Confession: I Once Name Squatted On Namecoin

Ever since reading Aaron Swartz’s “Squaring Zooko’s Triangle”, I’ve been obsessed with secure, human-readable decentralized namespaces.

I was a Namecoin early-adopter and enthusiast for a long time (still am). I contributed a fairly well-known piece of software to the space, and continue to work on this problem.

So, perhaps it should come at no surprise that some of my very first experiments with Namecoin involved writing scripts to mass-register and mass-renew names on the blockchain. And while it was never my intent to be a professional name squatter, for a few months at least, I was, and — horror of horrors — I was caught! :-O

Why did I do this?

  • part of me (the dumb part, of course) was likely excited by the prospect of selling a 3 or 4 letter domain (esex.bit sells for $1 million!”).
  • part of me wanted to prevent someone else from grabbing names that could be used to damage Namecoin and its community. For example, I didn’t want to see a headline like, “Namecoin flagrantly flaunts child-porn laws with pedophile.bit domain!”, so I decided to squat on names like d/pedo, d/pedophile, and d/pedophiles. Looking back, this was silly, since there’s not much preventing pedophiles from grabbing other names, and the damage this could cause is probably about the same, even with a less blatant name.
  • part of me simply wanted to explore just how how easy (and therefore how serious) the problem of name-squatting on Namecoin was.
  • part of me wanted to grab a few names to give to my close friends.
  • and part of me needed a script to legitimately renew domains like okturtles.bit, dnschain.bit, etc. In fact, this was how the whole thing started.

This experiment resulted in a few surprising problems that I would only realize years later.

After a few months had passed, I’d mostly forgotten about these names and had moved on to working on projects unrelated to Namecoin. However, every so often I’d return to Namecoin, and one day I discovered that my wallet was corrupt.

I asked Ryan Castellucci (a Namecoin developer) if he could assist me with recovering the wallet, and during the process he discovered the registrations I made, including id/ryan. A bit embarrassed, I gladly transferred this name to him (even though I’d originally saved it for a friend). I let the rest expire.

Still, the names came back to haunt me again. I was recently tipped off to a 3-year old pastie containing the names I’d registered,1 and linking those registrations to me.

I suspect (but am not certain yet), that this list of names could be at least partly to blame for some hostility between myself and another member of the Namecoin community. Although they never contacted me about the list, this person did put considerable effort into attacking DNSChain, and I’d always wondered why. Maybe this is my answer, or at least part of it? Oh well, water under the bridge.

Lessons

  1. Name-squatting is basically an unproductive, harmful activity, even if you have good intentions.
  2. If you’re going to name-squat, you should realize that blockchains like Namecoin are not anonymous (not yet?), and are also completely unforgiving to mistakes. So while Namecoin is great for MITM-attack prevention and for preventing domain-seizures, it does not provide anonymity.
  3. If you’re experimenting with something borderline shady, reconsider, as your actions can be misunderstood and foster suspicion in those with overactive imaginations. Consider how it might look to another community member.
  4. Re-examine your practices and take corrective steps.

As part of that fourth lesson, I’m going to review and release all domains that I have no near-term plans for. While I don’t have anymore Namecoin registrations, there are a handful of DNS names that probably fit into this category that I’ve allowed to automatically renew out of laziness.2

Name-squatting links and research

What sort of a researcher would I be if I didn’t end this post with links to name-squatting research?

  1. I haven’t verified the entire list of names, but many of them are indeed names that I had registered.
  2. Including `bitcoinday.com`! So get ready to snap that up if you plan on putting it to good use!

Leave a Comment