This message was too old and has been purged

[LucD88]

Have you guys read this?

http://www.coindesk.com/chainalysis-ceo-denies-launching-sybil-attack-on-bitcoin-network/

Nevermind it's old news, nachoig already posted the link yesterday.

[1714030436]

1714030436

[1714030436]

1714030436

[1714030436]

1714030436

[1714030436]

1714030436

[1714030436]

1714030436

[libcoin]

Hi again,

Got some PM requests for clarifying legal issues etc. Your guess is as good as mine, but I think it is important to stress a few facts first:

1. Me explaining to coindesk/insidesbitcoins what Chainalysis do in general (Compliance, Investigations etc) has nothing to do with the nodes - we are not using transaction to IP mapping for anything but statistical research - aka the blog post already mentioned. This fact is, as I see it, highly relevant if we start to discuss any possible legal issues.

2. Claiming that Chainalysis should do anything illegal based on other nodes connecting to our nodes relaying INVs is highly speculative. I cannot see any difference btw that and connecting to any other service (HTTP/DNS etc) and recording that info for statistical purposes. Further, take e.g. blockchain.info where any first posted INVs are recorded and shared with all future users. How is our statistical analysis different from that ? And note even here that Chainalysis are not and have not any intention to share privacy sensitive info (IP numbers).

3. General legal considerations - I am by no means an expert on this - but this is a relevant discussion - when are you (illegally) eavesdropping by participating in a p2p network ? What are you allowed to do with the data/metadata (e.g. INVs and TXs) you receive ? What can you as a p2p user (legally) expect them to be used for ? Do we actually expect any regulation to cover here at all ?

Cheers,

Michael

[RealMalatesta]

3. General legal considerations - I am by no means an expert on this - but this is a relevant discussion - when are you (illegally) eavesdropping by participating in a p2p network ? What are you allowed to do with the data/metadata (e.g. INVs and TXs) you receive ? What can you as a p2p user (legally) expect them to be used for ? Do we actually expect any regulation to cover here at all ?

For a Swiss company, this law here is relevant:
http://www.admin.ch/opc/de/classified-compilation/19920153/201401010000/235.1.pdf

As for the question if collecting an IP in connection with other data is covered by this law, you can consult several legal documents from Data Protection Agencies in Switzerland and in Europe.

[Cryptowatch.com]

1. Me explaining to coindesk/insidesbitcoins what Chainalysis do in general (Compliance, Investigations etc) has nothing to do with the nodes - we are not using transaction to IP mapping for anything but statistical research - aka the blog post already mentioned. This fact is, as I see it, highly relevant if we start to discuss any possible legal issues.

From your website:

Chainalysis offers a service that provides financial institutions with the means to obtain regulatory compliance through real-time analysis of the blockchain. Chainalysis customers get access to an API that allows them to determine which entity a transaction originates from, and whether the flow of funds originate from someone they would want to do business with. In other words, it automates the travel rule.

How do you determine which entity a transaction orginates from in the bitcoin network and relay that information to someone without given that somebody the IP associated with said tx?

Would it perhaps be possible for a financial company, ie. an exchange, to subscribe to your services, and then just get automated recommendations based on tx'id. So that exchange could then plug into your service, and if a customer sent funds to the exchange, and you service returns a "no good" to the exchange, the customer is denied service at the exchange? That would basically put you in the same category as  a rating bureau, giving you voting power over which customers should be given service at an exchange or similar. But there could be many false-positives, and the data might not be accurate for its purposes. And if enough institutions use you service, then govt. entities could force you into blacklisting certain entities, just like the USG did with Mastercard and VISA when they put a wrench in the funding for Wikileaks, or how they pressurized VISA and Paypal to stop processing payments for Mega. In essence you could contribute to breaking bitcoin fungibilty. Worse, customers that are rejected at a service based on data from your analysis service might not even get to know why they're rejected by their service provider.

We have innocent customers today having their traditional fiat transfers being interrupted, sometimes only because there's a false-positive match on a "list" that banks keep to attempt to prevent funding to terrorist groups etc. Do we really want the same for bitcoin? I'm of course not advocating that terrorist groups should be funded with USD, EUR, BTC or anything else, but on that note, perhaps stopping the "bugsplatter" in remote countries by remote controlled drones would be an idea.. I don'ẗ know what creates more terrorists, having innocent families killed (read: Drones and the rise of the high-tech assassins) in Afghanistan, or allowing people to freely use bitcoins..

The core problem is that of control. It's not about preventing crime or stopping the terrorists, it's about mass surveillance and controlling the population, terror and similar terms is only a label that is convenient to use for governments to increase the control further. After the attack in France recently, both Merkel, Obama and Cameron called for more surveilance, strange as with the current amount of surveilance there's not even enough resources to keep in check "targets of interest". How can more surveillance possibly help, except for eroding the privacy of world citizens further?

