On Mon, 2012-11-12 at 22:11 -0800, Jonathan Wilkes wrote:

My initial point might not have been clear. To keep an ISP from spying it makes no sense to grab a different IP from the pool every time you view a web page-- this will not impede the ISP from reviewing their log of your activity if they chose (or were obliged) to do so. Similarly, if the Bitcoin user's intent is to keep the entire world from being able to tell which Bitcoin transactions are theirs, spawning a new address only protects them in the laziest of all possible worlds.

In both cases, the very simplistic security measure raises the cost of an attack out of the reach of a large class of attackers.

If they use TAILS the logging I describe most likely goes away, but you didn't say it's a significant amount of work to spy on users of Bitcoin who are running it on TAILS-- we were talking about Bitcoin usage in general. In that case the user's IP can (and probably does in some cases on blockchain.info) get tied to the user's transaction. The ease with which the owner of that IP address can be revealed is a separate matter.

Using Bitcoin without Tor and generating a new address for each transaction probably protects you against: * any moderately-skilled 14 year old * local law enforcement * your ISP And several other classes of attacker below the level of, say, the FBI.

Wrt FBX I suppose this wouldn't matter if FBX were being designed from the start to communicate exclusively over Tor, but that doesn't sound like the plan, so we have to assess the software in terms of how it works on the normal internet, even if TAILS solves all the problems I'm talking about (which I think it does).

TAILS is just a system that forces all connections over Tor. There are ways to force only specific applications to use Tor that the FBX can use pretty easily. Since the FBX will write the FBX bitcoin client package, it can configure bitcoin to, by default, only use Tor. This isn't hard to do, and since this cheap measure puts Bitcoin out of the reach of Dan Kaminsky, I'm not very worried about claims of bitcoin's anonymity. For reference, it's really, really, really hard to take web browsing and make it anonymous. Forcing every connection from browsers to go through Tor won't help you anywhere near as much as it does for Bitcoin. Bitcoin has already done 99% of the hard work building a protocol that is totally (as far as either of us can tell) anonymous if it's _just_ tunneled through Tor without any other filtering. -- Sent from Ubuntu _______________________________________________ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE