Bitcoin Forum
November 19, 2024, 08:13:13 AM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 4 5 6 »  All
  Print  
Author Topic: Anonymity  (Read 68845 times)
RHorning
Full Member
***
Offline Offline

Activity: 224
Merit: 141


View Profile
August 15, 2010, 06:39:29 AM
 #21

I bet anonymity is a must for many users. We definitely need a poll.
What happens if i send all my money to one of my unused addresses? I guess that coins from all other addresses are gathered in one and no one is able to tell if I sent them to myself. Right? As the OP (I think) said, I will be still in the "suspect" list but nevetheless it offers some deniability.

BTW when you send money to yourself the transaction log doesn't even list which the receiving account is...  Roll Eyes

Don't send coins from one address to a different one on the same computer. This actually reduces your anonymity because it combines several different coins (some of which, such as generations, might be pretty anonymous). It's also obvious what you're doing because Bitcoin makes a special transaction when you send coins to yourself: it includes the full public key for the destination instead of the hashed public key used in normal transactions.

It sounds like this is something which desperately needs to be fixed.  There is no legitimate reason for transactions sent to yourself should be treated any differently than transactions to somebody else.  If anything, all "transactions" like this simply could be sent to "the nearest node" even if merely for confirmation and the "information" sent back to the original node.

This is a protocol problem and not something that should have "work arounds" that are merely kludges to something that can be fixed in the client and protocol itself.
theymos (OP)
Administrator
Legendary
*
Offline Offline

Activity: 5390
Merit: 13427


View Profile
August 15, 2010, 06:47:42 AM
 #22

Transfers to yourself are the same as transfers by IP address, so it was probably thought that this type of transfer would "blend in". No one uses IP transfers, though. (And no one should because they're insecure.)

Not much anonymity would be gained if this was fixed. You can't do proper "internal mixing" unless you have the ability to choose which coins you want to send to yourself.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
RHorning
Full Member
***
Offline Offline

Activity: 224
Merit: 141


View Profile
August 15, 2010, 07:20:44 AM
 #23

Transfers to yourself are the same as transfers by IP address, so it was probably thought that this type of transfer would "blend in". No one uses IP transfers, though. (And no one should because they're insecure.)

Not much anonymity would be gained if this was fixed. You can't do proper "internal mixing" unless you have the ability to choose which coins you want to send to yourself.

Why?  If you sent a transaction to a bitcoin address, how is that any different than sending the transaction to somebody else?  I just don't "get it", or understand why this is anything different?  Why should sending to a bitcoin address be treated as an IP address transfer, when clearly it isn't?

I'm not disputing that it is the current behavior, I'm just asking why it must be this way.
mizerydearia
Hero Member
*****
Offline Offline

Activity: 574
Merit: 513



View Profile
August 15, 2010, 07:33:06 AM
 #24

Would it be useful to use some of the information discussed in this thread in providing a type of documentation or information available on the wiki?  Something like http://www.bitcoin.org/wiki/doku.php?id=level_of_anonymity perhaps?
theymos (OP)
Administrator
Legendary
*
Offline Offline

Activity: 5390
Merit: 13427


View Profile
August 15, 2010, 07:36:38 AM
 #25

Quote from: RHorning
Why?  If you sent a transaction to a bitcoin address, how is that any different than sending the transaction to somebody else?

It's only different because you are capable of sending to a public key instead of a hash, since the full public key is in your wallet. Normally you don't have the full public key, so you must send it to a hash. There's no technical reason why you couldn't send self-transactions to a hash -- Bitcoin just doesn't. You don't need to extend the protocol at all to deal with this (the confirmation stuff you mentioned isn't necessary).

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
ichi
Member
**
Offline Offline

Activity: 182
Merit: 10


View Profile
August 15, 2010, 08:59:08 AM
 #26

What would be the point of sending bitcoin to another of one's receiving accounts on the same computer?  Even if it weren't less secure, it seems pointless and dangerous (see "lost bitcoin" thread).  Am I missing something?

It's become my practice to create a new Ubuntu VM / Bitcoin client for each major transaction, and to trash it after subsequent transfers to longer-term clients.  The IPs are anonymized.  Does that actually increase anonymity?
Tritonio
Hero Member
*****
Offline Offline

Activity: 640
Merit: 500


Vanity of vanities; all is vanity...


View Profile
August 16, 2010, 02:06:36 AM
 #27

I bet anonymity is a must for many users. We definitely need a poll.
What happens if i send all my money to one of my unused addresses? I guess that coins from all other addresses are gathered in one and no one is able to tell if I sent them to myself. Right? As the OP (I think) said, I will be still in the "suspect" list but nevetheless it offers some deniability.

BTW when you send money to yourself the transaction log doesn't even list which the receiving account is...  Roll Eyes

Don't send coins from one address to a different one on the same computer. This actually reduces your anonymity because it combines several different coins (some of which, such as generations, might be pretty anonymous). It's also obvious what you're doing because Bitcoin makes a special transaction when you send coins to yourself: it includes the full public key for the destination instead of the hashed public key used in normal transactions.

It sounds like this is something which desperately needs to be fixed.  There is no legitimate reason for transactions sent to yourself should be treated any differently than transactions to somebody else.

Exactly. I thought that if I created, let's say, three addresses and pass the money through each one of them, it would look like the money traveling through three different users. But because of this "inexplicable" feature it looks like I am schizophrenic.

BTW what's going on with that bug? I upgraded, added some good IP's and now it seems OK. But in the front page the older version is still served. Why?
RHorning
Full Member
***
Offline Offline

Activity: 224
Merit: 141


View Profile
August 16, 2010, 09:35:03 AM
 #28

What would be the point of sending bitcoin to another of one's receiving accounts on the same computer?  Even if it weren't less secure, it seems pointless and dangerous (see "lost bitcoin" thread).  Am I missing something?

It's become my practice to create a new Ubuntu VM / Bitcoin client for each major transaction, and to trash it after subsequent transfers to longer-term clients.  The IPs are anonymized.  Does that actually increase anonymity?

While I've railed against the software in some ways, this is the behavior that Freenet uses... as a means to preserve anonymity.  By acting as if you had "received" the transaction from another node (even though you are the one generating the data in the first place), it puts plausible deniability that you were the origin of that data.  Furthermore, I fail to see how "dangerous" it would become if you are asking for another node to "confirm" the transaction.... something quite important to the health and stability of the network in the first place.  Freenet even goes an extra step by having clients randomly "inject" data received from other nodes to 3rd party nodes to make it even fuzzier who got the data in case somebody does an audit.  There is no need for Bitcoin to be that paranoid but it is useful to see what extreme step you can take if you want to preserve anonymity.

There is no need to create a whole new VM/Bitcoin client, and in fact that sort of behavior actually puts a huge load on the network unless you are also copying over the whole block chain when you are creating this "new client" and keeping that block chain up to date.  Even then, that is a whole bunch of extra work that is a waste of your time.  Again, you are taking on a relatively simple problem that can be fixed within the protocol and hitting it with not just a big hammer but using a nuke instead.  You can waste your time if you want, but using that as a recommendation to others to waste their time when it isn't needed is bad form.

In terms of the danger of losing transactions, this last little issue of the bad block which forced the upgrade to v. 0.3.10 has actually increased my "faith" that the network will do just fine if you send the transaction and just depend on the network getting it right.  How you might lose coins is if you send them to an address that doesn't exist through mistyping the recipient's address (in this case your own) in some fashion or some other technical fault that has nothing to do with transmitting the transaction to another node.

Quote from: RHorning
Why?  If you sent a transaction to a bitcoin address, how is that any different than sending the transaction to somebody else?

It's only different because you are capable of sending to a public key instead of a hash, since the full public key is in your wallet. Normally you don't have the full public key, so you must send it to a hash. There's no technical reason why you couldn't send self-transactions to a hash -- Bitcoin just doesn't. You don't need to extend the protocol at all to deal with this (the confirmation stuff you mentioned isn't necessary).

