Bitcoin Forum
December 15, 2017, 03:18:35 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 4 »  All
  Print  
Author Topic: "You should assume your IP address can be associated with you.." -Gavin Anderson  (Read 4751 times)
justusranvier
Legendary
*
Offline Offline

Activity: 1400



View Profile WWW
June 15, 2014, 05:21:00 AM
 #21

Go ahead and say the magic words 'tor'.  For my part I never trusted it.  At least not for highly critical work.  It being largely funded by the government to 'help Iranian dissidents' doesn't pass the smell test for me.  But to each his own.
I bet it's a lot more secure now after two critical OpenSSL bugs have been fixed.

I'll feel a lot better about it if Tor ever switches to LibreSSL for encryption.
1513351115
Hero Member
*
Offline Offline

Posts: 1513351115

View Profile Personal Message (Offline)

Ignore
1513351115
Reply with quote  #2

1513351115
Report to moderator
1513351115
Hero Member
*
Offline Offline

Posts: 1513351115

View Profile Personal Message (Offline)

Ignore
1513351115
Reply with quote  #2

1513351115
Report to moderator
1513351115
Hero Member
*
Offline Offline

Posts: 1513351115

View Profile Personal Message (Offline)

Ignore
1513351115
Reply with quote  #2

1513351115
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513351115
Hero Member
*
Offline Offline

Posts: 1513351115

View Profile Personal Message (Offline)

Ignore
1513351115
Reply with quote  #2

1513351115
Report to moderator
tvbcof
Legendary
*
Offline Offline

Activity: 2352


View Profile
June 15, 2014, 05:45:33 AM
 #22

Go ahead and say the magic words 'tor'.  For my part I never trusted it.  At least not for highly critical work.  It being largely funded by the government to 'help Iranian dissidents' doesn't pass the smell test for me.  But to each his own.

I bet it's a lot more secure now after two critical OpenSSL bugs have been fixed.

I'll feel a lot better about it if Tor ever switches to LibreSSL for encryption.

I've always been more concerned about timing analysis at the network level.  I've figured the NSA and such have taps almost everywhere.  At least since Mark Klein blew the whistle on AT&T's Narus nearly a decade ago.

An unhappy paradox is that one (or one like me) gains significant confidence in something only after it has been successfully attacked in specific ways.  TrueCrypt is a good example.


ShakyhandsBTCer
Sr. Member
****
Offline Offline

Activity: 448


It's Money 2.0| It’s gold for nerds | It's Bitcoin


View Profile
June 15, 2014, 08:27:21 PM
 #23

What if you aren't sending from a personal wallet (Bitcoin-QT, etc), rather from an exchange (Cryptsy, mint, etc)? In that situation would it still be possible to trace where it was sent from? Or, since it is the exchange's server sending the transaction, would it be anonymous?
Network snooping will show the transaction coming from the exchange.

The exchange, of course, knows it was your transaction and they'll have records showing such.

The same people who engage in widespread network snooping probably can just ask the exchange to give them those records (or they'll hack into the exchange and just extract the records themselves).

That's why I said if you use a web wallet you don't have any privacy.

A full peer who is not masking their activity is susceptible to transaction counting.  That is, detection of transactions which originated at the peer rather than those being relayed.  Or at least that was supposed several years ago.  Several years ago most people thought it impractical though I personally always considered it a potential threat.  Now (post-Snowden) it seems likely that fine-grained packet are captured, retained, and analyzed.  At least for anyone who is tagged for enhanced monitoring, and I think that there is a strong possibility that all Bitcoin users are.

A non-compromised https connection to a non-compromised exchange or wallet service (if there is such a thing) would be theoretically more safe.  It would require timing analysis to match user activity with transactions (if they even leave the service) and that would be very easily thwarted by introducing some random delays.  This assumes that the service is somewhat popular (and thus, active) of course.

Go ahead and say the magic words 'tor'.  For my part I never trusted it.  At least not for highly critical work.  It being largely funded by the government to 'help Iranian dissidents' doesn't pass the smell test for me.  But to each his own.



I was just thinking about saying that you could use tor right before I read your last sentence.

At least hear me out on this.....

You could write and sign a TX, use blockchain.info over tor to push the transaction while using a public wifi with a lot of people around. Or you could skip using tor and just use the public wifi although it would leak your general location but your identity would probably be hidden
justusranvier
Legendary
*
Offline Offline

Activity: 1400



View Profile WWW
June 15, 2014, 08:46:05 PM
 #24

I've always been more concerned about timing analysis at the network level. 
There's a way to fix that, if you don't care about burning bandwidth.

