flipperfish
Sr. Member
Offline
Activity: 350
Merit: 251
Dolphie Selfie
|
|
October 22, 2014, 02:41:55 PM |
|
I didn't explain this, but I lost 1 BTC using blockchain + TOR a few days ago, and 1 BTC using coinbase + TOR a few months ago, that's why I no longer trust clearnet sites + TOR
And what happens if I use Armory withouth TOR? Do I remain anonymous? Will my IP be traced when sending/receiving BTC?
Maybe it's not really necessary to use TOR with Armory after all...
I just want to prevent someone to know my IP when sending/receiving BTC, that's all
How did this happen? Did they freeze your bitcoins because you used TOR or was it some kind of Man-in-the-Middle attack? I would assume both can't happen with Armory. Freezing of funds is impossible, because you own the private keys. MITM can't happen because Armory relies on the local full node. However, even with Armory, if you don't want anyone to know your IP, you'll have to use some IP-hiding technique like TOR. Thanks flipperfish, It was a Man-in-the-Middle attack. So what do you reckon? Is it really necessary to run TOR with Armory or I'm being too paranoid? I think it depends on your security goals/requirements. If you really want to be sure (as sure as TOR permits), that no one can connect your transactions/addresses with your IP and by extension through your ISP your name, then yes, it is necessary to use TOR. On the other hand, if you are using Armory, in theory your IP will "only" be seen by the nodes in the Bitcoin-P2P-Network, you are currently connected to. Only these nodes are able to link your transaction to your IP. In practice there are side channels, by which your IP could get revealed, for example the "call home" function of Armory. Maybe there is something similiar in bitcoind (which you need for Armory), too. However, through these channels no transaction data *should* get to the outside. Note, that to receive transactions, you don't need to use TOR, because the local bitcoind will receive *all* transactions within the Bitcoin-Network. No one can differ, if you received a transaction that was destined to yourself or to someone else.
|
|
|
|
goatpig
Moderator
Legendary
Offline
Activity: 3738
Merit: 1360
Armory Developer
|
|
October 22, 2014, 05:23:55 PM |
|
Thanks GoatPig, so what do you reckon?
Is it really necessary to run TOR with Armory or I'm being too paranoid?
If you want to run a node and/or broadcast transactions without revealing your IP, you should use TOR. If your concern is not be victim of theft, stop using online wallets and enforce proper cold storage pratices. TOR doesn't add to your coins security, that's cold storage.
|
|
|
|
bitpop
Legendary
Offline
Activity: 2912
Merit: 1060
|
|
October 23, 2014, 10:58:23 AM |
|
Thanks GoatPig, so what do you reckon?
Is it really necessary to run TOR with Armory or I'm being too paranoid?
If you want to run a node and/or broadcast transactions without revealing your IP, you should use TOR. If your concern is not be victim of theft, stop using online wallets and enforce proper cold storage pratices. TOR doesn't add to your coins security, that's cold storage. Looks like tor is worse http://arxiv.org/abs/1410.6079
|
|
|
|
flipperfish
Sr. Member
Offline
Activity: 350
Merit: 251
Dolphie Selfie
|
|
October 23, 2014, 02:02:20 PM |
|
Thanks GoatPig, so what do you reckon?
Is it really necessary to run TOR with Armory or I'm being too paranoid?
If you want to run a node and/or broadcast transactions without revealing your IP, you should use TOR. If your concern is not be victim of theft, stop using online wallets and enforce proper cold storage pratices. TOR doesn't add to your coins security, that's cold storage. Looks like tor is worse http://arxiv.org/abs/1410.6079Nah, as far as I understand that paper, linkability of transactions to IPs with TOR is in the worst case the same as not using TOR. Care should be taken when receiving transactions, but as I described above, the anonymity of TOR isn't needed in that case. Is it possible to configure bitcoind to have a receive only non-TOR connection, while maintaining a connection via TOR which is used to broadcast transactions?
|
|
|
|
justusranvier
Legendary
Offline
Activity: 1400
Merit: 1013
|
|
October 23, 2014, 02:10:15 PM |
|
Thanks GoatPig, so what do you reckon?
Is it really necessary to run TOR with Armory or I'm being too paranoid?