I'm not talking about extending the protocol here at all.... as a matter of fact it is a simplification of the protocol and perhaps even the client software too.  There is no reason to have a special case if the transaction happens to go to a key that exists on that same computer, and certainly no reason for any extra data to be recorded that would indicate a self-referential transaction that appears externally as anything other than a coin transfer from one user to another.  Explicit special coding must happen for that situation to occur... in other words software development effort has been spent to make the current situation that removes anonymity.  It is a case where keeping it simple helps improve the overall algorithm.
Insti
Sr. Member
****
Offline Offline

Activity: 294
Merit: 252


Firstbits: 1duzy


View Profile
August 16, 2010, 11:08:11 AM
 #29

Don't send coins from one address to a different one on the same computer. This actually reduces your anonymity because it combines several different coins (some of which, such as generations, might be pretty anonymous). It's also obvious what you're doing because Bitcoin makes a special transaction when you send coins to yourself: it includes the full public key for the destination instead of the hashed public key used in normal transactions.

It sounds like this is something which desperately needs to be fixed.  There is no legitimate reason for transactions sent to yourself should be treated any differently than transactions to somebody else. 
+1
mizerydearia
Hero Member
*****
Offline Offline

Activity: 574
Merit: 513



View Profile
August 16, 2010, 11:37:41 AM
 #30

software development effort has been spent to make the current situation that removes anonymity.

Maybe this should be the next news headline posted at top of forum pages after the current warning becomes less important.
ichi
Member
**
Offline Offline

Activity: 182
Merit: 10


View Profile
August 16, 2010, 12:05:33 PM
Last edit: August 16, 2010, 01:06:28 PM by ichi
 #31

While I've railed against the software in some ways, this is the behavior that Freenet uses... as a means to preserve anonymity.  By acting as if you had "received" the transaction from another node (even though you are the one generating the data in the first place), it puts plausible deniability that you were the origin of that data.  Furthermore, I fail to see how "dangerous" it would become if you are asking for another node to "confirm" the transaction.... something quite important to the health and stability of the network in the first place.
I was thinking of http://bitcointalk.org/index.php?topic=782.msg8905#new.

Quote
There is no need to create a whole new VM/Bitcoin client, and in fact that sort of behavior actually puts a huge load on the network unless you are also copying over the whole block chain when you are creating this "new client" and keeping that block chain up to date.  Even then, that is a whole bunch of extra work that is a waste of your time.  Again, you are taking on a relatively simple problem that can be fixed within the protocol and hitting it with not just a big hammer but using a nuke instead.  You can waste your time if you want, but using that as a recommendation to others to waste their time when it isn't needed is bad form.
Right.  So far, I've done that only for large purchases of bitcoin.  I'm not an exchange, so it's relatively infrequent.  Also, given that I'm mailing cash, receiving clients typically live for a week or two, and the additional load is small relative to my total contribution to the network.

Is that a waste of time?  Well, creating a new Ubuntu VM / Bitcoin client only takes a few minutes.  If that increases my anonymity, even marginally, it's well worth the effort.  For those who aren't as concerned about anonymity, it's certainly overkill.

Edit:  To be explicit, my threat model is this: Can I remain anonymous when all with whom I exchange bitcoin are conspiring to identify me?  For me, here and now, that's probably overkill, in that I'm just a guy buying anonymous connectivity and server resources.  In China, OTOH?  Anywhere in ten years?  Hard to say.

Quote
How you might lose coins is if you send them to an address that doesn't exist through mistyping the recipient's address (in this case your own) in some fashion or some other technical fault that has nothing to do with transmitting the transaction to another node.
In my experience, sending doesn't work with incorrect addresses.

Quote
I'm not talking about extending the protocol here at all.... as a matter of fact it is a simplification of the protocol and perhaps even the client software too.  There is no reason to have a special case if the transaction happens to go to a key that exists on that same computer, and certainly no reason for any extra data to be recorded that would indicate a self-referential transaction that appears externally as anything other than a coin transfer from one user to another.  Explicit special coding must happen for that situation to occur... in other words software development effort has been spent to make the current situation that removes anonymity.  It is a case where keeping it simple helps improve the overall algorithm.
I totally agree with this, FWIW.
mizerydearia
Hero Member
*****
Offline Offline

Activity: 574
Merit: 513



View Profile
August 16, 2010, 12:42:10 PM
 #32

In my experience, sending doesn't work with incorrect addresses.

