Author [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] Topic: How to Maintain Privacy with BitShares  (Read 612 times)

Online Thom

How to Maintain Privacy with BitShares
« on: January 11, 2015, 06:34:32 AM »

I just read this entry and have some concerns.

You start the piece by stating "privacy is difficult to gain, easy to loose, and impossible to restore", and you end with a statement that throws TITAN out the window by default and suggests maintaining privacy can be done later. These are highly contradictory statements.

Moreover, it concerns me greatly b/c I see this as a potential compromise of the principle of privacy you put much effort to build into BitShares through TITAN.

You state "the market has spoken" in favor of ease of use over privacy as justification for your move away from strong measures to insure privacy. I've also asked you about this on mumble as it relates to voting. In light of this blog post I can't say the answers you provided about vote identity registrars give me much confidence about BitShares protecting my privacy.

As you said,  "privacy is difficult to gain, easy to loose, and impossible to restore", and although I don't have "problems" I'm trying to cover up I still value my privacy and do not wish to relinquish it just b/c the majority consensus puts little value in it. Once lost IMPOSSIBLE to restore is a catastrophic failure.

Something of this magnitude needs to be put before the shareholders in the form of a formal vote IMO. Although I may not have any risk exposure, that may not be true of all shareholders. I'd hate to think the decision to "opt-in" to TITAN by default would be the equivalent to the 911 ambulance call you made an example of in this blog post.

I understand the pressure to conform & to accelerate delivery of the new client. But as you also said elsewhere, "If we are to create a libertarian utopia it must be engineered from the ground up to comply with a set of universal principles without compromise". This sounds like a high order compromise to me.
Injustice anywhere is a threat to justice everywhere - MLK |  Verbaltech Team Witness Proposal: https://bitsharestalk.org/index.php/topic,13837.msg243656.html#msg243656

Offline bytemaster

Re: How to Maintain Privacy with BitShares
« Reply #1 on: January 11, 2015, 03:40:03 PM »
Titan is providing false privacy that is the source of many usability issues.   

I am not compromising on principles, just recognizing the reality.  Privacy is still high on my list of important features. 
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Online Thom

Re: How to Maintain Privacy with BitShares
« Reply #2 on: January 11, 2015, 04:31:13 PM »
Please elaborate. I'm in the middle of writing about titan, actually just finished a section on privacy in the intro of my forthcoming book.

Titan has been implemented since day 1 (at least for BTS/BTSX) and has been discussed at length here on the forum.  I suspect most take it for granted now.

You didn't even address any of the points I raised in the OP.

If there are significant issues with the concept of titan, which essentially amounts to creating a new account address for each transaction, they should be brought out into the full light of day where they may be discussed and we can put our collective mind to bear on finding a solution.

The tradeoffs between privacy / anonymity and identity / reputation should not be dictated, but rather should be given to each user to control as they see fit. Perhaps the registered vs. unregistered account characteristic may be of use as a dividing line. Privacy is important as a foundational principle to protect freedom. Please don't be hypocritical and compromise it.

Making the choice for privacy as an opt-in default is reasonable, as long as all the tradeoffs are fully disclosed AND you don't carve off huge portions of the ecosystem functionality by choosing to not opt-in.
 
Did you not see the issues on the horizon you elude to when you came up with the titan concept? When did these "false privacy" issues begin to surface on your radar that apparently threaten TITAN's effectiveness or feasibility?

I'm quite disappointed by the lack of depth, both practical as well as philosophical of this blog post. I know you can do better.

---

I feel an apology is in order for the tone of this post. I stand by everything I said but realize it may come off as harsh and highly critical. The reason for the edginess in my tone is that I have grown to trust in the principles you so passionately write about and base BitShares upon, and one of those principles (privacy) appear to me to be on the verge of compromise. We share the same underlying passions for freedom and I'm just pushing back and asking for full disclosure. Others may not care as much about privacy but clearly you do, or you wouldn't have implemented TITAN in the first place. I've got your back Jack on the importance of privacy. How can I help you to maintain it's importance in the face of the problems and pressure that would weaken it's importance or remove user choice about it?
« Last Edit: January 12, 2015, 04:52:10 PM by Thom »
Injustice anywhere is a threat to justice everywhere - MLK |  Verbaltech Team Witness Proposal: https://bitsharestalk.org/index.php/topic,13837.msg243656.html#msg243656

Offline bytemaster

Re: How to Maintain Privacy with BitShares
« Reply #3 on: January 11, 2015, 04:59:45 PM »
We have to balance security and privacy.   Security consists of making sure you do not lose funds.  Privacy with making sure your trades are secret.

The biggest threat to security is actually not being easy to use.   If it is too hard to use then people will make mistakes and lose funds.   Ease of use is also the single biggest barrier to entry.

My original plan for TITAN was to NEVER JOIN coins back together.   This would prevent all linking.   The original voting method was one share, one vote, one delegate which would also minimize the uniqueness of voting. 

I looked at trying to maintain my own privacy and realized it was so difficult at this point in time that for all intents and purposes, there is no privacy today even with titan.

If you are going to keep your privacy with TITAN then that means inconvenience of everyone you pay... they need to support multi-part payments and payments would take hours (or days) to sufficiently spread them out to avoid time linkage. 

So I am not being a hypocrite as you say... I am merely being honest with the state of the technology and prioritizing EASE OF USE so that we can maximize SECURITY while we work on ways to make privacy EASY TO USE.     

If you are silk road, I wouldn't recommend using Bitcoin or BitUSD to accept payment (even with TITAN).    A lot of thought needs to be put into solving this issue.
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Online Thom

Re: How to Maintain Privacy with BitShares
« Reply #4 on: January 11, 2015, 06:17:02 PM »
Thanks for the response Daniel. I totally agree that a balance is required, I just don't think the code should dictate it. The balance should be up to the user. For the record I never said you were being hypocritical, I only admonished you not to be.

There have been numerous posts regarding the usability of the wallet, which reflects how big a challenge it is to get right. I know from my own UI developer experience it is a very subjective problem to solve with lots of input variables and as many opinions about how they all should factor into the equation to produce the implementation.

Quote
My original plan for TITAN was to NEVER JOIN coins back together.

Not sure what that means, but are you saying TITAN is dead and should be removed from the wallet? If not what are it's limitations? Can they be discussed here on a public forum without compromising security?

Quote
The original voting method was one share, one vote, one delegate...

Isn't it still one vote per share? I don't understand the "one delegate" part, how could you have DPoS with only 1 delegate?

Quote
I looked at trying to maintain my own privacy and realized it was so difficult at this point in time that for all intents and purposes, there is no privacy today even with titan.

Interesting. So do you believe Satoshi Yakamoto's anonymity is fictitious? Is that what prompted your investigation into how to protect your privacy? Doesn't it always come down to degrees? If someone is determined enough they usually find a way to circumvent even the strongest security measures. It comes down to whether the cost of doing so is worth it. You could hire an army of spys or cryptologists with massive computational power but why would you?

What degree of privacy were you trying to achieve that you felt was too costly or even impossible to obtain for yourself, and what degree are you seeking through TITAN or in BitShares that would lead you to say there is essentially no privacy even with TITAN? Are you trying to achieve an impossible level of privacy?

Perhaps this does represent a required compromise, but if so you need to take responsibility for that as it factually means what you said in The Golden Principle blog post (last sentence, opening paragraph) is not true or or cannot be achieved.
« Last Edit: January 12, 2015, 04:56:39 PM by Thom »
Injustice anywhere is a threat to justice everywhere - MLK |  Verbaltech Team Witness Proposal: https://bitsharestalk.org/index.php/topic,13837.msg243656.html#msg243656

Offline bytemaster

Re: How to Maintain Privacy with BitShares
« Reply #5 on: January 11, 2015, 06:55:36 PM »
False privacy is more dangerous than no privacy.   Bitshares has and will continue to have the same privacy as bitcoin. 

I am not removing the potential for privacy from the chain. 
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline Akado

  • Hero Member
  • *****
  • Posts: 2743
    • View Profile
  • BTS: akado
Re: How to Maintain Privacy with BitShares
« Reply #6 on: January 11, 2015, 06:58:22 PM »
Apparently the Shadow community appears to have (or so they claim) one of the best or the best method for privacy during transactions. They use a two coin system where each time you convert them, new coins are created/minted

Check 3.3 and 4.
http://shadow.cash/downloads/shadowcash-anon.pdf

btw im not a tech guy so im not sure how thing work in detail, but it's always worth to check it out. Food for thought, maybe it will spark some ideas
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline matt608

  • Hero Member
  • *****
  • Posts: 878
    • View Profile
Re: How to Maintain Privacy with BitShares
« Reply #7 on: January 11, 2015, 07:57:31 PM »

I am merely being honest with the state of the technology and prioritizing EASE OF USE so that we can maximize SECURITY while we work on ways to make privacy EASY TO USE.     


 +5%  Glad to hear ease of use and security is prioritised over privacy, which is worth very little without the first two.

Offline bytemaster

Re: How to Maintain Privacy with BitShares
« Reply #8 on: January 11, 2015, 08:23:27 PM »
Shadow cash sig verify takes 0.5 seconds.  It will need some kind of pow to prevent dos. 
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

38PTSWarrior

  • Guest
Re: How to Maintain Privacy with BitShares
« Reply #9 on: January 11, 2015, 08:25:21 PM »
Good that I am reading here. I realize that things change and that I have to be super careful what I am telling to the people.

