Hacker News new | past | comments | ask | show | jobs | submit login

You might think about embedding bounties in crypto blockchains. For example, create BTC wallets that can be unlocked using a secret sitting next to (or steganographically embedded in) the secret you're trying to protect. This gives the person uncovering the secret an incentive to activate the canary. {RI,MP}AA are apparently doing this with their music and movies, so they know when they are showing up on pirate sites.

As skeptical as I am about crypto currencies, this is a really interesting application. Basically exploiting human greed. Thank you for sharing it.

That's some awfully pessimistic and dehumanizing language. I just consider it to be paying someone for the trouble rather than jumping straight to "exploiting greed."

Since the person profiting is someone who obtained the secret through shady means - either breaking into an insecure system, or taking advantage of their access to a system which doesn't encrypt passwords - I don't consider it pessimistic or dehumanizing to describe the behavior as greed.

Greed is a subjective term. The company who is charging money could be described as greedy for making a profit when they could have lowered the price to remove any excess profit. Why is the person who understands and uses the system in a way it wasn't intented greedy?

Because they're stealing secrets from people? I confess I'm confused why this is confusing. The exercise here is to know when something is public that you want to keep secret. The proposed solution is to make the secret something have value independent of its secretness, to tempt those that stole the secret to obtain that independent value. I'm fine attaching "greed" to profiting from stealing secrets.

You say that like there's something wrong with exploiting greed.

Strange. I feel only a slight negative connotation of "greed". Nothing to be ashamed of or to condemn. Maybe some meaning is lost in translation to my language.

Exactly, it's as if my pay cheque is "exploiting human greed".

I think this is a great idea and a great use of a BTC/LTC wallet. Breach notification often doesn't happen in a timely manner, and building a solution like this let's me, the consumer, get notified even when the vendor with the secrets doesn't send the notification.

Check out https://medium.com/@grantm/obtaining-instant-breach-transpar... for some more info about how this might be possible.

The MirageOS project has done this, they call it the "Bitcoin Piñata".

It's still unclaimed I believe: http://ownme.ipredator.se

Claimed today I believe. Possibly inspired by your post

Is there a source that it was definitely claimed? The BTC have moved, but the site notes "[i]n 2018 we will likely reuse most bitcoins for other projects", and the transaction (splitting into two amounts of 9BTC and ~1BTC) aligns with this Tweet from December:

> PSA: the bitcoin piñata will be reduced by a large amount, the owner who lend the 10 btc wants to spent 9 on useful projects


From their site:

"This challenge started in February 2015, and will run until the above address no longer contains the 10 bitcoins it started with, or until we lose interest. In 2018 we will likely reuse most bitcoins for other projects."

So I'm not sure what happened frankly.

You’ll notice someone gained access to your system (because the money will disappear) but you’ll have zero clue how they did it. Also, how do you prevent an employee from stealing the funds for themselves?

There’s a reason companies use bug bounty platforms instead of just having a bunch of bitcoins lying around.

But there has to be some way we can solve this with the blockchain. /sarcasm

I'm interested in understanding how the RIA/MPAA canary works. Can you please elaborate or provide an explanatory link?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact