[tor-talk] Gmail and Bitcoin? [OT]

Mike Perry mikeperry at torproject.org
Sun Jan 13 23:00:23 UTC 2013


Thus spake grarpamp (grarpamp at gmail.com):
 
> > we should regard bitcoin as no
> > different from the traditional banking system in terms of transaction
> > privacy for the *average* user.
> 
> Other than using a different recipient address with each transaction,
> and the proxy features of whichever bitcoin client, what more would
> be needed in design or operation for this? Some say using a washer,
> but all that seems to do is pass someone else's dirt to you in various
> quantities.

The core problem is a deeper one. My point is that *any* procedure that
requires the user to do something other than the default usage scenario
for the system/resource we're relying on must be considered
inappropriate.

In the case of Bitcoin: in the default configuration and usage scenario,
mining Bitcoins risks revealing your IP, and purchasing them at an
exchange means relying on traditional financial system privacy *and*
exchange server security. Neither of these use cases meet the level of
privacy Tor itself seeks to provide, and telling people to manually jump
through a bunch of technical hoops/special configuration steps to
"solve" these shortcomings is no solution at all. At least, not at
Google-scale. Too many people will do it wrong. You don't build
trustworthy privacy software by telling everybody "Too confusing? Too
bad! It's survival of the fittest around here! Also, maybe you're just
too dumb to deserve privacy!"

Therefore, if we are to rely on a scarce resource that is not private by
default, we must also provide a suitably private (and
transparent/invisible!) layer (such as Nymble/blind sigs) to provide
real privacy to the *default* usage scenarios for acquiring the scarce
resource.

In other words, we must think outside the Bitcoin here.

In the case of Nymble tokens/blind sigs purchased with Bitcoin, users
would obtain Bitcoins using the default mechanisms, and then use those
Bitcoins to purchase blinded authorization tokens provided by the Nymble
mix. The privacy would come from the Nymble system's mix properties
(which are transparent to the user), not the particular way the user
managed to configure+use their Bitcoin software.

Then, such a system could take as input any number of scarce resources
using the same authorization mix: Bitcoin, SMS, two dozen solved
Captchas, a real IP address, or any micropayment scheme.

How to make the payment-based schemes refundable is another fun problem,
especially if we use only a single mix layer for all of them. However, I
expect in the overwhelming majority of cases, people won't want or expect
their money back, but would instead prefer a review process that simply
got their account reinstated.

> > avoid putting such statements in my mouth unless you have clear
> > memory/citation for them..
> 
> We're referring to this Mike who suggested bitcoin deposits...
> 
> Date: Tue, 16 Oct 2012
> From: Mike Hearn <hearn at google.com>
> Subject: Re: [tor-talk] registration for youtube, gmail over Tor -
> fake voicemail / sms anyone?

Thanks for clarifying this for me. Sorry for the misunderstanding.


-- 
Mike Perry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20130113/f7be0abf/attachment.pgp>


More information about the tor-talk mailing list