Author Topic: My opinion on why Stealth, Backups and Sidechains should not be added  (Read 4832 times)

0 Members and 1 Guest are viewing this topic.

tarantulaz

  • Guest
https://steemit.com/bitshares/[member=40768]tarantulaz[/member]/why-i-think-stealth-backups-and-sidechains-shouldnt-be-added-in-bitshares

Offline Empirical1.2

  • Hero Member
  • *****
  • Posts: 1366
    • View Profile
https://steemit.com/bitshares/[member=40768]tarantulaz[/member]/why-i-think-stealth-backups-and-sidechains-shouldnt-be-added-in-bitshares
 

I don't do clickbait. Could you copy and paste the content?
If you want to take the island burn the boats

Offline Chronos

Unclickable clickbait. Welcome to the future!  8)

I clicked it anyway. Here's the contents.

Quote
I created this post in order to express my opinion, about the additions of some features in BitShares. I know that a lot of people won’t like what I’ll say, but I think that adding the stealth feature on BitShares is a very bad idea. Same goes for the on ‘’chain backups’’ and sidechains.

As some well-known community members pointed out, stealth has a few problems. The main one is the metadata. Shadowcash’s chain was denonymized because they hadn’t applied something appropriately. Dash and Shadowcash sold and are still selling fake promises that their finances are private. However in the near future even a small adversary will be able to analyse their chain. Is this a thing that the BitShares community wants to do? Sell fake promises to raise the market cap? NXT added CoinShuffle many months ago and nothing really changed. It isn’t just the damage that will be done by all the imminent problems, but also in terms of labor costs etc.

There are so many more things that will have to be done to the GUI and the chances of people losing funds is huge. Think of the efforts svk will have to put in making everything bug free. Also the backup feature as good as it might seem, it sounds very dangerous to me. New users will be storing online backups with poor passwords which will be easily cracked.

Want anonymity? Wash your coins appropriately before buying BitShares and spread them into random accounts and use TOR to stay anonymous.

Want a secure backup of your files? Try Sia or Storj after their full release, or another encrypted provider. The whole point of the blockchain is that you hold your private keys and not anybody else.

Also don’t forget about the fact that if you hide your balance you won’t be able to vote afterwards. That is quite worrying especially if you wanna hide a big amount. At least Yunbi won’t be hiding it’s balance, so it will be a big blow to how people receive funding.

Finally I wanted to add a side note on sidechains. Honestly that would be even worse than adding stealth. Doom scenario for sidechains : Bitcoins worth 2M USD are held by the Bitshares Blockchain.

All witnesses collude to steal all coins or all witnesses are hacked and have no control, 2. Someone takes control over big proxies or stakes and votes witnesses his/her own (Hacking proxies or exchanges) 3. Big proxies/holders/exchanges collude to steal funds
Bytemaster said that it wouldn’t make sense for someone do so. But did he consider the fact that BitShares are a lot less liquid that Bitcoin? Even if Bitshares were worth 20M USD the fact that they are illiquid makes them worth a lot less than they actually are.

For example if someone controls a big stake, he can then open a big short position on Bitshares, take all Bitcoins and then sell the rest of the shares if he managed to steal any. After the hack there will be a panic sell of BitShares, not of Bitcoins though. 2M USD worth of Bitcoin’s can be hacked and nobody cares. If 2M USD of BitShares were hacked, the panic would be over the roof and the price of BitShares below the floor. His short position would make him huge profits, plus he could make the price go down even more by selling his shares. Currently someone needs to either control all the voting shares (about ¼ of the total supply) or 1/3 to ½ of the non voting BitShares.

In conclusion I would like to point that all these features as good as might seem, are very dangerous. The BitShares community should focus on more practical stuff, especially in the following :

Rate limited fees, Autobridging, Maker/Taker, Negative Fees, Smartcoin Park rates, Bond Market, MetaTrader Integration, Trading Bots. All these would add a lot of potential and value to BitShares, they don’t have any hidden dangers for the BitShares platform and their cost is relatively low. At current rates they could be done in 1 year.

PS I do want privacy, but stealth isn’t the answer. I know a lot of time has been spent on this feature, but we need to move forward without it.