If you want to run a node and/or broadcast transactions without revealing your IP, you should use TOR. If your concern is not be victim of theft, stop using online wallets and enforce proper cold storage pratices. TOR doesn't add to your coins security, that's cold storage. Looks like tor is worse http://arxiv.org/abs/1410.6079Nah, as far as I understand that paper, linkability of transactions to IPs with TOR is in the worst case the same as not using TOR. Care should be taken when receiving transactions, but as I described above, the anonymity of TOR isn't needed in that case. Is it possible to configure bitcoind to have a receive only non-TOR connection, while maintaining a connection via TOR which is used to broadcast transactions? Most of the attacks (except for the small number of hidden services to connect to) in that paper are fixed by adding "onlynet=tor" to bitcoin.conf, so that you don't use exit nodes at all. Longer term, it would be good to encourage more nodes to run dual (triple) stacked - listening on ipv4 and tor (and ipv6). Maybe it would be worth using proof of existence to allow hidden services to demonstrate they've been around for a while, even though this doesn't fully solve Sybil attacks.
|
|
|
|
cp1
|
|
October 24, 2014, 05:56:08 PM |
|
If you use armory over tor your coins are safe because all armory does is broadcast the signed transaction. The worst thing that will happen is that someone could refuse to relay your transaction or they could do transaction mutability thing that I don't think is a problem anymore and it's not limited to tor.
|
|
|
|
gweedo
Legendary
Offline
Activity: 1498
Merit: 1000
|
|
October 24, 2014, 07:47:22 PM |
|
If you use armory over tor your coins are safe because all armory does is broadcast the signed transaction. The worst thing that will happen is that someone could refuse to relay your transaction or they could do transaction mutability thing that I don't think is a problem anymore and it's not limited to tor.
Armory signs and uses bitcoin-core as the broadcast mechanism.
|
|
|
|
TheGambler
Member
Offline
Activity: 101
Merit: 10
|
|
October 29, 2014, 04:01:32 AM |
|
Still using this and coins are A-OK Loving the updateds op keep them coming
|
|
|
|
RoadStress
Legendary
Offline
Activity: 1904
Merit: 1007
|
|
October 29, 2014, 10:23:56 AM Last edit: October 29, 2014, 09:33:10 PM by RoadStress |
|
I got the following error: "There was an error constructing your transaction, due to a quirk in the way Bitcoin transactions work. If you see this error more than once, try sending your BTC in two or more separate transactions".
What's up with that?
Edit: I think it might be related to the transaction malleability problem. I have unconfirmed transactions in that wallet.
Second edit: Is there a reason for why I can access the "Transaction Info" window only on some transactions? Double click does nothing, right click>View Details does nothing.
|
|
|
|
seriouscoin
|
|
October 31, 2014, 08:51:21 AM |
|
Does Armory have a privacy feature when the client is launched, it ask for password b4 it sync any wallet?
I really want this on my watch-only client. But i wish to have privacy incase someone steal my computer they wont know if i have any bitcoin wallet/balance.
|
|
|
|
Newar
Legendary
Offline
Activity: 1358
Merit: 1001
https://gliph.me/hUF
|
|
October 31, 2014, 09:42:19 AM |
|
Does Armory have a privacy feature when the client is launched, it ask for password b4 it sync any wallet?
I really want this on my watch-only client. But i wish to have privacy incase someone steal my computer they wont know if i have any bitcoin wallet/balance.
Currently no. But really, you have no password on your boot (BIOS), no password on your drive encryption and no password on your login (OS)? If somebody steals your computer now and your drive is not encrypted with a password/passphrase, all they need to do is pull out the HDD and connect it to another PC and find the appropriate file (as far as watch-only is concerned).
|
|
|
|
seriouscoin
|
|
October 31, 2014, 10:08:25 AM |
|
Does Armory have a privacy feature when the client is launched, it ask for password b4 it sync any wallet?
I really want this on my watch-only client. But i wish to have privacy incase someone steal my computer they wont know if i have any bitcoin wallet/balance.
Currently no. But really, you have no password on your boot (BIOS), no password on your drive encryption and no password on your login (OS)? If somebody steals your computer now and your drive is not encrypted with a password/passphrase, all they need to do is pull out the HDD and connect it to another PC and find the appropriate file (as far as watch-only is concerned). what would that file be? and how would they open it? I thought the watch-only import file is self destroyed after i import it.
|
|
|
|
Newar
Legendary
Offline
Activity: 1358
Merit: 1001
https://gliph.me/hUF
|
|
October 31, 2014, 10:21:48 AM |
|
Does Armory have a privacy feature when the client is launched, it ask for password b4 it sync any wallet?
