Can Bitcoin traffic (mining or transaction) be blocked by providers?

[Fuzzy]

I have nightmares where the government simply tells the internet providers to block all Bitcoin (or any crypto-currency) related traffic and that'll pretty much kill the currency for anyone within the country.

An internet connection is a vital requirement for bitcoin, that's where it exists.

I know they could've done that with torrents, but file sharing wasn't directly threatening their control over the economy.

Are there measures against that? Or would that be a death blow.

[1715083906]

1715083906

[1715083906]

1715083906

[1715083906]

1715083906

[1715083906]

1715083906

[1715083906]

1715083906

[1715083906]

1715083906

[drakahn]

ISP's did block torrents, torrent programs included encryption of traffic, beat... bitcoin could be made to encrypt what it sends out (or just use tor i guess)

it would then be possible for them to block all encrypted traffic.... but.... that would kill a lot more than bitcoin

besides, we would just see people setting up bitcoin online wallets in countries that didn't agree with the bitcoin ban

[yogi]

Blocking bitcoin messages would be difficult to implement and easy to overcome.

A more likely approach would be to block/shut-down the exchanges.

[grue]

bitcoin uses very little bandwidth, therefore it can easily be disguised as harmless data (stenography). no need for encryption, which is vulnerable to man-in-the-middle attacks.

[Fuzzy]

Blocking bitcoin messages would be difficult to implement and easy to overcome.

A more likely approach would be to block/shut-down the exchanges.

Once could argue that would be better for bitcoin in the long run.

EDIT: and by that, I mean the current piggybacking of Bitcoin on fiat currency is causing more harm than good, in the form of wild swings in speculation etc...

[gmaxwell]

I have nightmares where the government simply tells the internet providers to block all Bitcoin (or any crypto-currency) related traffic and that'll pretty much kill the currency for anyone within the country.

An internet connection is a vital requirement for bitcoin, that's where it exists.

I know they could've done that with torrents, but file sharing wasn't directly threatening their control over the economy.

Are there measures against that? Or would that be a death blow.

Technical attacks are the ones you should lose the least sleep over.   Attacking Bitcoin by making it unlawful and thus driving it underground, thus making it mostly worthless (as even outlaws have little use for outlaw money) is a prerequisite for that kind of technical attack...   If the technical attacks come without the legal attacks then lawsuits— by all the people harmed by the conspicuous unlawful attacks on the computer system their businesses depend on— will fly and be successful.

The kind of conspicuous resource expenditure bitcoin's Proof-Of-Work system requires for security means that outlawing Bitcoin would be rather devastating.  The solution to this risk is to grow Bitcoin. If many people use it and like it and recognize it as legitimate it will not be possible to outlaw it it— at least in the more free parts of the world.

That said—  the Bitcoin protocol itself is utterly trivial to block.  But it doesn't have to be hard to block: It runs fine over tor and the tor support is improving all the time.  Tor itself is becoming harder to block, and blocking tor has collateral damage.   The Bitcoin developers currently have the view that anti-blocking is not a goal for us, we'd rather leave that to the experts working with Tor but fortunately we benefit from their efforts too.

[randomproof]

It seems the most vulnerable thing now is how your client finds other nodes to connect to.  Right now, I think, the irc channel is the way you find most nodes and if that server where shutdown there could be some short-term problems.  It might be a good idea of having the client save a list of ip address for every node it ever sees and if it can connect to the irc channel, or any other central place, your client could start trying ips in that list.

[DeathAndTaxes]

It makes the protocol more complicated but it is possible to design p2p systems which use random ports and encrypt the payload.
Bittorrent does this and it has been futile to curb (Bittorrent now account for about 50% of internet bandwidth).

peer detection becomes more difficult and anytime you add overhead like that troubleshooting everything else becomes more complicated.  Still if push comes to shove it wouldn't be impossible to make Bitcoin traffic undetectable.

[Explodicle]

bitcoin uses very little bandwidth, therefore it can easily be disguised as harmless data (stenography). no need for encryption, which is vulnerable to man-in-the-middle attacks.