Bitcoin is meant to be a alternative to the status quo. In that regard, you're not contributing, despite your excuses.

You have stated that the nodes of yours were running to collect, analyze and prepare data for a blog post. That might be so, but as you also have a public website, see the quote above were your intentions are quite different.

You're also trying to play down what you're doing by pointing to what google does, that somebody would do it anyway, what blockchain.info does etc, still you did shut down the nodes in question when attention was brought to this issue.

On a technical level, what you're doing will probably be done by somebody else, if not done by Chainalysis, however by actually running such a service, you won't score goodwill-points with the community, something you at this point obviously have realized (hence shutting down the nodes).

I'm sure however on a financial level that providing such a "regulatory compliance"-service is not a bad idea, but for many involved in bitcoin, money is not their primary motivator. If you believe in bitcoin, and want to help the community, perhaps now would be a good time to shut down the Chainalysis-enterprise, and work with the core devs to prevent others from doing the same as you've been doing lately, perhaps even by showing some of them your code and tools to help speed up development for protecting the fungibility of bitcoins.

On a non-similar note, but to demonstrate an ethical point. A clever programmer could work on software used in a millitary weapons system, a system that was largely sold to third-world countries, and left lots of deaths in its trail. The programmer could shrug his shoulders and say: "I'm putting food on the table of my family, the fact that 100 families dies in Africa because of my code, is frankly none of my business, if I did not write it, somebody else would". Perhaps somebody else would do it, that does not mean that this particular programmer had to do it.

Of course there's no direct similarity to block chain analysis and millitary weapons systems, but the ethical points are the same. Every person matters, and the action of every single person combined becomes the actions of the whole population.

Of course it's possible to separate yourself from the collective whole, like many do, and only think about their own financial gains. In the end, I'm not sure if that's what brings the greatest satisfaction.

In summary, I'm not intending to bring on hate, just to convey my view on the matters. Solution to this issue must be built on a technical level, not on a human level.

[nachoig]

But there could be many false-positives, and the data might not be accurate for its purposes.

And this already happens.
https://github.com/bitcoin/bitcoin/issues/2653

[b!z]

Story on CoinBuzz:

http://www.coinbuzz.com/2015/03/15/is-this-startup-threatening-the-entire-bitcoin-network/

[Carlton Banks]

Their explanations make their motivations even more questionable and, to me, increase the degree that one should be suspicious of them and their actions since they try to excuse the behavior in ways that are at opposite extremes depending on who they are talking to.

This. These people are clearcut disingenuous manipulators, they're not getting any "business" from me.


OP, please make firewall settings for as many platforms as possible displayed prominently in the top post.

[Cryptowatch.com]

OP, please make firewall settings for as many platforms as possible displayed prominently in the top post.

As a side note, there's no machines having port 8333 open on 46.105.210.0/24 now:

$ nmap 46.105.210.0/24
Nmap done: 256 IP addresses (0 hosts up) scanned in 104.36 seconds

I've seen reports of other ip-adresses from other sources, but I haven't collected it and scanned them, perhaps someone else can.

As deathandtaxes writes here, a skilled team can do stealth monitoring, so blocking is only a temporarily solution.

[Evil-Knievel]

This message was too old and has been purged

[libcoin]

How do you determine which entity a transaction orginates from in the bitcoin network and relay that information to someone without given that somebody the IP associated with said tx?

Clustering of addresses from the blockchain - like walletexplorer. Wallet explorer keeps a list of entity <-> wallet mappings, you can build such a list from anyone you transact with, and it is only the financial institutions / big wallet services that are relevant here for compliance purposes.

Would it perhaps be possible for a financial company, ie. an exchange, to subscribe to your services, and then just get automated recommendations based on tx'id. So that exchange could then plug into your service, and if a customer sent funds to the exchange, and you service returns a "no good" to the exchange, the customer is denied service at the exchange? That would basically put you in the same category as  a rating bureau, giving you voting power over which customers should be given service at an exchange or similar. But there could be many false-positives, and the data might not be accurate for its purposes. And if enough institutions use you service, then govt. entities could force you into blacklisting certain entities, just like the USG did with Mastercard and VISA when they put a wrench in the funding for Wikileaks, or how they pressurized VISA and Paypal to stop processing payments for Mega. In essence you could contribute to breaking bitcoin fungibilty. Worse, customers that are rejected at a service based on data from your analysis service might not even get to know why they're rejected by their service provider.

Before answering I think it is important to stress my view on bitcoin:
I believe that bitcoin is a great technology enabling online cash hereby including possible the entire 3rd world into our economy, it should hence be regulated and integrated into the existing financial system. - I do sympathize with some libertarian views, but I am Danish, I don't believe in revolutions - I believe in the little change every day, and I truly believe we get a little bit better world if you can buy and sell bitcoin in your normal bank.

