Month: December 2012

Although the problem is now considerably smaller than it was one year ago, a significant amount of misinformation about Bitcoin continues to float around the internet. Part of the problem is that the concept of Bitcoin is so unlike anything seen before; decentralized currencies that have no offline presence were not exactly a common sight before Bitcoin came along. Bitcoin is also unusual in that it is a high-tech subject which has consequences reaching far outside the technology world, leading to under-educated journalists churning out sentences like “the Bitcoin program is under licensing by MIT, the globalist-controlled think-tank college”. In reality, the MIT license used by Bitcoin does nothing more than give anyone the right to freely use, modify and redistribute the software, and has as little to do with MIT itself as Arabic numerals do with Al Qaeda and the governments of Syria and Iran.

Another issue is the natural desire to write an interesting story; a story about the average suit-and-tie businessman using Bitcoin to quickly and cheaply move money across international borders is far less likely to generate pageviews than an “underground website where you can buy any drug imaginable“. Thus, a natural bias exists in favor of the latter over the former.

Major news claims about Bitcoin spread like memes, only serving to compound the problem. For example, after the Financial Post claimed on June 8 that “Europeans were moving their money out of their banks and dumping it into … Bitcoin”, a flood of other similar articles followed. On June 11, Business Insider ran an article based almost entirely on the Financial Post article claiming the same thing, and Betabeat and various blog sites followed. One of these sites in turn catapulted the story onto Slashdot, and ZDnet and Daily Finance ran their own articles on the subject soon after. In reality, however, the story of investors flocking from Euros to Bitcoin en masse turned out to have been grossly exaggerated – Amir Taaki reports that “the only thing that’s happened is that the euro has increased in price vs the dollar slightly.”

Even in the case of stories that are essentially true, the effect can still manifest itself; when Bitcoin Central announced that it was partnering with a registered banking partner in France, the erroneous claim that Bitcoin Central was itself becoming a licensed payment services provider rather than simply partnering with an existing one was so mercilessly copied throughout the internet that Bitcoin Central was forced to release a statement clarifying the facts.

The following are some clarifications on the major misconceptions that have surfaced regarding Bitcoin over the past one and a half years.

1. Bitcoin does not have a central organization or authority. This feature of Bitcoin is among the least understood among people who are new to the currency, and perhaps the hardest to wrap one’s head around. A recent article by Occupy Corporatism stumbled around this difficulty considerably, making claims like “Bitcoin has been given that status of a ‘payment service provider'” and “Bitcoin now has an International Bank ID number”. Although the Bitcoin community does include organizations with names like the Bitcoin Foundation and Bitcoin Central, none of these are anything close to central authorities for Bitcoin with inherent power over Bitcoin as a whole. Bitcoin Central is only one Bitcoin exchange among many – and not even the biggest one. The Bitcoin Foundation is simply an organization consisting of highly respected members in the Bitcoin community and developers of a particularly popular piece of Bitcoin client software. Anyone could potentially create their own exchange and their own foundation and displace either of these outright. Rather than thinking of Bitcoin as a product released by a traditional corporation, it is more appropriate to think of it as a self-sustaining digital commodity, similar to gold. It has a healthy satellite industry that provides products and services based around it, and it has its own business and advocacy organizations, but there is no central Gold Corporation. The databases that show Bitcoin addresses with a given bitcoin balance are all collectively managed by the network using a peer-to-peer network, similarly to the peer-to-peer networks used by file sharing services.
2. The Bitcoin price did NOT fall to $0.01 in June 2011. The backstory behind this myth is an event in June where an administrator account at MtGox, a Bitcoin exchange which had over 80% market share at the time, was hacked, and the attacker managed to manipulate MtGox’s database tables to create a balance of 2 million bitcoins within his account and immediately sold them, consuming all of the buy orders that had been placed on the site in the months before going from $17.50 all the way down to $0.01. However, what sank to $0.01 was not the actual Bitcoin price, but rather a MtGox representation of the price. A price is, by definition, a value in exchange for which something is being bought and sold at a given time. In this case, however, MtGox later rolled back all of the trades that had happened during the event, so no lasting purchase or sale was actually made at anything less than $10. MtGox’s price charts show no transactions happening on the day. Aside from the attacker, no human being was, at any point, willing to sell bitcoins at anything close to $0.01 – the orders that were processed were all made weeks and months before the event, and at exchanges other than MtGox, the price generally remained at a healthy $13-$18. And, most importantly of all, the 2 million BTC that were sold were not even real bitcoins – they were simply fraudulent entries in MtGox’s database. Although it is understandable how some can interpret the event as the price dropping to $0.01, pointing to this incident as a sign of Bitcoin’s price instability is highly disingenuous – the root cause was a security mishap at a third party service, not a sudden loss of confidence in the currency. Incidentally, if the MtGox hack does count as the Bitcoin price dropping to $0.01, then another, less known, MtGox glitch deserves to count as the Bitcoin price reaching $1 billion.
3. Bitcoin itself has never been significantly counterfeited or hacked. A number of articles over the past one and a half years have come out with headlines triumphantly proclaiming “Bitcoin hacked”, or something similar in the introductory paragraph, and recently an article on the Washington Post claimed that in the future we would be smuggling “counterfeit digital currencies.” Unfortunately, Bitcoin’s security reputation has been negatively affected as a result. In reality, however, stories about Bitcoin being hacked are simply instances of the central authority misconception manifesting itself once again. The Bitcoin protocol itself and the various services that have been built up by the Bitcoin economy are two completely different things; saying that the former was hacked when the real victim was one of the latter is like saying the US dollar was hacked when criminals manage to steal $10 million by breaking into point of sale terminals. Incidentally, the US dollar itself has been “hacked”; a large part of North Korea’s revenue comes from counterfeiting hundred dollar bills; the Bitcoin protocol, on the other hand, has not had any significant security breaches. There have been a few minor incidents involving special methods of accepting Bitcoin that are known to be unsafe, but the scope of these attacks is well understood and very limited, and the average user and business is not vulnerable at all. Because all clients enforce the 21 million bitcoin supply limit, “counterfeiting” new bitcoins into existence is impossible outright. On the whole, the cryptographic and game-theoretical foundations behind the Bitcoin system have proven to be rock solid, and the fact that no one has yet claimed the $140 million reward for breaking these foundations is a testament to this. To the average user, there are only two ways to lose one’s bitcoins to malicious activity: entrust the bitcoins a third party service that turns out to itself be insecure or fraudulent, or have your own computer get hacked by a computer virus – both of which are problems in the traditional financial system as well, costing the US economy $50 billion per year.
4. Bitcoin is NOT (yet) seeing massive growth in usage to evade trade sanctions in Iran. Much like the Bitcoin Euro story, this is another meme that has spread around the internet all too quickly for its own good. After Business Week came out with its article on November 29, Reason, Infowars, various financial blogs and much later CNN all picked up on the story, often simply copying paragraphs while offering little or no original research of their own. In reality, the Iran story does have some grain of truth, as there have been signs of increasing activity from Iran in the past few months, but on the grand scale, Bitcoin is far from making significant inroads – on Google Trends, Bitcoin is not even on the charts for Iran. What happened here was a common journalistic fallacy: the media took a single story of an Iranian earning bitcoins by selling music on CoinDL and wrongly extrapolated to a story about Iranians switching to Bitcoin en masse. There is nothing wrong with writing an article expressing the potential for Bitcoin to be used to bypass trade sanctions on a larger scale, but one must be careful not to assert that such a thing is already happening.
5. Bitcoin IS being used to sell illegal drugs on sites like Silk Road. However, illegal goods other than drugs – including assassinations, child pornography and even guns, are NOT gaining significant traction. The black market website Silk Road made considerable news a few months ago when a paper by Nicolas Cristin was released, claiming that the site had a monthly trade volume of over $2 million. Focusing on the black market aspect of Bitcoin is a popular habit of journalists, as shown by US senator Charles Schumer in June 2011 when he accused Bitcoin of being “an online form of money laundering used to disguise the source of money” when buying and selling drugs. Even now, articles are using Schumer’s words as part of a two-sentence introduction to what Bitcoin is. Other articles, however, go even further; one blog piece claims that “the fact that you can buy drugs, guns, and assassinations with Bitcoins is indisputable,” and another video portrays bitcoins as the go-to currency for purchasing prostitution, guns, stolen art and more. These claims, however, are exaggerated. The video claims that “at one point the Silk Road drew the line at selling products harmful to others like firearms, stolen credit card numbers and more, but as the site grew things turned for the worse,” but this statement is factually wrong – in fact, as time went on, things turned for the better. Stolen credit card numbers, child pornography and assassinations were never allowed on Silk Road, and even the much more lax Black Market Reloaded has slowly begun clamping down on immoral activity – assassinations and child pornography can no longer be found on the site. After growing controversy among the site’s users, Silk Road’s mastermind Dread Pirate Roberts banned firearms from Silk Road in January 2012, moving firearms sales to a dedicated site. However, the site failed to gain traction, and Roberts closed the Armory down only six months later due to inactivity. Guns were not allowed back on Silk Road. The assassination threat is similarly overblown. If one casually scrolls through black market sites on the Tor network, there are indeed a number of sellers offering assassinations at a price anywhere from $5,000 to $20,000 USD, typically asking for Bitcoin as the payment method. However, a more detailed analysis shows a different picture. These sellers’ accounts invariably have no reputation or feedback of any kind, and they never offer to use an escrow service. This can only point to one conclusion: they are all scams. It costs nothing to put such an advertisement online, and scammers can simply wait until a customer contacts them, and then extract as much upfront payment as they possibly can. Some of these scams may even be vigilantes and police, deliberately undermining any semblance of trust in markets for such services in an attempt to protect potential victims.

