Rick Falkvinge's Blog, page 15

Cryptocurrency – Charlie Shrem: I was invited to speak at Texas Bitcoin Conference in Austin this past week. Due to my house arrest, I’ve been largely staying low key but felt I needed to make a statement, a strong one. I asked Rick if I could use his speech from the Stockholm 2006 pro-freedom demonstration and adapt it to Bitcoin, which he agreed to. The speech ended to a standing ovation, and although I was over Skype I could not help but burst into tears. Free knowledge, free the market, free the world!

Below is the text of the speech –

Friends, citizens, Bitcoiners:

There is nothing new under the sun.

My name is Charlie Shrem, and I speak to you from under house arrest.

During the last few weeks, we’ve seen several examples of legal outbursts. We’ve seen the police abusing the measures available to them. We’ve seen the actions of the financial services industry. We’ve seen high-profile politicians mobilizing in order to protect the financial and banking industry.

All of this is scandalous without parallel. That is why I stand here today.

The financial and banking industry wants to convince us, that it’s only about illegal payments, that it’s about protecting the integrity of the status quo. It’s a pretext. We need to look at the big picture, Bitcoin is about something entirely different.

To understand today’s situation in the light of history, we need to go 400 years back, back to when the church had a monopoly on culture and knowledge. What the church said, went. Pyramid communication. There is one person at the top, talking to a number of others down a pyramid. The culture and knowledge had a source, and that source was the church.

And may God have mercy on the one who dared to challenge the church’s monopoly on culture and knowledge! They were subjected to the most horrible legal abuse conceivable, at the time. Under no circumstances did the church allow the citizens to spread information on their own, they governed the whole law enforcement; prevention, punishment and harassment.

There is nothing new under the sun.

Today, we know the only right thing for the evolution of society was to let that knowledge go free. That Galileo Galilei was right. Even if he was infringing on the knowledge monopoly.

We’re talking about a time when the church went out in full force, promoting the idea that citizens didn’t have to, learn to read and write, since the priest would tell them everything they needed to know anyway. The church knew what it would mean if they lost their control.

Along came the printing press.

Suddenly, there was not only one source of knowledge to listen to, but several. The citizens – who had started to learn to read – could take part of unsanctioned knowledge. The church was furious. The royal families were furious. The British royal family even went so far as to forging a law that said only printers specially approved by the royal family were allowed to print books, multiply knowledge and culture for the citizens. Sound familiar?

Then, a couple of hundred years passed by, and the freedom of the press was created. But everywhere, the same old model of communication still existed: one person talking to the many. There were different people to listen to, but everywhere, one person talking to the many. This was used by the state in introducing a system of a “liable publisher”.

The citizens will indeed be able to take part of knowledge, but there will always be someone to answer if they – oh, horrible thought – take part of the wrong knowledge.

And this is what is changing in the Bitcoin culture. today. Because the Internet no longer abides by this model. We no longer simply use old legacy systems given to us from the top down. We upload at the same time too and we want to transact instantly to others. Knowledge and culture have, amazingly, lost its central point of control.

This is the central point of my whole address, so I’m going to go into it, in deeper detail:

Transacting is the old mass medium model where this is a central control point, a control point with a responsible party liable, with the risk of their license being revoked and so on and so forth, where everyone can transact from the central point of control. The license holder can give and take away rights as they see fit. We’ve seen when you have central control, this equals central points of failure. We saw a few months ago, VISA Card’s central data center in Canada go offline. Any Canadian with a VISA debit or credit card was disconnected from their finances. Life virtually screeched to a halt, and this was only for a mere 24 hours. We saw 110 Million customers of Target Stores have their identity and financial information stolen, and now their financial future is at the heals of a bunch of hackers.

Payment and transactional monopoly. Control.

Inherently, Bitcoin transacting constitutes simultaneous up- and downloading from every connected person, and completely lacks central point of failure or control; it’s a situation where all payments and information organically flows between millions of different people at the same time. Fundamentally different. This is something completely new in the history of human communication and Bitcoin is one of the largest socio economic experiment human kind has ever seen.

And this is exactly why we are going to change the law. We started Bitcoin Foundation for this exact purpose. Mutual dialogue with the government on creating safe regulations around Bitcoin companies, that do not allow for stifling innovation. I applaud those regulators such as Mr. Ben Lawsky of NY who see this vision, and is committed to keeping innovation alive and letting it thrive. Before I stepped down as CEO, my company BitInstant was honored to have worked with his office for over a year. Illegal payments are a real threat, however using it as an excuse to ban or to assert control is merely a distraction. There are those who are set on bringing down our culture.

During the last few weeks, we’ve seen how far a player is prepared to go to prevent loss of control. We saw the constitution being violated. We saw young MIT students pressured with government subpoenas merely for creating a proof of concept. I saw my personal freedom lost when I was arrested off the plane, stripped naked, searched and my body violated, handcuffed, and escorted out of JFK airport while returning home from a trip with my girlfriend. We saw how forced measures and restrictions of personal integrity were used by the police, not for fighting crime, but for the obvious purpose of harassing the ones involved and everyone who has been anywhere near them.

There is nothing new under the sun, and history always repeats itself. This isn’t about illegal payments. This is about control over transactional culture and knowledge, because he who controls them, controls the world.

The financial and banking industry has tried to shame us, telling us what we’re doing is illegal, were pirates. They’re trying to push us down under some rock. Look around you today – see how they’ve failed. Yes, we’re pirates. But one who thinks being a pirate is a shame is mistaken. It’s something we’re proud of.

Because we’ve already seen what it means to be without a central point of culture. We’ve already tasted, felt and smelled the freedom of being without a central monopoly of transactional culture and knowledge. We’ve already learnt to read and write.

And we’re not about to forget how to read and write, just because it’s not fit in the eyes of the laws of the yester year.

My name is Charlie, I’m a Bitcoiner, let’s change the world!

Cryptocurrency: Thousands of volunteering and self-organizing detectives have been meticulously laying a puzzle that reveals the Gox billion-dollar heist as an inside job. As smoke clears on the implosion of the Empty Gox bitcoin exchange, thousands of people in the community committed to revealing the truth behind the stonewalling exchange. What was claimed first to be a technical problem, then an outside theft, has been conclusively determined that the MtGox management knew too much, too long ago, to have this be an ordinary case of theft.

There are still many question marks remaining surrounding the missing 744,408 bitcoin at Empty Gox, valued at their peak to just under one billion US dollars, and which are well north of that in replacement value on the open market today. What’s becoming clear, though, is that this wasn’t a theft that properly shut down operations as soon as it was discovered. Instead, Empty Gox and its CEO Mark Karpeles appear to have attempted to benefit and profit from it. That would cross the line into criminal complicity, even if they were not part of the original loss – something that also remains an open question.

At this point, there are two outstanding principal questions:

Who took the money?
When was the money taken?

Let’s address the second question first and get the timeline in order, because it completes a lot of the puzzle. I have written before that it would be absolutely impossible to not notice the loss of one billion dollars from company assets, unless you were actively cooking the books to hide a gaping hole where a billion should have been. As it turns out, it seems such fraudulent cooking is exactly what has taken place.

An attempt at a timeline

Many different people have been working diligently to put together a timeline of events. Here’s an attempt to summarize the most important and credible ones.

