BitShares Forum
Main => General Discussion => Topic started by: bytemaster on January 05, 2015, 10:48:32 pm
-
http://bytemaster.bitshares.org/article/2015/01/05/The-Future-of-Crypto-Currency-Exchanges/
Please give the community a chance to review it for grammar prior to posting to reddit. Thanks. I am trying to get this out in a timely manner for the Bitstamp news.
-
Maybe not mention that you had thousands of dollars locked up on Bitstamp? By now you know that trolls will take anything they can get and jump on it.
I will post it in Bitcointalk later, but consider editing that part out before I do that. I can already see them shouting that the founder himself doesn't believe.
(I know its logical to have balance there, just that it leaves an open attack option).
EDIT: Also, can you make BitBTC more prominent in the article? The BTCtalk folks love, well, BTC and making it sound like that BitBTC is simply BTC which facilitates decentralized trading is gonna help. I felt the article was too heavy on USD but merely mentioned BTC.
-
Hold off on posting to reddit until our current front-pager is pushed off!
-
Is there any security benefit for owning BitstampUSD on BitShares rather than the exchange website itself? If so, this should be mentioned.
Also, I think people need to be ready to respond to those attacking the regulatory UIA rules that allow issuers to control all balances. I've already seen people attacking this.
-
http://bytemaster.bitshares.org/article/2015/01/05/The-Future-of-Crypto-Currency-Exchanges/
Please give the community a chance to review it for grammar prior to posting to reddit. Thanks. I am trying to get this out in a timely manner for the Bitstamp news.
Mt. Gox having their (its?) US bank accounts seized.
Bitstamp, had their (its?) hot wallet compromised
Before diving into how crypto currency exchanges will work in the future, lets review how the roles that traditional exchanges perform today (work).
I have thousands of dollars locked up on Bitstamp that are completely inaccessible (now) because their service
If we want to have even the slightest bit of privacy we need to divide the exchange functionality among hundreds of parties whom (who) are unlikely
just like the IOUs that currently exist on the exchanges(') internal databases.
everything but a (an) unfixable software bug
BitShares matures to the level Bitcoin is at today you can (could) expect
to a decentralized, trust-free, (take out this comma) exchange then the remaining
cancel out any extra fees associated in (with?) the BitUSD / GatewayUSD spread.
Users would end up paying a small variable conversion cost as the (they?) exit from BitUSD to fiat USD through GatewayUSD
BitShares will be a fully operation (operational?) exchange with
-
Is there any security benefit for owning BitstampUSD on BitShares rather than the exchange website itself? If so, this should be mentioned.
Also, I think people need to be ready to respond to those attacking the regulatory UIA rules that allow issuers to control all balances. I've already seen people attacking this.
Owning bitstampUSD is just like having USD on their exchange. Currently with no efficient 2 factor authentication or hardware wallets you could argue that it's actually more insecure holding the bitshares IOU than having money on the exchange, so we shouldn't try to mention this, we should just say they are equal.
The real advantage is that you don't need to have cryptocurrency on the exchange. Only crypto is vulnerable to hacking, and fiat has never been never been stolen from an exchange, so fiat IOU's from regulated exchanges can be considered quite safe.
-
I agree about removing the reference to Dan's BitStamp loss. It doesn't add to the discussion and makes Dan look like a victim of the very thing he is cautioning against.
EDITS:
"Before diving into how crypto currency exchanges will work in the future, lets review how the roles that traditional exchanges perform today."
"There is a large time delay associated with moving money into or out of an exchange [ADD COMMA HERE] which means that traders must keep their funds on the exchange. This magnifies the amount of risk to users of the exchange. It also magnifies the risk to all users in the Bitcoin ecosystem. When ever [Whenever] there is a large security breach it results in significant sell pressure from both the thief looking to cash in their loot and from regular users hoping to sell before the thief."
"Bitcoin gives every user one or more account numbers (addresses) [COMMA, and] that give many people a false sense of privacy [security]. " [privacy= they know who you are but not what you are doing]
"Coinbase is already closing accounts based upon who you do business with after withdrawing your Bitcoins." [a link ref would be nice here. I have never heard this allegation before.]