It is easy to understand why so many writers have made these kinds of mistakes. It is easy to fall victim to the desire to come up with an interesting story that will generate pageviews, especially when there is often so little incentive to dig through to the more boring truth. To combat these myths, therefore, we must all be vigilant. Whether a given story is unfairly biased against Bitcoin, or even unfairly biased in its favor, it is important to work together to make sure that the truth always comes out – in the first case, not to needlessly scare potential Bitcoin adopters away, and in the second case, not to disappoint. Hopefully, as public understanding of what Bitcoin is continues to develop, we will be seeing far fewer outdated or inaccurate claims in 2013, and with luck, Bitcoin will be free to rise or fall – but hopefully rise – on its own merits.

Disclosure: the author of this article has had a small role in copywriting for UpTweet. This article was written independently of this fact.

After months of development, the upstart social media site UpTweet has recently announced that it is officially going live. On the surface, UpTweet is a general-purpose online social news and discussion site similar to Reddit, where users can submit and read posts sorted by the specific category that they are interested in. The list of categories is diverse, including news, sports, technology, health and even a “marketplace” category for buying and selling goods. However, the core concept behind UpTweet, and hence its name, is that the site is completely integrated with Twitter. A Twitter account is required to make posts and comments, and all posts and comments that a user makes are immediately published under the user’s account on Twitter as well. When a user posts a reply to a comment on UpTweet, he is also tweeting a reply to the tweet corresponding to the comment that he is replying to; every single conversation on UpTweet takes place on Twitter at the same time. The basic intent behind UpTweet’s design is that UpTweet attempts to bridge the gap between Twitter, with its 140-character headlines, and the deep conversation that is now only seen through forums and lengthy blog posts. Those who only want a summary of what is going on can read the Twitter feed, while those who want to go in deeper can click a link and see the full conversation on UpTweet instead.

UpTweet also extends what is currently possible with social media in another big way: integration with Bitcoin. Every time one of your posts gets retweeted on Twitter or “uptweeted” on UpTweet itself, a functionality similar to upvotes on Reddit but which also triggers an automatic retweet, a small payment gets added to your on-site wallet account. The amount is currently 0.0001 BTC per uptweet, but may go up or down depending on UpTweet’s advertising revenue.

Integrating Bitcoin with social media has been tried before, and at first it did have little success. In 2011, Witcoin offered users the ability to support posts that they like by tipping them with the currency, but the idea never caught on, and the site has since shut down. The Bitcoin-based paid question-and-answer board Rugatu has existed for many months, but its user base has so far remained fairly small. Twitter itself has been linked with BTC previously with FeedZeBirds, but that project, despite some degree of initial prominence, has now also died down. More recently, however, fortunes have turned in favor of such a merger. Bitcointip, a bot on Reddit that allows anyone to tip any other user in BTC, launched about a month ago, and is now actively operating with a total of about $25 tipped every day. UpTweet, with its per-retweet reward system, serves as a complement to Bitcointip – while with Bitcointip, one gets rich by getting lucky with a large tip from a particular individual, on UpTweet, the path to Bitcoin prosperity is pleasing the masses.

UpTweet’s growth strategy is rather different from most other Bitcoin-related services. The vast majority of Bitcoin businesses that we see today are specifically centered around Bitcoin, offering services that are usually available elsewhere but for Bitcoin. UpTweet, however, is treating Bitcoin integration largely as a sideshow, and is pursuing its own path in marketing itself. Topics on UpTweet include mainstream subjects such as entertainment and music, and UpTweet has already run an ad in Times Square. Once users start using UpTweet for its Twitter integration, the hope is that they will be attracted to Bitcoin as well. Founder Brian Santos writes, “We are getting people into Bitcoin without them even knowing it. That’s the way it’s supposed to be really – Bitcoin-centric sites are a thing of the past. For Bitcoin to succeed, it needs to go ‘mainstream'”.

UpTweet founder Brian Santos has also agreed to share his thoughts on UpTweet and the future of Bitcoin and social media as a whole in an interview:

1. To start off, could you introduce yourself to our readers? What is your background, and are there any other projects that you are involved in in the Bitcoin community?

My name is Brian Santos. I’m a digital artist, software developer, project manager, and marketing analyst based out of the sunshine state of Florida. I have been working with computers since I was 10 years old, before I even had my first desktop computer, I was coding websites on my WebTV Philips MAT-972 via 28KBPS dialup (“Blazing Fast Speeds”). I was always interested in building social networks through different communities like GeoCities and tools like IRC. I was also heavily into clans (Starcraft) and even ran one of the largest clans in Battle.net (Clan iM). I have always been enthralled with technology, owning dozens of computer rigs (many that I built myself), and learning a series of different programming languages and frameworks. I discovered Bitcoin in early 2011 and became fascinated by the entire idea of “free money”. After becoming heavily involved in UpTweet and correlating the Bitcoin technology with the Twitter API I now truly appreciate the true genius behind the divisibility and expandability of Bitcoin. I also learned that Bitcoins are far from “free”. I think BTC are a no-brainer, being the most transparent monetary system man has ever known. In addition to UpTweet I also own the Bitcoin Tees and memorabilia site http://bitcoinpride.com, and I am working on several top secret Bitcoin projects.

2. How did you first come up with the idea behind UpTweet?

About 3 years ago I was introduced to Twitter. The news report I first read talked about a revolutionary new system that was exploding into the scene at incredible speed. At first I didn’t quite grasp the usefulness of the service that limited everything you said to 140 characters. It wasn’t until I got more acquainted that I started to understand why the network was setup in such a fashion. Twitter (at the time) was positioning itself to take over as an alternative to paid text messaging services. Twitter allows users to tweet each other via direct SMS (and landline service in some regions), and to keep in line with universal standards, Twitter limits each post to 140 characters. From a marketing perspective I fell in love with Twitter almost instantly. The fact that it allows for direct access to a users fan base and does not limit how big or fast they can grow, makes it the ideal platform for a popularity based blogging system. As I learned more I began to work with Twitters infrastructure, and I started to notice some of the shortfalls that Twitter was suffering from. I wanted to create a system that removed all of the limitations that Twitter presented its users with, while at the same time keeping a truly integrated Twitter experience that enhances the service.

3. What audience is UpTweet aimed at? What would be an example of an “ideal user” of your service?

UpTweet is aimed for everyone and anyone. It has all of the most relevant categories to suit any user from entertainment to current news from all all over the world. We want to make sure that we provide a dynamic experience for all of our users. This means that a tweeter will only get fed topics that they want to hear about. We want to make sure that our categories are targeted and easy to identify. An ideal UpTweet user would be a blogger or reporter who lives in an interesting region and has many stories to talk about, yet lacks the resources or connections to get their work out to the mass public. UpTweet solves the resource issue by intimately integrating every UpTweet/Retweet on the site with the incorruptible, uncensored, and global digital currency Bitcoin. UpTweet also solves the reachability issue in 2 ways. We syndicate all of our users content throughout our vast network of over 80,000 Twitter followers and growing. On top of syndicating every piece of content, the post is added automatically to UpTweets popularity ladder which increases visibility and enhances user engagement. We want to provide an all-in-one service, and we hope to use the reachability of Twitter to fuel our process.

4. How are you marketing UpTweet? What groups of people are you targeting right now?

Since we just launched our site, we are now beginning to execute on our core marketing strategies. As said in the last paragraph, we are trying to target everyone and anyone. We want to have a dynamic community that defines itself with every post. We are going to market our site using a variety of different marketing techniques and paid choices. We first plan on getting our core group of site users established, and hope that this group is composed of mostly Bitcoiners. We want to have a core of devoted and intelligent individuals that watch over the general traffic on the site, and help maintain the level of quality and prestige that we’re looking for at UpTweet, all while earning a sizable amount Bitcoins.

5. Your service is also integrated with Bitcoin – it pays out a rate that is currently 0.0001 BTC every time one of your posts gets up-tweeted. What is your marketing strategy for introducing Bitcoin to new UpTweet users who may not have heard of Bitcoin before?

A lot of users who sign on to the site do not know what Bitcoin is. This is a good thing, as it gives them a truly organic experience with the currency, and introduces them to BTC in small baby steps, instead of forcing them to dive in to the sea of information relating to Bitcoin. Our strategy is to educate our user base, using the existing community as a support mechanism for the broader audience on the site.

6. How do you intend to protect yourselves from fraudulent accounts? There are undoubtedly armies of tens of thousands of Twitter bots on the internet, and it’s a problem that FeedZeBirds has had to deal with too; what kinds of measures to you have to prevent them from draining out all your funds?

Currently there are no Bitcoins on the server. All the user accounts are put into a “pending balance”. Every single payout is manually verified by our staff. Once someones posts are verified, Bitcoins are then deposited into the user’s online (onsite) wallet. From there they can withdraw to any wallet or service of their choice. If someone tries to manipulate our system, they will not get paid. Users who post a lot will be “auto-verified” and Bitcoins will be deposited automatically as the Retweets come in.

7. Do you see Twitter as becoming a more important social media platform in the future? Why or why not?

I obviously think that Twitter is the future. I believe that by the time they have their IPO, Twitter will be the #1 social network in the world (overtaking Facebook). The reachability and instantaneousness of Twitter is a force that is going to be very hard to stop. Tools like UpTweet will only continue seal the deal further, as they will fill holes that Twitter simply has not bothered to look at. Twitter is focused on improving their infrastructure and overall platform, and instead they are leaving all the feature enhancements to firms like ours. I believe this is a winning strategy, and it will only continue to make Twitter (the core platform) that much more relevant, by having sister companies that heavily rely on their business model.

8. What do you think about the idea of combining of social media and micropayments in particular? What kind of unique potential do you think this combination has?

I believe that rewards based social media is the next logical step in this fascinating evolution of human interaction. It’s interesting when you think about it. The first step in modern communication is verbal, the second is almost always monetary. For example when you invite someone for dinner the first thing on your mind is the conversations you will be having, and the second is how you will be paying for the conversations to take place. As people become more and more tech savvy they will surely want to be compensated for their time, and they should! We believe we are way ahead of our time, but it’s a challenge that we are eager to take on.

9. What other trends in social networking do you think are going to become dominant over the next few years? How do you see UpTweet fitting into this future?

I believe that the Arab Spring is just the beginning of this social “awakening” that we are witnessing world wide. I believe that every single dictator in power today will not be there in 10 years’ time. People are rising and taking back their freedoms that were once stolen from them. They are using tools like Twitter & Bitcoin to make these ideas successful realities. The world is sick and tired of war, famine, and overall corruption. Not only are we seeing social media being used to topple entire dictatorships I.E. Muammar Gaddafi, but also we are seeing it as a way to keep existing governments in check. We are witnessing this in Egypt with Mohamed Morsi and his attempt to implement a radical decree which would have essentially made him dictator. There was immediate public backlash fueled entirely by social media. Morsi is now withdrawing any “interest” for such decree, and I believe it has something to do with the whole world now watching his every move. Bitcoin will only intensify this as it knows no ruler other than the beautiful code which brings about it’s existence. It will be used a weapon by the people to directly fight corruption with nothing but truth and riotous determination for a chance at a better life.

