Restriced Network Access to Bitcoin Only

[rbscebu]

I am helping a small retailer (food/coffee cafe) in Lapu Lapu City, Cebu to start accepting bitcoin payments in his shop. To the best of our knowledge, this will be the first retail store in the city to accept bitcoin.

The shop already has free WiFi available to its customers. Due to the relatively high cost of internet access here, the free WiFi access is secured by password that is changed daily.

It is not convenient to have every customer who wishes to pay with bitcoin to sign in to the shop's WiFi network. The shop's router has provision for enabling a second network to be established that can be open (no password required for access) and restricting access to a specific (or range of) IP address, port and/or protocol (TPC, UDP, ICPM, or All).

Is there a way to limit a customer's use of this open network to bitcoin transactions only?

[1715625879]

1715625879

[1715625879]

1715625879

[1715625879]

1715625879

[1715625879]

1715625879

[1715625879]

1715625879

[achow101]

Since you can restrict to ports, restrict it so that only tcp port 8333 allows incoming and outgoing connections. Prevent them from being able to have connections on any other port. However, the problem with this is with people who use web wallets won't be able to use their wallets, so maybe allow connections to certain ips from port 80, if that is possible.

[Quickseller]

Probably not. Very few people using any kind of mobile device are going to be running any kind of full node (and if they were, allowing them to do so would be very expensive). Users on a mobile device are most likely to be using either a SPV client or a web wallet and the number of these is nearly endless, and they use a variety of ways to connect to "their" servers to retrieve relevant information.

You may have a couple of potential solutions:

• Use the honor system - tell your customers that they may only use the 2nd password to pay you in bitcoin
• Limit the amount of time someone can access your 2nd password to say ~10 minutes (and use the honor system)
• Limit IP ranges to those of major web wallets, and the ports of those that major SPV clients use (I am not sure if you can use an "OR" function on your router), and add additional IP ranges/ports as more customers claim to use additional web wallets/SPV clients.
• Have your customers provide you with a signed transaction that you can broadcast yourself for you to receive payments - this will probably not work unless your customers have a decent amount of Bitcoin technical expertise

I personally think option 2 is going to be your best bet, especially as more people start to use bitcoin who are not technically savvy.

[Newar]

[...] The shop already has free WiFi available to its customers. [...]
It is not convenient to have every customer who wishes to pay with bitcoin to sign in to the shop's WiFi network. [...]

Out of curiosity, why not? Bitcoin users should realise that they need internet to pay in bitcoin*. If they don't have their own data plan and the shop provides free wifi to customers (which the people with paying bitcoin are too) anyway, how is it not convenient?

Joining an open network is a security / privacy concern.


* There are some wallet solutions that allow a tx to be transferred via bluetooth or NFC, but it obviously depends on the wallet in use.

[jbrnt]

Is there a way to limit a customer's use of this open network to bitcoin transactions only?

You can limit this 2nd wifi network to a few popular mobile wallets and web wallets by a combination of IP/domain name/port restrictions. You choose a few popular wallets and test which port/ip/domain name they use. Make sure they all work and other internet sites do not. Put up a sign saying which bitcoin mobile wallet and web wallet works with the password-less-wifi. If they need to use other bitcoin wallet, they will have to connect to your password protected wifi.

I think this is a nice compromise.

[rbscebu]

[...] The shop already has free WiFi available to its customers. [...]
It is not convenient to have every customer who wishes to pay with bitcoin to sign in to the shop's WiFi network. [...]

Out of curiosity, why not? Bitcoin users should realise that they need internet to pay in bitcoin*. If they don't have their own data plan and the shop provides free wifi to customers (which the people with paying bitcoin are too) anyway, how is it not convenient?

Joining an open network is a security / privacy concern.


* There are some wallet solutions that allow a tx to be transferred via bluetooth or NFC, but it obviously depends on the wallet in use.

Newar, you have a valid point. Most paying with bitcoin will probably also want to also use the free WiFi (with password) in the shop.

