back to article Bitcoin's blockchain: Potentially a hazardous waste dump of child abuse, malware, etc

Bitcoin's blockchain can be loaded with sensitive, unlawful or malicious data, raising potential legal problems in most of the world, according to boffins based in Germany. In a paper [PDF] presented at the Financial Cryptography and Data Security conference on the Dutch Caribbean island of Curaçao – "A Quantitative Analysis …

  1. Grikath Silver badge
    Devil

    Proper BOFH material.

    We're at the harsh tail-end of winter, and those guys land a presentation at a conference in Curacao...

    Quite pleasantly subtropical Curacao... That is really not known for anything IT-ish....at all...

    Something tells me the organisers and participants are at least ..familiar with Simon's work...

  2. Anonymous Coward
    Mushroom

    Potentially?

    If there's toxic content in the blockchain, doesn't that mean Bitcoin is already effectively banned and someone finally noticed?

  3. Anonymous Coward
    Anonymous Coward

    Re: Potentially?

    Yes, up to a point. This now gives "the authorities" the excuse to shut down blockchain.

    And if there isn't enough evidence to do that yet, now they know how to add more "evidence".

  4. veti Silver badge

    Re: Potentially?

    The more I learn about Bitcoin, the more amazed I am it's lasted as long as it has.

    In other news, the price of Bitcoin - has not dropped at all since this story appeared.

  5. Sorry that handle is already taken. Silver badge

    Re: Potentially?

    In other news, the price of Bitcoin - has not dropped at all since this story appeared.

    That's probably because the price of bitcoin is not related to anything real and this is not a new idea.

  6. Roq D. Kasba

    Re: Potentially?

    > In other news, the price of Bitcoin - has not dropped at all since this story appeared.

    This is good for Bitcoin. Don't you read the BTC forums and subreddits? Everything is always good for Bitcoin.

  7. Rob D. Bronze badge
    Coat

    Re: Potentially?

    > Everything is always good for Bitcoin.

    Bitcoin is always good for everything.

    FTFY.

  8. TheSkunkyMonk

    politically sensitive content

    Oh please say the register will be posting, or atleast hinting towards what? Is it May at the Torrie conference bending over members with her strapon out? oh if only she were so powerful I fear it is going to be much worse.

  9. Jay Lenovo
    Facepalm

    Since when is currency clean?

    When 80-90% of all cloth based money is contaminated with cocaine and/or feces, I guess you pick your poison.

  10. Sorry that handle is already taken. Silver badge

    Re: Since when is currency clean?

    They're likely not contaminated with child abuse material though...

  11. harmjschoonhoven

    Re: Since when is currency clean?

    When Picasso lived in Paris shortly after 1900 he was too poor to pay his restaurant bills. But his talent was recognized and on several occasions he took a 5 Francs note, scribbled on it, signed it and the value jumped to 50 Francs, enough to pay the waiter. If it would survive to the present day it could be auctioned for millions even if it had accummulated a thick layer of shit.

  12. Ken Hagan Gold badge

    Re: Since when is currency clean?

    In some jurisdictions, the mere presence of dodgy material makes you liable ... with no defence of not knowing how it got there. That last bit is obviously idiotic, but it didn't stop the idiots from voting for it.

  13. Mark 65 Silver badge

    Re: Since when is currency clean?

    If it would survive to the present day it could be auctioned for millions even if it had accummulated a thick layer of shit.

    You could argue Bitcoin has attracted more than a thick layer of shit thus far.

  14. razorfishsl Bronze badge

    I discussed a method of creating issues with malware as a DOS against the bitcoin wallet over 5 years ag,.long before "inter-poll" got involved............

    There are a number of potentially attack vectors, they just require a bit more thought.

  15. Pascal Monett Silver badge

    "inter-poll" ?

    You have a problem with trying to stop international crime ?

  16. Sorry that handle is already taken. Silver badge

    I'm surprised this is only coming up now, considering it's been talked about for almost as long as it's been possible to encode arbitrary data into bitcoin's blockchain.

    What surprises me is that none has been found yet. Embedding illegal material should be a perfect way to get bitcoin banned anywhere you like.

    I do remember that a few years ago the bitcoin blockchain triggered a false positive in some AV software.

  17. Barry Rueger Silver badge

    Re: "inter-poll" ?

    You have a problem with trying to stop international crime ?

