[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Gmail and Bitcoin? [OT]

Thus spake Maxim Kammerer (mk@xxxxxx):

> On Sat, Jan 12, 2013 at 5:47 PM, k e bera <keb@xxxxxxxxxxxxxx> wrote:
> > Ah yes, i misremembered the figures from Google's Abuse At Scale study.  They said $120 to $150 per thousand accounts.
> What they neglected to mention is that only ~5$ of that price tag is
> due to SMS activation. Google account's value comes from overall
> tracking of users, not just anti-spam verification, so I doubt they
> would find any anonymous deposits scheme valuable for the company.

For gmail and search, Google's account value comes from account history
and current activity context (which they utilize to serve you ads), not
meatspace authentication**. 

In terms of "authenticating" your account for this purpose, it doesn't
matter to them what sort of abuse reduction mechanism they deploy, so
long as it reduces any activity on their network that costs them more
money to service than they can extract through advertising. That's why
they don't bother requiring SMS/Captchas for everyone, and instead
prefer to keep the account creation process as frictionless as possible
for the overwhelming majority of users.

I do believe that any number of proof-of-work/scarce-resource mechanisms
could be deployed behind a Nymble/blind signature layer (ie Nymble +
captchas/SMS/payment/whatever) to provide both better privacy *and*
better abuse reduction properties, but I don't think it is really
worthwhile to go into detail about that in this thread. There has been
plenty of other discussion already about these ideas. The blocking
factor always seems to boil down to "That sounds like it might work. But
who is going to build it to find out?"

For the record, though, I have never suggested paying for accounts with
bitcoin by itself. I strongly believe we should regard bitcoin as no
different from the traditional banking system in terms of transaction
privacy for the *average* user. For this reason, I believe it is
inappropriate for the Tor Project to advocate use of bitcoin without
*also* providing some kind of additional privacy preserving layer on top
of it, just as we would have to do if we were to endorse people using
credit cards to pay for/authenticate Google accounts (even though
"anonymous" prepaid credit cards are available in some areas).

This last paragraph is the real reason I replied here. Please try to
avoid putting such statements in my mouth unless you have clear
memory/citation for them..

** Google+ with its "real name" policy is of course a different beast.
That team seems to have some misguided fantasy of turning G+ into an
"Identity provider" for the Internet. Good luck with that, guys... I
for one love a good lolocaust ;).

Mike Perry

Attachment: signature.asc
Description: Digital signature

tor-talk mailing list