Re: Bitcoin v0.1 released
Hal Finney wrote: > > * Spammer botnets could burn through pay-per-send email filters > > trivially > If POW tokens do become useful, and especially if they become money, > machines will no longer sit idle. Users will expect their computers to > be earning them money (assuming the reward is greater than the cost to > operate). A computer whose earnings are being stolen by a botnet will > be more noticeable to its owner than is the case today, hence we might > expect that in that world, users will work harder to maintain their > computers and clean them of botnet infestations. Another factor that would mitigate spam if POW tokens have value: there would be a profit motive for people to set up massive quantities of fake e-mail accounts to harvest POW tokens from spam. They'd essentially be reverse-spamming the spammers with automated mailboxes that collect their POW and don't read the message. The ratio of fake mailboxes to real people could become too high for spam to be cost effective. The process has the potential to establish the POW token's value in the first place, since spammers that don't have a botnet could buy tokens from harvesters. While the buying back would temporarily let more spam through, it would only hasten the self-defeating cycle leading to too many harvesters exploiting the spammers. Interestingly, one of the e-gold systems already has a form of spam called "dusting". Spammers send a tiny amount of gold dust in order to put a spam message in the transaction's comment field. If the system let users configure the minimum payment they're willing to receive, or at least the minimum that can have a message with it, users could set how much they're willing to get paid to receive spam. Satoshi Nakamoto - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: Bitcoin v0.1 released
Bill Frantz writes: -+- | Some people tell me that the 0wned machines are among the most | secure on the network because botnet operators work hard to | keep others from compromising "their" machines. I could see the | operators moving toward being legitimate security firms, | protecting computers against compromise in exchange for some of | the proof of work (POW) money. I'm one of those people. Quoting from my speech of 1/20: > Virus attacks have, of course, become rarer over time, which is > to say that where infectious agents once ruled, today it is > parasites. Parasites have no reason to kill their hosts -- on > the contrary they want their hosts to survive well enough to > feed the parasite. A parasite will generally not care to be all > that visible, either. The difference between parasitism and > symbiosis can be a close call in some settings, and of the folks > who famously bragged of being able to take the Internet down in > twenty minutes, one has said that a computer may be better > managed once it is in a botnet than before since the bot-master > will be serious about closing the machine up tight against > further penetration and similarly serious about patch > management. Therefore, since one can then say that both the > machine's nominal owner and the bot master are mutually helped, > what we see is evolution from parasite to symbiont in action. > According to Margulis and Sagan, "Life did not take over the > globe by combat, but by networking." On this basis and others, > bot-nets are a life form. Rest of text upon request. Incidentally, I *highly* recommend Daniel Suarez's _Daemon_; trust me as to its relevance. Try this for a non-fiction taste: http://fora.tv/2008/08/08/Daniel_Suarez_Daemon_Bot-Mediated_Reality --dan - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: Bitcoin v0.1 released
h...@finney.org ("Hal Finney") on Saturday, January 24, 2009 wrote: >Countermeasures by botnet operators would include moderating their take, >perhaps only stealing 10% of the productive capacity of invaded computers, >so that their owners would be unlikely to notice. This kind of thinking >quickly degenerates into unreliable speculation, but it points out the >difficulties of analyzing the full ramifications of a world where POW >tokens are valuble. Some people tell me that the 0wned machines are among the most secure on the network because botnet operators work hard to keep others from compromising "their" machines. I could see the operators moving toward being legitimate security firms, protecting computers against compromise in exchange for some of the proof of work (POW) money. Cheers - Bill - Bill Frantz| When it comes to the world | Periwinkle (408)356-8506 | around us, is there any choice | 16345 Englewood Ave www.pwpconsult.com | but to explore? - Lisa Randall | Los Gatos, CA 95032 - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: Bitcoin v0.1 released