"If we want to have even the slightest bit of privacy we need to divide the exchange functionality among hundreds of parties whom [who] are unlikely to collude to compromise identity. "
"BitShares will be a fully operation[al] exchange with many banking partners and no limits. "
awesome article.
-
I agree about removing the reference to Dan's BitStamp loss. It doesn't add to the discussion and makes Dan look like a victim of the very thing he is cautioning against.
I'm not sure that this is necessary. The current reality is that most of us operate with some crypto or fiat on centralised exchanges from time to time. It's disingenuous to pretend that we don't in the absence of off-ramps that allow for direct conversion of BitShares BitAssets to fiat.
Perhaps the point could be made that when on/off-ramps come online that support BitShares directly and when liquidity improves for BitAssets within BitShares then this need for holding on exchanges will reduce/disappear. In fact I think Dan implicitly does make this point when he talks about exchanges becoming or being replaced by gateways elsewhere in the article. Perhaps there's an argument for making that more explicit at the point where he talks about having funds held up on Bitstamp.
-
Thanks for the grammar check, I believe I have made all recommended fixes.
-
Second paragraph, second line should be withdrawal limits rather than withdraw limits.
This is a really great blog post about our biggest strength. I feel like we have a good shot as branding ourselves as "the decentralized bitcoin exchange". Now we just need monsterers gateway system to come online and then do a video showing off how to use them!
-
Hold off on posting to reddit until our current front-pager is pushed off!
I like this kind of self-responsibility and passion Dear Toast has. Very lucky to have you with us.
-
Great and Timely article.
-
Great post! and nice timing also.
I published it in the Argentina Facebook Group and engaged in some discussions.
I know that the post was mainly to gain attention and to show what Bitshares is ... but if centralized exchanges becomes mere gateways, how we discover the price of BTS?
Inside the bitUSD/BTS book?
-
Great post! and nice timing also.
I published it in the Argentina Facebook Group and engaged in some discussions.
I know that the post was mainly to gain attention and to show what Bitshares is ... but if centralized exchanges becomes mere gateways, how we discover the price of BTS?
Inside the bitUSD/BTC book?
Yes, and then we no longer have to rely on price feeds. All the data we will need will be within the blockchain.
-
you cannot steal IOUs or bitAssets from a gateway because the gateway has "superadmin" powers over their IOUs ON-THE-CHAIN(!!!) and processes the order books to bitassets ... so if someone manages to "steal" IOUs the gateway just freezes them or reverts them but simply does not process orders from that account ... thus the IOUs are stuck and worth nothing ...
furthermore the gateway knows exactly WHO owns HOW many IOUs and is the only instance that can process the orderbook to bitassets .. from that point on it's YOUR job to secure the funds ..
IMHO this is huge and most people don't get it!
-
you cannot steal IOUs or bitAssets from a gateway because the gateway has "superadmin" powers over their IOUs ON-THE-CHAIN(!!!) and processes the order books to bitassets ... so if someone manages to "steal" IOUs the gateway just freezes them or reverts them but simply does not process orders from that account ... thus the IOUs are stuck and worth nothing ...
furthermore the gateway knows exactly WHO owns HOW many IOUs and is the only instance that can process the orderbook to bitassets .. from that point on it's YOUR job to secure the funds ..
IMHO this is huge and most people don't get it!
Can't a gateways "superamin" powers be stolen? Someone hacks the gateway's BTS account and sends themself everyone's IOU, then dumps them on the market and runs off with the loot. Wouldn't it be safter if gateways didn't have superadmin powers, as those powers effecivly mean the IOUs are all held by the issuing gateway which is the same security risk they have today?
