Sophisticated Sybil attacks

That’s completely normal if you understand that “identity” is not something that can be proved.

No. We want every member of our money system to be equal towards money creation. “Sufficient” or “decent” has no meaning to us, because we agree on the fact that values are a relative vision. We do not agree on what is value and what is not, neither in space (a glass of water does not have the same value for a man in the desert and for one in his kitchen) nor in time (we don’t like Whisky at 5 years old, but we might at 20).

@omega, @JBitD:

More deeply about identification, the problem with “technical solutions” is: in the end, uCoin does not know what is “a scanner” nor “a film”, “a camera”. uCoin defines a coherent system that does not know anything else than pubkeys. It also defines actions that can be interpreted by the system to define members.

The trick being: keys are owned by humans. This way they have a tool to express their will, a will that other humans can legitimately trust is real since signatures are made with these keys their recognize.

Actually, you can put all the “identification” data you want, if humans do not care, they won’t be forced to use it. And that is fine to me.

See! You’ve catched it. We cannot rely on “machines”, because “machines” is something the system cannot define. This is pure human concept. It has no sense to the system.

I could not more agree with your sentence. Change of referential, and you have to interprete everything again. Rules are different in the new referential.

It has nothing to do with easiness. It is a mechanical consequence of debt-money system: money goes where banks allow the money to go (making credits) which mechanically increases prices.

Anyway, to answer your initial question @omega, @Inso mostly expressed my point of view: we should differentiate the human network from the technical one. Their time of execution are completely different, relations between humans are long to establish. Just like birth and death are long to realize for us.

That’s why we plan to have:

• a minimum number of connections to become a member (8 for example)
• a maximum number of connections a member can make (16 for example)
• a maximum distance between 2 members (5 for example)

Given that:

• a member cannot make another connection before a delay (1 connection every 2 weeks for example)
• connections expire (1 year validity for example)
• members must renew their will to stay as member (every 6 months for example)

Also, you can make tools for people to explore the relations between members and detect frauds.

The question of what money “really is” is a tricky one. It sounds like you want to emphase that the “new” money, cryptocurrencies in general really, can be thought of as a digital commodity, a bit like good old fashion gold coins that you can “wear” upon your person. Of course, once upon a time banking actually based on things like gold coins, but bankers came up with the idea of producing notes which entitled the bearer to, whenever he wanted, pick up a certain amount of gold coins from the bank in question. Soon enough, people started exchanging these “gold coin certificates” instead of the actual coins, and since not everyone wanted to pick up their gold at the same time the banks could have a lot more such gold certificates out there than they actually had gold. If we, so to speak, go back to exchanging the gold coins directly, rather than debt notes, that could conceivably lead to a different kind of economy.

But still, a debt note is worth something, obviously. People might therefore conceivably want to trade such notes. Which is of course actually what bond traders are doing. Of course, a bond issuer might default, but this can’t happen to digital coins that you have in your own digital wallet. Investors don’t want to have large quantities of money sitting in wallets, doing nothing, though. But the “ordinary people” might conceivably prefer to actually own the digital gold coins, rather than a debt note from a bank (though they’d miss out on interest rates that way). So I guess, yes, this could really change things.

None the less, if we have an era when a lot of people and/or investors borrow to much we could still have a crisis very much like this one.

A translation of that paper you’re talking about would probably be good

But you were talking about taxation too, not just “producing” new digital gold coins, to pay for the basic income? How would that taxation work?

But you were talking about taxation too, not just "producing" new digital gold coins, to pay for the basic income? How would that taxation work?

I really don’t know. I just think it’s the next logical step. Maybe each DAO generates and distributes new shares?

We want to achieve a system which provides a decent basic income, i.e. it should be sufficient to cover basic living costs, right?

No. smile We want every member of our money system to be equal towards money creation. “Sufficient” or “decent” has no meaning to us, because we agree on the fact that values are a relative vision

As you can see omega, cgeek knows what the limitations are and should be of his project.
If you strive for a decent basic income like I do, then I think a distributed cryptocoin alone is not enough. In my humble opinion, we should supplement this by fully automating as many profitable organisations as we can, starting with the easiest ones, in order to either distribute it’s services or products or somehow share it’s profit.

