Silk Road forums
Discussion => Security => Topic started by: nimbus on February 04, 2012, 07:36 pm
-
Hi everyone,
I came up with an idea last night (while tripping on some great acid!) and organized my thoughts into a few simple slides. I'm interested in any feedback about the plan or security holes I may have missed. The executive summary is to create a market for a large network of cash drops based on buyer and exchanger weighted trust ratings, with easy to use printable deposit slips using unique QR codes.
Edit: I've re-posted my slides as plain text because it's a pain to view them manually.
THE PROBLEM
* Exchangers have a lot of Bitcoins and need to convert to cash as safely as possible.
* Buyers have a lot of cash and need to acquire Bitcoins as safely as possible.
* Using bank transfers and public exchanges is risky, slow, and exposes your personal information. This is the most likely attack vector for LE.
* Semi-anonymous methods like MoneyPak and cash deposits through a bank teller are risky because these are recorded on timestamped CCTV.
THE SOLUTION
* Create a market for anonymous mail cash drops. In every country and every currency.
* Printable deposit slips with single-use QR codes.
* Simple for buyers: print, package, drop in any mailbox. Worst case: lose 1 envelope of cash. Essentially zero risk (fingerprints).
* Simple for exchangers: Scan QR code, transfer BTC at current exchange rate minus desired small fee (automated), +1 to buyer’s rating. Buyer rates exchanger from 1-5 depending on fee/speed. Worst case: address flagged by LE, possible surveillance, but at large LE cost. No laws broken? [edit: almost certainly not true...]
* Buyers and Exchangers are rated on successful transactions. Efforts to poison the trust system require a lot of effort and money, and troll buyers can be banned if a pattern is noticed. Exchanger ratings are weighted based on buyer’s number of +1 ratings. Buyers can rate 0 for lost mail after a defined time period.
ASSUMPTIONS
* There is always a good supply of Bitcoins.
* It is legal to receive cash in the mail.
* There is a large enough worldwide pool of exchangers able to operate secure drop addresses they can afford to lose.
* A simple Android/iOS app exists for scanning QR codes to a remote PC clipboard, no tedious manual typing needed.
ATTACK VECTORS
* The “T” word. Brand exchangers as terrorists and pass new laws to shut down drop addresses and/or arrest exchangers.
* DDoS trust system. Requires large effort, many buyers, repeat transactions, and a lot of cash.
TWO CHOICES (both methods available depending on exchanger’s risk tolerance.)
1. Higher security for exchanger
* Buyers provide GPG key in their profile and request access to drops.
* Exchangers approve trusted buyers and only reveal their drop address via GPG.
2. Lower security for exchanger
* Public list of drop addresses. Any buyer can send to any drop. Good for newbies to get +1 ratings.
* Can charge higher fees for simpler service and higher risk.
Here are my original slides:
1. http://xfq5l5p4g3eyrct7.onion/upload/67fe7e88faaddf6ee8a53c34e7042cb1.jpg
2. http://xfq5l5p4g3eyrct7.onion/upload/0690c076f45af878ffa9a8a4de62fe4d.jpg
3. http://xfq5l5p4g3eyrct7.onion/upload/57bee10defc2a24a85dd118d7357000e.jpg
4. http://xfq5l5p4g3eyrct7.onion/upload/642a46ad5590001156139fd4547a5fd2.jpg
5. http://xfq5l5p4g3eyrct7.onion/upload/ea19f89eafb1913c885a7fad23fba994.jpg
6. http://xfq5l5p4g3eyrct7.onion/upload/89474707f75e84f767077c33498efd70.jpg
-
Good push towards change
-
It's an interesting idea, but what about BTC -> Cash?
-
It's an interesting idea, but what about BTC -> Cash?
If you need to go from BTC -> Cash you would become an exchanger with your own drop address.
Just realized one random issue related to this, there would need to be some way to handle the case where a drop received *too* much cash and the exchanger didn't have enough BTC available to exchange it. Not sure what happens in this situation...
-
this is interesting for sure. i like imagining a future where I can buy bitcoins from a friend or local f2f vendor, this moves in that direction a bit so i can dig it. lots of security issues i'm sure though.
