Bitcoin Forum

This message was too old and has been purged

This message was too old and has been purged

This is already part of bitcoin AFAIK (at least for outgoing connections and over /16). 

This message was too old and has been purged

That is pretty weird behavior. Just checked my nodes and each had only one connection to that subnet ( as expected).
I blocked it anyway, but I'm curious whats going on in your case.
What version of bitcoin core do you run ?

This message was too old and has been purged

Also (dns) seed nodes are only rarely used.  Maybe on a brand new bitcoin installation.  On restart it should revert to the peers.dat.  This file contains data on peers your node has previously seen/connected to.  On restart bitcoin should try and connect to these. You should check whether your outgoing connections are also just from this subnet.  Incoming I understand.  But outgoing should be fine.

This is my lay understanding of how it works.  Seems there is something wrong at your end.

46.105.210.* are addresses managed by OVH, a major french hosting provider.
Usually, OVH provides a bunch of IP addresses with a single server. Very useful for a sybil attack...
These nodes seem active since a few months (see this post (https://bitcointalk.org/index.php?topic=899196.0)).

EDIT: Just checked my full node (hosted by OVH  :D) and I've found 1 ip from this subnetwork (among 56 connections)

Also had 1. Blocked it also.

How about another hypothesis: an head-end of a CG-NAT (http://en.wikipedia.org/wiki/Carrier-grade_NAT) device for some large French MVNO (http://en.wikipedia.org/wiki/Mobile_virtual_network_operator) or some similar arrangement like Orange FunSpot (Free WiFi Internet access service).

This message was too old and has been purged

OK, if they don't behave like a normal client behind a NAT that definitely confirms your suspicions. Large scale NAT farms are popping all over the world right now, and many programs tend to go berserk when receiving connections from those.

Can you clarify what you mean by "the seed nodes". Do you mean DNS seeds?  Returning how? Need more details!

Edit: Okay, I see seed.bitcoin.sipa.be is returning a single 46.105/16 to me. Is this what you're referring to?

2000 connections is not possible, you'll run out of file descriptors. If you edit the code remove the limits you'll end up with arbitrary memory corruption.

The code that limits outbound counts to one host per /16 is trivial, it's in net.cpp:1207.   Can you please get a getpeerinfo on the effected host while the naughty peers are connected and send me the diff with whatever changes you're running?

Nothing?  Outbound and inbound connections do not compete with each other. You will still be limited in the number of outbound connections you have to a single /16.

Considering that OVH provides 256 IP for free with each dedicated server, I bet 10 satoshis that we have a single monitoring node behind all these IPs.

This message was too old and has been purged

Select has a maximum of FD_SETSIZE (1024) FDs in use, and you will end up totally screwed up if you are beyond that. It doesn't matter what you've set your ulimit to.

When you run hacked up versions that which changes that you do not understand you waste everyone's time (including yours), and you provide bad service to other nodes. I shouldn't have to read between the lines to troubleshoot your private code based on the subtle implications of your offhand comments.

This would be pointless. If you are both hosts A and B, why bother having B pretend to be host A?   Also if you were having B pretend to be A your host would still think it was connected to A even if it were now B talking.  I'm doubtful any retail hosting provider of any scale is failing to run URPF these days in any case, since they'd constantly be a source of DOS attacks. :)


All that aside-- even ignoring what looks like some broken behavior in your node, this is moderately concerning.  What it looks like to me is a rather ham-fisted sybil attack trying to trick nodes into leaking private data to them, the nodes seem to fail to relay transactions too which hurts performance some-- it may even completely disrupt some less sophisticated wallets that don't have any protection against multiple output connections to the same /16. The Bitcoin protocol, when implemented correctly, has a degree of sybil resistance when it comes to partitioning and double-spend risk as an attacker must get _all_ your connections for those attacks, but this kind of activity can really violate user privacy since privacy attacks don't need to get all your connections; especially for SPV nodes which liberally broadcast their wallet addresses to nodes that they're using as servers.

We've been working slowly on some improvements in this space in Bitcoin Core but Bitcoin community (outside of core devs) interest level is pretty low, and due to not being SPV Core already has much better privacy. (In general I've be disappointed by how few people realize how important privacy and fungibility is for Bitcoin's viability as a currency).  It's not as simple as just blocking them (though you're free to do that yourself), as blocking on a global basis (instead of each user deciding for themselves) has significant collateral risk and would be easily evaded by anyone who thought it was okay to breach normal network behavior to violate user privacy in the first place; and then you have even less information about the attack.  Making it so the attack is harder to see doesn't make it go away.

This is also a reminder to always use tor with Bitcoin 100% of the time (and to use a full node if you can), as that reduces the incentives to pull this kind of stunt.

Ah, so there is a NAT device involved here. This basically invalidates all your previous observations, as they can be explained easily as the errors in the NAT implementation. Especially if somebody advertises "full cone NAT" (only relevant to UDP) when interfacing TCP application.

Please do us all a favor and tell us the manufacturer/model/version information for your NAT box. Everyone could then just add it to they "do not use/buy" list.

I noticed that one of those nodes were connected to my own node, then I scanned it:

Starting Nmap 6.00 ( http://nmap.org ) at 2015-03-13 01:48 CET
Nmap scan report for 46.105.210.179
Host is up (0.065s latency).
Not shown: 996 closed ports
PORT     STATE    SERVICE
22/tcp   open     ssh
445/tcp  filtered microsoft-ds
8080/tcp open     http-proxy
8333/tcp open     unknown

Seeing it had a http-proxy, I connected to it with a browser and got this message, in a typical login box you get with .htaccess restrictions:

A username and password are being requested by http://46.105.210.179:8080. The site says:

 "Please authenticate using your Chainalysis API-ID and API-Key". [sic]

I tried another IP, same result. These are the offending IP's that has connected to my node:

46.105.210.194, 46.105.210.11, 46.105.210.255, 46.105.210.138, 46.105.210.196, 46.105.210.246, 46.105.210.220, 46.105.210.204, 46.105.210.179, 46.105.210.189, 46.105.210.10, 46.105.210.42


And then a google search which gave me:

https://chainalysis.com/

"Providing technical solutions to automate crypto currency compliance"

"
Company

Chainalysis offers a service that provides financial institutions with the means to obtain regulatory compliance through real-time analysis of the blockchain. Chainalysis customers get access to an API that allows them to determine which entity a transaction originates from, and whether the flow of funds originate from someone they would want to do business with. In other words, it automates the travel rule.

Chainalysis achieves this by doing sophisticated in-depth real-time transaction analysis to determine unique entities within the blockchain.

Besides for API access, customers are provided with a web interface enabling them with easy transaction route investigation, private annotation of entities and transactions and automated report generation."


Michael Grønager
Chief Executive Officer

Jan Møller
Chief Technology Officer

Jens Hilligsøe
DevOps Engineer

Kresten Krab Throup
Consulting Architect

Jørn Larsen
Business Advisor


Personally I've perma-blocked these guys now. I should make the iptables rules persistent on my node. Also, is there a blacklist where bad actors are listed with a reason, so a node operator could chose to block such entities? Personally I don't like blacklists much, perhaps whitelists are better, but it's impossible to keep track of every time someone posts about bad nodes.

I understand the need for such a solution as chainalysis from a regulatory and business perspective, however I'm don't think this is in the true spirit of bitcoin, but I guess someone would've provided this kind of service no matter what. But this is akin to spying to be honest. And it is exactly that we're wanting to get away from with all the monitoring that goes on in the traditional financial system. If Joe pays Alice 10 bucks, it's noone's damn business how, where and what relates to that payment.

nice find!

https://chainalysis.com/

"Chainalysis offers a service that provides financial institutions with the means to obtain regulatory compliance through real-time analysis of the blockchain. Chainalysis customers get access to an API that allows them to determine which entity a transaction originates from, and whether the flow of funds originate from someone they would want to do business with. In other words, it automates the travel rule.
Chainalysis achieves this by doing sophisticated in-depth real-time transaction analysis to determine unique entities within the blockchain.
Besides for API access, customers are provided with a web interface enabling them with easy transaction route investigation, private annotation of entities and transactions and automated report generation."

seems to be them....

Surely what they are saying they are doing is not really possible.  They cannot with certainty verify who is paying who.  They might be able to make probabilistic statements, but not certainty in all cases. 

Making this the default behavior would help both Bitcoin and Tor.
It seems that many synergies could be established between the two projects, since both are disruptive enough to attract the attention of big bad actors.

actually it's a good incentive to move past bitcoin and truly support a real anonymous currency (what that is yet I have no idea) that is the cash of the digital world. Because bitcoin isn't an anonymous currency and isn't going to be.

depends on what exactly they offer.
if they are connected to more thn 75% of the network they certainly can tell what region of the world sent this transaction out first (not who crafted it... except if running bitcoind himself)

not sure who are this anonymous financial companies interested in this.

i'd say (tinfoil hat) its a service for nsa/bnd/fsb and so on

Blocked the bad nodes as well.

Here's the list of ip's to block:


5.9.115.0/24
46.105.210.0/24
2001:41d0:a:605c::/48

46.105.210.194, 46.105.210.11, 46.105.210.255, 46.105.210.138, 46.105.210.196, 46.105.210.246, 46.105.210.220, 46.105.210.204, 46.105.210.179, 46.105.210.189, 46.105.210.10, 46.105.210.42,

Source: Reddit

I've had a few of those and another connected to my node, so add this one to the list as well: 46.105.210.137 .

Personally I've taken it to block 46.105.210.* since obviously we don't know all IP's involved (yet). What scares me is that it's relatively easy for people to evade blocks like this.

Looks like the people at mycellium and kraken are involved...

Even probabilistic data is bad. They could use it for targeted advertising for instance.

Plausible deniability is not the be-all and end-all. Even if they don't know for sure it could be reason enough to put you under further surveillance.

For Ubuntu you can use ufw.

Remark: UFW is a firewall! If you enable it in the default mode which is "deny all", all new connections on all ports will be denied while existing connections stay open (like your current ssh connection). Make sure to "ufw allow" all ports that you need before you enable ufw. Sometimes you forget a port, but if you are sshing into your server, always allow ssh before you do anything stupid. You can than open ports at a later stage through ssh.

Here it goes:


The order is important. If you allow 8333 and deny incoming from ip ranges later, only the first rule applies.

Hope this does the trick. If I forgot something pleae tell me.

is there a way to block certain ip in bitcoin.conf file?

Was it not that a person had all his electronic equipment confiscated and brought in for having a bitcoin-node associated with a rogue transaction displayed on blockchain.info earlier on?

If there are entities paying for analysis of the block chain, and it's acted upon (by law enforcement) data that cannot be fully trusted, it could cause lots of troubles.

Also, while blocking ip's of nefarious nodes is a temporarily solution, it's only an annoyance for the perpetrators, and given they have sufficient resources, they could further hide their activity as to not give away their intentions.

Given they have enough resources, they could even have automated ip-switching going on. Once an ip is blocked by a sufficient number of legit nodes, they just switch the ip of that node, and all of that could be automated. So in essence blocking the IP's are a bit like holding your hand over a hole in your rowing boat that is leaking in water, might give you some temporarily relief, but is not a lasting solution.

Now - it's near impossible to know who really controls a node, if they really want to go stealth. If a node acts like a normal node in all ways, why should it not be considered a normal node?

If I understand it right, the chainalysis mode of operation is for them to connect to as many nodes as possible, so if I do a transaction directly from ip A, which runs a full bitcoin core node, be it on a cable-connection or otherwise, if cainalysis is connected to the node where the tx is orginating, the ip-address of the node where the transaction was orginating is recorded within the chainalysis database. They will probably use many other sources to get more info about the owner of that ip-address. If they're only a private company they will have less data points to work with, but if they're an intel agency, there's virtually no limit as to how sophisticated the systems could be, in theory they could plugin directly to the customer database of ISP's and have names displayed in real time in association with the IP's. Information that could further be relayed and shared with relevant parties.

Bitcoin is only pseudonymous, as everyone can lock up a transaction in the block-chain, and I assume network analysis cannot be prevented, but I do think it should be made more difficult.

But a blacklist solution is dangerous. Who's to decide what goes on the blacklist, and who's to verify the decisions are correct? Perhaps some automated solution in bitcoin core where peers that's behaving unexpectedly could be automatically banned is a better solution? But again, that's much like holding hand over leaking hole, as if certain footprints reveals rogue nodes, they will only change their appearance to appear more legitimate. And I'm not sure, but I believe bitcoin traffic is unencrypted in transit, so what prevents an intel org from manipulating the traffic (making legit nodes appear rogue), in essence grinding the entire network to a halt if nodes automatically ban misbehaving nodes?

I'm no TOR expert, but I've noticed there's been much mumbling about TOR not being all that secure anymore, so would a normal user really be more secure if he used Bitcoin+TOR?

Since bitcoin is supposed to be trustless, if we started to make a whitelist of legit nodes, that would go against that ideal.

So, in reality, how do we ensure that most nodes on the network are legit, and what's the best method of blocking rogue nodes from connecting to your own node?

In my view, in essence it boils down to freedom and privacy. There's something fundamentally wrong when certain people need to exert "control" over others against their will.

how do you block an IP in bitcoin core?

Do you port scan every bitcoin node that connects to you ? Why would you do that, what were your real intentions ...

You really want to use iptables (assuming you are on Linux and I cannot imagine why you would not be.) That way you never have to shut down the Daemon just to block an address.

What do you think of my ufw approach above? I find ufw easier to get than iptables.

Good job Cryptowatch.com !

They may also try to reproduce the experiment done by 3 researchers from the University of Luxembourg : http://arxiv.org/abs/1405.7418 (http://arxiv.org/abs/1405.7418)
If it's their mode of operation, blocking these IPs at individual node level won't be enough since information is leaked by the 8 outgoing peers.
It would require that all full nodes block these IPs. But as you've stated, that sounds like an unenforceable policy...

And people says we dont need an anonymous coin ? It's time for cryptonote technology to shine. its resistant to blockchain analysis. read about it here : http://en.wikipedia.org/wiki/CryptoNote or here: https://en.bitcoin.it/wiki/CryptoNote

Please, note that the "problem" discussed in this post isn't blockchain analysis per se, but network eavesdropping.
Ring signatures and stealth addresses won't help to solve this specific issue.

I got one of them attached to my node: 46.105.210.37

You can see all the connections to my full-node here: http://23.253.119.84/

Dear primer-,

I run a node for altruistic purposes, to support the network. Here's the stats and info page: http://node.cryptowatch.com/

You can connect with any node you want to that node, and you will see there's no portscanning on your node conducted by my node.

Nmap (nmap.org) is a program that can be used manually to scan any host for open ports. When I read this thread, naturally I wanted to see if I could do some simple investigation to learn more of the nature of the party monitoring large parts of the network. As it happened, I found some public available information and shared it with the community, see my earlier posts.

My intentions are good, as I'm a big bitcoin supporter.

I hope this cleared things up. Thanks for the question.

imho nmapping anyone is not a problem - its like knocking on doors.
and i think i am allowed to knock on the doors of someone who enters m house (=connected to my node)

the question is what you use the data for...i have no doubt that your intentions are honest btw.

If you ran bitcoind with -listen=0 these sybils would not be able to connect to you? Obviously everyone can't do this.

Here's your answer as to what the data was used for:
https://bitcointalk.org/index.php?topic=978088.msg10756505#msg10756505

I don't have an issue with people not trusting me, is not that what the world has come to? ;) I just repeat that the only reason I did nmap on that host was because I found some of the same ip's; 46.105.210.194, 46.105.210.11, 46.105.210.255, 46.105.210.138, 46.105.210.196, 46.105.210.246, 46.105.210.220, 46.105.210.204, 46.105.210.179, 46.105.210.189, 46.105.210.10, 46.105.210.42 in the debug.log of my bitcoind, upon reading OP (https://bitcointalk.org/index.php?topic=978088.msg10677210#msg10677210) I did the investigation as you can see in the link above. The intention was to find out what & who was behind the monitoring on the network. If you want to label me, then give me the whitehat label please, I really have no further to add to this particular question. :)

sorry (blame my english) i did not question your intention (i already knew it). it was more in the line of "its the question what the guy nmapping other people has for intentions"

IMHO: it is easy to use iptables and a small script to autoblock anyone who is nmapping... so i just dont understand people yelling when someone does it.

btw "I don't have an issue with people not trusting me, is not that what the world has come to?"
sadly...yes...

http://insidebitcoins.com/news/someone-may-be-deanonymizing-your-bitcoin-transactions/30759


Maxwell has pointed out that there has been some slow progress in the prevention of sybil attacks recently, but he seemed more concerns with the general attitude of the bitcoin development community as a whole. He stated that interest in implementing better protections against sybil attacks has been “pretty low” outside of the core developers, and he also described his disappointment with “how few people realize how important privacy and fungibility is for bitcoin’s viability as a currency.”

A blessing in disguise

At the end of the day, this event should be viewed as a reminder that bitcoin transactions are not anonymous and far from private by default. The reality is there is still plenty of work to be done in the realm of protecting privacy in bitcoin. Getting angry at how anyone interacts with the bitcoin network is useless; it’s the base incentive structure that matters. If there are any weak spots in the protocol, it will only be a matter of time before someone tries to exploit them. Instead of yelling at the attackers, it would probably make more sense to build better defenses. When there are weaknesses in a decentralized system, there is no point in hoping that everyone will just play nice.

this is why we cant have nice things

There were two from that IP range that were attached to my node. 

"If there are any weak spots in the protocol, it will only be a matter of time before someone tries to exploit them. Instead of yelling at the attackers, it would probably make more sense to build better defenses."

Quoted from: http://insidebitcoins.com/news/someone-may-be-deanonymizing-your-bitcoin-transactions/30759

I think it's the perfect summary and answer to this thread.

Hmmm... let me think of a single reason... Because I'm a gamer?

Yep ! Actually we should even thank these guys because this "attack" is quite cheap: use of IP addresses in the same subdomain isn't really smart for a sybil attack  :D
I may be wrong but it's likely that similar attackers are still acting undetected because they can afford a better strategy (different ip ranges, imitation of full nodes behaviors, ...).

With IPv6 this type of attack will become even more difficult to detect and prevent merely by blocking the IPs.

In before conspiracy theories come out:

Chainalasys VS Mycelium - The full story


Mycelium Wallets use our own custom nodes to process the bitcoin blockchain and scan for address balances. These nodes were written by Jan Møller while he was the Lead Developer, along with our other devs. The job of these nodes is to parse the 30 gig Blockchain database into our own custom database, which is much larger, being over 100 gigs in size, but which allows for very quick and easy lookup of address balances, allowing for instant balance lookups and to do things like Cold Storage spending from paper wallets and Trezor.

Mycelium's owner and developers believe in total financial privacy and personal freedom, and our company has a goal to make Mycelium Wallet the most anonymous wallet possible. For this reason, we have kept our wallet code completely open since the beginning, and have been public and open about what goes on internally in our company (I hope you have noticed my frequent updates, especially with the unfortunate Entropy delays). And even while Jan was still the lead dev, we have created LocalTrader to work completely anonymously, using only bitcoin signed messages for user authentication and encrypting all user chat P2P using their respective private keys so our servers receive no usable data. We have also added HD wallet support, and disabled all IP and transaction logging on our nodes. However, we also realize that just us claiming that we do that isn't good enough, and that's why we added full Tor support, and are in the process of implementing CoinJoin, which we hope to have enabled by default, so that even those who don't care about staying anonymous will help contribute. Our goal was to have Mycelium Wallet be as anonymous as Dark Wallet, and that has not changed.

Jan Møller, our lead developer who did most of the work on the nodes, realized that the node-parsed blockchain database can be used to analyze bitcoin transaction activity, and help track transactions in the same way that our current financial institutions do (although with much less certainty). So he decided to have his own project that does just that, and has split off from Mycelium company last October. We still kept him on as our chief technical consultant, since he did write most of the node and original wallet code, so he is technically still employed by Mycelium, but he has had no access to our nodes since he left. Our current full time lead developer is Andreas Petersson, who is working on implementing Coinapult Locks right now, and the other two developers are Jan Dreske (/u/trasla here) and Daniel Weigl, who have been adding support for Trezor, fixing bugs, adding minor requested features, etc.

We at Mycelium are not fans of what Chainalysis does, but we can't really object too much, because if something like this is even possible to do, then someone will do it, whether it's Jan's company or someone else. It's also preferable that this is done by a public company in the open, instead of in secret by a government agency. And secondly, since the developer behind this is someone who worked with us, we can at least get inside knowledge of what may be tracked and how by such systems, so we can be aware of what to watch out for and what to fix. Obviously it's not a guarantee that we will get an honest answer, but it's still better than nothing.

With regards to why our website's About section still lists Jan Møller as a Lead Developer, it's because our website dev has been working full time on another (secret) Mycelium project, and has not had the chance to change anything. I guess the site is too low of a priority to update. Note that both of our current top wallet developers who have been doing most of the work these past few months, Jan Dreske and Daniel Weigl, are completely missing from there too. I am sorry that I have not publicly stated anything about this either, but since Chainalysis is a completely separate company, Jan Møller has not had access to our internal systems since he became a consultant, and our internal goals are still total anonymity, there was no risk whatsoever to Mycelium or the privacy of our users from the Mycelium side. I have been fairly open about being an AnarchoCapitalist myself, supporting people like Cody Wilson and Ross Ulbricht, and supporting the idea of The four pillars of a decentralized society as explained by Johann Gevers to help decentralize government functions. So if there ever is a risk of Mycelium becoming a snooping agency, or if Mycelium changes its goals with regards to expanding personal freedom, I still promise to let the community know, sine there would be no way I would be willing to continue to work there if that happens.