Offline Empirical1.2

  • Hero Member
  • *****
  • Posts: 1366
    • View Profile
Unclickable clickbait. Welcome to the future!  8)

I clicked it anyway. Here's the contents.

Thanks  :D

Quote
In conclusion I would like to point that all these features as good as might seem, are very dangerous. The BitShares community should focus on more practical stuff, especially in the following :

Rate limited fees, Autobridging, Maker/Taker, Negative Fees, Smartcoin Park rates, Bond Market, MetaTrader Integration, Trading Bots. All these would add a lot of potential and value to BitShares, they don’t have any hidden dangers for the BitShares platform and their cost is relatively low. At current rates they could be done in 1 year.

I'd rather focus a lot on those features too. I don't know enough about Stealth/Privacy solutions to comment so I have to take it from others I trust on the forum that Stealth has a lot of issues. The complete openness of BTS is an issue though (especially in the BTS 2.0 transition, a lot of people had used their forum names for their accounts not realising everybody would be able to openly view their balances.) So even some level of privacy could be a positive.

Quote
Finally I wanted to add a side note on sidechains. Honestly that would be even worse than adding stealth. Doom scenario for sidechains : Bitcoins worth 2M USD are held by the Bitshares Blockchain.

All witnesses collude to steal all coins or all witnesses are hacked and have no control, 2. Someone takes control over big proxies or stakes and votes witnesses his/her own (Hacking proxies or exchanges) 3. Big proxies/holders/exchanges collude to steal funds
Bytemaster said that it wouldn’t make sense for someone do so. But did he consider the fact that BitShares are a lot less liquid that Bitcoin? Even if Bitshares were worth 20M USD the fact that they are illiquid makes them worth a lot less than they actually are.

I agree, I don't like the idea of witnesses controlling millions in Bitcoin either,

Quote
What?  You're trusting your coins to the owner of a single exchange company with no supervision by other independent cosigners?  Really?

They're trusting registered & highly regulated companies in countries with relatively strong & effective legal systems. Their owners are also making millions of dollars and so have a financial incentive to keep making money and not go to jail.

DPOS currently has neither the same legal fallback & delegates who make only a few hundred bucks a month. While the delegates ability to damage and profit from harming BTS is limited. They could get full value from other blockchain tokens.

By increasing the incentive for delegates to misbehave and therefore the trust required in them you increase the fragility of BTS. Blockchain competition is also reducing fees to near zero so the value centre of BTS is BTS collateralised SmartCoins, UIA tokens not collateralised with BTS are much less attractive, see MaidSafe, Synereo & Agoras, collectively worth >$50 million on an Omni blockchain worth <$1.4 million...

So I don't see the value in there myself. For me the way to make BTS useful and popular now & massively grow the value of BTS is by focusing on market maker & yield subsidies to create useful liquidity & demand around the peg so that bridges can convert fairly close to 1-1.
If you want to take the island burn the boats

Offline arhag

  • Hero Member
  • *****
  • Posts: 1214
    • View Profile
    • My posts on Steem
  • BitShares: arhag
  • GitHub: arhag
I don't do clickbait. Could you copy and paste the content?

Man, you really hate Steem don't you?  :P


Unclickable clickbait.

I wish someone would fix the buggy @ mention implementation on these forums.

Edit: I finally found a workaround:
Original post on Steemit
« Last Edit: June 08, 2016, 06:31:26 pm by arhag »

Offline Stan

  • Hero Member
  • *****
  • Posts: 2905
  • You need to think BIGGER, Pinky...
    • View Profile
    • Cryptonomex
  • BitShares: Stan
Instead of witnesses, any group of trusted personalities or companies could form a similar decentralized escrow business that would be better than a lone exchange if not quite as good as an unmanned service...

In fact, if all the businesses that are building on BitShares were to agree to add their reputations to the mix, it might be ideal.

Better yet, if we elected the Top 15 Most Trusted Businesses in the ecosystem to each run a sidechain interface node wouldn't that solve all issues?



Anything said on these forums does not constitute an intent to create a legal obligation or contract of any kind.   These are merely my opinions which I reserve the right to change at any time.

Offline arhag

  • Hero Member
  • *****
  • Posts: 1214
    • View Profile
    • My posts on Steem
  • BitShares: arhag
  • GitHub: arhag
Instead of witnesses, any group of trusted personalities or companies could form a similar decentralized escrow business that would be better than a lone exchange if not quite as good as an unmanned service...

