Bitcoin Forum

I realize that bitcoin is pseudonymous vs. anonymous and that precautions must be taken, but I came across two easy-to-find web pages that should serve as a harbinger of how law enforcement will utilize bitcoin data should it attain critical mass:

1. http://buybitcoins.com/   Look at the Google maps from the crooks real (or proxy) servers. Now, this company lost over $2,000 in fraudulent cc transactions which is wrong, but the larger point is that a shocking amount of information is available from sloppy users.  Consider if this were political prisoners from Tibet, Wikileaks benefactors, or simply international business people wishing to keep an income stream private from confiscatory taxation authorities;

2. http://theymos.ath.cx:64150/bbe/   This is the Block Explorer brilliantly assembled by 'theymos'.  I almost fell out of my chair when I imagined law enforcement each having Block Explorer running as their home page. Theymos should receive many donations (from governments, I suspect).

The implications are obvious.  In the trade-off to cryptographically address the double-spend issue, Bitcoin has left a transactional trail of valuable data which can be beneficial to anyone attempting to piece together a profile.  As Bitcoin matures, more services such as mybitcoin.com, bitcoin banks, and bitcoin mixers will be routine practice because otherwise the casual (or novice) user will be unaware of the trail that could easily lead to physical and geographical identity. The privacy features of a $100 bill or a 500-euro note should be the minimum standard of financial and transactional privacy.

Is it possible to be 100% anonymous in the Internet? No matter what you do you are always showing your IP. Unless you go through Tor or similar, its not up to the protocol to hide the IP.

Maybe Bitcoin could implement a Tor system for the transactions in itself, so buyer and seller never interact directly. I will confess I have not master the bitcoin protocol (I am lazy) so can anyone tell me if it makes sense?

This is exactly the effect I intended! :) Once people understand how attacks would be performed, they can learn how to use Bitcoin safely.


Tor doesn't ensure anonymity, though it is required for anonymity. The problem is not in the network layer; the problem is that every transaction is recorded in the block chain (and there's no known way to avoid this in a decentralized way). See http://www.bitcoin.org/wiki/doku.php?id=anonymity .

Maybe Open Transactions (http://bitcointalk.org/index.php?topic=847.0) will someday be used for Bitcoin-backed bank notes. Open Transactions is perfectly anonymous, but centralized.

Personnaly I think the point about bitcoin is not really anonymacy.  The point is encryption.  Even if the states knows who you are, and what kind of transaction you've done, they can't steal the money you've earned.  The only thing they can do is put you in jail.  I dare them to do that.  It would be so obviously outrageous.  I know they would do it anyway, but I don't care.  Bearing injustice is an honor, sometimes.

What are the best ways today to have "safe bitcoin" like "safe sex" ?  Is the future of untraceable bitcoin going in the direction of anonymous re-mixers where you have to trust a third party bitcoin bank or are there other ways that i am missing?

In the future I hope Bitcoin will offer:
- Manually selecting which coins to send. This would allow you to send coins known to be safe.
- Creation of accounts that never mix coins when sending. Use one for anonymous transactions and one for non-anonymous transactions.
- Automatically mixing coins to new addresses that you own. This is not foolproof, but it significantly increases anonymity.

Third-party mixers will hopefully be available in the future, but most people don't need to use them. Just having them exist gives tons of plausible deniability to the automatic self-mixing strategy.

Right now the best thing you can do is the MyBitcoin method mentioned on the wiki's anonymity page.

I was thinking this exactly right now and came here to ask if it was possible. :)

Just for curiosity, is there any limit in the amount of addresses that can exists in the whole bitcoin network?

Not really.  The "limiting" factor, if this makes any sense, is rather the number of transactions.  Too many transactions could make too a big block chain for disk storage.  But the use of Merkle tree makes it unlikely to be a problem.

As for the total number of possible addresses, it is much bigger than the number of atoms in the universe.

BTW, How does Bitcoin make sure that every generated address is unique ?
Is it just at random + seed, so there is a theoretical possibility of collision one in a billion billion times ?

Collision is theoretically possible but is astronomically unlikely.

Remember that there are much more addresses than there are atoms in the universe.

If two people were randomly choosing an atom in the universe, how likely do you think they are to choose the same atom ?

Not really, but i still don't like it. I am a programmer and i what like more are 0 and 1 states: either it is possible or not. So "impossible" is much more interesting for me than "so improbable that almost impossible".

PS.
Bankers also won't like the "highly unlikely" thing.

The likelihood of that happening is directly proportional to the amount of damage that event would cause, according to good ol' Mr. Murphy :)

Seriously, you should give up on this idea that a non-zero probability is not negligeable.

A probability of 10^-100 is really impossible.  Do you know that according quantum mechanics, the probability that your ass crosses your chair when you seat is not zero ?  I can't compute it, but I wouldn't be surprised if such a probability was about that small.

Really? So bankers never step outside? Or spend anytime inside for that matter, people die from building collapses every day.

It's just retarded to worry about this.Maybe there will be one collision if bitcoin becomes the primary currency of the universe for the next 100 billion years, but not before 40 million bankers get struck by lightning. Let it go.

Seriously, like a banker actually worries about every 1 in 10^100 possibility.

edit: It's probably a joke, got me good.

Programming is full of probabilistic situations.

For example, the error checking/correction on your hard disk is probabilistic. A parity bit can detect a single error but not correct it. ECC coding can correct a single error and detect a double error but not correct it. The checksumming used on a hard disk can detect and correct a much larger number of errors.