So there’s a lot of work to do if you want to realize basic income.

There is absolutely no “taxation” in uCoin freedom money, there is only a DU. If you study Relative Money Theory, or if you study mathematics, there is just the possibility to change the money view counting with DU, instead of Quantity money units. Changing the view don’t change the money at all, but it appears exactly like if there was a “tax” (in Relative View), but there is not tax at all (in Quantitative view).

You can study that viewing that video + studying the zip archive inclunding pdf and Calc files you have in that post where both Quantitative and Relative Views are presented with an example.

Printing new money very aggressively would give a currency which no-one wants to save up, as it looses in value so quickly. I think it would risk giving some pretty undesireable effects.

Anyway, the topic was actually Sybil attacks. cgeek, my first thought when I read the proposed rules was: Gosh, that’s a lot of rules (it will be quite a challenge for real people with poor social networks to join), and my second thought was: still not enough. If our adversaries cooperate, as I described, trading signatures, I can’t imagine any set of rules which they will not be able to circumvent.

Well, we have talked of these rules again during last Freedom Money Meeting (5th), and we concluded 2 things:

• people should be limited in the number of concurrent valid signatures they can issue
• this rule, mixed with the distance rule, implies a maximum size of the community

And we imagined that a community:

• requiring individuals to gather 8 signatures to be a member
• requiring a maximum distance of 5 between its members
• limiting members to issue 16 concurrent signatures

would lead us to a maximum size of ~1 million people community. Possibly a bit more, but mathematical max is ~2 million.

For comparison, Google is composed of 50.000 people.

Un scan de l’œil et de l’index seraient la meilleure solution pour une commauté infinie…

That’s a great thing that iris and digital print are unique…
But, imagine a people under pressure or that someone did a conform copy or has the original iris and the digital print of someone else.
Furthermore, these equipment are expensive.

I am more in confidence with web of trust compound of humans…

What is the interest for a community to be compound of an infinite number of individuals knowing we could exchange between theses different communities?

––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

C’est une bonne chose que l’iris et l’empreinte digitale soit unique…
Mais, imagine qu’une personne soit sous pression où bien que quelqu’un ait fait une copie conforme ou possède l’original de l’iris et de l’empreinte digitale d’une autre personne.
De plus, ces équipements seraient coûteux.

J’ai plus confiance dans une toile de confiance composée d’humains…

Quel serait l’intérêt qu’une communauté soit composée d’un nombre d’individus infinie sachant que l’on pourra faire des échanges entre les différentes communautés ?

Mais, imagine qu’une personne soit sous pression où bien que quelqu’un ait fait une copie conforme ou possède l’original de l’iris et de l’empreinte digital d’une autre personne.

C’est plus facile d avoir les codes que de couper un doigt d une personne
it s easier to have the password than to cut finger of the other personne

De plus, ces installations seraient coûteuse.

dans quelle monnaie ?
which money ?

Quel serait l’intérêt d’avoir une communauté composée d’un nombre d’individus infinie sachant que l’on pourra faire des échanges entre les différentes communautés ?

si tout le monde a confiance en une monnaie pourquoi en avoir plusieurs
if everybody trust on one money why to have more ?

Attention à bien séparer les problèmes, celui de l’unicité d’un individu dans un système monétaire et celui de l’authentification pour accèder à son compte.

Actuellement, l’authentifaciton à son compte bancaire se fait via les couples carte bancaire ou identifiant ainsi que leurs mots de passe respectifs.

Des techniques d’authentification basés sur l’iris et d’empreinte digitale serait plus coûteuse matériellement que l’identifiant et son mot de passe entrés via des touches de clavier.

Si des personnes ont confiance dans une monnaie, il s’imposera de créer d’autres monnaies similaires dans le cas où la première atteindrait une taille limite. Cette taille limite est là pour empécher un potentielle attaque de Sybil. La taille limitée de la toille de confiance permet de vérifier plus facilement les potentiels intrusions.