In fact, if all the businesses that are building on BitShares were to agree to add their reputations to the mix, it might be ideal.

Better yet, if we elected the Top 15 Most Trusted Businesses in the ecosystem to each run a sidechain interface node wouldn't that solve all issues?

Probably a better idea than top 15 witnesses given the temptation for thieves to exploit the current voter apathy and low market cap of BitShares in order to steal potentially large BTC or ETH reserves.

It is worth noting that from a technology perspective, the code that would need to be written to allow that approach of a sidechain (where I assume changes to the multisig group would be a manual process) is probably roughly 80% of the effort needed to build a sidechain system run by the dynamic set of witnesses.

Offline karnal

  • Hero Member
  • *****
  • Posts: 1068
    • View Profile
I maintain that having no privacy on the blockchain at this stage is a massive blunder.

If stealth is fundamentally broken, then that's an ever bigger blunder.

Almost nobody interested in crypto will want a completely transparent blockchain. At least based on my experience around such communities.


Also, for 99.999% of our potential users, Tor is a no-go: the light client has no proxying support, and the default Tor browser configuration runs in private/incognito mode, so localstorage isn't available, so the wallet throws an error while starting up.

Besides, as discussed in another thread some days ago, the wss endpoint can correlate accounts to a wallet, even worse to all your wallets, since the connection the client establishes to the server isn't closed when switching wallet.


Mind elaborating on the issues with Dash? What is wrong with DarkSend (or whatever they've rebranded it to these days)

tarantulaz

  • Guest
https://steemit.com/bitshares/[member=40768]tarantulaz[/member]/why-i-think-stealth-backups-and-sidechains-shouldnt-be-added-in-bitshares
 

I don't do clickbait. Could you copy and paste the content?

Apologies for that. It wasn't my intention to make people click there in order to gain something. I just wanted to give my opinion.

Instead of witnesses, any group of trusted personalities or companies could form a similar decentralized escrow business that would be better than a lone exchange if not quite as good as an unmanned service...

In fact, if all the businesses that are building on BitShares were to agree to add their reputations to the mix, it might be ideal.

Better yet, if we elected the Top 15 Most Trusted Businesses in the ecosystem to each run a sidechain interface node wouldn't that solve all issues?


Yeah sure, but those businesses could make it themselves or a side project could do it with their funds. It should be 100% Fee backed and BitShares should hold no responsibility. And in the unluckily scenario where BitShares fails, it has to be up to the companies to help their customers. I want sidechains. I was really into them for a while and I was blindly listening to BM in the hangouts saying that DPoS is the best for this. But then I realized that the potential dangers are quite high in the initial way they were proposed. If we wanted to fund them through the blockchain, it would take more than 6 months to fund the project, without guaranteed results.

I maintain that having no privacy on the blockchain at this stage is a massive blunder.

If stealth is fundamentally broken, then that's an ever bigger blunder.

Almost nobody interested in crypto will want a completely transparent blockchain. At least based on my experience around such communities.


Also, for 99.999% of our potential users, Tor is a no-go: the light client has no proxying support, and the default Tor browser configuration runs in private/incognito mode, so localstorage isn't available, so the wallet throws an error while starting up.

Besides, as discussed in another thread some days ago, the wss endpoint can correlate accounts to a wallet, even worse to all your wallets, since the connection the client establishes to the server isn't closed when switching wallet.


Mind elaborating on the issues with Dash? What is wrong with DarkSend (or whatever they've rebranded it to these days)

Sure. I agree that TOR is hard, but people who want to protect their finances should learn how to use it well regardless and we have to make it easier with BitShares. Having Stealth but no support for TOR is a joke...

Even people within Dash know that Darksend isn't 100% secure. It is a new technology and you never know when someone will be able to break into it. Imagine thinking that you are anonymous and then one day waking up, 5 years later and you realize that all your transactions have been denonymized. Not all people need temporary privacy or anonymity. This is serious stuff where lives might be in danger after such 'revelations'. It isn't just investors trying to hide money like it probably will be in BitShares. Again, there is little privacy, privacy and total privacy-anonymity. If I had to chose the first one, I'd rather not have it at all.

