Unencrypted blockchain leads to snooping

[sigma02]

So you're basically saying that google can see the website you get served?
How the hell is ANY account safe from google?
Anyway, you're having a cool fantasy, i'll let you at it..

Thanks, mobo.
Seriously, go to satoshidice and observe the google script and the 'google+1' tracker.  You are using no-script and something like ghostery, I would imagine.

[sigma02]

Actually I was lying about my father.

I know. Don't pull the Hitler card on Germans. It'll fail miserably.

It was my grandfather.

You don't need to invoke Hitler.  The Asian population on the West coast of the US was hauled off based on census records.

[jackjack]

/etc/hosts
Safe.

[mobodick]

So you're basically saying that google can see the website you get served?
How the hell is ANY account safe from google?
Anyway, you're having a cool fantasy, i'll let you at it..

Thanks, mobo.
Seriously, go to satoshidice and observe the google script and the 'google+1' tracker.  You are using no-script and something like ghostery, I would imagine.

I use both.

Anyway, google doesn't get to see the actual content of your session.
If SD produces, say,  an URL with your address or something then its SD that does it wrong.
But googles cookies and scripting code should have no way of connecting you to some BTC address.
Maybe you can post the code fragment where it is clear that google knows more than the url you are on?

[sigma02]

Anyway, google doesn't get to see the actual content of your session.
If SD produces, say,  an URL with your address or something then its SD that does it wrong.
But googles cookies and scripting code should have no way of connecting you to some BTC address.
Maybe you can post the code fragment where it is clear that google knows more than the url you are on?

<script src="js/jquery-1.7.2.min.js"></script>
<script src="js/jquery.tools.min.js"></script>
<script src="js/jquery.qtip.min.js"></script>
<script src="js/jquery.stylish-select.min.js"></script>
<script src="js/jquery.equalheights.js"></script>
<script src="js/script.js"></script>

Can you be sure there is nothing in there that compromises your privacy or transaction security?

It would be smart not to use bitcoin addresses from pages that require scripts or carry web bugs.

With scripts disabled, noscript reports
-google.com
-satoshidice.com

Allowing satoshidice.com makes google no longer necessary, which is freaky all by itself.

[sigma02]

/etc/hosts
Safe.

I do it too.  Not safe, just a little something extra.

[mobodick]

Anyway, google doesn't get to see the actual content of your session.
If SD produces, say,  an URL with your address or something then its SD that does it wrong.
But googles cookies and scripting code should have no way of connecting you to some BTC address.
Maybe you can post the code fragment where it is clear that google knows more than the url you are on?

<script src="js/jquery-1.7.2.min.js"></script>
<script src="js/jquery.tools.min.js"></script>
<script src="js/jquery.qtip.min.js"></script>
<script src="js/jquery.stylish-select.min.js"></script>
<script src="js/jquery.equalheights.js"></script>
<script src="js/script.js"></script>

Can you be sure there is nothing in there that compromises your privacy or transaction security?

It would be smart not to use bitcoin addresses from pages that require scripts or carry web bugs.

With scripts disabled, noscript reports
-google.com
-satoshidice.com

Allowing satoshidice.com makes google no longer necessary, which is freaky all by itself.

LOL.,
I hope you understand that those scripts were put there by SD.
If you trust SD with your credits you may as well trust them with their scripts.
I mean, come on, this is the internet. The safest place on earth.

[jackjack]

I mean, come on, this is the internet. The safest place on earth.

I approve this message

[sigma02]

LOL.,
I hope you understand that those scripts were put there by SD.
If you trust SD with your credits you may as well trust them with their scripts.
I mean, come on, this is the internet. The safest place on earth.

Web developers don't think twice about using ajax, loaded from google.  In effect, that turns over your access log, your customer list and provides per-user scripting capability.

Seriously, I was yelled at here for a lot less than running untrusted scripts from an organization with questionable goals.

Given the state of bitcoin, I would bet that pretty much everyone has visited satoshidice and turned over at least their IP, browser signature and a cookie to google.  You don't have to be very paranoid to think of what that means.

[sigma02]

If you trust SD with your credits you may as well trust them with their scripts.

Isn't bitcoin all about zero-trust?  Just because I am willing to risk .01BTC, does it mean I am willing to trust them with other things?

[cmcgeecc]

I have an interesting further discussion topic on this.  As far as I can tell there are ways to protect your anonymity when using bitcoin (i.e. ewallet mixing strategy as discussed here https://en.bitcoin.it/wiki/Anonymity).  Unfortunately, it is very inconvenient.  In this sense I agree with the initial post.  However, an argument could be made that a more open transaction record could actually be a strength to the currency.

1. It could make it easier for us to fight back against hackers or bitcoin thieves.

2. The governments may be less threatened by the currency if they feel they can track where money is going.  With bitcoin in its early stages it is vulnerable to massive government attacks.

Please reply with any thoughts you may have on this.  Agree or disagree.  I'm just looking for different points of view.

[sigma02]

1. It could make it easier for us to fight back against hackers or bitcoin thieves.

I totally agree.  Transparency is great for us to establish the system and check for ongoing issues.  Keeping windowshades open allows people to see when a robbery is happening.

2. The governments may be less threatened by the currency if they feel they can track where money is going.  With bitcoin in its early stages it is vulnerable to massive government attacks.

Agreed.

I am concerned more about option 3:
The government or a trusted agency/corporation introduces a crypto-currency that satisfies all security requirements.  The backdoor is in plain site,  a 100% accurate record of all the transactions in the system.  With a little extra information that is available to them, this provides unrestricted access to all the individual transactions linked to their identity in a very high probability manner.