10. Any last words for our readers?

Think outside the box. I KNOW this sounds typical, but serious Bitcoiners should pay attention… Right now I see many people in the community making Bitcoin centric websites that cater to Bitcoiners, and yet do not seek expand on the protocol in any meaningful way beyond your typical “pay me here” scenario. We need to break away from the stigma that seems to “outcast” any business that doesn’t have “Bitcoin” in its name. This is wrong, and it’s the kind of backwards thinking that will keep the community and the currency from ever growing beyond its targeted and specific niche. If you are a struggling developer, an entrepreneur, or a general Bitcoin power user, it should be your sole duty to diversify your portfolio with Bitcoin related projects that expand on the existing user base by offering innovative ideas that captivate the user and make them want to learn MORE instead of LESS. Information overload is a huge problem in our community, and it should be our top priority to minimize this into the cleanest way possible. If you make Bitcoins “just another currency”, we will fade into the realm of irrelevance. If we make Bitcoins something FUN that people want to use regardless of the politics, then we WILL win…. This is what we should be aiming for: an apolitical coin that facilitates real solutios that wow the masses.

 

A few hours ago, a poster on the Bitcointalk forum announced that he was able to successfully reverse an unconfirmed transaction against the popular Bitcoin gambling site SatoshiDice. The attacker’s strategy was simple. First, he sent a 0.25 BTC bet against SatoshiDice with no transaction fees, which he lost. Immediately after receiving the notification of his loss from SatoshiDice, he sent another 0.25 BTC transaction to himself – this time with a transaction fee, encouraging miners to confirm the second over the first. However, this strategy as is turned out to be unsuccessful, and so the attacker was forced to introduce another tactic: make the transaction “spammy”. The standard Bitcoin client has a number of rules about accepting transactions that take up a large amount of disk space as one of its measures to prevent people from sabotaging Bitcoin by filling the blockchain with hundreds of gigabytes of transactions, and a general principle is that transactions which deviate from the model of having only a small number of standard inputs and outputs are much less likely to get accepted quickly, or in some limited cases even propagated, without fees. So the attacker deliberately made his second attempt a 0.20 BTC transaction which split up the funds into twenty inputs of 0.01 BTC each, and then attempted to overwrite the transaction with a 0.20 BTC transaction to himself with a generous 0.004 BTC fee. This time, the attempt worked. The mining pool BTC Guild confirmed the second transaction over the first, and the attacker’s original loss disappeared forever.

It is very important to note that this does not undermine the security of Bitcoin as a whole, outside of a very limited number of applications. There are two forms of “confirmation” in the Bitcoin system. The first, which takes about two to five seconds to complete, is simple network propagation; a valid transaction will find its way through the Bitcoin network and make its way to the node controlled by the merchant. The second, which takes about ten minutes, is a block confirmation; here, the miners that maintain the Bitcoin network place the transaction in a block and perform a proof of work computation on the block, which takes a massive amount of computing power to forge. Most Bitcoin-accepting businesses wait for one block confirmation before releasing the product, and this attack does nothing against transactions that have a block confirmation. In the case of vendors selling physical goods and online services, a fraudulent customer’s product can easily be cancelled even hours after the original notification of payment is made. In the case of consumable digital goods like gift codes and wireless refills, this is not the case, but even there the process of sending the code to the customer typically takes up to 30 minutes, so providers either already check for one confirmation or could easily be patched to do so without adding much inconvenience. For usability purposes, the current paradigm of instant confirmations can even still, from the customer’s point of view, appear to remain in place; the instant confirmation still performs its function of reassuring the customer that the transaction has successfully reached the merchant just fine. Waiting an extra ten minutes is a process that can simply happen behind the scenes.

Surprisingly, digital download stores that offer instant downloads for instant confirmations are also protected; Coindl does not need to change its business model. It is indeed possible to force a refund from such a business using this technique, but they are still protected from incurring any significant monetary loss from the act by economics. Digital goods like books, movies and songs have essentially zero marginal cost, meaning that, for example, Apple has to pay less than a penny in extra electricity and bandwidth costs when you download an album from them for $11.99. Using this technique to coax a digital download site into giving you a free song or book is thus essentially equivalent to downloading it through a torrent network; even if half the people in the world start doing it, the honest customers and artists can still continue to carry out their business in peace.

As for solutions, the simplest, and guaranteed to be sufficient, patch is to simply wait for one confirmation before doing anything irreversible. Of course, there are some business models for which this is simply not acceptable; the whole attraction of SatoshiDice was instantly getting one’s money back if one wins. SatoshiDice themselves have already solved the problem; they now require all incoming bets to include transaction fees. Even if sites do not want to introduce such a complication, however, there are still other options. About eight months ago, a now-defunct company called RingCoin released a product named ZipConf, with the intent of supporting merchants accepting instant confirmations by making it more difficult for transactions that have not had a block confirmation to be reversed. Zipconf’s software stack attempts to prevent such attacks in two ways. First of all, it broadcasts the first transaction to as much of the network as possible as soon as its gets it, so that nodes will ignore any transaction that follows it seeing that it conflicts with an existing transaction. Second, Zipconf was willing to compromise slightly on being instant, waiting a few extra seconds after receiving a transaction to listen for fraud attempts before finally accepting it. By then, the transaction will have spread to much of the network and, the theory went, it would be nearly impossible for a second transaction to gain a foothold.

Such an approach can be implemented by businesses like SatoshiDice, although it can be combined with other techniques. For example, SatoshiDice might consider immediately re-sending the output of any transaction that they receive to themselves with a fee, encouraging miners to quickly confirm both the new transaction and its parent over any conflicting transactions. Another layer of defense would be refusing and immediately returning overly large or non-standard transactions. A third strategy would be cooperating with the miners and the Bitcoin developers themselves, getting them to include a patch that does not accept conflicting transactions over older ones even if the new transaction is much smaller and has a higher fee. Individual “selfish” miners may take the fee, but the majority of mining is controlled by mining pools, which are large enough that the public good of the utility of the Bitcoin network itself outweighs any personal cost to them of not accepting such transactions. Thus, on the whole, although this is one of the larger speed bumps the Bitcoin protocol has had to deal with, especially as it is a zero-day vulnerability, it is still only a speed bump. The community will simply need to make an earnest effort to make sure that all businesses and miners are patched to address the issue, and even instant confirmations will still likely continue to exist.

