is it dangerous to not use tor with bitcoin?

[paulie_w]

i was thinking:

if i have a large wallet, and i am using my normal ip address, doesn't that put me at risk of someone actually finding my physical location and sending thugs over to take it?

shouldn't the bitcoin devs be encouraging tor use?

[mintymark]

Interesting idea.

I am not sure its very easy to find your actual address from an IP address, but given unfortunate circumstances, interception of email, etc it can certainly be done - after all you give your address each time you order something.

I think the thing that makes this unlikely is that the 'thugs' do not actually know where you store your bitcoins. If you are sensible, you will have moved most of them to paper wallets and so they may not even be 'at your address'.

I did wonder if electronic thugs might be sent, but as I run Linux I worry less about this than I might otherwise. But worried about this and then moved most of my coins to a paper wallet.

Really, I think paper wallets are the answer. Just remember that there is no button to recover the password. (I mean private key.) if your house burns down and you loose them, they are lost!!

[paulie_w]

i think almost no one will do this (paper wallets)

which means: if i know your ip address, i just come to your house with a gun and force you to transfer them into a wallet (or kidnap your kids, etc).

we should talk about this more seriously as the market cap increases. it seems to me that tor should almost be mandatory, as well as the clients encouraging you to diversify your wallets into smaller wallets (and making this process easier)

[paulie_w]

Interesting idea.

I am not sure its very easy to find your actual address from an IP address, but given unfortunate circumstances, interception of email, etc it can certainly be done - after all you give your address each time you order something.

I think the thing that makes this unlikely is that the 'thugs' do not actually know where you store your bitcoins. If you are sensible, you will have moved most of them to paper wallets and so they may not even be 'at your address'.

also, with ipv6, doesn't it make them even more traceable-right-to-you?

[DannyHamilton]

The general recommendation is to use a new bitcoin address for every transaction.  If you do this, how are the thugs going to know what your bitcoin addresses are or how much bitcoin you have?

As a general rule, if you are telling people who you are and what your bitcoin addresses are, then Tor isn't going to help you.  If you are not telling people who you are and what your bitcoin addresses are, then the only thing they will determine if you are not on Tor is whether or not you are running a Bitcoin client. They won't know your addresses or bitcoin balance.

More specifically, at the moment there is an exploit that can be leveraged against the current Bitcoin-Qt client that can determine if a bitcoin client is likely to have a particular private key.  This needs to be addressed in the client itself in a future release.  In the mean time if this is a concern you have multiple options:

• Connect your bitcoin client to the bitcoin network via Tor
• Run 2 bitcoin wallets.  The first one has none of your addresses and connects to the bitcoin network, and the second has your addresses and connects ONLY to your first client.
• Store most of you bitcoins offline (paper wallet, USB drive, other removable media, etc)
  

[mintymark]

If you do not use paper wallets, really you are very foolish.

You back up your computer, of course. +1 for that.

But here's the thing, people can get to your computer. Its connected to the internet. There are already viruses that track network traffic, keylog, and yes deliberatly steal Bitcoin wallets.

Its already happened. Why should it not happen to you. So you are careful. Me too. Some of the people who have lost stuff in this way were careful too. Most not. It helps to be careful.

But the security of a carefully prepared paper wallet or many of them, is much more than a computer.  Having worked for an AV firm, we used to say that nothing beats physical locks. Its very true. A good hacker can get in most places given time and motivation.  

Anyone with any significant wallet should put it in paper wallets. Many of them. Thats my view.

[paulie_w]

If you do not use paper wallets, really you are very foolish.

You back up your computer, of course. +1 for that.

But here's the thing, people can get to your computer. Its connected to the internet. There are already viruses that track network traffic, keylog, and yes deliberatly steal Bitcoin wallets.

Its already happened. Why should it not happen to you. So you are careful. Me too. Some of the people who have lost stuff in this way were careful too. Most not. It helps to be careful.

But the security of a carefully prepared paper wallet or many of them, is much more than a computer.  Having worked for an AV firm, we used to say that nothing beats physical locks. Its very true. A good hacker can get in most places given time and motivation.  