June 2011 – the first possible time when the bitcoin in question might actually have disappeared (Jesse Powell). If true, Empty Gox has been operating with a lack of assets since, attempting to gradually cover the huge hole in its assets though operating profits. This would explain why there aren’t any books or balance sheets at all (Roger Ver), since making them would disclose the empty vault. Obviously, failing to disclose this would probably be at least criminal neglect toward shareholders, and quite possibly toward financial authorities as well.

August 2013 – First rumors that everything isn’t financially well with Empty Gox. Trouble with US Dollar withdrawals due to August 13 seizure of funds by US government. Nothing solid at this point, but in hindsight, this is when the game of musical chairs started (Weiner). The fractional reserve that was initiated some time 2011 has been holding up until this point.

October 20, 2013 – First report of a withdrawal from Empty Gox that didn’t go through, like an ATM executing a withdrawal but not dispensing any money. The stuck withdrawals are technically diagnosed by the community to be caused by an attempt at Empty Gox of spending the same money twice, which suggests that the Gox software believes it has money that it actually doesn’t. This is the date when Empty Gox management, at the latest point possible, must have been acutely aware that it was unable to serve withdrawals due to lack of funds. (Bryce Weiner)

December 2013 – People’s Bank of China announces an end to Chinese bitcoin trading by February 1, 2014. This causes Chinese to withdraw from Empty Gox in large numbers, depleting the reserves.

January 2014 – I try to empty my account at Gox. Bitcoin withdrawals are not coming through. It’s like emptying your account at an ATM but only getting dispensed a fraction of the money out of what was listed as withdrawn. Still not a large issue in the forums; you have to dig deep to find some technical discussion threads analyzing the withdrawal problems. Complaints to Gox get answered well after a week, at which point the balance is restored, and new withdrawals fail the same way. Rinse and repeat.

February 1, 2014 – Following the People’s Bank of China edict that times out on February 1, the amount of stuck withdrawals at Gox goes stratospheric enough for independent people to start tracking them on charts for debugging purposes.

February 4, 2014 – I publish my “38 million dollars missing at Gox” article, which is the first article to convert the question from a technical to a financial one, as far as I know. Several people would contact me after that article and hint that the situation was much worse than I could imagine.

February 7, 2014 – Gox shuts down bitcoin withdrawals entirely, blaming problems with the bitcoin protocol as such, so-called “transaction malleability attacks”. This is immediately identitied as technical bullshit by a number of heavy names, plus myself. Gox promises an update on February 10.

February 9, 2014 – First recorded event of an actual transaction malleability attack against the blockchain, two days after Gox had been blaming such attacks for all problems up until now. This contrasts with the fact that failed withdrawals occurred as early as October 20, 2013. (Weiner)

February 10, 2014 – Empty Gox issues a non-update to the situation, not giving a date for when its next update will follow. A few hours prior, there had been a massive selloff of coins on Gox, sending the price from $300 to $150, strongly suggesting insider trade (read: obviously showing).

Through February – People observing Gox actions remain hopeful at the slightest activity that things will sort out well in the end; some technical developments do take place. Meanwhile, the exchange rate of bitcoin tanks, especially on Empty Gox which is now isolated from the rest of the bitcoin economy. The exchange rate plummets from $1,000 per coin to sub-$100 per coin on Gox, and to about $600 on other exchanges. Allegedly, Karpeles is acting to profit personally from this difference in price, which is directly caused by his own mismanagement and shareholder deception, through active arbitrage (Selkis).

…Karpeles knew about the pervasive damage of the transaction malleability attacks for several weeks and was engaging in an arbitrage scheme that leveraged the depressed Mt. Gox price to reap gains on other exchanges. This was allegedly happening well before [February 25].

February 24, 2014 – A crisis strategy draft leaks, courtesy of Ryan Selkis, that indicates there has been a leak from Gox’ cold storage, leaving a hole of 744,408 bitcoin. As Andreas Antonopoulos points out, a “leak” from “cold storage” is a contradiction in terms: that means it either wasn’t a leak or it wasn’t cold storage. This document makes it clear that Empty Gox management knew that the problem wasn’t technical, and that they knew well what was going on:

For several weeks, MtGox customers have been affected by bitcoin withdrawal issues that compounded on themselves. Publicly, MtGox declared [...technical problems with the bitcoin protocol...]. [...] The truth is that the damage had already been done. At this point 744,408 bitcoin are missing…

February 25, 2014 – Empty Gox website goes completely blank. The music stops. This is consistent with the timeline presented in the “Crisis Strategy Draft” leaked the day before. The bitcoin exchange rate plummets to $400 per coin.

February 26, 2014 – The exchange rate of bitcoin has recovered completely from the shock of Empty Gox closing, back up to $600 per coin. Erik Voorhees notes that the bitcoin price fell less after the Gox implosion than the US equities fell after the Lehman implosion, which puts things in perspective. (Voorhees)

February 26, 2014 – Mark Karpeles posts a statement on the Gox website stating he is still in Japan and working to resolve the “recent issues” (see screenshot).

February 27, 2014 – Mark Karpeles’ neighbors say he moved out of his apartment in Tokyo a month ago (Kolin Burges).

February 27, 2014 – The 2014-2017 business plan of Gox leaks, courtesy of Ryan Selkis. It confirms the leaked document from February 24, and notably lacks any balance sheet. It reads very much like a prospectus aimed at courting buyers.

February 28, 2014 – Empty Gox files for bankruptcy protection, according to the Wall Street Journal (breaking at the time of writing).

This timeline, when seen from a zoomed-out perspective like this, paints a clear picture of a company – or at least a management – that was well aware of an insolvency, trying to actively deceive the community and shareholders, and profit personally from doing so.

Who took the money?

So, the trillion-dollar question: who took the money? Strictly speaking, we don’t know that yet. We’re talking about a sum of money so large that “humongous” and “enormous” aren’t sufficient to describe it – it’s 6% of all bitcoin in existence, and assuming bitcoin keeps growing to its potential, that means one individual is sitting on 6% of the world’s future trade and retail currency supply. In today’s USD value, such an amount would be on the order of 20 trillion US dollars, or roughly 250 times the fortune of today’s richest billionaire. It’s not exactly hard to see a motive here.

If this happened in the 2011 hack, then frankly, we have no idea. There are rumors floating around that Karpeles just lost the keys to the vault, that Gox has money stashed away, that the billion dollars are “temporarily unavailable”, and while an admirable theory to get hopes up that those keys may be found again, the zoomed-out picture says very clearly no such thing has happened. Somebody managing a company like this and treating it like his personal toy would have a personality that could well hint at all the money being just around the corner if you would only make a few more trades, acting just like any Prince of Nigeria. There is also unconfirmed research suggesting that Karpeles is in personal control of a very large amount of bitcoin (424,000) once used in the operations of Empty Gox; this research can be expected to be peer reviewed over the coming days. But no matter whether Karpeles personally robbed Gox blind, or profited personally on continuous deception from somebody else doing so in 2011 while deceiving clients and shareholders, it is clearly over the line into criminal territory and definition of an inside job.

In order to further boost hope in returning the money, there have been rumors of a buyout, apparently planted by Karpeles himself. Such rumors, getting hopes up that the client funds would be restored, turned out to be nothing but delusional bailout dreams from CEO Karpeles, as I predicted in my last article – while I understand the hopes of a competent management buying Gox, as I wrote, that’s a contradiction in terms. No competent management is going to go anywhere near this toxic crater. Instead, as revealed by bitcoin entrepreneur Ryan “Two-Bit Idiot” Selkis, once the businesses thus approached understood the magnitude of fraudulent mismanagement, they immediately notified authorities.

