Bitcoin Forum
July 20, 2018, 09:25:46 AM *
News: Latest stable version of Bitcoin Core: 0.16.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: 1 2 3 4 5 6 [All]
  Print  
Author Topic: This message was too old and has been purged  (Read 37562 times)
Evil-Knievel
Legendary
*
Offline Offline

Activity: 1190
Merit: 1146



View Profile
March 06, 2015, 07:19:08 AM
 #1

This message was too old and has been purged
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Evil-Knievel
Legendary
*
Offline Offline

Activity: 1190
Merit: 1146



View Profile
March 06, 2015, 07:53:01 AM
 #2

This message was too old and has been purged
spin
Sr. Member
****
Offline Offline

Activity: 360
Merit: 250


View Profile
March 06, 2015, 08:35:09 AM
 #3


EDIT: My suggestion would be to go the same way as it is implemented in tor's circuit building algorithm,
and disallow multiple connections to IP addresses on the same /24 subnet.


This is already part of bitcoin AFAIK (at least for outgoing connections and over /16). 

If you liked this post buy me a beer.  Beers are quite cheap where I live!
194YjsiwmGm3hcbPcJWWyzRAS9CQLX1fJL
Evil-Knievel
Legendary
*
Offline Offline

Activity: 1190
Merit: 1146



View Profile
March 06, 2015, 08:41:10 AM
 #4

This message was too old and has been purged
goregrind
Full Member
***
Offline Offline

Activity: 148
Merit: 100


View Profile
March 06, 2015, 09:11:24 AM
 #5

That is pretty weird behavior. Just checked my nodes and each had only one connection to that subnet ( as expected).
I blocked it anyway, but I'm curious whats going on in your case.
What version of bitcoin core do you run ?

woot?
Evil-Knievel
Legendary
*
Offline Offline

Activity: 1190
Merit: 1146



View Profile
March 06, 2015, 10:03:28 AM
 #6

This message was too old and has been purged
spin
Sr. Member
****
Offline Offline

Activity: 360
Merit: 250


View Profile
March 06, 2015, 10:06:11 AM
 #7


EDIT: My suggestion would be to go the same way as it is implemented in tor's circuit building algorithm,
and disallow multiple connections to IP addresses on the same /24 subnet.


This is already part of bitcoin AFAIK (at least for outgoing connections and over /16). 

We should identify the portions of the code, that do this.
What happens when the seed nodes only return IPs from one /16 subnet? Will it connect anyway or will it refuse service?
What happens if a malicious node is connected "outbound", then It disconnects itself, adds an inbound connection from itself, and uses "GETADDRS" to create a subsequent connection to the same subnet? This way it could slowly fill the connection list with inbound connections from itself?

Not sure what is going on there, but at least my bitcoin node somehow keeps ending up with connections only with 46.105.X.X.

Also (dns) seed nodes are only rarely used.  Maybe on a brand new bitcoin installation.  On restart it should revert to the peers.dat.  This file contains data on peers your node has previously seen/connected to.  On restart bitcoin should try and connect to these. You should check whether your outgoing connections are also just from this subnet.  Incoming I understand.  But outgoing should be fine.

This is my lay understanding of how it works.  Seems there is something wrong at your end.

If you liked this post buy me a beer.  Beers are quite cheap where I live!
194YjsiwmGm3hcbPcJWWyzRAS9CQLX1fJL
laurentmt
Sr. Member
****
Offline Offline

Activity: 386
Merit: 250


View Profile
March 06, 2015, 02:54:47 PM
 #8

46.105.210.* are addresses managed by OVH, a major french hosting provider.
Usually, OVH provides a bunch of IP addresses with a single server. Very useful for a sybil attack...
These nodes seem active since a few months (see this post).

EDIT: Just checked my full node (hosted by OVH  Cheesy) and I've found 1 ip from this subnetwork (among 56 connections)
spin
Sr. Member
****
Offline Offline

Activity: 360
Merit: 250


View Profile
March 06, 2015, 08:53:26 PM
 #9

46.105.210.* are addresses managed by OVH, a major french hosting provider.
Usually, OVH provides a bunch of IP addresses with a single server. Very useful for a sybil attack...
These nodes seem active since a few months (see this post).

EDIT: Just checked my full node (hosted by OVH  Cheesy) and I've found 1 ip from this subnetwork (among 56 connections)
Also had 1. Blocked it also.

If you liked this post buy me a beer.  Beers are quite cheap where I live!
194YjsiwmGm3hcbPcJWWyzRAS9CQLX1fJL
2112
Legendary
*
Offline Offline

Activity: 2114
Merit: 1027



View Profile
March 06, 2015, 11:59:14 PM
 #10

This, on the first sight, looks to me as a large scale monitoring of the bitcoin network.
How about another hypothesis: an head-end of a CG-NAT (http://en.wikipedia.org/wiki/Carrier-grade_NAT) device for some large French MVNO (http://en.wikipedia.org/wiki/Mobile_virtual_network_operator) or some similar arrangement like Orange FunSpot (Free WiFi Internet access service).

Please comment, critique, criticize or ridicule BIP 2112: https://bitcointalk.org/index.php?topic=54382.0
Long-term mining prognosis: https://bitcointalk.org/index.php?topic=91101.0
Evil-Knievel
Legendary
*
Offline Offline

Activity: 1190
Merit: 1146



View Profile
March 07, 2015, 12:00:45 AM
 #11

This message was too old and has been purged
2112
Legendary
*
Offline Offline

Activity: 2114
Merit: 1027



View Profile
March 07, 2015, 12:40:19 AM
 #12

Yeah, but this would not explain why those nodes are neither relaying TX, nor replying to BitcoinPing messages, ...
Seems they save bandwith aggressively and prepare for something bigger.
OK, if they don't behave like a normal client behind a NAT that definitely confirms your suspicions. Large scale NAT farms are popping all over the world right now, and many programs tend to go berserk when receiving connections from those.

Please comment, critique, criticize or ridicule BIP 2112: https://bitcointalk.org/index.php?topic=54382.0
Long-term mining prognosis: https://bitcointalk.org/index.php?topic=91101.0
gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2464
Merit: 1256



View Profile
March 07, 2015, 12:41:55 AM
 #13

What I noticed is, that the seed nodes (from time to time) return dozens of bitcoin addresses from the same subnet (from france).
Can you clarify what you mean by "the seed nodes". Do you mean DNS seeds?  Returning how? Need more details!

Edit: Okay, I see seed.bitcoin.sipa.be is returning a single 46.105/16 to me. Is this what you're referring to?

Bitcoin will not be compromised
gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2464
Merit: 1256



View Profile
March 07, 2015, 01:26:52 AM
 #14

Latest Bitcoin Core with 2000 connections allowed
2000 connections is not possible, you'll run out of file descriptors. If you edit the code remove the limits you'll end up with arbitrary memory corruption.

The code that limits outbound counts to one host per /16 is trivial, it's in net.cpp:1207.   Can you please get a getpeerinfo on the effected host while the naughty peers are connected and send me the diff with whatever changes you're running?

Quote
What happens if a malicious node is connected "outbound", then It disconnects itself, adds an inbound connection from itself, and uses "GETADDRS" to create a subsequent connection to the same subnet? This way it could slowly fill the connection list with inbound connections from itself?
Nothing?  Outbound and inbound connections do not compete with each other. You will still be limited in the number of outbound connections you have to a single /16.

Bitcoin will not be compromised
laurentmt
Sr. Member
****
Offline Offline

Activity: 386
Merit: 250


View Profile
March 07, 2015, 02:54:22 AM
 #15

This, on the first sight, looks to me as a large scale monitoring of the bitcoin network.
How about another hypothesis: an head-end of a CG-NAT (http://en.wikipedia.org/wiki/Carrier-grade_NAT) device for some large French MVNO (http://en.wikipedia.org/wiki/Mobile_virtual_network_operator) or some similar arrangement like Orange FunSpot (Free WiFi Internet access service).

Considering that OVH provides 256 IP for free with each dedicated server, I bet 10 satoshis that we have a single monitoring node behind all these IPs.
Evil-Knievel
Legendary
*
Offline Offline

Activity: 1190
Merit: 1146



View Profile
March 07, 2015, 10:29:47 AM
 #16

This message was too old and has been purged
gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2464
Merit: 1256



View Profile
March 07, 2015, 10:59:52 AM
 #17

well I have a maximum of 3100 file descriptors on my system.
Select has a maximum of FD_SETSIZE (1024) FDs in use, and you will end up totally screwed up if you are beyond that. It doesn't matter what you've set your ulimit to.

When you run hacked up versions that which changes that you do not understand you waste everyone's time (including yours), and you provide bad service to other nodes. I shouldn't have to read between the lines to troubleshoot your private code based on the subtle implications of your offhand comments.

Quote
maybe some session hijacking method is used to set up a connection from an unsuspicious (but also malicious) node and then taking it over by one of the 40.xxx nodes with some TCP session hijacking method.
This would be pointless. If you are both hosts A and B, why bother having B pretend to be host A?   Also if you were having B pretend to be A your host would still think it was connected to A even if it were now B talking.  I'm doubtful any retail hosting provider of any scale is failing to run URPF these days in any case, since they'd constantly be a source of DOS attacks. Smiley


All that aside-- even ignoring what looks like some broken behavior in your node, this is moderately concerning.  What it looks like to me is a rather ham-fisted sybil attack trying to trick nodes into leaking private data to them, the nodes seem to fail to relay transactions too which hurts performance some-- it may even completely disrupt some less sophisticated wallets that don't have any protection against multiple output connections to the same /16. The Bitcoin protocol, when implemented correctly, has a degree of sybil resistance when it comes to partitioning and double-spend risk as an attacker must get _all_ your connections for those attacks, but this kind of activity can really violate user privacy since privacy attacks don't need to get all your connections; especially for SPV nodes which liberally broadcast their wallet addresses to nodes that they're using as servers.

We've been working slowly on some improvements in this space in Bitcoin Core but Bitcoin community (outside of core devs) interest level is pretty low, and due to not being SPV Core already has much better privacy. (In general I've be disappointed by how few people realize how important privacy and fungibility is for Bitcoin's viability as a currency).  It's not as simple as just blocking them (though you're free to do that yourself), as blocking on a global basis (instead of each user deciding for themselves) has significant collateral risk and would be easily evaded by anyone who thought it was okay to breach normal network behavior to violate user privacy in the first place; and then you have even less information about the attack.  Making it so the attack is harder to see doesn't make it go away.

This is also a reminder to always use tor with Bitcoin 100% of the time (and to use a full node if you can), as that reduces the incentives to pull this kind of stunt.

Bitcoin will not be compromised
2112
Legendary
*
Offline Offline

Activity: 2114
Merit: 1027



View Profile
March 07, 2015, 09:27:46 PM
 #18

Or maybe some kind of NAT problem is going on (i am on a full cone NAT here). Or maybe this is all stupid what I am talking about. I will double check shortly.
Ah, so there is a NAT device involved here. This basically invalidates all your previous observations, as they can be explained easily as the errors in the NAT implementation. Especially if somebody advertises "full cone NAT" (only relevant to UDP) when interfacing TCP application.

Please do us all a favor and tell us the manufacturer/model/version information for your NAT box. Everyone could then just add it to they "do not use/buy" list.

Please comment, critique, criticize or ridicule BIP 2112: https://bitcointalk.org/index.php?topic=54382.0
Long-term mining prognosis: https://bitcointalk.org/index.php?topic=91101.0
Cryptowatch.com
Full Member
***
Offline Offline

Activity: 196
Merit: 100


View Profile WWW
March 13, 2015, 01:14:32 AM
 #19

I noticed that one of those nodes were connected to my own node, then I scanned it:

Starting Nmap 6.00 ( http://nmap.org ) at 2015-03-13 01:48 CET
Nmap scan report for 46.105.210.179
Host is up (0.065s latency).
Not shown: 996 closed ports
PORT     STATE    SERVICE
22/tcp   open     ssh
445/tcp  filtered microsoft-ds
8080/tcp open     http-proxy
8333/tcp open     unknown

Seeing it had a http-proxy, I connected to it with a browser and got this message, in a typical login box you get with .htaccess restrictions:

A username and password are being requested by http://46.105.210.179:8080. The site says:

 "Please authenticate using your Chainalysis API-ID and API-Key". [sic]

I tried another IP, same result. These are the offending IP's that has connected to my node:

46.105.210.194, 46.105.210.11, 46.105.210.255, 46.105.210.138, 46.105.210.196, 46.105.210.246, 46.105.210.220, 46.105.210.204, 46.105.210.179, 46.105.210.189, 46.105.210.10, 46.105.210.42


And then a google search which gave me:

https://chainalysis.com/

"Providing technical solutions to automate crypto currency compliance"

"
Company

Chainalysis offers a service that provides financial institutions with the means to obtain regulatory compliance through real-time analysis of the blockchain. Chainalysis customers get access to an API that allows them to determine which entity a transaction originates from, and whether the flow of funds originate from someone they would want to do business with. In other words, it automates the travel rule.

Chainalysis achieves this by doing sophisticated in-depth real-time transaction analysis to determine unique entities within the blockchain.

Besides for API access, customers are provided with a web interface enabling them with easy transaction route investigation, private annotation of entities and transactions and automated report generation."


Michael Grønager
Chief Executive Officer

Jan Møller
Chief Technology Officer

Jens Hilligsøe
DevOps Engineer

Kresten Krab Throup
Consulting Architect

Jørn Larsen
Business Advisor


Personally I've perma-blocked these guys now. I should make the iptables rules persistent on my node. Also, is there a blacklist where bad actors are listed with a reason, so a node operator could chose to block such entities? Personally I don't like blacklists much, perhaps whitelists are better, but it's impossible to keep track of every time someone posts about bad nodes.

I understand the need for such a solution as chainalysis from a regulatory and business perspective, however I'm don't think this is in the true spirit of bitcoin, but I guess someone would've provided this kind of service no matter what. But this is akin to spying to be honest. And it is exactly that we're wanting to get away from with all the monitoring that goes on in the traditional financial system. If Joe pays Alice 10 bucks, it's noone's damn business how, where and what relates to that payment.
onemorexmr
Sr. Member
****
Offline Offline

Activity: 252
Merit: 250



View Profile
March 13, 2015, 01:17:51 AM
 #20

I noticed that one of those nodes were connected to my own node, then I scanned it:

Starting Nmap 6.00 ( http://nmap.org ) at 2015-03-13 01:48 CET
Nmap scan report for 46.105.210.179
Host is up (0.065s latency).
Not shown: 996 closed ports
PORT     STATE    SERVICE
22/tcp   open     ssh
445/tcp  filtered microsoft-ds
8080/tcp open     http-proxy
8333/tcp open     unknown

Seeing it had a http-proxy, I connected to it with a browser and got this message, in a typical login box you get with .htaccess restrictions:

A username and password are being requested by http://46.105.210.179:8080. The site says:

 "Please authenticate using your Chainalysis API-ID and API-Key". [sic]

I tried another IP, same result. These are the offending IP's that has connected to my node:

46.105.210.194, 46.105.210.11, 46.105.210.255, 46.105.210.138, 46.105.210.196, 46.105.210.246, 46.105.210.220, 46.105.210.204, 46.105.210.179, 46.105.210.189, 46.105.210.10, 46.105.210.42





nice find!

https://chainalysis.com/

"Chainalysis offers a service that provides financial institutions with the means to obtain regulatory compliance through real-time analysis of the blockchain. Chainalysis customers get access to an API that allows them to determine which entity a transaction originates from, and whether the flow of funds originate from someone they would want to do business with. In other words, it automates the travel rule.
Chainalysis achieves this by doing sophisticated in-depth real-time transaction analysis to determine unique entities within the blockchain.
Besides for API access, customers are provided with a web interface enabling them with easy transaction route investigation, private annotation of entities and transactions and automated report generation."

seems to be them....

XMR || Monero || monerodice.net || xmr.to || mymonero.com || openalias.org || you think bitcoin is fungible? watch this
spin
Sr. Member
****
Offline Offline

Activity: 360
Merit: 250


View Profile
March 13, 2015, 08:58:54 AM
 #21

Surely what they are saying they are doing is not really possible.  They cannot with certainty verify who is paying who.  They might be able to make probabilistic statements, but not certainty in all cases. 


If you liked this post buy me a beer.  Beers are quite cheap where I live!
194YjsiwmGm3hcbPcJWWyzRAS9CQLX1fJL
cryptrol
Hero Member
*****
Offline Offline

Activity: 638
Merit: 500


View Profile
March 13, 2015, 08:59:26 AM
 #22

This is also a reminder to always use tor with Bitcoin 100% of the time (and to use a full node if you can), as that reduces the incentives to pull this kind of stunt.
Making this the default behavior would help both Bitcoin and Tor.
It seems that many synergies could be established between the two projects, since both are disruptive enough to attract the attention of big bad actors.
BCwinning
Hero Member
*****
Offline Offline

Activity: 728
Merit: 500


View Profile
March 13, 2015, 09:02:32 AM
 #23

This is also a reminder to always use tor with Bitcoin 100% of the time (and to use a full node if you can), as that reduces the incentives to pull this kind of stunt.
Making this the default behavior would help both Bitcoin and Tor.
It seems that many synergies could be established between the two projects, since both are disruptive enough to attract the attention of big bad actors.
actually it's a good incentive to move past bitcoin and truly support a real anonymous currency (what that is yet I have no idea) that is the cash of the digital world. Because bitcoin isn't an anonymous currency and isn't going to be.

https://www.rixty.com?ref=1337507 sign up for rixty
privacy, it does the body good.
Official Bitcoin Foundation Secretariat
The New World Order thanks you for your support of Bitcoin and encourages your continuing support so that they may track your expenditures easier.
onemorexmr
Sr. Member
****
Offline Offline

Activity: 252
Merit: 250



View Profile
March 13, 2015, 09:53:59 AM
 #24

Surely what they are saying they are doing is not really possible.  They cannot with certainty verify who is paying who.  They might be able to make probabilistic statements, but not certainty in all cases. 



depends on what exactly they offer.
if they are connected to more thn 75% of the network they certainly can tell what region of the world sent this transaction out first (not who crafted it... except if running bitcoind himself)

not sure who are this anonymous financial companies interested in this.

i'd say (tinfoil hat) its a service for nsa/bnd/fsb and so on

XMR || Monero || monerodice.net || xmr.to || mymonero.com || openalias.org || you think bitcoin is fungible? watch this
LeMiner
Member
**
Offline Offline

Activity: 113
Merit: 10


View Profile
March 13, 2015, 09:58:38 AM
 #25

Blocked the bad nodes as well.

Here's the list of ip's to block:


5.9.115.0/24
46.105.210.0/24
2001:41d0:a:605c::/48

46.105.210.194, 46.105.210.11, 46.105.210.255, 46.105.210.138, 46.105.210.196, 46.105.210.246, 46.105.210.220, 46.105.210.204, 46.105.210.179, 46.105.210.189, 46.105.210.10, 46.105.210.42,

Source: Reddit

I've had a few of those and another connected to my node, so add this one to the list as well: 46.105.210.137 .

Personally I've taken it to block 46.105.210.* since obviously we don't know all IP's involved (yet). What scares me is that it's relatively easy for people to evade blocks like this.

Looks like the people at mycellium and kraken are involved...

belcher
Sr. Member
****
Offline Offline

Activity: 258
Merit: 307


View Profile
March 13, 2015, 10:56:41 AM
 #26

Surely what they are saying they are doing is not really possible.  They cannot with certainty verify who is paying who.  They might be able to make probabilistic statements, but not certainty in all cases. 


Even probabilistic data is bad. They could use it for targeted advertising for instance.

Plausible deniability is not the be-all and end-all. Even if they don't know for sure it could be reason enough to put you under further surveillance.

1HZBd22eQLgbwxjwbCtSjhoPFWxQg8rBd9
JoinMarket - CoinJoin that people will actually use.
PGP fingerprint: 0A8B 038F 5E10 CC27 89BF CFFF EF73 4EA6 77F3 1129
levino
Sr. Member
****
Offline Offline

Activity: 362
Merit: 250


View Profile WWW
March 13, 2015, 12:15:28 PM
 #27

For Ubuntu you can use ufw.

Remark: UFW is a firewall! If you enable it in the default mode which is "deny all", all new connections on all ports will be denied while existing connections stay open (like your current ssh connection). Make sure to "ufw allow" all ports that you need before you enable ufw. Sometimes you forget a port, but if you are sshing into your server, always allow ssh before you do anything stupid. You can than open ports at a later stage through ssh.

Here it goes:

Code:
sudo -s
apt-get update
apt-get install ufw
#deny incoming from subnets
ufw deny from 5.9.115.0/24
ufw deny from 46.105.210.0/24
ufw deny from 2001:41d0:a:605c::/48
#deny outgoing to subnets
ufw deny out from any to 5.9.115.0/24
ufw deny out from any to 46.105.210.0/24
ufw deny out from any to 2001:41d0:a:605c::/48
#these are optional
ufw allow 22 #whatever port you are using for ssh
ufw allow 80 #if you have webserver running
ufw allow 443 #if you have a secure (https) web server running
#allow bitcoin
ufw allow 8333
#start ufw
ufw enable
#go back to normal user level
exit

The order is important. If you allow 8333 and deny incoming from ip ranges later, only the first rule applies.

Hope this does the trick. If I forgot something pleae tell me.

BM-2cWwQnMzK9XFTjfn6jSRRJwTG8a2wooR9A
www.coyno.com - www.bitcoinage.de
pajak666
Hero Member
*****
Offline Offline

Activity: 497
Merit: 500



View Profile
March 13, 2015, 12:23:51 PM
 #28

is there a way to block certain ip in bitcoin.conf file?
Cryptowatch.com
Full Member
***
Offline Offline

Activity: 196
Merit: 100


View Profile WWW
March 13, 2015, 12:26:23 PM
 #29

Surely what they are saying they are doing is not really possible.  They cannot with certainty verify who is paying who.  They might be able to make probabilistic statements, but not certainty in all cases. 


Even probabilistic data is bad. They could use it for targeted advertising for instance.

Plausible deniability is not the be-all and end-all. Even if they don't know for sure it could be reason enough to put you under further surveillance.

Was it not that a person had all his electronic equipment confiscated and brought in for having a bitcoin-node associated with a rogue transaction displayed on blockchain.info earlier on?

If there are entities paying for analysis of the block chain, and it's acted upon (by law enforcement) data that cannot be fully trusted, it could cause lots of troubles.

Also, while blocking ip's of nefarious nodes is a temporarily solution, it's only an annoyance for the perpetrators, and given they have sufficient resources, they could further hide their activity as to not give away their intentions.

Given they have enough resources, they could even have automated ip-switching going on. Once an ip is blocked by a sufficient number of legit nodes, they just switch the ip of that node, and all of that could be automated. So in essence blocking the IP's are a bit like holding your hand over a hole in your rowing boat that is leaking in water, might give you some temporarily relief, but is not a lasting solution.

Now - it's near impossible to know who really controls a node, if they really want to go stealth. If a node acts like a normal node in all ways, why should it not be considered a normal node?

If I understand it right, the chainalysis mode of operation is for them to connect to as many nodes as possible, so if I do a transaction directly from ip A, which runs a full bitcoin core node, be it on a cable-connection or otherwise, if cainalysis is connected to the node where the tx is orginating, the ip-address of the node where the transaction was orginating is recorded within the chainalysis database. They will probably use many other sources to get more info about the owner of that ip-address. If they're only a private company they will have less data points to work with, but if they're an intel agency, there's virtually no limit as to how sophisticated the systems could be, in theory they could plugin directly to the customer database of ISP's and have names displayed in real time in association with the IP's. Information that could further be relayed and shared with relevant parties.

Bitcoin is only pseudonymous, as everyone can lock up a transaction in the block-chain, and I assume network analysis cannot be prevented, but I do think it should be made more difficult.

But a blacklist solution is dangerous. Who's to decide what goes on the blacklist, and who's to verify the decisions are correct? Perhaps some automated solution in bitcoin core where peers that's behaving unexpectedly could be automatically banned is a better solution? But again, that's much like holding hand over leaking hole, as if certain footprints reveals rogue nodes, they will only change their appearance to appear more legitimate. And I'm not sure, but I believe bitcoin traffic is unencrypted in transit, so what prevents an intel org from manipulating the traffic (making legit nodes appear rogue), in essence grinding the entire network to a halt if nodes automatically ban misbehaving nodes?

I'm no TOR expert, but I've noticed there's been much mumbling about TOR not being all that secure anymore, so would a normal user really be more secure if he used Bitcoin+TOR?

Since bitcoin is supposed to be trustless, if we started to make a whitelist of legit nodes, that would go against that ideal.

So, in reality, how do we ensure that most nodes on the network are legit, and what's the best method of blocking rogue nodes from connecting to your own node?

In my view, in essence it boils down to freedom and privacy. There's something fundamentally wrong when certain people need to exert "control" over others against their will.

Ragnarokdel
Jr. Member
*
Offline Offline

Activity: 31
Merit: 0


View Profile
March 13, 2015, 12:31:36 PM
 #30

Blocked the bad nodes as well.

Here's the list of ip's to block:


5.9.115.0/24
46.105.210.0/24
2001:41d0:a:605c::/48

46.105.210.194, 46.105.210.11, 46.105.210.255, 46.105.210.138, 46.105.210.196, 46.105.210.246, 46.105.210.220, 46.105.210.204, 46.105.210.179, 46.105.210.189, 46.105.210.10, 46.105.210.42,

Source: Reddit

I've had a few of those and another connected to my node, so add this one to the list as well: 46.105.210.137 .

Personally I've taken it to block 46.105.210.* since obviously we don't know all IP's involved (yet). What scares me is that it's relatively easy for people to evade blocks like this.

Looks like the people at mycellium and kraken are involved...
how do you block an IP in bitcoin core?
primer-
Legendary
*
Offline Offline

Activity: 1050
Merit: 1000



View Profile
March 13, 2015, 12:45:13 PM
 #31

I noticed that one of those nodes were connected to my own node, then I scanned it:

Starting Nmap 6.00 ( http://nmap.org ) at 2015-03-13 01:48 CET
Nmap scan report for 46.105.210.179
Host is up (0.065s latency).
Not shown: 996 closed ports
PORT     STATE    SERVICE
22/tcp   open     ssh
445/tcp  filtered microsoft-ds
8080/tcp open     http-proxy
8333/tcp open     unknown

Do you port scan every bitcoin node that connects to you ? Why would you do that, what were your real intentions ...
autodiv
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
March 13, 2015, 12:46:28 PM
 #32

is there a way to block certain ip in bitcoin.conf file?

You really want to use iptables (assuming you are on Linux and I cannot imagine why you would not be.) That way you never have to shut down the Daemon just to block an address.

levino
Sr. Member
****
Offline Offline

Activity: 362
Merit: 250


View Profile WWW
March 13, 2015, 12:51:35 PM
 #33

is there a way to block certain ip in bitcoin.conf file?

You really want to use iptables (assuming you are on Linux and I cannot imagine why you would not be.) That way you never have to shut down the Daemon just to block an address.
What do you think of my ufw approach above? I find ufw easier to get than iptables.

BM-2cWwQnMzK9XFTjfn6jSRRJwTG8a2wooR9A
www.coyno.com - www.bitcoinage.de
laurentmt
Sr. Member
****
Offline Offline

Activity: 386
Merit: 250


View Profile
March 13, 2015, 12:56:04 PM
 #34

Good job Cryptowatch.com !

If I understand it right, the chainalysis mode of operation is for them to connect to as many nodes as possible, so if I do a transaction directly from ip A, which runs a full bitcoin core node, be it on a cable-connection or otherwise, if cainalysis is connected to the node where the tx is orginating, the ip-address of the node where the transaction was orginating is recorded within the chainalysis database.
They may also try to reproduce the experiment done by 3 researchers from the University of Luxembourg : http://arxiv.org/abs/1405.7418
If it's their mode of operation, blocking these IPs at individual node level won't be enough since information is leaked by the 8 outgoing peers.
It would require that all full nodes block these IPs. But as you've stated, that sounds like an unenforceable policy...

darlidada
Hero Member
*****
Offline Offline

Activity: 723
Merit: 503


View Profile
March 13, 2015, 01:21:28 PM
 #35

And people says we dont need an anonymous coin ? It's time for cryptonote technology to shine. its resistant to blockchain analysis. read about it here : http://en.wikipedia.org/wiki/CryptoNote or here: https://en.bitcoin.it/wiki/CryptoNote
laurentmt
Sr. Member
****
Offline Offline

Activity: 386
Merit: 250


View Profile
March 13, 2015, 01:58:23 PM
 #36

And people says we dont need an anonymous coin ? It's time for cryptonote technology to shine. its resistant to blockchain analysis. read about it here : http://en.wikipedia.org/wiki/CryptoNote or here: https://en.bitcoin.it/wiki/CryptoNote
Please, note that the "problem" discussed in this post isn't blockchain analysis per se, but network eavesdropping.
Ring signatures and stealth addresses won't help to solve this specific issue.
AdamCox9
Full Member
***
Offline Offline

Activity: 128
Merit: 100

To the moon!


View Profile WWW
March 13, 2015, 02:28:35 PM
 #37

I got one of them attached to my node: 46.105.210.37

You can see all the connections to my full-node here: http://23.253.119.84/

Cryptowatch.com
Full Member
***
Offline Offline

Activity: 196
Merit: 100


View Profile WWW
March 13, 2015, 02:38:55 PM
 #38

I noticed that one of those nodes were connected to my own node, then I scanned it:

Starting Nmap 6.00 ( http://nmap.org ) at 2015-03-13 01:48 CET
Nmap scan report for 46.105.210.179
Host is up (0.065s latency).
Not shown: 996 closed ports
PORT     STATE    SERVICE
22/tcp   open     ssh
445/tcp  filtered microsoft-ds
8080/tcp open     http-proxy
8333/tcp open     unknown

Do you port scan every bitcoin node that connects to you ? Why would you do that, what were your real intentions ...

Dear primer-,

I run a node for altruistic purposes, to support the network. Here's the stats and info page: http://node.cryptowatch.com/

You can connect with any node you want to that node, and you will see there's no portscanning on your node conducted by my node.

Nmap (nmap.org) is a program that can be used manually to scan any host for open ports. When I read this thread, naturally I wanted to see if I could do some simple investigation to learn more of the nature of the party monitoring large parts of the network. As it happened, I found some public available information and shared it with the community, see my earlier posts.

My intentions are good, as I'm a big bitcoin supporter.

I hope this cleared things up. Thanks for the question.
onemorexmr
Sr. Member
****
Offline Offline

Activity: 252
Merit: 250



View Profile
March 13, 2015, 02:41:52 PM
 #39


Dear primer-,

I run a node for altruistic purposes, to support the network. Here's the stats and info page: http://node.cryptowatch.com/

You can connect with any node you want to that node, and you will see there's no portscanning on your node conducted by my node.

Nmap (nmap.org) is a program that can be used manually to scan any host for open ports. When I read this thread, naturally I wanted to see if I could do some simple investigation to learn more of the nature of the party monitoring large parts of the network. As it happened, I found some public available information and shared it with the community, see my earlier posts.

My intentions are good, as I'm a big bitcoin supporter.

I hope this cleared things up. Thanks for the question.

imho nmapping anyone is not a problem - its like knocking on doors.
and i think i am allowed to knock on the doors of someone who enters m house (=connected to my node)

the question is what you use the data for...i have no doubt that your intentions are honest btw.

XMR || Monero || monerodice.net || xmr.to || mymonero.com || openalias.org || you think bitcoin is fungible? watch this
belcher
Sr. Member
****
Offline Offline

Activity: 258
Merit: 307


View Profile
March 13, 2015, 02:43:03 PM
 #40

If you ran bitcoind with -listen=0 these sybils would not be able to connect to you? Obviously everyone can't do this.

1HZBd22eQLgbwxjwbCtSjhoPFWxQg8rBd9
JoinMarket - CoinJoin that people will actually use.
PGP fingerprint: 0A8B 038F 5E10 CC27 89BF CFFF EF73 4EA6 77F3 1129
Cryptowatch.com
Full Member
***
Offline Offline

Activity: 196
Merit: 100


View Profile WWW
March 13, 2015, 02:50:47 PM
 #41

the question is what you use the data for...i have no doubt that your intentions are honest btw.

Here's your answer as to what the data was used for:
https://bitcointalk.org/index.php?topic=978088.msg10756505#msg10756505

I don't have an issue with people not trusting me, is not that what the world has come to? Wink I just repeat that the only reason I did nmap on that host was because I found some of the same ip's; 46.105.210.194, 46.105.210.11, 46.105.210.255, 46.105.210.138, 46.105.210.196, 46.105.210.246, 46.105.210.220, 46.105.210.204, 46.105.210.179, 46.105.210.189, 46.105.210.10, 46.105.210.42 in the debug.log of my bitcoind, upon reading OP I did the investigation as you can see in the link above. The intention was to find out what & who was behind the monitoring on the network. If you want to label me, then give me the whitehat label please, I really have no further to add to this particular question. Smiley



onemorexmr
Sr. Member
****
Offline Offline

Activity: 252
Merit: 250



View Profile
March 13, 2015, 02:57:09 PM
 #42

the question is what you use the data for...i have no doubt that your intentions are honest btw.

Here's your answer as to what the data was used for:
https://bitcointalk.org/index.php?topic=978088.msg10756505#msg10756505

I don't have an issue with people not trusting me, is not that what the world has come to? Wink I just repeat that the only reason I did nmap on that host was because I found some of the same ip's; 46.105.210.194, 46.105.210.11, 46.105.210.255, 46.105.210.138, 46.105.210.196, 46.105.210.246, 46.105.210.220, 46.105.210.204, 46.105.210.179, 46.105.210.189, 46.105.210.10, 46.105.210.42 in the debug.log of my bitcoind, upon reading OP I did the investigation as you can see in the link above. The intention was to find out what & who was behind the monitoring on the network. If you want to label me, then give me the whitehat label please, I really have no further to add to this particular question. Smiley





sorry (blame my english) i did not question your intention (i already knew it). it was more in the line of "its the question what the guy nmapping other people has for intentions"

IMHO: it is easy to use iptables and a small script to autoblock anyone who is nmapping... so i just dont understand people yelling when someone does it.

btw "I don't have an issue with people not trusting me, is not that what the world has come to?"
sadly...yes...

XMR || Monero || monerodice.net || xmr.to || mymonero.com || openalias.org || you think bitcoin is fungible? watch this
Cryptowatch.com
Full Member
***
Offline Offline

Activity: 196
Merit: 100


View Profile WWW
March 13, 2015, 03:12:32 PM
 #43

http://insidebitcoins.com/news/someone-may-be-deanonymizing-your-bitcoin-transactions/30759


Maxwell has pointed out that there has been some slow progress in the prevention of sybil attacks recently, but he seemed more concerns with the general attitude of the bitcoin development community as a whole. He stated that interest in implementing better protections against sybil attacks has been “pretty low” outside of the core developers, and he also described his disappointment with “how few people realize how important privacy and fungibility is for bitcoin’s viability as a currency.”

A blessing in disguise

At the end of the day, this event should be viewed as a reminder that bitcoin transactions are not anonymous and far from private by default. The reality is there is still plenty of work to be done in the realm of protecting privacy in bitcoin. Getting angry at how anyone interacts with the bitcoin network is useless; it’s the base incentive structure that matters. If there are any weak spots in the protocol, it will only be a matter of time before someone tries to exploit them. Instead of yelling at the attackers, it would probably make more sense to build better defenses. When there are weaknesses in a decentralized system, there is no point in hoping that everyone will just play nice.
theskillzdatklls
Hero Member
*****
Offline Offline

Activity: 687
Merit: 501


MintDice.com


View Profile WWW
March 13, 2015, 04:25:41 PM
 #44

this is why we cant have nice things




.




  ▄▄▄▄▄▄▄▄▄▄▄▄▄
▄████████▀▀▀▀███▄
███████▀     ████
███████   ███████
█████        ████
███████   ███████
▀██████   ██████▀
  ▀▀▀▀▀   ▀▀▀▀▀

  ▄▄▄▄▄▄▄▄▄▄▄▄▄
▄██▀▀▀▀▀▀▀▀▀▀▀██▄
██    ▄▄▄▄▄ ▀  ██
██   █▀   ▀█   ██
██   █▄   ▄█   ██
██    ▀▀▀▀▀    ██
▀██▄▄▄▄▄▄▄▄▄▄▄██▀
  ▀▀▀▀▀▀▀▀▀▀▀▀▀

            ▄▄▄
█▄▄      ████████▄
 █████▄▄████████▌
▀██████████████▌
  █████████████
  ▀██████████▀
   ▄▄██████▀
    ▀▀▀▀▀

    ██  ██
  ███████████▄
    ██      ▀█
    ██▄▄▄▄▄▄█▀
    ██▀▀▀▀▀▀█▄
    ██      ▄█
  ███████████▀
    ██  ██




               ▄
       ▄  ▄█▄ ▀█▀      ▄
      ▀█▀  ▀   ▄  ▄█▄ ▀█▀
███▄▄▄        ▀█▀  ▀     ▄▄▄███       ▐█▄    ▄█▌   ▐█▌   █▄    ▐█▌   ████████   █████▄     ██    ▄█████▄▄   ▐█████▌
████████▄▄           ▄▄████████       ▐███▄▄███▌   ▐█▌   ███▄  ▐█▌      ██      █▌  ▀██    ██   ▄██▀   ▀▀   ▐█
███████████▄       ▄███████████       ▐█▌▀██▀▐█▌   ▐█▌   ██▀██▄▐█▌      ██      █▌   ▐█▌   ██   ██          ▐█████▌
 ████████████     ████████████        ▐█▌    ▐█▌   ▐█▌   ██  ▀███▌      ██      █▌  ▄██    ██   ▀██▄   ▄▄   ▐█
  ████████████   ████████████         ▐█▌    ▐█▌   ▐█▌   ██    ▀█▌      ██      █████▀     ██    ▀█████▀▀   ▐█████▌
   ▀███████████ ███████████▀
     ▀███████████████████▀
        ▀▀▀█████████▀▀▀
FIND OUT MORE AT MINTDICE.COM
cr1776
Legendary
*
Offline Offline

Activity: 1932
Merit: 1005


View Profile
March 13, 2015, 04:29:53 PM
 #45

this is why we cant have nice things

There were two from that IP range that were attached to my node. 
colinistheman
Legendary
*
Offline Offline

Activity: 994
Merit: 1000



View Profile
March 13, 2015, 04:41:00 PM
 #46

"If there are any weak spots in the protocol, it will only be a matter of time before someone tries to exploit them. Instead of yelling at the attackers, it would probably make more sense to build better defenses."

Quoted from: http://insidebitcoins.com/news/someone-may-be-deanonymizing-your-bitcoin-transactions/30759

I think it's the perfect summary and answer to this thread.
Ragnarokdel
Jr. Member
*
Offline Offline

Activity: 31
Merit: 0


View Profile
March 13, 2015, 05:10:31 PM
 #47

is there a way to block certain ip in bitcoin.conf file?

You really want to use iptables (assuming you are on Linux and I cannot imagine why you would not be.) That way you never have to shut down the Daemon just to block an address.
Hmmm... let me think of a single reason... Because I'm a gamer?
laurentmt
Sr. Member
****
Offline Offline

Activity: 386
Merit: 250


View Profile
March 13, 2015, 05:14:44 PM
 #48

"If there are any weak spots in the protocol, it will only be a matter of time before someone tries to exploit them. Instead of yelling at the attackers, it would probably make more sense to build better defenses."

Quoted from: http://insidebitcoins.com/news/someone-may-be-deanonymizing-your-bitcoin-transactions/30759

I think it's the perfect summary and answer to this thread.
Yep ! Actually we should even thank these guys because this "attack" is quite cheap: use of IP addresses in the same subdomain isn't really smart for a sybil attack  Cheesy
I may be wrong but it's likely that similar attackers are still acting undetected because they can afford a better strategy (different ip ranges, imitation of full nodes behaviors, ...).

cr1776
Legendary
*
Offline Offline

Activity: 1932
Merit: 1005


View Profile
March 13, 2015, 05:24:33 PM
 #49

"If there are any weak spots in the protocol, it will only be a matter of time before someone tries to exploit them. Instead of yelling at the attackers, it would probably make more sense to build better defenses."

Quoted from: http://insidebitcoins.com/news/someone-may-be-deanonymizing-your-bitcoin-transactions/30759

I think it's the perfect summary and answer to this thread.
Yep ! Actually we should even thank these guys because this "attack" is quite cheap: use of IP addresses in the same subdomain isn't really smart for a sybil attack  Cheesy
I may be wrong but it's likely that similar attackers are still acting undetected because they can afford a better strategy (different ip ranges, imitation of full nodes behaviors, ...).



With IPv6 this type of attack will become even more difficult to detect and prevent merely by blocking the IPs.

Rassah
Legendary
*
Offline Offline

Activity: 1680
Merit: 1001


Academy


View Profile WWW
March 13, 2015, 05:38:05 PM
 #50

In before conspiracy theories come out:

Chainalasys VS Mycelium - The full story


Mycelium Wallets use our own custom nodes to process the bitcoin blockchain and scan for address balances. These nodes were written by Jan Møller while he was the Lead Developer, along with our other devs. The job of these nodes is to parse the 30 gig Blockchain database into our own custom database, which is much larger, being over 100 gigs in size, but which allows for very quick and easy lookup of address balances, allowing for instant balance lookups and to do things like Cold Storage spending from paper wallets and Trezor.

Mycelium's owner and developers believe in total financial privacy and personal freedom, and our company has a goal to make Mycelium Wallet the most anonymous wallet possible. For this reason, we have kept our wallet code completely open since the beginning, and have been public and open about what goes on internally in our company (I hope you have noticed my frequent updates, especially with the unfortunate Entropy delays). And even while Jan was still the lead dev, we have created LocalTrader to work completely anonymously, using only bitcoin signed messages for user authentication and encrypting all user chat P2P using their respective private keys so our servers receive no usable data. We have also added HD wallet support, and disabled all IP and transaction logging on our nodes. However, we also realize that just us claiming that we do that isn't good enough, and that's why we added full Tor support, and are in the process of implementing CoinJoin, which we hope to have enabled by default, so that even those who don't care about staying anonymous will help contribute. Our goal was to have Mycelium Wallet be as anonymous as Dark Wallet, and that has not changed.

Jan Møller, our lead developer who did most of the work on the nodes, realized that the node-parsed blockchain database can be used to analyze bitcoin transaction activity, and help track transactions in the same way that our current financial institutions do (although with much less certainty). So he decided to have his own project that does just that, and has split off from Mycelium company last October. We still kept him on as our chief technical consultant, since he did write most of the node and original wallet code, so he is technically still employed by Mycelium, but he has had no access to our nodes since he left. Our current full time lead developer is Andreas Petersson, who is working on implementing Coinapult Locks right now, and the other two developers are Jan Dreske (/u/trasla here) and Daniel Weigl, who have been adding support for Trezor, fixing bugs, adding minor requested features, etc.

We at Mycelium are not fans of what Chainalysis does, but we can't really object too much, because if something like this is even possible to do, then someone will do it, whether it's Jan's company or someone else. It's also preferable that this is done by a public company in the open, instead of in secret by a government agency. And secondly, since the developer behind this is someone who worked with us, we can at least get inside knowledge of what may be tracked and how by such systems, so we can be aware of what to watch out for and what to fix. Obviously it's not a guarantee that we will get an honest answer, but it's still better than nothing.

With regards to why our website's About section still lists Jan Møller as a Lead Developer, it's because our website dev has been working full time on another (secret) Mycelium project, and has not had the chance to change anything. I guess the site is too low of a priority to update. Note that both of our current top wallet developers who have been doing most of the work these past few months, Jan Dreske and Daniel Weigl, are completely missing from there too. I am sorry that I have not publicly stated anything about this either, but since Chainalysis is a completely separate company, Jan Møller has not had access to our internal systems since he became a consultant, and our internal goals are still total anonymity, there was no risk whatsoever to Mycelium or the privacy of our users from the Mycelium side. I have been fairly open about being an AnarchoCapitalist myself, supporting people like Cody Wilson and Ross Ulbricht, and supporting the idea of The four pillars of a decentralized society as explained by Johann Gevers to help decentralize government functions. So if there ever is a risk of Mycelium becoming a snooping agency, or if Mycelium changes its goals with regards to expanding personal freedom, I still promise to let the community know, sine there would be no way I would be willing to continue to work there if that happens.

sandor111
Hero Member
*****
Offline Offline

Activity: 602
Merit: 500



View Profile WWW
March 13, 2015, 06:19:15 PM
 #51

Latest Bitcoin Core with 2000 connections allowed
2000 connections is not possible, you'll run out of file descriptors. If you edit the code remove the limits you'll end up with arbitrary memory corruption.

The code that limits outbound counts to one host per /16 is trivial, it's in net.cpp:1207.   Can you please get a getpeerinfo on the effected host while the naughty peers are connected and send me the diff with whatever changes you're running?

Quote
What happens if a malicious node is connected "outbound", then It disconnects itself, adds an inbound connection from itself, and uses "GETADDRS" to create a subsequent connection to the same subnet? This way it could slowly fill the connection list with inbound connections from itself?
Nothing?  Outbound and inbound connections do not compete with each other. You will still be limited in the number of outbound connections you have to a single /16.

Hi gmaxwell,

well I have a maximum of 3100 file descriptors on my system.