———————————————————————————————————————————

Whether people got confidant in a money, will impose to create other similar money in the case where the first money reach a limit size. This size is here to prevent a potential Sybil attack. A web of trust limited size permit to easily verify potentials intrusions.

What do you mean by “everybody trust” ? Do you mean “everybody(x)” and if so where is “t” !?

Do you mean “everybody(x,t)” trust" ? But if so, how can everybody(x,t) trust anything without being observed with that property by at least an individual(y,t+g) ?

And how an individual (y,t+g) could have any trust in “everybody(x,t)” knowing it is now everybody(x,t+g) to be observed, and without any chance it would be the same as everybody(x,t+g+h) ?!

So what do you mean by “everybody” ? Do you mean everybody(1973) able to conclude : yes everybody(2015) will have a debt to pay, because we decide it for them, denying the Relative Money Theory human space-time and the Thomas Paine principle ?

None of the “graph-rules” really solve the problem: “evil” users cooperating should still be able to get fake accounts, and it should not be all that hard either.

I think what we need is a strong incitement to behave honestly. Dishonest behaviour must be punished by the system, and very harshly so. Only something like this could discourage people from attempting to cheat.

It would seem that this means that an exposed cheater must lose not only his fake accounts, but his “real” account must also be restricted, otherwise he has nothing to loose trying to cheat.

So far there are only “positive” vertices in the WoT, so bad reputation doesn’t really “spread” through the system, at least not in a direct way. To kick a cheater out of the system you would need to cut off the signatures which make them members, which would be hard. Having “negative” vertices in the graph might be an idea, but introduces new problems…

It has been demonstrated that monetary system has a great impact on human behaviour in society.

You probably don’y speak french (nobody is perfect ) but these interviews are really relevant.
http://www.creationmonetaire.info/2015/06/video-geconomicus-la-corbeille-aux-5emes-rencontres-des-monnaies-libres.html

With RTM, money is no more a problem as everybody has money.
The incentive to fraud is not as big as you might think.

Le parametre Temps “t” est pris en compte puisqu il faut etre certifier par les autres membres tous les mois

Parameter Time is in concideration because we have to be certify every month.

Comment créer de faux compte avec un scan de l oeil jumeller avec une empreinte plus certifier par une communauté ?

How to create fake account with eye scan and finger print + cerfity by community ?

all computers, smartphone have a camera to scan …

I mostly agree to your analysis. I have been working on a very similar proposal that also works with something similar to the WoT mechanism of Ucoin. However - creating a connection to a new (fake) member can only harm the person who created the connection. You find the proposal here: https://ourbasicincome.wordpress.com/ Discussion on it is here: https://forum.ethereum.org/discussion/1598/basic-income-circles-reputation-market-based-approach-to-solve-the-identity-problem-sybil-attacs

You can have a look at this other subject to understand how to me, it might be that hard.

Furthermore, we are talking about human relationships. We can’t just think like if we were all geographically distant from each other behind our computer. Neither should we think tools for observing the WoT won’t emerge to help us ban cheating people.

I think this is important. What might be helpful is to see a UCoin currency as a commons - a public good that serves everyone but can be exploited by a minority and than it looses its value for all. Elinor Ostrom (the first woman to win the nobel price in economics) has done some great research on how to protect commons. She came up with 8 rules she found in all the different societies she looked at where commons are used in a good way:

1. Clearly defined boundaries (effective exclusion of external un-entitled parties);
2. Rules regarding the appropriation and provision of common resources that are adapted to local conditions;
3. Collective-choice arrangements that allow most resource appropriators to participate in the decision-making process;
4. Effective monitoring by monitors who are part of or accountable to the appropriators;
5. A scale of graduated sanctions for resource appropriators who violate community rules;
6. Mechanisms of conflict resolution that are cheap and of easy access;
7. Self-determination of the community recognized by higher-level authorities; and
8. In the case of larger common-pool resources, organization in the form of
   multiple layers of nested enterprises, with small local CPRs at the
   base level.

I think it might be worth to map this rules to the existing of UCoin and if one is missing : think about how this can be solved.

That Circles-idea looks very interesting… But I need to think about it more