So far there has been nobody within the Dash community trying to break Darksend and that is very worrying. What if someone outside the community manages to do it first? They are trying to improve it though, however that means that there might currently be something wrong with it.

Also at the moment they offer no good obfuscation of IP and many people, including myself, were complaining about this. Mixing was taking hours first and then they added people who get paid to offer liquidity. What are the problems with this :

Let's say CoinJoin offers quite good privacy. There are the following problems :
1) Only the destinations are mixed up, not the amounts. So someone can track back who sent what with some good analysis.
2) By not protecting your IP, especially when your mixes take hours, someone could easily find out who you are.
3) We don't know how many Masternodes are not compromised/control/owned by adversaries. It is currently assumed that only a small portions of the nodes is malicious.
4) When people offer just liquidity, an attacker can easily see who they are as their funds are probably going from CoinJoin to CoinJoin, while the rest of the participants might spend their coins somewhere.

https://www.dash.org/forum/threads/interesting-criticisms-of-dash-thoughts.8358/page-2
https://www.reddit.com/r/Bitcoin/comments/2zufu1/a_great_podcast_by_lets_talk_bitcoin_discussing/


Probably a better idea than top 15 witnesses given the temptation for thieves to exploit the current voter apathy and low market cap of BitShares in order to steal potentially large BTC or ETH reserves.

It is worth noting that from a technology perspective, the code that would need to be written to allow that approach of a sidechain (where I assume changes to the multisig group would be a manual process) is probably roughly 80% of the effort needed to build a sidechain system run by the dynamic set of witnesses.

It is hard indeed and that's why I think there is no need for this. Great feature, but some exchanges could see our potential and do the sidechains when we have managed to establish our DEX. By the way [member=18133]arhag[/member] what do you think of the witnesses being able to do CoinJoins like Dash's masternodes?

Offline arhag

  • Hero Member
  • *****
  • Posts: 1214
    • View Profile
    • My posts on Steem
  • BitShares: arhag
  • GitHub: arhag
By the way [member=18133]arhag[/member] what do you think of the witnesses being able to do CoinJoins like Dash's masternodes?

There is a better way.

Online dannotestein

  • Hero Member
  • *****
  • Posts: 739
    • View Profile
    • BlockTrades International
  • BitShares: btsnow
Re: My opinion on why Stealth, Backups and Sidechains should not be added
« Reply #10 on: June 09, 2016, 04:52:12 am »
I haven't had time to read this whole thread, but Eric and I worked out a way earlier today to do a fully-decentralized version of sidechains that doesn't require multi-sig authorities, which from my limited reading would overcome the major objection originally expressed about sidechains in the OP. It wasn't prompted by this post, but by interest in linking graphene-based chains to ethereum (the original impetus being to link to ethereum as part of a move to get DAO support for peerplays). There's a fair amount of work involved in the implementation, but not an insurmountable amount by any means. So if peerplays is successful in getting DAO funding, it looks like we'll make this happen.
http://blocktrades.us Fast/Safe/High-Liquidity Crypto Coin Converter

Offline arhag

  • Hero Member
  • *****
  • Posts: 1214
    • View Profile
    • My posts on Steem
  • BitShares: arhag
  • GitHub: arhag
Re: My opinion on why Stealth, Backups and Sidechains should not be added
« Reply #11 on: June 09, 2016, 04:57:26 am »
I haven't had time to read this whole thread, but Eric and I worked out a way earlier today to do a fully-decentralized version of sidechains that doesn't require multi-sig authorities, which from my limited reading would overcome the major objection originally expressed about sidechains in the OP. It wasn't prompted by this post, but by interest in linking graphene-based chains to ethereum (the original impetus being to link to ethereum as part of a move to get DAO support for peerplays). There's a fair amount of work involved in the implementation, but not an insurmountable amount by any means. So if peerplays is successful in getting DAO funding, it looks like we'll make this happen.

I find that very hard to believe, because I had convinced myself this is fundamentally impossible. Very interested to see what your solution is, what its limitations are, and whether it actually addresses any of the concerns of the OP.

