Bitcoin Forum

I have nightmares where the government simply tells the internet providers to block all Bitcoin (or any crypto-currency) related traffic and that'll pretty much kill the currency for anyone within the country.

An internet connection is a vital requirement for bitcoin, that's where it exists.

I know they could've done that with torrents, but file sharing wasn't directly threatening their control over the economy.

Are there measures against that? Or would that be a death blow.

ISP's did block torrents, torrent programs included encryption of traffic, beat... bitcoin could be made to encrypt what it sends out (or just use tor i guess)

it would then be possible for them to block all encrypted traffic.... but.... that would kill a lot more than bitcoin

besides, we would just see people setting up bitcoin online wallets in countries that didn't agree with the bitcoin ban

Blocking bitcoin messages would be difficult to implement and easy to overcome.

A more likely approach would be to block/shut-down the exchanges.

bitcoin uses very little bandwidth, therefore it can easily be disguised as harmless data (stenography). no need for encryption, which is vulnerable to man-in-the-middle attacks.

Once could argue that would be better for bitcoin in the long run.

EDIT: and by that, I mean the current piggybacking of Bitcoin on fiat currency is causing more harm than good, in the form of wild swings in speculation etc...

Technical attacks are the ones you should lose the least sleep over.   Attacking Bitcoin by making it unlawful and thus driving it underground, thus making it mostly worthless (as even outlaws have little use for outlaw money) is a prerequisite for that kind of technical attack...   If the technical attacks come without the legal attacks then lawsuits— by all the people harmed by the conspicuous unlawful attacks on the computer system their businesses depend on— will fly and be successful.

The kind of conspicuous resource expenditure bitcoin's Proof-Of-Work system requires for security means that outlawing Bitcoin would be rather devastating.  The solution to this risk is to grow Bitcoin. If many people use it and like it and recognize it as legitimate it will not be possible to outlaw it it— at least in the more free parts of the world.

That said—  the Bitcoin protocol itself is utterly trivial to block.  But it doesn't have to be hard to block: It runs fine over tor and the tor support is improving all the time.  Tor itself is becoming harder to block, and blocking tor has collateral damage.   The Bitcoin developers currently have the view that anti-blocking is not a goal for us, we'd rather leave that to the experts working with Tor but fortunately we benefit from their efforts too.

It seems the most vulnerable thing now is how your client finds other nodes to connect to.  Right now, I think, the irc channel is the way you find most nodes and if that server where shutdown there could be some short-term problems.  It might be a good idea of having the client save a list of ip address for every node it ever sees and if it can connect to the irc channel, or any other central place, your client could start trying ips in that list.

It makes the protocol more complicated but it is possible to design p2p systems which use random ports and encrypt the payload.
Bittorrent does this and it has been futile to curb (Bittorrent now account for about 50% of internet bandwidth).

peer detection becomes more difficult and anytime you add overhead like that troubleshooting everything else becomes more complicated.  Still if push comes to shove it wouldn't be impossible to make Bitcoin traffic undetectable.

Would you please explain?

We don't use IRC anymore— not by default, you can manually enable it but it's off because:

*It didn't work well, most nodes it gave you were not listening
*It was a point of substantial centralization (easily shut down; operators of a single obscure network IRC could manipulate it)
*It degraded node's privacy— it announced the IPs of the majority of nodes that were not listening and thus didn't need to be made so public.
*It was frequently confused for a Botnet and was blocked by major providers several times, and resulted in nasty "you're infected" notices sent to users on a few ISPs.


In addition to dnsseeds, Bitcoin nodes have always remembered past nodes they've learned about over the network (it used to remember _all_, but thats a DOS vulnerability— now it maintains a large but finite set in a specially randomized way that makes it attack resistant).  You can also drop a textfile in the bitcoin data director "addr.txt" with a list of nodes to use, or provide nodes with the --addnode command line. There is also a hardcoded set of fallback addresses (which are updated every few releases) which it will use if all other means fail.

I don't consider this the biggest vulnerability.


Bittorrent is nowhere near 50% of internet Bandwidth anymore (Figures range from about 8%-18% and declining, depending on who you asked and what timespan their data covers). It's frequently shaped by a fair number of ISPs and there are a number companies that specialize in selling tools to manipulate bittorrent traffic.    Bitcoin would be be even worse off: The network itself is highly public and there is only one network... so you'd simply start one Bitcoin node to enumerate all the other publicly available ones.   These attacks can be resisted— see the tor bridges arms race for an example—  but it's better to let the experts in that area handle that for us and take advantage of our common needs.  Bitcoin is very tor compatible, its a good mix.

Sure you could embed Bitcoin stenography— but you'd lose the additional privacy and effort sharing that comes from sharing with groups like Tor who already work hard to get around censorship.

We can encrypt our data, but to do that, both sides needs to negotiate a key. Diffie–Hellman key exchange allows for a key exchange over an unsecure channel, but it's vulnerable to a man-in-the-middle attack. All the ISP has to do is intercept/block all handshake traffic (when the connection is being established and the two peers exchange keys). For torrents, it's somewhat mitigated because the initial exchange is encrypted using the hash of the torrent, which is impossible to guess if the user browses torrent sites with ssl.

I'd still like to see several somebodies who know a lot more about networking than I do work on transmitting Bitcoin traffic over different networks (along with bridge nodes to shuffle traffic between the network we have now and the new networks).

I'd sleep easier if I knew that an as-yet-undiscovered bug in the network protocol we have now couldn't bring the entire system down. I'm confident we'd quickly fix whatever the problem is and I'm sure it would be back up and running within 24 hours, but it would be better if big merchants and miners and services could run two or more completely different bitcoin-network-stacks so they're less likely to be taken down by DoS attacks, bugs, or ISPs deploying deep packet inspection to try to block Bitcoin traffic.

I'll post my transactions in the comments on propaganda articles at freedom.gov! And I'll have juicy fees attached!

Yeah, and we're passing little tiny notes compared to bit torrent's flood of high quality porn. It will be easy to avoid censorship.

@OP: have a look at the satoshi client's options menu, specifically the proxy settings. the default for them is a tor configuration(if you enable them and have tor installed). So as long as tor isnt being blocked, bitcoin cannot be.

Hardly.  What matters is the protocol fingerprint, not the amount of bandwidth used.

The timing and size of bitcoin packets are unique to bitcoin.  It is obvious even over encrypted links such as Tor.

Or, to put it another way:  your cable modem or DSL router's blinky lights go blink-blink each time a bitcoin transaction or block is broadcast throughout the network.

Timing and size can be obfuscated.  Nodes randomly delaying and aggregating tx a few seconds won't have a material effect on the network but it will alter any hueristics that don't involve deep packet inspection.    Transactions can aggregated, padded, and encrypted.  Port can be dynamic between peers even dynamic between each of the peers of each node.

Personally I hope we don't need to go down that route but ISP haven't had a lock of luck taking down bittorrent and they have a direct financial sake (due to high bandwidth usage) to degrade that network.

Absolutely.  But none of that is being done right now, so the answer to $SUBJECT is "yes"

Steganography and tor only seem like they'd be useful when the network is small. Is tor even useful at all? I don't know much about Tor, but from my understanding for it to work, most of the bitcoin nodes would still have to be on the regular internet. Also, if governments/ISPs are at the point of blocking/shaping bitcoin traffic, I doubt Tor would be far behind.

I suppose it's nice to have some backup plans in place that say "if you do this, it won't matter one bit" though. However, that raises the question of will it prompt more decisive legislative action?

Do you even understand why Tor exists?

I understand that china has very little problem making it useless a good portion of the time.

The hypothetical we're talking about is direct internet censorship, so I don't see why Tor would be mysteriously immune while its exit nodes are public and bridge nodes are easy enough to get.

Even if they could somehow magically "block" all bittorent traffic on the net it would cause about half of all the jobs created by ISP's vanish overnight too. Better first print more money for food stamps etc... first.

Just wait 2-5 years until most of the houses in say Canada are heated by Bitcoin ASIC based heaters, then try to block Bitcoin. There are some viable legal and technical attacks available to stop Bitcoin now. But this window of opportunity is closing fast.

University here blocks TOR and BitTorrent the simple solution is to get a private encrypted VPN. ~1BTc or $5 a month and you can do whatever you want without any traffic shaping at all. Full bandwidth. It's even better than when the ports were "open" because no one else is using it.