It's not possible to have over ~864 (?) connections, or absolute max is 1024 (FD_SETSIZE) without changing the netcode extensively. Personally for fun I have coded an epoll implementation for the bitcoin core to allow an arbirary number of connections, I got up to 6k connections before the CPU maxed out due to the inv flooding.

Based on my legal studies at the University of Wikipedia, I think Chainanalysis is violating the CFAA.

https://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act#Criminal_offenses_under_the_Act

Connection slots made available by full nodes are offered to peers who will participate in the relaying of transactions, I doubt the people who run full nodes authorize use of their limited connection slots for the purposes other than participating in the Bitcoin protocol.

Kraken is not in any way "behind" Chainalysis. Michael Gronager left Kraken in October 2014 to work on Chainalysis and has only remained affiliated with Kraken in an advisory role.

For those unfamiliar:
https://www.youtube.com/watch?v=8oeiOeDq_Nc

It may well be that Chainanalysis is violating CFAA, but then again when I get up and breathe in the morning I am probably violating several laws.  

Why not just start going through the process of ensuring they are blocked.

If they continue with their efforts, I recommend this as a resource:

Consider what Mozilla did as a technique against a global spyware provider...
https://blog.mozilla.org/blog/2013/04/30/protecting-our-brand-from-a-global-spyware-provider/

Or, use the courts to seize the domain(s) of Chainanalysis or any other company that does what they are doing via the ex parte TRO process - like this:
http://www.honeynet.org/node/830

Word of warning: I'm not a lawyer, this isn't legal advice.  So if you feel compelled to examine any of these options further, do what any reasonable person must do: Consult a lawyer before doing anything!

Otherwise, block Chainanalysis's shit.

Thanks to those who have caught this early.

Blocking them is certainly a great idea, and so is implementing technical measures that make what they are trying to do more difficult or (ideally) impossible.

There's also a very satisfying form of symmetry in holding startups in the regulatory compliance field accountable to regulations which they are violating.

If companies who are disrupting the Bitcoin network for a profit were held accountable to criminal law, then maybe the investors in such companies would apply more scrutiny to the ventures they fund.

This is exactly what they want you to do. We are attacking a whole subnet, maybe a competitor they wanted gone, testing for the future to maybe take down bitpay or something. If they were real, they'd use random ips.

You really think they'd use one subnet? And make it so obvious? With a homepage playing right into our fears? This whole thing is staged. Bitcoin is already designed to avoid peers from the same subnet. Why would they use that?

Using a node with tor is a bad idea.

On the TOR point specifically, numerous studies have been done that have revealed problems involving the use of TOR and bitcoin in combination, leading to vulnerabilities that have not yet been mitigated.

See:

https://github.com/OpenBazaar/OpenBazaar/issues/866#issuecomment-62577905

The release of Tails with Tor and Electrum has me concerned due to these issues as were commented on by Biryukov, Pustogarov, and others.

Your comment is confused and misleading.

The "problems" reported initially is that an attacker can DOS attack to cause IPv4 nodes to block nodes behind Tor. This is true, but we were always aware of that and implemented hidden service bitcoin nodes as a tool to improve that. The paper was revised to also point out that you could concurrently DOS attack hidden service nodes-- which is generally true with or without tor, but there are not as many HS nodes.

The end result of all that though is just a DOS attack. Maybe if an attack happened, which isn't currently happening, you might have problems getting a new connection after starting your software.  This is completely safe, it might be irritating but your privacy would not be compromised unless you took the affirmative (and obviously foolish) action of disabling Tor support in your wallet.

None of this is a reason to not use Tor-- it's a reason, among _many_, that Tor doesn't solve all possible problems but you lose nothing by using it.  It's harmful to the community for you to promote otherwise.

Actually, I use TOR myself.  I just disagree that we should blindly use TOR with bitcoin or suggest that users do the same thing without warning people of the possible consequences.

See in my remarks on github where I suggested one possible option:

"Appropriate warnings for users who are using OpenBazaar (which incorporates bitcoin use) with Tor should be something like this: "Warning: Proceed at your own risk," or, "Warning: Use of Tor and Bitcoin together may result in additional attack vectors that could compromise your privacy. Do you wish to proceed?"

This is not a slam on OB either because I use OpenBazaar.  I simply think it is ridiculous to not warn people of possible risks.

This warning is incorrect for Bitcoin.  The risks described are that it may be somewhat more vulnerable to DOS attack. For wallet users the only consequence is that it might not work and, if they're in a hurry, they might choose to turn off tor and end up with the same non-privacy they would have had if they had not used Tor.

OpenBazaar is offtopic in this thread.

You seem to be rather insecure about my remarks about Tor, Bitcoin and so forth.  I don't feel any of my remarks are OT, furthermore.  These matters I've mentioned are relevant to what's at hand.  I'd be less concerned with wallet users choosing to "turn off tor" (as this is likely a very small subset of persons) and more concerned with a bunch of folks who are engaging in surveillance of large parts of the network while at the same time, the system is vulnerable to people who craft large-scale surveillance not just for monitoring but with the intent to create a new Bitcoin reality for some set of users, and / or those who want to greylist people. 

I think this is also a very good time to bring up again the subject of why anonymity as an option is very important for Bitcoin users.
I'll refer back to this:
https://bitcointalk.org/index.php?topic=175156.msg7912447#msg7912447 

Ciao,

-ABIS

I just had an idea. I don't know if it's feasible, so let the experts chime in:

Is there any foolproof way a node could broadcast that it runs an unmodified bitcoin-core version? However, if there was such a way, a resourceful party could run hundreds of nodes on different ip's on different subnets which all appeared legit, but also with the purpose of collecting identifying data. And npbody can really know what the node operator does with all the info he gathers.

Fungibility (http://en.wikipedia.org/wiki/Fungibility) is very important for bitcoin. Once businesses starts rejecting your transaction for whichever reason, we're back to square one. Nothing is as annoying as a bank shutting you down without even explaining why. Do we want the same for bitcoin?

Also I do not understand what makes bitcoin special over cash in terms of the regulatory environment. True, you can move bitcoin faster over longer distances (or at least assign a new owner to certain coins..), but I haven't seen any banks employ people to follow customers after withdrawing cash from an ATM to check what they're up to, where and how they spend their money. In essence, with the regulatory environment esp. in the US of today, we in essence have the digital version of this where large bitcoin companies have deployed technology for blockchain analysis where they trace incoming and outgoing funds to be "compliant". The only reason this is done is because it's possible.

Perhaps a certain level of regulations are smart, but why hassle the normal users and why this extended monitoring and spying. To me it seems like it's another security-theatre. I don't buy the arguments about bitcoin being used for nefarious purposes. Afaik, fiat money aka USD cash money is what's the favourite way of paying for criminals. When will we see a crackdown on the dollar? On a more serious note: All these legalities that's not contributing to the development for the human race, is doing the opposite. It makes me sad. We must of course relate to the real world, but if enough people chose not to participate in the current system it will break down.