-
you cannot steal IOUs or bitAssets from a gateway because the gateway has "superadmin" powers over their IOUs ON-THE-CHAIN(!!!) and processes the order books to bitassets ... so if someone manages to "steal" IOUs the gateway just freezes them or reverts them but simply does not process orders from that account ... thus the IOUs are stuck and worth nothing ...
furthermore the gateway knows exactly WHO owns HOW many IOUs and is the only instance that can process the orderbook to bitassets .. from that point on it's YOUR job to secure the funds ..
IMHO this is huge and most people don't get it!
Can't a gateways "superamin" powers be stolen? Someone hacks the gateway's BTS account and sends themself everyone's IOU, then dumps them on the market and runs off with the loot. Wouldn't it be safter if gateways didn't have superadmin powers, as those powers effecivly mean the IOUs are all held by the issuing gateway which is the same security risk they have today?
The gateway already holds all the real fiat so they already have effective control over the IOU's (they can choose not to honor them at any time). It would be quite easy to have a "failsafe" system in place, so if someone gets control of the issuing key and seizes all funds to their account, then a different server can be ready to freeze the market with another copy of the same key.
The issuing key can't really be used to protect against individual theft though. If someone manages to steal your IOU's you can bet they will dump them on the market for bitassets the very next block. Unless you react within 10 seconds of the theft your money is permanently gone.
-
submitted
http://www.reddit.com/r/Bitcoin/comments/2rir28/the_future_of_crypto_currency_exchanges/
-
It's got to r/Bitcoin front page
-
http://www.reddit.com/r/Bitcoin/comments/2rhxxi/centralized_exchanges_are_spying_on_us_censoring/ (http://www.reddit.com/r/Bitcoin/comments/2rhxxi/centralized_exchanges_are_spying_on_us_censoring/)
please support Rune, Toast, Matt608 etc. with politely commenting on this very popular thread!
-
Wouldn't ATMs help decentralize the whole process? I read this in a post:
"For truly decentralized exchanges with FIAT support we first need Bitcoin ATMs worldwide and then having all the operators install a standarized decentralized exchange software.
All ATMs could be part of a decentralized network which allows people to deposit fiat (would not be viable though for people looking to trade amounts over 10k, like those with tens of thousands, hundreds of thousands or million dollar funds)
Otherwise a decentralized exchange would only work for digital goods/currencies only."
and as a reply
"This. A temporary, but exponential growth in ATMs connected to ONE p2p exchange. Rewards to ATM operators should be considered to aid the operation. Eventually, the masses will adopt Bitcoin this way because of familiarity with the technology. Meeting a stranger in person to exchange Bitcoins is not safe. Going to an ATM is generally safe.
EDIT: For large amounts, it is only a matter of time before the powers that be yield on this rule, then such limits will evaporate."
Would a dac of decentralized ATMs network result? Or could this be one BitShares future steps when it gains more adoption worldwide?
-
Posted at BTCtalk
https://bitcointalk.org/index.php?topic=916323.0
-
So this happened:
http://www.slate.com/blogs/business_insider/2015/01/05/russian_hedge_fund_founder_disappears_with_all_the_firm_s_money.html?wpisrc=obnetwork (http://www.slate.com/blogs/business_insider/2015/01/05/russian_hedge_fund_founder_disappears_with_all_the_firm_s_money.html?wpisrc=obnetwork)
Best to know who really "owns" your wealth.
-
Posted at BTCtalk
https://bitcointalk.org/index.php?topic=916323.0
xeroc (or anybody) can put a version of this comment there?
you cannot steal IOUs or bitAssets from a gateway because the gateway has "superadmin" powers over their IOUs ON-THE-CHAIN(!!!) and processes the order books to bitassets ... so if someone manages to "steal" IOUs the gateway just freezes them or reverts them but simply does not process orders from that account ... thus the IOUs are stuck and worth nothing ...
furthermore the gateway knows exactly WHO owns HOW many IOUs and is the only instance that can process the orderbook to bitassets .. from that point on it's YOUR job to secure the funds ..
IMHO this is huge and most people don't get it!
-
Also, I think people need to be ready to respond to those attacking the regulatory UIA rules that allow issuers to control all balances. I've already seen people attacking this.