Jonathan Thornburg writes: > In the modern world, no major government wants to allow untracable > international financial transactions above some fairly modest size > thresholds. (The usual catch-phrases are things like "laundering > drug money", "tax evasion", and/or "financing terrorist groups".) > To this end, electronic financial transactions are currently monitored > by various governments & their agencies, and any but the smallest of > transactions now come with various ID requirements for the humans > on each end. > > But if each machine in a million-node botnet sends 10 cents to a > randomly chosen machine in another botnet on the other side of the > world, you've just moved $100K, in a way that seems very hard to > trace. To me, this means that no major government is likely to allow > Bitcoin in its present form to operate on a large scale. Certainly a valid point, and one which has been widely discussed in the debates over the years about electronic cash. Bitcoin has a couple of things going for it: one is that it is distributed, with no single point of failure, no "mint", no company with officers that can be subpoenaed and arrested and shut down. It is more like a P2P network, and as we have seen, despite degrees of at least governmental distaste, those are still around. Bitcoin could also conceivably operate in a less anonymous mode, with transfers being linked to individuals, rather than single-use keys. It would still be useful to have a large scale, decentralized electronic payment system. It also might be possible to refactor and restructure Bitcoin to separate out the key new idea, a decentralized, global, irreversible transaction database. Such a functionality might be useful for other purposes. Once it exists, using it to record monetary transfers would be a sort of side effect and might be harder to shut down. > I also worry about other "domestic" ways nasty people could exploit > a widespread Bitcoin deployment: > * Spammer botnets could burn through pay-per-send email filters > trivially (as usual, the costs would fall on people other than the > botnet herders & spammers). > * If each machine in a botnet sends 1 cent to a herder, that can add > up to a significant amount of money. In other words, Bitcoin would > make botnet herding and the assorted malware industry even more > profitable than it already is. It's important to understand that the proof-of-work (POW) aspect of Bitcoin is primarily oriented around ensuring the soundness of the historical transaction database. Each Bitcoin data block records a set of transactions, and includes a hash collision. Subsequent data blocks have their own transactions, their own collisions, and also chain to all earlier hashes. The result is that once a block is "buried" under enough new blocks, it is essentially certain (given the threat model, namely that attackers cannot muster more than X% of the compute power of legitimate node operators) that old transactions can't be reversed. Creating new coins is indeed currently also being done by POW, but I think that is seen as a temporary expedient, and in fact the current software phases that out over several years. Hence worries about botnets being able to manufacture large quantities of POW tokens are only a temporary concern, in the context of Bitcoin. There have been a number of discussions in the past about POW tokens as anti spam measures, given the botnet threat. References are available from "Proof-of-work system" on Wikipedia. Analyses have yielded mixed results, depending on the assumptions and system design. If POW tokens do become useful, and especially if they become money, machines will no longer sit idle. Users will expect their computers to be earning them money (assuming the reward is greater than the cost to operate). A computer whose earnings are being stolen by a botnet will be more noticeable to its owner than is the case today, hence we might expect that in that world, users will work harder to maintain their computers and clean them of botnet infestations. Countermeasures by botnet operators would include moderating their take, perhaps only stealing 10% of the productive capacity of invaded computers, so that their owners would be unlikely to notice. This kind of thinking quickly degenerates into unreliable speculation, but it points out the difficulties of analyzing the full ramifications of a world where POW tokens are valuble. Hal Finney - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: Bitcoin v0.1 released
On Sat, 17 Jan 2009, Satoshi Nakamoto wrote: [[various possible uses of Bitcoin et al]] > Once it gets bootstrapped, there are so many > applications if you could effortlessly pay a few cents to a > website as easily as dropping coins in a vending machine. In the modern world, no major government wants to allow untracable international financial transactions above some fairly modest size thresholds. (The usual catch-phrases are things like "laundering drug money", "tax evasion", and/or "financing terrorist groups".) To this end, electronic financial transactions are currently monitored by various governments & their agencies, and any but the smallest of transactions now come with various ID requirements for the humans on each end. But if each machine in a million-node botnet sends 10 cents to a randomly chosen machine in another botnet on the other side of the world, you've just moved $100K, in a way that seems very hard to trace. To me, this means that no major government is likely to allow Bitcoin in its present form to operate on a large scale. I also worry about