/rant

Huh? Whats with the ad homenem?  You're making objectively incorrect statements, the result is a web of FUD that would mislead people into making poor choices.   Linking to a bunch of things totally unrelated to this discussion is a weird strategy-- no one in this thread disagrees that anonymity (or more importantly, simple privacy) is important. That question hasn't even come up. That it is important doesn't justify or legitimize making a incorrect claims about it.

is there some reason the base client isn't using epoll?

ed:    and, tbh, i'm finding it odd people are just now mentioning the 46.105.201.xx shenanigans, i have some msg to drharibo about them from late february.  it's like those old snoopy nodes when dozens of them were going.  you block all you (know about) can and eat the rest

Not portable by itself, and real no reason to use it: running large numbers of connections isn't good for the goodput of the network (data crosses in flight more often the higher the number of concurrency connections), makes the node more vulnerable to a number of DOS attacks, and burns external resources (esp if they're used to make outbound connections). Shipping that would just make the lazy abusive users even more abusive, and I've seen plenty of evidence to suggest that it would cause harm. So that takes it from low priority (no need, a pain to do portably) to basically negative priority.

We'll probably do so eventually but I would expect it to come after some much more powerful anti-abuse tools.

gmaxwell: your thoughts on using bitcoin through a VPN privacy service?

Excellent solution for sure. Always choose the tool that suits YOU best and you can always increase security. Blocking IPs is going to end up being a major task for any sysadmin regardless of their platform. There are tons of baddies out there!

There is an informative discussion of this topic on reddit:

http://www.reddit.com/r/Bitcoin/comments/2yxid5/chainalasys_vs_mycelium_the_full_story/

Hi all,

Chainalysis here - sorry to have caused any worry or confusion. We were preparing data for a blogpost on bitcoin traffic by volume btw different counties. We chose specifically to setup a number of nodes on the same /24 net to avoid any bitcoind or other vital parts of the network to be caught only on our nodes as we initially havn't build the transaction forwarding into the probes.

As we learned some SPV nodes were affected we have now shut down the nodes.

Sending a bitcoin transaction in a p2p network will always to some extend reveal your IP, like your IP is known by google as soon as you google something or by your preferred DNS server looking up domain names. We implicitly trust these services and that they do not reveal our behaviour on the internet. We also know that e.g. google of course profit from collecting this information which we accept to the extend that they don't sell specific information, but only statistical information compiled from their measurements.

We still think that there is a lot of interesting info you can learn from the bitcoin network by doing this kind of experiments, however, we also accept a do-not-trace wish from users. So perhaps the right way for network analysis research going forward is to:
1. Ensure probes comply 100% with the protocol (shame on us)
2. Add a link (url) to the specific purpose in the version name
3. Keep a tag in the version name [probe / recording / whatever] so nodes can choose to friendly opt out

But also note that the above measures and current protocol does not protect you against a real spy net at all, Tor is still the best solution for this purpose.

Sincerely,

Michael

Idiot... the bitcoin network is not your personal playground to just do whatever the hell you want on the network.  Have some respect for what others have done and keep your retarded experiment off the damn network.  Build your own node network in a closed environment if you want to experiment with the protocol or develop your own seperate coin network.  What the hell is the matter with you?

New article at CoinDesk: http://www.coindesk.com/chainalysis-ceo-denies-launching-sybil-attack-on-bitcoin-network/

Is that the commands to block them from our nodes?

sudo iptables -I INPUT -m iprange --src-range 46.105.0.0-46.105.255.255 -j DROP
sudo iptables -I OUTPUT -m iprange --dst-range 46.105.0.0-46.105.255.255 -j DROP


i have setup several nodes around the world and i need to block this idiots.
Epic fail from them.. they just collpase their reputation in the bitcoin community.
One of my full node in uk is clean from that connections.
Thx for the info and i think we must check time to time who is connected to our node to see if something suspicious happens

Relevant Coindesk article -

http://www.coindesk.com/chainalysis-ceo-denies-launching-sybil-attack-on-bitcoin-network/

This whole situation make me even more motivated to increase full nodes to protect the network from "accidental" or deliberate attacks like this.

I would add this one: Snapshot of network topology. Check if we still have the expected decentralized topology or if we have some hubs which may become future points of fragility (wrt data propagation).

The post quoted below and the one above from them above seem very different.  Traffic analysis vs tracking transactions for "travel rules" etc. 

The one above makes it sound much more innocuous than the quotes below.

First of all, I am pretty sure that chainalysis is violating Swiss laws by collecting this data and giving this data to their clients. But this is an issue for lawyers in Switzerland. Me, for my part, have sent a request to the Swiss data protection agency. I want to know WHAT they collect and see it.

Secondly, and this may be interesting:

Chainanalysis was established December 24, 2014. The company's capital is divided in three parts which are owned by:
- Trifork Holding AG
- SWIFT BIT HOLDING ApS
- CEPTACLE HOLDING ApS

Trifork Holding AG
The company was established in Switzerland. It was basically established by capital of "Blackbird Holding ApS" in Denmark, and "Trifork A/S", also in Denmark. "Trifork" is a software company, working for banks and also the government. President of the board of directors is Jorn Larsen who also is CEO of Chainanalysis.

Swift Bit Holding ApS
This holding company also is located in Denmark and owns Swift Bit, a software company of Jan Møller. Strange enough, these companies do not appear in his linkedin profile:
https://dk.linkedin.com/pub/jan-m%C3%B8ller/1/214/bb3


CEPTACLE HOLDING ApS
This company, too, is located in Denmark and controlled by Michael Grønager.

So basically, Chainanalysis is controlled by foreign corporations. And I want to know how Chainalaysis is complying with the Swiss Data Protection laws.

An IP address is, according to Swiss law, "personal data".

According to this law, Chainanalysis has to give access to all the data they have regarding a specific IP to the person who was using this IP at the time the data was collected. Such a request can be sent to Chainanalysis by e-mail and they have to respond without the right to charge anything for this. They have to tell them how they obtained this data and what they intend to do with it. Furthermore, they have to make sure and public how the personal data of users of the Bitcoin network is protected. If they don't, everybody can write a complaint to the Swiss data protection agency.

EDIT

According to Coindesk, "Chainalysis denies any malicious behaviour – "the accusations got a little out of hand," Grønager said – and rather points to its technology being used to help law enforcement, for example in tracking and locating stolen funds."

So my question: Is this the intention of them? If so: They are clearly violating Swiss laws and could face up to three years in jail.

This message was too old and has been purged

Nice work, E.K.!

Yeah.  And their multiple statements seem at odds with each other.  Their statement quote above with regard to regulations and in the coin deskarticle do not match this:


Their explanations make their motivations even more questionable and, to me, increase the degree that one should be suspicious of them and their actions since they try to excuse the behavior in ways that are at opposite extremes depending on who they are talking to. 

It is good though to see this type of activity now and take steps to mitigate it at least some.  While Tor is not the be-all, as has been discussed up thread, it is a useful tool in the bitcoin world.  It isn't difficult to set up, so if you are running a node, consider adding a hidden service.  There is a guide on setting up bitcoin core with Tor (https://www.sky-ip.org/configure-bitcoin-node-debian-ubuntu.html  ) that seems to be reasonably complete from looking it over.  Some things you may need to tailor to your own uses, such as if you want to be on Tor and clear.  There may be other guides out there too, but thought that one might be useful if anyone was looking for one.