Incorrect addresses as in malformed addresses that are illegal or as in addresses that are currently considered nonexistent due to not being generated yet?

If the latter, how is it possible that all clients can verify whether an address exists or not?  Perhaps a call asking if it exists and if no response in ~2secs or so, then it doesn't exist?
Insti
Sr. Member
****
Offline Offline

Activity: 294
Merit: 252


Firstbits: 1duzy


View Profile
August 16, 2010, 12:50:38 PM
 #33


You can send to an address that does not exist.

A bitcoin address has a checksum in it, so it will stop you sending to a 'made up - invalid' address like 1abadadfakjflsdfjadslfjalfj
But it's possible to construct valid non existing addresses if you know what you are doing. But you won't do this accidentally.

Being able to verify if an address existed would be bad.
Does the address with the lost private key that has 8999 BTC in it exist or not?

ichi
Member
**
Offline Offline

Activity: 182
Merit: 10


View Profile
August 16, 2010, 01:19:29 PM
 #34


You can send to an address that does not exist.

A bitcoin address has a checksum in it, so it will stop you sending to a 'made up - invalid' address like 1abadadfakjflsdfjadslfjalfj
Yes, I've struggled sometimes copying addresses among isolated machines.  Including checksums is a great feature.

Quote
But it's possible to construct valid non existing addresses if you know what you are doing. But you won't do this accidentally.
Why would one do that?

Related question.  Suppose one created an address, and then took the host client down.  And suppose someone then sent bitcoin to that address.  Would that bitcoin exist indefinitely in limbo, waiting for the address to appear?  Or would the transfer just fail, and reverse itself?
Insti
Sr. Member
****
Offline Offline

Activity: 294
Merit: 252


Firstbits: 1duzy


View Profile
August 16, 2010, 02:03:34 PM
 #35

But it's possible to construct valid non existing addresses if you know what you are doing. But you won't do this accidentally.
Why would one do that?
I can't think of a reason why you'd want to. I was just trying to illustrate that you didn't actually need to generate a private key to create an apparently valid Bitcoin address.

Quote
Related question.  Suppose one created an address, and then took the host client down.  And suppose someone then sent bitcoin to that address.  Would that bitcoin exist indefinitely in limbo, waiting for the address to appear?  Or would the transfer just fail, and reverse itself?
You don't need to have a client running to receive bitcoins.
Once you create an address, any coins sent to it will just sit there waiting for you to spend them.
Any transfer to a 'valid' address should be successful. It is VERY rare for a transaction to be reversed.
There are other threads that explain this in more detail.This is not really an Anonymity issue.
nelisky
Legendary
*
Offline Offline

Activity: 1540
Merit: 1002


View Profile
August 16, 2010, 03:04:02 PM
 #36

You don't need to have a client running to receive bitcoins.
Once you create an address, any coins sent to it will just sit there waiting for you to spend them.

So, in theory, I could parse all the blocks, extract all the addresses and then make a tree of txins and txouts. With a little (a lot of?) effort, I could then try and split the txins from a txout into payment / change, effectively knowing which addresses belong to a single user. For those users that have a public address, this would be an unexpected disclosure.

I know the 'splitting the payment / change' is somewhat of a flawed argument, there is no way of being 100% sure all the time, but some rules might apply more often than not:
- Is there a txin for change = 0? This one is obviously from the sender
- On transactions of high value, chances are the highest part is the change (the 8999 lost coins thread being one such example)
- Future transactions from the change address will always carry the exact change amount + new txins, whereas the transfer receipient may very well already have a balance on the provided address.

I'm sure that all the statistical inclined fellow bitcoiners, being presented with a large enough annotated sample of the transactions to date could come up with a hihg accuracy model.
ByteCoin
Sr. Member
****
expert
Offline Offline

Activity: 416
Merit: 277


View Profile
August 16, 2010, 04:53:34 PM
 #37

Quote
Related question.  Suppose one created an address, and then took the host client down.  And suppose someone then sent bitcoin to that address.  Would that bitcoin exist indefinitely in limbo, waiting for the address to appear?  Or would the transfer just fail, and reverse itself?
You don't need to have a client running to receive bitcoins.
Once you create an address, any coins sent to it will just sit there waiting for you to spend them.
Any transfer to a 'valid' address should be successful. It is VERY rare for a transaction to be reversed.
There are other threads that explain this in more detail.This is not really an Anonymity issue.
Actually, when you send coins to an address you can view the coins as sitting there waiting for the address "holder" to spend them even if the address doesn't exist. If that address is created in future then they can spend the coins.
If you send coins to an address for which the private key has been lost then the coins can be imagined to be in limbo waiting for either the private key to be recovered or for a new key with the same address to be generated.
(Not sure about the "new key with same address" bit. May depend on the details of the transaction).