Code:
anonymous@anonymous-desktop ~/Development/counterparty-gui $ ulimit -n
3100

I will try to recreate the setting and do a getpeerinfo dump. I will also set up an IDS, maybe some session hijacking method is used to set up a connection from an unsuspicious (but also malicious) node and then taking it over by one of the 40.xxx nodes with some TCP session hijacking method. As both nodes are cooperating and share sequence numbers this should not be too hard. Or maybe some kind of NAT problem is going on (i am on a full cone NAT here). Or maybe this is all stupid what I am talking about. I will double check shortly.

It's not possible to have over ~864 (?) connections, or absolute max is 1024 (FD_SETSIZE) without changing the netcode extensively. Personally for fun I have coded an epoll implementation for the bitcoin core to allow an arbirary number of connections, I got up to 6k connections before the CPU maxed out due to the inv flooding.

justusranvier
Legendary
*
Offline Offline

Activity: 1400
Merit: 1006



View Profile WWW
March 13, 2015, 06:42:48 PM
 #52

Based on my legal studies at the University of Wikipedia, I think Chainanalysis is violating the CFAA.

https://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act#Criminal_offenses_under_the_Act

Connection slots made available by full nodes are offered to peers who will participate in the relaying of transactions, I doubt the people who run full nodes authorize use of their limited connection slots for the purposes other than participating in the Bitcoin protocol.
Dargo
Legendary
*
Offline Offline

Activity: 1820
Merit: 1000



View Profile
March 13, 2015, 07:32:36 PM
 #53

Looks like the people at mycellium and kraken are involved...

Kraken is not in any way "behind" Chainalysis. Michael Gronager left Kraken in October 2014 to work on Chainalysis and has only remained affiliated with Kraken in an advisory role.
Raize
Donator
Legendary
*
Offline Offline

Activity: 1414
Merit: 1004


View Profile
March 13, 2015, 07:48:48 PM
 #54

I have been fairly open about being an AnarchoCapitalist myself, supporting people like Cody Wilson and Ross Ulbricht, and supporting the idea of The four pillars of a decentralized society as explained by Johann Gevers to help decentralize government functions.

For those unfamiliar:
https://www.youtube.com/watch?v=8oeiOeDq_Nc

OrganofCorti's Neighbourhood Pool Watch - The most informative website on blockchain health
ABISprotocol
Sr. Member
****
Offline Offline

Activity: 278
Merit: 250

ABISprotocol on Gist


View Profile WWW
March 13, 2015, 08:25:16 PM
 #55

Based on my legal studies at the University of Wikipedia, I think Chainanalysis is violating the CFAA.

https://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act#Criminal_offenses_under_the_Act

Connection slots made available by full nodes are offered to peers who will participate in the relaying of transactions, I doubt the people who run full nodes authorize use of their limited connection slots for the purposes other than participating in the Bitcoin protocol.

It may well be that Chainanalysis is violating CFAA, but then again when I get up and breathe in the morning I am probably violating several laws.  

Why not just start going through the process of ensuring they are blocked.

If they continue with their efforts, I recommend this as a resource:

Consider what Mozilla did as a technique against a global spyware provider...
https://blog.mozilla.org/blog/2013/04/30/protecting-our-brand-from-a-global-spyware-provider/

Or, use the courts to seize the domain(s) of Chainanalysis or any other company that does what they are doing via the ex parte TRO process - like this:
http://www.honeynet.org/node/830

Word of warning: I'm not a lawyer, this isn't legal advice.  So if you feel compelled to examine any of these options further, do what any reasonable person must do: Consult a lawyer before doing anything!

Otherwise, block Chainanalysis's shit.

Thanks to those who have caught this early.

ABISprotocol (Github/Gist)
http://abis.io
justusranvier
Legendary
*
Offline Offline

Activity: 1400
Merit: 1006



View Profile WWW
March 13, 2015, 08:29:27 PM
 #56

Based on my legal studies at the University of Wikipedia, I think Chainanalysis is violating the CFAA.

https://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act#Criminal_offenses_under_the_Act

Connection slots made available by full nodes are offered to peers who will participate in the relaying of transactions, I doubt the people who run full nodes authorize use of their limited connection slots for the purposes other than participating in the Bitcoin protocol.

It may well be that Chainanalysis is violating CFAA, but then again when I get up and breathe in the morning I am probably violating several laws. 

Why not just start going through the process of ensuring they are blocked.

If they continue with their efforts, I recommend this as a resource:

Consider what Mozilla did as a technique against a global spyware provider...
https://blog.mozilla.org/blog/2013/04/30/protecting-our-brand-from-a-global-spyware-provider/

Or, use the courts to seize the domain name of Chainanalysis or any other company that does what they are doing via the ex parte TRO process - like this:
http://www.honeynet.org/node/830

Word of warning: I'm not a lawyer, this isn't legal advice.  So if you feel compelled to examine any of these options further, do what any reasonable person must do: Consult a lawyer before doing anything!

Otherwise, block Chainanalysis's shit.

Thanks to those who have caught this early.
Blocking them is certainly a great idea, and so is implementing technical measures that make what they are trying to do more difficult or (ideally) impossible.

There's also a very satisfying form of symmetry in holding startups in the regulatory compliance field accountable to regulations which they are violating.

If companies who are disrupting the Bitcoin network for a profit were held accountable to criminal law, then maybe the investors in such companies would apply more scrutiny to the ventures they fund.
bitpop
Legendary
*
Offline Offline

Activity: 2324
Merit: 1022


https://keybase.io/bitpop


View Profile WWW
March 13, 2015, 08:37:18 PM
 #57

This is exactly what they want you to do. We are attacking a whole subnet, maybe a competitor they wanted gone, testing for the future to maybe take down bitpay or something. If they were real, they'd use random ips.

You really think they'd use one subnet? And make it so obvious? With a homepage playing right into our fears? This whole thing is staged. Bitcoin is already designed to avoid peers from the same subnet. Why would they use that?

Using a node with tor is a bad idea.

Reputation  |  PGP  |  DigitalOcean  |  TorGuard  |  Ethereum Classic
Bitcoin: 3DSh6AnmvBpDJFUz2mnLirMLmTMcFs9nDm
Bitmessage: BM-2cXN9j8NFT2n1FxDVQ6HQq4D4MZuuaBFyb
ABISprotocol
Sr. Member
****
Offline Offline

Activity: 278
Merit: 250

ABISprotocol on Gist


View Profile WWW
March 13, 2015, 09:08:03 PM
 #58

Surely what they are saying they are doing is not really possible.  They cannot with certainty verify who is paying who.  They might be able to make probabilistic statements, but not certainty in all cases. 


Even probabilistic data is bad. They could use it for targeted advertising for instance.

Plausible deniability is not the be-all and end-all. Even if they don't know for sure it could be reason enough to put you under further surveillance.

Was it not that a person had all his electronic equipment confiscated and brought in for having a bitcoin-node associated with a rogue transaction displayed on blockchain.info earlier on?

If there are entities paying for analysis of the block chain, and it's acted upon (by law enforcement) data that cannot be fully trusted, it could cause lots of troubles.

Also, while blocking ip's of nefarious nodes is a temporarily solution, it's only an annoyance for the perpetrators, and given they have sufficient resources, they could further hide their activity as to not give away their intentions.

Given they have enough resources, they could even have automated ip-switching going on. Once an ip is blocked by a sufficient number of legit nodes, they just switch the ip of that node, and all of that could be automated. So in essence blocking the IP's are a bit like holding your hand over a hole in your rowing boat that is leaking in water, might give you some temporarily relief, but is not a lasting solution.

Now - it's near impossible to know who really controls a node, if they really want to go stealth. If a node acts like a normal node in all ways, why should it not be considered a normal node?

If I understand it right, the chainalysis mode of operation is for them to connect to as many nodes as possible, so if I do a transaction directly from ip A, which runs a full bitcoin core node, be it on a cable-connection or otherwise, if cainalysis is connected to the node where the tx is orginating, the ip-address of the node where the transaction was orginating is recorded within the chainalysis database. They will probably use many other sources to get more info about the owner of that ip-address. If they're only a private company they will have less data points to work with, but if they're an intel agency, there's virtually no limit as to how sophisticated the systems could be, in theory they could plugin directly to the customer database of ISP's and have names displayed in real time in association with the IP's. Information that could further be relayed and shared with relevant parties.

Bitcoin is only pseudonymous, as everyone can lock up a transaction in the block-chain, and I assume network analysis cannot be prevented, but I do think it should be made more difficult.

But a blacklist solution is dangerous. Who's to decide what goes on the blacklist, and who's to verify the decisions are correct? Perhaps some automated solution in bitcoin core where peers that's behaving unexpectedly could be automatically banned is a better solution? But again, that's much like holding hand over leaking hole, as if certain footprints reveals rogue nodes, they will only change their appearance to appear more legitimate. And I'm not sure, but I believe bitcoin traffic is unencrypted in transit, so what prevents an intel org from manipulating the traffic (making legit nodes appear rogue), in essence grinding the entire network to a halt if nodes automatically ban misbehaving nodes?

I'm no TOR expert, but I've noticed there's been much mumbling about TOR not being all that secure anymore, so would a normal user really be more secure if he used Bitcoin+TOR?

Since bitcoin is supposed to be trustless, if we started to make a whitelist of legit nodes, that would go against that ideal.

So, in reality, how do we ensure that most nodes on the network are legit, and what's the best method of blocking rogue nodes from connecting to your own node?

In my view, in essence it boils down to freedom and privacy. There's something fundamentally wrong when certain people need to exert "control" over others against their will.



On the TOR point specifically, numerous studies have been done that have revealed problems involving the use of TOR and bitcoin in combination, leading to vulnerabilities that have not yet been mitigated.

See:

https://github.com/OpenBazaar/OpenBazaar/issues/866#issuecomment-62577905

The release of Tails with Tor and Electrum has me concerned due to these issues as were commented on by Biryukov, Pustogarov, and others.

ABISprotocol (Github/Gist)
http://abis.io
gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2464
Merit: 1256



View Profile
March 13, 2015, 09:25:14 PM
 #59

On the TOR point specifically, numerous studies have been done that have revealed problems involving the use of TOR and bitcoin in combination, leading to vulnerabilities that have not yet been mitigated.
Your comment is confused and misleading.

The "problems" reported initially is that an attacker can DOS attack to cause IPv4 nodes to block nodes behind Tor. This is true, but we were always aware of that and implemented hidden service bitcoin nodes as a tool to improve that. The paper was revised to also point out that you could concurrently DOS attack hidden service nodes-- which is generally true with or without tor, but there are not as many HS nodes.

The end result of all that though is just a DOS attack. Maybe if an attack happened, which isn't currently happening, you might have problems getting a new connection after starting your software.  This is completely safe, it might be irritating but your privacy would not be compromised unless you took the affirmative (and obviously foolish) action of disabling Tor support in your wallet.

None of this is a reason to not use Tor-- it's a reason, among _many_, that Tor doesn't solve all possible problems but you lose nothing by using it.  It's harmful to the community for you to promote otherwise.

Bitcoin will not be compromised
ABISprotocol
Sr. Member
****
Offline Offline

Activity: 278
Merit: 250

ABISprotocol on Gist


View Profile WWW
March 13, 2015, 10:03:53 PM
 #60

On the TOR point specifically, numerous studies have been done that have revealed problems involving the use of TOR and bitcoin in combination, leading to vulnerabilities that have not yet been mitigated.
Your comment is confused and misleading.

The "problems" reported initially is that an attacker can DOS attack to cause IPv4 nodes to block nodes behind Tor. This is true, but we were always aware of that and implemented hidden service bitcoin nodes as a tool to improve that. The paper was revised to also point out that you could concurrently DOS attack hidden service nodes-- which is generally true with or without tor, but there are not as many HS nodes.

The end result of all that though is just a DOS attack. Maybe if an attack happened, which isn't currently happening, you might have problems getting a new connection after starting your software.  This is completely safe, it might be irritating but your privacy would not be compromised unless you took the affirmative (and obviously foolish) action of disabling Tor support in your wallet.

None of this is a reason to not use Tor-- it's a reason, among _many_, that Tor doesn't solve all possible problems but you lose nothing by using it.  It's harmful to the community for you to promote otherwise.

Actually, I use TOR myself.  I just disagree that we should blindly use TOR with bitcoin or suggest that users do the same thing without warning people of the possible consequences.

See in my remarks on github where I suggested one possible option:

"Appropriate warnings for users who are using OpenBazaar (which incorporates bitcoin use) with Tor should be something like this: "Warning: Proceed at your own risk," or, "Warning: Use of Tor and Bitcoin together may result in additional attack vectors that could compromise your privacy. Do you wish to proceed?"

This is not a slam on OB either because I use OpenBazaar.  I simply think it is ridiculous to not warn people of possible risks.

ABISprotocol (Github/Gist)
http://abis.io
gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2464
Merit: 1256



View Profile
March 13, 2015, 10:08:28 PM
 #61

"Warning: Use of Tor and Bitcoin together may result in additional attack vectors that could compromise your privacy. Do you wish to proceed?"
This warning is incorrect for Bitcoin.  The risks described are that it may be somewhat more vulnerable to DOS attack. For wallet users the only consequence is that it might not work and, if they're in a hurry, they might choose to turn off tor and end up with the same non-privacy they would have had if they had not used Tor.

OpenBazaar is offtopic in this thread.

Bitcoin will not be compromised
ABISprotocol
Sr. Member
****
Offline Offline

Activity: 278
Merit: 250

ABISprotocol on Gist


View Profile WWW
March 13, 2015, 10:23:17 PM
 #62

"Warning: Use of Tor and Bitcoin together may result in additional attack vectors that could compromise your privacy. Do you wish to proceed?"
This warning is incorrect for Bitcoin.  The risks described are that it may be somewhat more vulnerable to DOS attack. For wallet users the only consequence is that it might not work and, if they're in a hurry, they might choose to turn off tor and end up with the same non-privacy they would have had if they had not used Tor.

OpenBazaar is offtopic in this thread.

You seem to be rather insecure about my remarks about Tor, Bitcoin and so forth.  I don't feel any of my remarks are OT, furthermore.  These matters I've mentioned are relevant to what's at hand.  I'd be less concerned with wallet users choosing to "turn off tor" (as this is likely a very small subset of persons) and more concerned with a bunch of folks who are engaging in surveillance of large parts of the network while at the same time, the system is vulnerable to people who craft large-scale surveillance not just for monitoring but with the intent to create a new Bitcoin reality for some set of users, and / or those who want to greylist people. 

I think this is also a very good time to bring up again the subject of why anonymity as an option is very important for Bitcoin users.
I'll refer back to this:
https://bitcointalk.org/index.php?topic=175156.msg7912447#msg7912447 

Ciao,

-ABIS

ABISprotocol (Github/Gist)
http://abis.io
Cryptowatch.com
Full Member
***
Offline Offline

Activity: 196
Merit: 100


View Profile WWW
March 13, 2015, 10:30:48 PM
 #63

I just had an idea. I don't know if it's feasible, so let the experts chime in:

Is there any foolproof way a node could broadcast that it runs an unmodified bitcoin-core version? However, if there was such a way, a resourceful party could run hundreds of nodes on different ip's on different subnets which all appeared legit, but also with the purpose of collecting identifying data. And npbody can really know what the node operator does with all the info he gathers.

Fungibility is very important for bitcoin. Once businesses starts rejecting your transaction for whichever reason, we're back to square one. Nothing is as annoying as a bank shutting you down without even explaining why. Do we want the same for bitcoin?

