• Welcome to New Hampshire Underground.
 

News:

Please log in on the special "login" page, not on any of these normal pages. Thank you, The Procrastinating Management

"Let them march all they want, as long as they pay their taxes."  --Alexander Haig

Main Menu

Ripple trading system is up and running

Started by Barterer, March 03, 2007, 11:09 PM NHFT

Previous topic - Next topic

Barterer

 :icon_pirat:
Yes, I've set up a Ripple trading site just for us.  I have been studying and tweaking this thing for several months, and I think it is ready to try out. Here is the address: 
  https://ripple.libertybrew.com 
I've discussed the Ripple project with some of you previously, but here is the concept in a nutshell:
Quote
Ripple is a monetary system that makes simple obligations between friends as useful for making payments as regular money.

Normally, if your friend Alice owed you $10, she would have to pay you back before you could make any use of that debt. If you were creative, however, you might be able to pass the debt on to someone else who knew and trusted Alice, in exchange for something you wanted. For example, you might be able to get a book you want from Bob, who also knows Alice, in exchange for letting Alice know that she now owes Bob $10. Instead of money, you used Alice's IOU to pay Bob. Alice acts as an intermediary between you and Bob.

Ripple does the same thing, only it takes the idea one step further. What happens if you want to get a haircut from Carol, who doesn't know Alice at all? Your $10 IOU from Alice isn't useful because Carol being owed money by Alice doesn't mean anything to Carol. But suppose you had a way to find out that Bob, who knows Alice, also knows Carol. You could talk to Bob and arrange for him to take Alice's IOU in exchange for giving his own IOU for $10 to Carol. Since Alice owes him exactly what he owes Carol, Bob is even on the deal. Both Alice and Bob act as intermediaries between you and Carol.

And that's how Ripple works. You create a profile on the system and indicate who you know and how much you trust them by connecting to people by email address and giving them credit limits. Then whenever you want to make a payment to another Ripple user using only friendly obligations, the system finds a chain of intermediaries connecting you to the person you want to pay, and records the payment in each intermediary's account all the way down the chain. You end up owing one of your "neighbours" on the system, and the payment recipient ends up being owed by one of her neighbours.

So you see it is a sort of IOU tracking system.  Barterers no longer have to have a specific item or service on hand in order to transfer value to others who want to trade something of value. Nor do you have to know or trust anyone who helps you by acting as an intermediary -- passing your "ripple" of wealth on to others until it comes full circle back to you.  It is a monetary system one can use to advance their wealth legally and with privacy.   

The units of exchange I have set up on ripple.libertybrew are:
ounces of gold
ounces of silver
USD

If several of you request an additional currency that makes sense to add, I can add it no problem. The current exchange rate is 665 USD/oz.gold and 13.5 USD/oz.silver.  I will update them as the spot prices change.

The guy behind the Ripple code is Ryan Fugger.  He operates Ripplepay.com, and is working on a P2P protocol that will let anyone set up a ripple node on their computer, and hopefully sync ripple sites with ease.  My implementation of Ripple does not connect to Ryan's, though it may in the future. 

Why did I bother to set up a ripple site just for freestaters?  I wanted to take some extra security measures, and also keep this idea going solid if ripplepay is ever shut down.  I plan to use it for my own personal transactions as I get to know and do business with my friends in New Hampshire.  Ripple.libertybrew is the framework for the network I plan to have.

So, why not just use ripplepay.com?  What are the differences between ripple.libertybrew.com and ripplepay.com?

No per-transaction emails. The system will not send details of transactions you make.  It will only mail you to do things like confirm an account or reset a password. This makes it much harder for some peeping-tom to figure out that Kat paid Russel 1oz. of silver for that footrub, or that anyone was paid for any reason. Since email is no more secure than sending a postcard, it doesn't make much sense to do a transaction through an encrypted connection, then send details of it as clear text over the internet. So I took that out.

In fact, I have not left the option to connect through regular http.  You may have to tell your browser to accept the certificate from webfaction.com. Putting a regular http address will redirect you to the https site.

So there it is.. everyone is welcome to log on and start making connections to others.  However, I have not done extensive testing on it for security bugs, so would like some of the computer gurus on here  (error, Lex Berezhny, Mr. dollars, eques et.al.) to see if you can trip it up somehow, and tell me where the edges are roughest.  FYI- ripple is written in Python and uses the django platform. The source code can be found at http://sourceforge.net/projects/ripple/   

I've left Ryan's donation links up on my site, and they will remain there at least as long as it takes me to get to New Hampshire.  Comments and suggestions are welcome!

error

#1
My time is limited, so I can't give it an extensive security review, but I would strongly recommend that everyone here download a copy of the software and keep it in a safe place (you don't need the software to use the system, but there's a higher than zero chance that certain government thugs will eventually ask SourceForge to remove it).

For those of you who do want to use the system, note well that you are very likely to attract the attention of certain government thugs by using a system such as this. Payment systems like Ripple are under intense scrutiny right now from certain government thugs due to those government thugs believing that the payment systems are connected to, or useful to, certain other terrorist organizations such as al-Qaeda.

In addition, those same government thugs will be paying close attention because systems like this allow people to not pay them the annual tribute they demand.