-
So I didn't get a lot of response to this, hopefully because it was just a pain to manually view my slides. I edited the original post with all the info in plain text, so please take another look. Or maybe it's impractical or stupid, feel free to say so. :) I see so many threads about how to get bitcoins, and have talked to at least one vendor who doesn't have a good way to cash out the $xK/week he needs to. This sort of system could help solve both issues. The hardest part, aside from a lot of coding, would be knowing how to setup a safe drop address. I am certainly not sophisticated enough to do this, but I assume vendors/exchangers might be.
-
I think it's a reasonably good idea, but it has a lot of refining to be done. Only ideas which are close to perfect receive human capital (coding) and financial capital. You could setup some brainstorming sessions with friends to work out how to compromise your system. You should also research the history of systems like this, apart from the QR code element, it's an idea that's had many forms over time. So check out the ideological competition as it were. Steal their best ideas! (can't remember the name of the banking system, but there's one which is something like this)
I'm a big fan of having a BTC -> Cash and Cash -> BTC market internalized within the black market. I think our pals at bitcointalk.org are the most likely to actively help you with your mission here (don't mention SR ;-) , they're big supporters of decentralization and redundancy systems in case a government tried to stamp down on Bitcoin. (issue: can LE potentially black-list particular bitcoins?)
The Silk Road is definitely behind any ideas to make this work, the key issue is that there's lots and lots of ideas out there, and we can't invest our time and energies into them all (hence the interest, but lack of replies). As such it's a lot like a snowsledge or toboggan, you got to push hard at the begining to get it moving with your own energies, but after a while gravity takes over and you pick up speed.
Once you have a "proof of concept" setup, you'll be inundated with supporters! :)
-
Thanks for the reply pine. I definitely am not worried about finding anyone to code it, I could easily write this myself given a few months and some bigger balls (where/how to host it). It could integrate well with SR's existing BTC and rating infrastructure though, to reduce effort.
I do know there is a Middle-Eastern WU-like service which I guess works a bit like this, based on trusted exchangers. Can't find the name of it at the moment. But of course it's f2f and not anonymous. Are you aware of prior anonymous cash systems? I doubt there would have been much reason for one before now.
-
I think your research needs to focus on money laundering, specifically ‘fei ch’ien’ or ‘hawala’ underground banking. They've been doing that for centuries, so they are the Old World pros. Lots of useful information out there on the clearnet. I say that, because most times you shouldn't re-invent the wheel, you re-discover an already existing technique and then update it with modern tech.
Best of Luck
Pine
Protip: AML laws in the USA are *unbelievably draconian*. You can't so much as receive > 10k from an unknown source. i.e. anonymity itself is illegal. Also, if it can be shown that you 'intended' to be anonymous by concealing the source of funds, no matter if it's $0.01 or $100 million, then you are breaking the law. And they take all your stuff if you can be shown to be connected to money laundering, even if that stuff came from completely legitimate sources. I'm not a lawyer, so I can't say for sure how much of this is true, but the wiki page seems to support what I've heard.
-
That was the name I was thinking of, thanks. More research is definitely in order.
Yep, many US laws are ridiculously draconian, I'm sure most here would agree to that. :) I wonder how a place like get-bitcoin is able to operate in the clear. When does something technically become money laundering? You can buy anything anonymously for cash, or trade it for any foreign currency. If you keep the amounts small, maybe a few hundred bucks at a time, certainly that is legal?
-
ATTACK VECTORS
* The “T” word. Brand exchangers as terrorists and pass new laws to shut down drop addresses and/or arrest exchangers.
* DDoS trust system. Requires large effort, many buyers, repeat transactions, and a lot of cash.
* Simply assume that anyone running any of the drop addresses is guilty of something, and subject them to surveillance, illegal searches, and general harassment.
-
I think this definitely has potential. It's a great idea. I would imagine that the Vendors on her have a lot of trouble converting and cleaning their BTC's. Especially those in North America with the draconian money laws. It should get easier as time goes by and more and more businesses accept BTC's. But until that day and as long as people wish to maintain their anonymity there should be a need for a system such as this.