Tech News

What is OpenBazaar?

OpenBazaar is an open source project to create a decentralized network for peer to peer commerce online—using Bitcoin—that has no fees and no restrictions.

Right now, online commerce means using centralized services. eBay, Amazon, and other big companies have restrictive policies and charge fees for listing and selling goods. They only accept forms of payment that cost both buyers and sellers money, such as credit cards or PayPal. They require personal information, which can lead to it being stolen or even sold to others. Buyers and sellers aren’t always free to exchange goods and services with each other, as companies restrict entire categories of trade.

OpenBazaar is a different approach to online commerce. It puts the power back in the users’ hands. Instead of buyers and sellers going through a centralized service, OpenBazaar connects them directly. Because there is no one in the middle of your transactions there are no fees, no restrictions, no accounts to create, and you only reveal the personal information that you choose.

openbazaartransaction_1024

How does OpenBazaar work?

Let’s say that you are looking to sell your old laptop. Using the OpenBazaar client (a program you download), you create a new product listing on your computer with details just like you would on any ecommerce site.. When you publish that listing, it is sent out to the distributed p2p network of other people using OpenBazaar. Anyone who searches for the keywords you’ve used—laptop, electronics, etc—will find your listing.

If you both agree to a price, the client creates a contract between you both with your digital signatures, and sends it to a third party called a moderator. These moderators are also folks on the OpenBazaar network—could be your neighbor or someone across the world—who the buyer and seller trust in case something goes wrong. The third party witnesses the contract and creates a multisignature Bitcoin account (multisig) that requires two of three people to agree before the Bitcoin can be released.

The buyer then sends the agreed upon amount to the multisig address. You get a notification saying the buyer has sent the funds, and you ship the laptop to them and mark that it has been shipped. The buyer receives it a few days later, and they mark it received, which releases the funds from multisig to you. You got your Bitcoin, the buyer got the laptop; no fees paid, no one stopped your trade, everyone’s happy.

What if something goes wrong?

As we all know, things don’t always go smoothly. What if you’re buying a certain book from a seller, you pay the multisig, and they ship you the wrong one, or it was in poorer condition than advertised, or they don’t even send a product at all?

This is where the third party comes in. Remember that a multisig requires two of three people to agree in order to move the Bitcoin. They control the third key to the multisig, so the funds will not move until either the buyer and seller work out an arrangement themselves, or the third party agrees with either the buyer or seller on how to deal with the transaction and funds in multisig.

These steps may sound complicated, but the details are handled by the client itself. Our goal is for buyers and sellers to have an even better experience using OpenBazaar than the old centralized platforms.

Timeline

OpenBazaar version 1.0 has been released, and you can download it here. If you want to keep up to date on announcements and releases, please subscribe to our subreddit.

Submit bug reports and suggestions for improvement to our Github repositories, either server or client.

Feel free to drop into our Slack room. We’re happy to help you get a node running or answer your questions.

Developers can visit our developer resource page. Obviously any code submitted to the project is much appreciated!

You can also donate Bitcoin to this address to help us pay for seed servers, the website, and other projects costs like conferences.

Let’s make trade free, together.

Tech News

Bring Back the Honeypots

https://www.youtube.com/watch?v=W7U2u-qLAB8 Honeypots were all the rage in the 90’s – A raft of tools (and even a world-wide alliance) sprung up extolling their virtues but they never managed to live up to their hype. They were largely relegated to researchers and tinkerers on the fringes. At the same time, we have the Verizon DBIR telling us that most companies are first informed by 3rd parties that they are breached. This is a stupid situation to be in. Well deployed honeypots can be invaluable tools in the defenders arsenal, and don’t need to look anything like the honeypots of old. From application layer man-traps, to booby-trapped documents. From network-level deception, to cloud based honeypottery, we are bringing honeypots back! During this talk, we will discuss and demonstrate the current state of the art regarding honeypots. We will explore the factors that limit adoption (and will discuss how to overcome them.) We will demonstrate new techniques to make your honeypots more “hacker-discoverable” & will share data from running actual honeypots in real organizations. We will also discuss (and release) OpenCanary, our new open source honeypot (along with supporting scripts and utilities). Over the past few years, honeypots have gotten a bit of a bad rap. We will give you tools, techniques and takeaways, to move them from geeky time-wasters, to the most useful pieces of kit you will deploy.

Tech News

Twitter Slams Controversial Cybersecurity Bill

Twitter has become the latest tech giant to come out against the controversial cybersecurity bill that’s expected to hit the floor of the US Senate this week.

The company, which has 316 million active users worldwide, tweeted its opposition to the Cybersecurity Information Sharing Act (CISA) from its official policy account early this morning, saying: “Security + privacy are both priorities for us and therefore we can’t support #CISA as written. We hope to see positive changes going forward.”

The bill would open us an information exchange between the public and the private sectors: government would give companies classified information about potential threats, but the bill also incentivizes companies to funnel information to local law enforcement and the Department of Homeland Security, which must share the information with the National Security Agency “in real time.” Privacy-focused organizations have accordingly been concerned.

As have many of the companies in charge of said user data. Twitter is joining a growing chorus of major technology companies that have recently come out strongly against the latest version of CISA, echoing concerns from security experts and privacy advocates that CISA would fail to prevent cyberattacks while dramatically expanding government surveillance and undermining user privacy.

Over the weekend Yelp, reddit, and Wikipedia weighed in against CISA. Last week, CCIA, an industry association representing tech giants Google, Facebook, Yahoo, Amazon, Sprint, and others, also issued a statement slamming the bill. Mozilla, imgur, WordPress, Craigslist, Namecheap, and hundreds of other companies have opposed CISA and similar information-sharing legislation in the past.

Last month, the Business Software Alliance, which represents Apple, Microsoft, and other major tech companies, clarified that it does not support any of the three information sharing bills before Congress: CISA, plus the Protecting Cyber Networks Act (PCNA) and the National Cybersecurity and Communications Integration Center (NCCIC) Act.

“Internet users are outraged that Congress is even considering legislation that undermines the basic security of the Internet by sweeping away privacy protections and letting companies off the hook when they improperly share or leak our personal information,” said Evan Greer, campaign director of Fight for the Future, which has been a vocal opponent of the bill. “Members of Congress should pay attention: nobody wants this bill. Not the public, not security experts, and not even the industry it’s supposed to protect. The safety of Internet users’ personal information is more fragile than ever, if Congress decides to make matters worse, everyone will know it was the result of ignorance and corruption”