home > archive > 2014 > this article

Real-time self-government in the cryptocurrency frontier: The NFD phoenix stands and delivers

By Daniel M. Ryan
web posted October 27, 2014

Nxt Fair Dysteria

As I disclosed in the last part, the organization of the rescue effort to compensate the victims of the NFD scam was a classic instance of spontaneous order proceeding with crypto-time speed. A general outline of what was to be done took only a few hours to emerge. As I was sliding myself into sleep with the aid of some home-fermented alky, the discussion started turning into specifics. When I woke up the next morning, gone through what I had missed and carved out my own procedures, all of the six Bitcointalk members who would have a hand in the rescue operation had posted on the revival thread. Those six were:

  1. MaWo. He started the revival thread off, would become the tech head and the primary Java programmer for the job.
  2. richwang. He would be the second Java expert on the team, helping MaWo with the cloning, testing and some network issues. In addition to his own programming, he served as a vital second Java-head for MaWo.
  3. lordoliver. An experienced professional Web designer, he would be solely responsible for the redesign of the browser part of the NFD wallet. He also took charge of judging which logo would be the official one for NFD, via a poll, and would also oversee the creation of the official NFD Website by the same fellow who came up with the winning logo. 
  4. dasource. He was a high-flying networking expert who set up a node for us and helped us with setting up others.
  5. notsoshifty. His straight-job métier was finding flaws in apparently solid Java code.
  6. Nxtblg: your humble author. Since I was essentially too inept to help with the technical side of things, I took on the distribution list and the "soft" responsibilities like keeping the community rallied. Essentially, I was the jack-of-all-nontechnical-trades.

In my own spare time, that is. Once I audited the escrow list, the amount of time and work it took for only 53 people quickly turned my cheery optimism into rough-and-ready disillusionment. In large part, I started with the escrow list as a limber-up for the real job of auditing the entire distribution list. But it also was important on its own, because part of the scammer's sloppy bookkeeping was the inclusion or exclusion of escrowed pre-buyers seemingly at random. Moreover, five of the fifty-three had not received refunds. I had to figure out who they were so I could inform them they had the right to a refund. If they chose not to, they had to be on the distribution list because they were just as entitled to their shares of NFD as any victim.

There was also another reason. A kindly escrowee, Prosperux, had already volunteered to send back his refund for his share of NFD. I think he did so in the spirit of fellowship, but for me that was a wake-up call. If any others joined him, I had to be prepared.

It was evident that the sloppiness was bad and the importance of doing the job right was crucial. So, I tossed aside my hasty hope of doing a regular audit job and quickly shifted gears to doing a full-scale comprehensive reconstruction of the list: checking and cross-checking all the way. I had to gather up all the Bitcoin accounts in the escrower's blockchain record of transactions, organize them in categories based upon the gross spends and the nets of the escrower's fee, tabulate whether each sender got a refund or not, and try to get ahold of anyone (the five) who still had Bitcoin in the escrower's hands. Since Bitcoin is pseudonymous by design, I had to spend a dime's worth on each of those five to send them signed messages through the Bitcoin blockchain telling each of them what was up and what their rights were.

To a regular auditor under normal circumstances, my completely amateur audit work of the escrowees would have been an easy-peasy spot check job that only the unconscionable would bill at more than a quarter hours' worth of work. But this was not a normal circumstance; I had to be as comprehensive as I could. This, plus my amateurishness, meant that I spent a full day and a half on that limber-up job. When finished, I announced it on this thread dedicated to discussion and self-identification of any escrowees.

And I was surprised and pleased to not only see some of those five escrowees step up and say they wanted in, but also some who got refunds volunteering to re-send. The same escrower for the NFD scam, Anon136, obligingly volunteered to escrow the new revived NFD. The rest of his post had some choice words for the scammer: ‘If you are reading this din, i know what you are thinking, "they were so dumb they deserved it", well no being dumb isn't immoral, stealing peoples money how ever is. Someday you are going to grow old and you are going to die and you are going to have to look back on your life and at that point money [will not] mean anything, your choices here however might. And if they don't than you have an even worse problem. I do not envy you.'

I hadn't forgotten about "din" either. In response to someone who expressed concern that the scammer himself would get some NFD, I actually expressed some hope that he might:

[I]f NFDCoin {"din"] sent some BTC himself, he'll find that - if he tips his hand - we'll have real information on the fellow. So, he's going to have a problem too. He's going to have to play dumb and avoid the temptation to brag about getting the better of us.

If he does surface, I may play dumb and string him along to see what I can squeeze out of him. If I can tickle him into bragging about his exploits, I may wheedle enough information for us to dox him.

In other words, nail him by finding out who he really was.

But, as I later found out as I continued my reconstruction work, he almost certainly didn't goose the popularity of his scam by sending any Bitcoin to himself. That potential trail was cold.