Lets split your question above in the 3 important parts it contains:
1. Do financial services need to do customer due diligence in bitcoin land - and can they use Chainalysis for that ?
Yes, they do need to check their customers - the alternative is that they don't and take the entire risk them selves causing them to do time at some point by indirectly contributing to Money Laundering. Please don't ask and expect from financial services that promote bitcoin that they should take that risk.

2. Could you hereby risk becoming a persona non grata even if you did nothing wrong ?
In bitcoin there is no persona non grata - bitcoin is cash - further, there is no tainted money, they are fungible - but again as in cash - there sure is stories that you as a financial service inst need to react upon. Lets say you want to deposit $1m in cash in your bank - will the bank let you do so - most likely no, at least not w/o having a good idea that the funds are obtained in an ok way (that is their legal obligation). So, say you are the head of Red Cross and you just had a huge collection and you again show up with the $1m. Then yes the bank would accept them. The money are fungible, it is all about the story befind / the origin of the funds.
Another example could be the cryptolocker guy trying to turn the BTCs obtained through his virus into USD - of course it is ok for an exchange to screen for that, of course it is also OK to screen for other addresses that the exchange thinks contain other stolen funds. If you don't like that, you are basically expecting the exchange to take a huge extra risk.

3. Could govt force exclusion of certain players this way ?
We choose Switzerland as a country to incorporate in mainly for this reason. I guess govt can always enforce a lot of things, that kind of goes with govt. Are we by what we do building weapons for govt ? Or is bitcoin core building tools for money laundering, slavery etc ? Both arguments are in my book equally right or wrong (Personally, I think they are both wrong).

We have innocent customers today having their traditional fiat transfers being interrupted, sometimes only because there's a false-positive match on a "list" that banks keep to attempt to prevent funding to terrorist groups etc. Do we really want the same for bitcoin? I'm of course not advocating that terrorist groups should be funded with USD, EUR, BTC or anything else, but on that note, perhaps stopping the "bugsplatter" in remote countries by remote controlled drones would be an idea.. I don'ẗ know what creates more terrorists, having innocent families killed (read: Drones and the rise of the high-tech assassins) in Afghanistan, or allowing people to freely use bitcoins..

I actually think that the measures against money laundry, terrorist financing etc are pretty reasonable as they are today, some parts are a bit too much, some are perhaps a bit too loose. As I stressed earlier, any customer is a possible liability for a financial institution, if they onboard the wrong ones they can end up pay fines or do time. Of course they are cautious, and yes it will result in false positives. Already today I think it would be awfully hard for someone from North Korea or Afghanistan to open an account on any bitcoin exchange. A pity if he or she was actually trying to promote a better world there, but the risk is to big and that causes casualties.

Bitcoin is meant to be a alternative to the status quo. In that regard, you're not contributing, despite your excuses.

Bitcoin is a technology - it is cash on the internet, and as such an alternative to a lot of things. It might end up being also an alternative to banking as we know it and even to government, but I believe that through coexistence bitcoin will succeed most as a technology.

You have stated that the nodes of yours were running to collect, analyze and prepare data for a blog post. That might be so, but as you also have a public website, see the quote above were your intentions are quite different.

My comment (no 1 from my first post) was re the legal accusations - anyone are free to believe what they want - we had no bad intend, which at the end of the day will be important when it comes to legal.

You're also trying to play down what you're doing by pointing to what google does, that somebody would do it anyway, what blockchain.info does etc, still you did shut down the nodes in question when attention was brought to this issue.

We shut down the nodes as we learned they interfered with breadwallet. And right now we are having an important discussion on what you (ethically) can and cannot do on the bitcoin-network and how you should do it. It would be arrogant to just keep them running now, even if patched for breadwallet.

I'm sure however on a financial level that providing such a "regulatory compliance"-service is not a bad idea, but for many involved in bitcoin, money is not their primary motivator. If you believe in bitcoin, and want to help the community, perhaps now would be a good time to shut down the Chainalysis-enterprise, and work with the core devs to prevent others from doing the same as you've been doing lately, perhaps even by showing some of them your code and tools to help speed up development for protecting the fungibility of bitcoins.

I don't see fungibility of bitcoin threatened - and I am strongly opposed to the creation of white/black/red/[choose color]-lists of bitcoins per se, it doesn't even make ses from a compliance viewpoint. Also, no one has a mandate to say what bitcoin is about from a political pov. Bitcoin is a technology enabling cash transaction on the internet - pretty d*mn cool. How it is used politically will always be segmented.