VPN is too important to be blocked my most ISP or schools.

many VPN's can work over port 443 (https), port 80 too (http), try blocking that.

I suggest that it would be at least plausible.  Here's how I would engineer the solution:

Either inflate or create a crisis involving the internet and encryption.  For best results, involve some kiddie-porn loving Muslim terrorists who run a white slave ring and are about to impose Sharia law in Alabama.

Next, for the protection of all civilized people, pass some legislation stating that only certified vendors are allowed to use encryption.  Of course they could sell you modified versions of your favorite software or plugins for said or whatever so with a little effort even Grandma could still do her banking or whatever.  Naturally 'certification' requires that a usable key is available to our protectors in the government.

Now have all providers at suitable points mandated to run gear which would simply block any encrypted traffic which was not accessible.  That is, not generated by software provided by certified vendors.  These details are so technical that almost nobody should care or need to bother understanding them.  Of course there will be various annoyances and teething problems and what-not, but since it is for the protection of all good freedom-loving people, that should be acceptable.

Anyone who has a problem with such a solution is probably doing something bad and is a threat to society.  They may just be some leftist hippie type who value privacy on some weird philosophical grounds, but they'll just need to suck it up and get in tune with the 2000's and learn what it means to deal with the terrorism which is all around us everywhere we look.

How are you going to tell the difference between encrypted traffic and binary data?

My two-second solution:

The user can buy some more software that encapsulates legitimate binary data in a wrapper which contains the necessary header information to understand the format and evaluate the contents.

Mostly just terrorists would be trying to send binary data, and my tax dollars can go into subsidizing software engineering to assist vendors of such things as security cams so they can get with the program (without causing to much of a nuisance to 99% of the user-base.)

And if data is questionable, it can just be blocked.  You cannot be to safe when so many lives are at stake you know.

Hmm, so when I'm developing an application that sends binary data I have to first publish the format with the authorities. Wait until their software has been updated and distributed before I can test it. And if I change the format, which often happens during testing, I have to go though the whole process again?

Yes.  Would you risk everyone's well being for such a minor inconvenience...or do you have more nefarious reasons for being so obstinate?  Hmmm...  Do you want to voluntarily show up at Gitmo for some waterboard fun or would you like a drone strike on your ass?

ok, lets put aside its extreme impracticality and suppose that I create a web service called yogi's random hash server. How are they going to know if the random hashes i'm sending are in fact encrypted data.

I wonder at what stage a politician will kill or injure the wrong person and someone will place a hit on them using bitcoins.

They should think about this.

OK, I'll put aside the impracticality.  Who gives a god-damn if "yogi's random hash server" is blocked or not?  Yogi and a handful of friends who 99.999% of people couldn't give two shits about even if they could understand the inherent value.  Good luck trying to sway the general population about the importance of your random hashes...as if a consensus there mattered anyway.

yogi's random hash server was just an example, but I can think of lots of ways of embedding encrypted material into seemingly innocent data.

I agree with that.  A small percentage of people would be able to play and win the cat/mouse game.  But that does not mean that such a project would not be worth attempting.  Even a partial success would be extremely useful in managing many aspects of how a general society operates and keeping control of them.  I suggest that Mubarak would be happily in power today had he better management of how people communicated and organized, and probably all he would have needed was actionable information on who communicated with who when with an 80% coverage.  I doubt that this lesson was wasted an many leaderships.  Or that they had not already anticipated/observed this principle.

In a local wireless mesh network, bitcoin will keep working as long as just one participant creates a link to the main chain (eg. via satellite internet).

I wonder if a wireless mesh protocol can be designed where bitcoin is used to pay for bandwidth.

Instead of signing up for an ISP, people could buy these wireless boxes that they simply slap on their roof and start earning bitcoins by routing traffic.

This would be especially useful in poorer countries and rural areas.

Yep, this has come up a couple times before and I think people are working on it.
Inevitable question: how do they first buy access if they need a connection to spend coins?
Most common answers: either the users run a chainless client while the router runs a server, or give them the first X minutes for free.

Wait, not encrypting is fine, but encrypting creates a MITM attack?  Dude, do you even know what you're saying.  Exactly what would you accomplish with a MITM attack?  Encrypted or not.  BTC network traffic is totally secure, because it requires no security, all security is done at the application layer (block chain).