The State vs. Bitcoin

[matonis]

I realize that bitcoin is pseudonymous vs. anonymous and that precautions must be taken, but I came across two easy-to-find web pages that should serve as a harbinger of how law enforcement will utilize bitcoin data should it attain critical mass:

1. http://buybitcoins.com/   Look at the Google maps from the crooks real (or proxy) servers. Now, this company lost over $2,000 in fraudulent cc transactions which is wrong, but the larger point is that a shocking amount of information is available from sloppy users.  Consider if this were political prisoners from Tibet, Wikileaks benefactors, or simply international business people wishing to keep an income stream private from confiscatory taxation authorities;

2. http://theymos.ath.cx:64150/bbe/   This is the Block Explorer brilliantly assembled by 'theymos'.  I almost fell out of my chair when I imagined law enforcement each having Block Explorer running as their home page. Theymos should receive many donations (from governments, I suspect).

The implications are obvious.  In the trade-off to cryptographically address the double-spend issue, Bitcoin has left a transactional trail of valuable data which can be beneficial to anyone attempting to piece together a profile.  As Bitcoin matures, more services such as mybitcoin.com, bitcoin banks, and bitcoin mixers will be routine practice because otherwise the casual (or novice) user will be unaware of the trail that could easily lead to physical and geographical identity. The privacy features of a $100 bill or a 500-euro note should be the minimum standard of financial and transactional privacy.

[1714047566]

1714047566

[1714047566]

1714047566

[1714047566]

1714047566

[hugolp]

Is it possible to be 100% anonymous in the Internet? No matter what you do you are always showing your IP. Unless you go through Tor or similar, its not up to the protocol to hide the IP.

Maybe Bitcoin could implement a Tor system for the transactions in itself, so buyer and seller never interact directly. I will confess I have not master the bitcoin protocol (I am lazy) so can anyone tell me if it makes sense?

[theymos]

I almost fell out of my chair when I imagined law enforcement each having Block Explorer running as their home page.

This is exactly the effect I intended! Once people understand how attacks would be performed, they can learn how to use Bitcoin safely.

Maybe Bitcoin could implement a Tor system for the transactions in itself, so buyer and seller never interact directly. I will confess I have not master the bitcoin protocol (I am lazy) so can anyone tell me if it makes sense?

Tor doesn't ensure anonymity, though it is required for anonymity. The problem is not in the network layer; the problem is that every transaction is recorded in the block chain (and there's no known way to avoid this in a decentralized way). See http://www.bitcoin.org/wiki/doku.php?id=anonymity .

Maybe Open Transactions will someday be used for Bitcoin-backed bank notes. Open Transactions is perfectly anonymous, but centralized.

[grondilu]

Personnaly I think the point about bitcoin is not really anonymacy.  The point is encryption.  Even if the states knows who you are, and what kind of transaction you've done, they can't steal the money you've earned.  The only thing they can do is put you in jail.  I dare them to do that.  It would be so obviously outrageous.  I know they would do it anyway, but I don't care.  Bearing injustice is an honor, sometimes.

[matonis]

I almost fell out of my chair when I imagined law enforcement each having Block Explorer running as their home page.

This is exactly the effect I intended! Once people understand how attacks would be performed, they can learn how to use Bitcoin safely.

Maybe Bitcoin could implement a Tor system for the transactions in itself, so buyer and seller never interact directly. I will confess I have not master the bitcoin protocol (I am lazy) so can anyone tell me if it makes sense?

Tor doesn't ensure anonymity, though it is required for anonymity. The problem is not in the network layer; the problem is that every transaction is recorded in the block chain (and there's no known way to avoid this in a decentralized way). See http://www.bitcoin.org/wiki/doku.php?id=anonymity .

Maybe Open Transactions will someday be used for Bitcoin-backed bank notes. Open Transactions is perfectly anonymous, but centralized.

What are the best ways today to have "safe bitcoin" like "safe sex" ?  Is the future of untraceable bitcoin going in the direction of anonymous re-mixers where you have to trust a third party bitcoin bank or are there other ways that i am missing?