 

The Journal of Peer Production, an academic publication dedicated to exploring, investigating and promoting what they consider to be the emergence of a new, peer-to-peer, economic model in society, has announced a call for papers for a special issue of their journal on the topic of “value and currency in peer production.” The Journal of Peer Production has covered a wide range of topics in the area of peer-to-peer economy, ranging from file sharing in Sweden to the emergence of governance in the open source FreeBSD project and even do-it-yourself biology, and is now looking for answers to one particular question: what role will digital money have in a peer-to-peer society?

The Journal of Peer Production is not yet well-known in the Bitcoin community, but a distinct but ideologically similar group has had some exposure: the P2P foundation. The foundation made some headlines nine months ago when they started paying salaries in Bitcoin to show support for the currency, and one of the P2P Foundation’s founders, Michel Bauwens, appeared on the Keiser Report in May to talk about what the currency means to him. The P2P Foundation’s purpose is somewhat more general than the Journal of Peer Production; as P2P Foundation collaborator Nicolas Mendoza describes it, “the P2P Foundation documents, studies and promotes P2P practices around the world, plus it is continually building a knowledge commons of P2P practices that is available for everyone at the P2P Foundation wiki.” One of its most prominent recent works is the 2012 report “Synthetic Overview of the Collaborative Economy“, written largely by Bauwens, Mendoza and Franco Iacomella.

The Journal of Peer Production, on the other hand, focuses itself on releasing in-depth peer-reviewed articles about specific topics. It publishes its issues in July every year, and has so far released three. The first (or rather, “Issue 00”), released in July 2011 and entitled Mass Peer Activism, discussed filesharing in Sweden, Wikipedia and a branch of social science known as Actor-Network Theory (ANT). Issue 01, released in July 2012 and entitled “Productive Negation”, discussed free software and also dealt heavily with topics of scarcity and abundance and the features of a peer-to-peer economic model. Issue 02, also released in July 2012 and entitled “Bio-Hardware Hacking”, focused on hackerspaces and the democratization of biotechology. Issue 03, “Free Software Epistemics”, will come out in July 2013.

Radical politics and economics has always been one of the Bitcoin community’s interests, and so many people would benefit from taking a closer look at these two organizations’ work. The general category of the P2P ideology’s politics can be described as libertarian – a word which appears rather frequently in both organizations’ writings, but a form of libertarianism different from the one envisioned by writers like Jon Matonis. The P2P foundation has a section offering a criticism of Bitcoin which all-out attacks an aspect of the currency that many others consider to be its core features: its sharply limited supply. Despite his general stance in favor of Bitcoin, Bauwens nevertheless wrote that “it is a ‘scarcity’ based currency, subject to hoarding and wealth accumulation (only 21m bitcoins will be created, insuring a constant growth in value), that does not really change what is ‘wrong’ with the current currency system”, and further down in the page Sebastiano Scrófina criticized the currency’s deflationism. Bauwens later wrote another article criticizing the deflationist ideology as a whole. Deviating further from the traditional ways in which economic ideologies are categorized, an article in the Journal of Peer Production outright calls peer-to-peer society “a new communist horizon”. However, the communism is mentioned there is far from the authoritarian state communism of the 20th century; rather, peer production is described as “a ‘third mode of production’, irreducible to State or market imperatives” – Wikipedia and open source software being the perfect examples.

To those members of the Bitcoin community who are interested in the larger societal questions that technologies like Bitcoin can solve, the Journal of Peer Production and the P2P foundation are highly recommended places to stop by if only simply to expand one’s ideological horizons. Those who have something to say about local and alternative currencies, financing public goods in a peer-to-peer world, trust and anonymity or any of the other topics listed in the announcement are encouraged to make their submission proposal (maximum 500 words) to the foundation by January 28, 2013.

 

This Friday, Bitcoin Central, a Bitcoin exchange based in France, announced what has already been hailed as a major step forward for Bitcoin: they are now licensed to perform many of the same functions as a bank. Soon, a Bitcoin Central account will have all of the core features of a standard bank account in Europe. Each account will have its own international bank account number (IBAN) with which anyone will be able to send money to that account via bank wire. On the withdrawal side, Bitcoin Central will soon issue debit cards similar to those now in the works by BitInstant that would automatically convert the holder’s BTC balance to euros on the fly. And, finally, the euro balance of a Bitcoin Central account will be federally insured up to $100,000 by the French “Garantie des depôts” (roughly equivalent to FDIC insurance in the United States). Furthermore, these features will not just be available to residents of France; anyone in the world will be able to open a verified account if they are willing to provide proper identification.

If all goes according to plan, Bitcoin Central’s announcement will mean a lot for Bitcoin integration in the years to come. Acquiring bitcoins in the first place has always been the most difficult part of participating in the Bitcoin economy, and now, anyone with an account at Bitcoin Central will be able to, for example, have their salary paid into that account and automatically converted to Bitcoin. Bitcoin enthusiasts will be able to get pretty close to abandoning the traditional banking system entirely, storing their funds in BTC and using a Bitcoin-denominated debit card to pay for their purchases when they interact with businesses that do not use Bitcoin. As more people start accepting and spending Bitcoin, this opens up a path for the currency to gradually enter the mainstream world; if some businesses realize that some of their employees are converting their salaries to Bitcoin and some of their customers are paying them with Bitcoin debit cards, they may wish to cut out the middleman entirely and allow both sides to pay and receive bitcoins directly.

Another important aspect to highlight is what this means for Bitcoin’s legitimacy. There have been a considerable number of legal concerns around Bitcoin in the past few months. In September, the now-defunct Global Bitcoin Stock Exchange’s James McCarthy, in an interview explaining why he shut his platform down, claimed that the regulatory standing of Bitcoin exchanges is much more treacherous than many assume, and that “all existing bitcoin exchanges that are not doing AML on all accounts (even bitcoin only accounts) are at risk” of being shut down. In October, the European Central Bank released a report entitled “Virtual Currency Schemes” which, although in many ways positive to Bitcoin, ended with the ominous words “Further action from other authorities can reasonably be expected in the near future.” Legal concerns have been cited by many as a major factor hindering Bitcoin adoption, and the fact that the banking system is now willing to deal with Bitcoin in this way will do much to alleviate other organizations’ fears.

There has also unfortunately been a considerable amount of miscommunication both within the Bitcoin community and outside about this deal (in which I admit to participating myself), and Bitcoin Central has deemed it fit to release a public message clarifying the facts. The misconception started with the headline of the forum thread making the announcement, “Bitcoin-Central, first exchange licensed to operate as a bank. This is HUGE” This was widely misinterpreted to mean that Bitcoin Central will have the power to act as a bank themselves, but Bitcoin Central’s David François (also known in the Bitcoin community as Davout) clarified: We said “licensed to operate as a bank” which we mean as ‘open accounts to third-parties and hold fiat currency on their behalf in compliance with the regulatory framework’. The headline has since been corrected to instead say “operate with a bank.”