The silence from MtGox in general and its CEO Mark Karpeles in particular is stunning – and concerning – in this situation. A billion US dollars of clients’ money is missing, and the only public statement amounts to “stop asking us questions”.

In what must surely rewrite the handbooks for the entire field of Public Relations, MtGox’ trailblazing handling of public concerns over the missing billion dollars at this point amounts to “stop asking us questions”.
(Screenshot of mtgox.com, taken early morning on February 28, 2014.)

In the first and only interview so far after the still-officially-unexplained shutdown, which has already led to multiple tragic suicides over the loss of fortunes, CEO Mark Karpeles responded to questions with a picture of his cat. This means that the communications skills from MtGox and Karpeles are either so carefully orchestrated here that only an experienced genius would understand them, or so incompetent that it falls below any description. Take a guess which is more probable.

According to research by Bryce Weiner, Karpeles himself is the person who took the funds, and this happened in 2011, which would be consistent with the observation by Jesse Powell (Weiner): “There’s nothing to indicate that Empty Gox was ever solvent.” While the timeline doesn’t conclusively show that Karpeles himself is behind the original disappearance of funds, it does show clear complicity in profiting from the heist.

As this article is almost finished, the Wall Street Journal reports that Empty Gox has just filed for bankruptcy.

Copycat Scam?

According to an anonymous high-profile source, the first and original bitcoin scam was the online coin wallet Mybitcoin.com. People would deposit hundreds of thousands of coins there, as the currency was new and hundreds of thousands of coins weren’t yet worth a lot.

Then, on July 29, 2011, the site went blank, just like the Gox website did. People panicked and gradually accepted a catastrophic loss of funds.

On August 11, 14 days later, the site came back online and declared – just like Gox – that they “had been hacked”, had filed for bankruptcy protection, just like Gox, but “had managed to recover” 49% of the funds. People could fill out claim forms to recover these funds. As this was enough time for most people to internalize the loss, they were happy again at the sudden windfall; things suddenly weren’t as bad as they had seemed. In the meantime, the anonymous person who ran mybitcoin.com disappeared with a huge amount of money, according to the source.

In other words, the scam cynically exploited people’s loss and grief to actually make them happy when they got something back. Most “hacks” of bitcoin sites since then have actually been copycat scams of mybitcoin.com, again according to this source. If – repeat, if Empty Gox is executing a copycat scam, we should expect the site to offer their clients a portion of the holdings back, a portion probably lower than 50% (just to drive the point home), and that offer should appear on or about March 11, 2014. Time will tell.

The one key difference between mybitcoin.com and MtGox would be that Mark Karpeles is not anonymous, which would make for a very poor execution of a copycat scam.

Live Updates Below

Feb 28 13:08 - It’s possible to watch Mark Karpeles in the Japanese press conference declaring the bankruptcy. His body language is interesting to observe.

Feb 28 11:27 - A class action lawsuit has been filed that sues Mark Karpeles, MtGox Inc (US), MtGox KK (JP), and Tibanne KK (JP) for pretty much all of the above.

Feb 28 11:20 - Live updates, additions, and/or corrections will be posted here as the story keeps unfolding. All timestamps are European.

DISCLOSURE

As stated before, I lost 160 coins in this event, but I managed to get a majority of my holdings out in time. My heart and thoughts are with those in our community who lost everything, regardless of amount.

Cryptocurrency: So it’s more or less official: MtGox, once the world’s largest bitcoin exchange, has died and taken all its holdings with it to the grave. This follows a long string of evasive statements, silence, and strange behavior from the exchange, particularly including bad customer service. The net is full of horror stories of people having lost their money, and claims of a “hack against the vault” are not credible in the slightest – here’s why.

In a chaotic situation like this, it’s hard to know exactly what is true. Here are the claims that seem reasonably factish:

The vault of Gox is empty, instead of containing 744,000 bitcoin
Gox has halted all trading, deleted all previous communication, and is serving a blank web page
The blank web page holds an invisible comment hinting at an acquisition
There are claims that the loss of 744,000 bitcoin was due to a years-running hack that gradually emptied the vault
Claims that the loss is due to a “hack” appear not credible
Previous large “hacks” in the bitcoin ecosystem have been widely believed to be outright scams, but haven’t met the evidence bar for a criminal trial

In persistent rumors of insolvency, “MT Gox” has been pronounced “Empty Gox” for some time in mockery. As it turns out, it’s more true than expected. News this morning says that 744,000 bitcoins are missing from its “cold storage”, its vault. What appears to be a consultant’s crisis report and findings doesn’t list a cold storage wallet at all among assets, indicating the exchange’s vault is empty.

How much is 744,000 bitcoin? In technical terms, it’s a shitload of money. Using the peak exchange rate from two months ago, it’s a hairsbreadth shy of one billion US dollars, with a B.

So the question is; how can you not notice one billion dollars gradually disappearing from your company over several years, as has been claimed to be the case?

The answer is simple: you can’t. It’s practically against the laws of physics to not notice this. You can’t close the ledgers on a fiscal year without every cent accounted for. There would be a faint theoretical possibility it could have taken place entirely within a fiscal year, but even that is improbable to the level of the moon being made of cheese.

Any CEO of a company this size has screens in their office showing real-time key numbers, specifically including financial flows and balances. Frak, I’ve been running a non-profit organization that made it to the European Parliament, and I had a real-time view of every single cent of the organization’s assets, using our homebuilt software Swarmops.

Balance sheet, motherfucker. Do you speak it?

So an obvious conclusion is that the claims of a long-running hack emptying the vault are false. It’s not just possible to not notice one billion dollars disappearing. It’s not possible to miss one single dollar disappearing with normal bookkeeping methods.

Live updates to the situation below, as I get them. Timestamps are European.

Feb 26 00:13 - Andreas Antonopoulos (one of the key bitcoin developers) points out, in a rather technical post, that it is impossible for funds to “leak” from cold storage. The very definition of cold storage means it doesn’t leak. Either there was no leak, or there was no cold storage.

Feb 25 23:53 - Mark Karpeles, CEO of Empty Gox, has confirmed the authenticity of the leaked document, though he points out that it’s a draft with suggested options.

Feb 25 23:39 - This story has reached beyond tech and financial media; it’s being covered in mainstream oldmedia up to and including the evening TV news.

Feb 25 18:06 - Mark Karpeles has recently bought the domain gox.com, according to the people who brokered it, which lends further credibility to the leaked crisis recommendations document which suggested just that – a rebranding to “Gox”.

Feb 25 17:20 - The exchange rate seems to already recover from the loss of Empty Gox from the ecosystem; the exchange rate at Bitstamp is already back at $550, having bottomed out at $400. However, as with anything bitcoin, this is too early to call.

Feb 25 17:14 - Empty Gox has added a nonsense statement on their previously-empty web page: “In the event of recent news reports and the potential repercussions on MtGox’s operations and the market, a decision was taken to close all transactions for the time being in order to protect the site and our users. We will be closely monitoring the situation and will react accordingly.”

Feb 25 16:42 - The claim of a years-long-running hack against the vault comes from the leaked strategy document: “At this point 744,408 BTC are missing due to malleability-related theft which went unnoticed for several years”, in bold. At this point, there is nothing that contradicts its being genuine; to the contrary, the timetable of the report agrees with events unfolding today.