Also I do not understand what makes bitcoin special over cash in terms of the regulatory environment. True, you can move bitcoin faster over longer distances (or at least assign a new owner to certain coins..), but I haven't seen any banks employ people to follow customers after withdrawing cash from an ATM to check what they're up to, where and how they spend their money. In essence, with the regulatory environment esp. in the US of today, we in essence have the digital version of this where large bitcoin companies have deployed technology for blockchain analysis where they trace incoming and outgoing funds to be "compliant". The only reason this is done is because it's possible.

Perhaps a certain level of regulations are smart, but why hassle the normal users and why this extended monitoring and spying. To me it seems like it's another security-theatre. I don't buy the arguments about bitcoin being used for nefarious purposes. Afaik, fiat money aka USD cash money is what's the favourite way of paying for criminals. When will we see a crackdown on the dollar? On a more serious note: All these legalities that's not contributing to the development for the human race, is doing the opposite. It makes me sad. We must of course relate to the real world, but if enough people chose not to participate in the current system it will break down.

/rant

gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2464
Merit: 1256



View Profile
March 13, 2015, 11:54:46 PM
 #64

You seem to be rather insecure about my remarks about Tor, Bitcoin and so forth.
Huh? Whats with the ad homenem?  You're making objectively incorrect statements, the result is a web of FUD that would mislead people into making poor choices.   Linking to a bunch of things totally unrelated to this discussion is a weird strategy-- no one in this thread disagrees that anonymity (or more importantly, simple privacy) is important. That question hasn't even come up. That it is important doesn't justify or legitimize making a incorrect claims about it.

Bitcoin will not be compromised
zvs
Legendary
*
Offline Offline

Activity: 1596
Merit: 1000


House Nogleg


View Profile WWW
March 14, 2015, 02:47:02 AM
 #65

Latest Bitcoin Core with 2000 connections allowed
2000 connections is not possible, you'll run out of file descriptors. If you edit the code remove the limits you'll end up with arbitrary memory corruption.

is there some reason the base client isn't using epoll?

ed:    and, tbh, i'm finding it odd people are just now mentioning the 46.105.201.xx shenanigans, i have some msg to drharibo about them from late february.  it's like those old snoopy nodes when dozens of them were going.  you block all you (know about) can and eat the rest

gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2464
Merit: 1256



View Profile
March 14, 2015, 03:34:50 AM
 #66

is there some reason the base client isn't using epoll?
Not portable by itself, and real no reason to use it: running large numbers of connections isn't good for the goodput of the network (data crosses in flight more often the higher the number of concurrency connections), makes the node more vulnerable to a number of DOS attacks, and burns external resources (esp if they're used to make outbound connections). Shipping that would just make the lazy abusive users even more abusive, and I've seen plenty of evidence to suggest that it would cause harm. So that takes it from low priority (no need, a pain to do portably) to basically negative priority.

We'll probably do so eventually but I would expect it to come after some much more powerful anti-abuse tools.

Bitcoin will not be compromised
qxzn
Hero Member
*****
Offline Offline

Activity: 604
Merit: 500



View Profile
March 14, 2015, 10:46:04 AM
 #67

Tor stuff

gmaxwell: your thoughts on using bitcoin through a VPN privacy service?
autodiv
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
March 14, 2015, 12:42:43 PM
 #68

is there a way to block certain ip in bitcoin.conf file?

You really want to use iptables (assuming you are on Linux and I cannot imagine why you would not be.) That way you never have to shut down the Daemon just to block an address.
What do you think of my ufw approach above? I find ufw easier to get than iptables.

Excellent solution for sure. Always choose the tool that suits YOU best and you can always increase security. Blocking IPs is going to end up being a major task for any sysadmin regardless of their platform. There are tons of baddies out there!

flatfly
Legendary
*
Offline Offline

Activity: 1022
Merit: 1002


View Profile
March 14, 2015, 02:03:49 PM
 #69

There is an informative discussion of this topic on reddit:

http://www.reddit.com/r/Bitcoin/comments/2yxid5/chainalasys_vs_mycelium_the_full_story/

1111127SpvabYpoeDoiz5L7QPkfiSh2Q. Only donate if you have a reason to.
libcoin
Newbie
*
Offline Offline

Activity: 26
Merit: 0



View Profile WWW
March 14, 2015, 02:15:33 PM
 #70

Hi all,

Chainalysis here - sorry to have caused any worry or confusion. We were preparing data for a blogpost on bitcoin traffic by volume btw different counties. We chose specifically to setup a number of nodes on the same /24 net to avoid any bitcoind or other vital parts of the network to be caught only on our nodes as we initially havn't build the transaction forwarding into the probes.

As we learned some SPV nodes were affected we have now shut down the nodes.

Sending a bitcoin transaction in a p2p network will always to some extend reveal your IP, like your IP is known by google as soon as you google something or by your preferred DNS server looking up domain names. We implicitly trust these services and that they do not reveal our behaviour on the internet. We also know that e.g. google of course profit from collecting this information which we accept to the extend that they don't sell specific information, but only statistical information compiled from their measurements.

We still think that there is a lot of interesting info you can learn from the bitcoin network by doing this kind of experiments, however, we also accept a do-not-trace wish from users. So perhaps the right way for network analysis research going forward is to:
1. Ensure probes comply 100% with the protocol (shame on us)
2. Add a link (url) to the specific purpose in the version name
3. Keep a tag in the version name [probe / recording / whatever] so nodes can choose to friendly opt out

But also note that the above measures and current protocol does not protect you against a real spy net at all, Tor is still the best solution for this purpose.

Sincerely,

Michael
cloverme
Legendary
*
Offline Offline

Activity: 1414
Merit: 1040


SpacePirate.io


View Profile WWW
March 14, 2015, 04:10:02 PM
 #71

Hi all,

Chainalysis here - sorry to have caused any worry or confusion. We were preparing data for a blogpost on bitcoin traffic by volume btw different counties. We chose specifically to setup a number of nodes on the same /24 net to avoid any bitcoind or other vital parts of the network to be caught only on our nodes as we initially havn't build the transaction forwarding into the probes.

As we learned some SPV nodes were affected we have now shut down the nodes.

Sending a bitcoin transaction in a p2p network will always to some extend reveal your IP, like your IP is known by google as soon as you google something or by your preferred DNS server looking up domain names. We implicitly trust these services and that they do not reveal our behaviour on the internet. We also know that e.g. google of course profit from collecting this information which we accept to the extend that they don't sell specific information, but only statistical information compiled from their measurements.

We still think that there is a lot of interesting info you can learn from the bitcoin network by doing this kind of experiments, however, we also accept a do-not-trace wish from users. So perhaps the right way for network analysis research going forward is to:
1. Ensure probes comply 100% with the protocol (shame on us)
2. Add a link (url) to the specific purpose in the version name
3. Keep a tag in the version name [probe / recording / whatever] so nodes can choose to friendly opt out

But also note that the above measures and current protocol does not protect you against a real spy net at all, Tor is still the best solution for this purpose.

Sincerely,

Michael


Idiot... the bitcoin network is not your personal playground to just do whatever the hell you want on the network.  Have some respect for what others have done and keep your retarded experiment off the damn network.  Build your own node network in a closed environment if you want to experiment with the protocol or develop your own seperate coin network.  What the hell is the matter with you?
nachoig
Sr. Member
****
Offline Offline

Activity: 252
Merit: 250


View Profile
March 14, 2015, 05:11:29 PM
 #72

New article at CoinDesk: http://www.coindesk.com/chainalysis-ceo-denies-launching-sybil-attack-on-bitcoin-network/

Quote
Chainalysis denies any malicious behaviour – "the accusations got a little out of hand," Grønager said – and rather points to its technology being used to help law enforcement, for example in tracking and locating stolen funds.

He told CoinDesk:

"Funnily, following the Reddit post we have received a ton of emails from people with stolen bitcoins and requests for finding them – so yes, there is indeed a need [for this kind of service] and yes, we have received a lot of positive feedback from potential customers."

Quote
Chainalysis sides with the regulators. In providing what it calls 'automated transaction reporting', the company says it is helping bitcoin companies conform to existing money transfer regulations, including the travel rule.

This, Grønager said, will help bitcoin businesses get bank accounts and promote the currency's use among mainstream financial institutions.

He added:

"If you as a MSB (money services business) are offering automated transactions you are obliged to have suitable automated transaction monitoring. That is not to be confused with monitoring the entire bitcoin network, but transfers between you and your client, may that be fiat or may that be bitcoin. We are providing tools for facilitating exactly that."
chek2fire
Legendary
*
Offline Offline

Activity: 1680
Merit: 1043


Ιntergalactic Conciliator


View Profile
March 14, 2015, 05:12:41 PM
 #73

Is that the commands to block them from our nodes?

sudo iptables -I INPUT -m iprange --src-range 46.105.0.0-46.105.255.255 -j DROP
sudo iptables -I OUTPUT -m iprange --dst-range 46.105.0.0-46.105.255.255 -j DROP


i have setup several nodes around the world and i need to block this idiots.
Epic fail from them.. they just collpase their reputation in the bitcoin community.
One of my full node in uk is clean from that connections.
Thx for the info and i think we must check time to time who is connected to our node to see if something suspicious happens

http://www.bitcoin-gr.org
4411 804B 0181 F444 ADBD 01D4 0664 00E4 37E7 228E
inBitweTrust
Hero Member
*****
Offline Offline

Activity: 658
Merit: 500



View Profile
March 14, 2015, 05:21:38 PM
 #74

Relevant Coindesk article -

http://www.coindesk.com/chainalysis-ceo-denies-launching-sybil-attack-on-bitcoin-network/

This whole situation make me even more motivated to increase full nodes to protect the network from "accidental" or deliberate attacks like this.

laurentmt
Sr. Member
****
Offline Offline

Activity: 386
Merit: 250


View Profile
March 14, 2015, 08:31:11 PM
 #75

Sounds to me, the interesting things may be:
- Who is sending how much to whom
- Linkage of IP to Wallet
- Where is money originating from and where do the money flows go
- Who is most likely running a Bitcoin service
I would add this one: Snapshot of network topology. Check if we still have the expected decentralized topology or if we have some hubs which may become future points of fragility (wrt data propagation).
cr1776
Legendary
*
Offline Offline

Activity: 1932
Merit: 1005


View Profile
March 14, 2015, 09:42:53 PM
 #76

The post quoted below and the one above from them above seem very different.  Traffic analysis vs tracking transactions for "travel rules" etc. 

The one above makes it sound much more innocuous than the quotes below.

New article at CoinDesk: http://www.coindesk.com/chainalysis-ceo-denies-launching-sybil-attack-on-bitcoin-network/

Quote
Chainalysis denies any malicious behaviour – "the accusations got a little out of hand," Grønager said – and rather points to its technology being used to help law enforcement, for example in tracking and locating stolen funds.

He told CoinDesk:

"Funnily, following the Reddit post we have received a ton of emails from people with stolen bitcoins and requests for finding them – so yes, there is indeed a need [for this kind of service] and yes, we have received a lot of positive feedback from potential customers."

Quote
Chainalysis sides with the regulators. In providing what it calls 'automated transaction reporting', the company says it is helping bitcoin companies conform to existing money transfer regulations, including the travel rule.

This, Grønager said, will help bitcoin businesses get bank accounts and promote the currency's use among mainstream financial institutions.

He added:

"If you as a MSB (money services business) are offering automated transactions you are obliged to have suitable automated transaction monitoring. That is not to be confused with monitoring the entire bitcoin network, but transfers between you and your client, may that be fiat or may that be bitcoin. We are providing tools for facilitating exactly that."
RealMalatesta
Legendary
*
Offline Offline

Activity: 826
Merit: 1000



View Profile
March 14, 2015, 10:11:33 PM
 #77

First of all, I am pretty sure that chainalysis is violating Swiss laws by collecting this data and giving this data to their clients. But this is an issue for lawyers in Switzerland. Me, for my part, have sent a request to the Swiss data protection agency. I want to know WHAT they collect and see it.

Secondly, and this may be interesting:

Chainanalysis was established December 24, 2014. The company's capital is divided in three parts which are owned by:
- Trifork Holding AG
- SWIFT BIT HOLDING ApS
- CEPTACLE HOLDING ApS

Trifork Holding AG
The company was established in Switzerland. It was basically established by capital of "Blackbird Holding ApS" in Denmark, and "Trifork A/S", also in Denmark. "Trifork" is a software company, working for banks and also the government. President of the board of directors is Jorn Larsen who also is CEO of Chainanalysis.

Swift Bit Holding ApS
This holding company also is located in Denmark and owns Swift Bit, a software company of Jan Møller. Strange enough, these companies do not appear in his linkedin profile:
https://dk.linkedin.com/pub/jan-m%C3%B8ller/1/214/bb3


CEPTACLE HOLDING ApS
This company, too, is located in Denmark and controlled by Michael Grønager.

So basically, Chainanalysis is controlled by foreign corporations. And I want to know how Chainalaysis is complying with the Swiss Data Protection laws.

An IP address is, according to Swiss law, "personal data".

According to this law, Chainanalysis has to give access to all the data they have regarding a specific IP to the person who was using this IP at the time the data was collected. Such a request can be sent to Chainanalysis by e-mail and they have to respond without the right to charge anything for this. They have to tell them how they obtained this data and what they intend to do with it. Furthermore, they have to make sure and public how the personal data of users of the Bitcoin network is protected. If they don't, everybody can write a complaint to the Swiss data protection agency.

EDIT

According to Coindesk, "Chainalysis denies any malicious behaviour – "the accusations got a little out of hand," Grønager said – and rather points to its technology being used to help law enforcement, for example in tracking and locating stolen funds."

So my question: Is this the intention of them? If so: They are clearly violating Swiss laws and could face up to three years in jail.
Evil-Knievel
Legendary
*
Offline Offline

Activity: 1190
Merit: 1146



View Profile
March 15, 2015, 07:53:20 AM
 #78

This message was too old and has been purged
IMZ
Legendary
*
Offline Offline

Activity: 1484
Merit: 1000


View Profile
March 15, 2015, 08:02:27 AM
 #79

Nice work, E.K.!
cr1776
Legendary
*
Offline Offline

Activity: 1932
Merit: 1005


View Profile
March 15, 2015, 10:58:41 AM
 #80

Quote
According to Coindesk, "Chainalysis denies any malicious behaviour – "the accusations got a little out of hand," Grønager said – and rather points to its technology being used to help law enforcement, for example in tracking and locating stolen funds."

So basically from what I understand is they were monitoring and recording all transaction that I have made because I was under general suspicion?

Cryptograpic geeks writing their maters thesis and doing some analysis on the blockchain is absolutely fine,
but I am not OK with companies monitoring a large number of users in order to do "something" with the archived data afterwards.

Yeah.  And their multiple statements seem at odds with each other.  Their statement quote above with regard to regulations and in the coin deskarticle do not match this:

Quote
We were preparing data for a blogpost on bitcoin traffic by volume btw different counties. We chose specifically to setup a number of nodes on the same /24 net to avoid any bitcoind or other vital parts of the network to be caught only on our nodes as we initially havn't build the transaction forwarding into the probes.

Their explanations make their motivations even more questionable and, to me, increase the degree that one should be suspicious of them and their actions since they try to excuse the behavior in ways that are at opposite extremes depending on who they are talking to. 