In fact, Bitcoin Central (or rather its parent company Paymium) has a deal with Aqoba, an institution which is already licensed to operate as a “payment services provider”, a status which David François describes as “exactly what a bank does, minus the issuing of credit”, and Bitcoin Central will be able to perform the same actions as a payment services provider by doing everything through Aqoba. Aqoba itself is partnered with Crédit Mutuel Arkea, an actual bank (or, more precisely, a banking and insurance cooperative), which is where the euro portion of Bitcoin Central account balances will be held. Thus, it is only the euro balances that are federally insured; BTC balances are protected only by good old-fashioned “cold-storage and extreme security paranoia.”

Some are worried about the potential legal issues surrounding what Bitcoin Central is doing. A number of Bitcoin exchanges, including, Intersango in the UK, Bitcoin Mercado in Brazil, and even MtGox in France iself have had their banking partners abandon them, and some are worried that, despite the Paymium team’s careful legal research particularly around the MtGox case, the same will happen to Bitcoin Central as well. Mike Hearn raises the concern that Bitcoin Central may be forced to close its doors to US residents in the future due to US foreign tax regulations. Others have raised the opposite argument: that, like Tor, Bitcoin is a vital tool in maintaining one’s privacy against the state, and regulation will only be harmful to Bitcoin achieving what they consider to be its primary purpose.

To those who are concerned about Bitcoin Central’s legal situation, François’s response so far can be summarized in one comment: “I hear you and that makes sense, I guess we’ll find out.” To those who see Bitcoin as a way of fighting against the traditional banking system and government regulation, François has one simple reply: “If you don’t see value here too bad, just don’t use us. We’re an option, not an obligation. We won’t force anyone.” All in all, Bitcoin Central’s new offering will only expand the range of choices that Bitcoin users have available to them.

 

FOR IMMEDIATE RELEASE
6 December 2012

ORLANDO – Bitcoin Magazine, the premier print and digital publication focusing on the new Bitcoin technology, has been purchased by a group of individuals well-known in the Bitcoin community, who are all dedicated to Bitcoin and its success.

Coin Publishing LLC is the new entity based in Florida that will be taking over the full operations of Bitcoin Magazine effective immediately, purchasing the assets and contracts from Bittalk Media Ltd for an undisclosed sum of cash plus bitcoins.

Coin Publishing LLC is collectively owned by individuals owning or working at BitPay, Butterfly Labs, Google, Casascius, 20 Mission, and Virtual Processing Solutions.

Mihai Alisie has signed a 12-month contract to work as Editor in Chief, and Vitalik Buterin has also signed a 12-month contract to work as Lead Writer and Webmaster.  The entire creative team that has been producing outstanding work under Mihai on the first 5 issues will continue to contribute to the magazine.  In addition, many new writers will contribute to the publication and the team will continue to expand in 2013.

A new website will soon be launched as the new interactive portal for Bitcoin Magazine going forward.  The team will also be working to release a digital download version of the previous issues as soon as possible.  Issue 5 is now on sale at the current website http://bitcoinmagazine.com/subscribe along with discounted bundles of all back issues.

Bitcoin Magazine has also moved to a new support ticketing system.  Customer support can be reached at help@bitcoinmagazine.com which will automatically generate a support ticket.

The distribution contract with Barnes & Noble will continue uninterrupted.  The distributor is also located in Florida, which will be easier and more cost-effective to work with.  Coin Publishing will also look to expand distribution into Europe and Asia/Australia in early 2013.

Bitcoin Magazine is reducing its advertising rates by $100 for all inside page ads.  We would like to see more businesses showcased in Bitcoin Magazine.  If you would like to inquire about advertising, email advertising@bitcoinmagazine.com.  Full page ads are now $495 and half-page ads are $295.

———————————–
Contact Info

Jan Jahosky
Press Relations
Bitcoin Magazine
jan@bitpay.com
407-331-4699

 

BitFloor and Bitcoinica Refunds Showing Signs of Progress

The Bitcoin exchange platforms BitFloor and Bitcoinica, the two largest institutional victims of digital theft in Bitcoin history, have finally shown their first signs of genuine progress toward repaying their clients. On October 31, a court filing made by Tihan Seale in August to place Bitcoinica into a formal state of receivership for liquidation finally came before a judge, and Anthony John McCullagh and Stephen Mark Lawrence were appointed as liquidators. Three weeks later, the liquidators sent emails to select members of the Bitcoin community and made a post on the Bitcointalk forums asking for creditors to provide them with their address and contact details. As for BitFloor, on Monday, the exchange announced that it will be refunding 1.7% of its users’ lost funds, and further refunds will be made as BitFloor’s business continues to grow.

Aside from Pirate, Bitcoinica and BitFloor were arguably the two greatest mishaps that took place in the Bitcoin world in 2012. The former was a margin trading platform created by Zhou Tong in September which rapidly grew to a transaction volume larger than any exchange other than MtGox itself, but which rapidly fell into disrepute following a series of hacks in the spring. The first incident in March saw over $220,000 worth of BTC whisked away by an unknown thief who had broken into Bitcoinica’s servers. However, Bitcoinica’s investors supplied the funds to keep the company solvent, and it continued operating for another two months, until another $90,000 hack transpired and the company’s database of its users’ balances was deleted in the process, forcing it to finally shut down. Then followed a slow and laborious claims process in which Bitcoinica staff tried to piece together the remaining evidence to see which claims were legitimate and which were fraudulent or exaggerated. The process proceeded at a glacial pace, as it was hindered further by bitter internal conflicts between its various partners. A small portion of claims were paid out over a month, until the process stalled entirely, and to add further insult to injury, the claims fund itself was hacked due to a bad choice of password and the Bitcoinica staff not setting up any kind of two-factor authentication, losing another $320,000.

Fortunately, the debacle of BitFloor, although tragic, was not nearly as devastating. In early September, a thief managed to locate an unencrypted backup of the service’s wallet on the server, which had been accidentally left there while founder Roman Shtylman had been making a manual upgrade of the server’s software, and made off with $250,000. However, Shtylman managed to keep BitFloor running by freezing the Bitcoin balances of depositors at the time, with the intent to put BitFloor back on its feet and eventually earn a large enough profit to pay the depositors back.

The two events took a serious toll on the Bitcoin community’s confidence, and by September, many people had written off their debts at these exchanges, particularly those at Bitcoinica, as gone for good. Now, the fact that Bitcoinica is in the hands of legally appointed liquidators provides a first sign of hope that, eventually, depositors will get a large portion of their deposits back. Because of the third theft in July, the compensation will be far from 100%, although the loss from the theft will be slightly offset by Bitcoinica’s anonymous users, who will not be able to get anything back if they are unwilling to hand over their legal name and address to the liquidators; 60-70% is currently the prevailing estimate. Bitcoinica creditors, and those who are not Bitcoinica creditors even more, are cautioned to be truthful in what they submit. As one prominent creditor states, “If you don’t have a valid claim with Bitcoinica already then please realize that sending a false claim to a court appointed liquidator is probably not a very bright idea.” BitFloor may still go out of business from competition before it pays much more of its depositors back, but for now, it appears to be back on a stable trajectory.

