Bitcoin Forum

Alternate cryptocurrencies => Altcoin Discussion => Topic started by: generalizethis on June 20, 2015, 05:20:27 AM



Title: Privacy and Security
Post by: generalizethis on June 20, 2015, 05:20:27 AM
This is a general discussion on how to best achieve Privacy and Security with cryptocurrencies. At the moment I'm not imposing moderation, but if spam, trolling, or FUD gets to a point where meaningful discussion is impossible, the thread will be moderated or terminated.

Privacy (personal security) is much like nutrition in that you not only need to read the label, but understand what you are looking for. And as with nutrition, you must not only be vigilant but learn new behaviors to stay as healthy as possible.

If you are running Windows, this is a good way to find out how infected your computer is:
malwaretips.com/blogs/malware-removal-guide-for-windows/ (http://malwaretips.com/blogs/malware-removal-guide-for-windows/)

Most complete article I've found on the ins and outs TOR*:
lifehacker.com/how-can-i-stay-anonymous-with-tor-1498876762 (http://lifehacker.com/how-can-i-stay-anonymous-with-tor-1498876762)

Very general comparison of TOR, Freenet, and I2P:
null-byte.wonderhowto.com/inspiration/anonymity-networks-dont-use-one-use-all-them-0133881/ (http://null-byte.wonderhowto.com/inspiration/anonymity-networks-dont-use-one-use-all-them-0133881/)

Guide to setting up I2P:
https://rebuildingalexandria.wordpress.com/2012/02/21/secure-and-anonymous-file-sharing-using-torrents-on-the-i2p-network-library-nu-exiles-take-a-look/ (https://rebuildingalexandria.wordpress.com/2012/02/21/secure-and-anonymous-file-sharing-using-torrents-on-the-i2p-network-library-nu-exiles-take-a-look/)


*I'd like something more current, but this should indicate how hard good security can be and that TOR, like any tool, should be wielded with skill and preferably with the most recent version. If you have an updated link for securing your TOR connection, please post and I will include it in the OP.


Title: Re: Privacy and Security
Post by: chennan on June 20, 2015, 05:43:39 AM
This is a general discussion on how to best achieve Privacy and Security with cryptocurrencies. At the moment I'm not imposing moderation, but if spam, trolling, or FUD gets to a point where meaningful discussion is impossible, the thread will be moderated or terminated.


About privacy: Always new receiving address and new change address, you can use VPN to hide your IP as well.
https://bitcoin.org/en/protect-your-privacy

About Security: Always set up long passphase including number, charactor and captial. Back up your wallet!
https://bitcoin.org/en/secure-your-wallet


Title: Re: Privacy and Security
Post by: TPTB_need_war on June 20, 2015, 05:44:50 AM
There is myriad of potential improvements being discussed and worked on in back channels that I doubt any of those entities is going to discuss here until it has been announced by the various entities that are working on solutions.

So all you are likely to get here are comments from n00bs that don't really know what is going on. Or general statements from experts who don't want to spill all the beans yet.

For example, the failure to point out that the following suggestion will not be effective against the national security agencies (which are likely now functionaries for future tax clawbacks):

About privacy: Always new receiving address and new change address, you can use VPN to hide your IP as well.
https://bitcoin.org/en/protect-your-privacy


Title: Re: Privacy and Security
Post by: generalizethis on June 20, 2015, 05:59:36 AM
There is myriad of potential improvements being discussed and worked on in back channels that I doubt any of those entities is going to discuss here until it has been announced by the various entities that are working on solutions.

So all you are likely to get here are comments from n00bs that don't really know what is going on. Or general statements from experts who don't want to spill all the beans yet.

For example, the failure to point out that the following suggestion will not be effective against the national security agencies (which are likely now functionaries for future tax clawbacks):

About privacy: Always new receiving address and new change address, you can use VPN to hide your IP as well.
https://bitcoin.org/en/protect-your-privacy

But now a privacy-noob sees (or at least I hope they do) that this is a flawed technique and can move toward a better understanding of privacy. Some of this stuff has been hard-coded into their psyches by endless repetition from weekend privacy warriors or Bitcoin supremacist who either don't know the error of their methods or are too invested to correct them in a meaningful way.


Title: Re: Privacy and Security
Post by: RappelzReborn on June 20, 2015, 06:03:04 AM
For me , I think everyone will get his privacy when people start sharing their real life informations like Residence , Passport or ID/Driver licence.
https://bitcointalk.org/index.php?topic=1093168.0 , one other thing is simply using multiple adresses (different each transaction) like Satoshi said and then everyone will be fine . But for now seems like no one is doing that so yeah .. no privacy


Title: Re: Privacy and Security
Post by: muhrohmat on June 20, 2015, 06:14:24 AM
sir rappelzreborn could say that to paypal for instances if they implement into bitcoin market the use into paypal to that currency coin would be good for more security.