That's not to say that you shouldn't use the system. But you should be aware that there is a significant component of risk.

Russell Kanning

not as much risk as using a bank account and having the feds know every single transaction you make .... or as much risk as getting postal money orders from your friendly neighborhood federale ... ask Ed and Elaine. :)

I thought al-qaeda had money transfered to their bank accounts straight from homeland security.

error

Quote from: Russell Kanning on March 04, 2007, 02:45 AM NHFT
I thought al-qaeda had money transfered to their bank accounts straight from homeland security.

Do you really want a serious answer to that?

Russell Kanning


error

Oh, well, in that case, you can easily defeat fed monitoring of your bank accounts, at least in some circumstances. Computers only do what they're told, you know, and if you tell them something that's wrong, people will still believe it, simply because it was in the computer. :)

Tom Sawyer

Would working with the site via a proxy and an assumed name relieve the risk concern?  :)

Barterer

Quote from: error on March 04, 2007, 03:58 AM NHFT
Oh, well, in that case, you can easily defeat fed monitoring of your bank accounts, at least in some circumstances. Computers only do what they're told, you know, and if you tell them something that's wrong, people will still believe it, simply because it was in the computer. :)
It certainly doesn't hurt anything to pass along bogus tit-for-tat transactions amongst your friends, just "testing" so to speak.. and only you and your trading partner would know which transactions are legit.  The trust model allows for fully deniable and extremely difficult to prove transactions. Just don't extend credit to anyone you don't trust.

Quote from: Tom Sawyer on March 04, 2007, 06:13 AM NHFT
Would working with the site via a proxy and an assumed name relieve the risk concern?  :)
Yes, that would help obscure the fact that you connected to the site (and you could do a better job of that by running Tor through a coffee-shop connection) but the details of what is said over the connection is already private by design.  Let's say you help roof Lauren's barn, and accept $10 worth of sticky-buns in exchange.  You could run that deal through the system, and the SSL session having to do with it could be decrypted by an NSA supercomputer.  But at that point they would have violated your reasonable expectation of privacy, and spent ridiculous resources just to uncover a trivial transaction that is totally deniable.  "I did NOT eat the sticky-buns!"  ;D   Personally, I plan to just assert my right to communicate privately to my friends.

Thank goodness Ryan has released Ripple as free open-source software.  That makes my site worth exactly nothing to terrorists.  It would be stupid for them to use libertybrew, a site I have publically announced and have full access to, when they could easily set up their own site, keep it secret, and not have any pesky freestaters with access to their database.  So the probability of some terrorist using my site is practically nil.  If anyone tries to badger me, using the "terror" excuse, into turning over my log of IP addresses and connection times, I will plead the 4th until such time as I have done my own investigation and see that a true crime has occurred or is imminent.  And no, I won't take a stupid "security letter" as evidence.  I'll dump the IP log regularly and often, for good measure.. not that it matters.. FedNerds can see what IPs connect to the site and make their own logs, as they probably do with this forum.

Russell Kanning

we are all terrorists in the eyes of the feds.

PowerPenguin

Interesting. I don't consider it secure enough to try just yet, but in principle it's very similar to hawala, but on a p2p model. Let me know how it goes, though! I may try it in the future.

Tom Sawyer

I really wish you wouldn't discuss my private sticky bun transactions...  ;D

Thanks for the info.  :)

Russell Kanning

Quote from: powerpenguin on March 04, 2007, 05:27 PM NHFT
Interesting. I don't consider it secure enough to try just yet, but in principle it's very similar to hawala, but on a p2p model. Let me know how it goes, though! I may try it in the future.
not secure enough?

penguins4me

#12
Quote from: Russell Kanning on March 04, 2007, 08:16 PM NHFT
Quote from: powerpenguin on March 04, 2007, 05:27 PM NHFT
Interesting. I don't consider it secure enough to try just yet, but in principle it's very similar to hawala, but on a p2p model. Let me know how it goes, though! I may try it in the future.
not secure enough?

"Not secure enough" in that the server and/or its data may be open to manipulation. I'm going to be looking into Ripple a bit more in the very near future, but since I work with "IT" stuff both professionally and as a hobby, I understand generally how things like this work - but I am *not* yet familiar with how Ripple actually handles the data so some of my concerns may be moot.

Possible problems with Ripple:
1. Server owner able to manipulate stored IOU data to his/her advantage (either via a program flaw or roll-back of stored data, etc.)
2. Users able to send forged data to the data store indicating that another user is now in debt to the forger
3. Privacy issues regarding individual transactions and/or the database/data store in general (most often due to program flaws)
4. Authentication and verification issues (can a cracker simply brute-force a username/password set?)
5. Denial of service issues (can a pissed-off user "clog" or block access to your account? To the whole "bank"?)

... and many other considerations.

freeman4liberty

Ryan has updated the software.  Now it allows interest and also you can delete your account, if you don't have a balance.  Barterer I'm glad another liberty lover sees the power of this idea.  Barterer, have you considered having a currency unit that isn't an actual currency.  I look forward to the day when people trade "ripples" which floats against the FRNs. 

PowerPenguin

Constant devaluation then? Woo! My favorite! 8-) One could fix this by connecting it to metals though or some other good/service.