I believe this thread indicates that Roger Ver was able to trace the ownership of one of your anonymous addresses via administrative access on your systems. At least based on a quick review this would appear to be conclusive proof that your claims about logging were inaccurate. Or to be more specific, you in fact had a web query page available to staff/support/investors which allowed querying by data that you above claimed not to log. Not only was the data being logged, but it was intentionally being logged and there was an easy to use lookup tool. Can you correct my understanding? Your understanding is incorrect. The address was not a mixer address, it was a regular wallet address which was in a wallet with notifications enabled. It has always been stated that the public keys are extracted from a wallet when notifications are enabled ( https://blockchain.info/wallet/anonymity). This has been altered now to store hashed addresses only. |
|
|
|
It is unclear if "access to this information" means specifically "access to the admin panel" or "access to all personal information". It could still be possible for Roger to access personal information without access to the admin panel depending on blockchain.info's network and database security.
Roger has never had access to the database, backups or any server access. He now has no elevated privileges over normal users. |
|
|
|
Also - why did he need this kind of access in the first place ? Were blockchain.info customers alerted about his access to this system ?
He was given access to this information because I was getting bogged down in support tickets and Roger kindly offered to help with some of them. Requests to recover lost identifiers are one of the most common queries. At the time it had not occurred to me that there could be a conflict of interest. In the blockchain.info thread I posted that a minority stake in the site had been sold, but did not specifically mention the admin panel. I'm sure this is just a lack of comprehension on my part, but what would prevent someone from calculating the SHA256 of a bitcoin address on their own, and using that to look up the wallet? Does the SHA256 include a secret key as well as the address, to prevent others from calculating the hash?
Addresses are hashed with a secret. With access to the secret it would be possible to hash every bitcoin address with a none zero balance and use that to compare against subscribed hashes to determine addresses in a wallet. The sacrifice of some anonymity when notifications are enabled has always been stated https://blockchain.info/wallet/anonymity. However it is no longer possible for admins to lookup an arbitrary wallet by address. |
|
|
|
What happenedI do not know the sepcifics but there was some disagreement between Roger and a customer of bitcoinstore.com. The customer claimed not to own a particular bitcoin address that a incorrect amount had been refunded to. Roger used his access to the blockchain.info admin panel to lookup the information on a wallet which held that bitcoin address. This email address associated with the wallet and the email address of the customer matched. Why is even possible?Wallet are stored fully encrypted, so they appear as random text to us. However when notifications are enabled the client extracts the public keys from a wallet and asks blockchain.info to subscribe to those addresses. The ability too lookup a wallet using this information was added so that when newbies come to us and say "I just created a bitcoin wallet, but forgot to record the wallet identifier how can get I get my money back?" we can ask for their bitcoin address or ip and and are normally able to recover the identifier. Screenshot of Admin Panel:  Why does Roger have access to the blockchain admin panelHe owns a minority stake in the company and helps with support. His funding has been tremendously helpful in allowing me to work on the Site full time, buy new servers, security hardware and fund free features. Who else has access to this information?Me, Roger and a customer support agent. What has been changed
- Roger and the support agent's access to this information has been revoked.
- Bitcoin addresses stored for notification purposes have been deleted. Addresses are now stored as a SHA 256 hash of the address, which removes the ability to lookup a wallet by bitcoin address.
- The secret phrase is now no longer shown to any admins
What other information could be used to identify a walletWe store the ip address a wallet was created with and the ip address a wallet was last updated with. A wallet can be looked up by SMS number or email if that information has been added in [Account Settings]. Can blockchain.info access funds the funds in my blockchain wallet?No, the information available gives only enough information to prove the user may own a wallet with that address. He could not have accesses the wallet, even if he had wanted to. No other individuals have access to the blockchain.info servers or code apart from me.
|
|
|
|
Roger has pointed me to this thread. Roger owns part of blockchain, so has access to the admin panel along with me. The admin panel is very basic but there is the ability to query wallets based on certain information. Recently the ability to query a wallet by bitcoin address was added, when notifications are enabled. These queries are designed to help users recover a forgotten wallet identifier and is not supposed to be used for any other purpose.  If a wallet is found the results are shown as follows: [Wallet {email=' zootreeves@gmail.com' , guid='abf66471-fe0a-6820-8977-55d7e8c1f6b2' , shared_key='XXX-XXX-XXX-XXX' , secret_phrase='My Secret' , alias='piuk' , created=Tue Jan 03 12:52:07 GMT 2012 , updated=Tue Dec 18 19:47:40 GMT 2012 , created_ip='81.187.238.52' , updated_ip='127.0.0.1' , sms_number='+44 7525431876' , country='GBP'} ] So you have the date the wallet was created, when it was last updated, the ip that created it and the ip that updated it. The secret phrase is the phrase required in order to reset two-factor authentication, not the password. The password, wallet balance, other addresses cannot be viewed. I am going to change notifications to store SHA256(bitcoin_address) rather than the plain bitcoin address which will remove the ability to lookup a wallet by address entirely.