Title: Re: Privacy and Security
Post by: RappelzReborn on June 20, 2015, 06:22:57 AM
sir rappelzreborn could say that to paypal for instances if they implement into bitcoin market the use into paypal to that currency coin would be good for more security.

not sure what you but We don't need any comapanies like Paypal, Google , Facebook, Twitter or other big famous website to start working with Bitcoin because they will screw it over and screw our privacy over , they will start asking for our real informations and it won't be decentralized shit anymore then your account gets limited most likely for using fake informations and your you won't see your BTC forever, we'ere just fine !


Title: Re: Privacy and Security
Post by: generalizethis on June 20, 2015, 06:31:51 AM
For me , I think everyone will get his privacy when people start sharing their real life informations like Residence , Passport or ID/Driver licence.
https://bitcointalk.org/index.php?topic=1093168.0 , one other thing is simply using multiple adresses (different each transaction) like Satoshi said and then everyone will be fine . But for now seems like no one is doing that so yeah .. no privacy

I believe the problem with relying unquestioningly on multiple address use is that once one wallet is linked to an ID, then all the addresses can be linked to that address by analytic tools like this: https://www.elliptic.co/anti-money-laundering/ It may not link you to any crime, but may be enough to blacklist those wallets and make using those coins difficult (or force you to pay a premium to spend them) in certain jurisdictions. Or worse put you on an auditing list of your local tax collection agency.

A big part of privacy is unlinkability--either you have it, or you don't.


Title: Re: Privacy and Security
Post by: marine4u on June 20, 2015, 07:07:24 AM
I wrote a long boring article few days ago about exchange privacy which is by far the major privacy leak in crypto as of today, I have also worked out a solution with signed message verification of withdrawals from exchanges, please take your time to read it and tell me what you think so that I can make improvements based on suggestions.

  • The case for the Elliptic Curve verification of withdrawal without email
https://bitcointalk.org/index.php?topic=1089959.msg11617728#msg11617728 (https://bitcointalk.org/index.php?topic=1089959.msg11617728#msg11617728)


Marinecoin DEV
marinecoin.org


Title: Re: Privacy and Security
Post by: superresistant on June 20, 2015, 08:14:19 AM
So all you are likely to get here are comments from n00bs that don't really know what is going on. Or general statements from experts who don't want to spill all the beans yet.

It is our duty to educate the noobs.


Title: Re: Privacy and Security
Post by: kazuki49 on June 20, 2015, 12:10:52 PM
There is no freedom without privacy, the implications of cryptocurrencies who do not respect the masses privacy are not being taken with the necessary care in a broader sense outside small communities which are shun away as "altcoins". Is a (remote) chance of getting rich by virtue of an early investment all it will take for we exchange our financial integrity in a transparent blockchain? If people accept it the TPTB may as well make the Bitcoin value skyrocket and adopt it everywhere on their system, a removal of the 21m cap will be just the beginning, mining power would shift very fast to their control as they have most of the IRL money and resources after all and the common person cannot really afford ASICs, their dystopic 1984 reality will finally come true.


Title: Re: Privacy and Security
Post by: generalizethis on June 20, 2015, 12:29:56 PM
There is no freedom without privacy, the implications of cryptocurrencies who do not respect the masses privacy are not being taken with the necessary care in a broader sense outside small communities which are shun away as "altcoins". Is a (remote) chance of getting rich by virtue of an early investment all it will take for we exchange our financial integrity in a transparent blockchain? If people accept it the TPTB may as well make the Bitcoin value skyrocket and adopt it everywhere on their system, a removal of the 21m cap will be just the beginning, mining power would shift very fast to their control as they have most of the IRL money and resources after all and the common person cannot really afford ASICs, their dystopic 1984 reality will finally come true.

To feed your healthy paranoia: https://www.youtube.com/watch?v=GIus7lm_ZK0 (https://www.youtube.com/watch?v=GIus7lm_ZK0)

I wrote a long boring article few days ago about exchange privacy which is by far the major privacy leak in crypto as of today, I have also worked out a solution with signed message verification of withdrawals from exchanges, please take your time to read it and tell me what you think so that I can make improvements based on suggestions.

