Bitcoin Forum

Bitcoin => Project Development => Topic started by: OnionBitcoin on May 15, 2011, 04:26:20 PM



Title: Introducing OnionBitcoin
Post by: OnionBitcoin on May 15, 2011, 04:26:20 PM
Hi!

I would like to introduce OnionBitcoin, the first and only (afaik) TOR-based Bitcoin service. You can only communicate with it via a bitcoind-api-compatible JSON-RPC-Api and only using TOR. Therefore you need Tor installed on your PC and a PHP class like "PHP5 class for interfacing with the Tor network" by Josh Sandlin (Google it!) to communicate with the TOR network and OnionBitcoin.
For whom may it be usefull?
* People who don't want to run their own bitcoind
* People who fear their wallet.dat may be stolen
* People running an onion website

As the project is currently in Beta, please contact me directly to get further information and/or an account:
  • Via PN
  • Via the normal internet:
    onionbitcoin@ip2mail.org
    https://privacybox.de/onionbitcoin.msg ### leave an e-mail adress in your message where I can contact you!!!
  • Via Tor:
    http://c4wcxidkfhvmzhw6.onion/onionbitcoin.msg
    onionbitcoin@TorPM (http://4eiruntyxxbgfv7o.onion/pm) ### not prefered. Could take several weeks for me to answer
    If prior contacted I can also chat with you in the TorChat-Messenger
  • Via i2p:
    onionbitcoin@mail.i2p
    http://privacybox.i2p/onionbitcoin.msg ### leave an e-mail adress in your message where I can contact you!!!
    i2pbote address: wJOBx6DyLVRlyeu9Ip4HUviOLgJKTS9GoNTaKiU2SpA8Y1KLQVDaCz48pcv6zAnHbQZmn-5tnde8WTmgmHl6XK
    If prior contacted I can also chat with you in the I2P-Messenger

Sincerely
OnionBitcoin


Title: Re: Introducing OnionBitcoin
Post by: BioMike on May 15, 2011, 05:47:45 PM
Fascinating... what does it do?


Title: Re: Introducing OnionBitcoin
Post by: Nefario on May 15, 2011, 06:27:32 PM
I would be interested in a tor/i2p proxy service. that is you forward traffic from tor or i2p addresses (onion addresses and eepsites) via ssh or something similar to another machine, so that I can operate my service from within tor or i2p without having to run the systems.

This is something i would pay for, just saying since you seem clued in on interfacing wth the tor network.


Title: Re: Introducing OnionBitcoin
Post by: error on May 15, 2011, 07:24:10 PM
I would be interested in a tor/i2p proxy service. that is you forward traffic from tor or i2p addresses (onion addresses and eepsites) via ssh or something similar to another machine, so that I can operate my service from within tor or i2p without having to run the systems.

This is something i would pay for, just saying since you seem clued in on interfacing wth the tor network.

If you don't run the hidden service/eepsite on the same server as the "real" site, it becomes trivial to locate the hidden service. For a service whose location is already known, since it's on the public Internet, this isn't really that big of a problem, but it could be an issue for such a proxy operator, who might not want his server's location known.

That said, it's pretty easy to set up a hidden service or eepsite. I can walk you through this for a few BTC. :)


Title: Re: Introducing OnionBitcoin
Post by: Nefario on May 16, 2011, 02:10:37 AM
I would be interested in a tor/i2p proxy service. that is you forward traffic from tor or i2p addresses (onion addresses and eepsites) via ssh or something similar to another machine, so that I can operate my service from within tor or i2p without having to run the systems.

This is something i would pay for, just saying since you seem clued in on interfacing wth the tor network.

If you don't run the hidden service/eepsite on the same server as the "real" site, it becomes trivial to locate the hidden service. For a service whose location is already known, since it's on the public Internet, this isn't really that big of a problem, but it could be an issue for such a proxy operator, who might not want his server's location known.

That said, it's pretty easy to set up a hidden service or eepsite. I can walk you through this for a few BTC. :)

How can they be located?


Title: Re: Introducing OnionBitcoin
Post by: MoonShadow on May 16, 2011, 02:20:08 AM
I would be interested in a tor/i2p proxy service. that is you forward traffic from tor or i2p addresses (onion addresses and eepsites) via ssh or something similar to another machine, so that I can operate my service from within tor or i2p without having to run the systems.

This is something i would pay for, just saying since you seem clued in on interfacing wth the tor network.

If you don't run the hidden service/eepsite on the same server as the "real" site, it becomes trivial to locate the hidden service. For a service whose location is already known, since it's on the public Internet, this isn't really that big of a problem, but it could be an issue for such a proxy operator, who might not want his server's location known.

That said, it's pretty easy to set up a hidden service or eepsite. I can walk you through this for a few BTC. :)

How can they be located?

It's similar to triangulation.  The hunter sets up an number of intermediary nodes that they can modify to track packets, then repeatedly make circuts to the target.  Since they know the starting content of packets, they can identify their own packets as they cross their nodes, even encrypted, by timing and packet size.  Then they note which node the packets are going too next.  The idea is to identify the path from different directions, narrowing down the geographical location of the target by progressively locating the nodes in the circuts.


Title: Re: Introducing OnionBitcoin
Post by: Nefario on May 16, 2011, 02:25:44 AM
Doesnt this attack require total control of the network? and how does running an eepsite from behind an i2p gateway (bearing in mind the connection to the server and the gateway is over vpn or ssh) make this attack any more likely or succesful than just running i2p on your local machine?


Title: Re: Introducing OnionBitcoin
Post by: MoonShadow on May 16, 2011, 03:39:13 AM
Doesnt this attack require total control of the network?

No, it only requires that you recreate the circuts repeatedly to identify as many of the nodes on the network as is necessary to narrow down the possible locations of the target.  Most hidden services use a few highly trusted nodes in order to defend against this attack, as victory is defined as establishing a circut with an owned node in direct contact with the target.  Still it can be done by first identifying those trusted nodes, and then literally breaking into those nodes to directly locate the target.  It's not an easy attack, but the CIA certainly has the resources to do it.  I doubt that the FBI would do it, for no other reason that such an attack wouldn't likely lead to untainted evidence for a trial.  But the CIA's goals don't usually involve a prosecution.


Title: Re: Introducing OnionBitcoin
Post by: error on May 16, 2011, 10:17:33 PM
The other issue is that if you have a Tor exit node or eepsite on a different machine than the server they're meant to serve, then the connection and data are vulnerable due to the obvious connections between them. After all, one must connect to the other, and that will end up going across the Internet unprotected.