You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Users cannot change wallet "password" (private key), but they can create a new one. So users can have multiple addresses.
BTC transactions are public, with an in-game system similar to blockchain.info
BTC transactions are anonymous.
Traceable Cash-out
Here's an idea:
Players can trade BTC <-> in-game $.
This trade is traceable, specially cash-out (BTC->$). Reasons:
It's how real life works (cashing out BTC is hard).
It is an incentive (or barrier) to keep players using two different monetary systems at the same time. Each with their own strategy/pros/cons.
If someone steals my wallet and I'm utterly mad at the attacker, I can stalk their wallet relentlessly until they cash out (might never do).
It brings even more strategic and exciting dynamics into the game.
Mind you, a player need not cash-out her money. As outlined in the Phabricator discussion, BTC buys almost everything (but not everything because balance).
Tracing a transaction would mean:
Hack the local BTC Market used for cash-out
Recover the relevant log
Protecting yourself from traces would be the opposite:
Hack the local BTC Market
Forge the log with fake information (optional)
Hide the log
Trace would lead to the user's IP, which could be bounced, so it's yet another protection layer for anonymity.
Local BTC market ensures we do not have overly centralized servers like we do on Legacy.
Protecting and Stealing Bitcoin
On Legacy, the only way to steal (and protect) Bitcoin is to keep an eye on the logs. We can't use this same logic on HE1/HE2 because Logs work in a different way (all of them are recoverable).
On HE1/HE2, BTC transactions are logged, but only the public address. This gives a way to "attack" BTC anonymity (and defending from this is also easy, it's a matter of forging logs and misguiding attackers). Possession of the Public address does not allow attackers to crack and figure out what the private key is.
In order to perform any BTC transaction (send BTC to another address; buy something with BTC; cash-out), the Wallet must be "readable", i.e. accessible from the user's filesystem. So the best way to protect the Wallet is to keep it on an external HD / pen drive, which you plug only during transactions, and removes later. To avoid abuse, there's a minimum time in which the drive must be plugged (say, 10 min), which exposes the user to wallet theft. If the wallet is encrypted/hidden, it must be decrypted/un-hid.
I know this makes BTC theft harder than usual, but the alternatives are flawed. Storing Private Key on logs make it extremely easy to steal. Simply encrypting and hiding it is also too easy. Any attacker can un-hide, decrypt and download the file, very quickly.
Wallet Size
To be honest, there is one alternative that could balance BTC theft, and that's been suggested on the previous discussion: wallet size. Decrypting and un-hiding a wallet could be fast (depending on software), but downloading it would be quite slow. Still, I believe a well-equipped attacker could do all of this within 1 hour. Even if victim's firewall detect the attack and notify her, it's still too easy to catch someone off-guard (offline).
Using external disks, BTC theft is already hard, and further hardening it with large wallets isn't good for balance. So unless we have a different idea, I think BTC wallets should be kept small so all an attacker needs to do is to spot the plugged-in drive.
The text was updated successfully, but these errors were encountered:
One open issue we still have (and must be settled before we move on) is with regards to how Bitcoin should work.
(Note that we are discussing the concept of Bitcoin within both games; it may be presented differently, for instance as Hexcoin. See #5).
This is sort of a continuation of the previous discussion at Phabricator.
Some stuff I think we should aim to:
Traceable Cash-out
Here's an idea:
Mind you, a player need not cash-out her money. As outlined in the Phabricator discussion, BTC buys almost everything (but not everything because balance).
Tracing a transaction would mean:
Protecting yourself from traces would be the opposite:
Trace would lead to the user's IP, which could be bounced, so it's yet another protection layer for anonymity.
Local BTC market ensures we do not have overly centralized servers like we do on Legacy.
Protecting and Stealing Bitcoin
On Legacy, the only way to steal (and protect) Bitcoin is to keep an eye on the logs. We can't use this same logic on HE1/HE2 because Logs work in a different way (all of them are recoverable).
On HE1/HE2, BTC transactions are logged, but only the public address. This gives a way to "attack" BTC anonymity (and defending from this is also easy, it's a matter of forging logs and misguiding attackers). Possession of the Public address does not allow attackers to crack and figure out what the private key is.
In order to perform any BTC transaction (send BTC to another address; buy something with BTC; cash-out), the Wallet must be "readable", i.e. accessible from the user's filesystem. So the best way to protect the Wallet is to keep it on an external HD / pen drive, which you plug only during transactions, and removes later. To avoid abuse, there's a minimum time in which the drive must be plugged (say, 10 min), which exposes the user to wallet theft. If the wallet is encrypted/hidden, it must be decrypted/un-hid.
I know this makes BTC theft harder than usual, but the alternatives are flawed. Storing Private Key on logs make it extremely easy to steal. Simply encrypting and hiding it is also too easy. Any attacker can un-hide, decrypt and download the file, very quickly.
Wallet Size
To be honest, there is one alternative that could balance BTC theft, and that's been suggested on the previous discussion: wallet size. Decrypting and un-hiding a wallet could be fast (depending on software), but downloading it would be quite slow. Still, I believe a well-equipped attacker could do all of this within 1 hour. Even if victim's firewall detect the attack and notify her, it's still too easy to catch someone off-guard (offline).
Using external disks, BTC theft is already hard, and further hardening it with large wallets isn't good for balance. So unless we have a different idea, I think BTC wallets should be kept small so all an attacker needs to do is to spot the plugged-in drive.
The text was updated successfully, but these errors were encountered: