Ok, so here's how Bitcoin works:

• Step 1. Distribute the entire transaction history to everyone in the P2P network, much like how a git repository works.
• Step 2. Have a bunch of people do lots of expensive hashing so that anyone in the P2P network can tell which "branch" of the repository is the official one. ("The branch that was the most difficult to compute" is the one that wins.)
• Step 3. To see how much money you have, look at the transaction history for the accounts that you control.

Bitcoins aren't really a thing you can have. Even the physical "bitcoins" you can buy aren't really coins. They're just private keys that are allowed to sign transactions on behalf of accounts that have a non-zero balance.

The only reason why people talk about Bitcoin as being untraceable is that anyone can create accounts, and there aren't necessarily names attached to accounts, but it would be too hard for authorities with warrants to catch you if they suspected you. The entire transaction history is still there, forever, for everyone to see!

I tried DuckDuckGo for about a month, but the results sucked ass. Now I know why. :)

Well, Java and a Windows virtual machine or two will easily cause this. Of course, both qualify as "something seriously wrong" to me, so I don't disagree...

What part of this didn't you understand:

My response: "No, it doesn't, and here's a 7000-word, peer-reviewed article---written by people who understand how the Internet works---that explains why."

Your response: "Yeah, but, if we lived in Magical Faerie Land where the Internet didn't work that way, this would be a great idea! Also, that article is just somebody's opinion. I won't mention any specific objections to it, and I probably haven't read it except for its title."

RFC 3675 disagrees with you.

About the security model: I know that apt works by checking an OpenPGP signature on the Release file (which contains hashes of the Packages files, which themselves contain hashes of the individual .deb files). So, effectively, the entire repository as a whole is signed---a rogue mirror can't silently drop security updates by cherry-picking insecure old versions of packages.

Do you know if yum does something similar? I remember, a few years ago, RPM signatures were at the individual package level, rather than at the repository level. Is that still the case?

1. Get rid of these notice-and-takedown laws.
2. Enact statutory liability any time this happens. That will make these folks a lot more careful about how they use the notice-and-takedown laws.

Anyone who has their freedom of speech inappropriately restricted deserves compensation from these clowns.

You realize that the whole Debian archive is signed, and those signatures are checked by apt-get, right? When did malicious code ever make it into the (signed) archive?