Title: Introducing OnionBitcoin Post by: OnionBitcoin on May 15, 2011, 04:26:20 PM Hi!
I would like to introduce OnionBitcoin, the first and only (afaik) TOR-based Bitcoin service. You can only communicate with it via a bitcoind-api-compatible JSON-RPC-Api and only using TOR. Therefore you need Tor installed on your PC and a PHP class like "PHP5 class for interfacing with the Tor network" by Josh Sandlin (Google it!) to communicate with the TOR network and OnionBitcoin. For whom may it be usefull? * People who don't want to run their own bitcoind * People who fear their wallet.dat may be stolen * People running an onion website As the project is currently in Beta, please contact me directly to get further information and/or an account:
Sincerely OnionBitcoin Title: Re: Introducing OnionBitcoin Post by: BioMike on May 15, 2011, 05:47:45 PM Fascinating... what does it do?
Title: Re: Introducing OnionBitcoin Post by: Nefario on May 15, 2011, 06:27:32 PM I would be interested in a tor/i2p proxy service. that is you forward traffic from tor or i2p addresses (onion addresses and eepsites) via ssh or something similar to another machine, so that I can operate my service from within tor or i2p without having to run the systems.
This is something i would pay for, just saying since you seem clued in on interfacing wth the tor network. Title: Re: Introducing OnionBitcoin Post by: error on May 15, 2011, 07:24:10 PM I would be interested in a tor/i2p proxy service. that is you forward traffic from tor or i2p addresses (onion addresses and eepsites) via ssh or something similar to another machine, so that I can operate my service from within tor or i2p without having to run the systems. This is something i would pay for, just saying since you seem clued in on interfacing wth the tor network. If you don't run the hidden service/eepsite on the same server as the "real" site, it becomes trivial to locate the hidden service. For a service whose location is already known, since it's on the public Internet, this isn't really that big of a problem, but it could be an issue for such a proxy operator, who might not want his server's location known. That said, it's pretty easy to set up a hidden service or eepsite. I can walk you through this for a few BTC. :) Title: Re: Introducing OnionBitcoin Post by: Nefario on May 16, 2011, 02:10:37 AM I would be interested in a tor/i2p proxy service. that is you forward traffic from tor or i2p addresses (onion addresses and eepsites) via ssh or something similar to another machine, so that I can operate my service from within tor or i2p without having to run the systems. This is something i would pay for, just saying since you seem clued in on interfacing wth the tor network. If you don't run the hidden service/eepsite on the same server as the "real" site, it becomes trivial to locate the hidden service. For a service whose location is already known, since it's on the public Internet, this isn't really that big of a problem, but it could be an issue for such a proxy operator, who might not want his server's location known. That said, it's pretty easy to set up a hidden service or eepsite. I can walk you through this for a few BTC. :) How can they be located? Title: Re: Introducing OnionBitcoin Post by: MoonShadow on May 16, 2011, 02:20:08 AM I would be interested in a tor/i2p proxy service. that is you forward traffic from tor or i2p addresses (onion addresses and eepsites) via ssh or something similar to another machine, so that I can operate my service from within tor or i2p without having to run the systems. This is something i would pay for, just saying since you seem clued in on interfacing wth the tor network. If you don't run the hidden service/eepsite on the same server as the "real" site, it becomes trivial to locate the hidden service. For a service whose location is already known, since it's on the public Internet, this isn't really that big of a problem, but it could be an issue for such a proxy operator, who might not want his server's location known. That said, it's pretty easy to set up a hidden service or eepsite. I can walk you through this for a few BTC. :) How can they be located? It's similar to triangulation. The hunter sets up an number of intermediary nodes that they can modify to track packets, then repeatedly make circuts to the target. Since they know the starting content of packets, they can identify their own packets as they cross their nodes, even encrypted, by timing and packet size. Then they note which node the packets are going too next. The idea is to identify the path from different directions, narrowing down the geographical location of the target by progressively locating the nodes in the circuts. Title: Re: Introducing OnionBitcoin Post by: Nefario on May 16, 2011, 02:25:44 AM Doesnt this attack require total control of the network? and how does running an eepsite from behind an i2p gateway (bearing in mind the connection to the server and the gateway is over vpn or ssh) make this attack any more likely or succesful than just running i2p on your local machine?
Title: Re: Introducing OnionBitcoin Post by: MoonShadow on May 16, 2011, 03:39:13 AM Doesnt this attack require total control of the network? No, it only requires that you recreate the circuts repeatedly to identify as many of the nodes on the network as is necessary to narrow down the possible locations of the target. Most hidden services use a few highly trusted nodes in order to defend against this attack, as victory is defined as establishing a circut with an owned node in direct contact with the target. Still it can be done by first identifying those trusted nodes, and then literally breaking into those nodes to directly locate the target. It's not an easy attack, but the CIA certainly has the resources to do it. I doubt that the FBI would do it, for no other reason that such an attack wouldn't likely lead to untainted evidence for a trial. But the CIA's goals don't usually involve a prosecution. Title: Re: Introducing OnionBitcoin Post by: error on May 16, 2011, 10:17:33 PM The other issue is that if you have a Tor exit node or eepsite on a different machine than the server they're meant to serve, then the connection and data are vulnerable due to the obvious connections between them. After all, one must connect to the other, and that will end up going across the Internet unprotected.
|