New Feature idea - tracking BTC address balance using the client?

[BrightAnarchist]

You know, I thought I was being pretty safe by keep certain addresses secret, keeping my wallet offline and encrypted, etc etc.

But I just realized something - I often check the addresses using blockchain.info or blockexplorer.com

Since the address is encoded into the URL, my ISP could merely save the places I have visited recently, and bam, someone would know "bitcoin addresses of interest" to me.

I suppose the solution is to use TOR to check it, or just use the client ( but I don't want to load my precious offline savings wallet! ). So ideally, the thing would be to have the ability to WATCH or TRACK certain addresses using the Bitcoin client, without having to have the private key for that address.

Good idea or bad idea? thanks.

[bitcoinsarefun]

You know, I thought I was being pretty safe by keep certain addresses secret, keeping my wallet offline and encrypted, etc etc.

But I just realized something - I often check the addresses using blockchain.info or blockexplorer.com

Since the address is encoded into the URL, my ISP could merely save the places I have visited recently, and bam, someone would know "bitcoin addresses of interest" to me.

I suppose the solution is to use TOR to check it, or just use the client ( but I don't want to load my precious offline savings wallet! ). So ideally, the thing would be to have the ability to WATCH or TRACK certain addresses using the Bitcoin client, without having to have the private key for that address.

Good idea or bad idea? thanks.

not a bad idea but why would your ISP care?

You concern is more about anonymity, right? There are other solutions ( you have mentioned at least one ) to visit the block* sites without compromising your anonymity

[cypherdoc]

Armory allows a watching wallet but requires satoshi to be open

[Stephen Gornick]

Since the address is encoded into the URL, my ISP could merely save the places I have visited recently, and bam, someone would know "bitcoin addresses of interest" to me.

There's a URL for that.  Use SSL (https://)

 - https://blockexplorer.com  
 - https://blockchain.info

Using https, only the domain IP address is left unencrypted and exposed should your ISP happen to do packet inspection.  The path part and the rest of the URL are protected using SSL encryption.

[BrightAnarchist]

Since the address is encoded into the URL, my ISP could merely save the places I have visited recently, and bam, someone would know "bitcoin addresses of interest" to me.

There's a URL for that.  Use SSL (https://)

 - https://blockexplorer.com  
 - https://blockchain.info

Using https, only the domain is left unencrypted and exposed should your ISP happen to do packet inspection.  The path part and the rest of the URL are protected using SSL encryption.

Ahhh, I didn't even think of that. Thanks mate!

[Jine]

Using https, only the domain is left unencrypted and exposed

No, it's not. The Host: header goes under HTTPS aswell, your browser directly connects to the IP-address and initiates a SSL-handshake first - after that, it submits a regular HTTP-request.

[BkkCoins]

Also, the blockchain.info wallet allows you to add addresses without keys. This allows watching addresses without being able to send from them. I think he may also have an email notification upon activity but I haven't checked how that works.

You could conceivably create a wallet full of addresses containing stolen funds and then use it to monitor activity on the funds.

[sunnankar]

Since the address is encoded into the URL, my ISP could merely save the places I have visited recently, and bam, someone would know "bitcoin addresses of interest" to me.

Good thinking about how to vanish particular information as a preemptive measure.

You may consider using a third-party to do the actual calling of information for you, like a Google Doc spreadsheet. Then you could either view the balances in the Google Doc spreadsheet or have the spreadsheet published online, without any addresses showing up, and then you would just visit the URL through a VPN. To add another layer of difficulty the URL would embed the spreadsheet information and the HTML would be encrypted.

Someone would have to be pretty darn smart and know exactly what they are looking for to put 2 and 2 together.

Here is the Google Doc embed code:

=ImportData("http://blockexplorer.com/q/getreceivedbyaddress/"&C159)
=ImportData("http://blockexplorer.com/q/getsentbyaddress/"&C159)
=ImportHtml("http://bitcoinwatch.com/", "table", 3)

Current Balance = Received-Sent
USD Value = Current Balance * USD Price

[Stephen Gornick]

Using https, only the domain is left unencrypted and exposed

No, it's not. The Host: header goes under HTTPS aswell, your browser directly connects to the IP-address and initiates a SSL-handshake first - after that, it submits a regular HTTP-request.

Er, sorry.  Thanks for correcting me on that.  Not even the domain is exposed.

Here's more info on it:

"If you look in a network sniffer, like Network Monitor, at the same request you would just see the encrypted data going backwards and forwards. No URLs, headers or content is visible in the packet trace":
 - http://blog.httpwatch.com/2009/02/20/how-secure-are-query-strings-over-https/