Would you please explain?

[gmaxwell]

It seems the most vulnerable thing now is how your client finds other nodes to connect to.  Right now, I think, the irc channel is the way you find most nodes and if that server where shutdown there could be some short-term problems.  It might be a good idea of having the client save a list of ip address for every node it ever sees and if it can connect to the irc channel, or any other central place, your client could start trying ips in that list.

We don't use IRC anymore— not by default, you can manually enable it but it's off because:

*It didn't work well, most nodes it gave you were not listening
*It was a point of substantial centralization (easily shut down; operators of a single obscure network IRC could manipulate it)
*It degraded node's privacy— it announced the IPs of the majority of nodes that were not listening and thus didn't need to be made so public.
*It was frequently confused for a Botnet and was blocked by major providers several times, and resulted in nasty "you're infected" notices sent to users on a few ISPs.


In addition to dnsseeds, Bitcoin nodes have always remembered past nodes they've learned about over the network (it used to remember _all_, but thats a DOS vulnerability— now it maintains a large but finite set in a specially randomized way that makes it attack resistant).  You can also drop a textfile in the bitcoin data director "addr.txt" with a list of nodes to use, or provide nodes with the --addnode command line. There is also a hardcoded set of fallback addresses (which are updated every few releases) which it will use if all other means fail.

I don't consider this the biggest vulnerability.

It makes the protocol more complicated but it is possible to design p2p systems which use random ports and encrypt the payload.
Bittorrent does this and it has been futile to curb (Bittorrent now account for about 50% of internet bandwidth).

peer detection becomes more difficult and anytime you add overhead like that troubleshooting everything else becomes more complicated.  Still if push comes to shove it wouldn't be impossible to make Bitcoin traffic undetectable.

Bittorrent is nowhere near 50% of internet Bandwidth anymore (Figures range from about 8%-18% and declining, depending on who you asked and what timespan their data covers). It's frequently shaped by a fair number of ISPs and there are a number companies that specialize in selling tools to manipulate bittorrent traffic.    Bitcoin would be be even worse off: The network itself is highly public and there is only one network... so you'd simply start one Bitcoin node to enumerate all the other publicly available ones.   These attacks can be resisted— see the tor bridges arms race for an example—  but it's better to let the experts in that area handle that for us and take advantage of our common needs.  Bitcoin is very tor compatible, its a good mix.

Sure you could embed Bitcoin stenography— but you'd lose the additional privacy and effort sharing that comes from sharing with groups like Tor who already work hard to get around censorship.

[grue]

bitcoin uses very little bandwidth, therefore it can easily be disguised as harmless data (stenography). no need for encryption, which is vulnerable to man-in-the-middle attacks.

Would you please explain?

We can encrypt our data, but to do that, both sides needs to negotiate a key. Diffie–Hellman key exchange allows for a key exchange over an unsecure channel, but it's vulnerable to a man-in-the-middle attack. All the ISP has to do is intercept/block all handshake traffic (when the connection is being established and the two peers exchange keys). For torrents, it's somewhat mitigated because the initial exchange is encrypted using the hash of the torrent, which is impossible to guess if the user browses torrent sites with ssl.

[Gavin Andresen]

Bitcoin would be be even worse off: The network itself is highly public and there is only one network... so you'd simply start one Bitcoin node to enumerate all the other publicly available ones.   These attacks can be resisted— see the tor bridges arms race for an example—  but it's better to let the experts in that area handle that for us and take advantage of our common needs.  Bitcoin is very tor compatible, its a good mix.

I'd still like to see several somebodies who know a lot more about networking than I do work on transmitting Bitcoin traffic over different networks (along with bridge nodes to shuffle traffic between the network we have now and the new networks).

I'd sleep easier if I knew that an as-yet-undiscovered bug in the network protocol we have now couldn't bring the entire system down. I'm confident we'd quickly fix whatever the problem is and I'm sure it would be back up and running within 24 hours, but it would be better if big merchants and miners and services could run two or more completely different bitcoin-network-stacks so they're less likely to be taken down by DoS attacks, bugs, or ISPs deploying deep packet inspection to try to block Bitcoin traffic.