It is good though to see this type of activity now and take steps to mitigate it at least some.  While Tor is not the be-all, as has been discussed up thread, it is a useful tool in the bitcoin world.  It isn't difficult to set up, so if you are running a node, consider adding a hidden service.  There is a guide on setting up bitcoin core with Tor (https://www.sky-ip.org/configure-bitcoin-node-debian-ubuntu.html  ) that seems to be reasonably complete from looking it over.  Some things you may need to tailor to your own uses, such as if you want to be on Tor and clear.  There may be other guides out there too, but thought that one might be useful if anyone was looking for one.

Thank you E.K for bring this up, by the way. 

LucD88
Hero Member
*****
Offline Offline

Activity: 670
Merit: 510


CrownCentral.net


View Profile
March 15, 2015, 02:34:27 PM
 #81

Have you guys read this?

http://www.coindesk.com/chainalysis-ceo-denies-launching-sybil-attack-on-bitcoin-network/


Nevermind it's old news, nachoig already posted the link yesterday.

▄▄█▀▀▀▀▀▀▀█▄▄
▄█▀▀▀           ▀▀▀█▄
▄█▀▀                   ▀▀█▄
▄█▀                         ▀█▄
█▀                             ▀█
█▀               █               ▀█
█▀              ▄█▀                ▀█
      █▄▄▄  ▄▄█▀   ▀█▄▄  ▄▄▄█      █
       █▄▀▀▀▀         ▀▀▀▀▄█       █
        ▀█               █▀        █
█▄
        ▀█   ▄▄█▀▀█▄▄  █▀        ▄█
█▄
         ▀          ▀▀         ▄█
█▄                             ▄█
▀█▄                         ▄█▀
▀█▄▄
                   ▄▄█▀
▀█▄▄▄           ▄▄▄█▀
▀▀█▄▄▄▄▄▄▄█▀▀
.CROWN.█▄
███
███
███
 ▀█
▀▄
▄ ▀
 ▀▄

█▄
███
███
███
 ▀█
█▄
███
███
███
 ▀█
▀▄
▄ ▀
 ▀▄

█▄
███
███
███
 ▀█
.MERGE MINING...   .MASTERNODES.............   .CORE UPDATES...
██████████████████████████████████   twitter  ███████████████████████ Mattermost  ███████████████████████ ANN Thread  ██████████████████████████████████
█▄
███
███
███
 ▀█
▀▄
▄ ▀
 ▀▄

█▄
███
███
███
 ▀█
libcoin
Newbie
*
Offline Offline

Activity: 26
Merit: 0



View Profile WWW
March 15, 2015, 07:37:36 PM
 #82

Hi again,

Got some PM requests for clarifying legal issues etc. Your guess is as good as mine, but I think it is important to stress a few facts first:

1. Me explaining to coindesk/insidesbitcoins what Chainalysis do in general (Compliance, Investigations etc) has nothing to do with the nodes - we are not using transaction to IP mapping for anything but statistical research - aka the blog post already mentioned. This fact is, as I see it, highly relevant if we start to discuss any possible legal issues.

2. Claiming that Chainalysis should do anything illegal based on other nodes connecting to our nodes relaying INVs is highly speculative. I cannot see any difference btw that and connecting to any other service (HTTP/DNS etc) and recording that info for statistical purposes. Further, take e.g. blockchain.info where any first posted INVs are recorded and shared with all future users. How is our statistical analysis different from that ? And note even here that Chainalysis are not and have not any intention to share privacy sensitive info (IP numbers).

3. General legal considerations - I am by no means an expert on this - but this is a relevant discussion - when are you (illegally) eavesdropping by participating in a p2p network ? What are you allowed to do with the data/metadata (e.g. INVs and TXs) you receive ? What can you as a p2p user (legally) expect them to be used for ? Do we actually expect any regulation to cover here at all ?

Cheers,

Michael
RealMalatesta
Legendary
*
Offline Offline

Activity: 826
Merit: 1000



View Profile
March 15, 2015, 08:36:19 PM
 #83


3. General legal considerations - I am by no means an expert on this - but this is a relevant discussion - when are you (illegally) eavesdropping by participating in a p2p network ? What are you allowed to do with the data/metadata (e.g. INVs and TXs) you receive ? What can you as a p2p user (legally) expect them to be used for ? Do we actually expect any regulation to cover here at all ?

For a Swiss company, this law here is relevant:
http://www.admin.ch/opc/de/classified-compilation/19920153/201401010000/235.1.pdf

As for the question if collecting an IP in connection with other data is covered by this law, you can consult several legal documents from Data Protection Agencies in Switzerland and in Europe.
Cryptowatch.com
Full Member
***
Offline Offline

Activity: 196
Merit: 100


View Profile WWW
March 15, 2015, 08:47:38 PM
 #84

1. Me explaining to coindesk/insidesbitcoins what Chainalysis do in general (Compliance, Investigations etc) has nothing to do with the nodes - we are not using transaction to IP mapping for anything but statistical research - aka the blog post already mentioned. This fact is, as I see it, highly relevant if we start to discuss any possible legal issues.

From your website:

Quote
Chainalysis offers a service that provides financial institutions with the means to obtain regulatory compliance through real-time analysis of the blockchain. Chainalysis customers get access to an API that allows them to determine which entity a transaction originates from, and whether the flow of funds originate from someone they would want to do business with. In other words, it automates the travel rule.

How do you determine which entity a transaction orginates from in the bitcoin network and relay that information to someone without given that somebody the IP associated with said tx?

Would it perhaps be possible for a financial company, ie. an exchange, to subscribe to your services, and then just get automated recommendations based on tx'id. So that exchange could then plug into your service, and if a customer sent funds to the exchange, and you service returns a "no good" to the exchange, the customer is denied service at the exchange? That would basically put you in the same category as  a rating bureau, giving you voting power over which customers should be given service at an exchange or similar. But there could be many false-positives, and the data might not be accurate for its purposes. And if enough institutions use you service, then govt. entities could force you into blacklisting certain entities, just like the USG did with Mastercard and VISA when they put a wrench in the funding for Wikileaks, or how they pressurized VISA and Paypal to stop processing payments for Mega. In essence you could contribute to breaking bitcoin fungibilty. Worse, customers that are rejected at a service based on data from your analysis service might not even get to know why they're rejected by their service provider.

We have innocent customers today having their traditional fiat transfers being interrupted, sometimes only because there's a false-positive match on a "list" that banks keep to attempt to prevent funding to terrorist groups etc. Do we really want the same for bitcoin? I'm of course not advocating that terrorist groups should be funded with USD, EUR, BTC or anything else, but on that note, perhaps stopping the "bugsplatter" in remote countries by remote controlled drones would be an idea.. I don'ẗ know what creates more terrorists, having innocent families killed (read: Drones and the rise of the high-tech assassins) in Afghanistan, or allowing people to freely use bitcoins..

The core problem is that of control. It's not about preventing crime or stopping the terrorists, it's about mass surveillance and controlling the population, terror and similar terms is only a label that is convenient to use for governments to increase the control further. After the attack in France recently, both Merkel, Obama and Cameron called for more surveilance, strange as with the current amount of surveilance there's not even enough resources to keep in check "targets of interest". How can more surveillance possibly help, except for eroding the privacy of world citizens further?

Bitcoin is meant to be a alternative to the status quo. In that regard, you're not contributing, despite your excuses.

You have stated that the nodes of yours were running to collect, analyze and prepare data for a blog post. That might be so, but as you also have a public website, see the quote above were your intentions are quite different.

You're also trying to play down what you're doing by pointing to what google does, that somebody would do it anyway, what blockchain.info does etc, still you did shut down the nodes in question when attention was brought to this issue.

On a technical level, what you're doing will probably be done by somebody else, if not done by Chainalysis, however by actually running such a service, you won't score goodwill-points with the community, something you at this point obviously have realized (hence shutting down the nodes).

I'm sure however on a financial level that providing such a "regulatory compliance"-service is not a bad idea, but for many involved in bitcoin, money is not their primary motivator. If you believe in bitcoin, and want to help the community, perhaps now would be a good time to shut down the Chainalysis-enterprise, and work with the core devs to prevent others from doing the same as you've been doing lately, perhaps even by showing some of them your code and tools to help speed up development for protecting the fungibility of bitcoins.

On a non-similar note, but to demonstrate an ethical point. A clever programmer could work on software used in a millitary weapons system, a system that was largely sold to third-world countries, and left lots of deaths in its trail. The programmer could shrug his shoulders and say: "I'm putting food on the table of my family, the fact that 100 families dies in Africa because of my code, is frankly none of my business, if I did not write it, somebody else would". Perhaps somebody else would do it, that does not mean that this particular programmer had to do it.

Of course there's no direct similarity to block chain analysis and millitary weapons systems, but the ethical points are the same. Every person matters, and the action of every single person combined becomes the actions of the whole population.

Of course it's possible to separate yourself from the collective whole, like many do, and only think about their own financial gains. In the end, I'm not sure if that's what brings the greatest satisfaction.

In summary, I'm not intending to bring on hate, just to convey my view on the matters. Solution to this issue must be built on a technical level, not on a human level.


nachoig
Sr. Member
****
Offline Offline

Activity: 252
Merit: 250


View Profile
March 15, 2015, 09:59:29 PM
 #85

But there could be many false-positives, and the data might not be accurate for its purposes.

And this already happens.
https://github.com/bitcoin/bitcoin/issues/2653
b!z
Legendary
*
Offline Offline

Activity: 1582
Merit: 1006



View Profile
March 15, 2015, 11:41:06 PM
 #86

Story on CoinBuzz:

http://www.coinbuzz.com/2015/03/15/is-this-startup-threatening-the-entire-bitcoin-network/
Carlton Banks
Legendary
*
Offline Offline

Activity: 2072
Merit: 1283



View Profile
March 16, 2015, 03:13:35 AM
 #87

Their explanations make their motivations even more questionable and, to me, increase the degree that one should be suspicious of them and their actions since they try to excuse the behavior in ways that are at opposite extremes depending on who they are talking to.

This. These people are clearcut disingenuous manipulators, they're not getting any "business" from me.


OP, please make firewall settings for as many platforms as possible displayed prominently in the top post.

Vires in numeris
Cryptowatch.com
Full Member
***
Offline Offline

Activity: 196
Merit: 100


View Profile WWW
March 16, 2015, 03:43:48 AM
 #88

OP, please make firewall settings for as many platforms as possible displayed prominently in the top post.

As a side note, there's no machines having port 8333 open on 46.105.210.0/24 now:

$ nmap 46.105.210.0/24
Nmap done: 256 IP addresses (0 hosts up) scanned in 104.36 seconds

I've seen reports of other ip-adresses from other sources, but I haven't collected it and scanned them, perhaps someone else can.

As deathandtaxes writes here, a skilled team can do stealth monitoring, so blocking is only a temporarily solution.
Evil-Knievel
Legendary
*
Offline Offline

Activity: 1190
Merit: 1146



View Profile
March 16, 2015, 07:57:26 AM
 #89

This message was too old and has been purged
libcoin
Newbie
*
Offline Offline

Activity: 26
Merit: 0



View Profile WWW
March 16, 2015, 09:46:07 AM
 #90

How do you determine which entity a transaction orginates from in the bitcoin network and relay that information to someone without given that somebody the IP associated with said tx?

Clustering of addresses from the blockchain - like walletexplorer. Wallet explorer keeps a list of entity <-> wallet mappings, you can build such a list from anyone you transact with, and it is only the financial institutions / big wallet services that are relevant here for compliance purposes.

Quote
Would it perhaps be possible for a financial company, ie. an exchange, to subscribe to your services, and then just get automated recommendations based on tx'id. So that exchange could then plug into your service, and if a customer sent funds to the exchange, and you service returns a "no good" to the exchange, the customer is denied service at the exchange? That would basically put you in the same category as  a rating bureau, giving you voting power over which customers should be given service at an exchange or similar. But there could be many false-positives, and the data might not be accurate for its purposes. And if enough institutions use you service, then govt. entities could force you into blacklisting certain entities, just like the USG did with Mastercard and VISA when they put a wrench in the funding for Wikileaks, or how they pressurized VISA and Paypal to stop processing payments for Mega. In essence you could contribute to breaking bitcoin fungibilty. Worse, customers that are rejected at a service based on data from your analysis service might not even get to know why they're rejected by their service provider.

Before answering I think it is important to stress my view on bitcoin:
I believe that bitcoin is a great technology enabling online cash hereby including possible the entire 3rd world into our economy, it should hence be regulated and integrated into the existing financial system. - I do sympathize with some libertarian views, but I am Danish, I don't believe in revolutions - I believe in the little change every day, and I truly believe we get a little bit better world if you can buy and sell bitcoin in your normal bank.

Lets split your question above in the 3 important parts it contains:
1. Do financial services need to do customer due diligence in bitcoin land - and can they use Chainalysis for that ?
Yes, they do need to check their customers - the alternative is that they don't and take the entire risk them selves causing them to do time at some point by indirectly contributing to Money Laundering. Please don't ask and expect from financial services that promote bitcoin that they should take that risk.

2. Could you hereby risk becoming a persona non grata even if you did nothing wrong ?
In bitcoin there is no persona non grata - bitcoin is cash - further, there is no tainted money, they are fungible - but again as in cash - there sure is stories that you as a financial service inst need to react upon. Lets say you want to deposit $1m in cash in your bank - will the bank let you do so - most likely no, at least not w/o having a good idea that the funds are obtained in an ok way (that is their legal obligation). So, say you are the head of Red Cross and you just had a huge collection and you again show up with the $1m. Then yes the bank would accept them. The money are fungible, it is all about the story befind / the origin of the funds.
Another example could be the cryptolocker guy trying to turn the BTCs obtained through his virus into USD - of course it is ok for an exchange to screen for that, of course it is also OK to screen for other addresses that the exchange thinks contain other stolen funds. If you don't like that, you are basically expecting the exchange to take a huge extra risk.

3. Could govt force exclusion of certain players this way ?
We choose Switzerland as a country to incorporate in mainly for this reason. I guess govt can always enforce a lot of things, that kind of goes with govt. Are we by what we do building weapons for govt ? Or is bitcoin core building tools for money laundering, slavery etc ? Both arguments are in my book equally right or wrong (Personally, I think they are both wrong).

Quote
We have innocent customers today having their traditional fiat transfers being interrupted, sometimes only because there's a false-positive match on a "list" that banks keep to attempt to prevent funding to terrorist groups etc. Do we really want the same for bitcoin? I'm of course not advocating that terrorist groups should be funded with USD, EUR, BTC or anything else, but on that note, perhaps stopping the "bugsplatter" in remote countries by remote controlled drones would be an idea.. I don'ẗ know what creates more terrorists, having innocent families killed (read: Drones and the rise of the high-tech assassins) in Afghanistan, or allowing people to freely use bitcoins..

I actually think that the measures against money laundry, terrorist financing etc are pretty reasonable as they are today, some parts are a bit too much, some are perhaps a bit too loose. As I stressed earlier, any customer is a possible liability for a financial institution, if they onboard the wrong ones they can end up pay fines or do time. Of course they are cautious, and yes it will result in false positives. Already today I think it would be awfully hard for someone from North Korea or Afghanistan to open an account on any bitcoin exchange. A pity if he or she was actually trying to promote a better world there, but the risk is to big and that causes casualties.

