BrightAnarchist (OP)
Donator
Legendary
Offline
Activity: 853
Merit: 1000
|
|
March 02, 2012, 11:12:10 PM Last edit: April 19, 2012, 03:04:28 AM by BrightAnarchist |
|
You know, I thought I was being pretty safe by keep certain addresses secret, keeping my wallet offline and encrypted, etc etc.
But I just realized something - I often check the addresses using blockchain.info or blockexplorer.com
Since the address is encoded into the URL, my ISP could merely save the places I have visited recently, and bam, someone would know "bitcoin addresses of interest" to me.
I suppose the solution is to use TOR to check it, or just use the client ( but I don't want to load my precious offline savings wallet! ). So ideally, the thing would be to have the ability to WATCH or TRACK certain addresses using the Bitcoin client, without having to have the private key for that address.
Good idea or bad idea? thanks.
|
|
|
|
|
|
|
|
You get merit points when someone likes your post enough to give you some. And for every 2 merit points you receive, you can send 1 merit point to someone else!
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
bitcoinsarefun
Member
Offline
Activity: 98
Merit: 10
|
|
March 02, 2012, 11:19:03 PM |
|
You know, I thought I was being pretty safe by keep certain addresses secret, keeping my wallet offline and encrypted, etc etc.
But I just realized something - I often check the addresses using blockchain.info or blockexplorer.com
Since the address is encoded into the URL, my ISP could merely save the places I have visited recently, and bam, someone would know "bitcoin addresses of interest" to me.
I suppose the solution is to use TOR to check it, or just use the client ( but I don't want to load my precious offline savings wallet! ). So ideally, the thing would be to have the ability to WATCH or TRACK certain addresses using the Bitcoin client, without having to have the private key for that address.
Good idea or bad idea? thanks.
not a bad idea but why would your ISP care? You concern is more about anonymity, right? There are other solutions ( you have mentioned at least one ) to visit the block* sites without compromising your anonymity
|
|
|
|
cypherdoc
Legendary
Offline
Activity: 1764
Merit: 1002
|
|
March 02, 2012, 11:41:27 PM |
|
Armory allows a watching wallet but requires satoshi to be open
|
|
|
|
Stephen Gornick
Legendary
Offline
Activity: 2506
Merit: 1010
|
|
March 03, 2012, 12:46:01 AM Last edit: March 03, 2012, 04:12:09 AM by Stephen Gornick |
|
Since the address is encoded into the URL, my ISP could merely save the places I have visited recently, and bam, someone would know "bitcoin addresses of interest" to me.
There's a URL for that. Use SSL (https://) - https://blockexplorer.com - https://blockchain.infoUsing https, only the domain IP address is left unencrypted and exposed should your ISP happen to do packet inspection. The path part and the rest of the URL are protected using SSL encryption.
|
|
|
|
BrightAnarchist (OP)
Donator
Legendary
Offline
Activity: 853
Merit: 1000
|
|
March 03, 2012, 12:48:33 AM |
|
Since the address is encoded into the URL, my ISP could merely save the places I have visited recently, and bam, someone would know "bitcoin addresses of interest" to me.
There's a URL for that. Use SSL (https://) - https://blockexplorer.com - https://blockchain.infoUsing https, only the domain is left unencrypted and exposed should your ISP happen to do packet inspection. The path part and the rest of the URL are protected using SSL encryption. Ahhh, I didn't even think of that. Thanks mate!
|
|
|
|
Jine
|
|
March 03, 2012, 02:11:51 AM |
|
Using https, only the domain is left unencrypted and exposed
No, it's not. The Host: header goes under HTTPS aswell, your browser directly connects to the IP-address and initiates a SSL-handshake first - after that, it submits a regular HTTP-request.
|
Previous founder of Bit LC Inc. | I've always loved the idea of bitcoin.
|
|
|
BkkCoins
|
|
March 03, 2012, 02:36:07 AM |
|
Also, the blockchain.info wallet allows you to add addresses without keys. This allows watching addresses without being able to send from them. I think he may also have an email notification upon activity but I haven't checked how that works.
You could conceivably create a wallet full of addresses containing stolen funds and then use it to monitor activity on the funds.
|
|
|
|
sunnankar
Legendary
Offline
Activity: 1031
Merit: 1000
|
|
March 03, 2012, 03:14:28 AM |
|
Since the address is encoded into the URL, my ISP could merely save the places I have visited recently, and bam, someone would know "bitcoin addresses of interest" to me.
Good thinking about how to vanish particular information as a preemptive measure. You may consider using a third-party to do the actual calling of information for you, like a Google Doc spreadsheet. Then you could either view the balances in the Google Doc spreadsheet or have the spreadsheet published online, without any addresses showing up, and then you would just visit the URL through a VPN. To add another layer of difficulty the URL would embed the spreadsheet information and the HTML would be encrypted. Someone would have to be pretty darn smart and know exactly what they are looking for to put 2 and 2 together. Here is the Google Doc embed code: =ImportData(" http://blockexplorer.com/q/getreceivedbyaddress/"&C159) =ImportData(" http://blockexplorer.com/q/getsentbyaddress/"&C159) =ImportHtml(" http://bitcoinwatch.com/", "table", 3) Current Balance = Received-Sent USD Value = Current Balance * USD Price
|
|
|
|
Stephen Gornick
Legendary
Offline
Activity: 2506
Merit: 1010
|
|
March 03, 2012, 04:11:02 AM |
|
Using https, only the domain is left unencrypted and exposed
No, it's not. The Host: header goes under HTTPS aswell, your browser directly connects to the IP-address and initiates a SSL-handshake first - after that, it submits a regular HTTP-request. Er, sorry. Thanks for correcting me on that. Not even the domain is exposed. Here's more info on it: "If you look in a network sniffer, like Network Monitor, at the same request you would just see the encrypted data going backwards and forwards. No URLs, headers or content is visible in the packet trace": - http://blog.httpwatch.com/2009/02/20/how-secure-are-query-strings-over-https/
|
|
|
|
|