Thank you E.K for bring this up, by the way. 

Have you guys read this?

http://www.coindesk.com/chainalysis-ceo-denies-launching-sybil-attack-on-bitcoin-network/

Nevermind it's old news, nachoig already posted the link yesterday.

Hi again,

Got some PM requests for clarifying legal issues etc. Your guess is as good as mine, but I think it is important to stress a few facts first:

1. Me explaining to coindesk/insidesbitcoins what Chainalysis do in general (Compliance, Investigations etc) has nothing to do with the nodes - we are not using transaction to IP mapping for anything but statistical research - aka the blog post already mentioned. This fact is, as I see it, highly relevant if we start to discuss any possible legal issues.

2. Claiming that Chainalysis should do anything illegal based on other nodes connecting to our nodes relaying INVs is highly speculative. I cannot see any difference btw that and connecting to any other service (HTTP/DNS etc) and recording that info for statistical purposes. Further, take e.g. blockchain.info where any first posted INVs are recorded and shared with all future users. How is our statistical analysis different from that ? And note even here that Chainalysis are not and have not any intention to share privacy sensitive info (IP numbers).

3. General legal considerations - I am by no means an expert on this - but this is a relevant discussion - when are you (illegally) eavesdropping by participating in a p2p network ? What are you allowed to do with the data/metadata (e.g. INVs and TXs) you receive ? What can you as a p2p user (legally) expect them to be used for ? Do we actually expect any regulation to cover here at all ?

Cheers,

Michael

For a Swiss company, this law here is relevant:
http://www.admin.ch/opc/de/classified-compilation/19920153/201401010000/235.1.pdf

As for the question if collecting an IP in connection with other data is covered by this law, you can consult several legal documents from Data Protection Agencies in Switzerland and in Europe.

From your website (https://chainalysis.com/):


How do you determine which entity a transaction orginates from in the bitcoin network and relay that information to someone without given that somebody the IP associated with said tx?

Would it perhaps be possible for a financial company, ie. an exchange, to subscribe to your services, and then just get automated recommendations based on tx'id. So that exchange could then plug into your service, and if a customer sent funds to the exchange, and you service returns a "no good" to the exchange, the customer is denied service at the exchange? That would basically put you in the same category as  a rating bureau, giving you voting power over which customers should be given service at an exchange or similar. But there could be many false-positives, and the data might not be accurate for its purposes. And if enough institutions use you service, then govt. entities could force you into blacklisting certain entities, just like the USG did with Mastercard and VISA when they put a wrench in the funding for Wikileaks, or how they pressurized VISA and Paypal to stop processing payments for Mega. In essence you could contribute to breaking bitcoin fungibilty. Worse, customers that are rejected at a service based on data from your analysis service might not even get to know why they're rejected by their service provider.

We have innocent customers today having their traditional fiat transfers being interrupted, sometimes only because there's a false-positive match on a "list" that banks keep to attempt to prevent funding to terrorist groups etc. Do we really want the same for bitcoin? I'm of course not advocating that terrorist groups should be funded with USD, EUR, BTC or anything else, but on that note, perhaps stopping the "bugsplatter" in remote countries by remote controlled drones would be an idea.. I don'ẗ know what creates more terrorists, having innocent families killed (read:  Drones and the rise of the high-tech assassins (http://boingboing.net/2015/03/11/drones-and-the-rise-of-the-hig.html)) in Afghanistan, or allowing people to freely use bitcoins..

The core problem is that of control. It's not about preventing crime or stopping the terrorists, it's about mass surveillance and controlling the population, terror and similar terms is only a label that is convenient to use for governments to increase the control further. After the attack in France recently, both Merkel, Obama and Cameron called for more surveilance, strange as with the current amount of surveilance there's not even enough resources to keep in check "targets of interest". How can more surveillance possibly help, except for eroding the privacy of world citizens further?

Bitcoin is meant to be a alternative to the status quo. In that regard, you're not contributing, despite your excuses.

You have stated that the nodes of yours were running to collect, analyze and prepare data for a blog post. That might be so, but as you also have a public website, see the quote above were your intentions are quite different.

You're also trying to play down what you're doing by pointing to what google does, that somebody would do it anyway, what blockchain.info does etc, still you did shut down the nodes in question when attention was brought to this issue.

On a technical level, what you're doing will probably be done by somebody else, if not done by Chainalysis, however by actually running such a service, you won't score goodwill-points with the community, something you at this point obviously have realized (hence shutting down the nodes).

I'm sure however on a financial level that providing such a "regulatory compliance"-service is not a bad idea, but for many involved in bitcoin, money is not their primary motivator. If you believe in bitcoin, and want to help the community, perhaps now would be a good time to shut down the Chainalysis-enterprise, and work with the core devs to prevent others from doing the same as you've been doing lately, perhaps even by showing some of them your code and tools to help speed up development for protecting the fungibility of bitcoins.

On a non-similar note, but to demonstrate an ethical point. A clever programmer could work on software used in a millitary weapons system, a system that was largely sold to third-world countries, and left lots of deaths in its trail. The programmer could shrug his shoulders and say: "I'm putting food on the table of my family, the fact that 100 families dies in Africa because of my code, is frankly none of my business, if I did not write it, somebody else would". Perhaps somebody else would do it, that does not mean that this particular programmer had to do it.

Of course there's no direct similarity to block chain analysis and millitary weapons systems, but the ethical points are the same. Every person matters, and the action of every single person combined becomes the actions of the whole population.

Of course it's possible to separate yourself from the collective whole, like many do, and only think about their own financial gains. In the end, I'm not sure if that's what brings the greatest satisfaction.

In summary, I'm not intending to bring on hate, just to convey my view on the matters. Solution to this issue must be built on a technical level, not on a human level.

And this already happens.
https://github.com/bitcoin/bitcoin/issues/2653

Story on CoinBuzz:

http://www.coinbuzz.com/2015/03/15/is-this-startup-threatening-the-entire-bitcoin-network/

This. These people are clearcut disingenuous manipulators, they're not getting any "business" from me.


OP, please make firewall settings for as many platforms as possible displayed prominently in the top post.

As a side note, there's no machines having port 8333 open on 46.105.210.0/24 now:

$ nmap 46.105.210.0/24
Nmap done: 256 IP addresses (0 hosts up) scanned in 104.36 seconds

I've seen reports of other ip-adresses from other sources, but I haven't collected it and scanned them, perhaps someone else can.

As deathandtaxes writes here (https://bitcointalk.org/index.php?topic=990275.msg10774808#msg10774808), a skilled team can do stealth monitoring, so blocking is only a temporarily solution.

This message was too old and has been purged

Clustering of addresses from the blockchain - like walletexplorer. Wallet explorer keeps a list of entity <-> wallet mappings, you can build such a list from anyone you transact with, and it is only the financial institutions / big wallet services that are relevant here for compliance purposes.


Before answering I think it is important to stress my view on bitcoin:
I believe that bitcoin is a great technology enabling online cash hereby including possible the entire 3rd world into our economy, it should hence be regulated and integrated into the existing financial system. - I do sympathize with some libertarian views, but I am Danish, I don't believe in revolutions - I believe in the little change every day, and I truly believe we get a little bit better world if you can buy and sell bitcoin in your normal bank.

Lets split your question above in the 3 important parts it contains:
1. Do financial services need to do customer due diligence in bitcoin land - and can they use Chainalysis for that ?
Yes, they do need to check their customers - the alternative is that they don't and take the entire risk them selves causing them to do time at some point by indirectly contributing to Money Laundering. Please don't ask and expect from financial services that promote bitcoin that they should take that risk.

2. Could you hereby risk becoming a persona non grata even if you did nothing wrong ?
In bitcoin there is no persona non grata - bitcoin is cash - further, there is no tainted money, they are fungible - but again as in cash - there sure is stories that you as a financial service inst need to react upon. Lets say you want to deposit $1m in cash in your bank - will the bank let you do so - most likely no, at least not w/o having a good idea that the funds are obtained in an ok way (that is their legal obligation). So, say you are the head of Red Cross and you just had a huge collection and you again show up with the $1m. Then yes the bank would accept them. The money are fungible, it is all about the story befind / the origin of the funds.
Another example could be the cryptolocker guy trying to turn the BTCs obtained through his virus into USD - of course it is ok for an exchange to screen for that, of course it is also OK to screen for other addresses that the exchange thinks contain other stolen funds. If you don't like that, you are basically expecting the exchange to take a huge extra risk.

3. Could govt force exclusion of certain players this way ?
We choose Switzerland as a country to incorporate in mainly for this reason. I guess govt can always enforce a lot of things, that kind of goes with govt. Are we by what we do building weapons for govt ? Or is bitcoin core building tools for money laundering, slavery etc ? Both arguments are in my book equally right or wrong (Personally, I think they are both wrong).


I actually think that the measures against money laundry, terrorist financing etc are pretty reasonable as they are today, some parts are a bit too much, some are perhaps a bit too loose. As I stressed earlier, any customer is a possible liability for a financial institution, if they onboard the wrong ones they can end up pay fines or do time. Of course they are cautious, and yes it will result in false positives. Already today I think it would be awfully hard for someone from North Korea or Afghanistan to open an account on any bitcoin exchange. A pity if he or she was actually trying to promote a better world there, but the risk is to big and that causes casualties.

Bitcoin is a technology - it is cash on the internet, and as such an alternative to a lot of things. It might end up being also an alternative to banking as we know it and even to government, but I believe that through coexistence bitcoin will succeed most as a technology.

My comment (no 1 from my first post) was re the legal accusations - anyone are free to believe what they want - we had no bad intend, which at the end of the day will be important when it comes to legal.

We shut down the nodes as we learned they interfered with breadwallet. And right now we are having an important discussion on what you (ethically) can and cannot do on the bitcoin-network and how you should do it. It would be arrogant to just keep them running now, even if patched for breadwallet.

I don't see fungibility of bitcoin threatened - and I am strongly opposed to the creation of white/black/red/[choose color]-lists of bitcoins per se, it doesn't even make ses from a compliance viewpoint. Also, no one has a mandate to say what bitcoin is about from a political pov. Bitcoin is a technology enabling cash transaction on the internet - pretty d*mn cool. How it is used politically will always be segmented.


I did already comment on the technology ethics side - there are casualties also just by doing bitcoin core dev. If you knew me personally you would know that I am against mass surveillance too - the last 15 years of terror attacks have shown that intelligence agencies don't lack data, they lack the ability to understand them (j'suis Charlie, Copenhagen, 9-11 etc - all done by people known by the intelligence agencies, so not a lack of data, they need to use better what they have - and not to start collecting data on the rest of us instead).

But proper customer due diligence is not surveillance, neither is statistical overview of pr country bitcoin transfers.

Final note - I agree that if you have a wish for using bitcoin in a super private / anonymous way it is a technological solution/skills you need, not policies. Sometimes you might want to stay anonymous, sometime you don't - for sending anonymous transactions - use Tor, and, I would also recommend you to not post a bitcoin donate address on your site, that is unless you regenerate a new pr session. (it is of little value to anonymize your transaction if the sending address can be linked to a site you control, just by googling it).

Cheers,

Michael

E.K. totally agree - but it is still quite useful for statistically monitoring traffic btw countries.

/M

Too late. You were in control of your reputation before you decided to prevaricate your way to notoriety. No longer.

You write:

If I have cash IRL, it is up to me to decide how much information about me I want to hand out to someone. I can go to the newsstand and pay with cash without revealing any additional information. Or I can go to a bank, reveal all information they want me to reveal. Whatever I do - it will be my decision.

In the Bitcoin world, it is the same: I want to decide whom I tell more about me. I don't want basically a private NSA to collect data and make a business with this.

If a bank needs my information because I want to do business with them, they can tell me to give them this information. That's it. And not ask someone else to provide information at what newsstand I bought a newspaper in the past.

Hi Michael,

thanks for answering.

We have different views on the issues at hand. Esp. problematic is blacklisting. You stated you oppose blacklisting, but at the same time you want to help fight against criminals. To fight against criminals you need to have someone decide who is a criminal, so if the cryptolocker thief did a p2p trade and sold btc for litecoin, and the buyer of btc has his coinbase account blocked as a result of this, and even possibly had police coming to his door, busting it down and raiding all his equipment, that's so wrong..

If you have "criminal funds" sitting at address A, first off you need to have proof beyond any reasonable doubt that these are in fact "criminal funds". And whenever was it allowed for private entities to determine what constitutes "criminal funds"?

- Now if you manage to solve the problem of precisely tagging "criminal funds", the next step is to go after the culprit. It might seem natural to then block the culprits account with any large bitcoin company. So the large bitcion company subscribe to a service like chainalysis.

1. Victim pays ransom to cryptolocker criminal.
2. The address to which the ransom is paid (address A) becomes known to whichever party is doing the tracking.

Now the cryptolocker criminal, which we assume must be smart knows that the address he receives funds at is already tagged, so he needs to hide and launder the funds. If the thief deposits the money directly to any service that subscribes to a monitoring service, he might be caught, and the criminal is catched. Success!!

However, our thief is smart. He buys litecoin online from Alice. Alice gives him his address B, which is an address with Coinbase. The thief transfers the funds to address B. Alice has her account blocked with coinbase, and gets raided by local police.

The point is that the analysis entity, the exchange and the police cannot know what are the circumstances for the trade. Since the cyber criminals are smart, they don't mind putting the average joe to blame.

The thief could use a mixer, jump between various altcoins etc. In summary, it would be incredibly hard to track. Chance is that the guy ending up being questioned for having "criminal funds" is not a criminal at all. That's the major problem with taint-analysis, and it's also something which could undermine the trust of bitcoin. A bitcoin should be a bitcoin, no matter who you receive it from.

Comparison could be made to cash. Let's say we have a Mexican drug cartel who smuggles drugs into the US, and receive cash from various dealers in the distribution chain. High up in the chain, some courier does a cocaine to cash trade. That cash is now by law, proceeds from illegal trade. As such, if a bank saw a shady character coming through the door and wanting to deposit 100K USD in cash, there would be questions.. However, if the criminal kept the cash, and went to a restaurant for a meal and paid with low denominated bills, the restaurant has no business to ask the criminal where his money come from, and as far as they are concerned, the money is good.