  • The case for the Elliptic Curve verification of withdrawal without email
https://bitcointalk.org/index.php?topic=1089959.msg11617728#msg11617728 (https://bitcointalk.org/index.php?topic=1089959.msg11617728#msg11617728)


Marinecoin DEV
marinecoin.org

I took a quick run through and love that you aren't using email (though I wonder if you couldn't use encrypted email for some communication), but I don't think I read anything about TOR or I2P integration. Believe you would need some sort of integration to achieve high-level security. Was speed reading, so maybe I went too far too fast?



Title: Re: Privacy and Security
Post by: hf100 on June 20, 2015, 04:11:01 PM
There is no freedom without privacy, the implications of cryptocurrencies who do not respect the masses privacy are not being taken with the necessary care in a broader sense outside small communities which are shun away as "altcoins". Is a (remote) chance of getting rich by virtue of an early investment all it will take for we exchange our financial integrity in a transparent blockchain? If people accept it the TPTB may as well make the Bitcoin value skyrocket and adopt it everywhere on their system, a removal of the 21m cap will be just the beginning, mining power would shift very fast to their control as they have most of the IRL money and resources after all and the common person cannot really afford ASICs, their dystopic 1984 reality will finally come true.

To feed your healthy paranoia: https://www.youtube.com/watch?v=GIus7lm_ZK0 (https://www.youtube.com/watch?v=GIus7lm_ZK0)

I wrote a long boring article few days ago about exchange privacy which is by far the major privacy leak in crypto as of today, I have also worked out a solution with signed message verification of withdrawals from exchanges, please take your time to read it and tell me what you think so that I can make improvements based on suggestions.

  • The case for the Elliptic Curve verification of withdrawal without email
https://bitcointalk.org/index.php?topic=1089959.msg11617728#msg11617728 (https://bitcointalk.org/index.php?topic=1089959.msg11617728#msg11617728)


Marinecoin DEV
marinecoin.org

I took a quick run through and love that you aren't using email (though I wonder if you couldn't use encrypted email for some communication), but I don't think I read anything about TOR or I2P integration. Believe you would need some sort of integration to achieve high-level security. Was speed reading, so maybe I went too far too fast?



I thought there was a vulnerability recently found in Tor that leaves it open to man in the middle attacks. I don't know if it's any use to the tax authorities, but they might pay professionals to exploit it if they thought they could make money from it.


Title: Re: Privacy and Security
Post by: marine4u on June 20, 2015, 08:35:09 PM
There is no freedom without privacy, the implications of cryptocurrencies who do not respect the masses privacy are not being taken with the necessary care in a broader sense outside small communities which are shun away as "altcoins". Is a (remote) chance of getting rich by virtue of an early investment all it will take for we exchange our financial integrity in a transparent blockchain? If people accept it the TPTB may as well make the Bitcoin value skyrocket and adopt it everywhere on their system, a removal of the 21m cap will be just the beginning, mining power would shift very fast to their control as they have most of the IRL money and resources after all and the common person cannot really afford ASICs, their dystopic 1984 reality will finally come true.

To feed your healthy paranoia: https://www.youtube.com/watch?v=GIus7lm_ZK0 (https://www.youtube.com/watch?v=GIus7lm_ZK0)

I wrote a long boring article few days ago about exchange privacy which is by far the major privacy leak in crypto as of today, I have also worked out a solution with signed message verification of withdrawals from exchanges, please take your time to read it and tell me what you think so that I can make improvements based on suggestions.

  • The case for the Elliptic Curve verification of withdrawal without email
https://bitcointalk.org/index.php?topic=1089959.msg11617728#msg11617728 (https://bitcointalk.org/index.php?topic=1089959.msg11617728#msg11617728)


Marinecoin DEV
marinecoin.org

I took a quick run through and love that you aren't using email (though I wonder if you couldn't use encrypted email for some communication), but I don't think I read anything about TOR or I2P integration. Believe you would need some sort of integration to achieve high-level security. Was speed reading, so maybe I went too far too fast?



I thought there was a vulnerability recently found in Tor that leaves it open to man in the middle attacks. I don't know if it's any use to the tax authorities, but they might pay professionals to exploit it if they thought they could make money from it.

Half of tor nodes are operated by government spy agencies and the rest are hackers trying to figure out who is doing what, I think that says it all, what we are doing with signed messages is eliminating all unnecessary communication over the internet and unsafe database storage of the passwords, a simple hash that verifies that you are you no email no tor that simple.


Title: Re: Privacy and Security
Post by: equipoise on June 20, 2015, 10:18:49 PM
^From https://torstatus.blutmagie.de/:
Quote
Total Number of Routers:   6716
It seems 2000$ per day would be enough for half the nodes.


