Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

cryptostorm: token resales, "affiliates," & bulk purchases

This subforum is both a place to find & discuss independent cryptostorm token resellers, as well as to discuss cryptocoin related topics such as buying bitcoins, altcoins such as darkcoins and dogecoins, "tumbling" coins, theoretical/mathematical topics, etc.

Topic Author
Posts: 104
Joined: Wed Jan 16, 2013 9:20 pm

cryptostorm: token resales, "affiliates," & bulk purchases

Postby cryptostorm_ops » Tue Oct 22, 2013 5:00 pm

To access the cryptostorm darknet, a token is needed. If you'd like to learn more about our token-based authentication model, there's extensive theoretical background, a formal whitepaper, & additional related discussions found here.

Token-based authentication is something we've designed to qualitatively improve the real-world security of network members. Simply put, it's structured such that the network has no need to know anything about our members. Instead, a token serves as the sole method to gain access to the network. We have no "customer database," no "subscribers," no billing information, and no personal information regarding network members. A "member" is by definition someone who has token-based access to the network. That's all.

Now, for this component of our security model to scale and truly grow roots, it's best for other, outside entities to handle the actual sales of tokens to network members. It's clear why this is so: if we're selling tokens, ourselves, then (in theory) we could keep a record of who bought what token. With that (again, in theory), we could track what a person is doing whilst connected to the network. That's bad.

In contrast, when an individual network member purchases their tokens through a third party - a reseller - then there's no way for us at cryptostorm to know who is making use of that token.... unless the reseller is secretly collaborating with us to track token purchases by person. But, if there's enough truly independent resellers, this problem can be resolved through a trust-based market mechanism: trusted resellers can publicly assert their independence from cryptostorm and, based on their existing reputations, earn more token sales as a result.

    (we're also actively encouraging the development of "token tumbling" services that use formal cryptographic tools to ensure tokens are truly decoupled from any identity based on original purchase - more on that, soon...)

As a direct result, we're keen to support token resellers as an integral part of our security model. The reselling process is quite simple. At a discounted price, we provide newly-minted tokens in bulk to those who wish to purchase them for resale. That's it. Those resellers can then do with them as they fit: sell them, we'd assume, but that's not actually up to us.

    (please recall that newly-minted tokens don't begin "eroding" towards their expiration date until they've been used the first time to authenticate into the cryptostorm network; so, if they sit on the virtual shelf for a while until being resold and used the first time, it's no problem - they don't go stale)

We're still fleshing out the mechanics of our token resales process. However, for folks (or project teams) who'd like to get a jump on things, we're happy to get going now. Please understand that this is an evolving mechanism, and it's likely to be somewhat fluid in these early months. Things like discounts based on volume, prepaid allowances, secure bulk token distribution channels and so on will develop as a result of these early steps in the process.

Our resales team can be contacted at: [email protected] - they'll work with you to create the most elegant way to get things going.

- - -

Enabling truly anonymous access to a production class, commercially-provisioned, professionally-managed, highly-scaleable darknet infrastructure is one of the missing pieces in our successful collective response to massive, dragnet surveillance by the NSA and others. Tor does a great job of providing anonymous access to network resources - but at the cost of scalability and performance, since all network resources must be donated and with a no-cost-for-use model, the more capacity that's added, the more demand that'll swamp that capacity. Tor's an excellent, well-designed tool and an essential piece of the privacy puzzle... but it's not the entire puzzle, all by itself - and it will never be able to be that, by design.

Conversely, "VPN companies" are making a small group of unscrupulous individuals a fair bit of cash by promising "privacy" whilst simultaneously betraying their customers to whoever pressures them sufficiently (also: Torguard, of course). Equally bad, nearly all make catastrophically fundamental errors in cryptographic engineering - so bad that the "encryption" they promise is basically useless as real protection: "security theatre," in Bruce Schneier's memorable turn of phrase. The benefit customers receive is that the connectivity these fly-by-night companies provide, for the most part, isn't horrifically slow.

This is a bad trade, either way. It's also an unnecessary trade. The trick is to enable genuinely anonymous access and commercial-class, scalable network infrastructure (plus, of course, crypto implementation that doesn't suck).

That's what token-based authentication is all about.

- - -

We're looking forward to working with resellers of all types, from small groups of activists sharing tokens to more sophisticated, formal, wide-reach efforts. In truth, we don't know how all this will develop over time - it's new, and it's never been done before. We'll learn as we go, and do our best to ensure the benefits of token-based auth are available to anyone who needs them.

    ~ cryptostorm_ops

ps: no, not this kind of "token"

Posts: 7
Joined: Sat Nov 02, 2013 8:25 pm

Re: cryptostorm: token resales, "affiliates," & bulk purchas

Postby i0n » Tue Nov 12, 2013 5:39 am

If one pays directly to you with bitcoins, what's then the purpose of such resellers?

User avatar

Posts: 49
Joined: Sat Aug 31, 2013 5:42 am

Re: cryptostorm: token resales, "affiliates," & bulk purchas

Postby acid1c » Tue Nov 12, 2013 6:37 am

i0n wrote:If one pays directly to you with bitcoins, what's then the purpose of such resellers?

multiple sellers helps add to the effect of decentralizing the network. Not one sole person will have every token, and one mandated price. It also helps spread the word.

paying to cryptostorm in BTC is still separated from the network ops though.

At least that's what I took from it.
Bitmessage me with Questions, Help, or ChitChat :) - BM-2cV5BzWc9P7vufQREE8Be4U64GBgRJ3GnT
" Those who do not move, do not notice their chains." -Rosa Luxemburg

Posts: 1
Joined: Sun Dec 01, 2013 4:14 am

Re: cryptostorm: token resales, "affiliates," & bulk purchas

Postby Runonymous » Sun Dec 01, 2013 5:12 am

i0n wrote:If one pays directly to you with bitcoins, what's then the purpose of such resellers?

You pay to reseller with BTC.

Reseller MIGHT keep track of that connection (log the TXID in bitcoin network, which if you recall, is stored forever in the blockchain, and log the token it gave you for that particular BTC)

HOWEVER, unless reseller shares that info with Cryptostorm, Cryptostorm can't have that info.

You get one more layer of separation between you and potential attacker. Only one of those layers (either CS fellows or reseller) need to be "no-logging honest" to thwart the attacker.

Return to “independent cryptostorm token resellers, & tokens 101”

Who is online

Users browsing this forum: No registered users and 3 guests