A Whole ‘Nother Level…Of Neurosis

At the time, compliments and encouragement were trickling in. I was really glad for them all, but I could only thank them in my heart while my nose was still pressed to the spreadsheet grindstone. As I explained in the prior part, this was a job that demanded an almost fanatical attention to detail and accuracy. One person complaining about being cheated twice would have looked to the usual suspects like the NFD rescue team was another band of robbers. Those kind of Ralph-Nader-type trolls are the very opposite of shy when it comes to nailing someone they believe is a scammer; they spread their yells far and wide. That last thing I and the rest of the team needed was a public-relations nightmare of that sort. We were all doing it in the spirit of Service, for no pay over and above us getting our own coins. As a result, it wouldn't have been untoward for that kind of troll to kick off an old-style flame war. There's nothing like calling a Good Samaritan another thief to get a heated argument going. None of us needed that.

So, in order to pre-empt it, I had to strive for accuracy at the level of an obsessive-compulsive neurotic. Unlike a simple audit, reconstructing the distribution list was going to be more of a challenge. As I found out later, I had to see to three hundred and thirty-one senders of Bitcoin including the re-upping escrowees before I pruned. Not to mention one thousand, two hundred and seventy-two people on the giveaway list. I had to punt with respect to the last, due to time pressures, but each of the people who had sent in money was going to get individualized attention from me with respect to their records. So did those giveaway-category qualifiers who had sent me private messages – and  there were many.

Connect The Dots…If You Can

As part of my outside work, I had sent help-me letters to the devs of two earlier Nxt clones, Nas and NHZ. My help request to the Nas dev, Nascoin, got him suspicious and questioning my motives. My request to NeXTHorizon got him offering to send all the victims a few thousand of his NHZ each and asking me to bring them on board with his own coin. So, there was no help from either. By the time that both got around to responding, the cloning was well under way.

As we settled into our work, the thread grew more slowly as every one of our fellow bilkees waited patiently. That's in part because I posted on the thread regularly, although my updates became less frequent as I plowed through the reconstruction work. But I did supply a lot of evidence by sending out a whole slew of private messages asking for rudimentary identity verification.

As explained in the prior part, NFDCoin had asked pre-buyers to include the SHA-256 hashes of their chosen passphrases as a signed-message attachment to their Bitcoin spends. Those signed messages were part of the public blockchain record of the scammer's Bitcoin accounts. The ones who had sent those signed messages were easy to verify.

So were the ones who had sent in an idiosyncratic number of Bitcoins. In those cases, all I had to do was simply confirm that each spend was unique and match it up to the corresponding Bitcointalk user in the initial distribution list – if he or she were there. If not, I was hoping that a private message sent to me by the sender which included his/her Bitcoin account would fill in the blank and help me connect the dots.

I must admit that the latter procedure, which I also used for people who had sent in non-unique amounts with no signed message attached, was quite lax with respect to ordinary audit standards. Had I got tough, I would have asked each and every one of them to verify they had control of their accounts by sending a microscopically cheap amount of Bitcoin and/or a signed message that would prove that their identified account was indeed theirs. But, I decided not to get tough for two reasons.

The first reason was simple time pressure, plus the additional delay that comes with waiting by the inbox for someone to respond. But the second was a real eye-opener for me.

At first, me already being through several misadventures in the altcoin jungle, I was sympathetic towards a get-tough policy. Thankfully, I decided to take the high ground by making my inquiry messages seem sent out of concern. I privately got suspicious over several dubious sends, but I discovered that all of them were real people and that all their records were completely legitimate. Truth be told, I was too lousy a detective to spot any gamers from afar. So, after reporting what I had found to the rest of the team, I relaxed into a go-easy concerned-dev habit when composing subsequent requests. Even in cases that were outright suspicious – like two or more Bitcointalk users on the list with exactly the same passphrase hash – I framed my request for clarification as someone who was worried about my recipients' account security. I said that I feared them winding up with unintended "joint account." To my further surprise, many of those cases were indeed different people who had picked the same passphrase without knowing the other did. Strangely for the altcoin jungle, the high road did lead to the more accurate result.

Had I not been technically inept, those people would have been a red flag of a completely different sort. Since the chances of picking the same secure passphrase as someone else's is effectively zero, those coincidences were a warning sign that more than a few of the rescuees had picked passphrases that were easy for a hacker-robber to crack. Fortunately, MaWo was technically astute in that way too. He had got ahold of a big list of passphrases that were known to be crackable (short passphrases, passphrases composed of only a few words like "MyNewAccount," keyboard-pattern passphrases like "qwertyuiop", and so on.) Then, he hashed them all and compared them to the hashes on my list once I had finished the job. Those compromised passphrases, he refused to send out the NFD until the holder changed his or her passphrase to one more secure. At the time, that gave me an additional stakeholder-management duty – including one poor fellow who got frightened because he knew no English and didn't know what he had seemingly done wrong – but I backed up MaWo 100%, Especially since he had given a lot of advance warning in the NFD threads. Here's one example.