On a non-similar note, but to demonstrate an ethical point. A clever programmer could work on software used in a millitary weapons system, a system that was largely sold to third-world countries, and left lots of deaths in its trail. The programmer could shrug his shoulders and say: "I'm putting food on the table of my family, the fact that 100 families dies in Africa because of my code, is frankly none of my business, if I did not write it, somebody else would". Perhaps somebody else would do it, that does not mean that this particular programmer had to do it.

Of course there's no direct similarity to block chain analysis and millitary weapons systems, but the ethical points are the same. Every person matters, and the action of every single person combined becomes the actions of the whole population.

Of course it's possible to separate yourself from the collective whole, like many do, and only think about their own financial gains. In the end, I'm not sure if that's what brings the greatest satisfaction.

In summary, I'm not intending to bring on hate, just to convey my view on the matters. Solution to this issue must be built on a technical level, not on a human level.

I did already comment on the technology ethics side - there are casualties also just by doing bitcoin core dev. If you knew me personally you would know that I am against mass surveillance too - the last 15 years of terror attacks have shown that intelligence agencies don't lack data, they lack the ability to understand them (j'suis Charlie, Copenhagen, 9-11 etc - all done by people known by the intelligence agencies, so not a lack of data, they need to use better what they have - and not to start collecting data on the rest of us instead).

But proper customer due diligence is not surveillance, neither is statistical overview of pr country bitcoin transfers.

Final note - I agree that if you have a wish for using bitcoin in a super private / anonymous way it is a technological solution/skills you need, not policies. Sometimes you might want to stay anonymous, sometime you don't - for sending anonymous transactions - use Tor, and, I would also recommend you to not post a bitcoin donate address on your site, that is unless you regenerate a new pr session. (it is of little value to anonymize your transaction if the sending address can be linked to a site you control, just by googling it).

Cheers,

Michael

[libcoin]

Also, the approach used here to link IP and TX is complete nonsense in my opinion.
Even if you are connected to all nodes out there, it is still possible to receive a transaction from an IP first even though someone else is the originator.

1. Imagine there is a small node with a bad internet connection sending a transaction. He has a list of nodes he is connected to and has to broadcast to all of them.
2. User X (having a huge internet connection) is the first one to broadcast and Eavesdropper Z is the last one in the peer list getting his broadcast at the very end.
3. Due to the slow internet connection the time between broadcasting to User X and broadcasting to Eavesdropper Z is sufficiently large.
4. User X relays the TX immediately after receving the TX from the originating node to all of his peers ... including the Eavesdropper Z which is also connected to him.

Now the problem kicks in. Eavesdropper receives the TX from User X before receiving it from the slowly connected originator, and therefore thinks the connection was actually created by X.

How the heck such approach could ever be decided to be implemented?

E.K. totally agree - but it is still quite useful for statistically monitoring traffic btw countries.

/M

[Carlton Banks]

Could [Chainanalysis] hereby risk becoming a persona non grata even if [Chainanalysis] did nothing wrong ?

Too late. You were in control of your reputation before you decided to prevaricate your way to notoriety. No longer.

[RealMalatesta]

You write:

Bitcoin is a technology - it is cash on the internet,

If I have cash IRL, it is up to me to decide how much information about me I want to hand out to someone. I can go to the newsstand and pay with cash without revealing any additional information. Or I can go to a bank, reveal all information they want me to reveal. Whatever I do - it will be my decision.

In the Bitcoin world, it is the same: I want to decide whom I tell more about me. I don't want basically a private NSA to collect data and make a business with this.

If a bank needs my information because I want to do business with them, they can tell me to give them this information. That's it. And not ask someone else to provide information at what newsstand I bought a newspaper in the past.

[Cryptowatch.com]

Hi Michael,

thanks for answering.

We have different views on the issues at hand. Esp. problematic is blacklisting. You stated you oppose blacklisting, but at the same time you want to help fight against criminals. To fight against criminals you need to have someone decide who is a criminal, so if the cryptolocker thief did a p2p trade and sold btc for litecoin, and the buyer of btc has his coinbase account blocked as a result of this, and even possibly had police coming to his door, busting it down and raiding all his equipment, that's so wrong..

If you have "criminal funds" sitting at address A, first off you need to have proof beyond any reasonable doubt that these are in fact "criminal funds". And whenever was it allowed for private entities to determine what constitutes "criminal funds"?

- Now if you manage to solve the problem of precisely tagging "criminal funds", the next step is to go after the culprit. It might seem natural to then block the culprits account with any large bitcoin company. So the large bitcion company subscribe to a service like chainalysis.

1. Victim pays ransom to cryptolocker criminal.
2. The address to which the ransom is paid (address A) becomes known to whichever party is doing the tracking.

Now the cryptolocker criminal, which we assume must be smart knows that the address he receives funds at is already tagged, so he needs to hide and launder the funds. If the thief deposits the money directly to any service that subscribes to a monitoring service, he might be caught, and the criminal is catched. Success!!