Quote
Bitcoin is meant to be a alternative to the status quo. In that regard, you're not contributing, despite your excuses.
Bitcoin is a technology - it is cash on the internet, and as such an alternative to a lot of things. It might end up being also an alternative to banking as we know it and even to government, but I believe that through coexistence bitcoin will succeed most as a technology.

Quote
You have stated that the nodes of yours were running to collect, analyze and prepare data for a blog post. That might be so, but as you also have a public website, see the quote above were your intentions are quite different.
My comment (no 1 from my first post) was re the legal accusations - anyone are free to believe what they want - we had no bad intend, which at the end of the day will be important when it comes to legal.

Quote
You're also trying to play down what you're doing by pointing to what google does, that somebody would do it anyway, what blockchain.info does etc, still you did shut down the nodes in question when attention was brought to this issue.
We shut down the nodes as we learned they interfered with breadwallet. And right now we are having an important discussion on what you (ethically) can and cannot do on the bitcoin-network and how you should do it. It would be arrogant to just keep them running now, even if patched for breadwallet.

Quote
I'm sure however on a financial level that providing such a "regulatory compliance"-service is not a bad idea, but for many involved in bitcoin, money is not their primary motivator. If you believe in bitcoin, and want to help the community, perhaps now would be a good time to shut down the Chainalysis-enterprise, and work with the core devs to prevent others from doing the same as you've been doing lately, perhaps even by showing some of them your code and tools to help speed up development for protecting the fungibility of bitcoins.
I don't see fungibility of bitcoin threatened - and I am strongly opposed to the creation of white/black/red/[choose color]-lists of bitcoins per se, it doesn't even make ses from a compliance viewpoint. Also, no one has a mandate to say what bitcoin is about from a political pov. Bitcoin is a technology enabling cash transaction on the internet - pretty d*mn cool. How it is used politically will always be segmented.

Quote
On a non-similar note, but to demonstrate an ethical point. A clever programmer could work on software used in a millitary weapons system, a system that was largely sold to third-world countries, and left lots of deaths in its trail. The programmer could shrug his shoulders and say: "I'm putting food on the table of my family, the fact that 100 families dies in Africa because of my code, is frankly none of my business, if I did not write it, somebody else would". Perhaps somebody else would do it, that does not mean that this particular programmer had to do it.

Of course there's no direct similarity to block chain analysis and millitary weapons systems, but the ethical points are the same. Every person matters, and the action of every single person combined becomes the actions of the whole population.

Of course it's possible to separate yourself from the collective whole, like many do, and only think about their own financial gains. In the end, I'm not sure if that's what brings the greatest satisfaction.

In summary, I'm not intending to bring on hate, just to convey my view on the matters. Solution to this issue must be built on a technical level, not on a human level.

I did already comment on the technology ethics side - there are casualties also just by doing bitcoin core dev. If you knew me personally you would know that I am against mass surveillance too - the last 15 years of terror attacks have shown that intelligence agencies don't lack data, they lack the ability to understand them (j'suis Charlie, Copenhagen, 9-11 etc - all done by people known by the intelligence agencies, so not a lack of data, they need to use better what they have - and not to start collecting data on the rest of us instead).

But proper customer due diligence is not surveillance, neither is statistical overview of pr country bitcoin transfers.

Final note - I agree that if you have a wish for using bitcoin in a super private / anonymous way it is a technological solution/skills you need, not policies. Sometimes you might want to stay anonymous, sometime you don't - for sending anonymous transactions - use Tor, and, I would also recommend you to not post a bitcoin donate address on your site, that is unless you regenerate a new pr session. (it is of little value to anonymize your transaction if the sending address can be linked to a site you control, just by googling it).

Cheers,

Michael
libcoin
Newbie
*
Offline Offline

Activity: 26
Merit: 0



View Profile WWW
March 16, 2015, 09:47:35 AM
 #91

Also, the approach used here to link IP and TX is complete nonsense in my opinion.
Even if you are connected to all nodes out there, it is still possible to receive a transaction from an IP first even though someone else is the originator.

1. Imagine there is a small node with a bad internet connection sending a transaction. He has a list of nodes he is connected to and has to broadcast to all of them.
2. User X (having a huge internet connection) is the first one to broadcast and Eavesdropper Z is the last one in the peer list getting his broadcast at the very end.
3. Due to the slow internet connection the time between broadcasting to User X and broadcasting to Eavesdropper Z is sufficiently large.
4. User X relays the TX immediately after receving the TX from the originating node to all of his peers ... including the Eavesdropper Z which is also connected to him.

Now the problem kicks in. Eavesdropper receives the TX from User X before receiving it from the slowly connected originator, and therefore thinks the connection was actually created by X.

How the heck such approach could ever be decided to be implemented?

E.K. totally agree - but it is still quite useful for statistically monitoring traffic btw countries.

/M
Carlton Banks
Legendary
*
Offline Offline

Activity: 2072
Merit: 1283



View Profile
March 16, 2015, 10:31:33 AM
 #92

Could [Chainanalysis] hereby risk becoming a persona non grata even if [Chainanalysis] did nothing wrong ?

Too late. You were in control of your reputation before you decided to prevaricate your way to notoriety. No longer.

Vires in numeris
RealMalatesta
Legendary
*
Offline Offline

Activity: 826
Merit: 1000



View Profile
March 16, 2015, 12:24:52 PM
 #93

You write:
Quote
Bitcoin is a technology - it is cash on the internet,

If I have cash IRL, it is up to me to decide how much information about me I want to hand out to someone. I can go to the newsstand and pay with cash without revealing any additional information. Or I can go to a bank, reveal all information they want me to reveal. Whatever I do - it will be my decision.

In the Bitcoin world, it is the same: I want to decide whom I tell more about me. I don't want basically a private NSA to collect data and make a business with this.

If a bank needs my information because I want to do business with them, they can tell me to give them this information. That's it. And not ask someone else to provide information at what newsstand I bought a newspaper in the past.

Cryptowatch.com
Full Member
***
Offline Offline

Activity: 196
Merit: 100


View Profile WWW
March 16, 2015, 05:16:23 PM
 #94

Hi Michael,

thanks for answering.

We have different views on the issues at hand. Esp. problematic is blacklisting. You stated you oppose blacklisting, but at the same time you want to help fight against criminals. To fight against criminals you need to have someone decide who is a criminal, so if the cryptolocker thief did a p2p trade and sold btc for litecoin, and the buyer of btc has his coinbase account blocked as a result of this, and even possibly had police coming to his door, busting it down and raiding all his equipment, that's so wrong..

If you have "criminal funds" sitting at address A, first off you need to have proof beyond any reasonable doubt that these are in fact "criminal funds". And whenever was it allowed for private entities to determine what constitutes "criminal funds"?

- Now if you manage to solve the problem of precisely tagging "criminal funds", the next step is to go after the culprit. It might seem natural to then block the culprits account with any large bitcoin company. So the large bitcion company subscribe to a service like chainalysis.

1. Victim pays ransom to cryptolocker criminal.
2. The address to which the ransom is paid (address A) becomes known to whichever party is doing the tracking.

Now the cryptolocker criminal, which we assume must be smart knows that the address he receives funds at is already tagged, so he needs to hide and launder the funds. If the thief deposits the money directly to any service that subscribes to a monitoring service, he might be caught, and the criminal is catched. Success!!

However, our thief is smart. He buys litecoin online from Alice. Alice gives him his address B, which is an address with Coinbase. The thief transfers the funds to address B. Alice has her account blocked with coinbase, and gets raided by local police.

The point is that the analysis entity, the exchange and the police cannot know what are the circumstances for the trade. Since the cyber criminals are smart, they don't mind putting the average joe to blame.

The thief could use a mixer, jump between various altcoins etc. In summary, it would be incredibly hard to track. Chance is that the guy ending up being questioned for having "criminal funds" is not a criminal at all. That's the major problem with taint-analysis, and it's also something which could undermine the trust of bitcoin. A bitcoin should be a bitcoin, no matter who you receive it from.

Comparison could be made to cash. Let's say we have a Mexican drug cartel who smuggles drugs into the US, and receive cash from various dealers in the distribution chain. High up in the chain, some courier does a cocaine to cash trade. That cash is now by law, proceeds from illegal trade. As such, if a bank saw a shady character coming through the door and wanting to deposit 100K USD in cash, there would be questions.. However, if the criminal kept the cash, and went to a restaurant for a meal and paid with low denominated bills, the restaurant has no business to ask the criminal where his money come from, and as far as they are concerned, the money is good.

In the world of block chain analysis, now the restaurant might be the criminal culprit and needs to be investigated. You see how wrong that is?

So let's say our cryptolocker thief had 100 BTC which he sells to 100 people doing p2p trades, now all of those 100 might have their account blocked at the exchange "pending investigation".

Of course, big players in the bitcoin economy who interface with the traditional fiat system needs to pay attention to the regulations, if not business ends in tears. But it pisses lots of users off, and it's not a user friendly environment.

Those criminals who are smart with bad intentions, will avoid the obvious traps, only the dumb and the innocent will be caught with block chain analysis tools.

Final note - I agree that if you have a wish for using bitcoin in a super private / anonymous way it is a technological solution/skills you need, not policies. Sometimes you might want to stay anonymous, sometime you don't - for sending anonymous transactions - use Tor, and, I would also recommend you to not post a bitcoin donate address on your site, that is unless you regenerate a new pr session. (it is of little value to anonymize your transaction if the sending address can be linked to a site you control, just by googling it).

I agree with this. As long as said website-operator is aware of such issues, I don't see a problem with it. If he wants to stay anonymous/private he would take technical measures to achieve those goals. Also, there's a lot of legitimate businesses that would not care either way if a tip-address is known and can be attached to their business/person.

Of course there are many possibilities for doing block chain analysis, it's only that I think the quality of the data that can be collected is of such a quality that it cannot be relied upon.

So in real life we have the scenario where you have a business that wants to do "regulatory compliance" because of local laws. The local governments have certain rules that needs to be followed. Since the bitcoin company needs to follow those rules to stay in business, they bend over backwards and do whatever the regulator tell them to do. So, if there's a blockchain analysis company that claims to do all the hard work to be "compliant", the bitcoin company is of course interested, because if they can show the local govt. that they're working hard to stay "compliant", they will get the nod of approval and stay in business.

The effectiveness of the system be damned..

So the regulators are happy, because the bitcoin business is staying "compliant", the blockchain analysis company is happy because they get customers, the bitcoin company is "happy" to stay in business and the end users are not that happy, but that's of less interest. After all, "regulatory compliance" is achieved.

How will false-positives be avoided? Can they be avoided?

This reminds me about airport-security. Because of fear of terrorists enormous amounts of money is poured into safety and screening of travelers at air-ports. If you do some research on the amount of money used, and then look at the statistics as to what really kills people, you would perhaps be surprised to see that a dis-appropriately amount of money is used for airport-security. Not long ago, I think it was in germany there was a test of the screening procedures revealing that they weren't all that effective, in reality it was quite embarrassing.

Quote
Weapons and dangerous objects were successfully smuggled through security checks 50 percent of the time at Frankfurt airport, in a probe by European Commission inspectors, it emerged on Sunday.


Words as snake oil and security theater comes to mind.

While I'm sure lots' of bitcoin businesses would subscribe to a blockchain analysis service, just to keep regulators happy, even though they know it's not very effective, that would not make the overall picture any better.

All of this reminds me on the HSBC scandal. It's not really about doing legit regulatory compliance work, it's more about giving the impression that you are. To stay in business, you need to keep a straight face in business meetings, and state you're taking compliance very serious. You will get the nod of approval from the regulators.

To give everybody an example of how little protection regulatory might really gives in practice, I think the following documentary describe it quite well, Chasing Madoff

Quote
A look at how one investigator spent ten years trying to expose Bernie Madoff's massive Ponzi scheme that scammed an estimated $18 billion from investors

The SEC and other relevant entities were repeatedly notified about the fraud, but failed to take action.

In summary I don't really understand how anyone actually believe that blockchain analysis services are really going to be effective and accurate. It's more like; "We need regulatory compliance." - "Ok, how do we do it" - "We could subscribe to a blockchain analysis service, the regulators will be happy" - "Ok, let's do it".

A friend once brought back some snake oil products from Asia, they had all sorts of stamps all over them stating they were legit and approved by various organizations. I guess, if I was a regulator, I would've ok'ed it - after all there were lots of nice stamps that said "legit" and "approved".

In summary, bitcoin businesses who wants to be in compliance with the current regulatory framework, needs to do whatever is required of them. That does not mean however that all the regulatory compliance is right from a universal standpoint, that it should be done, or that the tools used to achieve compliance is effective.
ABISprotocol
Sr. Member
****
Offline Offline

Activity: 278
Merit: 250

ABISprotocol on Gist


View Profile WWW
March 16, 2015, 05:35:34 PM
 #95

Hi all,

Chainalysis here - sorry to have caused any worry or confusion. We were preparing data for a blogpost on bitcoin traffic by volume btw different counties. We chose specifically to setup a number of nodes on the same /24 net to avoid any bitcoind or other vital parts of the network to be caught only on our nodes as we initially havn't build the transaction forwarding into the probes.

As we learned some SPV nodes were affected we have now shut down the nodes.

Sending a bitcoin transaction in a p2p network will always to some extend reveal your IP, like your IP is known by google as soon as you google something or by your preferred DNS server looking up domain names. We implicitly trust these services and that they do not reveal our behaviour on the internet. We also know that e.g. google of course profit from collecting this information which we accept to the extend that they don't sell specific information, but only statistical information compiled from their measurements.

We still think that there is a lot of interesting info you can learn from the bitcoin network by doing this kind of experiments, however, we also accept a do-not-trace wish from users. So perhaps the right way for network analysis research going forward is to:
1. Ensure probes comply 100% with the protocol (shame on us)
2. Add a link (url) to the specific purpose in the version name
3. Keep a tag in the version name [probe / recording / whatever] so nodes can choose to friendly opt out

But also note that the above measures and current protocol does not protect you against a real spy net at all, Tor is still the best solution for this purpose.

Sincerely,

Michael

Hi 'Chainalysis,'

I don't see any reason for an extended debate about compliance with a regulatory framework (which no-one has any interest or need in doing) or having bitcoin users to be in a position to need to "opt-out" from your shit or that of similarly idiotic operators.  Ultimately the only point of massive network surveillance is to inform, and when you are compelled to inform in some regulatory framework it is within the context of coercion which goes against what was intended for the freedom of bitcoin; we will not be bludgeoned into submission by statists who see the combination of surveillance, use of force, and threat of jail as methods of slowing the innovative capacity of decentralized crypto and the freedom of people to do with it as they see fit.

As I see it you are worse than Gox, but if there is any positive thing that can come of this, it will propel the bitcoin community to develop real anonymity options faster than it has been.

My message to you, in summary, is simple:

Go fuck yourselves.

ABISprotocol (Github/Gist)
http://abis.io
ABISprotocol
Sr. Member
****
Offline Offline

Activity: 278
Merit: 250

ABISprotocol on Gist


View Profile WWW
March 16, 2015, 07:29:00 PM
 #96

You seem to be rather insecure about my remarks about Tor, Bitcoin and so forth.
Huh? Whats with the ad homenem?  You're making objectively incorrect statements, the result is a web of FUD that would mislead people into making poor choices.   Linking to a bunch of things totally unrelated to this discussion is a weird strategy-- no one in this thread disagrees that anonymity (or more importantly, simple privacy) is important. That question hasn't even come up. That it is important doesn't justify or legitimize making a incorrect claims about it.

