OZ is a privacy tool that creates an anonymous interactive environment
for financial transactions. It is not an online bank, a payment service,
or a digital currency. It's more like a combination of a chat room and a
digital wallet that lets you mint your own coins.
In Oz, there is no authority, no coercion, no central point of control,
ownership, or vulnerability. There is no record-keeping mechanism. Identities
can be authenticated but not traced to physical persons. Instead, there are
Nyms, Coins, and Locales. You go to some locale, meet and converse with other
Nyms there, and put down or pick up coins.(CAVEAT: The current version is
neither anonymous, secure, nor decentralized. See section VII.)
Sections II, III, and IV explain what you can do and why. Sections V and VI
go into more detail on the 'how', and discuss the various menus and windows.
Section VII Explains the current status and limitations of the Oz network.
Section VIII Tells how to install and setup this stuff.
II - NYMS.
Nym is short for pseudonym. A Nym is an identity. You can make and use as
many of them as you like. One could be how most of your friends and associates
know you. You could have another for shopping, another for that forum you
don't want even your friends to know you're in, another for purchasing erotica,
another for dealing with the Venusian agent you sell nuclear secrets to, and
so on.
You can switch between Nyms whenever you like. You can erase a Nym when it's
no longer needed, but you may be burning some bridges. Think it through.
In Oz, people aren't dealing with you, they see only your current Nym. You
will probably want to make and use at least one Nym consistently so it can
build a reputation. No one else can make or use the same Nym, and everyone
can tell if it's the same one they've seen before. Coins and locales are
tagged with the Nym that created them.(CAVEAT - THIS IS NOT YET TRUE. SEE
SECTION VI)
III - LOCALES.
A locale is a place to meet, converse, and trade with other Nyms. You can only
get there by knowing it's name. If you aren't there, you can't do any of these
things. You can be in more than one locale at the same time. Locales and their
contents are stored in a secure, redundant and distributed way such that they
cannot be seen or corrupted by others, nor can your access to them be hampered.
You can make and erase locales, and enter or leave them. If you made a locale,
then you can restrict entry to a specific list of Nyms. (CAVEAT - SEE SECTION
VII)
One use for a locale is as a place to keep coins. This is in some ways like a
bank account. To keep the contents safe, either don't tell anyone it's name, or
restrict entry to a 'door list' of one --- yourself.
Locales are primarily places to rendezvous with other Nyms. Some are like a
meeting place for those with a common interest or purpose. Some are known
for the types of products or services offered there. Some are Index Locales,
places that contain lists of or advertisements for other places. Expect other
creative uses for them to appear.(CAVEAT - SEE SECTION VII)
IV - COINS.
A coin is a store of value, that is, it represents something of value. That
could be US dollars, Georgian Lari, E-gold grams, goats, an acre of prime
Florida swamp, or a Ming vase. A digital signature guarantees that it was
issued by who it says, and that no one has changed it since then. If I give
you a Ming Vase coin, it is my promise that you can exchange it for the vase
whenever you like. The same goes for a $100 USD coin. The issuer promises to
exchange it for $100, for anyone, at any time. It is a promise to pay the
bearer. This is the essence of money. It's value depends entirely on your
trust in the issuer.
Normally you store your coins in special locales you keep a secret from others.
you can also keep them on your Oz desktop or other computer files. In fact,
you can keep them on any data storage medium you like (and trust). You could
even print them out and keep them in your wallet, but it will be a pain to
get them back in. Consider having locales to store coins for shopping, savings,
assets (the vase, the swamp), receipts (the investment fund, the rent deposit),
and so on.
To sell you my Ming vase, we meet in some locale, I plop down my vase coin,
you plop down your 10 EU-1000 coins, you pick up the vase coin, I pick up
the Euros, thank you very much and see you later. Of course, either one of us
could just grab everything and run. If trust is an issue, escrow the transaction
briefly through a trusted third party or use one of the other trust management
techniques mentioned in "Toward A Private Digital Economy". Eventually
this process will be automated and invisible.
Coins are easy to copy, so I could sell my vase several times if I wanted.
This is called the double-spend problem. To keep this from happening, as
soon as you get a coin from someone, you have it re-issued. That is, you
give it back to the issuer in exchange for a new coin of equivalent value,
but one of which nobody has a copy. In Oz, this is a one-click operation.
