[messaging] Namecoin, squatting and decentralized solutions to Zooko's triangle

Joseph Bonneau jbonneau at cs.stanford.edu
Sun Aug 2 23:20:54 PDT 2015

Talking to Trevor today, I realized I never emailed the list to plug a cool
paper at Princeton that I co-authored on squatting in Namecoin that was
published at WEIS last month[1]

The official position from Namecoin is that squatting is a non-issue (even
calling discussion of squatting a case of bike-shedding) [2].

By contrast our paper shows that  Namecoin has almost exclusively been used
by squatters so far [2].There are only a few dozen cases of legitimate
usage to date and over 100,000 names which have been claimed by one of four
major squatters (or re-sellers or whatever you would like to call them).
There is also no evidence of a functional market through which squatters
sell these names-it's all speculative so far.

There are a lot of ideas about how to change incentives to prevent
squatting (including some in the paper) and Namecoin's design can probably
be improved. So one might say a better-designed Namecoin could "solve"
squatting and therefore Zooko's triangle.

But I think a deeper issue is that the human-meaningful/readable/usable
property of names is ill-defined in Zooko's original triangle and has been
described different ways since. If Namecoin worked and was secure but was
subject to excessive squatting, limiting the availability of many desirable
names, would this be a "solution"? Names would be human-readable but
perhaps not human-usable.

There are also issue of adversarial registration or simple clashes of
names. For example, a phisher might pay for d/facebook on Namecoin
(currently squatted) and find it more profitable to use the domain for
malicious purposes than sell to Facebook, Inc. In other cases (which of
Jaguar Cars or the Jacksonville Jaguars most "deserve" d/jaguars?) there
isn't a technical answer at all.

This problem is vastly worse for messaging-if Namecoin took off thousands
of people would like id/jsmith and dozens want id/jbonneau.

So far we have solved this problem with heavy centralization to police
namespaces-DNS uses central registrars, UDRP and occasionally courts to
prevent squatting and abuse and large email providers use proprietary abuse
prevention, with Facebook and Twitter using a manual process to check names
in odd cases [3] and vet celebrity accounts.

Perhaps this can all be solved with proper economic incentives which
encourage some sort of voting for who globally has the "right" to a name
and settling disputes, but I have yet to see a design that really takes
this challenge on.

[1] http://randomwalker.info/publications/namespaces.pdf
[2] https://wiki.namecoin.info/index.php?title=Squatting
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150802/40d90e39/attachment.html>

More information about the Messaging mailing list