“I wonder how much money Hitler had with Mt Gox. Expect to see a video soon.” — Martijn Meijering

Now, as far as we know, all of these are unconfirmed claims, with the exception of Empty Gox going essentially offline. In their trailblazing PR strategy that will surely rewrite the handbook of corporate communications, they master the situation by not communicating a single shred at all.

There are hopeful rumors that a competent management will buy Empty Gox. I have to shatter your hopes here – that concept is a contradiction in terms. Nobody competent is going to take on one billion USD in debt for this brand. Look at other startups; which ones of them sell for $1B or more?

DISCLOSURE

Yeah, I’m one of those who lost coins stuck at Gox. About 160 of them. As soon as I saw the writing on the wall, before the many but after the savvy, I started trying moving coins home… but most of the withdrawals failed, and could be retried only after a week. After a couple of weeks of withdraw/retry cycles, withdrawals didn’t exist anymore.

May Empty Gox burn in hell. Long live Bitcoin.

Oh, and as for the title, “blames fault in corporate bookkeeping protocols”? That’s well-deserved mockery of when Empty Gox tried to blame the bitcoin protocol for having to halt withdrawals due to “transaction malleability”, as I’ve written about before. It’s not anywhere near the level of mockery they deserve for cratering a community and clientele like this, but I do what I can. I’ve got a ton of frustration to take out on them, and I’m not done yet.

Cryptocurrency: Yesterday, the bitcoin exchange MtGox – riddled by problems – issued a press release saying the bitcoin protocol was to blame for its ongoing problems. That statement, which caused the markets to nosedive temporarily, is outright false. The problem is, and was, bad code hygiene in the MtGox exchange itself. Here are the details.

Yesterday, when MtGox blamed “transaction malleability” as the cause of MtGox’ problems, implying that the problems at MtGox affected all exchanges and everything bitcoin, that was a sign of a very elastic relationship with facts. It’s true that transaction malleability was a factor, but not nearly in the way that MtGox implied. (We’ll be returning to what the “malleability” is.)

Here’s the real problem: MtGox is running its own homebuilt bitcoin software, and has not cared to update and upgrade that software along with the developments of the bitcoin protocol. Recently, after a very long grace period, the bitcoin protocol tightened slightly in order to disallow unnecessary information in transaction records, and did this to fix the malleability problem that MtGox blamed.

So the problem of malleability remained at MtGox, while having been fixed in the rest of the world. This – the discrepancy itself – was the root cause of the problem, because it meant that MtGox started issuing invalid transaction records for bitcoin withdrawals. Obviously, they were rejected by the bitcoin network.

Let me explain in a bit more detail.

When you write an amount of money, say twenty-three thousand four hundred and twenty-two dollars and fifty-four cents, you typically write that as $23,422.54. But it would also be valid to write it as $0,023,422.54. Or $0,000,023,422.54. This fact – that one number can be written in many ways, all valid – is the malleability. (For the sake of completeness, it wasn’t the amount, but another number in the transaction record that was concerned.)

This was tightened in the bitcoin protocol to only allow the shortest version of writing a number, $23,422.54, in this specific code change, which happened a whole year ago.

This change was ignored by MtGox, if I may speculate, probably because “it kept working anyway”. That is, until bitcoin 0.8, when the core developers decided to enforce this change across the protocol, having had the tightening published for over a year. The moment bitcoin 0.8+ gained majority deployment on the network, such invalid transactions started getting rejected.

In other words, MtGox’ lack of code hygiene and lack of very basic IT release processes led to the MtGox code getting out of sync with the bitcoin protocol itself. It kept writing numbers in a way that wasn’t always the shortest possible way in some of its transaction records, and therefore, the inevitable happened: those transaction records were rejected by the bitcoin network.

As a complete side note, this situation is well described by a saying in Sweden that we use to honor our neighboring Finns and their gung-ho attitude toward life, the universe, and everything. The saying is supposed to be pronounced slowly with a slight sauna-induced slur and a strong Finnish accent, like such:

http://falkvinge.net/files/2014/02/pekka.mp3

Now, let’s return to MtGox’ press release. There, they state that skilled hackers had the ability to rewrite bitcoin withdrawals with the speed of lightning before they reached the bitcoin network, implying that hackers changed valid transactions enroute. This, skilled hacking, was the cause of all their problems, they claimed. But that’s not what happened at all. MtGox were creating invalid transaction records for some small but significant portion of their bitcoin withdrawals.

What this means is that MtGox wasn’t the subject of some skilled hacking related to transaction malleability. Instead, bad code hygiene was causing MtGox to broadcast invalid transactions, which could trivially be corrected and re-broadcast, causing all these problems downstream.

This, in turn, leads to all the described problems with double-spending, internal databases of account records getting out of sync with the blockchain records, et cetera. Once somebody has corrected one of MtGox’ malformed transactions and re-broadcast it, MtGox would still consider it unsuccessful, making things go out of sync.

So, is this hard to do the right way? No. I can say that authoritatively – I spent seven years as a CTO-for-hire putting exactly these kinds of hygiene, accountability, trackability, and predictability processes into place at startups with growth pains, saving more than one startup from the blame-game death spiral. MtGox is dying from the lack of a very basic leadership and management toolkit.

Oh, and that Swedish saying about the Finns in the audio clip above? The one that references how the protocol strictness tightened but MtGox went gung-ho ahead anyway? It means “The road turned, but Pekka didn’t”.

DISCLOSURE

The author is personally affected by the MtGox malfunction, having a five-figure dollar amount in stuck unprocessed bitcoin withdrawals.

As a final note, I can’t help feeling a bit of immature glee at all the doomsday sayers that screamed crash! all over the media, who seemed just waiting to pounce on the opportunity to declare Bitcoin dead. Uhm, yeah. It turns out that over the whole day of February 10, the Bitcoin price fell a total of 19 US cents. As of this writing (01:30 UTC on Feb 11), it’s up a bit (705) from where it opened yesterday (688).

Sources: this post by TheComputerScientist, this post by nullc (Greg Maxwell), and a few other sources whose identity I’ll protect.

Activism – Travis McCrea: Yesterday upon returning to the United States from Canada, the United States Customs and Border Protections ruined my HTC One by breaking off the charger inside the phone. This was after I refused to delete recordings I had of them from the device.

As you may know if you read this blog and my personal stuff regularly, in the past I have had issues at the US border.

My girlfriend and I were detained for hours and interrogated by a couple of guys starting with the agent who “knew I wasn’t doing anything wrong, and just wanted to let me go…I just needed to answer a couple of questions” who later decided to make fun of me, and I guess embarrass me into submission (Good cop AND bad cop?) and then moving on to the firm guy who apparently was ready to have me arrested.

The core issue, it seemed, was they were upset is that I frequently have a recording device in my car recording at all times… I guess “if you are doing nothing wrong, you have nothing to fear” only applies to other people.

Of course, when you are caught on audio calling Fiat 500′s “gay” and also are sexually harassing your female coworkers… you might not want that to come out. You can listen to that here (Sorry it’s a little boring, but I don’t want to be accused of cutting the audio to make them sound bad).

They asked me if I would be willing to delete any recordings that I had on my phone. I told them that I wouldn’t be and the told me to sit down while they determined “what to do with me” only to make me wait another 30 minutes and give me my passport back and tell me I am free to leave.

Upon arriving at my car I found what they decided to do with me: I found my phone with the power attachment broke into it’s socket. I went home and tried to remove the power attachment with a pair of tweezers but apparently didn’t get it all out and my phone will not charge.

I can’t say for a fact that they intended to damage my device, but it was clear that I annoyed them by recording them. They don’t want the public to hear how much contempt they have for the people they are supposedly trying to protect. I do know that I went into this detainment with a fully working HTC One X and left with a 95% dead phone that I couldn’t charge.

They could have taken my phone and held it indefinitely, but that wouldn’t have had the same effect. Breaking the phone sends a message, it says “stop fucking with us”. This is my message back saying that I am not afraid of you…

Actually, I would like to thank them: I have been eyeing the MotoX (against many of my friends recommendations) as a replacement to my HTC One X which I don’t really care for that much. This event will allow me to get the new phone that I want.

I will never stop fighting, I am Little Brother watching you back.

Cryptocurrency: As bitcoin continues to climb in value, its security flaws become increasingly apparent and important. The nightmare is waking up one morning to discover you were hacked and your five-, six-, or seven-figure savings are gone forever. Here’s how to install cold storage to eliminate the risk of such a hack.

You’ll find no shortage of people on the Bitcoin forums saying that your private keys shouldn’t be on any computer connected to the Internet. This reveals one of the major usability flaws with bitcoin today – the impossibility of trusting your wealth to stay, well, your wealth, and how that is a major roadblock to mainstream adoption. But while the community works on that problem, the early adopters among us have the ability to make sure the keys to our bitcoin wealth can’t be hacked. That’s a far from trivial exercise, so here’s a walkthrough on how to do that.

You will need:

Your ordinary workstation, connected to the Internet
An old laptop, which has had wi-fi permanently disabled in hardware
A fresh-from-package USB stick (1G is enough)

The object of this exercise is to make a laptop that has never connected, nor will ever connect to the Internet – and have that laptop be the so-called cold storage of the keys that are used to send coins from our large wallets. We will still be able to see the wallet from our online workstation, but in order to send any money from it, we will need to do so on the offline laptop, the cold storage. To minimize risk of infection, we’ll be installing Ubuntu Linux on the laptop (nothing from Microsoft, nothing from Apple).

Steps to perform:

Download Ubuntu LTS and create a boot stick
Install Ubuntu LTS on the laptop
Install apt-offline, update, upgrade
Install dependencies then Armory
Create your offline wallet
Make a fragmented secure paper backup (m-of-n)
Make and install your watch-only copy on your workstation
Wipe and reinstall laptop to make sure the backup works
Send your first few millicoins to test the wallet
Distribute your backup fragments

This is easily a workday’s exercise, but this walkthrough is going to save you from a lot of the trial-and-error and googling that took most of my time.

Get an offline laptop and a USB stick

Your first step is to take an old laptop and kill its wi-fi. We want to make sure that this particular computer can never, ever, again connect to the Internet – even accidentally, particularly not accidentally. It has to be permanently offline. We are going to move files back and forth to it using a USB stick.

The laptop doesn’t need to have particularly strong specs – 512M of RAM is plenty. Mine is almost a decade old. We assume here that you trust the laptop’s hardware for reliability and for not having been infected hardware-wise. Obviously, you shouldn’t pick a laptop that has had any chance of being tampered with by an adversary.

Get a USB stick. To minimize risk of infection, use a completely fresh one: break its packaging.

Get Ubuntu LTS

Download Ubuntu 12.04.4 LTS to your workstation from here. 32-bit is fine. Make care to use the alternate installer, which the link points to, as we’re going to use full-disk encryption on the offline laptop, so that an adversary can’t obtain your wealth even if they obtain the laptop.

Open the package of a new USB stick and run Startup Disk Creator, installing the ISO to the USB stick and making it bootable. (If you’re not running Ubuntu Linux on your workstation, use whatever utility available to you to create a bootable USB stick from an ISO.)

Install Ubuntu Linux on the laptop

Did you kill wi-fi on the laptop yet? No you didn’t. Seriously, the one single purpose of this laptop is to never ever have been connected to the Internet, so take the time for peace of mind and kill that wi-fi. On laptops this age, there’s usually a physical switch. You could even glue it shut in the “wifi off” position if you don’t want to open the laptop and resolder the switch to permanently off.

With that done, install Ubuntu 12.04.4 LTS from the alternate installer. It may seem unfamiliar as it’s slightly more technical than the standard installer, but the steps are very straightforward.

The one key step you must make sure to do here is to choose full-disk encryption. You do that in the partitioning part of the install sequence: make sure to pick the installation option named Guided – Use entire disk and set up encrypted LVM. That option is the one reason we’re using the alternate installer in the first place. Choose a strong password, obviously. “Battery horse staple correct”. Use five or six words if you want to be super-paranoid.

Install and login.

Install apt-offline, update, upgrade

Technical note: This section assumes that you’re running a version of Debian Linux, such as Ubuntu, on your online workstation. If you’re not, the utility ‘apt-offline’ is available for your workstation even if you’re running something else, like Microsoft Windows. You’ll have to find and install it yourself, though, and find the appropriate syntax, adapting what’s specified below to your operating system.

Ok, so you have a freshly-installed offline laptop with 32-bit Ubuntu 12.04.4 LTS on it. The laptop can’t update its software. That’s part of the point, actually, but in this case, it causes a few problems as we need to install the software packages required for Armory.

The solution is named apt-offline, which is a utility that enables an offline computer to use a secondary, online computer to fetch its packages from the Internet. From your online workstation, get this debian package and put it on the USB stick (don’t erase the boot packages also on there just yet). Move the USB stick to the laptop, open a Terminal, and run

sudo dpkg -i /media/[your USB stick]/apt-offline_1.1.1build1_all.deb

This will enable us to install packages using the USB stick as a relay to the Internet, going through the online workstation.

First, an update/upgrade sequence. On the offline laptop, with the USB stick still inserted,

sudo apt-offline set --update /media/[your USB stick]/cold-apt.sig

Move the USB stick to the online workstation, then run

sudo apt-get install apt-offline

(Yes, we need apt-offline on the online workstation as well! They can be different distributions and architectures, that’s ok. If you’re not running a Debian Linux or an Ubuntu Linux, find the way of installing and running apt-offline that is appropriate for whatever your online workstation runs on.)

mkdir /media/[your USB stick]/apt-offline

We’ll be storing the downloaded files in that folder.

apt-offline get -d /media/[your USB stick]/apt-offline /media/[your USB stick]/cold-apt.sig

This fetches the needed files and puts them on the stick. Expect a few fails in bright red. That’s ok. Return the stick to the offline laptop, and run

sudo apt-offline install /media/[your USB stick]/apt-offline
sudo apt-offline set --upgrade /media/[your USB stick]/cold-apt.sig

Yup, we’re doing an upgrade sequence too while we’re at it. Move the stick to the online workstation:

apt-offline get -d /media/[your USB stick]/apt-offline /media/[your USB stick]/cold-apt.sig

and to the offline:

sudo apt-offline install /media/[your USB stick]/apt-offline
Install dependencies and Armory

Armory is an advanced bitcoin wallet that allows for offline storage, so-called cold storage. It’s what we’ll be using here. But Armory won’t install on a freshly-installed offline Ubuntu 12.04 LTS. That’s a usability problem that is one of the primary reasons for the existence of this walkthrough.