In the world of block chain analysis, now the restaurant might be the criminal culprit and needs to be investigated. You see how wrong that is?

So let's say our cryptolocker thief had 100 BTC which he sells to 100 people doing p2p trades, now all of those 100 might have their account blocked at the exchange "pending investigation".

Of course, big players in the bitcoin economy who interface with the traditional fiat system needs to pay attention to the regulations, if not business ends in tears. But it pisses lots of users off, and it's not a user friendly environment.

Those criminals who are smart with bad intentions, will avoid the obvious traps, only the dumb and the innocent will be caught with block chain analysis tools.


I agree with this. As long as said website-operator is aware of such issues, I don't see a problem with it. If he wants to stay anonymous/private he would take technical measures to achieve those goals. Also, there's a lot of legitimate businesses that would not care either way if a tip-address is known and can be attached to their business/person.

Of course there are many possibilities for doing block chain analysis, it's only that I think the quality of the data that can be collected is of such a quality that it cannot be relied upon.

So in real life we have the scenario where you have a business that wants to do "regulatory compliance" because of local laws. The local governments have certain rules that needs to be followed. Since the bitcoin company needs to follow those rules to stay in business, they bend over backwards and do whatever the regulator tell them to do. So, if there's a blockchain analysis company that claims to do all the hard work to be "compliant", the bitcoin company is of course interested, because if they can show the local govt. that they're working hard to stay "compliant", they will get the nod of approval and stay in business.

The effectiveness of the system be damned..

So the regulators are happy, because the bitcoin business is staying "compliant", the blockchain analysis company is happy because they get customers, the bitcoin company is "happy" to stay in business and the end users are not that happy, but that's of less interest. After all, "regulatory compliance" is achieved.

How will false-positives be avoided? Can they be avoided?

This reminds me about airport-security. Because of fear of terrorists enormous amounts of money is poured into safety and screening of travelers at air-ports. If you do some research on the amount of money used, and then look at the statistics as to what really kills people, you would perhaps be surprised to see that a dis-appropriately amount of money is used for airport-security. Not long ago, I think it was in germany there was a test of the screening procedures (http://www.thelocal.de/20141222/security-tests-find-holes-at-frankfurt-airport-european-commission) revealing that they weren't all that effective, in reality it was quite embarrassing.



Words as snake oil and security theater comes to mind.

While I'm sure lots' of bitcoin businesses would subscribe to a blockchain analysis service, just to keep regulators happy, even though they know it's not very effective, that would not make the overall picture any better.

All of this reminds me on the HSBC scandal. It's not really about doing legit regulatory compliance work, it's more about giving the impression that you are. To stay in business, you need to keep a straight face in business meetings, and state you're taking compliance very serious. You will get the nod of approval from the regulators.

To give everybody an example of how little protection regulatory might really gives in practice, I think the following documentary describe it quite well, Chasing Madoff (http://www.imdb.com/title/tt1636849/)


The SEC and other relevant entities were repeatedly notified about the fraud, but failed to take action.

In summary I don't really understand how anyone actually believe that blockchain analysis services are really going to be effective and accurate. It's more like; "We need regulatory compliance." - "Ok, how do we do it" - "We could subscribe to a blockchain analysis service, the regulators will be happy" - "Ok, let's do it".

A friend once brought back some snake oil products from Asia, they had all sorts of stamps all over them stating they were legit and approved by various organizations. I guess, if I was a regulator, I would've ok'ed it - after all there were lots of nice stamps that said "legit" and "approved".

In summary, bitcoin businesses who wants to be in compliance with the current regulatory framework, needs to do whatever is required of them. That does not mean however that all the regulatory compliance is right from a universal standpoint, that it should be done, or that the tools used to achieve compliance is effective.

Hi 'Chainalysis,'

I don't see any reason for an extended debate about compliance with a regulatory framework (which no-one has any interest or need in doing) or having bitcoin users to be in a position to need to "opt-out" from your shit or that of similarly idiotic operators.  Ultimately the only point of massive network surveillance is to inform, and when you are compelled to inform in some regulatory framework it is within the context of coercion which goes against what was intended for the freedom of bitcoin; we will not be bludgeoned into submission by statists who see the combination of surveillance, use of force, and threat of jail as methods of slowing the innovative capacity of decentralized crypto and the freedom of people to do with it as they see fit.

As I see it you are worse than Gox, but if there is any positive thing that can come of this, it will propel the bitcoin community to develop real anonymity options faster than it has been.

My message to you, in summary, is simple:

Go fuck yourselves.

There is no web of FUD, no ramble of objectively incorrect statements.  But since you say that no-one disagrees that anonymity is important, then I will pause to emphasize a point that Hal Finney and others have made before.  Anonymity, which bitcoin users simply don't have, is highly relevant to the matter at hand... so here's the link and I'll quote from it in part here:

https://bitcointalk.org/index.php?topic=175156.msg7912447#msg7912447

That is pretty weird behavior. Just checked my nodes and each had only one connection to that subnet

I blocked it anyway, but I'm curious whats going on in your case.

What version of bitcoin core do you run ?

Hey, RealMalatesta, are you Guido Rudolphi (or work with him), the dude that's in the process of starting a Bitcoin Bank in Switzerland? The reason I asked is because your forensics research seems to mirror his, among other evidence.

you may want to check and see if the numbers of the IPs to block need to be changed (expanded), due to this:

"Barclays partnering with Chainalysis in October and Coinalytics raising a $1.1m seed round in September. In August, Elliptic won "Security Project of the Year" after launching a blockchain visualization tool for the bitcoin blockchain.

Currently, Coinalytics is allowing several companies to use and test its API (...) developing machine learning systems to analyze any blockchain as the industry expands to include public, permissioned and private ledgers (...) Coinalytics is focusing on its AML compliance product targeted at any companies processing bitcoin transactions today, it sees its analytics platform used in many verticals, including capital markets, the Internet of Things and law enforcement."

Yep, time to check those IPs again

see http://www.coindesk.com/juan-llanos-blockchain-analytics-coinalytics/ for further details.

A server that can't handle more than 1024 simultaneous connections? LOL I've worked on servers that handle millions of simultaneous TCP connections. WhatsApp was handling 2 million per box back in 2012.

This one is handling 12 million albeit with 32GB of system memory:

https://mrotaru.wordpress.com/2013/10/10/scaling-to-12-million-concurrent-connections-how-migratorydata-did-it/

Given the bitcoin system as a whole can't handle more than, what is it, 10 transactions a second or so now? Maybe I'm not that surprised :)

I am kick-starting this thread again even though it hasn't been posted in awhile, because Elliptic (who I mentioned here a very long time ago - see my quoted post above) and LexisNexis (see Aug. 3 2016 story at https://news.bitcoin.com/elliptic-bitcoin-aml-platform/ ) are developing a way to curb what they consider "illegal cryptocurrency transactions."  In other words, AML, and attempts at financial censorship, folks.

I propose for those of us still reading this that we look into these companies closely and revise the IP tables (see above post) as an interim measure.  Make sure these AML idiots are blocked to the max extent possible as they probe the network.

Any news on this? They will only need a single connection to get a copy, but they would have no information about the origin IP of the transaction.