Author Topic: Implement strong privacy measures in BitShares 2.0  (Read 3509 times)

0 Members and 1 Guest are viewing this topic.

Offline BunkerChainLabs-DataSecurityNode

Concerning the lack of activity: I think we're in some sort of a silent period.. I am not quite sure why, maybe after the spring excitement and the huge announcement and partnerships we need to digest it all, and we are in the middle of summer, people are on vacation soaking in the sun, and there's still a good chunk of time before BitShares 2.0 will be out, so everyone is relaxing and taking their time, reviewing the various situations (partners, licensing, workers, bitlicense, referrals, greek deafult,,, three comma club?) wondering about how to play the new opportunities when the time is right. Given the situation we might conclude that the community is expressing a rational mood.

You are right about the seasons.. this happens in everything... its just the time of year really. Watch what happens coming September.. suddenly it's going to seem like a rocket engine got behind bitshares.
+-+-+-+-+-+-+-+-+-+-+
www.Peerplays.com | Decentralized Gaming Built with Graphene - Now with BookiePro and Sweeps!
+-+-+-+-+-+-+-+-+-+-+

Offline CLains

  • Hero Member
  • *****
  • Posts: 2606
    • View Profile
  • BitShares: clains
Concerning the lack of activity: I think we're in some sort of a silent period.. I am not quite sure why, maybe after the spring excitement and the huge announcement and partnerships we need to digest it all, and we are in the middle of summer, people are on vacation soaking in the sun, and there's still a good chunk of time before BitShares 2.0 will be out, so everyone is relaxing and taking their time, reviewing the various situations (partners, licensing, workers, bitlicense, referrals, greek deafult,,, three comma club?) wondering about how to play the new opportunities when the time is right. Given the situation we might conclude that the community is expressing a rational mood.

Offline Permie

  • Hero Member
  • *****
  • Posts: 606
  • BitShares is the mycelium of the financial-earth
    • View Profile
  • BitShares: krimduss
I'm at a loss to explain the poor community engagement on this thread.

Maybe I'm just not eloquent enough. Hopefully it isn't that nobody cares.

Advancing without any sort of privacy means enabling those crooks to easily conduct mass surveillance and economic repression on all of us. Together with the war on consciousness and mass surveillance (of which this behaviour is a subset), economic repression stands to become one of the big issues of our time.

As Hayek properly identified in his 'Road to Serfdom', once the state is able to tell you what you can and cannot buy, they effective have control the populations' life.

I am particularly surprised that BM chose to unilaterally and without warning remove any and all privacy features from 2.0 given his past libertarian writings. The right of the individual to conduct his life free of interference from the state is one of the core foundations of libertarianism (not bashing at you, man, just saying).



It could just be that there is so much going on now that this has been pushed into the background. That I can understand. Getting 2.0 out and as bug-free as possible should definitely be a priority over (re)implementing privacy.

But please, do not completely forget this very important topic. If BitShares is set to become one of the major players in the industry, then going forward without the possibility of privacy is very much akin to Google, as the lead direction of one of the most used browsers, forcing all encryption in the browser to be easily cracked - deliberately weakening the technology so that control freaks can spy on all of us.

To protect us, of course.


Increasingly, we live in times of repression, where far too often little to no added security is traded for losses of civil rights . In my opinion this repression is not conductive to a free society. And I value freedom very highly.

These have no place in a free society:
https://en.wikipedia.org/wiki/Utah_Data_Center
https://en.wikipedia.org/wiki/Mass_surveillance_in_the_United_States
https://en.wikipedia.org/wiki/Boundless_Informant
https://en.wikipedia.org/wiki/XKeyscore
https://en.wikipedia.org/wiki/Room_641A
https://en.wikipedia.org/wiki/Global_surveillance#Financial_payments_monitoring
(and, unfortunately, etc etc etc..)

All of this has to stop.


I love freedom.
I hope you all do too.
Then we could do something about it together.
I'm with you, but privacy is very very very difficult
TITAN, the previous system, may have done more harm than good.
Providing an illusion of privacy may cause individuals to be negligent in how they protect themselves.
Removing TITAN and telling people that they are not yet safe until a successful system can be implemented is the best course of action, IMO.

BM has stated this before and claims to be committed to finding privacy solutions; confidential transactions by veiling the amounts sent is one such solution.

Maybe a UIA could be used as a mixer somehow?
If lots of fake transactions are constantly being made, users can hide their somehow-private transactions amongst the crowd.
A major problem with crypto privacy is that there are so few users at any one time.
If you can see 100bts sent to someone, and there is only one other 100 bts transaction being recieved at that time - then it is painfully obvious who transfered to who. Confidential transactions is one way to solve this problem

http://cointelegraph.com/news/114653/blockstream-creates-confidential-transactions-to-boost-bitcoin-security
JonnyBitcoin votes for liquidity and simplicity. Make him your proxy?
BTSDEX.COM

Offline karnal

  • Hero Member
  • *****
  • Posts: 1068
    • View Profile
I'm at a loss to explain the poor community engagement on this thread.

Maybe I'm just not eloquent enough. Hopefully it isn't that nobody cares.

