I also think that they misunderstand the needs of their potential customers. They are trying to introduce a public, crowd-funded service to a market for covert information without any sense of irony. In broad strokes, a third of the value of a stolen secret is in knowing it; another third is having exclusive access; and the last third is that your competition does not know they've been robbed. When they realize that you have their IP, they will pour money into R&D. Since they are already familiar with their work -- and you are not yet -- they are likely to beat you to market.
For that reason I'm skeptical this venture can compete with existing black markets.
...all I see is a tool that allows secure communication and protects people's privacy. If we want to avoid living in a future where a police state monitors everything people do and say at all times, we have to somehow allow for people to maintain privacy and communicate privately.
Your attitude seems like a really slippery slope: If I write an email to someone and PGP encrypt it, as many people do today, would you similarly say that I'm being "covert" and "dark"? Where do we draw the line?
I'm all for having secure, private means of communication; it is essential for our liberty and a healthy democracy. Inevitably, these will be used to create black markets. Freedom is expensive, and that is just another cost.
I can think of three or four ways to defeat even a relatively sophisticated attempt to do so in an automated manner. And if you're going to make money off selling secrets, what could be better than selling the same thing to a dozen purchasers each of whom thinks that they have an exclusive on the deal.
And - how would you arbitrate misleading data? "0-day Flash Exploit For Windows", "...NT4".
Maybe we're missing the irony.
edit: more ranting (won't dupe) https://news.ycombinator.com/item?id=8795427
"Zero day exploits. For the market defined value rather than a price determined by the corporations under the guise of a bounty with the veiled threat of legal action should the researcher choose to sell elsewhere."
"Stolen databases. Corporations will no longer be able to get away with an apology when they fail to secure their customers confidential data. They will have to pay the market value to suppress it."
This isn't about exposing corrupt secrets for the public good. This is about giving data thieves a way to squeeze more money from their victims (deserving or not) by letting others bid against them. They're not trying to hide it, guys.
If you put together an app that professes to send messages that are private to one other user, when in fact they are visible to anyone with access to your servers, you have sold your users down the river just because you are not a competent developer. This is widespread right now, but it doesn't mean it isn't true.
However, as other people have pointed out, this particular idea looks like BS. Even so, I think it will be implemented in some form in a few years. It's time to end the "fingers in the ears, la la la" approach to data security that your post exemplifies.
And none of this explains why you think a service that helps Steve get top dollar for your stolen stuff is a good thing.
We already have darknets and assassination markets and... and places to find scandalous celebrity photos and dox. The amount of ego they throw into their copy doesn't inspire a lot of confidence to me.
Edited to add:
The talk is linked below.
However the people behind this have been thinking about it far more than I have so I'm sure they have their reasons for doing it in C.
It says nothing about the people involved or their experience. It claims they are "9 cryptographers" and says nothing more. They also appear to be trying to raise money for this:
I agree that using C is a really dumb idea for anything security sensitive.
However the people behind this have been thinking about it far more than I have
I see no evidence of this either.
In fact all I see is an attempt to grab money from people for a product that does not exist, has no prototype and quite possibly never will exist.
As to their identities, I suspect it's the same people (Amir Taaki and friends) who are doing Dark Wallet, given that they're the only people who use libbitcoin as far as I know, they explicitly recommend Dark Wallet although it has almost no users, and both sites very much match their writing style and general way of thinking. It's exactly the sort of thing that they'd think was a good idea.
It's rather curious the website says it's written in C against the libbitcoin library, as libbitcoin is a C++ library that doesn't even export C headers.
As to their identities, I suspect it's the same people (Amir Taaki and friends) who are doing Dark Wallet.
I rather doubt that as I haven't heard anything about Slur from that group - as Dark Wallet Chief Scientist they pretty much always run new ideas past me. Secondly they already have a better protocol for paying for information that that I and Amir Taaki developed: https://github.com/unsystem/paypub PayPub uses a non-interactive revealing stage to avoid the need for the trusted escrow agents that Slur claims to use.
re: Dark Wallet, keep in mind it's still officially an alpha undergoing testing prior to release, but its CoinJoin mixer gets regular usage, mixing what seems to be in the region of a few thousand dollars worth of bitcoins every day on average. It is the only CoinJoin implementation I know of with any usage, other than the known to be badly broken blockchain.info one that doesn't provide any privacy. Recommending people use it to donate anonymously is quite reasonable.