To be quite frank our holdback policy was – by altcoin-jungle standards – helicopter-mother overprotective. By the time the distribution day approached, MaWo had enough spare time to post a lot of advice and help to NFD stakeholders: one of his main themes was, "make sure you pick a secure passphrase." Sadly, once the big day arrived, we discovered that you can lead a horse to water but you can't make him drink. The publicity about NFD's big distribution day had reached the eyes of at least two hacker-robbers who were lying in wait with cracking scripts and crack tables. As a result, the big day also saw a big crime wave – which made the accomplishment of our mission bittersweet even to this day. For a time, we had discussed devoting some of the 5% set aside for bounties to compensate victims of the crime wave but in the end we bowed to the rough-and-ready mainstream custom in the cryptocurrency frontier and dropped the idea.

As I mentioned above, I had a method to my obsessive-compulsive madness. Because I took the all-manual comprehensive-reconstruction approach, I put in a furious amount of work that took me more than a month. As a result – and I pre-authorized this to MaWo in private – I was the one who was held up as the main delaying factor that was drawing out the launch and distribution to a stretch that proved to be a five weeks long. I had decided on the me-as-laggard policy deliberately, so as to give the time-pressed tech team enough leeway to: make sure they had cloned NFD from Nxt properly; privately test it to scotch out any hidden issues; run a public testnet which found some other issues as well as needed design feedback that made for a more stylish client; and launch well before the distribution date, which gave the team time to stress-test the network a little. Other than the crime wave that marred the distribution day, NFD had a largely smooth launch. In the altcoin jungle, that's a real plus.

Granted that a spreadsheet-hip efficiency expert would have deemed my audit-and-reconstruction work horridly inefficient, but me doing so gave the rest of the team enough time to be careful and even meticulous. And, I never got a single complaint about me holding anything back: the bet I made paid off.

"You guys should be running the damn government."

High praise indeed. And for me, in addition to warming my overworked heart, a real eye-opener and memory-jogger.

Have you heard of Hernando de Soto's book The Mystery Of Capital? Did you read it years ago, as did I? Or have you yet to read it at all? If you please, I'd like you to get it (off your shelf if you have it), open it to the Index, and look for this entry: "Social contracts, extralegal." And then, read through the ten-or-so pages to which the entry refers. It's pure history, but the parallels to what I've done are striking. It's as if I and the rest of the NFD team were administering a mining camp in a frontier beyond any jurisdiction.

As I explained above, I was in charge of the list that divided up the "spoils." MaWo was fully in charge of creating the spoils and distributing them. And of course, the rest of our all-volunteer team had accomplished the production of the spoils too. In our own little way, we were a little like a non-govenmental all-voluntary quasi-government. I and the rest of the NFD team have real experience in an art that's all-but lost except to specialized historians. I and the other five have real-world experience in the art of self-government on the cryptocurrency frontier.

In a sense, all of us – all of us pinched for time – were a "Dream Team" of citizen-legislator types. All but me had straight jobs and family responsibilities. All but me had to do their vital work in their spare time. I wound up in charge largely because I don't have a straight job and only a regular series of chores for my outside responsibilities. All of us – all of us – were scammed ourselves. To continue the analogy, all of us that were administering to the rescue project were very definitely "of the governed."

The result is a profoundly neighbourly relationship between "governors" and "governed." MaWo and I reported regularly to NFD's stakeholders and filled them in all the way. All our work was presented for community scrutiny and review. We did bend to community requests. And the point to note is: we didn't do so just because it was the right thing to do. We were responsive to the community because it was the intuitive thing to do. I can't think of any better example than a demand I initially was put off by because I questioned the demander's motive. After I shook off my resistance, I stared a completely unmoderated complaints and criticism thread. And lo and behold, I soon found it useful and relied on it as a tool!

And that's the real secret behind a community-centered and community-driven policy. I found though my experience that it's also the practical thing to do.

Sadly, our modern democracies are just too big to be aught but a pale and wordy shadow of this neighbourliness. At the very minimum, simple logistical impediments make it impossible.

And, as cryptocurrency continues to grow and develop, this neighbourliness and voluntarist Service will be impossible in cryptocurrency too. As cryptos grow to meet the mainstream, the entire field will have to bow to the demands of the mainstream – a consensus mainstream that's rather satisfied with the advantages bestowed by the Regulatory States we all live under. Inevitably, the cryptocurrency sector will be fully regulated by governments. If it takes off as the Internet itself did in the ‘90s, the legislators of our jurisdictions might even enact jurisdiction-spanning regulatory agencies solely devoted to overseeing cryptocurrencies. When those days come, maybe around 2020 or so, the old cryptocurrency frontier and the altcoin jungle will be aught but a memory and grist for historians.

But the memories will put a significant question mark on the generally-accepted assumptions about politics in our time. True: as I've both experienced and disclosed to you in this entire series, the altcoin jungle does suggest that Hobbes' view of human nature has truth. My own experiences of the better side of the altcoin jungle, though, do demonstrate that the Lockean view of human nature is truth too. The question mark – are there better ways than relying on our governments? - will not fade away for a very long time – if ever. ESR

Daniel M. Ryan is a long-time contributor to Enter Stage Right and has returned to the fold. © 2014 Daniel M. Ryan.

 

 

Home


 

Home

Site Map

E-mail ESR

 

 


© 1996-2024, Enter Stage Right and/or its creators. All rights reserved.