Thus spake grarpamp (grarpamp@xxxxxxxxx): > > we should regard bitcoin as no > > different from the traditional banking system in terms of transaction > > privacy for the *average* user. > > Other than using a different recipient address with each transaction, > and the proxy features of whichever bitcoin client, what more would > be needed in design or operation for this? Some say using a washer, > but all that seems to do is pass someone else's dirt to you in various > quantities. The core problem is a deeper one. My point is that *any* procedure that requires the user to do something other than the default usage scenario for the system/resource we're relying on must be considered inappropriate. In the case of Bitcoin: in the default configuration and usage scenario, mining Bitcoins risks revealing your IP, and purchasing them at an exchange means relying on traditional financial system privacy *and* exchange server security. Neither of these use cases meet the level of privacy Tor itself seeks to provide, and telling people to manually jump through a bunch of technical hoops/special configuration steps to "solve" these shortcomings is no solution at all. At least, not at Google-scale. Too many people will do it wrong. You don't build trustworthy privacy software by telling everybody "Too confusing? Too bad! It's survival of the fittest around here! Also, maybe you're just too dumb to deserve privacy!" Therefore, if we are to rely on a scarce resource that is not private by default, we must also provide a suitably private (and transparent/invisible!) layer (such as Nymble/blind sigs) to provide real privacy to the *default* usage scenarios for acquiring the scarce resource. In other words, we must think outside the Bitcoin here. In the case of Nymble tokens/blind sigs purchased with Bitcoin, users would obtain Bitcoins using the default mechanisms, and then use those Bitcoins to purchase blinded authorization tokens provided by the Nymble mix. The privacy would come from the Nymble system's mix properties (which are transparent to the user), not the particular way the user managed to configure+use their Bitcoin software. Then, such a system could take as input any number of scarce resources using the same authorization mix: Bitcoin, SMS, two dozen solved Captchas, a real IP address, or any micropayment scheme. How to make the payment-based schemes refundable is another fun problem, especially if we use only a single mix layer for all of them. However, I expect in the overwhelming majority of cases, people won't want or expect their money back, but would instead prefer a review process that simply got their account reinstated. > > avoid putting such statements in my mouth unless you have clear > > memory/citation for them.. > > We're referring to this Mike who suggested bitcoin deposits... > > Date: Tue, 16 Oct 2012 > From: Mike Hearn <hearn@xxxxxxxxxx> > Subject: Re: [tor-talk] registration for youtube, gmail over Tor - > fake voicemail / sms anyone? Thanks for clarifying this for me. Sorry for the misunderstanding. -- Mike Perry
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk