[cornholio]

> Bitcoin just needs to fill needs (or wants) not met by anything else.

That want being, in this case, the need to evade financial regulators and easily move large amounts of money untraceable. There is basically no other thing Bitcoin does better than traditional electronic cash, especially with the transaction fees reaching current values.

Is it a legitimate want? It's a complex question involving personal and political values, but let's just say not everyone who objects about crypto does so because they don't understand its real uses.

[obviouslynew]

By your logic then, Signal is just a method for terrorists and child predators to communicate? Do you hold that opinion of Signal?

[cornholio]

So you are comparing communication privacy to financial privacy for very large money transfers? As I've said, it's a question of political values, but I think you will find the vast majority of people not sharing that point of view.

Also, unlike Bitcoin, Signal ads strong privacy on top of a very functional base product.

[lmm]

Signal definitely makes life easier for terrorists and child predators; the question is whether it has decent uses whose benefits outweigh that cost. (And, while I'm cautiously in favour of cryptography, I don't think that question is by any means trivial). Cryptocurrency has no such positive use cases; the only case where it has an advantage over regular payment methods is crime.

[chii]

> move large amounts of money untraceable.

paradoxically, bitcoin is the worse at this, since addresses are completely public. Unless you, like satoshi, keep the coin in the address and never spend it, any conversion to value that you can spend, such as cash, is going to be tracible.

> Is it a legitimate want?

yes. Unless you can prove criminality, there's the assumption of innocence.

[cornholio]

> addresses are completely public.

Addresses in Bitcoin are pseudoanonymous. Many criminals have evaded prosecution for years (for example, the MtGox thieves) despite moving billions in the clear on the blockchain. You are feigning ignorance about the true nature of Bitcoin which is quite obviously designed to enable very strong privacy, as noted by even by its inventor in the original paper; let's not even discuss things like Monero and ZCash.

[ivancho]

MtGox thieves evaded prosecution because no one was doing tracing back then. Chainalysis got started specifically to link all their activity and is now a giant graph connecting all the "pseudonymous" addresses. And the thieves laundered most of their stolen coin through exchanges, not chain transactions, strange how they didn't want that very strong privacy. There's none of that left on Bitcoin, it's been indexed, clustered and mapped.

Obviously there are technologies which enable complete privacy - and like tumblers, any that prove popular will be shut down, there's just too many negative externalities.

[cornholio]

The state of bitcoin mixers was also very primitive back then, especially given this volume. Today, criminals can use things like the defunct ChipMixer, which distributes private keys funded in advance. So by definition there is nothing in the blockchain to follow, because the handover is done off chain.

The fact that ChipMixer was busted in an international law enforcement operation should indicate to you the nature of the beast. Just like in the case of SilkRoad, there are a myriad copy cats which are still online. It's a small piece of computer code anyone can run. So money laundry on bitcoin to a nearly untraceable level can be done by any service that can setup some kind of network connection and run a bit of computer code.

This is unprecedented in the history of finance and the main practical benefit of Bitcoin other than speculation.

[ivancho]

I disagree with pretty much every point here, wow. ChipMixer provided a little bit of disconnect, but there was a research paper a while back that ran something like 5 transfers through it and managed to identify their mixing transactions with 90% precision. Law enforcement is most likely constantly tracking those, similar to how the NSA runs some significant percentage of Tor entry/exit nodes. Second, recognize the enormous amount of trust required here - that the mixer will actually do proper randomization, that there will be a large number of participants, that they won't keep the logs, that they won't just up and leave with all the money. There's plenty of examples of somewhat established mixers that fail on some or all of these, and you're telling me that instead people will just send their money to be mixed by anyone that can setup a network connection and a bit of code?

[cornholio]

I'm going to need more context here on the ChipMixer claims. Let's say a tracked party deposits amount A in CM style mixer, and then receives private keys corresponding to amounts B, C, D, E, F, G, previously deposited in the blockchain, which happen to add up to A minus a random 0 to 4% mixing fee. You have full view of A and know that it's being deposited to CM with 100% confidence.

As long as nothing moves on the blockchain, and the trust requirement you mention is fulfilled, I hope you agree that, save from some bug in the implementation, you will have no idea what private keys were received by the original owner of A. It's logically impossible, since CM has already pre-deposited many more other funded private keys (in fact, the entire previous volume of their laundry) and by the definition you don't know which ones of those were disclosed to the client A. The number of combinations is a factorial of the number previous clients, the vast majority you won't know.

So the attack scenario has to be more convoluted than that, perhaps the client immediately consolidates his received keys into a single address, perhaps we assume the attacker has perfect information over all amounts A deposited, which is clearly not practical etc. But that's another discussion altogether that deals with breaking a certain implementation of finding a launderer with a certain behavior. Research papers always make bold claims to raise interest, and often deliver crypto style failures, that require "only" 2^64 attempts, so the system is "broken".

But the issue we debated above - address pseudoanonymity enabling untraceable off chain asset swaps - is already settled if you agree to the second paragraph.