There is also another silver lining to this new chapter in Bitcoinica’s tale. One so far overlooked statement in the liquidators’ post reads: “We would also appreciate feedback from investors on whether they would prefer to receive a distribution in the form of Bitcoins (where possible) or whether they would prefer a straightforward cash distribution.” This is the first time that a formal legal process has treated bitcoins as legitimate form of digital property, and has even been willing to handle bitcoins itself. Although this is a court-appointed company, and not a judge, the fact that Bitcoin depositors are being treated as legitimate creditors may still go a long way in alleviating the fears of those who may now be concerned about working with Bitcoin businesses due to legal uncertainty.

The Bitcoin community has already learned from and largely moved on from the aftermath of these two unfortunate events. Bitfloor’s theft prompted many Bitcoin financial service providers to switch to a stronger model of security, offering superior options for two and three-factor authentication and storing the vast majority of client funds in offline cold storage so that no security vulnerability can lead to an online thief pilfering them. The community has also become much less focused on financial services as a whole, focusing instead on strengthening the underlying economy. If Bitcoinica’s liquidation and BitFloor’s recovery continue, however, what has so far been a most unfortunate chapter of the Bitcoin community’s life may instead turn out to be a stepping stone to something much brighter.

 

Update: WalletBit has posted their official press release on Reddit and Bitcointalk. Also, the flat rate portion of their bank deposit fees has now been dropped.

WalletBit, the merchant platform that has begun rapidly growing in prominence and pushing itself as a mainstream alternative to BitPay this fall, has announced a new feature for merchants who are located in Europe: payment by bank deposit. Participating merchants can now accept Bitcoin without ever handling them themselves, instead having their earnings immediately converted to local currency and deposited regularly into their bank accounts.

Of course, WalletBit’s offering is hardly new; BitPay has been providing an equivalent service almost since its inception in May 2011, and the feature has proven to be an extremely popular one. However, WalletBit does promise a number of advantages over BitPay. First of all, WalletBit is intent on winning over merchants with its lower fees. For those merchants who wish to receive their earnings in bitcoins, BitPay has maintained a consistent transaction fee of 0.99% since it was first established, but WalletBit has recently reduced its fees to a slightly lower 0.89%. For merchants in the US, WalletBit’s 2.75% is slightly higher than BitPay’s 2.69%, but while BitPay’s commissions for European merchants increase to 3.99%, WalletBit’s rates remain the same.

Another advantage is internationality. Bitpay’s European bank deposits are only available to bank accounts in Germany, France, Spain, Italy, Finland and the Netherlands, but once this offer from WalletBit goes live its merchants will be able to receive Euros into bank accounts located anywhere in the Single Euro Payments Area (a superset of the European Union) as well as Danish krones in Denmark. WalletBit is also keen on advertising its security, featuring ACID and PCI-DSS compliance as well as AES-256 encryption for internal data on the server side, and the option of three-factor authentication using Google Authenticator and WalletBit’s own SecureCard, a printable grid of characters from which users are asked to provide a random three cells as part of the authentication process, to help clients protect their own accounts.

More developments from WalletBit are soon to come. Support for Canada is high on their list of priorities, although WalletBit is moving carefully in its efforts at Canadian integration in an effort to ensure legality and secure the best possible rates. WalletBit has also recently been putting a large amount of work into the usability of their payment systems, with particular emphasis on their smartphone and tablet applications. WalletBit Mobile, formerly ResponsePay, provides an easy-to-use wallet for the average user, and WalletBit will also soon launch a fully fledged point-of-sale solution that will allow stores and restaurants to record customers’ orders and accept payments all within a single tablet application.

WalletBit’s push for adding features since September has so far proven enormously successful for the company. Before Adam Harding joined the team as Director of Marketing in September, WalletBit saw very little use by Bitcoin merchants, to the point that few people realize that the business has been around since July 2011. Now, WalletBit’s transaction volume is more than double what it was this summer, and founder Kris Henriksen is confident that it will continue to grow as the new features that the company is developing fall into place. Canada remains a largely untapped market, with relatively few stores accepting Bitcoin despite the fact that interest in Bitcoin is not that much lower in Canada compared to the US. Brick-and-mortar stores and restaurants are another direction that WalletBit is intent on expanding into. Currently, although they have 167 merchants in total, only one of them is of the brick-and-mortar variety: a small kiosk in Kris’s home town in Denmark. “But once this bank transfer is up and running,” Kris writes, “I will have many brick-and-mortar stores to speak about.”

 

BitMessage: A Model For A New Web 2.0?

Over the past twenty years, the democratization of cryptographic technology has brought us the potential for an unprecedented level of privacy, giving the common man the ability to browse documents, have conversations, and now, with Bitcoin, send money to people around the world without even the most powerful corporations and government agencies being able to get in the way, but actual adoption of these technologies has been slow. It was once thought that PGP, the encryption tool created by Phil Zimmermann in 1991, was undoubtedly going to become standard in all email communications within years, but it is now 2012, and most email communication is still done in the clear, with providers like Gmail having the ability to read everything that their users write.

Some argue that the reason why encryption has not been implemented into email protocols is profit, as Google would have no way to earn advertising revenue from their service if they could not scan users’ emails for keywords, and others cite general apathy, quoting Mark Zuckerberg’s famous comment that privacy is no longer a “social norm”, but there is also a more fundamental issue at play: network effects. If you were to create an encrypted email right now with PGP and send it to a friend, they would have a difficult time figuring out what to do with it. For the encryption to be worth anything, your friend would need to have a decryption key under his control, whether that’s a public key or a symmetric key that the two of you had agreed upon earlier, and convincing other people who are not as technologically inclined to use such keys can be a challenge. There are isolated communities in which encryption is used, whether out of ideology or out of necessity – Bitcoin itself has a considerable number of pseudonymous businessmen and developers who rely on PGP to maintain their online identities. However, by and large, this is not the case. If encrypted email was popular enough in the world at large, the average person would have an incentive to set up a public key, but the fact that it is currently a niche technology means that they will not, perpetuating a catch-22 situation which requires a large portion of society to somehow coordinate to escape.

Enter Bitcoin. Although we tend to think of Bitcoin as a system designed specifically to send financial transactions, recent developments have shown that much more can be done with its cryptographic primitives. As early as 2011, people were using the lower digits of Bitcoin transactions as a way of encoding messages in the blockchain; one of the Bitcoinica thieves famously used the mechanism to distribute the message “expect mass leak soon“. Beyond the fact that this message will remain in the blockchain forever, an advantage of this technique is that the message is also authenticated; since sending a message in this way requires you to control the address that the transactions are sent from. If it is already known that you control a given address, then clearly you must have sent the transactions as well.