I really want this on my watch-only client. But i wish to have privacy incase someone steal my computer they wont know if i have any bitcoin wallet/balance.
Currently no. But really, you have no password on your boot (BIOS), no password on your drive encryption and no password on your login (OS)? If somebody steals your computer now and your drive is not encrypted with a password/passphrase, all they need to do is pull out the HDD and connect it to another PC and find the appropriate file (as far as watch-only is concerned). what would that file be? and how would they open it? I thought the watch-only import file is self destroyed after i import it. The information has to be there. Otherwise how would Armory know your watch-only addresses, if it doesn't store them anywhere? On Lubuntu: returns /root/.armory/armory_XYZxyzXYZ_.watchonly.wallet So, the information is certainly there. My guess is, if the attacker installs Armory on their PC and put your file in the right directory, they will be able to see your info.
|
|
|
|
bitpop
Legendary
Offline
Activity: 2912
Merit: 1060
|
|
November 01, 2014, 05:31:02 AM |
|
|
|
|
|
gweedo
Legendary
Offline
Activity: 1498
Merit: 1000
|
|
November 01, 2014, 06:28:22 AM |
|
|
|
|
|
chicken65
|
|
November 01, 2014, 02:06:23 PM |
|
Hi Folks. I decided to try this wallet. As a test I sent 0.1 btc to the wallet but it hasn't shown up. I see the amount on the block chain. I think something went wrong when I updated which I think was before the transfer. Instead of updating the software just created another armoury on my desktop. Thats when it gets a bit hazy? I did transfer that wallet to my applications folder thinking it would write over the existing one - but it didn't. I was left with two copies ...so a process of trying each one to see if the deposit would show up to no avail. Deleted one wallet, then another etc etc. Perhaps the wallet requires me to download the entire BTC block chain data before the transaction will show up in the wallet? Ive been doing that for two days now.
|
|
|
|
bitpop
Legendary
Offline
Activity: 2912
Merit: 1060
|
|
November 01, 2014, 02:45:52 PM |
|
Hi Folks. I decided to try this wallet. As a test I sent 0.1 btc to the wallet but it hasn't shown up. I see the amount on the block chain. I think something went wrong when I updated which I think was before the transfer. Instead of updating the software just created another armoury on my desktop. Thats when it gets a bit hazy? I did transfer that wallet to my applications folder thinking it would write over the existing one - but it didn't. I was left with two copies ...so a process of trying each one to see if the deposit would show up to no avail. Deleted one wallet, then another etc etc. Perhaps the wallet requires me to download the entire BTC block chain data before the transaction will show up in the wallet? Ive been doing that for two days now. Yes you must be synced
|
|
|
|
chicken65
|
|
November 01, 2014, 03:23:52 PM |
|
Ok Understood.
thanks
|
|
|
|
josephbisch
Member
Offline
Activity: 75
Merit: 10
|
|
November 04, 2014, 08:03:30 PM |
|
Should we report bugs we discover with the dev branch, or is it understood that since it is under active development, that there will be issues and not to report them?
I discovered an action when interacting with the ui that results in an error when performed once and a segmentation fault when performed a second time. It is when you double click on an address in your wallet. It is not present in 0.92.3.
I'll include more information in a formal bug report. Just wanted to make sure I should file one before doing so.
|
|
|
|
goatpig
Moderator
Legendary
Offline
Activity: 3738
Merit: 1360
Armory Developer
|
|
November 04, 2014, 09:41:47 PM |
|
Should we report bugs we discover with the dev branch, or is it understood that since it is under active development, that there will be issues and not to report them?
I discovered an action when interacting with the ui that results in an error when performed once and a segmentation fault when performed a second time. It is when you double click on an address in your wallet. It is not present in 0.92.3.
I'll include more information in a formal bug report. Just wanted to make sure I should file one before doing so.
Feel free to file them to our support channel. I don't think any of us have ran into this, so this being helpful. We are currently in the bug hunt phase on dev so you are welcomed to help.
|
|
|
|
|