    That depends on how you define "crime." Crimes under USian law? Chinese law? Russian law? EU regulations?

    Crimes covered by international treaties? Trade deals like TPP? UN conventions?

  18. Adam 52 Silver badge

    Re: "inter-poll" ?

    Crime is fairly well defined in most countries. All Interpol is is a glorified secretariat, so whilst being on a wanted list because you've upset Putin is inconvenient it doesn't magically project Russian criminal law onto any other country.

    Which is why Andrei Lugovoi and Dmitry Kovtun are still free.

  19. Cuddles Silver badge

    "What surprises me is that none has been found yet. Embedding illegal material should be a perfect way to get bitcoin banned anywhere you like."

    If you read the article, you'll note that the entire point is that it has been found. This is not theoretical; there are links to child abuse images in the Bitcoin blockchain.

    However, that does raise an important point that the article doesn't really discuss - having a link to something buried in some code that user may not even have a way to access is not the same as actually having the material itself on your PC. It's not the material itself, and it's not a standard html link that anyone could click on, it requires knowing how to dig around in the blockchain for it, as well as knowing where to find it in the first place. No sane court could consider an unwitting Bitcoin user guilty of child pornography just because they have a copy of the blockchain. While the idea that some countries might use it as an excuse to either ban Bitcoin or go after users, those aren't the sort of countries that would generally worry about having an excuse to do so.

  20. Sorry that handle is already taken. Silver badge

    Quite right. What I meant to say was "until now". Downvotes earned, I suppose.

  21. RLWatkins

    Wait... wait. So what?

    Blockchains are a decentralized way of distributing tamper-proof data. Any data. Cryptocurrency ledgers, software licenses, whatever.

    Nothing special here about Bitcoin or about blockchains. Lots of applications use blockchains. They are not new.

    The only surprising thing here is that someone wants to distribute tamper-proof malware or child porn.

    But look on the bright side: they're cryptographically signed, so once someone catches up with them it'll be simple enough to prove who released the stuff into the wilds.

    This is all a blinding glimpse of the obvious. [yawn]

  22. fnusnu

    Re: Wait... wait. So what?

    I hope you never lose your private key

  23. Anonymous Coward
    Anonymous Coward

    Re: Wait... wait. So what?

    What better way to store illegal material than to secrete it within a popular block chain? That way one does not have to hold it oneself, other participants in the block chain (miners, exchanges) are doing that for you, indeed have a monetary interest in doing that for you even though the material itself could cause them to wind up in jail.

    Better still if one were to encrypt the material before placing it within the block chain, it's then even less likely that it'll raise any interest whatsoever beyond people being irritated that they're storing content in the first place.

  24. Anonymous Coward
    Anonymous Coward

    Re: what better way...?

    Yeah, that's why it's used to store, uh, money - something of value only by virtue of opinion.

  25. Uberseehandel

    Unintended Consequences

    One result of high rates of taxation on moderately salaried people is that they dream up schemes to make the cost of their vacation tax deductible.

    What they forget is that these conferences attract the kind of people one wishes to avoid anywhere, let alone on holiday. They deserve each other.

  26. Michael Habel Silver badge

    ITT

    Butthut gamerz who cant get the latest fix from nVIDIA, or AMD/ATi, without paying over the odds, and so must find someone to blame.... Oh go cry me a river....

  27. Anonymous Coward
    Anonymous Coward

    Re: ITT

    Is that comment for some other article?

    Also arnt driver updates for gfx cards free?

    I'm really curious now as to what you could possibly be talking about.

  28. Sorry that handle is already taken. Silver badge

    Re: ITT

    Probably a reference to the current shortage of high end gaming GPUs caused by the crypto-bubble making small-scale mining of "ASIC-resistant" coins such as ethereum quite lucrative once again.

    It really has become quite ridiculous. It's like bitcoin's GPU era all over again, but this time everyone knows about it so demand is through the roof and so are prices.

    Stand by for the flood of (ab)used GPUs on ebay when the bubble bursts though...

  29. Prst. V.Jeltz Silver badge

    Re: ITT

    ah yes of course - different kind of fix :)

  30. MonkeyCee Silver badge

    Re: ITT

    "Stand by for the flood of (ab)used GPUs on ebay when the bubble bursts though..."

