Re: [tor-talk] Bitcoin over Tor isn’t a good idea (Alex Biryukov / Ivan Pustogarov story)
On Thu, Oct 23, 2014 at 7:35 PM, Erik de Castro Lopo <mle+tools@mega-nerd.com> wrote: http://arxiv.org/pdf/1410.6079v1.pdf
Could this situation be improved if people ran limited exit nodes that only alloed the bitcoin p2p protocol to exit? I for one don't have enough
There are about ten exit nodes that do only this today. [One of which is run by Mike Hearn who has advocated building in censorship capabilities to Tor, and blocking (historically) tainted coins (such as you have now or might receive through otherwise completely innocent transactions with you, or from your own trans/mixing with others).] Then there is question if your client will select such 'only *coin' nodes versus those with high bandwidth and open exit policies. There are also a fair number of hidden services in Tor/I2P/CJDNS that act as bitcoin nodes. As related tangent, yes, the bitcoin protocol needs to be encrypted on the wire, at least bitcoin node to bitcoin node with TLS, obviously and urgently so, particularly if you wish to guard your trans from wire listeners. You might be best to in fact run bitcoin always and entirely over Tor, especially while transacting. But then also routinely compare that received blockchain to one you receive via alternate/trusted sources, such as clearnet or signed bittorrent checkpoints.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 My feelings on this are as follows: Most users of bitcoin who also use Tor can be readily deanonymized as it exists today: http://arxiv.org/pdf/1405.7418.pdf Bitcoin users should (at least) consider not using Tor, and/or taking additional privacy measures, for some other reasons that have been covered in a different paper: http://arxiv.org/abs/1410.6079 Most users of bitcoin are not capable of preventing any identities they use from being correlated with their bitcoin use. This was described at FinCrypto14 by authors of BitIodine: http://fc14.ifca.ai/papers/fc14_submission_11.pdf The bitcoin protocol fingerprint is obvious even over encrypted Tor. Yet, for most people, the only way they have of masking their location while using bitcoin, is to use Tor with it. This puts users in a terrible bind, because as the authors of the papers above have clearly ascertained, as bitcoin exists today, and as Tor currently exists, the option is definitely not ideal. Should bitcoin protocol be "encrypted on the wire?" Sure. But this does not address the deficiencies and problems with the protocol as it exists presently. There is no option for anonymity (in bitcoin), and the best advice would be to move all bitcoin resources away from web wallets and bitcoin web-based services (none of which implement complete zero knowledge protocols, and all of which know quite a bit about their users). Move your resources away from any web-based wallets and any web-based exchanges, and move them to wallets such as Electrum (which will soon have support for stealth, and can be enhanced with a plugin mixer), or to Armory (which includes multisig support), and then mix them and move them again back to yourself until your coins' 'path' and history is at least somewhat obscured. "Abandon hope, all ye who enter into web-based wallets and exchanges" TISA, FATCA, and FinCen are examples of what we knew would happen (yet even with this understanding, the developers of bitcoin based businesses stuck their heads in the sand and huddled in support of regulatory elements which are part of the Windhover proposals to regulate decentralized identity, even when the Russian Federation came out with its ban proposals - nor did they take any efforts to protect the users through full zero knowledge configuration(s) of their servers). Basically, web-based businesses had the time and opportunity to pursue server design that would keep them from knowing anything about their users, but they did not do it as the convenience of getting customers onboard took a higher priority than privacy or anonymity considerations. Zerocash (an improvement over the original zerocoin proposals, zerocash is designed [unlike bitcoin] to provide strong anonymity at the core of its functionality), would treat bitcoin and other currencies as 'base coins.' Thus you could (once zerocash is available) migrate from bitcoin to zerocash and thus anonymize any further activity, or not, entirely at your option. Until Zerocash is released (anticipated to occur sometime close to the end of 2014, or possibly early 2015), the wisest course of action might be to convert (though not on the web based exchanges, as you should now be using decentralized exchanges) a substantial portion (if not all) of one's bitcoin into cryptosystems which are actually designed to allow user-specified anonymity (and which have had favorable review from bitcoin developers). One such example is bytecoin.org - a.k.a. BCN, not to be mistaken for the bitcoin knockoff also known as bytecoin. Some resources to help those who are examining this more in detail: On Decentralized Exchange systems (not web-based) https://odinn.cyberguerrilla.org/index.php/2014/07/13/businesswithoutbanks/ On Bytecoin (bytecoin.org / BCN), sx, OpenBazaar, Zerocash, and decentralizing / anonymizing finance generally https://odinn.cyberguerrilla.org/index.php/2014/06/28/decentralizingfinance/ - -Odinn grarpamp wrote:
On Thu, Oct 23, 2014 at 7:35 PM, Erik de Castro Lopo <mle+tools@mega-nerd.com> wrote:
http://arxiv.org/pdf/1410.6079v1.pdf
Could this situation be improved if people ran limited exit nodes that only alloed the bitcoin p2p protocol to exit? I for one don't have enough
There are about ten exit nodes that do only this today. [One of which is run by Mike Hearn who has advocated building in censorship capabilities to Tor, and blocking (historically) tainted coins (such as you have now or might receive through otherwise completely innocent transactions with you, or from your own trans/mixing with others).]
Then there is question if your client will select such 'only *coin' nodes versus those with high bandwidth and open exit policies.
There are also a fair number of hidden services in Tor/I2P/CJDNS that act as bitcoin nodes.
As related tangent, yes, the bitcoin protocol needs to be encrypted on the wire, at least bitcoin node to bitcoin node with TLS, obviously and urgently so, particularly if you wish to guard your trans from wire listeners.
You might be best to in fact run bitcoin always and entirely over Tor, especially while transacting. But then also routinely compare that received blockchain to one you receive via alternate/trusted sources, such as clearnet or signed bittorrent checkpoints.
- -- http://abis.io ~ "a protocol concept to enable decentralization and expansion of a giving economy, and a new social good" https://keybase.io/odinn -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJUTwaXAAoJEGxwq/inSG8CS9AH/3fAXquPqScp66hu1B+8Vu8D GZUDz597FEEfpWQ1aV4KX7CEjk+YrH0nOAnzk60LmscTW7Mj9anb1hSKAL8KS0sW VcqVkOdbtT7A082zLTo2A+6qtVOhngQXLP+2mk4tIAQ25Qe0Bgcu8+p5C17lEuNf 7eDgw6PNZ2m29jydCGsz7pElruayIeQrEMhI/Wq5+XxDepLNqxx9m99E82+AOX2V Jlt3umh/jLisxyWFm3WCpJB8XRtZP8QgPj2qYeBT0WEugw0QrphGAlrup0tFUGGZ +hmP1OXLolYOgH9Tl18f6feqP+5NlbulBC5Y5FIK3ttFO4cIDX0GVRQdOH8X9ow= =DJk/ -----END PGP SIGNATURE-----
participants (2)
-
grarpamp
-
odinn