There is no web of FUD, no ramble of objectively incorrect statements.  But since you say that no-one disagrees that anonymity is important, then I will pause to emphasize a point that Hal Finney and others have made before.  Anonymity, which bitcoin users simply don't have, is highly relevant to the matter at hand... so here's the link and I'll quote from it in part here:

https://bitcointalk.org/index.php?topic=175156.msg7912447#msg7912447

I really like Adam's very creative idea earlier in this thread to have a pure-zerocoin system:

https://bitcointalk.org/index.php?topic=175156.msg2420768#msg2420768

The zerocoin paper proposed a hybrid bitcoin-zerocoin system. Bitcoins would be temporarily exchanged for zerocoins, and then exchanged back. Adam's idea was that zerocoins would be exchanged directly for zerocoins. Zerocoins could be mined directly, too. All this is a simple modification of the zerocoin protocol. In fact, it would be simpler in terms of code size, because you wouldn't have to support bitcoin transactions. No scripting language, no bitcoin validation rules. Just pure zerocoin spend transactions.

This would also free us from the forced assumption of bitcoin-zerocoin parity. The heavy resource requirements of zerocoin might naturally break that parity. (Admittedly, zerocoin would first be implemented as an extension to an alt, so the value in terms of bitcoins would float. But the simplification is still a win.)

There are various proposals to do P2P exchanges between altcoin chains. I don't know what the status is as far as Bitcoin support in the bitcoin-qt client. You'd have to have a new client to do the P2P protocol. But even if we had to rely on an exchange, it would be an interesting experiment.

The last problem for a zerocoin implementation is the generation of an RSA modulus for which no one knows the factorization. This is hard, and deserves more analysis.

I'm really very curious to see if these ideas could lead to integration of the zerocash project code down the road into bitcoin itself. 
I noticed the following remarks:

https://twitter.com/matthew_d_green/status/401798811070107648

Quote
We designed a new version of Zerocoin that reduces proof sizes by 98% and allows for direct anonymous payments that hide payment amount.

Is a 98% reduction in proof size enough to overcome any existing valid reasons to not merge ZeroCoin functionality?

And this:
It sounds like ZeroCoin v2 eliminates one major criticism, that of bloat.

But engineering hurdles remain:
  • 1. Requires a hard fork
  • 2. Any requirement that all transactions participate in mixing is a non-starter.  Some payment schemes bootstrap trust by intentionally being non-private, showing their bitcoin holdings and bitcoin payments with provable digital signatures.

Any forced 100% privacy scheme that prevented opt-in auditing would make life difficult for some existing users, who place value in the transparency of the system.

I would rather see automatic mixing and privacy built into every client.

But there is no question at this point that the bitcoin development process needs to work out an anonymity solution.  From my perspective, I don't think that it has to require that the users actually utilize it, in other words, why not go down the path of making it an option (supported in the protocol, not imposed, but showing up in Core as a transaction option that the user can select to apply to any particular transaction, or none at all).  (...)  In other words, if a user wants to participate in utilizing the Zerocash feature (assuming that this would be incorporated into and supported in the bitcoin protocol itself) then that should be an option that would be displayed in Bitcoin Core wallet.  (...) Conceptually, the idea of having anonymous transactions as an option is appealing for a number of reasons.(...) Choice and consent should also be an objective of any process which offers something better (like anonymity) to the user.  (...)

In another thread, I've asked the following questions:

(...)
Quote
As a member, I'd like to see that change.
As a member you're free to ask— though a better forum might be the foundation forum.  Since this isn't the foundation's current area of interest I'd expect you'd see more success elsewhere with less effort though.
I really don't see how the Foundation can just stare slack-jawed at the developments in NY (USA), not to mention China, the Russian Federation, and apart from that, the transnational effects of TISA, and do nothing in the way of funding anonymity in bitcoin development.

The Foundation forum, you say?  You have to be joking.  There is almost zero support in the Foundation forum for ideas related to anonymity.  There are a lot of reasons for that(...)
I've opened a pull request which is being considered by the Board on that issue, #16 (and as I understand it, #17 will also be considered by the Board).

I do agree with you that there might be more success elsewhere with less effort.  But I haven't entirely given up on the idea of a Foundation that could be more responsive to user needs and concerns, including the obvious need for anonymity across the network.

Regarding your ideas that you linked to in your comment at
http://download.wpsoftware.net/bitcoin/wizardry/brs-arbitrary-output-sizes.txt
on "OUTPUT DISTRIBUTION OBFUSCATION"

I would greatly like to see this (or something like it) become part of people's everyday bitcoin transaction experience. 

You're right about Zerocash being untested (...) although I'm confident that when it is released the issues you've discussed with it will at that point have been addressed more than satisfactorily by the developers.

You mentioned also that you "spent a bit of time making recommendations about how it could be integrated in Bitcoin with them in email and in person— but the people involved seem to be very interested in creating an altcoin specifically as an altcoin."  It's my understanding that they felt that they felt an altcoin path was more reasonable because it would be unlikely that the bitcoin development team would ever integrate their anonymity work (even if refined) into bitcoin itself, but perhaps I'm wrong, for as you say, you have e-mailed them and met with them in person about it.  So then, what is the obstacle to this happening?  I would love to be proved so completely wrong in my assumptions about this matter and have someone from the zerocash team show up on this thread and say in reply somewhere here, "Oh, hey ABISprotocol, you are wrong, we _were_ actually invited to gradually work zerocash into bitcoin, and we're actually confident that there's an opportunity for this to happen at some point down the development road!"  However, that's not the sense I get at this time, but it does prompt some questions:

1) If there is an avenue for zerocash developers to work more closely with bitcoin, what does that look like?  Does it mean that @imichaelmiers & @matthewdgreen (on github) could be invited to work directly on the bitcoin protocol, and have the ability to make commits along with yourself, Gavin, and others?

2) Because (as I mentioned in my issue in the Bylaws repository on this, issue #19), "basic development of the bitcoin protocol, so as to increase the number of persons who are paid to clear basic development backlog and maintenance, (should be) the highest priority,"
isn't there a way where teams (such as the bitcoin development team and the zerocash team) could join forces to help get funding for this to occur?  It seems like the development team has been very vocal about the fact that basic development and maintenance of bitcoin is not well supported or funded (at least not as much as it should be).

3) You suggested that there are other avenues for funding that involve less effort than trying to get the Foundation to change its Bylaws in a way that would enhance such funding.   What avenues do you have in mind?

thanks in advance for your answers and for engaging this topic so thoughtfully.

I'd love to hear the Zerocash developers respond to this, obviously, and anyone else interested I would really appreciate your thoughts.
Some of my own ideas to support basic bitcoin development generally _and_ progress on the anonymity side are shown at:
https://github.com/pmlaw/The-Bitcoin-Foundation-Legal-Repo/issues/19

(brief edit:  I also feel that this is worthy of attention....
https://tahoe-lafs.org/pipermail/tahoe-dev/2014-May/009062.html (from zooko) and see also the following statements regarding multiparty computation setup in zerocash
https://twitter.com/matthew_d_green/status/472208415867928576 h/t zooko, matthewdgreen)


OK, so I feel like I've said more than enough on this....  I look forward to your thoughts, replies, ideas.


ABISprotocol (Github/Gist)
http://abis.io
toytoboy
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile
April 01, 2015, 04:03:51 AM
 #97

That is pretty weird behavior. Just checked my nodes and each had only one connection to that subnet

I blocked it anyway, but I'm curious whats going on in your case.

What version of bitcoin core do you run ?
Gleb Gamow
Legendary
*
Offline Offline

Activity: 1428
Merit: 1118



View Profile
June 01, 2015, 06:59:55 AM
 #98

You write:
Quote
Bitcoin is a technology - it is cash on the internet,

If I have cash IRL, it is up to me to decide how much information about me I want to hand out to someone. I can go to the newsstand and pay with cash without revealing any additional information. Or I can go to a bank, reveal all information they want me to reveal. Whatever I do - it will be my decision.

In the Bitcoin world, it is the same: I want to decide whom I tell more about me. I don't want basically a private NSA to collect data and make a business with this.

If a bank needs my information because I want to do business with them, they can tell me to give them this information. That's it. And not ask someone else to provide information at what newsstand I bought a newspaper in the past.



Hey, RealMalatesta, are you Guido Rudolphi (or work with him), the dude that's in the process of starting a Bitcoin Bank in Switzerland? The reason I asked is because your forensics research seems to mirror his, among other evidence.
ABISprotocol
Sr. Member
****
Offline Offline

Activity: 278
Merit: 250

ABISprotocol on Gist


View Profile WWW
February 12, 2016, 01:18:37 AM
 #99

Just as a temporary hint: those using linux could try this firewall rule if (and only if) they also feel that something suspicious is going on here:

Code:
sudo iptables -I INPUT -m iprange --src-range 46.105.0.0-46.105.255.255 -j DROP
sudo iptables -I OUTPUT -m iprange --dst-range 46.105.0.0-46.105.255.255 -j DROP

OpenBSD and Mac users should enable the pf firewall using "sudo pfctl -e" and do this:

Add this to /etc/pf.conf:
Code:
table <blockedips> persist file "/etc/pf.blocked.ip.conf"
ext_if="em1" # interface connected to internet, CHANGE TO MATCH YOUR ETHERNET CARD DEVICE IDENTIFIER
block drop in log (all) quick on $ext_if from <blockedips> to any

(Note, last two additional lines must be repeated for a possible WLAN adapter)

Create file /etc/pf.blocked.ip.conf with the content:
Code:
46.105.0.0/16

Type the following to update changes
Code:
sudo pfctl -nf /etc/pf.conf
sudo pfctl -f /etc/pf.conf

Now you can check the live stats, how many connection to those (malicious??) nodes have been prevented using:
Code:
sudo pfctl -t blockedips -T show -v

you may want to check and see if the numbers of the IPs to block need to be changed (expanded), due to this:

"Barclays partnering with Chainalysis in October and Coinalytics raising a $1.1m seed round in September. In August, Elliptic won "Security Project of the Year" after launching a blockchain visualization tool for the bitcoin blockchain.

Currently, Coinalytics is allowing several companies to use and test its API (...) developing machine learning systems to analyze any blockchain as the industry expands to include public, permissioned and private ledgers (...) Coinalytics is focusing on its AML compliance product targeted at any companies processing bitcoin transactions today, it sees its analytics platform used in many verticals, including capital markets, the Internet of Things and law enforcement."

Yep, time to check those IPs again

see http://www.coindesk.com/juan-llanos-blockchain-analytics-coinalytics/ for further details.

ABISprotocol (Github/Gist)
http://abis.io
Preclus
Full Member
***
Offline Offline

Activity: 170
Merit: 100


View Profile
February 13, 2016, 09:18:15 AM
 #100

Select has a maximum of FD_SETSIZE (1024) FDs in use, and you will end up totally screwed up if you are beyond that. It doesn't matter what you've set your ulimit to. When you run hacked up versions that which changes that you do not understand you waste everyone's time (including yours), and you provide bad...

A server that can't handle more than 1024 simultaneous connections? LOL I've worked on servers that handle millions of simultaneous TCP connections. WhatsApp was handling 2 million per box back in 2012.

This one is handling 12 million albeit with 32GB of system memory:

https://mrotaru.wordpress.com/2013/10/10/scaling-to-12-million-concurrent-connections-how-migratorydata-did-it/

Given the bitcoin system as a whole can't handle more than, what is it, 10 transactions a second or so now? Maybe I'm not that surprised Smiley
ABISprotocol
Sr. Member
****
Offline Offline

Activity: 278
Merit: 250

ABISprotocol on Gist


View Profile WWW
August 03, 2016, 09:17:54 PM
 #101

Just as a temporary hint: those using linux could try this firewall rule if (and only if) they also feel that something suspicious is going on here:

Code:
sudo iptables -I INPUT -m iprange --src-range 46.105.0.0-46.105.255.255 -j DROP
sudo iptables -I OUTPUT -m iprange --dst-range 46.105.0.0-46.105.255.255 -j DROP

OpenBSD and Mac users should enable the pf firewall using "sudo pfctl -e" and do this:

Add this to /etc/pf.conf:
Code:
table <blockedips> persist file "/etc/pf.blocked.ip.conf"
ext_if="em1" # interface connected to internet, CHANGE TO MATCH YOUR ETHERNET CARD DEVICE IDENTIFIER
block drop in log (all) quick on $ext_if from <blockedips> to any

(Note, last two additional lines must be repeated for a possible WLAN adapter)

Create file /etc/pf.blocked.ip.conf with the content:
Code:
46.105.0.0/16

Type the following to update changes
Code:
sudo pfctl -nf /etc/pf.conf
sudo pfctl -f /etc/pf.conf

Now you can check the live stats, how many connection to those (malicious??) nodes have been prevented using:
Code:
sudo pfctl -t blockedips -T show -v

you may want to check and see if the numbers of the IPs to block need to be changed (expanded), due to this:

"Barclays partnering with Chainalysis in October and Coinalytics raising a $1.1m seed round in September. In August, Elliptic won "Security Project of the Year" after launching a blockchain visualization tool for the bitcoin blockchain.

Currently, Coinalytics is allowing several companies to use and test its API (...) developing machine learning systems to analyze any blockchain as the industry expands to include public, permissioned and private ledgers (...) Coinalytics is focusing on its AML compliance product targeted at any companies processing bitcoin transactions today, it sees its analytics platform used in many verticals, including capital markets, the Internet of Things and law enforcement."

Yep, time to check those IPs again

see http://www.coindesk.com/juan-llanos-blockchain-analytics-coinalytics/ for further details.

I am kick-starting this thread again even though it hasn't been posted in awhile, because Elliptic (who I mentioned here a very long time ago - see my quoted post above) and LexisNexis (see Aug. 3 2016 story at https://news.bitcoin.com/elliptic-bitcoin-aml-platform/ ) are developing a way to curb what they consider "illegal cryptocurrency transactions."  In other words, AML, and attempts at financial censorship, folks.

I propose for those of us still reading this that we look into these companies closely and revise the IP tables (see above post) as an interim measure.  Make sure these AML idiots are blocked to the max extent possible as they probe the network.

ABISprotocol (Github/Gist)
http://abis.io
shorena
Copper Member
Legendary
*
Offline Offline

Activity: 1470
Merit: 1236


No I dont escrow anymore.


View Profile WWW
November 06, 2016, 09:00:56 AM
 #102

-snip-
I am kick-starting this thread again even though it hasn't been posted in awhile, because Elliptic (who I mentioned here a very long time ago - see my quoted post above) and LexisNexis (see Aug. 3 2016 story at https://news.bitcoin.com/elliptic-bitcoin-aml-platform/ ) are developing a way to curb what they consider "illegal cryptocurrency transactions."  In other words, AML, and attempts at financial censorship, folks.

I propose for those of us still reading this that we look into these companies closely and revise the IP tables (see above post) as an interim measure.  Make sure these AML idiots are blocked to the max extent possible as they probe the network.

Any news on this? They will only need a single connection to get a copy, but they would have no information about the origin IP of the transaction.
Pages: 1 2 3 4 5 6 [All]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!