I overlayed a graph of the Bitcoin-USD exchange rate (red/green/black), with a graph of search volume for the phrase “bitcoin” (blue), between January and September 2011:
A striking correlation, no?
In fact, its what you’d expect, surprisingly so in fact. Since the supply of new Bitcoins is regulated such that it is essentially constant, you’d expect the value of a Bitcoin to grown and shrink in proportion to the rate at which people are seeking to acquire Bitcoins.
MtGox, the most popular way to convert US dollars to and from Bitcoins, has just been hacked, resulting in an immediate market crash, and the usernames, email addresses, and information that can be used to determine people’s passwords (but not the passwords themselves).
It appears that a hacker gained access to an MtGox account with a very large number of coins was compromized. The hacker sold these coins, and took advantage of the resultant market crash to buy bitcoins very cheaply. It is likely that the hacker was able to withdraw thousands of dollars worth of these bitcoins.
This is likely to be a fatal blow to MtGox, who some estimate were making $2m/year in revenue from transaction fees. An exchange relies on people entrusting them with money and bitcoins, and it is hard to see that trust surviving this incident.
MtGox have said that they will roll-back transactions from when the incident began, but it seems unlikely they’ll be able to put the toothpaste back in the tube completely, which may result in a dramatic and lasting drop in value for Bitcoins.
While the security principles behind Bitcoin itself appear to be sound, there have been repeated security issues with the various tools and services around Bitcoin. For example, the official Bitcoin client does not yet encrypt the user’s wallet, meaning that anyone that can access this file can effectively steal that user’s entire balance in a relatively untraceable way, given simple precautions.
However, this incident is perhaps the most serious. MtGox is probably the most popular mechanism to both purchase and sell Bitcoins, and its credibility is now in ruins.
It isn’t necessarily the case that this will destroy Bitcoins themselves. It will, however, demand dramatically better security for the various tools and services that grew up while Bitcoins remained an obscure pursuit of enthusiasts.
The list of accounts and their email addresses and password hashes can be found on Freenet at CHK@nQPmGQwCzInR1hYef3I4SYYfT3yfkBobBu0hiwOOmLw,72t6NbXIUnKDELYdFP8Y6LuAe-A6-0yiwnlKAdkyEN8,AAIC–8/mtgox-accounts.csv.gz (this link will only work if Freenet is installed and running).
Probably not, but reportedly a user of Bitcoin kept about half a million dollars worth of the new decentralized cryptographic currency on their Windows laptop, and somebody stole it.
Misappropriated Bitcoins are, by design, difficult to trace, and with appropriate precautions, almost impossible.
To steal your Bitcoins, all someone needs is access to your “Bitcoin wallet”, a small file that by default, will be stored unprotected on your hard disk by the official Bitcoin software. Having a backup of your wallet doesn’t help, anyone that can read your wallet can empty it. They don’t even need to modify your wallet file to do this.
If someone gains access to your wallet, your only defense is to empty it before they do.
Even simple precautions, like storing your Bitcoin wallet in an encrypted disk, will be scant defense against someone who can gain physical or digital access to your computer (as they can use a keylogger to discover your passwords). Worse, with the large dollar values we’re talking about, extortion also becomes a real threat.
Indeed, the ease with which someone can steal something so valuable, with so little threat of getting caught, is almost unmatched. The very things that make Bitcoins such a powerful concept, are the very things that make it a tempting target for smart thieves.
Additionally, as the value of Bitcoins has skyrocketed since the online currency’s initial creation 2 years ago, many early adopters now own hundreds of thousands, even millions of dollars worth of Bitcoins. Many of these people probably have nothing like the kind of protection that would be employed to protect any other commodity of this value.
At this point it is difficult to know what to do, except perhaps rely on safety in numbers.
So if you are one of the “Bitcoin wealthy”, don’t tell ANYONE!
p.s. Oh and unfortunately for me I’m not one of those people, honest!
I was recently pointed to this comment by John Carmack, co-founder of Id Software, regarding software patents. I thought he gives a beautifully concise explanation as to why the vast majority of software engineers would prefer it if software were not patentable:
Before issuing a condemnation, I try hard to think about it from [a Lawyer’s] point of view — the laws of the land set the rules of the game, and lawyers are deeply confused at why some of us aren’t using all the tools that the game gives us.
