Unrelated to Filecoin, this brought to mind a question about the Bitcoin blockchain I've been pondering recently.
Since users can put small arbitrary byte data in a transaction that gets included in the block chain (AFAIK), isn't it possible that an attacker could insert illicit / illegal data that everyone using Bitcoin replicates?
Copyrighted materials, sensitive personal information such as SSNs, and moreover, child pornograpy immediately come to mind as things that could forever be persisted.
If this is possible, wouldn't that make everyone using the bitcoin blockchain criminally liable for storing and/or transmitting that information? (In the US and similar jurisdictions.)
I assume lightweight clients that only store a hash would be unaffected. But still, this seems like a serious issue.
Yes, it's been known for a while that people can upload illegal bits into blockchains. Don't think transaction steganography would hold up in court though. You could do similar things with DNS records, etc.
File storage services though have the added concern that they're specifically designed to distribute files. Filecoin addresses this by (a) encouraging everyone to pre-encrypt before adding, and (b) creating a fluid market based on incentives. Nodes aren't required to store every file, only strongly incentivized to do so. Nodes are free to follow strong counter incentives (say, a well-known list of "illegal hashes" published by authorities).
In reality, the way many courts handle things like this is to target the entry points: the websites advertising which are the illegal hashes and how to get them. (e.g. the piratebay instead of bittorrent inc.)
It certantly easier to make a complicated case the broader the data channel is— so this is just one reason (along with scalability and cost-of-decentralization) that Bitcoin is pretty stingy with sidechannels.
Make encryption at source compulsory (since the data is uploaded through your software) and no need to tell the user about it. rather advertise it as a feature.
I agree, this would be the best action for both the user and host. I'd add a check on the host to make sure the data looks random as well to protect against rouge or malfunctioning clients that attempts to store plain text. Encryption must be mandatory and enforced, this will prevent so much pain for all parties.
Here's a good example of it so far[1]. That address was chosen to have a hash that comes out as the bluray aacs key, forever preserving it in the blockchain. There's some other ways it could be done but this is one really simple way to start.
The more serious issue that I pondered with a friend was injecting a small malware stub into the blockchain. If you have a copy and an antivirus, Bitcoin could go haywire.
It wouldn't be too expensive, given there are <6kb stubs that are detected by many antivirus companies.
Since users can put small arbitrary byte data in a transaction that gets included in the block chain (AFAIK), isn't it possible that an attacker could insert illicit / illegal data that everyone using Bitcoin replicates?
Copyrighted materials, sensitive personal information such as SSNs, and moreover, child pornograpy immediately come to mind as things that could forever be persisted.
If this is possible, wouldn't that make everyone using the bitcoin blockchain criminally liable for storing and/or transmitting that information? (In the US and similar jurisdictions.)
I assume lightweight clients that only store a hash would be unaffected. But still, this seems like a serious issue.