Set up your node to transmit data to each peer at a fixed rate regardless of how much real traffic it actually has to send. Basically this would be 100% padding.

Disadvantages is that it eats up your bandwidth, and it puts a hard upper limit on the  maximum throughput of the network, but on the plus side timing attacks are useless.
tvbcof
Legendary
*
Offline Offline

Activity: 2352


View Profile
June 15, 2014, 08:59:54 PM
 #25

...
Go ahead and say the magic words 'tor'.  For my part I never trusted it.  At least not for highly critical work.  It being largely funded by the government to 'help Iranian dissidents' doesn't pass the smell test for me.  But to each his own.

I was just thinking about saying that you could use tor right before I read your last sentence.

At least hear me out on this.....

You could write and sign a TX, use blockchain.info over tor to push the transaction while using a public wifi with a lot of people around. Or you could skip using tor and just use the public wifi although it would leak your general location but your identity would probably be hidden

Since the very early days (which was mid 2011 in my case) it struck me that Bitcoin has the potential to be very resilient because the data need is tiny and because it is not latency sensitive.  Absolutely the potential exists for transactions to be performed in even the most hostile environments though the methods you describe among others.

As I've alluded to before, I've assumed for some time that extensive deep packet capture and analysis has been underway.  The next shoe to drop would be active filtering.  We'd have to see compelling reason to do it, but if/when that reason comes into existence I expect that it will happen rapidly.  Even in this 'hostile environment' Bitcoin has a very real potential to continue to provide a framework for economic activity.

That said, it will never be exactly easy to use Bitcoin in an adverse environment.  A small fraction of people will have little trouble, and a growing fraction of people will develop the skills needed to do so, but we are still talking about a rarefied population.  And the notion of 'real time' activity would have to be drastically curtailed.  It never was a good fit with Bitcoin's design in the first place.  Anyway, this is the basis for my being fairly negative about efforts to extend the solution widely into the sphere of the masses and to try to forge it into a real-time solution (the domain of cash.)  Both of these will prove to be significant negatives if/when there is a genuine need for the solution.

I'm pretty much at the point now in the middle of 2014 of considering Bitcoin to be fatally damaged for the use-case that I envision as most valuable.  Maybe it could help bootstrap in a more viable and focused solution, but Bitcoin proper simply did not attempt to occupy the niche of a robust solution in a different and more hostile world than we see today.  Hopefully time will prove that it didn't matter much and nothing bad will happen in the real world.


tvbcof
Legendary
*
Offline Offline

Activity: 2352


View Profile
June 15, 2014, 09:05:27 PM
 #26

I've always been more concerned about timing analysis at the network level. 
There's a way to fix that, if you don't care about burning bandwidth.

Set up your node to transmit data to each peer at a fixed rate regardless of how much real traffic it actually has to send. Basically this would be 100% padding.

Disadvantages is that it eats up your bandwidth, and it puts a hard upper limit on the  maximum throughput of the network, but on the plus side timing attacks are useless.

Absolutely true!  Not only that, but in the context of Bitcoin transaction communications it would be a really good fit (see previous post on this thread.)

It would be great if some transfer nodes were employing this technique in their communications, and if they were rewarded for doing so.  As things stand now transfer nodes are not even rewarded for providing transmission services within the network at all, much less for doing it in a defensive manner.  Alas.


justusranvier
Legendary
*
Offline Offline

Activity: 1400



View Profile WWW
June 15, 2014, 09:15:44 PM
 #27

It would be great if some transfer nodes were employing this technique in their communications, and if they were rewarded for doing so.  As things stand now transfer nodes are not even rewarded for providing transmission services within the network at all, much less for doing it in a defensive manner.  Alas.
Even though the Bitcoin reference implementation is not as modular as I'd like it to be, at least there's enough modularity that the P2P protocol is independent of the blockchain rules.

I know someone who's been doing theoretical work on how to create a self-organizing market for realtime data propagation. Perhaps one of these days that will turn into deployed software.
Gimmelfarb
Hero Member
*****
Offline Offline

Activity: 644


View Profile
June 15, 2014, 09:33:11 PM
 #28

this isn't a suprise, really. you can see where transactions are broadcast from, so if sending from your own client, it would appear that your IP address could be narrowed down / linked to you. i've never been concerned, really.
Justin00
Legendary
*
Offline Offline

Activity: 910


★YoBit.Net★ 350+ Coins Exchange & Dice


View Profile
June 15, 2014, 09:48:39 PM
 #29

What was OP?
Thread starter delete cause he worried he being bmtracked now?

Annoying when OP gets  deleted..

tvbcof
Legendary
*
Offline Offline

Activity: 2352


View Profile
June 15, 2014, 09:55:15 PM
 #30

What was OP?
Thread starter delete cause he worried he being bmtracked now?