But for every type of error detection correction, you can add some more errors and the algorithm will report the data as being correct. A parity bit is fooled by a double error, ECC code is fooled by a triple error, etc.

Provided your application (e.g. bitcoin) is depending on probabilities that are way more extreme than those that your hard disk is depending on, it's simply not a relevant issue, even in the black-and-white world of binary bits.

You don't have to say that, ribuck.  A probability of 10^-100 is ridiculously small.  It is just silly to think otherwise.

Even if it was tested every nano seconds, I could easily bet 100 years of intensive non-stop torture that such an event will not occur during my entire life.

I guess there are people on this forum that are good in maths too.  So let's compute this.

Let's say 10 billions of human beings are using bitcoin and that each of them generate a new address per second, 24/24h, 7d/7.

How much time do we have to wait so that we have 1% chance that at least one address has been generated twice ?

That actually depends on the algorithm.
Because if the algorithm used to create the addresses does not have enough "randomness" in it, then such event may occur much faster, than it should judging from probability.

Bankers are comfortable with at ATM password of length four digits. If someone finds a card in the street, that gives them a one-in-3333 chance of being able to get money from the card (because you get three tries to enter the password).

By comparison with that, atom-in-universe risks are not worth considering.

Well, to be fair, the number of atom in the universe (10^80) is not a good comparaison.

I just checked, and the total number of addresses is actually much lower.  It's about 1.5*10^48, according to theymos.   It's a huge number, but not as huge as 10^80.  I'll see if I can find an other physical comparaison.

grains of sand on the earth.
planets in the our galaxy
seconds in the lifetime of the universe/earth
number of people who ever lived.

You see ? Told ya. Definately not enough :P

Let's just say it's an other reason always to use a different address for each transaction.  So that in case of a collision, you won't loose all your wallet.

I wonder how difficult would it be to make the number of possible addresses something like 10 ^ 200.

People who ever lived is so tiny compared to 1.5*10^48 (which is smaller than I thought I remembered) being very very generous people who ever lived is still under 10^11. If every person went a different direction and repopulated a new planet with the same number of people as have ever lived here we'd still be under 10^22, so then have all of them do it again, and we're still 1500 times fewer.

UUIDs have 2^128 possible identifiers. They are also designed to be collision-proof. Wikipedia says (http://en.wikipedia.org/wiki/Universally_Unique_Identifier#Random_UUID_probability_of_duplicates):


Compare this to Bitcoin's 2^160 possible addresses. Bitcoin has:
1461501637330902918203684832716283019655932542976 addresses
UUIDs have:
340282366920938463463374607431768211456 identifiers

The number of addresses is 1.5*10^48. Suppose that ten billion people are generating one address each second. Furthermore suppose I care about bitcoin during my lifetime, and the lifetime of my descendants for the next thousand years.

In that thousand years, those ten billion people will generate 3.2*10²⁰ addresses. So the chance of any given address being duplicated in the next thousand years is one in 4.7*10²⁷.

Every "chunk" of bitcoin can be spent from exactly one address*. So if I owned a billion dollars worth of bitcoins, my statistical risk (i.e. the "expected loss") would be one billion dollars divided by 4.7*10²⁷, which is about 2.1*10^-17 cents.

I can live with that.


*as Bitcoin stands now, with complex multi-signature transactions being unimplemented

You guys are great, but you sure do get off topic pretty quickly. 
;-)
Cheers,

Sorry matonis, let me bring this thread back on-topic by adding another entry to your list of ways that law enforcement will utilitze bitcoin data.

They will simply get a court order to seize someone's computer. Upon running the bitcoin client they will click "Address Book" where they will find a nicely-tabulated list of bitcoin addresses and names.

"Yes sir, Officer!  Just have to save this file..."

dev.null > wallet.dat

I really don't think you want to type cp /dev/null > wallet.dat in the heat of the moment.

You're right.

Note to self, code a bash script, call it "Boom"

Thanks ribuck, but a fully-encrypted hard drive, like http://www.truecrypt.org/ will solve this issue.

Now, I also know that a person in the UK went to jail for "not" revealing his PGP private key password, but i suppose you can always say that you have so many passwords that you forgot.  Also, see similar case "UK teenager jailed for not disclosing password":

http://www.zdnet.com/blog/igeneration/uk-teenager-jailed-for-not-disclosing-password/6372

I remember reading that some of this system had a two password system. One password would open a phony part made on purpose in case the police or other criminals is forcing you to give them the key. And then the real key would take you to where you have the info.

Maybe stenography could also solve this issue.  But I find it difficult to find good doc about that.

Yes, you will have an encrypted hard drive, but the person from whom you received a payment (and who, unknown to you, is a criminal) will have your name in his address book on his unencrypted hard drive.

Not a problem.
Truecrypt also supports hidden hard drives inside encrypted "standard" hard drives.

This gives You plausible deniability - if asked, You can give the password to Your outer volume, and there is no way of detecting if there is another hidden volume in the outer volume, because the data has enough entropy to look completely random.

So they can't put You in jail for not disclosing password anymore.

Well, let's suppose you have a cube of diamond that's 10 metres per side and a computer that can try about 10 million addresses per second. The owner of the computer touches the cube of diamond once in their life so lightly that only one atom is worn away. The owner has a child when they're 26ish who also touches the cube of diamond similarly lightly once in their life etc...
The cube of diamond is completely worn away by the time the computer has exhausted the key space.

ByteCoin