Anyone with any significant wallet should put it in paper wallets. Many of them. Thats my view.

how do paper wallets protect you if someone knows that you have them?

[DannyHamilton]

- SNIP -

how do paper wallets protect you if someone knows that you have them?

Well, the smart thing to do would be to not tell anyone that you have the paper wallets (or at least only tell those who you trust with access, such as a spouse).

If you are going to make it known that you have paper wallets (as mintymark has now done), the next step would be to not tell anyone how many paper wallets you have, how much bitcoin is stored on each, and where they are located.

[mintymark]

Of course *any* store of value can be taken by force. That does not change.

But its about plausible denyability. The papers do not have to be here in the house. They may be in a bank vault, a friends house, etc. And when they march you to the bank and say open the vault, (weather they are or not) you *may* have a chance to get assistance.  They may be inaccessable to you because you have given them to someone else or to a layer. Or they may not exist anymore because you gambled them away one night in a game of poker in the local pub. You may have given them to your children, your mistress or your whore! You will get beaten up either way if you have thugs in your house, of course, and I hope that never happens but paper wallets can only help. And if you decide that the severity of the beating would be lessoned by giving them some or all of it, just like casy, well you can do that.

So thats how.  

[mintymark]

Damn! Danny your right!!

[ShadowOfHarbringer]

If you do not use paper wallets, really you are very foolish.

Nah. Paper wallets suck hard.

- What if somebody steals the paper wallet from you ? It is not encrypted.
- How is paper wallet better than microSD card which CAN be encrypted, so you can push it to the cloud, make multiple backups everywhere and you don't care if the backups get lost or stolen ?

An encrypted Laptop which is used only as Bitcoin-safe is much better.
The laptop may even have a truecrypt invisible partition  so you have plausible deniability in case a thug wants to take your coins from you.

You only connect the laptop to internet when you want to send coins. (You can use Armory offline wallet for that too)

Also for extra security, instead of synchronizing blockchain through running client normally, you can synchronize on a different computer and transfer the blockchain files through other means (SFTP, RSYNC).

[DannyHamilton]

- SNIP -
- What if somebody steals the paper wallet from you ? It is not encrypted.

Why isn't it encrypted.  You can store an encrypted private key on paper.

- How is paper wallet better than microSD card which CAN be encrypted, so you can push it to the cloud, make multiple backups everywhere and you don't care if the backups get lost or stolen ?

And a paper wallet can be uncrypted, pushed to multiple safes, and have multiple backups stored everywhere so you don't care if the backups get lost or stolen.

The laptop may even have a truecrypt invisible partition  so you have plausible deniability in case a thug wants to take your coins from you.

Wouldn't a carefully encrypted and disguised piece of paper also give you plausible deniability?

Also for extra security, instead of synchronizing blockchain through running client normally, you can synchronize on a different computer and transfer the blockchain files through other means (SFTP, RSYNC).

Wouldn't it be better not to synchronize the blockchain at all?  I don't think you need it to spend bitcoin as long as you know the hash value of the outputs that have been sent to you.

[Gavin Andresen]

shouldn't the bitcoin devs be encouraging tor use?

I hereby encourage everybody to use tor.

But I think worrying about thugs getting your street address from your Internet service provider and then breaking into your house to try to coerce you into giving them your Bitcoins seems very unlikely.

[jerfelix]

shouldn't the bitcoin devs be encouraging tor use?

I hereby encourage everybody to use tor.

But I think worrying about thugs getting your street address from your Internet service provider and then breaking into your house to try to coerce you into giving them your Bitcoins seems very unlikely.

Gavin, you don't know what kind of neighborhood I live in.





Although I think I'd worry more about this sort of potential thief.

[niko]

This is a non-issue. In fact, several unrelated non-issues. First - the fact that somebody might find out where somebody else lives based on the ip address. This is not easy to do, even law enforcement needs a court order in most countries.
Second, the fact that somebody might find out where somebody else lives by gaining access to their personal computer and Web mail, with all the personal documents containing the address, etc. Note, this likely means access to their bank accounts and locally stored bitcoins (unless offline or paper wallets).
Third, the fact that somebody might find find out the identity of a person controlling a particular bitcoin address with lots of coins, and then find out the address of that individual from public or semi-public records. Note, this has got nothing to do with IP address.