[theymos]

What are the best ways today to have "safe bitcoin" like "safe sex" ?  Is the future of untraceable bitcoin going in the direction of anonymous re-mixers where you have to trust a third party bitcoin bank or are there other ways that i am missing?

In the future I hope Bitcoin will offer:
- Manually selecting which coins to send. This would allow you to send coins known to be safe.
- Creation of accounts that never mix coins when sending. Use one for anonymous transactions and one for non-anonymous transactions.
- Automatically mixing coins to new addresses that you own. This is not foolproof, but it significantly increases anonymity.

Third-party mixers will hopefully be available in the future, but most people don't need to use them. Just having them exist gives tons of plausible deniability to the automatic self-mixing strategy.

Right now the best thing you can do is the MyBitcoin method mentioned on the wiki's anonymity page.

[hugolp]

- Automatically mixing coins to new addresses that you own. This is not foolproof, but it significantly increases anonymity.

I was thinking this exactly right now and came here to ask if it was possible.

Just for curiosity, is there any limit in the amount of addresses that can exists in the whole bitcoin network?

[grondilu]

Just for curiosity, is there any limit in the amount of addresses that can exists in the whole bitcoin network?

Not really.  The "limiting" factor, if this makes any sense, is rather the number of transactions.  Too many transactions could make too a big block chain for disk storage.  But the use of Merkle tree makes it unlikely to be a problem.

As for the total number of possible addresses, it is much bigger than the number of atoms in the universe.

[ShadowOfHarbringer]

Not really.  The "limiting" factor, if this makes any sense, is rather the number of transactions.  Too many transactions could make too a big block chain for disk storage.  But the use of Merkle tree makes it unlikely to be a problem.

As for the total number of possible addresses, it is much bigger than the number of atoms in the universe.

BTW, How does Bitcoin make sure that every generated address is unique ?
Is it just at random + seed, so there is a theoretical possibility of collision one in a billion billion times ?

[grondilu]

BTW, How does Bitcoin make sure that every generated address is unique ?
Is it just at random + seed, so there is a theoretical possibility of collision one in a billion billion times ?

Collision is theoretically possible but is astronomically unlikely.

Remember that there are much more addresses than there are atoms in the universe.

If two people were randomly choosing an atom in the universe, how likely do you think they are to choose the same atom ?

[ShadowOfHarbringer]

BTW, How does Bitcoin make sure that every generated address is unique ?
Is it just at random + seed, so there is a theoretical possibility of collision one in a billion billion times ?

Collision is theoretically possible but is astronomically unlikely.

Remember that there are much more addresses than there are atoms in the universe.

If two people were randomly choosing an atom in the universe, how likely do you think they are to choose the same atom ?

Not really, but i still don't like it. I am a programmer and i what like more are 0 and 1 states: either it is possible or not. So "impossible" is much more interesting for me than "so improbable that almost impossible".

PS.
Bankers also won't like the "highly unlikely" thing.

[nelisky]

BTW, How does Bitcoin make sure that every generated address is unique ?
Is it just at random + seed, so there is a theoretical possibility of collision one in a billion billion times ?

Collision is theoretically possible but is astronomically unlikely.

Remember that there are much more addresses than there are atoms in the universe.

If two people were randomly choosing an atom in the universe, how likely do you think they are to choose the same atom ?

The likelihood of that happening is directly proportional to the amount of damage that event would cause, according to good ol' Mr. Murphy

[grondilu]

Not really, but i still don't like it. I am a programmer and i what like more are 0 and 1 states: either it is possible or not. So "impossible" is much more interesting for me than "so improbable that almost impossible".

Seriously, you should give up on this idea that a non-zero probability is not negligeable.

A probability of 10^-100 is really impossible.  Do you know that according quantum mechanics, the probability that your ass crosses your chair when you seat is not zero ?  I can't compute it, but I wouldn't be surprised if such a probability was about that small.