However, our thief is smart. He buys litecoin online from Alice. Alice gives him his address B, which is an address with Coinbase. The thief transfers the funds to address B. Alice has her account blocked with coinbase, and gets raided by local police.

The point is that the analysis entity, the exchange and the police cannot know what are the circumstances for the trade. Since the cyber criminals are smart, they don't mind putting the average joe to blame.

The thief could use a mixer, jump between various altcoins etc. In summary, it would be incredibly hard to track. Chance is that the guy ending up being questioned for having "criminal funds" is not a criminal at all. That's the major problem with taint-analysis, and it's also something which could undermine the trust of bitcoin. A bitcoin should be a bitcoin, no matter who you receive it from.

Comparison could be made to cash. Let's say we have a Mexican drug cartel who smuggles drugs into the US, and receive cash from various dealers in the distribution chain. High up in the chain, some courier does a cocaine to cash trade. That cash is now by law, proceeds from illegal trade. As such, if a bank saw a shady character coming through the door and wanting to deposit 100K USD in cash, there would be questions.. However, if the criminal kept the cash, and went to a restaurant for a meal and paid with low denominated bills, the restaurant has no business to ask the criminal where his money come from, and as far as they are concerned, the money is good.

In the world of block chain analysis, now the restaurant might be the criminal culprit and needs to be investigated. You see how wrong that is?

So let's say our cryptolocker thief had 100 BTC which he sells to 100 people doing p2p trades, now all of those 100 might have their account blocked at the exchange "pending investigation".

Of course, big players in the bitcoin economy who interface with the traditional fiat system needs to pay attention to the regulations, if not business ends in tears. But it pisses lots of users off, and it's not a user friendly environment.

Those criminals who are smart with bad intentions, will avoid the obvious traps, only the dumb and the innocent will be caught with block chain analysis tools.

Final note - I agree that if you have a wish for using bitcoin in a super private / anonymous way it is a technological solution/skills you need, not policies. Sometimes you might want to stay anonymous, sometime you don't - for sending anonymous transactions - use Tor, and, I would also recommend you to not post a bitcoin donate address on your site, that is unless you regenerate a new pr session. (it is of little value to anonymize your transaction if the sending address can be linked to a site you control, just by googling it).

I agree with this. As long as said website-operator is aware of such issues, I don't see a problem with it. If he wants to stay anonymous/private he would take technical measures to achieve those goals. Also, there's a lot of legitimate businesses that would not care either way if a tip-address is known and can be attached to their business/person.

Of course there are many possibilities for doing block chain analysis, it's only that I think the quality of the data that can be collected is of such a quality that it cannot be relied upon.

So in real life we have the scenario where you have a business that wants to do "regulatory compliance" because of local laws. The local governments have certain rules that needs to be followed. Since the bitcoin company needs to follow those rules to stay in business, they bend over backwards and do whatever the regulator tell them to do. So, if there's a blockchain analysis company that claims to do all the hard work to be "compliant", the bitcoin company is of course interested, because if they can show the local govt. that they're working hard to stay "compliant", they will get the nod of approval and stay in business.

The effectiveness of the system be damned..

So the regulators are happy, because the bitcoin business is staying "compliant", the blockchain analysis company is happy because they get customers, the bitcoin company is "happy" to stay in business and the end users are not that happy, but that's of less interest. After all, "regulatory compliance" is achieved.

How will false-positives be avoided? Can they be avoided?

This reminds me about airport-security. Because of fear of terrorists enormous amounts of money is poured into safety and screening of travelers at air-ports. If you do some research on the amount of money used, and then look at the statistics as to what really kills people, you would perhaps be surprised to see that a dis-appropriately amount of money is used for airport-security. Not long ago, I think it was in germany there was a test of the screening procedures revealing that they weren't all that effective, in reality it was quite embarrassing.

Weapons and dangerous objects were successfully smuggled through security checks 50 percent of the time at Frankfurt airport, in a probe by European Commission inspectors, it emerged on Sunday.

Words as snake oil and security theater comes to mind.

While I'm sure lots' of bitcoin businesses would subscribe to a blockchain analysis service, just to keep regulators happy, even though they know it's not very effective, that would not make the overall picture any better.

All of this reminds me on the HSBC scandal. It's not really about doing legit regulatory compliance work, it's more about giving the impression that you are. To stay in business, you need to keep a straight face in business meetings, and state you're taking compliance very serious. You will get the nod of approval from the regulators.

To give everybody an example of how little protection regulatory might really gives in practice, I think the following documentary describe it quite well, Chasing Madoff

A look at how one investigator spent ten years trying to expose Bernie Madoff's massive Ponzi scheme that scammed an estimated $18 billion from investors

The SEC and other relevant entities were repeatedly notified about the fraud, but failed to take action.