    But that has already happened. The last couple of big BTC price drops (9k euro to 6k) resulted in similar drops in the price of alt coins, and the alt coin price stayed the same while BTC recovered.

    So something like a 1060 was making about 2-3 euro a day now makes a bit under a euro.

    Therefore there *should* be a flood of 1060s and 470/570 second hand cards.

    With the exception of the fans, a second hand GTX mining card should be in better condition that one used for gaming. You can't fuck with the BIOS on it*, it'll generally have been run about 65% power at about 90% of it's max settings, and it will generally have been well ventilated. Gamers will often run a card to max conditions, in a closed case, with no regard for any stat other than the faps :)

    I'd be wary of second hand ATI cards, since you can modify the BIOS on those without much hassle.

    Either way, it's not going to make any difference to GFX prices.

    * OK,you can, but you'd have to be pretty nuts to

  31. Christian Berger Silver badge

    Data vs Code

    There is a good reason why Bitcoin doesn't use Smart Contracts. It's simply to not have code in the blockchain. So all you have on Bitcoin is data. Sure that data may break some really badly written software that works on it, but then you need to fix that software. Essentially you can do that by having a problem that checks the data to conform to the syntax you are looking for and ignores messages it cannot proof to be correct. After all, Parsing is a well established science.

    However with Smart Contracts you have Turning complete code in your blockchain, which is, in principle, impossible to proof correct.

  32. Brewster's Angle Grinder Silver badge

    Re: Data vs Code

    It's not possible to prove an arbitrary program is correct. But it's possible to prove a particular program is correct.

  33. Christian Berger Silver badge

    Re: Data vs Code

    Yes, but that's irrelevant as malware will always be in the un-proovable region.

  34. LewisRage

    Usenet was all text based...

    ...until a mechanism was found to store binary data, this was to be the 'end of usenet' at a couple of points but it's still going strong. Admittedly the block chain doesn't have the capability to remove questionable content but I'm sure if usenet can survive storing questionable content the blockchain will find a way (although perhaps the answer is 'a different block chain').

  35. Prst. V.Jeltz Silver badge
    Paris Hilton

    help with the basics pls

    Can someone fill me in?

    So I believe this block chain contains every bitcoin transaction ever

    Does every , um , wallet have a complete copy , or is the load shared out?

    How big is it?

    How fast is it growing?

    Why does it need to have random code and pictures in it? is that the comment field on each transaction?

  36. Sorry that handle is already taken. Silver badge

    Re: help with the basics pls

    1) Yes, it contains a complete list of every transaction since it began in 2009

    2) Every wallet must maintain an up-to-date copy

    3) It passed 160GB just over a week ago

    4) It has doubled in size in the last 19 months, however since blocks became full, its growth has been approximately linear since then (at ~1 MB/10 min). See here.

    5) I suppose so!

  37. Prst. V.Jeltz Silver badge
    Pint

    Re: help with the basics pls

    Hey thanks , great answers ,

    Thats a weighty wallet! I calc.exe if used for a further 50 years at 6mb per hour itll be 2.6 Tb

  38. Brangdon

    Re: Does every , um , wallet have a complete copy ,

    Full nodes need to have a complete copy. There are light wallets that don't, which work by talking to a remote full node.

    Bitcoin includes a scripting language. By using a scripts to decide whether a payment is authorised it gains a great deal of flexibility, to support things like multi signature accounts, time-locked accounts etc. The scripting language can include arbitrary data because nobody bother to make the effort to exclude it. Even if they had, you can encode information into the amounts being transacted.

  39. Steve Hersey

    So, blockchain systems are unsustainable at scale.

    It escapes my poor, limited understanding how a scheme that requires a large number of nodes (inherent in its "distributed web of trust") to store EVERY TRANSACTION EVER MADE could possibly be sustainable at a large enough scale to count as a "currency." Yes, "lightweight" nodes can store a subset, but that doesn't fix the fundamental insanity of the design.

    Even the global banking system doesn't require every major bank to maintain the full transaction history of all major banks in order to function. For comparison, the Internet Archive only exists as one instance, not replicated X thousand times.

    This sounds like a banking system designed by someone who didn't understand banking. There's no way it can possibly scale up far enough to be more than a curiosity/money-laundering tool/means to fleece the unwary.

  40. Sorry that handle is already taken. Silver badge

    Re: Does every , um , wallet have a complete copy ,

    Full nodes need to have a complete copy. There are light wallets that don't, which work by talking to a remote full node.