Armory depends on three packages that aren’t present in the base install: python-qt4, python-twisted, and python-psutil. We’ll use apt-offline to install these, then install Armory. Still on the offline laptop:

sudo apt-offline get --install-packages python-qt4 python-twisted python-psutil
-- /media/[your USB stick]/cold-apt.sig

The two dashes in the command are important, they indicate the end of the package list initiated by –install-packages. Also, reflow the command above to one single line, one single command – it’s been split into two lines here simply because it’s too long to display on one.

Move the stick to the online workstation, and run

apt-offline get -d /media/[your USB stick]/apt-offline /media/[your USB stick]/cold-apt.sig

Also, while we’re at it, we’ll download Armory in a flavor appropriate for the offline laptop and store the .deb file on the USB stick.

Move the stick back to the offline laptop. We’re going to install the dependencies and then Armory.

sudo apt-offline install /media/[your USB stick]/apt-offline
sudo apt-get install python-qt4 python-psutil python-twisted

And then, let’s finally install Armory on the offline machine.

sudo dpkg -i /media/[your USB stick]/armory_0.90-beta_12.04_i386.deb

If everything went well, you will see !!! Armory successfully installed !!! in the terminal window.

After this, we don’t need the terminal more. Close it.

Create your offline wallet

Start Armory on the offline machine. As you hit the Start button (Windows button on most keyboards) and type “Armory”, you see three versions of Armory, and we’ll be using the offline one. Create your first wallet. Select a password for it (while the computer’s files are already protected by strong full-disk encryption, defense in depth is always good).

Armory will prompt you to back up the wallet. Don’t back up your wallet at this time. The options for backing up the wallet when you create it are severely limited – we’ll be using a much better option.

Close all distracting Armory dialogs and messages so that you come back to the main screen, and select your newly-created wallet. Click “Wallet properties”. In this dialog, we’ll be doing two things: first, we’ll create a watching-only copy of the wallet, which we will move to the online workstation. Create a watching-only copy and save the file to the USB stick. Second, we’ll create a secure paper backup of a type we didn’t have access to when we had just created the wallet.

Click “Backup this wallet”. You’ll be presented with the choice of paper or digital. Choose neither; choose “Other backup options” at the bottom of the dialog.

In the dialog that follows, we have the option of more advanced backup types. We’re going to create a Printable Paper Fragmented Backup. We won’t install a printer to the laptop – it’s not supposed to be connecting to anything, and we’re going to be fundamentalist about that. Instead, we’ll be printing to a PDF file we bring to the online workstation and print from there.

A fragmented backup means that you print five pieces of paper, and need three of them to restore the backup, any three. Or two out of three. Or nine out of eleven. The numbers are up to you. I’d recommend requiring at least three pieces out of any number you choose and placing them in different locations – think disaster recovery; if the offline laptop is in a house fire, you’ll want to have stored enough backup pieces in different locations to recover your wallet.

Check “Secure Print”. Without this option, the PDF contains your entire wallet unencrypted, and since the PDF file will be touching the online workstation and printer while printing it, your unencrypted wallet will be on an online computer without this option – exposing it to hacks. We don’t want that. Check “Secure Print”, then “Print all fragments” in the leftmost box in the middle frame. (You may have to scroll down to see the button again after checking “Secure Print”.)

Generate a PDF that’s to your liking. The offline Armory will present you with a Secure Print code on-screen, to be copied by hand to the individual fragment printouts. Without this code, the backups don’t work, and this is why we can safely print the PDF from the online workstation. Copy the SecurePrint code by hand to a separate piece of paper for now.

Test the backup as instructed if you like, but we’re going to do that in a much more thorough fashion shortly anyway.

Copy the generated PDF to the USB stick, move the USB stick to the online workstation, and print the PDF. Keep the note with the Secure Print code beside the printouts for now.

Install Armory on your online workstation

Download the flavor of Armory that’s correct for your online workstation, and install it. When you first run it, you’ll get the choice of importing/restoring or creating a wallet. We’ll start by importing our watching-only copy of the wallet that was created on the offline laptop. That’s as easy as choosing “Import” and selecting the corresponding file on the USB stick.

It will install as a “Watching-only” wallet. Go into wallet properties, edit the owner, and click “This is my wallet”. That will change its security status to an “Offline” wallet. The only practical difference is whether its funds are listed as yours in the financial summary.

After that, Armory – the online version – will want to install the reference bitcoin client as its back-end and synchronize with the bitcoin network. That will take quite a while, as it loads the entire blockchain. In the meantime, we are going to verify in the harshest possible way that our paper backup works: we’re going to wipe the entire laptop and reinstall from scratch, simulating that the laptop was destroyed in a house fire and that we’re restoring the backup to a new offline laptop, and then verifying that the restored wallet works to send coins.

It’s important in this context that Armory uses so-called deterministic wallets. That’s nerdspeak for a wallet backup containing all the addresses that a wallet has generated so far, along with all the addresses the wallet will ever generate. There’s no need to re-issue a backup of a particular wallet, ever, just because you have generated more addresses. All the addresses that the wallet will ever contain are embedded in the initial backup.

This restore process is a confidence and security exercise. Don’t skip it. In case of disaster, you want first-hand knowledge that the backup of your many-figures-wallet works, and you want to have used the backup once before so you know how to do it.

Wipe and reinstall the offline laptop

Using the USB stick, repeat the Ubuntu Linux install. Wipe the disk completely. Install again with full disk encryption and a strong “staple horse correctly to batteries” password. Install apt-offline and get the packages, then install Armory again, repeating the above steps.

When you start Armory on the second fresh install, it will ask again whether you want to “Import/Restore” or “Create” a wallet. This time, we’ll pick “Restore”, and restore a paper fragmented backup.

You’ll be presented with a very technical dialog where you have the option of entering data from fragments. Type the backup data from as many fragments as needed, enter the Secure Print code, and click Restore. You’ll be asked for a new password for the wallet as it’s restored – here, do note that the paper backup is unencrypted. While this can be a comfort in itself if you forget the password, that also means that the problem shifts somewhat from protecting your online computer, to protecting a set of pieces of paper.

The wallet should restore fine. Give it a more friendly name than “HckfrPlrRT (Restored)”. With the wallet restored, we’ll try sending some funds to it – and more importantly, from it.

At this point, the online workstation is probably still synchronizing with the bitcoin network. You may want to take a break here and go for lunch or so. When you do, don’t lose sight and control of your paper backup fragments. They must stay completely under your control until properly distributed – if you leave them on a desk or café table, you’re leaving your wallet unguarded on that table.

Test your offline wallet

When the online Armory has finished synchronizing, send the value of a beer or so to your new wallet’s first address. It should appear in the online Armory on broadcast, or if Armory wasn’t running during the broadcast, as soon as its first confirmation arrives. Wait until six confirmations have passed, so we can send the money back somewhere.

When six confirmations have passed, we’re going to send the coins back (minus the small bitcoin transaction fee). Remember now, these are coins in cold storage. We’re going to test the cold storage – and not just that, we’re going to test that it works when restored from backup. The originally created wallet was simulated to be destroyed as we wiped and reinstalled the laptop.

To send the coins from cold storage, click “Send Bitcoins” on the online workstation and enter a recipient address and amount. Choose “Create Unsigned Transaction” and confirm the summary. Choose “Save as File”, and save to the USB stick. Don’t close the dialog, but leave it waiting for us to click the “Next step” button.