[DeathAndTaxes]

If you trust SD with your credits you may as well trust them with their scripts.

Isn't bitcoin all about zero-trust?  Just because I am willing to risk .01BTC, does it mean I am willing to trust them with other things?

No the purpose of bitcoin is to allow commerce without needing to trust a THIRD PARTY. You always need to trust your counterparty.  Bitcoin or xCoin isn't going to change that.   If you don't trust the persons you are doing business with ... don't do business with them.  If I promise to sell you gold for x BTC and you pay and I don't then you lose.  Bitcoin can't prevent that.  Taken to the extreme if I mail you some gold you are trusting that I won't follow the mailman, attack you and take the gold back.  Bitcoin eliminates the need to trust a central authority it doesn't eliminate the need for trust ... just ask Pirate's "investors".

Of course your SD example is even more silly when you realize the website isn't needed.  Send 0.01 BTC or more to this address 1dice97ECuByXAvqXpaYzSaQuPVvrtmz6  and you have a 50/50 chance of winning.  If you win winnings are sent back to you and if you lose a losing amount if sent back to you.  See now you can play without google ever knowing you visisted SD.

[movellan]

It is more effective. You could post the raw transactions on blockchain or brainwallet.org through your VPN and you'd essentially be anonymous. If someone makes an email-to-transaction-broadcast thingie, that works with OpenPGP, you could make truly anonymous transactions. Or if someone operates a hidden service (on TOR) that does this.

But, just using the plain reference client already allows you a certain anonymity, because you only broadcast your transaction to a limited number of nodes, and they relay it to the rest of the world.

Thanks, Dabs. I will probably continue with new wallet and IP address for each transaction as I've been doing it since I started in Bitcoin and it's just habit now.

What about a blockchain wallet that one would use for small amounts? Would there be any advantage to moving empty (0.0 BTC) once-used addresses to the archive section and the deleting them and the private key after a few days (well after many confirmations)?

[mobodick]

LOL.,
I hope you understand that those scripts were put there by SD.
If you trust SD with your credits you may as well trust them with their scripts.
I mean, come on, this is the internet. The safest place on earth.

Web developers don't think twice about using ajax, loaded from google.  In effect, that turns over your access log, your customer list and provides per-user scripting capability.

Seriously, I was yelled at here for a lot less than running untrusted scripts from an organization with questionable goals.

Given the state of bitcoin, I would bet that pretty much everyone has visited satoshidice and turned over at least their IP, browser signature and a cookie to google.  You don't have to be very paranoid to think of what that means.

But you still fail to prove that your online identity can be linked by google to your bitcoin identity.
What if SD just sells your personal information to facebook? You would have no way to know.
So the only real question is, do you trust satoshidice?
If not, just don't go to there.

[sigma02]

No the purpose of bitcoin is to allow commerce without needing to trust a THIRD PARTY. You always need to trust your counterparty.  Bitcoin or xCoin isn't going to change that.   If you ...

There are levels of trust.  Just because I trust satoshidice with 0.01BTC does not imply that I trust them with my identity.

[mobodick]

If you trust SD with your credits you may as well trust them with their scripts.

Isn't bitcoin all about zero-trust?  Just because I am willing to risk .01BTC, does it mean I am willing to trust them with other things?

I ment that in an informational sense.
You trust some information to them and they can technically track that transaction throughout the blockchain. So they have some information that can link googles profile to a bitcoin address you own. So taking a risk of 0.01BTC means you already trust them with a lot of things.
Note that it is SD that has the power to make the link. Google could not do it on their own (and survive the shitstorm).

So all i'm saying is that to anyone worried about these things it is pretty obviously obvious that they are on the internet and what consequences that has.
This problem has absolutely nothing to do with bitcoin itself.

[sigma02]

This problem has absolutely nothing to do with bitcoin itself.

I generally agree with you.  Except for the darn unencrypted blockchain, a log of every transaction ever made.  That is a marketer's (or spy's) dream. 

For individual players, there is of course no hope to use it.  For a government or a large corporation with a ton of additional information, it's a goldmine.

[mobodick]

This problem has absolutely nothing to do with bitcoin itself.

I generally agree with you.  Except for the darn unencrypted blockchain, a log of every transaction ever made.  That is a marketer's (or spy's) dream. 

For individual players, there is of course no hope to use it.  For a government or a large corporation with a ton of additional information, it's a goldmine.

Meh, these eentities have far better ways to track information.
Do you know that all your communication on the internet is logged by several entities?
Not the actual content (altho it wouldn't surprise me in some cases) but i think they store packet headers or something.
That's already a reality.

And i don't think it was never the intention of bitcoin to pretend to be anonymous.
From Bitcoin.org:
_____________
Bitcoin is not anonymous without efforts

All Bitcoin transactions are stored publicly and permanently on the network, which means anybody can see the balance and the transactions of any Bitcoin address. However, it is not possible to associate a Bitcoin address with its physical owner unless the owner demonstrated that they own it. This is why it is recommended to use many different Bitcoin addresses; in fact, you should create a new one each time you receive money. This is especially important for public uses such as websites. You might also want to consider hiding your computer's IP address with a tool like Tor so that it cannot be logged by others.
_____________

So there you have it.

[sigma02]

Meh, these eentities have far better ways to track information.
Do you know that all your communication on the internet is logged by several entities?
Not the actual content (altho it wouldn't surprise me in some cases) but i think they store packet headers or something.
That's already a reality.

True enough, they track internet traffic, but at least your billpay session is encrypted.  With bitcoin they can track every transaction.

EDIT: Before I wasn't even talking about those with access to traffic.  If they can monitor network packets, we are completely naked, way worse then Chase Online Banking.