fact against people who did not obtain money from criminal proceedings but rather just failed to follow the new legal regimes aggressively enough.

I think the current state of money laundering legislation is quite concerning to anyone who looks at it closely. Indeed the Economist called time on these post-9/11 systems more than 5 years ago:

  http://www.economist.com/node/5053373

A simple example of why money laundering is not like other crimes: the relevant police authorities refuse to even guess at how much takes place. A crime that cannot be measured is certainly unusual.

3. The Bitcoin protocol itself is not robust against denial-of-service and other attacks ...... (snip) ...... Indeed, the Google employee who (in a personal capacity) wrote a Java version of part of the Bitcoin client has recognized publicly that any sophisticated analyst could shut down Bitcoin at will, and he explicitly opposed calls for tests of the system's security by the general public.

Please don't twist what I've said like that, it's not polite. I did not and do not oppose tests of the systems security in a controlled environment or on the testnet. "Tests" that take place on the production network are not helpful for obvious reasons. This is normal - I've yet to encounter an organization which deliberately attempts to take their own networks offline in ways that could impact customers. These tests are usually performed on sandbox environments.

With regards to the DoS potential in general, I think you're over-dramatizing things. Bitcoin nodes are susceptible to DoS attacks mounted by sophisticated attackers just like:

• Web servers
• Chat networks
• Cell phone towers
• Power grids

... etc. I think you get the point. Many systems people rely on every day can be damaged or taken offline completely by sophisticated attackers, who have a deep understand of how those systems work.

If TX floods against nodes actually start occurring in practice then the software will be improved to automatically detect and block them, just like websites can detect and block DoS attacks today. How sophisticated these mitigation measures become really depends on how sophisticated the attacks themselves become. As taking a single node offline doesn't achieve much and attacking the entire network requires some fairly decent skill the DoS attacks we've seen today are mostly against more traditional targets, where there's a clear business case (eg DoSing MtGox).

4. Given that technological attacks are possible, a corollary is that economic attacks in the style of securities fraud are possible as well.

If somebody wanted to short Bitcoin in any significant amount they would probably be traceable in the same ways any other type of securities fraud can be. At some point they have to cash out, right?

Perhaps of note: those who are leading the ongoing "development" of Bitcoin are little different; they are not sophisticated or creative technological thinkers, and they struggle even with the details of the present protocol. What this means for an investor is that Bitcoin is not practically resilient even to those attacks to which it might respond in theory, such as a compromise of the hash function it mainly uses

The fact that you're even talking about a compromise of SHA256 weakens your credibility significantly, and insulting the present development teams intelligence doesn't help your case either. The protocol is well understood, what is being explored is interesting new applications of the technology.

I have talked about Bitcoin with Yu Sasaki, one of the people responsible for the current best known attack on SHA256. The conclusions of that discussion were quite clear, failure of SHA256 is the least likely problem the project faces by a long, long way.

6. Probably less significantly, but still interestingly, the Bitcoin block chain has now been demonstrated by at least two good analysts to be able to store arbitrary data "steganographically."

Transactions that are not financial in nature can be safely deleted, so if somebody doesn't want to store such data they don't have to.

A final note: there is no such thing as unintentional fraud. I suggest you consult a dictionary. Google helpfully provides a definition:

• Wrongful or criminal deception intended to result in financial or personal gain
• A person or thing intended to deceive others, typically by unjustifiably claiming or being credited with accomplishments or qualities.

Again, please be careful when throwing around such serious accusations about people you do not know.

[matonis]

a repeated error in this forum is to assume that all criticisms are old. maybe it's because so many criticisms of bitcoin are bad that people assume all of them are going to be bad, but that's a poor way to think and argue.

Of course I know who Ben Laurie is...that is why I wrote the reply post to him in the first place. There is a distinct difference between legitimate criticisms (such as what happens to bitcoin because of IRC vulnerability) and mere impetuous back-of-the-envelope attacks. Maybe you should re-state exactly what Ben's new criticisms are, because I'm sure many would be interested in what you think they are.

Regardless of Ben and the others, the fact still remains that today I can digitally transfer $100,000.00 worth of bitcoin value across national/State borders without any reporting requirements, any banks, any identity forms, any Know-Your-Customer rules, and any explanations.  I could not do that prior to a p2p distributed cryptocurrency.  That is the real issue, FYI.  Break it or make it.  Financial privacy restored.