    Whoops.

    The documentation for the Electrum wallet software mentions the use of a technique originally described by the creator called "Simple Payment Verification", which allows it to work by downloading only the headers (currently ~40MB by my reckoning.) I suppose this is much more important now than it once was, considering the size of the blockchain.

  41. aks

    Re: help with the basics pls

    Sounds like there's a need for tags on transactions, including Quarantine, illegal in France, illegal in China etc. The entries are still there but if you're using software that's aware of this you might be deemed to be legitimate. If you're using software that allows you to open such transactions the handcuffs are waiting for you.

    That then pushes the question back to 'who adds the tags?'.

  42. Anonymous Coward
    Childcatcher

    How convenient for the Authorities, oohhh think of the children or security. I'm no fan of bitcoin as I think it's a Ponzi scheme dreamt up by tulip sellers to relieve the gullible of their cash which also happens to be a nice medium of exchange for crims but this does smack of a convenient hatchet job.

  43. Mycho Silver badge

    a Ponzi scheme dreamt up by tulip sellers to relieve the gullible of their cash which also happens to be a nice medium of exchange for crims

    Which is essentially all a currency is.

  44. Alistair Silver badge
    Windows

    @Mycho:

    Which is essentially all any currency is ever has been.

    FTFY

  45. aks

    "Which is essentially all any currency is ever has been."

    Not necessarily. At times, currencies were backed by tangible resources such as gold or silver although they didn't always have the value stamped on the coin.

  46. Mycho Silver badge

    At times, currencies were backed by tangible resources such as gold or silver

    Then the notes were stand-ins for the shiny metals that made up the real currency.

    Do you need gold? It's not really that important for most people's lives compared to the importance of money. The only thing that gives money value is taxation, because everybody pays taxes and so everybody needs at least a little bit of money.

  47. blockchainordeath

    This is just overblown. An example:

    Say I create a tweeter account and start posting a series of emojis (smiles and frowns, representing 1 and 0). I have a program that takes an image file in binary format, and translates the image file into a serious of of tweeter posts and posts them automatically. Then I sell another program to some consumers that can re-assemble the image file from the tweets.

    This is very straightforward to do, even for someone not so experienced with programming.

    So can one then go and blame tweeter as a platform for child porn distribution?

    Of course, I admit there is one difference from the blockchain in that Tweeter can delete these tweets, if it detects them, while the transactions on the blockchain are immutable (at least with the current state of the technology).

  48. Creslin

    Same for the .com .net .co.uk certificate transparency log

    By the exact same rational applied to blockchain this applies to the transparency log for all .com .net etc SSL domains we browse too.

    If somebody, not I, put illegal content in any domain registered in certificate transparency log,,, does this mean we have to destroy the entire .com cetificate transparency and take out quite literally the majority of business SSL trusted sites? There is no way to remove one entry without invalidating the entire tree -- just like a block chain.

    That would be quite chilling

    Certificate logs over view:

    https://www.certificate-transparency.org/log-proofs-work

  49. Anonymous Coward
    Anonymous Coward

    Re: Same for the .com .net .co.uk certificate transparency log

    Governments don't have a vested interest in destroying SSL so I would expect it to get a free pass.

    This constant drip drip drip of negative Bitcoin propoganda smacks of dark arts organisation and planning.

    What's the schedule for next month guys?

    1/4 Yahoo to ban crypto ads

    2/4 IRS to announce a crack down

    3/4 Japan to revoke legal tender status

    4/4 Microsoft to ban crypto ads

    5/4 Singapore to seize some miners

    6/4 California power company to ban mining

    7/4 Goldman Sachs to issue chilling bubble warning

    8/4 FBI to seize an exchange for laundering drug money

    9/4 Apple to ban crypto ads

    Etc

    I'm sure it's all planned out somewhere. If you can't shut it down legally, attempt to kill it with a thousand cuts..

  50. Creslin

    That was quick! Crypto Prof @ john hopkins to release tools to publish into CT logs

    Matthew Green cryptographer and professor at Johns Hopkins University has undertaken to have working code by end of this week to publish arbitrary data into the certificate log.

    Once any illegal content is in the .com CT log the only means to remove it would be to also remove the ability for anybody to check they are connecting to a genuine .com site / the HTTPS certificate is real.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2018