Title: Re: Privacy and Security
Post by: generalizethis on June 21, 2015, 12:46:39 AM
There is no freedom without privacy, the implications of cryptocurrencies who do not respect the masses privacy are not being taken with the necessary care in a broader sense outside small communities which are shun away as "altcoins". Is a (remote) chance of getting rich by virtue of an early investment all it will take for we exchange our financial integrity in a transparent blockchain? If people accept it the TPTB may as well make the Bitcoin value skyrocket and adopt it everywhere on their system, a removal of the 21m cap will be just the beginning, mining power would shift very fast to their control as they have most of the IRL money and resources after all and the common person cannot really afford ASICs, their dystopic 1984 reality will finally come true.

To feed your healthy paranoia: https://www.youtube.com/watch?v=GIus7lm_ZK0 (https://www.youtube.com/watch?v=GIus7lm_ZK0)

I wrote a long boring article few days ago about exchange privacy which is by far the major privacy leak in crypto as of today, I have also worked out a solution with signed message verification of withdrawals from exchanges, please take your time to read it and tell me what you think so that I can make improvements based on suggestions.

  • The case for the Elliptic Curve verification of withdrawal without email
https://bitcointalk.org/index.php?topic=1089959.msg11617728#msg11617728 (https://bitcointalk.org/index.php?topic=1089959.msg11617728#msg11617728)


Marinecoin DEV
marinecoin.org

I took a quick run through and love that you aren't using email (though I wonder if you couldn't use encrypted email for some communication), but I don't think I read anything about TOR or I2P integration. Believe you would need some sort of integration to achieve high-level security. Was speed reading, so maybe I went too far too fast?



I thought there was a vulnerability recently found in Tor that leaves it open to man in the middle attacks. I don't know if it's any use to the tax authorities, but they might pay professionals to exploit it if they thought they could make money from it.

Half of tor nodes are operated by government spy agencies and the rest are hackers trying to figure out who is doing what, I think that says it all, what we are doing with signed messages is eliminating all unnecessary communication over the internet and unsafe database storage of the passwords, a simple hash that verifies that you are you no email no tor that simple.

Gotcha, so your main concern is password security. As far TOR goes, I can't find a definitive article on how broke or unbroken it is, but it still is preferable (as far as privacy is concerned) than clear net and can be made better by certain practices, though I2P would be the preferred method for near/complete/better-than security.

I think I'm going to take some time tomorrow and see if i can't find some more definitive materials on TOR and perhaps I2P. I'd like to gather materials for the OP for quick reference for those who are interested in securing their finances and identification but aren't sure where to begin.

If anyone has any links they think would be useful, please post them. The more general or panoptic ones I'll try to include in the OP.


Title: Re: Privacy and Security
Post by: 1986 on June 21, 2015, 09:30:26 AM
This is a general discussion on how to best achieve Privacy and Security with cryptocurrencies. At the moment I'm not imposing moderation, but if spam, trolling, or FUD gets to a point where meaningful discussion is impossible, the thread will be moderated or terminated.

malwaretips.com/blogs/malware-removal-guide-for-windows/ (http://malwaretips.com/blogs/malware-removal-guide-for-windows/)


Best solution: don't use windows. I was sick of getting viruses all the time so switched to ubuntu. It's 99% safer in my opinion and the liklihood of getting a virus is next to nothing. Plus, I much prefer linux anyway and you can download ubuntu for free. You can boot it from a cd-r or usb as well without installing it so you can text it out to see if you like it.


Title: Re: Privacy and Security
Post by: generalizethis on June 21, 2015, 12:18:23 PM
This is a general discussion on how to best achieve Privacy and Security with cryptocurrencies. At the moment I'm not imposing moderation, but if spam, trolling, or FUD gets to a point where meaningful discussion is impossible, the thread will be moderated or terminated.

malwaretips.com/blogs/malware-removal-guide-for-windows/ (http://malwaretips.com/blogs/malware-removal-guide-for-windows/)


Best solution: don't use windows. I was sick of getting viruses all the time so switched to ubuntu. It's 99% safer in my opinion and the liklihood of getting a virus is next to nothing. Plus, I much prefer linux anyway and you can download ubuntu for free. You can boot it from a cd-r or usb as well without installing it so you can text it out to see if you like it.