Move the USB stick to the offline laptop. Running Armory, select “Offline Transactions” and “Sign Transaction”. Load the file with the unsigned transaction, verify its contents as displayed on-screen, and click “Sign”. Enter the wallet passphrase. The offline Armory will remove the unsigned transaction file on the USB stick and replace it with a signed transaction file.

Move the USB stick back to the online workstation, and click “Next step”. Click “Load file”, and load the signed transaction from the USB stick. Transaction details will display. Click “Broadcast” to execute the signed transaction.

You can verify in the blockchain that the transaction has been executed, and you know by your actions that it was signed on the offline computer, which has no connection whatsover to the Internet, nor will ever have one.

After this, your setup is complete, and you can move funds into cold storage at a pace you’re comfortable with, probably along with further testing of your new cold storage. Just one important step remains.

Distribute the backup fragments

As stated above, your backup contains all the addresses that have been generated and will ever be generated by the wallet you’ve created in Armory, thanks to its deterministic wallets. There’s no need to ever issue a renewed backup of this wallet just because you add more addresses to it.

Depending on your security strategy, you’ll need to choose a way to distribute the paper backup fragments. If they’re intended for a restore by your family in case you’re incapacitated, you’ll want to copy the Secure Print code onto them. If they’re intended only for your own use, you may want to memorize the Secure Print code instead (provided you can trust your memory to recall it in the extreme stress of a disaster recovery situation).

Just remember that having observed enough fragments in combination with the Secure Print code is enough to gain access to all your wealth in cold storage without further safeguards or passwords, and devise your backup strategy from there. (It’s not necessary for an adversary to be in physical control of a fragment – having observed its data with a camera is enough.)

Copyright Monopoly – Zacqary Adam Green: So you’re an artist, author, or creative person, and you’ve heard the arguments against the copyright monopoly. That it locks away knowledge from the public. That it hurts free speech. That it’s declaring a monopoly on an idea. Okay, but what about your paycheck? As it turns out, the copyright monopoly is a raw deal that helps corporations steal your profits and barely helps you at all.

Copyright is more like a monopoly than property, but it’s treated a lot like title deeds in the Monopoly board game. That means the right to control your work — to say who can distribute it, reproduce it, remix it, build off of it, etc. — is a thing that can be bought and sold. Big entertainment companies love this situation, because that means it is legally possible for them to take your control over your work away from you.

The publisher who options a book, changes their mind, and then doesn’t allow the author to go to another publisher. The screenplay wrestled from its visionary creator, maimed by a team of hack studio writers, and released as an unrecognizable crappy comedy that flops at the box office. The album kept unreleased, in legal limbo for years after its been recorded because of a business deal gone bad. All of these incredibly common situations are made possible by the copyright monopoly — and the ability to sign it away to a big company, forever, with no going back.

This is how the copyright industry — which is what I like to call these entertainment companies — makes its money. Not by creating anything of its own, but by silencing its competitors (and you). They need the ability to buy, sell, and trade away a monopoly right on ideas, words, and other intangible things, because otherwise they wouldn’t be able to dominate. They wouldn’t be able to siphon off all your profits, to maim and mutilate your work, and to use accounting tricks to keep themselves from paying you, because you would have a way out. But with this institution of tradeable monopolies on your work, massive corporate titans are able to pummel anything in their way, get away with screwing over creative people, and then lobby for draconian Internet censorship laws in your name.

And what do you get out of the deal? Well, if you somehow manage to retain control of your copyright monopoly, you can use it to stop other people from downloading your work, remixing it, using it in something else, or doing pretty much anything unless they pay you. Or so goes the story.

You probably can’t, though. The legal costs of enforcing your copyright monopoly are astronomical, and only the big corporations are usually able to take advantage of it. And there are some things that are so widespread — like downloading your work without paying for it — that not even big corporations with all their resources can stop.

The big lie of the copyright monopoly is that it can make any dent whatsoever in social mores. Some people may download your work for free — but they’ll also pay you if they like you. Some people may plagiarize your work — but the Internet makes it easier than ever to expose them and laugh them out of the room. Some people may take your work, and remix it into something that expresses a political opinion you disagree with — but sometimes we can’t control how people interpret our work anyway. Nobody really thinks about who the rightsholder is on anything in these situations. They just worry about who the author is, and they act accordingly.

You do have a choice aside from signing your work away to the copyright industry. Think about how workers around the world have struggled against exploitative corporations for over a century. They united. Band together with your fellow artists, help each other create and promote your work, and use Creative Commons Zero to completely obliterate your monopoly so that nobody can take it away from you. (Don’t use other CC licenses; these still use copyright, so you can still have your work signed away)

If you’re upset with the way people are using or obtaining your work, then instead of using a byzantine legal system, you’d have a much better time trying to change cultural norms and social mores. After all, you’re an artist. You’ve got a natural talent for communicating and moving people. Nobody needs the copyright monopoly except for giant corporations. The “protections” it offers creative people are thin and unreliable at best, at a cost of propping up a system of exploitation.

Cryptocurrency: MtGox, the oldest and once-largest bitcoin exchange, appears to have a serious problem. Since about a week ago, clients’ bitcoin withdrawals have been deducted from their account, but the clients never received the money – the money withdrawn was effectively disappeared into thin air. The community is furious and as of now, MtGox has racked up over USD 38 million in such unfulfilled withdrawals.

MtGox was once the undisputed king of the hill among bitcoin exchanges. If MtGox froze its trading, which has happened, then bitcoin trading froze as a whole – the exchange was that dominant. In the past year, other exchanges have gradually sprung up, and today, MtGox accounts for about one-third of trade – it’s still a very strong player, even if not dominant.

MtGox has always had various regulatory problems transferring funds in and out of US Dollars, but according to client testimonies and reviews, other central-bank currencies – euros, yen – have always worked like clockwork. Since about a week back, though, withdrawals of bitcoin – the opposite of central-bank currency – from the exchange have started to fail in a seemingly random fashion.

When bitcoin funds are transferred, that normally happens instantly – the received sees the funds within seconds. That’s one of the strengths of bitcoin: you can transfer money, unlimited amounts of money, anywhere in the world instantly and unstoppably.

Since about a week ago, MtGox has not processed all requested bitcoin withdrawals and many clients have not received their bitcoins. Instead, some of the withdrawals were processed while the rest of the withdrawals remain frozen in an undetermined condition. Affected users are upset by this since the money is gone from their account, but the bitcoins have not been transferred to the client’s control. As of noon on February 4, The Gox Report has this chart, which is based on MtGox’ own internal data:

Note the bottom, the sum of all “failed transactions” (BADTX), which is technospeak for “withdrawals where the money is gone from the client’s account but where the funds were not actually transferred to the client”. The total of such withdrawals, a total that has been steadily climbing since about January 25, has now reached 41,390. That amount is in bitcoin, and each bitcoin is worth $934 by MtGox’s own rate, making the disappeared client money exceed 38 million US dollars. That’s not exactly small change.

MtGox’ twitter account as of noon on Feb 4. It’s full of autoreplies, the newest response to a client being one month old.

Three years ago, I highlighted exchanges as one of four areas where the bitcoin community positively must improve to go mainstream. The above problem of the missing 38 million dollars is exacerbated by the fact that MtGox does not respond to clients’ questions until well over a week has passed, at which point a canned autoresponse is given. Additionally, there has not been any communication whatsoever about the ongoing problem. The lack of a phone number, the non-responses to client concerns over tens of millions of missing dollars, and the complete absence of messages about the situation does not make a professional operation.