They still only have to enter the password once. That would cover their bitcoin transaction and later use of the shop's WiFi. I will run this past the shop owner. It he doesn't like it, we will look at restricting access through a second open AP.

[shorena]

I did a quick read up on mobile internet in the Philippines. Is the 3G connection that bad at the shop that you need to use WiFi? I suspect that this is reason the question came up in the first place, but I thought I make sure regardless. In most of Europe as well as north America most people would probably assume that customers have a 3G/4G data plan if they pay with bitcoin and dont bother at all.

More towards the actual topic, I would not try to block all but bitcoin on the port layer, but go to the application layer (7). If you have a router that can be run with open firmware solutions like tomato or OpenWRT it should be possible to create a bitcoin only WiFi. This might get tricky to setup though as I doubt there are ready to use filters like there are for other p2p traffic like torrents.

Maybe you can find a "good enough" solution by blocking HTTP(S) and mail as well as other commonly used services that generate a lot of traffic without actually having an airtight solution.

[rbscebu]

I did a quick read up on mobile internet in the Philippines. Is the 3G connection that bad at the shop that you need to use WiFi? I suspect that this is reason the question came up in the first place, but I thought I make sure regardless. In most of Europe as well as north America most people would probably assume that customers have a 3G/4G data plan if they pay with bitcoin and dont bother at all.

More towards the actual topic, I would not try to block all but bitcoin on the port layer, but go to the application layer (7). If you have a router that can be run with open firmware solutions like tomato or OpenWRT it should be possible to create a bitcoin only WiFi. This might get tricky to setup though as I doubt there are ready to use filters like there are for other p2p traffic like torrents.

Maybe you can find a "good enough" solution by blocking HTTP(S) and mail as well as other commonly used services that generate a lot of traffic without actually having an airtight solution.

Shorena, 3G connection is readily available in the Philippines. The problem is the cost (hence the offer of free WiFi in the shop). Minimum connection fee to 3G can cost you PHP10 for 30 minutes minimum when the average salary is about PHP300 for a 10 hour day. Your internet connection using a smartphone can cost you almost as much per minute as you can earn per minute!

[shorena]

I did a quick read up on mobile internet in the Philippines. Is the 3G connection that bad at the shop that you need to use WiFi? I suspect that this is reason the question came up in the first place, but I thought I make sure regardless. In most of Europe as well as north America most people would probably assume that customers have a 3G/4G data plan if they pay with bitcoin and dont bother at all.

More towards the actual topic, I would not try to block all but bitcoin on the port layer, but go to the application layer (7). If you have a router that can be run with open firmware solutions like tomato or OpenWRT it should be possible to create a bitcoin only WiFi. This might get tricky to setup though as I doubt there are ready to use filters like there are for other p2p traffic like torrents.

Maybe you can find a "good enough" solution by blocking HTTP(S) and mail as well as other commonly used services that generate a lot of traffic without actually having an airtight solution.

Shorena, 3G connection is readily available in the Philippines. The problem is the cost (hence the offer of free WiFi in the shop). Minimum connection fee to 3G can cost you PHP10 for 30 minutes minimum when the average salary is about PHP300 for a 10 hour day. Your internet connection using a smartphone can cost you almost as much per minute as you can earn per minute!

Thats expensive yeah.

The way I would approach this is as I wrote above (now with more links): get highly customizable firmware for the WiFi router and do some heavy research on layer7 filtering[1]. You would need to write your own filters though as I can not find any for bitcoin, besides this[2]. I am unsure whether filtering by the "magic number" for mainnet would work for apps. The easier route would be to just get as many layer7 paterns as you can[3] and just block everything else. Its certainly a longer project as the filters might need updates over time as customers run into problems with certain wallet apps.


[1] http://l7-filter.sourceforge.net/Pattern-HOWTO
[2] https://github.com/l7-filter/layer7-patterns/blob/master/bitcoin.pat
[3] many here https://github.com/l7-filter/layer7-patterns