I use an air gapped linux to secure my Moneroj. More adaptable than a Trezor and you can play games on it.  ;)


Title: Re: Privacy and Security
Post by: kazuki49 on June 21, 2015, 12:39:42 PM
This is a general discussion on how to best achieve Privacy and Security with cryptocurrencies. At the moment I'm not imposing moderation, but if spam, trolling, or FUD gets to a point where meaningful discussion is impossible, the thread will be moderated or terminated.

malwaretips.com/blogs/malware-removal-guide-for-windows/ (http://malwaretips.com/blogs/malware-removal-guide-for-windows/)


Best solution: don't use windows. I was sick of getting viruses all the time so switched to ubuntu. It's 99% safer in my opinion and the liklihood of getting a virus is next to nothing. Plus, I much prefer linux anyway and you can download ubuntu for free. You can boot it from a cd-r or usb as well without installing it so you can text it out to see if you like it.

Yeah Linux, like best things in life, is free :)


Title: Re: Privacy and Security
Post by: Ingatqhvq on June 22, 2015, 02:13:27 AM
Security is more important than Privacy.
                                                                       


Title: Re: Privacy and Security
Post by: generalizethis on June 22, 2015, 11:48:04 AM
Security is more important than Privacy.
                                                                      

https://i.imgur.com/RZu9osf.jpg

I would say that if you don't see how the two are inextricably linked, then you missed what happens when hackers steal private information  (Target, et al) and destroy victim's security.

"Give me liberty or give me death!" would now read, "Give me protection from the minuscule threat of a Terror Cell and here is my pin, my passwords, my emails, my location 24/7, pics of my wife...my dog...my kids, here's every phone conversation I ever had, my medical history,  my eating habits, my exercise habits, here is my friend's and family's linked meta data reamed through a processor to create psych profiles so the government can go minority report and prevent any loose cannons, here's my life captured in digital form so my real body is protected from things that rarely happen ever, here is my voluntary cooperation in the greatest control apparatus ever devised, here is where information still means power and I just gave both away so I don't get a lottery's chance of being blown up by a stranger."  

Everything comes back to the fight or flight instinct and over-socialization industrialization docilification has made most men a herd of skitish sheep "bahing" for their Overlord Shepherd to protect them from the digitally recorded "howl' playing on CNN from the time they wake-up to the time they lay down in a bed of Ambian prescribed sleep.


Title: Re: Privacy and Security
Post by: The Sceptical Chymist on June 23, 2015, 04:12:39 AM
sir rappelzreborn could say that to paypal for instances if they implement into bitcoin market the use into paypal to that currency coin would be good for more security.

I do not think the English language works the way you think it works.


Title: Re: Privacy and Security
Post by: generalizethis on June 24, 2015, 02:49:46 AM
Good starting point for researching TOR's possible weaknesses:

We must fix the internet so as to maintain the fundamental End-to-end principle. The designers forgot to build Tor into it when they designed it. And Tor has serious flaws; most importantly it can be Sybil attacked.
Tor has been praised for providing privacy and anonymity to vulnerable Internet users such as political activists fearing surveillance and arrest, ordinary web users seeking to circumvent censorship, and women who have been threatened with violence or abuse by stalkers. The U.S. National Security Agency (NSA) has called Tor "the king of high-secure, low-latency Internet anonymity".

americanfolklore.net/folklore/2010/07/brer_rabbit_meets_a_tar_baby.html (http://americanfolklore.net/folklore/2010/07/brer_rabbit_meets_a_tar_baby.html)

https://blog.torproject.org/blog/thoughts-and-concerns-about-operation-onymous

https://blog.torproject.org/blog/hidden-services-need-some-love

https://www.google.com/search?q=Tor+correlation+attack

https://www.google.com/search?q=Tor+sybil+attack

https://www.google.com/search?q=Tor+exit+node+attack

https://en.wikipedia.org/wiki/Tor_%28anonymity_network%29#Exit_node_eavesdropping

Furthermore, Egerstad is circumspect about the possible subversion of Tor by intelligence agencies:[101]

   
Quote
If you actually look in to where these Tor nodes are hosted and how big they are, some of these nodes cost thousands of dollars each month just to host because they're using lots of bandwidth, they're heavy-duty servers and so on. Who would pay for this and be anonymous?



Title: Re: Privacy and Security
Post by: X68N on June 24, 2015, 08:22:17 PM
When using Tor, dont forget to disable javascript,java,Flash,ActiveX.
All that fancy stuff could and will leak your true ip.

one big problem most users under estimate is Browser fingerprinting,
http://www.golem.de/news/browser-fingerprinting-tracking-geht-auch-ohne-cookies-1310-102253.html
since each browser can be configured by many possibilities, chances are high these are unique.