Before you accept a coin, you might want to make sure it's valid (that the
issuer of the coin agrees that it's his coin, it hasn't been already spent,
and that he will still redeem it). In Oz, this is also a one-click operation.
V - THE OZ DESKTOP.
The Oz interface is composed of:
The desktop or main window.
The Main Menu (FILE COIN SETTINGS HELP)
Nym, locale and coin icons (and their pop-up menus).
Presence and talk windows.
The desktop is a place to keep your Nyms, frequently visited locales,
and coins that aren't in a locale. You can click-and-drag anything
that's on it. Along the top is the usual main menu.
FILE MAIN MENU.
The SAVE and LOAD options save and restore any coins that are on the desktop,
which locales are visible on the desktop (but not their contents), the
size and location of things on it, and various other program settings.
LOAD - NO SETTINGS restores all but those program settings from a file, and
EXIT terminates the session.
COIN MAIN MENU.
NEW creates a coin. The dialog asks for the coin value, the number of coins
to make, and their denomination (US dollars, Euros, goats, whatever). See
more about denominations in section VI. ERASE destroys a coin. Usually the
only time you need to do this is when someone redeems a coin that you issued.
STORE and FETCH move coins between a locale and the desktop. VERIFY checks
on a coin with it's issuer. REISSUE replaces a coin with a new coin of
equivalent value to prevent a double spend. DESIGN brings up a dialog for
creating a new coin type or "denomination". See section VI for more about
this.
SETTINGS MAIN MENU.
SELECT-OZ-SERVER chooses the hostname (or IP address) to reach an Oz server.
When OZ becomes a fully distributed peer-to-peer network, this will go away.
The REPUTATION-SERVER dialog chooses the Nym of the reputation server to which
reputation reports will be sent. See "Coin icons" below for more about this.
If you intend to operate a reputation service yourself, this dialog also
specifies your report spooling directory, and a button to start and stop
the service. See more about this in section VI.
HELP MAIN MENU.
ABOUT presents some version and author information. HELP: you're reading it
now, of course.
NYM ICONS AND THEIR POP-UP MENU.
Nym icons are a shadow-figure head with name at the bottom.
Your Nym icons have a thick white frame, whereas the Nyms of others do not.
Also, under your currently active Nym, the name is enclosed in [Square
Brackets]. Note that just as in the real world, names may not be unique.
Right-clicking a Nym icon pops a menu of the items NEW, SWITCH, ERASE,
CHECK-REP, REP-OK, and REP-NG. NEW is how you create another Nym for
yourself. SWITCH is how you select a Nym to be the current one you are
using. ERASE destroys a Nym. CHECK-REP sends a query to your reputation
server that returns reputation info about the Nym.
The two options REP-OK and REP-NG give you the opportunity to file a good
or bad report on someone you deal with. This is part of the Oz Reputation
Management System, and a very important thing in anonymous economics. Say you
exchanged 40 Euros for Yen but when you tried to reissue the yen, they were
already spent. 1) You right-click on any Nym and select REP-NG, 2) you click
on Euros to total 40 (or the equivalent in Yen or gold or whatever), 3) you
click on the Nym of the bad guy. DING! A negative report is sent to the
reputation server containing the witness (you), the subject (Mr. Bad Guy),
and the value of the transaction (40 EU). Likewise After the conclusion of a
satisfatory transaction you should make a report, but selecting REP-OK instead.
If you drag a Nym onto a locale, you will enter the locale. If you drag your
Nym out of a locale, you will leave that locale. if you drag someone elses Nym
from a locale onto the Oz desktop, you will make a copy of their Nym. If you
drag a Nym onto another Nym, the two will be compared for 'sameness'. By making
copies of Nyms you deal with often, you can make sure you are dealing with the
same Nym at a later time, not just one with the same name.
COIN ICONS AND THEIR POP-UP MENU.
Coin icons are an antique Roman gold piece with the denomination above, and
value underneath.
Right-clicking a coin has all the same options as those in "COIN main menu"
above except for DESIGN, but you won't have to deal with any coin-selection
dialogs. If you drag a coin onto a locale, it will be removed from
the desktop and stored in that locale. Likewise, you can drag a coin from a
locale to the desktop, or from one locale to another.
LOCALE ICONS AND THEIR POP-UP MENU.
A locale is uniquely identified by its name. A locale icon is a Mollweide
projection world map with its name above.