[unk]

mike, with all due respect, i think you're being too harsh in response to the critique.

the overarching point seems to be that many attacks against the technology here can have direct economic effects, given the economic ecosystem of the current block chain. that seems to be a legitimate point. i don't know what you said or what he thinks you said, but the present-day robustness (of, say, the client) against dos attacks is relevant to the speculative soundness of an investment or an economy, and i take that to have been his point.

similarly, i don't read the critique as suggesting a compromise of sha256. he's noticing something i've, too, seen often in the development discussions: a disconnect between the glib claim that the client can be updated in response to any threats and the difficult practicalities of doing that whenever it's contentious. it reflects the centralization that always comes back to haunt distributed technologies. the point seems to be, if there were a compromise or anything else that required a contentious upgrade, the upgrade path is unclear. a member called bytecoin has written up many good thoughts in this regard.

finally, though i don't really have any stake in defending CS's honour, i read the post as not misstating what fraud is. he's more or less saying 'this isn't actually fraud, but it's practically equivalent to fraud and can have many serious negative effects'. that said, google's nonlegal dictionary is not sufficient; fraud does not actually require intent, at least in anglo-american law. it often only requires what lawyers call 'scienter', which in practice often includes recklessness (itself a legal term of art, but much less than 'intent'). in any event, a lot of what i read as promotional literature in the forum does seem to have intent: its goal is to convince people to buy bitcoins in the current block chain.

[unk]

jon, i ought to let these people speak for themselves, but ben's point seems to be about costs. i don't know if it's strictly new, but he articulated it well and seems more receptive than others to the attacks that satoshi's paper too quickly dismisses. his point is that currency doesn't exist without trust and some degree of social consensus, and the level of trust that bitcoin requires already doesn't seem to demand the level of decentralization it applies.

whether people can transfer $100,000 in the way you describe is an open question, particularly because doing it internally to the bitcoin economy may not be suited to their needs. if not, there's volatility, exchange fees, and of course exchange reporting requirements.

it's not like there aren't already ways to transfer $100,000 roughly anonymously. (e.g., cash) the question is whether bitcoin is better than those ways, and 'better' is something that we can analyze in terms of costs and benefits. are you really confident the benefits currently outweigh the costs, putting all ideology and hope aside? are you confident they will in a year? if you actually had a need to transfer $100,000 to me in the uk privately tomorrow, would you practically speaking use bitcoins in the current block chain to do it? i wouldn't.

and most people don't really have needs for extreme self-enforced privacy (rather than law-based privacy), so for them the costs are even more significant. several people in the comments to ben laurie's threads get at this point very well, and i hadn't seen a good emphasis on costs and bundling before his posts (another reason that his blog is a contribution).

[elewton]

I don't think Problem 6 is going to bring down Bitcoin or anything, but it's a very real threat.

The FBI logo or whatever can go through a function with another data input and output CP.  That additional data is effectively the CP.

Someone is going to develop an app that turns the block chain into write-expensive read-free Usenet.  With an innocent, completely legal app.  And some jackass is going to write CP to the BC.
At that point, any police officer who wants to can arrest a miner, confiscate their harddrives and find use the same innocent app to find CP on them.  If the miners knew that this existed and did nothing to remove those transactions, I think things might not go well for them.

This isn't something I want to happen, but it will, so I wonder whether we have a good way to voluntarily remove malicious transactions, and whether the ahving ability to do that is a good idea.

[Mike Hearn]

Maybe so, but this forum isn't a court of law so it's best to communicate in everyday English. I don't think it's a good idea to accuse people of being fraudsters, unless you're able to back that up with something more than opinions.

If SHA256 were to fall the network could be upgraded, assuming there was some credible replacement. What would happen is a new version of the software would be prepared and released with a flag day at which point the block chain changes format. People who don't upgrade would find themselves effectively kicked off the network at that point until they do. A few small, abandoned sites would break as their transactions would never confirm. Everyone who actually cared about their Bitcoin related business would upgrade. It wouldn't be pretty or easy, but we're talking about an extremely unlikely event.

With respect to DoS, it's been raised and discussed many times before. Obviously if you can successfully DoS an entire financial system then it will impact that economy.

I think we just need a bigger/better FAQ. A lot of these issues have been discussed a long time ago but the forum archives are hard to search.

[smooth]

a disconnect between the glib claim that the client can be updated in response to any threats and the difficult practicalities of doing that whenever it's contentious. it reflects the centralization that always comes back to haunt distributed technologies.

Good point and as long as the answer to a question is "we can update the client if we need to" then we are not (yet) dealing with a distributed anything.

Worth keeping mind though that everyone involved recognizes this is a work-in-progress.  Criticism on that basis is constructive.  Criticism that fails to recognize the work-in-progress status of the project is a straw man attack.

[benjamindees]

benjamin's argument was 'i bet this anonymous critic is a student or out-of-work person and thus we shouldn't listen to his or her'. that's manifestly silly, and very different from considering the community of early adopters as an asset or liability for a fledgling technology.

Technically, my argument was "this anonymous critic is a penniless academic and an early adopter of some future centrally-managed pseudo-meritocratic command-economy digital payment system and thus we shouldn't listen to him or her".  But you are right -- whomever created an anonymous account just to smear Bitcoin and it's developers likely actually is a fully-grown adult and not just a student.  Mea culpa.