This is happening in that reddit thread. Can we come up with ways to deal with this attack? Perhaps with the slant xeroc has?
http://www.reddit.com/r/Bitcoin/comments/2rhxxi/centralized_exchanges_are_spying_on_us_censoring/ (http://www.reddit.com/r/Bitcoin/comments/2rhxxi/centralized_exchanges_are_spying_on_us_censoring/)
please support Rune, Toast, Matt608 etc. with politely commenting on this very popular thread!
-
you cannot steal IOUs or bitAssets from a gateway because the gateway has "superadmin" powers over their IOUs ON-THE-CHAIN(!!!) and processes the order books to bitassets ... so if someone manages to "steal" IOUs the gateway just freezes them or reverts them but simply does not process orders from that account ... thus the IOUs are stuck and worth nothing ...
furthermore the gateway knows exactly WHO owns HOW many IOUs and is the only instance that can process the orderbook to bitassets .. from that point on it's YOUR job to secure the funds ..
IMHO this is huge and most people don't get it!
Can't a gateways "superamin" powers be stolen? Someone hacks the gateway's BTS account and sends themself everyone's IOU, then dumps them on the market and runs off with the loot. Wouldn't it be safter if gateways didn't have superadmin powers, as those powers effecivly mean the IOUs are all held by the issuing gateway which is the same security risk they have today?
The gateway already holds all the real fiat so they already have effective control over the IOU's (they can choose not to honor them at any time). It would be quite easy to have a "failsafe" system in place, so if someone gets control of the issuing key and seizes all funds to their account, then a different server can be ready to freeze the market with another copy of the same key.
The issuing key can't really be used to protect against individual theft though. If someone manages to steal your IOU's you can bet they will dump them on the market for bitassets the very next block. Unless you react within 10 seconds of the theft your money is permanently gone.
IIRC the plan is to not need the issuer/superadming key(s) (also with multi sig) for operational .. so you can put them in coldstorage
//edit: hmm .. rereading BMs post I am not so sure if I am correct with the assumption that the gateway PROCESSES the orderbook... however I think this should and needs to be the case as the trading GATEUSD for bitUSD will change ownership of GATEUSD and as the GATEWAY has to know their shareholders (of GATEUSD) they need control the execution of the order book ...
to me it is currently unclear how the "order book" of gatewayUSD<->bitUSD will work...
@Bytemaster could you please enlighten us here?
edit2:
it seems I have misunderstood the concept. The orderbook is processed by bitshares and not the gateway .. the gateway has to follow the law KYC/AML when doing gatewayUSD<->USD .. and obviously cannot know the all holders of their IOUs (maybe not required, in contrast to stock).
anyway .. the IOUs are OWNED by the users and their private keys and cannot be stolen by a hacker (at least not from a centralized service) ..
trading to bitUSD can be done in the dec. exchange
the amount of IOUs issued should be equal to the amount of USD deposited by costumers .. and should be destroyed on fiat withdrawals ..
that means that the issuer/admin key is required for operational ...
a hacker thus could gain access to that key ... although the key could practically located ANYWHERE and not on a known server/network ...
once a hacker gained access to the issuer key new IOUs could be issued and traded against bitUSD ... that would effectively equal stealing of funds ... although it could go even worse as the IOUs could potentially be created up to the max supply ... so EVEN more IOUs could be dumped than there should be (hacking bitstamp can give you access to all BTC they OWN .. that is different in bitshares) ..
so what we need is a gateway that has issued some IOUs and stores them in a hotwallet .. the issuer key should be stored in coldstorage ..
that way a hacker cannot (easily) gain access to the issuer key but could gain access to the hotwallet ..
THOUGH, still the hotwallet could be managed from ANYWHERE .. (imho that is the only big advantage) .. maybe I am wrong somewhere again ..
-
Issuing new gateway IOUs should require multisig!
-
I wonder why no one shares my concerns :(
-
I wonder why no one shares my concerns :(
We designed it to use multisig. So gateways have the option.