ByteCoin

NewLibertyStandard
Sr. Member
****
Offline Offline

Activity: 252
Merit: 268



View Profile WWW
August 16, 2010, 09:26:04 PM
 #38

Sending payments to fake addresses provides a way to broadcast short encoded and optionally encrypted unalterable messages to the world anonymously. Have security codes for the organization committing genocide, but scared you'll be killed if the publisher accidentally reveals your identity? Shocked Publish them with Bitcoin. Cool

Treazant: A Fullever Rewarding Bitcoin - Backup Your Wallet TODAY to Double Your Money! - Dual Currency Donation Address: 1Dnvwj3hAGSwFPMnkJZvi3KnaqksRPa74p
theymos (OP)
Administrator
Legendary
*
Offline Offline

Activity: 5390
Merit: 13427


View Profile
August 16, 2010, 09:36:16 PM
 #39

Quote from: ichi
It's become my practice to create a new Ubuntu VM / Bitcoin client for each major transaction, and to trash it after subsequent transfers to longer-term clients.  The IPs are anonymized.  Does that actually increase anonymity?

From the "Anonymity" article on the wiki:
Quote
Sending coins to a different computer under your control will give you some plausible deniability. However, an investigator is still likely to find you and demand to know who you sent the coins to. If they search your stuff, they'll probably find your other computer. If the attacker is not law enforcement (or maybe even if they are), they might kill you “just in case”. If you use this method, send bitcoins in small increments (no more than 50 BTC, but as small as you're willing to use) to avoid combining coins, which reduces anonymity.

Also:
Quote
Tor prevents network analysis and should be used, but it won't help make your Bitcoin balance “clean” The attacker isn't talking to you over the Internet; they're looking at your changes to the block  chain. This is similar to posting a threat and your street address on a message board using Tor – Tor doesn't stop the police from finding you.

Quote from: ichi
To be explicit, my threat model is this: Can I remain anonymous when all with whom I exchange bitcoin are conspiring to identify me?  For me, here and now, that's probably overkill, in that I'm just a guy buying anonymous connectivity and server resources.  In China, OTOH?  Anywhere in ten years?  Hard to say.

As long as it's not illegal to use Bitcoin, Bitcoin can satisfy that threat model. The current implementation does not, however.

Quote from: RHorning
I'm not talking about extending the protocol here at all.... as a matter of fact it is a simplification of the protocol and perhaps even the client software too.  There is no reason to have a special case if the transaction happens to go to a key that exists on that same computer, and certainly no reason for any extra data to be recorded that would indicate a self-referential transaction that appears externally as anything other than a coin transfer from one user to another.  Explicit special coding must happen for that situation to occur... in other words software development effort has been spent to make the current situation that removes anonymity.  It is a case where keeping it simple helps improve the overall algorithm.

I agree that the behavior should be changed. The change is not really a simplification, though: it's the use of hashes (addresses) that is a bit of a "hack". The thought was probably, "We know the public key, so let's avoid all of that hashing garbage."

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
FreeMoney
Legendary
*
Offline Offline

Activity: 1246
Merit: 1016


Strength in numbers


View Profile WWW
August 16, 2010, 10:31:27 PM
 #40

Sending payments to fake addresses provides a way to broadcast short encoded and optionally encrypted unalterable messages to the world anonymously. Have security codes for the organization committing genocide, but scared you'll be killed if the publisher accidentally reveals your identity? Shocked Publish them with Bitcoin. Cool

It would be just terrible if people realized there was a way to post messages to the internet.  Roll Eyes

Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
Pages: « 1 [2] 3 4 5 6 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!