Patents are usually discussed in the context of someone “stealing” an idea from the long suffering lone inventor that devoted his life to creating this one brilliant idea, blah blah blah.
But in the majority of cases in software, patents affect independent invention. Get a dozen sharp programmers together, give them all a hard problem to work on, and a bunch of them will come up with solutions that would probably be patentable, and be similar enough that the first programmer to file the patent could sue the others for patent infringement.
Why should society reward that? What benefit does it bring? It doesn’t help bring more, better, or cheaper products to market. Those all come from competition, not arbitrary monopolies. The programmer that filed the patent didn’t work any harder because a patent might be available, solving the problem was his job and he had to do it anyway. Getting a patent is uncorrelated to any positive attributes, and just serves to allow either money or wasted effort to be extorted from generally unsuspecting and innocent people or companies.
Yes, it is a legal tool that may help you against your competitors, but I’ll have no part of it. Its basically mugging someone.
So I sent a brief email of concern to GoDaddy support over the domain censorship issue, and received a response from the rather important sounding “Office of the President”, although the tone of the email isn’t terribly Presidential:
Thank you for contacting us. Your correspondence has been directed to the Office of the President.
The situation with the Web site RateMyCop was absolutely NOT about censorship in ANY way.
The site’s operator has publicly disclosed the concerns were over bandwidth. More accurately, Go Daddy’s concerns were about how the RateMyCop site was far exceeding the amount of server usage for which it had contracted.
This customer paid for a shared server plan. The connections to his site were six times more than an entire ‘shared server’ accommodates. While he was paying for a service that cost $14.99 a month, his site actually required a much more extensive set-up.
Basically, he was paying for compact car, when he really needed a semi-truck.
The customer was not willing to work with our staff to resolve the issue.
While the “censorship” allegations certainly make for an edgy “story,” they simply had nothing to do with this situation.
Well, their story is definitely plausible, in which case it is a bit unfortunate that everyone jumped on the “censorship” story line (for all the normal reasons its bad to “Cry Wolf”). I sent the following response:
Dear Sir or Madam,
Thank you for your prompt response to my concerns.
I’m happy to accept your explanation on the issue of ratemycop.com,
however there are other anecdotal accounts of GoDaddy shutting down
user’s domains for dubious reasons, most notably relayed on the
website http://nodaddy.com/.Frankly, I would like nothing more than to stick with GoDaddy, since
I’ve personally been happy with your pricing and your service
(although I do wish your user interface was less cluttered), but even
a small risk of a domain being shut down at short or no notice is
unacceptable, as it could have a dramatic impact on my business. I’m
sure the same is true of all of your customers.Perhaps you could consider creating some kind of customer bill of
rights which could offer some assurances that GoDaddy will only shut
down a domain when legally compelled to do so?I hope there is a substantive way you can respond to these issues,
such as my bill of rights suggestion, rather than just treating it as
a PR problem.Kind regards,
Ian.
We’ll see if they respond. On the up side, at least they’ve now learned that if they do ever do anything like this, there will be hell to pay.
I’ve heard it said that Google may be doing something smarter than just advertising on the basis of the text of the page in which the ads appear. If so, I’ve not yet seen the evidence of this.
For example, here is the title of an article on abuses by the Department of Homeland Security:
And here is the ad Google served with this article:
I’d love to see the conversion rate on that one. This is the reason we employ a somewhat smarter approach with Thoof.
Andrew Keen, who I recently debated on a NY radio station, was interviewed by Stephen Colbert last night. He appeared completely oblivious to Colbert’s brand of humor, earnestly asking whether Colbert believed that there were WMDs in Iraq. Of course, Colbert’s character is a slavish devotee of the current US administration, so the response was predictable.
Keen seemed to get quite frustrated with Colbert, apparently missing the joke completely. Colbert, even in character, did a pretty good job of demolishing Keen, who readily admitted to being an elitist (I doubt the snobbish sounding English guy defending elitism in the media garnered much sympathy among the show’s viewers).
I must say that Keen’s publicist must be some kind of genius to get him all of this coverage despite his transparently lame arguments. If there is a media elite, Keen most certainly isn’t a member.