In summary I don't really understand how anyone actually believe that blockchain analysis services are really going to be effective and accurate. It's more like; "We need regulatory compliance." - "Ok, how do we do it" - "We could subscribe to a blockchain analysis service, the regulators will be happy" - "Ok, let's do it".

A friend once brought back some snake oil products from Asia, they had all sorts of stamps all over them stating they were legit and approved by various organizations. I guess, if I was a regulator, I would've ok'ed it - after all there were lots of nice stamps that said "legit" and "approved".

In summary, bitcoin businesses who wants to be in compliance with the current regulatory framework, needs to do whatever is required of them. That does not mean however that all the regulatory compliance is right from a universal standpoint, that it should be done, or that the tools used to achieve compliance is effective.

[ABISprotocol]

Hi all,

Chainalysis here - sorry to have caused any worry or confusion. We were preparing data for a blogpost on bitcoin traffic by volume btw different counties. We chose specifically to setup a number of nodes on the same /24 net to avoid any bitcoind or other vital parts of the network to be caught only on our nodes as we initially havn't build the transaction forwarding into the probes.

As we learned some SPV nodes were affected we have now shut down the nodes.

Sending a bitcoin transaction in a p2p network will always to some extend reveal your IP, like your IP is known by google as soon as you google something or by your preferred DNS server looking up domain names. We implicitly trust these services and that they do not reveal our behaviour on the internet. We also know that e.g. google of course profit from collecting this information which we accept to the extend that they don't sell specific information, but only statistical information compiled from their measurements.

We still think that there is a lot of interesting info you can learn from the bitcoin network by doing this kind of experiments, however, we also accept a do-not-trace wish from users. So perhaps the right way for network analysis research going forward is to:
1. Ensure probes comply 100% with the protocol (shame on us)
2. Add a link (url) to the specific purpose in the version name
3. Keep a tag in the version name [probe / recording / whatever] so nodes can choose to friendly opt out

But also note that the above measures and current protocol does not protect you against a real spy net at all, Tor is still the best solution for this purpose.

Sincerely,

Michael

Hi 'Chainalysis,'

I don't see any reason for an extended debate about compliance with a regulatory framework (which no-one has any interest or need in doing) or having bitcoin users to be in a position to need to "opt-out" from your shit or that of similarly idiotic operators.  Ultimately the only point of massive network surveillance is to inform, and when you are compelled to inform in some regulatory framework it is within the context of coercion which goes against what was intended for the freedom of bitcoin; we will not be bludgeoned into submission by statists who see the combination of surveillance, use of force, and threat of jail as methods of slowing the innovative capacity of decentralized crypto and the freedom of people to do with it as they see fit.

As I see it you are worse than Gox, but if there is any positive thing that can come of this, it will propel the bitcoin community to develop real anonymity options faster than it has been.

My message to you, in summary, is simple:

Go fuck yourselves.

[ABISprotocol]

You seem to be rather insecure about my remarks about Tor, Bitcoin and so forth.

Huh? Whats with the ad homenem?  You're making objectively incorrect statements, the result is a web of FUD that would mislead people into making poor choices.   Linking to a bunch of things totally unrelated to this discussion is a weird strategy-- no one in this thread disagrees that anonymity (or more importantly, simple privacy) is important. That question hasn't even come up. That it is important doesn't justify or legitimize making a incorrect claims about it.

There is no web of FUD, no ramble of objectively incorrect statements.  But since you say that no-one disagrees that anonymity is important, then I will pause to emphasize a point that Hal Finney and others have made before.  Anonymity, which bitcoin users simply don't have, is highly relevant to the matter at hand... so here's the link and I'll quote from it in part here:

https://bitcointalk.org/index.php?topic=175156.msg7912447#msg7912447

I really like Adam's very creative idea earlier in this thread to have a pure-zerocoin system:

https://bitcointalk.org/index.php?topic=175156.msg2420768#msg2420768

The zerocoin paper proposed a hybrid bitcoin-zerocoin system. Bitcoins would be temporarily exchanged for zerocoins, and then exchanged back. Adam's idea was that zerocoins would be exchanged directly for zerocoins. Zerocoins could be mined directly, too. All this is a simple modification of the zerocoin protocol. In fact, it would be simpler in terms of code size, because you wouldn't have to support bitcoin transactions. No scripting language, no bitcoin validation rules. Just pure zerocoin spend transactions.

This would also free us from the forced assumption of bitcoin-zerocoin parity. The heavy resource requirements of zerocoin might naturally break that parity. (Admittedly, zerocoin would first be implemented as an extension to an alt, so the value in terms of bitcoins would float. But the simplification is still a win.)

There are various proposals to do P2P exchanges between altcoin chains. I don't know what the status is as far as Bitcoin support in the bitcoin-qt client. You'd have to have a new client to do the P2P protocol. But even if we had to rely on an exchange, it would be an interesting experiment.