However, this ad-hoc messaging system is clumsy and inefficient, and the concept of Bitcoin messaging has seen two iterations since then. The first is Blockchain.info’s concept of blockchain notes. The implementation is simple. The sender sends a non-standard transaction with two outputs. One of the outputs sends a very small amount of money to the receiver, while the other does not go to anyone at all. Instead, in the output field of the transaction is the message itself. If interpreted as a script, the message is impossible to fulfill, so that output will simply sit there in the blockchain, never to be spent. However, this approach met with strong opposition from Bitcoin developers for polluting the blockchain. Gavin Andresen wrote :”Yes, please don’t create lots of unspendable scriptPubKeys. There are more prunable ways of embedding messages into transactions. And there are even better ways of associating messages with transactions, so only people involved with the transaction can read the message (if that’s desired). In other words, lets figure out how to do this the right way.” The blockchain note system was soon converted into a proprietary feature of blockchain.info’s wallet.

The other advancement was message signatures. In version 0.6, the Satoshi client added a feature which allows the client to use the same algorithm used in Bitcoin to sign transactions to sign any other message as well. Using the exact same cryptographic techniques that allow miners to verify that the owner of an address authorized a transaction sending money from that address, anyone can verify (using a tool also present in the Satoshi client since version 0.7) that a message signed with a given address was signed by the address’ owner. Electrum and brainwallet.org also support this standard for both signing and verification. This mechanism solves the authentication problem, and it does not pollute the blockchain, but it has a problem of its own: there is no built-in transmission mechanism. Thus, just like PGP, the only way to send a signed message is to create a format (called ASCII armoring in PGP) that combines the message and the signature into a block, and then paste the block all together as a message. Essentially, this creates a PGP clone based on Bitcoin’s elliptic curve cryptography, with all of its advantages and disadvantages.

BitMessage, however, solves both of these issues. Rather than going through Bitcoin’s peer-to-peer network, BitMessage creates a peer-to-peer network of its own with properties specifically designed for sending messages. As the whitepaper describes it, “objects are broadcast throughout a Bitmessage stream. We propose that nodes store all objects for two days and then delete them. Nodes joining the network request a list of objects from their peer and download the objects that they do not have. Thus they will receive all messages bound for them that were broadcast during the last two days.” “Objects” are the basic unit of the network’s operation, and are replicated throughout the network. To limit the creation of objects and avoid spam, making an object requires solving a proof-of-work computation, which takes about four minutes on an average computer – in short, a replica of Adam Back’s HashCash anti-spam scheme first proposed in 1997.

Sending a message is a four-step back-and-forth process. First, the sender creates an object asking for the receiver’s public key. Second, when the receiver receives this object, he creates a reply object sending the key back. Third, the sender creates an object containing the actual message encrypted with the receiver’s public key, and, finally, the receiver receives the object and sends an acknowledgement message. The main message can be much longer than the short text string that can fit inside a series of transactions or an output slot; the whitepaper explicitly mentions that the scheme “would allow an individual or organization to anonymously publish content.” If both the sender and receiver are online, the process can happen within seconds, but otherwise they merely need to be online within a two day timespan of each other four times (really three times, as the acknowledgement is not crucial to sending the message) for the transmission to take place. Once two users are aware of each other’s public keys, the first and second steps do not need to be repeated, making the process even easier. Identities on BitMessage are referred to by addresses like “BM-2nijaB5b1C6HESgdqFMoMzWqNchA9w84Xmv”, which are formed from public keys in a similar way to Bitcoin addresses.

However, although the fundamental ideas behind BitMessage are both innovative and sound, BitMessage as it is is not without its flaws. One blogger wrote a scathing review of BitMessage’s security, pointing out that it made a number of elementary mistakes in implementing its encryption algorithms. First, it uses RSA on the message directly rather than using it to generate a one-time key which is then used to encrypt the message, a basic modification which both drastically increases speed and prevents many attacks based on specifically constructing blocks to exploit the algorithm’s mathematical properties. Second, it independently encrypts each block rather than using an encryption mode like cipher block chaining which makes the contents of the encrypted blocks dependent on each other. This means that an attacker can rearrange the blocks of an encrypted message, which it will appear to the receiver as a valid message, as if the original sender intended for the message’s blocks to come in the attacker’s chosen order. Finally, the encryption algorithm does not include an authentication layer, making other kinds of attacks possible. However, BitMessage developer Jon Warren is aware of these flaws, and is working hard on creating another version of the protocol that fixes these issues.

Another one major flaw that BitMessage arguably has is that it is not compatible with Bitcoin itself. Unlike Bitcoin, which uses elliptic curve cryptography to secure transactions and now messages, BitMessage uses 2048-bit RSA. RSA is in many ways more difficult than ECC to work with. It requires much longer key lengths to achieve the same level of security (eg. 3072-bit RSA is about equivalent to Bitcoin’s 256 bit ECC), and because RSA keys must have a special property to be valid (namely, being a product of two large prime numbers) they take a comparatively long time to generate, and there is no standardized algorithm for generating keypairs deterministically from a seed. But the main advantage of a system compatible with Bitcoin is not even this. Rather, it’s the fact that if a similar system were to be designed that could interoperate with Bitcoin’s private and public keys, it would be able to take advantage of the infrastructure that exists around Bitcoin already. It would be able to use the private and public keys that are already sitting in hundreds of thousands of Bitcoin users’ wallets, and would also be able to skip the public key retrieval step, as public keys can easily be recovered from the blockchain.

Furthermore, it would be possible to merge the message transmission and payment features into one, creating a sort of unified payment and social network service in a decentralized way. If Alice wanted to send 10 BTC to Bob, she would not need to ask Bob to give her an address as she does now; rather, she would be able to simply send money to the address that she already uses to send Bob her private communications. The scheme can easily be augmented to preserve privacy. One interesting property of elliptic curve cryptography is the existence of an operation called point multiplication, which allows a public key to be multiplied by a value to create a new public key, from which Alice can generate another address, and then Bob can multiply his private key by the same constant to get a new private key that corresponds to the public key and address that Alice just created. This is the key insight behind a concept known as the deterministic wallet, already implemented in Electrum, and it can be applied to create one-time keys for messaging and payment as well.

Fortunately, the BitMessage protocol is designed to be upgradeable, and the next version of the protocol may end up both solving the security problems and introducing Bitcoin compatibility by simply switching BitMessage’s cryptography to the same elliptic curve system used by Bitcoin. If BitMessage continues to develop and grow, or even if another, similar technology takes its place, what it can offer is a decentralized, cryptographically secure platform that can form the basis for its users’ entire online lives. One can potentially extend the system to add on a web of trust, a systematic way of declaring friends and business relationships, personal webpages, and it already supports a Twitter-like mechanism of subscribing to individuals and receiving a feed from them. In ten years’ time, there is a chance that Bitcoin will prove to be much more than just a decentralized digital currency; it may be the start of an effort to redevelop much of the internet from scratch – and this time done right.