1. You can't prove a negative. The seller cannot prove that there's not a copy of the same information elsewhere.
2. If you prevent the same data from being sold again, the exclusive owner is also prevented from selling. What if that person wants to sell bits and pieces of the information as an arbitrage play?
3. Doesn't this obligate the police to bid for any child pornography whatever the cost?
It uses Bitmessage and two party escrow Bitcoin transactions.
Personally, I think it is a pretty stupid name given either interpretation. Slur does not denote reliability of information.
Took the world long enough to catch up.
Sounds like the product side has been figured out... the essay is pretty thorough.
Various issues: C used (huge flag), little progress yet, arbitration can't help in subjective/unverifiable/misleading data situations, anynomity will drag in the trash-sellers by the dozens, entirely unsourced data -even when true- is not as useful as sourced stuff (which you'd call "actionable"), de-duping information is impossible, what's the arbiters' motivation to be honest and not attempt to contact either side for bribes (or vote against "truth" for lolz), etc.
But mostly: Just think of the Signal/Noise ratio. Everyone will be trying to abuse this.
Even the dumbest, shotgun, numbers-game approach would have returns: Keep listing seemingly interesting stuff that is actually misleading/incomplete/bad/resold/... and eventually some of your transactions will not be reverted by arbitration.
And this is anonymous crowd-funding, you say?
...anonymously crowdfunding this half-thought idea with bitcoin.
For what it's worth, the potential for the internet to even out the knowledge gap in the business world has barely grazed the surface of where it's headed.
I am not talking about getting cokes recipe but knowing the cost basis of vendors so they can't rip you off. Every industry will eventually have a winner that decided to be completely upfront and transparent accept smaller but healthy margins and eliminate the fear consumers have of looking foolish by getting a worse deal than their brother in law.
Incentivising leakers to leak to agents with the most power and wealth does not make much sense.
Buyer/seller privacy would be a fantastic development but blackmailing people is definitely in scumbag territory. I would like to see this project change its name, messaging, and even reevaluate its motives. That said, I don't see anything wrong with the core principle which is a free market with privacy. Which shouldn't be interpreted as "go break the law!".
We need more people developing systems that emphasize privacy. Lets encourage those who are doing so by explaining what aspects we like/dislike.
However for arguments sake, let's strip away the reality of what they're encouraging and find merits in non-illicit contexts.
What can be productively sold in this way? Source code licensing, music and movies come to mind, but do they offer over iTunes or Shopify? I can only find cons.
Let's look at the core principals that they're advertising and see how they apply:
"Sellers encrypt, upload and then list their data on the digital market with the ease a user might list an item on eBay. They do so with full anonymity and there are no restrictions on the content of the data."
Legitimate sales interests also rarely need to be anonymous. Having their own marketplace (iTunes store, etc) also let's them restrict the privacy in the way that best favors them. The exceptions -- journalists or people under repressive regimes -- could benefit from such a marketplace if it weren't for the fact that they can't prevent the enemy from buying the information (they're anonymous, too), let alone sell it to many news outfits or many rebels over time (data can only be sold once).
"Exclusive bidders attempt to purchase the data for their own use and / or prevent other parties from acquiring a copy. Should an exclusive bidder win the auction they alone will receive the decryption keys. The same data cannot be auctioned a second time on the Slur marketplace."
"Crowd bidders pool their funds into a single bid. Should they win the auction the network will release the decryption keys to all users on the Slur marketplace and the information will therefore become public."
"Arbitrators are randomly selected users who agree to weigh in on a dispute should the winner of an auction claim that the decrypted contents do not match the sellers description."
"Public key cryptography ensures the data being sold can only be decrypted by the winner of the auction."
Look, there might be some legitimate amazing use that I'm ignorant towards, but it has to fight a lot of restrictions with this premise. It seems really geared towards illicit use in both design and message. I also can't get behind advocating for psychopaths. YES THOSE WITHOUT CAPACITY FOR EMPATHY LETS PICK THEM.