The locale pop-up menu (right-click) has lots of options. NEW creates a new
locale. Enter makes you present at a locale. When you enter a locale, some cool
stuff happens. See "Presence and talk windows" below. LEAVE removes you from a
locale and collapses the presence window back into a locale icon. TALK toggles
your talk window for a local where you are present and makes it possible for
others at the locale to 'hear' what you 'say' there. LOOKUP will make a locale
icon on your desktop for a named locale if it already exists, and FORGET will
remove a locale icon (without actually erasing the locale itself). In this way
you can control what locales you currently keep icons for on your desktop.
FETCH-COINS and STORE-COINS give you a way to grab bunches of coins and move
them between your desktop and a locale. EMPTY will transfer ALL coins in a
locale to your desktop. ERASE destroys a locale. Any coins there will be
moved to your desktop. VERIFY-COINS lets you batch a verification request for
a bunch of coins in a locale.
If you drag your Nym onto a locale, you will enter the locale. If you drag your
Nym out of a locale, you will leave that locale. if you drag someone elses Nym
from a locale onto the Oz desktop, you will make a copy of their Nym for
later comparison.
PRESENCE AND TALK WINDOWS.
When you enter a locale, it opens up into a window where you can see all the
coins and Nyms present there, including yours. You can move coins between
it and your desktop and others present there will see the coins appear and
disappear. You can see the coming and going of Nyms. One thing to be careful
about is that if you switch Nyms while present at a local, it will be obvious
to others that the two are the same person.
You can also listen to and participate in conversations there. For every Nym
in a presence window, there is a smaller "talk" window titled with the name
of the locale and Nym. Whatever that Nym types into his talk window will
be visible to all others present. Your talk windows are white, everyone
elses have a grey background. You can backspace in a talk window, even
through previous lines. Presence and talk windows, like the desktop window,
can be resized and minimized in the usual ways.
You can drag and drop coins and Nyms among locales and the Oz desktop and
something meaningful will generally happen. Read the individual sections for details.
VI - ADVANCED.
DENOMINATIONS.
Denomination is the type of value represented by a coin. It may be a commodity
like gold, or a complete abstraction without intrinsic value like US dollars,
or a specific asset like a particular Ming vase. Most coins you encounter in
Oz will be issued by some widely known Nym with a reputation for reliably
issuing and redeeming currency. Most will be denominated in familiar national
currencies. You will likely have other reasons to create your own coin types.
If someone in Oz makes you a loan, they are likely to ask you for an IOU coin.
If you ran a storage business you could issue coins for stored assets so they
could be traded in Oz (in the banking business this is called securitization), and so on.
You create and edit your denominations in the main menu COIN->DESIGN dialog.
NAME is the coin type "12th Dynasty Ming Vase". The ISSUER is you, one of your
Nyms. GOLD GMS is the nominal gold equivalent value which need not be terribly
accurate, its only used for normalizing the values in reputation reports.
SERIAL is the serial number of the next coin of the type to be issued. Click
NEW and you're done. Click UPDATE to make any changes take effect.
REPUTATION SERVER SETTINGS.
In "Coin icons and their pop-up menu" You saw how to submit a reputation
report on another Nym to indicate your satisfaction, or dis, with its
outcome. Those reports are transmitted to some Nym you have selected to be
your reputation server. If you are a Nym that runs a reputation server, you
will use the SETTINGS->REPUTATION-SERVER dialog to turn your service on and off.
You may also elect to run a separate application that uses reputation reports
to maintain a dynamic website featuring a scrolling marquee of reputation
into. SPOOL DIRECTORY is the filesystem directory on your local host to put the
reports where that application can find them. Click START to kick things off.
VII - CAVEAT.
(Some Warnings, what this is NOT)
This is not ... something you want to trust your actual money with.
This is ....... a demo and test of a novel approach to anonymous economics.
This is not ... secure, strongly anonymous, encrypted, authenticated.
This is ....... the GUI front-end to what could eventually be all of that.
There were several optimistic references to security and authentication in
the material above. Disregard them completely. They apply to some time in the
dim and distant future when this GUI becomes the front end to a truly secure,
peer-to-peer distributed network, rather than a concept demonstration.
Several other things are still desperately needed to make this a practical
environment. The automated escrow function described in the paper has not been
implimented. There is no abilility to establish ownership or control access to
a locale. Nyms are not authenticated and anyone can make up a Nym with any name.