Online dannotestein

  • Hero Member
  • *****
  • Posts: 739
    • View Profile
    • BlockTrades International
  • BitShares: btsnow
Re: My opinion on why Stealth, Backups and Sidechains should not be added
« Reply #12 on: June 09, 2016, 05:11:01 am »
I haven't had time to read this whole thread, but Eric and I worked out a way earlier today to do a fully-decentralized version of sidechains that doesn't require multi-sig authorities, which from my limited reading would overcome the major objection originally expressed about sidechains in the OP. It wasn't prompted by this post, but by interest in linking graphene-based chains to ethereum (the original impetus being to link to ethereum as part of a move to get DAO support for peerplays). There's a fair amount of work involved in the implementation, but not an insurmountable amount by any means. So if peerplays is successful in getting DAO funding, it looks like we'll make this happen.

I find that very hard to believe, because I had convinced myself this is fundamentally impossible. Very interested to see what your solution is, what its limitations are, and whether it actually addresses any of the concerns of the OP.
There's lots of details I don't have time to go into now, but the essence of the technique is to extract sufficient data from one blockchain to create a proof-of-burn (or proof-of-lock) that the other blockchain will accept if published to that blockchain. On etherium, a smart contract would serve as the arbiter for that proof. On a graphene blockchain, the validation would be built into the blockchain protocol. Most of the details lie in how to efficiently construct such proofs. Part of the proof is information that indicates the owner on the blockchain accepting the proof.
http://blocktrades.us Fast/Safe/High-Liquidity Crypto Coin Converter

Offline bitsharesbrazil

  • Sr. Member
  • ****
  • Posts: 243
    • View Profile
Re: My opinion on why Stealth, Backups and Sidechains should not be added
« Reply #13 on: June 09, 2016, 05:33:33 am »
An automatic sidechain is pretty cool...but if we could improve just a little bit faster trading volume on dex I would be delighted......
A sidechain is a great project, bts price will have to apreciate probably to.fund this with huge buys wall.....so we.can.fund it with confidence

If we.could sort simple things n make it more useful n gain traction a little bit faster would be great while we shift on the long term big things, just my 2bts
bitcointalk ANN https://bitcointalk.org/index.php?topic=1084460.0
chat, post, promote it!!!!!!!! Stan help to improve OP!

Offline abit

  • Committee member
  • Hero Member
  • *
  • Posts: 3809
    • View Profile
    • Steemit Blog
  • BitShares: abit
  • GitHub: abitmore
Re: My opinion on why Stealth, Backups and Sidechains should not be added
« Reply #14 on: June 09, 2016, 10:49:28 am »
I haven't had time to read this whole thread, but Eric and I worked out a way earlier today to do a fully-decentralized version of sidechains that doesn't require multi-sig authorities, which from my limited reading would overcome the major objection originally expressed about sidechains in the OP. It wasn't prompted by this post, but by interest in linking graphene-based chains to ethereum (the original impetus being to link to ethereum as part of a move to get DAO support for peerplays). There's a fair amount of work involved in the implementation, but not an insurmountable amount by any means. So if peerplays is successful in getting DAO funding, it looks like we'll make this happen.

I find that very hard to believe, because I had convinced myself this is fundamentally impossible. Very interested to see what your solution is, what its limitations are, and whether it actually addresses any of the concerns of the OP.
There's lots of details I don't have time to go into now, but the essence of the technique is to extract sufficient data from one blockchain to create a proof-of-burn (or proof-of-lock) that the other blockchain will accept if published to that blockchain. On etherium, a smart contract would serve as the arbiter for that proof. On a graphene blockchain, the validation would be built into the blockchain protocol. Most of the details lie in how to efficiently construct such proofs. Part of the proof is information that indicates the owner on the blockchain accepting the proof.
It's hard if not impossible for one chain to trust something happened on another chain. Even if every node validates every block of both chains, it still doesn't make much sense to trust a non-trustless chain.

Bitcoin has the most potentiality to be considered as trustless;
Eth is perhaps trustless, but I doubt smart contracts are (there is always an image in my head that most of if not all smart contracts aren't trustless);
Graphene based chains are definitely not trustless.

Am I missing something?


//Update: I must be drunk..
« Last Edit: June 09, 2016, 01:35:07 pm by abit »
BTS account: abit
BTS committee member: abit
BTS witness: in.abit