[FreeMoney]

I'll post my transactions in the comments on propaganda articles at freedom.gov! And I'll have juicy fees attached!

[FreeMoney]

It makes the protocol more complicated but it is possible to design p2p systems which use random ports and encrypt the payload.
Bittorrent does this and it has been futile to curb (Bittorrent now account for about 50% of internet bandwidth).

peer detection becomes more difficult and anytime you add overhead like that troubleshooting everything else becomes more complicated.  Still if push comes to shove it wouldn't be impossible to make Bitcoin traffic undetectable.

Yeah, and we're passing little tiny notes compared to bit torrent's flood of high quality porn. It will be easy to avoid censorship.

[antares]

@OP: have a look at the satoshi client's options menu, specifically the proxy settings. the default for them is a tor configuration(if you enable them and have tor installed). So as long as tor isnt being blocked, bitcoin cannot be.

[jgarzik]

It makes the protocol more complicated but it is possible to design p2p systems which use random ports and encrypt the payload.
Bittorrent does this and it has been futile to curb (Bittorrent now account for about 50% of internet bandwidth).

peer detection becomes more difficult and anytime you add overhead like that troubleshooting everything else becomes more complicated.  Still if push comes to shove it wouldn't be impossible to make Bitcoin traffic undetectable.

Yeah, and we're passing little tiny notes compared to bit torrent's flood of high quality porn. It will be easy to avoid censorship.

Hardly.  What matters is the protocol fingerprint, not the amount of bandwidth used.

The timing and size of bitcoin packets are unique to bitcoin.  It is obvious even over encrypted links such as Tor.

Or, to put it another way:  your cable modem or DSL router's blinky lights go blink-blink each time a bitcoin transaction or block is broadcast throughout the network.

[DeathAndTaxes]

Hardly.  What matters is the protocol fingerprint, not the amount of bandwidth used.

The timing and size of bitcoin packets are unique to bitcoin.  It is obvious even over encrypted links such as Tor.[/qupte]

Timing and size can be obfuscated.  Nodes randomly delaying and aggregating tx a few seconds won't have a material effect on the network but it will alter any hueristics that don't involve deep packet inspection.    Transactions can aggregated, padded, and encrypted.  Port can be dynamic between peers even dynamic between each of the peers of each node.

Personally I hope we don't need to go down that route but ISP haven't had a lock of luck taking down bittorrent and they have a direct financial sake (due to high bandwidth usage) to degrade that network.

[jgarzik]

Hardly.  What matters is the protocol fingerprint, not the amount of bandwidth used.

The timing and size of bitcoin packets are unique to bitcoin.  It is obvious even over encrypted links such as Tor.[/qupte]

Timing and size can be obfuscated.  Nodes randomly delaying and aggregating tx a few seconds won't have a material effect on the network but it will alter any hueristics that don't involve deep packet inspection.    Transactions can aggregated, padded, and encrypted.  Port can be dynamic between peers even dynamic between each of the peers of each node.

Absolutely.  But none of that is being done right now, so the answer to $SUBJECT is "yes"

[Etlase2]

Sure you could embed Bitcoin stenography— but you'd lose the additional privacy and effort sharing that comes from sharing with groups like Tor who already work hard to get around censorship.

Steganography and tor only seem like they'd be useful when the network is small. Is tor even useful at all? I don't know much about Tor, but from my understanding for it to work, most of the bitcoin nodes would still have to be on the regular internet. Also, if governments/ISPs are at the point of blocking/shaping bitcoin traffic, I doubt Tor would be far behind.

I suppose it's nice to have some backup plans in place that say "if you do this, it won't matter one bit" though. However, that raises the question of will it prompt more decisive legislative action?

[sunnankar]

Also, if governments/ISPs are at the point of blocking/shaping bitcoin traffic, I doubt Tor would be far behind.

Do you even understand why Tor exists?