|
|
|
|
|
SatoshiDICE has occasionally been sending out some double spends recently. This does cause confusing behaviour in the blockchain.info interface as only one of the transactions will be shown and the amount available to spend may be different than the displayed balance. The problem should resolve itself in about 1-2 hours once one of the transactions confirms the double spend is removed.
|
|
|
|
|
This should be a pretty reliable method.
1) Create a long chain of unconfirmed transactions (lots of free low priority transactions which depend on each other).
2) Send the final transaction in the chain to SatoshiDICE, including one input which isn't part of the unconfirmed chain. If the bet wins, great, keep rebroadcasting all the transactions in the chain and eventually they will confirm.
3) If the bet looses. Double spend the input from the betting transaction which is not part of the unconfirmed chain.
Because the chain will take a long time to confirm it gives a much larger window of opportunity for miners to pickup the double spending transaction. As miners join and leave the network they are much more likely to pickup the single double spend transaction, rather than the full chain of unconfirmed transactions (which you are no longer broadcasting). This technique was used to successfully double spend the blockchain.info mixer.
|
|
|
|
blockchain.info provides no customer support from what I've seen. If I create a wallet account, with my iphone the password doesn't work the next time I log in. I tested it 5 times. Lost a lot of coins because of it. They just refer people to bitcointalk..
What would be the email of your zendesk ticket? |
|
|
|
- The site knows all your transactions, your balances and your IP addresses. So it's not very private.
Not really, once logged out wallets are just random bytes. Queries made using the API and by the wallet interface are not differentiated and there is no differentiation made between watch only addresses and addresses with a private key which would make it difficult to record the balance if we wanted to. |
|
|
|
(0) The software can silently be replaced with malicious copies that redirect funds or steal keys. There exists JS pinning plugins for browsers but they aren't practically usable (the software changes all the time), and even if they were the systematic exposure I'm concerned about here isn't answered by it being possible for a savvy to make secure, to prevent disaster it must be secure by default.
This concern is valid. I'm not sure what you mean by the software changes all the time but the browser extension to mitigate this risk ( https://blockchain.info/wallet/verifier) has not been updated in several months. The iPhone/android apps are not vulnerable to this. This will be solved in time by using keys split between the native apps and the web app. (1) A significant fraction of users use insecure passwords which a hacker could attack. While it's possible for users to secure themselves, experience shows that even savvy people are remarkably bad at choosing passwords.
Yes the responsibility is with the user to choose a secure password which is no different than any client offering wallet encryption. We do enforce a minimum password length of 10 characters and try and detect weak passwords on sign up. (2) Even without any modification to the client software a server compromise could result in users seeing confirmed payments which were never made (and never even possible— e.g. the attacker paid you 30 million bitcoin), this is doubly bad because there is effectively no second source for clientless user to check even if they were very paranoid.
Fairly easy to verify using 3rd party sources. Difficult for the server operator or hacker to profit from deceiving users in this manner. (2a) Nowhere on the site are these security complications explained.
https://blockchain.info/wallet/technical-faqhttps://blockchain.info/wallet/securityhttps://blockchain.info/wallet/anonymityhttp://bitcoin.stackexchange.com/questions/5249/how-secure-is-blockchain-info/5255#5255(3) If the site is shutdown without notice or has its data and backups (if they exist at all) destroyed a large fraction— I'd guess a super-majority— of their users would lose all of their funds.
Email backups are enabled by default. Wallets are backed up server side in multiple locations including Amazon S3. The average user probably cannot be trusted to make their own backups regardless of what client they are using. On every login the options to backup are clearly presented, Bitcoin-Qt does not provide any backup instructions or recommendations. (4) Use of the site degrades user's privacy relative to normal SPV and Full clients. The site may currently be doing detailed logging of all operations and queries. A major privacy loss event would be harmful to the ecosystem. They may even be selling this information to the highest bidder.