Online Thom

Re: How to Maintain Privacy with BitShares
« Reply #10 on: January 11, 2015, 08:57:07 PM »
Good that I am reading here. I realize that things change and that I have to be super careful what I am telling to the people.

That is also one of my concerns. With the way things change around here it's a real challenge to stay accurate!

False privacy is more dangerous than no privacy.   Bitshares has and will continue to have the same privacy as bitcoin. 
.
I am not removing the potential for privacy from the chain. 

Will TITAN be included in the toolkit for the 1.0 release? Will it be included in the next wallet release? The reply I quoted is a bit ambiguous on that issue, especially since bitcoin has nothing like TITAN. And since I specifically discuss TITAN in the section I PM'd you which you said was OK, it's just not clear to me.
« Last Edit: January 11, 2015, 09:04:51 PM by Thom »
Injustice anywhere is a threat to justice everywhere - MLK |  Verbaltech Team Witness Proposal: https://bitsharestalk.org/index.php/topic,13837.msg243656.html#msg243656

Offline bytemaster

Re: How to Maintain Privacy with BitShares
« Reply #11 on: January 12, 2015, 12:37:04 AM »
Light clients will not use stealth addresses.   We will be promoting light clients by default.   

Full clients will assume all other clients are light clients.   

In effect, to make light client support easy and reliable stealth addresses will not be used.

We will still use Transfer Immediately to Any Name, it just will not be invisible. 

We will revisit privacy once the mail system has proven reliable for non-financial transactions.
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Online Thom

Re: How to Maintain Privacy with BitShares
« Reply #12 on: January 12, 2015, 06:07:24 AM »
OK, got it. I see the change from invisible to immediate, to keep the TITAN acronym. I'll change that in the book. Named accounts will become direct aliases for addresses, removing a degree of privacy protection provided by "stealth" addresses. It may not have been impenetrable protection, but there will be no separation now, just like bitcoin.

I can't say I'm very pleased about this, and feel disappointed by the lack of discussion about changing such a long established and ingrained feature, and, your failure to not recognize the ramifications of the original TITAN approach in advance which I see as a setback and a compromise, even if it may only be temporary. OK, you're only human, no disgrace in admitting to mistakes, it's how we learn from them, if we're willing to face them.

This is another example of decision by decree rather than shareholder vote, tho we both know that such a vote if it were taken would lead to the same outcome, so in that regard no harm no foul. I truly hope that soon such issues will be openly discussed and put before the shareholders as a matter of principle and formality. Until then the BitShares project is not walking it's talk IMO.

This illustrates that until code gets smart enough to change itself there will always be humans in the loop deciding what issues are judged to be worthy of shareholder involvement, and those humans are the weak link in any decentralization scheme. I don't see how that will change without following a very strict and detailed process where even small decisions are put before the shareholders to vote on. That sure sounds a lot like politics to me, so I am doubtful any human process wouldn't end up under the thumb of politicians who have CS degrees instead of law degrees.

All that said, I will accept your perspective as more informed than mine regarding the technical considerations, and will chalk this up to BitShares just not quite fully mature yet and this is part of that process.

I still have a tremendous level of respect for you Dan. My disappointment is my own issue to deal with.

Thanks for the info you provided on the changes coming to TITAN.
Injustice anywhere is a threat to justice everywhere - MLK |  Verbaltech Team Witness Proposal: https://bitsharestalk.org/index.php/topic,13837.msg243656.html#msg243656

Offline blahblah7up

  • Full Member
  • ***
  • Posts: 151
    • View Profile
Re: How to Maintain Privacy with BitShares
« Reply #13 on: January 12, 2015, 01:14:15 PM »
This technology might offer some ideas for solutions?

https://en.wikipedia.org/wiki/I2P

Offline Gentso1

Re: How to Maintain Privacy with BitShares
« Reply #14 on: January 12, 2015, 01:22:05 PM »
Apparently the Shadow community appears to have (or so they claim) one of the best or the best method for privacy during transactions. They use a two coin system where each time you convert them, new coins are created/minted

Check 3.3 and 4.
http://shadow.cash/downloads/shadowcash-anon.pdf

btw im not a tech guy so im not sure how thing work in detail, but it's always worth to check it out. Food for thought, maybe it will spark some ideas

This may be a overly simple solution but what if we had a mixing delegate.

user A sends tainted bts to mixing delegate. mixing delegate B creates a new registered account with the newly minted coins and sends newly minted coins to said registered account. Delegate keeps tainted coins and a small fee. Delegate B then sends user A a pgp message of his new account with new coins.

Or even simpler, a user wanting to mix his coins should just send them to a exchange with high volume and convert to a few different alts and finally back to bts, thus receiving different coins then he had from the start. 

 

Google+