[FreeMoney]

BTW, How does Bitcoin make sure that every generated address is unique ?
Is it just at random + seed, so there is a theoretical possibility of collision one in a billion billion times ?

Collision is theoretically possible but is astronomically unlikely.

Remember that there are much more addresses than there are atoms in the universe.

If two people were randomly choosing an atom in the universe, how likely do you think they are to choose the same atom ?

Not really, but i still don't like it. I am a programmer and i what like more are 0 and 1 states: either it is possible or not. So "impossible" is much more interesting for me than "so improbable that almost impossible".

PS.
Bankers also won't like the "highly unlikely" thing.

Really? So bankers never step outside? Or spend anytime inside for that matter, people die from building collapses every day.

It's just retarded to worry about this.Maybe there will be one collision if bitcoin becomes the primary currency of the universe for the next 100 billion years, but not before 40 million bankers get struck by lightning. Let it go.

Seriously, like a banker actually worries about every 1 in 10^100 possibility.

edit: It's probably a joke, got me good.

[ribuck]

I am a programmer and i what like more are 0 and 1 states: either it is possible or not.

Programming is full of probabilistic situations.

For example, the error checking/correction on your hard disk is probabilistic. A parity bit can detect a single error but not correct it. ECC coding can correct a single error and detect a double error but not correct it. The checksumming used on a hard disk can detect and correct a much larger number of errors.

But for every type of error detection correction, you can add some more errors and the algorithm will report the data as being correct. A parity bit is fooled by a double error, ECC code is fooled by a triple error, etc.

Provided your application (e.g. bitcoin) is depending on probabilities that are way more extreme than those that your hard disk is depending on, it's simply not a relevant issue, even in the black-and-white world of binary bits.

[grondilu]

Provided your application (e.g. bitcoin) is depending on probabilities that are way more extreme than those that your hard disk is depending on, it's simply not a relevant issue, even in the black-and-white world of binary bits.

You don't have to say that, ribuck.  A probability of 10^-100 is ridiculously small.  It is just silly to think otherwise.

Even if it was tested every nano seconds, I could easily bet 100 years of intensive non-stop torture that such an event will not occur during my entire life.

[grondilu]

Bankers and traders deal in risk everyday. They're perfectly well versed in the theory of probability and expected value.

I guess there are people on this forum that are good in maths too.  So let's compute this.

Let's say 10 billions of human beings are using bitcoin and that each of them generate a new address per second, 24/24h, 7d/7.

How much time do we have to wait so that we have 1% chance that at least one address has been generated twice ?

[ShadowOfHarbringer]

Bankers and traders deal in risk everyday. They're perfectly well versed in the theory of probability and expected value.

I guess there are people on this forum that are good in maths too.  So let's compute this.

Let's say 10 billions of human beings are using bitcoin and that each of them generate a new address per second, 24/24h, 7d/7.

How much time do we have to wait so that we have 1% chance that at least one address has been generated twice ?

That actually depends on the algorithm.
Because if the algorithm used to create the addresses does not have enough "randomness" in it, then such event may occur much faster, than it should judging from probability.

[ribuck]

Seriously, like a banker actually worries about every 1 in 10^100 possibility.

Bankers are comfortable with at ATM password of length four digits. If someone finds a card in the street, that gives them a one-in-3333 chance of being able to get money from the card (because you get three tries to enter the password).

By comparison with that, atom-in-universe risks are not worth considering.

[grondilu]

Seriously, like a banker actually worries about every 1 in 10^100 possibility.

Bankers are comfortable with at ATM password of length four digits. If someone finds a card in the street, that gives them a one-in-3333 chance of being able to get money from the card (because you get three tries to enter the password).

By comparison with that, atom-in-universe risks are not worth considering.

Well, to be fair, the number of atom in the universe (10^80) is not a good comparaison.

I just checked, and the total number of addresses is actually much lower.  It's about 1.5*10^48, according to theymos.   It's a huge number, but not as huge as 10^80.  I'll see if I can find an other physical comparaison.