[rezin777]

Good point and as long as the answer to a question is "we can update the client if we need to" then we are not (yet) dealing with a distributed anything.

Also worth noting that a majority of the network has to agree with the changes in the client and update as well, so it does have a distributed nature regardless. Although, as the network currently stands, as long as a few of the large pool operators update, it is enough.

[smooth]

Good point and as long as the answer to a question is "we can update the client if we need to" then we are not (yet) dealing with a distributed anything.

Also worth noting that a majority of the network has to agree with the changes in the client and update as well, so it does have a distributed nature regardless. Although, as the network currently stands, as long as a few of the large pool operators update, it is enough.

There is a distributed mechanism to block future updates but not to distribute them.  If the bitcoin.org domain name is seized and the main developers arrested or sued or otherwise intimidated, it would be a long time before the majority of the network figured out what to update to, if anything.

These problems are solvable most likely but just saying "we can update the client if we need to" in response to an actual vulnerability is not a long term solution.

[Timo Y]

And some jackass is going to write CP to the BC.

The blockchain genie is out of the bottle.  Soon, block chains aren't going to be used just for virtual curriencies, but in a hundred other applications too.   Distributed naming systems, birth certification, obituaries, legal notices, deadline verification, identity management, and many others we can't even imagine right now.

In fact, block chains are only the beginning. The world will see an abundance of new technologies that will make the following inevitable:

data promiscuity
data ubiquity
data permanence  

Lawrence Lessing argues that the legal system eventually adapts to technological change, not the other way around.

The point is, some jackass isn't just going to write CP to the BC,  Some jackass is going to write CP into RFID-tagged milk cartons in the supermarket. Some jackass is going to write CP into CCTV cameras, and vehicle sensors, and patterns of sand grains.  Some jackass is going to encode leaked state secrets in bacterial and pollen DNA.

One day, we will all be covered in insurance.aes and we are all going to have parrot porn coming out of every orifice.  

The law will change eventually, and it will stop prosecuting people for data "possession", unwitting or otherwise, it will prosecute for data divulgation alone, because,

Common sense revolts at the idea

[Timo Y]

as for the law, the american legal analyses that have been shown to the forum so far do suggest that bitcoin is likely a security, or at least could be.

If you are talking about Reuben Grinberg's paper, it's a good analysis, but his conclusion that Bitcoin could be a security is based on a misconception of the nature of the Bitcoin community/ecosystem.

[wumpus]

The blockchain genie is out of the bottle.  Soon, block chains aren't going to be used just for virtual curriencies, but in a hundred other applications too.  

You are completely right, block/hash chains are useful for everything in which you want to make sure it is not possible to remove or insert intermediate records.

It started with source control. Bitcoin is like 'git for currency'. Except that forking is frowned upon instead of encouraged

[elewton]

All very good points.  I just hope the general public become aware of the unstoppable dissemination of "banned data" before it's used to hit miners over the head.

[gene]

As mentioned above, the OP was copied from "ComputerScientist" from another forum. The "real ComputerScientist" provided a PGP key there against which to verify his/her posts.

I'll only comment on a few specific points.

I don't think anyone can honestly refute his/her accurate characterization of a vocal group within the forum, which is the de facto official forum. This is a serious problem in that this is effectively bitcoin's "public face." And it is ugly. Talent and other important resources are likely being scared off. People like CS who actually take the time to provide lucid critiques of bitcoin ("s" left some time ago, taking his/her rather insightful posts with him/her) are unlikely to bother in this forum. It takes pretty strong will to put up with the constant abuse that even modest criticism provokes (see the typically incoherent "discussion" around the very real problem of mining pools and the Byzantine Generals' problem - lots of people just missing the point). Frankly, the moderators don't give me much confidence in setting the tone required to foster real discussion. This place has been an echo chamber for quite some time.

I am not qualified to comment on his/her characterization of the core developers' technical abilities. However, the unfortunate fact that the lead developer is not overly concerned about the appearance of accepting money from a government agency does not instill confidence.

Basically, the situation is far more stark than all the resident fanbois want to admit. Aside from technical and legal questions around the "exchange," which is almost certainly being manipulated, the network remains alarmingly fragile and highly centralized (despite its oft-touted x terahashes/sec), and serious questions regarding the transition to mining for transactions fees are being deferred. The aforementioned extreme anarcho-capitalist/libertarian ideology is seeping into what should be technical issues. Vocal regulars are far too unrealistic on nearly all aspects of the existing economy, such as it is, or how to go about legitimately enhancing it. There exists an unwavering faith in the "free-market" to automagically answer those questions in the future. Left unchecked, these attitudes are likely to relegate bitcoin to exclusive use by criminals and survivalists.

Is there any hope for someone with resources to set up a mailing list?