Advancing without any sort of privacy means enabling those crooks to easily conduct mass surveillance and economic repression on all of us. Together with the war on consciousness and mass surveillance (of which this behaviour is a subset), economic repression stands to become one of the big issues of our time.

As Hayek properly identified in his 'Road to Serfdom', once the state is able to tell you what you can and cannot buy, they effective have control the populations' life.

I am particularly surprised that BM chose to unilaterally and without warning remove any and all privacy features from 2.0 given his past libertarian writings. The right of the individual to conduct his life free of interference from the state is one of the core foundations of libertarianism (not bashing at you, man, just saying).



It could just be that there is so much going on now that this has been pushed into the background. That I can understand. Getting 2.0 out and as bug-free as possible should definitely be a priority over (re)implementing privacy.

But please, do not completely forget this very important topic. If BitShares is set to become one of the major players in the industry, then going forward without the possibility of privacy is very much akin to Google, as the lead direction of one of the most used browsers, forcing all encryption in the browser to be easily cracked - deliberately weakening the technology so that control freaks can spy on all of us.

To protect us, of course.


Increasingly, we live in times of repression, where far too often little to no added security is traded for losses of civil rights . In my opinion this repression is not conductive to a free society. And I value freedom very highly.

These have no place in a free society:
https://en.wikipedia.org/wiki/Utah_Data_Center
https://en.wikipedia.org/wiki/Mass_surveillance_in_the_United_States
https://en.wikipedia.org/wiki/Boundless_Informant
https://en.wikipedia.org/wiki/XKeyscore
https://en.wikipedia.org/wiki/Room_641A
https://en.wikipedia.org/wiki/Global_surveillance#Financial_payments_monitoring
(and, unfortunately, etc etc etc..)

All of this has to stop.


I love freedom.
I hope you all do too.
Then we could do something about it together.
« Last Edit: June 28, 2015, 09:39:37 am by karnal »


Offline arhag

  • Hero Member
  • *****
  • Posts: 1214
    • View Profile
    • My posts on Steem
  • BitShares: arhag
  • GitHub: arhag
Asking us to port their library to JS is a major effort that is easily a month of work for someone who understands it all.   Throw in learning and reverse engineering and it could take 3 months to get it right.

I agree that it is a non-trivial effort to port the crypto library to JS, but you absolutely should not have to reverse engineer and reimplement it! Like I said before, just use emscripten to convert Blockstream's code into asm.js. Then you just need to write the Javascript interface/wrapper to use that converted code.

Offline karnal

  • Hero Member
  • *****
  • Posts: 1068
    • View Profile
Are there plans to also support a full desktop client for 2.0 ?

It did not cross my mind before.. javascript and crypto, meh. That could raise some trouble...

Offline bytemaster

GUI is a lot more work when there are no JavaScript libraries that have implemented compatible crypto.    It seems those on this board have no clue that 2m bts for protocol level support is nothing!   


Sent from my iPhone using Tapatalk
I'm a coding noob and I don't fully understand the work that goes into compiling libraries - but if that is a prerequisite then is that something that should be funded instead/as well as the 2M worker proposal?

Yes.  We need to fund all of the parts.   It is a lot of work to get crypto-libraries right.   I don't fully understand all of the math behind confidential transactions, but I can use an API they provided.  Asking us to port their library to JS is a major effort that is easily a month of work for someone who understands it all.   Throw in learning and reverse engineering and it could take 3 months to get it right.    The unknown unknowns are to large to properly quote a level of effort at this point in time.     
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline Permie

  • Hero Member
  • *****
  • Posts: 606
  • BitShares is the mycelium of the financial-earth
    • View Profile
  • BitShares: krimduss
GUI is a lot more work when there are no JavaScript libraries that have implemented compatible crypto.    It seems those on this board have no clue that 2m bts for protocol level support is nothing!   


Sent from my iPhone using Tapatalk
I'm a coding noob and I don't fully understand the work that goes into compiling libraries - but if that is a prerequisite then is that something that should be funded instead/as well as the 2M worker proposal?
JonnyBitcoin votes for liquidity and simplicity. Make him your proxy?
BTSDEX.COM

Offline sittingduck

  • Sr. Member
  • ****
  • Posts: 246
    • View Profile
GUI is a lot more work when there are no JavaScript libraries that have implemented compatible crypto.    It seems those on this board have no clue that 2m bts for protocol level support is nothing!   


Sent from my iPhone using Tapatalk

Offline karnal

  • Hero Member
  • *****
  • Posts: 1068
    • View Profile
And obviously, I do pledge $200 to see this happen.  8) +5%

Offline karnal

  • Hero Member
  • *****
  • Posts: 1068
    • View Profile
Good people,

In previous threads the consensus was that indeed, privacy measures are necessary in 2.0. Unfortunately all threads related to the topic seem to have died down by now.

This one serves as a reminder that the issue is not dead.


IIRC, BM said that CN would require about $8000 to bake the necessary code. This comes down to $200 each assuming 40 stakeholders chip in.
We have more than 40 active users here.

The only thing I would add to this is that BM said they'd implement the necessary bits at the protocol level only, and leave the gui integration for 3rd parties. I disagree, and say that for the $8000, gui integration should be baked in as well.

Let this thread be a point of discussion around this important topic. Thank you.
« Last Edit: June 26, 2015, 10:05:10 am by karnal »