[Freedombox-discuss] FreedomBox and Bitcoin (and the petition)

Ted Smith tedks at riseup.net
Tue Nov 13 05:51:21 PST 2012 

On Mon, 2012-11-12 at 22:11 -0800, Jonathan Wilkes wrote:
> My initial point might not have been clear.  To keep an ISP from spying it makes
> no sense to grab a different IP from the pool every time you view a web page--
> this will not impede the ISP from reviewing their log of your activity if they
> chose (or were obliged) to do so.  Similarly, if the Bitcoin user's intent is
> to keep the entire world from being able to tell which Bitcoin transactions are
> theirs, spawning a new address only protects them in the laziest of all possible
> worlds.

In both cases, the very simplistic security measure raises the cost of
an attack out of the reach of a large class of attackers.

> If they use TAILS the logging I describe most likely goes away, but you didn't say
> it's a significant amount of work to spy on users of Bitcoin who are running it on
> TAILS-- we were talking about Bitcoin usage in general.  In that case the user's
> IP can (and probably does in some cases on blockchain.info) get tied to the
> user's transaction.  The ease with which the owner of that IP address can be
> revealed is a separate matter.

Using Bitcoin without Tor and generating a new address for each
transaction probably protects you against:

      * any moderately-skilled 14 year old
      * local law enforcement
      * your ISP

And several other classes of attacker below the level of, say, the FBI.

> Wrt FBX I suppose this wouldn't matter if FBX were being designed from the start to
> communicate exclusively over Tor, but that doesn't sound like the plan, so we
> have to assess the software in terms of how it works on the normal internet, even if
> TAILS solves all the problems I'm talking about (which I think it does).

TAILS is just a system that forces all connections over Tor. There are
ways to force only specific applications to use Tor that the FBX can use
pretty easily. Since the FBX will write the FBX bitcoin client package,
it can configure bitcoin to, by default, only use Tor.

This isn't hard to do, and since this cheap measure puts Bitcoin out of
the reach of Dan Kaminsky, I'm not very worried about claims of
bitcoin's anonymity.

For reference, it's really, really, really hard to take web browsing and
make it anonymous. Forcing every connection from browsers to go through
Tor won't help you anywhere near as much as it does for Bitcoin. Bitcoin
has already done 99% of the hard work building a protocol that is
totally (as far as either of us can tell) anonymous if it's _just_
tunneled through Tor without any other filtering.

-- 
Sent from Ubuntu



_______________________________________________
Freedombox-discuss mailing list
Freedombox-discuss at lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the cypherpunks-legacy mailing list