other "domestic" ways nasty people could exploit a widespread Bitcoin deployment: * Spammer botnets could burn through pay-per-send email filters trivially (as usual, the costs would fall on people other than the botnet herders & spammers). * If each machine in a botnet sends 1 cent to a herder, that can add up to a significant amount of money. In other words, Bitcoin would make botnet herding and the assorted malware industry even more profitable than it already is. Is there something obvious I've missed? Is there a clever aspect of the design which prevents botnets from exploiting the system? Is there a way for every major government to monitor all Bitcoin transactions to watch for botnet-to-botnet sending? -- -- From: "Jonathan Thornburg [remove -animal to reply]" Dept of Astronomy, Indiana University, Bloomington, Indiana, USA "Washing one's hands of the conflict between the powerful and the powerless means to side with the powerful, not to be neutral." -- quote by Freire / poster by Oxfam - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: Bitcoin v0.1 released
> Dustin D. Trammell wrote: > > Satoshi Nakamoto wrote: > > You know, I think there were a lot more people interested in the 90's, > > but after more than a decade of failed Trusted Third Party based systems > > (Digicash, etc), they see it as a lost cause. I hope they can make the > > distinction that this is the first time I know of that we're trying a > > non-trust-based system. > > Yea, that was the primary feature that caught my eye. The real trick > will be to get people to actually value the BitCoins so that they become > currency. I would be surprised if 10 years from now we're not using electronic currency in some way, now that we know a way to do it that won't inevitably get dumbed down when the trusted third party gets cold feet. It could get started in a narrow niche like reward points, donation tokens, currency for a game or micropayments for adult sites. Initially it can be used in proof-of-work applications for services that could almost be free but not quite. It can already be used for pay-to-send e-mail. The send dialog is resizeable and you can enter as long of a message as you like. It's sent directly when it connects. The recipient doubleclicks on the transaction to see the full message. If someone famous is getting more e-mail than they can read, but would still like to have a way for fans to contact them, they could set up Bitcoin and give out the IP address on their website. "Send X bitcoins to my priority hotline at this IP and I'll read the message personally." Subscription sites that need some extra proof-of-work for their free trial so it doesn't cannibalize subscriptions could charge bitcoins for the trial. It might make sense just to get some in case it catches on. If enough people think the same way, that becomes a self fulfilling prophecy. Once it gets bootstrapped, there are so many applications if you could effortlessly pay a few cents to a website as easily as dropping coins in a vending machine. Satoshi Nakamoto http://www.bitcoin.org - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: Bitcoin v0.1 released
Satoshi Nakamoto writes: > Announcing the first release of Bitcoin, a new electronic cash > system that uses a peer-to-peer network to prevent double-spending. > It's completely decentralized with no server or central authority. > > See bitcoin.org for screenshots. > > Download link: > http://downloads.sourceforge.net/bitcoin/bitcoin-0.1.0.rar Congratulations to Satoshi on this first alpha release. I am looking forward to trying it out. > Total circulation will be 21,000,000 coins. It'll be distributed > to network nodes when they make blocks, with the amount cut in half > every 4 years. > > first 4 years: 10,500,000 coins > next 4 years: 5,250,000 coins > next 4 years: 2,625,000 coins > next 4 years: 1,312,500 coins > etc... It's interesting that the system can be configured to only allow a certain maximum number of coins ever to be generated. I guess the idea is that the amount of work needed to generate a new coin will become more difficult as time goes on. One immediate problem with any new currency is how to value it. Even ignoring the practical problem that virtually no one will accept it at first, there is still a difficulty in coming up with a reasonable argument in favor of a particular non-zero value for the coins. As an amusing thought experiment, imagine that Bitcoin is successful and becomes the dominant payment system in use throughout the world. Then the total value of the currency should be equal to the total value of all the wealth in the world. Current estimates of total worldwide household wealth that I have found range from $100 trillion to $300 trillion. With 20 million coins, that gives each coin a value of about $10 million. So the possibility of generating coins today with a few cents of compute time may be quite a good bet, with a payoff of something like 100 million to 1! Even if the odds of Bitcoin succeeding to this degree are slim, are they really 100 million to one against? Something to think about... Hal - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com