Now compare this whole mix of unrelated or losely related issues with the fact that anyone wanting to steal something of value can simply (compared to the goatfuck above it is simple) steal a car, rob someone of their gold necklace, kidnap for ransom, or just break into a wealthy-looking home and hope for the best. Or start a bitcoin Ponzi scheme.

tl;dr - the OP is fear-mongering and spreading FUD. No offense, paulie.

[DannyHamilton]

shouldn't the bitcoin devs be encouraging tor use?

. . . worrying about thugs getting your street address from your Internet service provider and then breaking into your house to try to coerce you into giving them your Bitcoins seems very unlikely . . .

Thugs?

[franky1]

paper wallets can be many forms..

EG i can have a paper wallet that is a poem in a book...

and the key is (for example but not reality) the 3rd word 7th word 26th word and a bunch of numbers for the brain wallet key.

so just having a book on my book shelf that is my paperwallet.

now try stealing my coins..

and for inheritance reasons if i die, just putting a statement for family to read in my Will as:

read my favourite book, word numbers ... .. ..  to receive your riches.

and basically if anyone does not know you well enough to know what your talking about, doesnt really deserve your hard labours

[paulie_w]

This is a non-issue. In fact, several unrelated non-issues. First - the fact that somebody might find out where somebody else lives based on the ip address. This is not easy to do, even law enforcement needs a court order in most countries.
Second, the fact that somebody might find out where somebody else lives by gaining access to their personal computer and Web mail, with all the personal documents containing the address, etc. Note, this likely means access to their bank accounts and locally stored bitcoins (unless offline or paper wallets).
Third, the fact that somebody might find find out the identity of a person controlling a particular bitcoin address with lots of coins, and then find out the address of that individual from public or semi-public records. Note, this has got nothing to do with IP address.

Now compare this whole mix of unrelated or losely related issues with the fact that anyone wanting to steal something of value can simply (compared to the goatfuck above it is simple) steal a car, rob someone of their gold necklace, kidnap for ransom, or just break into a wealthy-looking home and hope for the best. Or start a bitcoin Ponzi scheme.

tl;dr - the OP is fear-mongering and spreading FUD. No offense, paulie.

none taken! but i don't think you're right.

it may not be likely that i will correlate an ip address to a home address in most cases, and i agree with gavin and you about this. but, it's not strictly impossible. and you guys should also maybe think about insiders in companies that _can_ get that information.

anyway i think gavin's statement advising bitcoin users to use tor is all that needs to be said for now.

-w

[ArticMine]

paper wallets can be many forms..

EG i can have a paper wallet that is a poem in a book...

and the key is (for example but not reality) the 3rd word 7th word 26th word and a bunch of numbers for the brain wallet key.

so just having a book on my book shelf that is my paperwallet.

now try stealing my coins..

and for inheritance reasons if i die, just putting a statement for family to read in my Will as:

read my favourite book, word numbers ... .. ..  to receive your riches.

and basically if anyone does not know you well enough to know what your talking about, doesnt really deserve your hard labours

What if the house burns down during your funeral and your loved ones are left destitute because they cannot access your Bitcoins? 

[BkkCoins]

What IP address?

Your IP address is not stored in the blockchain and when your transaction gets relayed it's usually not your IP that gets recorded on sites like blockchain.info unless they happen to be connected to your node.

Maybe someone could run a client that records IP addresses but it can only record the IP of the clients that it connects to and transactions initiated by that node.

I run my bitcoin client on a server not at my house. I also use Electrum which runs off that server so any IP record would be from that location in Chiacgo (which is not even in the same country that I'm in).

It's probably pretty hit and miss to record accurate IP addresses for wallets/addresses and given that isn't it just as likely someone would turn up at your door looking for someone else's wallet.