The last problem for a zerocoin implementation is the generation of an RSA modulus for which no one knows the factorization. This is hard, and deserves more analysis.

I'm really very curious to see if these ideas could lead to integration of the zerocash project code down the road into bitcoin itself. 
I noticed the following remarks:

https://twitter.com/matthew_d_green/status/401798811070107648

We designed a new version of Zerocoin that reduces proof sizes by 98% and allows for direct anonymous payments that hide payment amount.

Is a 98% reduction in proof size enough to overcome any existing valid reasons to not merge ZeroCoin functionality?

And this:

It sounds like ZeroCoin v2 eliminates one major criticism, that of bloat.

But engineering hurdles remain:

• 1. Requires a hard fork
• 2. Any requirement that all transactions participate in mixing is a non-starter.  Some payment schemes bootstrap trust by intentionally being non-private, showing their bitcoin holdings and bitcoin payments with provable digital signatures.

Any forced 100% privacy scheme that prevented opt-in auditing would make life difficult for some existing users, who place value in the transparency of the system.

I would rather see automatic mixing and privacy built into every client.

But there is no question at this point that the bitcoin development process needs to work out an anonymity solution.  From my perspective, I don't think that it has to require that the users actually utilize it, in other words, why not go down the path of making it an option (supported in the protocol, not imposed, but showing up in Core as a transaction option that the user can select to apply to any particular transaction, or none at all).  (...)  In other words, if a user wants to participate in utilizing the Zerocash feature (assuming that this would be incorporated into and supported in the bitcoin protocol itself) then that should be an option that would be displayed in Bitcoin Core wallet.  (...) Conceptually, the idea of having anonymous transactions as an option is appealing for a number of reasons.(...) Choice and consent should also be an objective of any process which offers something better (like anonymity) to the user.  (...)

In another thread, I've asked the following questions:

(...)

As a member, I'd like to see that change.

As a member you're free to ask— though a better forum might be the foundation forum.  Since this isn't the foundation's current area of interest I'd expect you'd see more success elsewhere with less effort though.

I really don't see how the Foundation can just stare slack-jawed at the developments in NY (USA), not to mention China, the Russian Federation, and apart from that, the transnational effects of TISA, and do nothing in the way of funding anonymity in bitcoin development.

The Foundation forum, you say?  You have to be joking.  There is almost zero support in the Foundation forum for ideas related to anonymity.  There are a lot of reasons for that(...)
I've opened a pull request which is being considered by the Board on that issue, #16 (and as I understand it, #17 will also be considered by the Board).

I do agree with you that there might be more success elsewhere with less effort.  But I haven't entirely given up on the idea of a Foundation that could be more responsive to user needs and concerns, including the obvious need for anonymity across the network.

Regarding your ideas that you linked to in your comment at
http://download.wpsoftware.net/bitcoin/wizardry/brs-arbitrary-output-sizes.txt
on "OUTPUT DISTRIBUTION OBFUSCATION"

I would greatly like to see this (or something like it) become part of people's everyday bitcoin transaction experience. 

You're right about Zerocash being untested (...) although I'm confident that when it is released the issues you've discussed with it will at that point have been addressed more than satisfactorily by the developers.

You mentioned also that you "spent a bit of time making recommendations about how it could be integrated in Bitcoin with them in email and in person— but the people involved seem to be very interested in creating an altcoin specifically as an altcoin."  It's my understanding that they felt that they felt an altcoin path was more reasonable because it would be unlikely that the bitcoin development team would ever integrate their anonymity work (even if refined) into bitcoin itself, but perhaps I'm wrong, for as you say, you have e-mailed them and met with them in person about it.  So then, what is the obstacle to this happening?  I would love to be proved so completely wrong in my assumptions about this matter and have someone from the zerocash team show up on this thread and say in reply somewhere here, "Oh, hey ABISprotocol, you are wrong, we _were_ actually invited to gradually work zerocash into bitcoin, and we're actually confident that there's an opportunity for this to happen at some point down the development road!"  However, that's not the sense I get at this time, but it does prompt some questions:

1) If there is an avenue for zerocash developers to work more closely with bitcoin, what does that look like?  Does it mean that @imichaelmiers & @matthewdgreen (on github) could be invited to work directly on the bitcoin protocol, and have the ability to make commits along with yourself, Gavin, and others?

2) Because (as I mentioned in my issue in the Bylaws repository on this, issue #19), "basic development of the bitcoin protocol, so as to increase the number of persons who are paid to clear basic development backlog and maintenance, (should be) the highest priority,"
isn't there a way where teams (such as the bitcoin development team and the zerocash team) could join forces to help get funding for this to occur?  It seems like the development team has been very vocal about the fact that basic development and maintenance of bitcoin is not well supported or funded (at least not as much as it should be).