No requests are logged apart from unexpected error responses. The same logging is possible with electrum servers but in that case it might not be known who is running the servers or their privacy policies. As for running a full node, multiple entities are probably monitoring the bitcoin network itself using the "first relayed" method and IP loggers. Besides the biggest weakness to the anonymity of bitcoin is at the time of exchange not whether your ip address leaks. |
|
|
|
Notifications will no longer be sent for SatoshiDICE transactions or any transactions involving addresses on this page http://blockchain.info/popular-addresses. This is to help reduce increasing costs of SMS messages. If the transactions do not involve popular addresses then I am not sure what the problem is. Perhaps you have reached the daily notifications limit? |
|
|
|
|
At least 700 people watching on blockchain right now. There should be a little something extra on the #210000 page.
|
|
|
|
No, this is not what I suggested. I suggested a Directory Listing with map, of places that accept Bitcoin. Maybe you understood wrongly because my bad English.
Ah ok, sorry I misunderstood. Similar to http://www.bitcoinmap.com? |
|
|
|
You should have your spider also go to bitcoin-otc user pages and get the addresses from there  The left-axis should be labeled in USD, not in BTC. This leads to confusion.
Fixed, thanks. So you would like to be able to tag transactions with a location? I could see how this would work, perhaps a live map of markers "X sent 1 BTC to X". However there is a danger of people revealing too much about themselves without being aware of what they are doing (even with it being optional). Not only might somebody be able to predict your wallet balance and potentially what you have purchased but also your location. Thank you for the suggestion, I will add it to the list but I think perhaps this data is best suited for social networks. Because blockchain.info/wallet allows people to make wagers using funds from transactions that have not confirmed first, what happens is that you get cascading double spends, and players thinking they won big when in fact their wager was invalid if the funds for making the wager never confirm.
The users is warned when they spend a double spend. However with the recent SD double spends the user probably wasn't warned as the inputs were respent by SD several minutes after the original transaction. Therefore at the time blockchain.info received the original transaction it seemed ok but even so eventually some of them lost against later transactions. I could disable spending double spends completely but it might be advantageous in some situations e.g. if miners consider the fees from an entire chain of unconfirmed transactions when deciding which transaction to eventually include in a block. SatoshiDICE seems to have fixed the double spend problem for now though. I am trying to connect to the Blockchain.info wallet API, but i keep getting disconnected. I've tried the recommended wrapper for ruby https://github.com/jjeffus/rpcjson, and i've tried simply with net/http. I just keep getting this error bc = RPC::JSON::Client.new ' https://e6152eDbf-85f7-527e-9adf-8b1dt7fa4312a:password@blockchain.info:443', 1.1 => #, @version=1.1> 1.9.3-p194 :018 > bc.getinfo Errno::ECONNRESET: Connection reset by peer I have tried connecting through bitcoind and that works fine. Forgive me if im missing something obvious. There have been reports of problems with that ruby library previously. Honestly i'm am not sure what is causing it. Will it connect to the Bitcoind RPC server? ----- Please upvote http://news.ycombinator.com/item?id=4833338 |
|
|
|
What happened to this? I'd love to use that new method, but can't find the deposit button anymore.
For the UK this will be available again Monday or Tuesday. I don't have an ETA for europe at the moment. Feature request
On transaction summary window, show the fee paid on transaction.
Can Do. so sounds like you just need to add VIBRATE to the manifest...
Good catch, thanks. piuk I really appreciate your service but what I just saw really ins't cool. I realize anyone who knows how to use google can find the same info, but I still don't see a reason why you need to display it automatically: https://blockchain.info/address/1H4sGgNSRvRuiUsbucsQBNFWhZcLnL2KW1At least give us an option to disable this in account settings or something. It's not in anyway tied to a My Wallet account. All I did was write a quick spider to check the signatures on bitcointalk and create a tag for each one found. I can remove your signature if you like, however remember if blockchain can index them then any entity (with possibly more nefarious intentions) can also. I guess just be careful posting your bitcoin address publicly. Also be aware not only about information you may have revealed yourself but also also of information that people you have sent and received transactions from have also made public. Tagging does not follow coins. However this is probably possible by determining the change output and attaching a confidence rating. Is it possible to create a new address and then delete the private key without internet access?
Sorry the documentation needs updating. Instead just login as normal and then disconnect your internet. However you MUST clear your browsers cache after deleting the private keys and before reconnecting to internet or the point of going offline is voided. |
|
|
|
|
Show Posts