Annoying when OP gets  deleted..

IIRC, the body of the OP could just as well have been and 'EOM' trailing in the title.  It should not be big news to anyone that IP assignment logs are retained.  I'd be surprised if this particular bit of meta-data were not both very complete and retained indefinitely (edit: and they go back to the before y2k.)

Of course 'you' would mean whoever is paying the bill to your ISP...because even if your web-cam can be activated at will it is certain to be an unusual event.


TippingPoint
Legendary
*
Offline Offline

Activity: 905



View Profile
June 15, 2014, 10:43:13 PM
 #31

Using an unauthorized connection to an unprotected (or weakly protected) WiFi access point (for highly sensitive transactions by "Iranian dissidents") would be a dead-end for IP address tracking, but would not be very user-friendly.
BitDreams
Hero Member
*****
Offline Offline

Activity: 502



View Profile
June 16, 2014, 12:43:02 AM
 #32

In my opinion, eventually the ISP will have as much or more responsibility for knowing and protecting customers as traditional banks.

The ISP will have to work with local laws and governments regarding privacy and accountability.

The ISP is the most likely candidate to provide proof of location, if that ever becomes a feature. ISP's could act as a signature in transactions.

If ISP's won't step up to the responsibility, Maidsafe should.
ShakyhandsBTCer
Sr. Member
****
Offline Offline

Activity: 448


It's Money 2.0| It’s gold for nerds | It's Bitcoin


View Profile
June 16, 2014, 03:15:35 AM
 #33

this isn't a suprise, really. you can see where transactions are broadcast from, so if sending from your own client, it would appear that your IP address could be narrowed down / linked to you. i've never been concerned, really.

The Point is that a BTC TX can be associated to you via your IP address
NUD
Member
**
Offline Offline

Activity: 88


View Profile
June 16, 2014, 11:36:43 PM
 #34

Unless you are using New Universal Dollars™ Wink

@NUDTeam
NEaaHBhhjaTK36mYiSvPGjSjThDWN5gXgM
feverpitch
Full Member
***
Offline Offline

Activity: 131


View Profile
June 17, 2014, 12:02:05 AM
 #35

I wish I knew about this before I got into Bitcoin.  I have nothing to hide so I don't mind using my plain IP but if I'm torrenting, I use a proxy just so that it's not so easily accessible.   Undecided
silversurfer1958
Full Member
***
Offline Offline

Activity: 234


View Profile WWW
June 17, 2014, 01:15:12 AM
 #36

http://prism-break.org

Dark wallet.
cryptoanarchist
Legendary
*
Offline Offline

Activity: 1106



View Profile
June 17, 2014, 01:30:16 AM
 #37

It's pretty easy to get internet under a fake name.
ShakyhandsBTCer
Sr. Member
****
Offline Offline

Activity: 448


It's Money 2.0| It’s gold for nerds | It's Bitcoin


View Profile
June 17, 2014, 03:31:22 AM
 #38

It's pretty easy to get internet under a fake name.

Even if you signed up under an alias wouldn't your IP address still be associated with you house/apartment?
cryptoanarchist
Legendary
*
Offline Offline

Activity: 1106



View Profile
June 19, 2014, 12:28:49 AM
 #39

It's pretty easy to get internet under a fake name.

Even if you signed up under an alias wouldn't your IP address still be associated with you house/apartment?

Yes, and what if you rented in the same fake name?

Before someone says you can't pass a credit check for a place with a fake name - you can rent without doing a credit check. Just tell the landlord that you don't use a SSN on principle (Its a welfare program. Why invest in a corp that's trillions in debt? Underage contract..etc, etc). Some landlords, especially if they're desperate to rent, will let it slide. Others can be talked into it with a large enough deposit.
ShakyhandsBTCer
Sr. Member
****
Offline Offline

Activity: 448


It's Money 2.0| It’s gold for nerds | It's Bitcoin


View Profile
June 20, 2014, 02:47:09 AM
 #40

It's pretty easy to get internet under a fake name.

Even if you signed up under an alias wouldn't your IP address still be associated with you house/apartment?

Yes, and what if you rented in the same fake name?

Before someone says you can't pass a credit check for a place with a fake name - you can rent without doing a credit check. Just tell the landlord that you don't use a SSN on principle (Its a welfare program. Why invest in a corp that's trillions in debt? Underage contract..etc, etc). Some landlords, especially if they're desperate to rent, will let it slide. Others can be talked into it with a large enough deposit.

That sounds a lot like identity theft.
Pages: « 1 [2] 3 4 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!