Instead, clients of tens of millions of dollars are left on their own trying to figure out what is going on, if they’ll get their funds or not, and if so, when, and what the underlying problem could possibly be.

(I was recently asked by the Wall Street Journal in what ways MtGox failed to live up to Wall-Street-level professionalism, and declined to respond at the time. This is one of those ways. There are others, that are worse, that I have not published yet. That WSJ article concerned delays in withdrawals to dollars and euros, which could be explained by legacy-banking inertia; up until ten days ago, MtGox had executed bitcoin withdrawals perfectly.)

Looking at the bitcoin services forum, there are tons of complaints with the current exchange services. The entrepreneur should identify several opportunities here, just by looking at the front page of “discussions”, which read more like outraged complaints – mostly about MtGox.

As of February 4, clients are left speculating in these threads what the reason for this behavior is – whether it’s legitimate technical problems coupled with abysmal communication, deliberate fraud, possible insolvency, a technical attack on MtGox, or a number of other theories.

DISCLOSURE

The author is personally affected by MtGox’ behavior, having a six-figure dollar amount in such non-executed withdrawals. He considered Gox to be a safer repository for bitcoin than his own probably-hackable computer. That judgment may not have been accurate.

UPDATE: One hour after this article was published, MtGox broke the week-long silence with a statement saying little more than “we’re working on it”. In the statement, they also claim that the problem applies “primarily to large transactions”, a statement that doesn’t seem entirely correct when compared to client statements and testimonies on the bitcoin forums.

Civil Liberties: Edward Snowden and Chelsea Manning have been nominated for the Nobel Peace Prize 2014 in a joint nomination by the Pirate MPs of Iceland and the Pirate MEPs of the European Parliament.

“Manning gave us an insight into the brutal reality of war and the two-facedness of political power. Snowden has revealed how states watch and control our information flows. Taken together, it’s a very strong image. That’s why we nominate these two together”, says Amelia Andersdotter, Member of European Parliament (Pirate).

“The revelations of Edward Snowden have, among other things, led to a large-scale inquiry into mass surveillance by the European Parliament. Making him a Peace Prize Laureate would be an additional way of saying that the democratic society stands behind his actions. Instead of giving the prize to powerholders, the Nobel Committee should give it to those who expose power”, says Christian Engström, Member of European Parliament (Pirate).

Full text of the nomination:

Dear Nomination Committee of the Nobel Peace Prize,

We wish to nominate two outstanding candidates for the Nobel Peace Prize of 2014. It is our firm belief that Chelsea Manning and Edward Snowden have achieved and exceeded all the qualifications required to be worthy laureates of the Nobel Peace Prize.

The nominees are both whistleblowers who have inspired change and encouraged public debate and policy changes that contributed to a more stable and peaceful world.

Chelsea Elizabeth Manning (born Bradley Edward Manning, December 17, 1987) is a soldier in the United States army who was sentenced to 35 years in a military prison in 2013 for releasing hundreds of thousands of documents to the whistleblower website WikiLeaks. The leaked documents pointed to a long history of corruption, serious war crimes, and a lack of respect for the sovereignty of other democratic nations by the United States government in international dealings.

These revelations have fueled democratic uprisings around the world, including a democratic revolution in Tunisia. According to journalistic, academic, and intellectual scrutiny her actions helped motivate the democratic Arab Spring movements, shed light on secret corporate influence on foreign and domestic policies of European nations, and, also contributed to the Obama Administration’s agreement to withdraw all U.S.troops from occupied Iraq.

The profound information that was revealed by this courageous whistleblower helped to foster public dialogue on the legitimacy, suitability, and relevancy of the military interventions carried out by US troops both Iraq and Afghanistan. The release of these documents led directly to calls demanding the full withdrawal of the military forces from these countries, as well as investigating committees on the treatment of detainees in the Guantanamo Bay detention camp.

The documents and information should never have been kept from public scrutiny, and the very fact that embedded journalists minimized or omitted facts in the field exacerbated the corruption of the information flow. The revelations – including video documentation of an incident in which American soldiers gunned down Reuters journalists in Iraq – have fueled a worldwide discussion about the overseas military engagements of the United States, civilian casualties of war and the rules of engagement. Citizens worldwide owe a great debt to the WikiLeaks whistleblower for shedding light on these issues.

Edward Joseph Snowden (born June 21, 1983) is an American computer specialist, a former Central Intelligence Agency (CIA) employee, and former National Security Agency (NSA) contractor who disclosed top secret NSA documents to several media outlets, initiating the NSA leaks, which reveal operational details of a global surveillance apparatus run by the NSA and other members of the Five Eyes alliance, along with numerous corporate and international partners.

He has, with great risk to his personal well-being and future, revealed the horrific scope of the global espionage network of the Anglo-American spy agencies. By releasing documents regarding the activities of clandestine agencies he has not only unveiled the global scale of mass surveillance which endanger a wide array of civil liberties (cornerstones of our liberties such as free speech and the right to privacy) but, he has also given the people of the world the necessary tools to counter the ever invasive path towards mass surveillance. Blatant violations to even the very basic human rights have been institutionalized by US government agencies while privacy has been classified in ALL the major international human rights charters and declarations.

The debate on mass surveillance cannot take place without the disclosure of the basic structures and methods of the corresponding secret spy programs. Citizens, researchers and politicians need insight into these methods to be able to weigh the social consequences and the possible resulting damage to the global society. Mass surveillance erodes the fundamentals of modern democracies; making local laws to protect privacy meaningless within its global scope. Snowden has shown us that journalists can no longer protect their sources, lawyers can’t protect their clients and doctors can’t protect their patients information. The concept of privacy has been redefined to complete exposure into no privacy. His actions have shown the rest of the world and its policy makers that joint global action needs to take place in order to reinstate constitutional rights of privacy for citizens which is completely essential to healthy democracies.

By leaking the documents to investigative journalists from independent media, Snowden has managed to carefully consider the balance between public interest and national security. By revising the source documents, he and his supporters avoided leaking highly sensitive information that might have put currently running operations and the people involved into danger.

Some might argue that Snowden acted against the law, however, mass secret surveillance is illegitimate as it undermines the sovereignty of the people over the state apparatus. It is very well known that at times of universal deceit just telling the truth becomes a revolutionary act. When the state is acting outside the rule of law it is up to the citizens to report on such unlawfulness for the greater good of its peoples and principles for sustainability of the future.

Snowden and Manning courageously acted and as a result we have a more stable and peaceful world and far more of a possibility to develop/enact true democratic models.

We are nominating Manning and Snowden together because the courage of Manning inspired Snowden and both of them have inspired thousands of people all over the world to speak truth to power and demand transparency and accountability in their own societies.

Activism: The European Commission is planning an overhaul of the copyright monopoly laws in Europe, and is asking the public for input. The deadline for such input is February 5, one week from now. Activists have made it as easy as possible for you to submit meaningful input.

While the European Commission’s so-called “public consultation” is very detailed and biased toward the copyright industry’s perspective rather than the net liberty perspective, a number of pirate activists – notably Ásta Helgadóttir and Amelia Andersdotter, as I understand it – have put together a friendly walkthrough.

You can find it at copywrongs.eu. Go there now. Submit your input to this legislation.