3) You suggested that there are other avenues for funding that involve less effort than trying to get the Foundation to change its Bylaws in a way that would enhance such funding.   What avenues do you have in mind?

thanks in advance for your answers and for engaging this topic so thoughtfully.

I'd love to hear the Zerocash developers respond to this, obviously, and anyone else interested I would really appreciate your thoughts.
Some of my own ideas to support basic bitcoin development generally _and_ progress on the anonymity side are shown at:
https://github.com/pmlaw/The-Bitcoin-Foundation-Legal-Repo/issues/19

(brief edit:  I also feel that this is worthy of attention....
https://tahoe-lafs.org/pipermail/tahoe-dev/2014-May/009062.html (from zooko) and see also the following statements regarding multiparty computation setup in zerocash
https://twitter.com/matthew_d_green/status/472208415867928576 h/t zooko, matthewdgreen)

OK, so I feel like I've said more than enough on this....  I look forward to your thoughts, replies, ideas.

[toytoboy]

That is pretty weird behavior. Just checked my nodes and each had only one connection to that subnet

I blocked it anyway, but I'm curious whats going on in your case.

What version of bitcoin core do you run ?

[Gleb Gamow]

You write:

Bitcoin is a technology - it is cash on the internet,

If I have cash IRL, it is up to me to decide how much information about me I want to hand out to someone. I can go to the newsstand and pay with cash without revealing any additional information. Or I can go to a bank, reveal all information they want me to reveal. Whatever I do - it will be my decision.

In the Bitcoin world, it is the same: I want to decide whom I tell more about me. I don't want basically a private NSA to collect data and make a business with this.

If a bank needs my information because I want to do business with them, they can tell me to give them this information. That's it. And not ask someone else to provide information at what newsstand I bought a newspaper in the past.

Hey, RealMalatesta, are you Guido Rudolphi (or work with him), the dude that's in the process of starting a Bitcoin Bank in Switzerland? The reason I asked is because your forensics research seems to mirror his, among other evidence.

[ABISprotocol]

Just as a temporary hint: those using linux could try this firewall rule if (and only if) they also feel that something suspicious is going on here:

Code:

sudo iptables -I INPUT -m iprange --src-range 46.105.0.0-46.105.255.255 -j DROP
sudo iptables -I OUTPUT -m iprange --dst-range 46.105.0.0-46.105.255.255 -j DROP

OpenBSD and Mac users should enable the pf firewall using "sudo pfctl -e" and do this:

Add this to /etc/pf.conf:

Code:

table <blockedips> persist file "/etc/pf.blocked.ip.conf"
ext_if="em1" # interface connected to internet, CHANGE TO MATCH YOUR ETHERNET CARD DEVICE IDENTIFIER
block drop in log (all) quick on $ext_if from <blockedips> to any

(Note, last two additional lines must be repeated for a possible WLAN adapter)

Create file /etc/pf.blocked.ip.conf with the content:

Code:

46.105.0.0/16

Type the following to update changes

Code:

sudo pfctl -nf /etc/pf.conf
sudo pfctl -f /etc/pf.conf

Now you can check the live stats, how many connection to those (malicious??) nodes have been prevented using:

Code:

sudo pfctl -t blockedips -T show -v

you may want to check and see if the numbers of the IPs to block need to be changed (expanded), due to this:

"Barclays partnering with Chainalysis in October and Coinalytics raising a $1.1m seed round in September. In August, Elliptic won "Security Project of the Year" after launching a blockchain visualization tool for the bitcoin blockchain.

Currently, Coinalytics is allowing several companies to use and test its API (...) developing machine learning systems to analyze any blockchain as the industry expands to include public, permissioned and private ledgers (...) Coinalytics is focusing on its AML compliance product targeted at any companies processing bitcoin transactions today, it sees its analytics platform used in many verticals, including capital markets, the Internet of Things and law enforcement."

Yep, time to check those IPs again

see http://www.coindesk.com/juan-llanos-blockchain-analytics-coinalytics/ for further details.

[Preclus]

Select has a maximum of FD_SETSIZE (1024) FDs in use, and you will end up totally screwed up if you are beyond that. It doesn't matter what you've set your ulimit to. When you run hacked up versions that which changes that you do not understand you waste everyone's time (including yours), and you provide bad...

A server that can't handle more than 1024 simultaneous connections? LOL I've worked on servers that handle millions of simultaneous TCP connections. WhatsApp was handling 2 million per box back in 2012.

This one is handling 12 million albeit with 32GB of system memory:

https://mrotaru.wordpress.com/2013/10/10/scaling-to-12-million-concurrent-connections-how-migratorydata-did-it/

Given the bitcoin system as a whole can't handle more than, what is it, 10 transactions a second or so now? Maybe I'm not that surprised