The 'comparison' feature currently does no more than compare names so it
provides no real protection. Coins are not authenticated either so there is no
real protection against counterfeiting either the issuer's Nym, or the coins
themselves. Our paper specifies that the Oz environment is to be decentralized,
fully distributed, peer-to-peer. But the current software works through a
central server and won't scale up beyond a few dozen concurrent clients. We
believe a functional anonymous environment should store coins and locales
holographically using one of the well-known algorithms for distributed data
storage, but at this stage, data storage depends on the central server.
There is no encryption whatsoever of traffic, transactions, coins. So there is
only the illusion of privacy and anonymity. If you get more than 15 or 20 Nyms
in a locale, you will run into OS limitations on the number of windows in an
app. Finally, this is alpha software less than 2 months old, and if there are
no more bugs or issues in it, the devil will have to turn down his air
conditioner and put on an extra sweater.
All that said, this is still a cool tool for experimenting with a novel
approach to financial privacy and anonymous economics. If we can pull together
some additional talent in the areas of encryption and P2P networking, we will
set up an open source development project. Until then, we welcome any feedback,
ideas, criticism, bug reports, whatever. But for now, we make no promises.
VIII - INSTALLATION.
OUT OF THE BOX
The distribution is in the form of a single compressed file, Oz.zip.
It is known to run under Windows 98, 2000, and XP. It will
also likely work with ME and NT but hasn't been tested there. It will unpack
into three directories PDE_CLIENT, PDE_SERVER, and REP_SERVER. You will want
to make shortcuts on your windows desktop to OZ\PDE_CLIENT\pdenode.exe,
OZ\PDE_SERVER\pde_server.exe, and OZ\REP_SERVER\repserver.exe .
THE CLIENT.
The client application pdenode.exe is your local node in the Oz 'network'.
as distributed, it opens with the default Nym "J. Doe". The first thing you
should do is make your own personal Nym(s) then erase Mr. "Doe". An INIT file
in the PDE_CLIENT directory will remember your last Nym, config settings,
personal coin denominations, Oz desktop layout, and so on.
The default server hostname is set to localhost. Unless you have an Oz server running there, the client will initially timeout after a few seconds trying to contact it. Use the main menu SETTINGS->SELECT-OZ-SERVER to configure the
hostname or IP address where an Oz server is running. Then the client will
attempt to establish a connection to it.
You can run several clients at the same time on the same host, but you
should make a separate client directory and init file (pde_data.ozc) for each
one. Each one should use different Nyms. The same Nym should not appear on more
than one client.
If you ever want to reset things to clear your client desktop and start over,
you can do so by exiting the client and removing it's init file Pde_data.ozc .
It will complain about the missing file on restart, but carry on.
THE SERVER.
This experimental version of the Oz GUI requires a central server to handle
storage of and concurrent access to coins and locales, and to act as a
switchboard for message traffic between clients. If you are setting up yout own
'network' you must run the server on one of your hosts and configure all clients
to look for their server on that host. Very simple, just execute it.
If you ever want to reset things to erase all coins and locales and start over,
you can do so by exiting the server and removing it's init file Pde_data.ozs .
It will complain about the missing file on restart, but carry on.
THE REPUTATION WEBSITE APP.
As already described, a client can make reputation reports and get reputation
readings on other Nyms with a click or two. This depends on some client
being configured as a reputation server. That client can also optionally run
a separate application that maintains a dynamic website of reputation info
updated from the flow of reputation reports it receives. This is completely
separate from the basic reputation service that answers reputation queries
from other Nyms.
This application was taylored for use in the proposed role-playing simulation
experiment at DEFCON-12 where in addition to the website accessible to players,
the display would be visible on a video projector in the room. Detailed
instructions on operating the thing have not been written, but here is a brief
overview of it's features:
It accumulates reputation reports in an ascii data file. It can receive
reputation reports in three ways. 1) reports forwarded from an Oz client node
acting as a reputation server as files in a spooling directory. 2) reports
manually entered thru a full-featured GUI. 3) Merging ascii report data files
created by other instances of the same application. The report database can be
searched and edited, traversed by time, subject Nym, or witness Nym. There
is also Nym string completion to speed manual report entry. Play around with
it. It should be fairly obvious.
As distributed, it comes with a sample reputation database of a couple hundred
reports over 40 or so Nyms. You can clear it by removing the file
Oz\REP_SERVER\Reputations.txt. To see the dymanically updated web page it generates, point your browser to Oz\REP_SERVER\Reputations.html.
