[tor-talk] Bitcoin over Tor isn’t a good idea (Alex Biryukov / Ivan Pustogarov story)

[odinn]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

My feelings on this are as follows:

Most users of bitcoin who also use Tor can be readily deanonymized as
it exists today:
http://arxiv.org/pdf/1405.7418.pdf

Bitcoin users should (at least) consider not using Tor, and/or taking
additional privacy measures, for some other reasons that have been
covered in a different paper:
http://arxiv.org/abs/1410.6079

Most users of bitcoin are not capable of preventing any identities
they use from being correlated with their bitcoin use.  This was
described at FinCrypto14 by authors of BitIodine:
http://fc14.ifca.ai/papers/fc14_submission_11.pdf

The bitcoin protocol fingerprint is obvious even over encrypted Tor.
Yet, for most people, the only way they have of masking their location
while using bitcoin, is to use Tor with it.  This puts users in a
terrible bind, because as the authors of the papers above have clearly
ascertained, as bitcoin exists today, and as Tor currently exists, the
option is definitely not ideal.

Should bitcoin protocol be "encrypted on the wire?"  Sure.  But this
does not address the deficiencies and problems with the protocol as it
exists presently.  There is no option for anonymity (in bitcoin), and
the best advice would be to move all bitcoin resources away from web
wallets and bitcoin web-based services (none of which implement
complete zero knowledge protocols, and all of which know quite a bit
about their users).  Move your resources away from any web-based
wallets and any web-based exchanges, and move them to wallets such as
Electrum (which will soon have support for stealth, and can be
enhanced with a plugin mixer), or to Armory (which includes multisig
support), and then mix them and move them again back to yourself until
your coins' 'path' and history is at least somewhat obscured.

"Abandon hope, all ye who enter into web-based wallets and exchanges"

TISA, FATCA, and FinCen are examples of what we knew would happen (yet
even with this understanding, the developers of bitcoin based
businesses stuck their heads in the sand and huddled in support of
regulatory elements which are part of the Windhover proposals to
regulate decentralized identity, even when the Russian Federation came
out with its ban proposals - nor did they take any efforts to protect
the users through full zero knowledge configuration(s) of their
servers).  Basically, web-based businesses had the time and
opportunity to pursue server design that would keep them from knowing
anything about their users, but they did not do it as the convenience
of getting customers onboard took a higher priority than privacy or
anonymity considerations. Zerocash (an improvement over the original
zerocoin proposals, zerocash is designed [unlike bitcoin] to provide
strong anonymity at the core of its functionality), would treat
bitcoin and other currencies as 'base coins.'  Thus you could (once
zerocash is available) migrate from bitcoin to zerocash and thus
anonymize any further activity, or not, entirely at your option.

Until Zerocash is released (anticipated to occur sometime close to the
end of 2014, or possibly early 2015), the wisest course of action
might be to convert (though not on the web based exchanges, as you
should now be using decentralized exchanges) a substantial portion (if
not all) of one's bitcoin into cryptosystems which are actually
designed to allow user-specified anonymity (and which have had
favorable review from bitcoin developers).  One such example is
bytecoin.org - a.k.a. BCN, not to be mistaken for the bitcoin knockoff
also known as bytecoin.

Some resources to help those who are examining this more in detail:
On Decentralized Exchange systems (not web-based)
https://odinn.cyberguerrilla.org/index.php/2014/07/13/businesswithoutbanks/

On Bytecoin (bytecoin.org / BCN), sx, OpenBazaar, Zerocash, and
decentralizing / anonymizing finance generally
https://odinn.cyberguerrilla.org/index.php/2014/06/28/decentralizingfinance/

- -Odinn


grarpamp wrote:
> On Thu, Oct 23, 2014 at 7:35 PM, Erik de Castro Lopo 
> <mle+tools at mega-nerd.com> wrote:
> 
> http://arxiv.org/pdf/1410.6079v1.pdf
> 
>> Could this situation be improved if people ran limited exit nodes
>> that only alloed the bitcoin p2p protocol to exit? I for one
>> don't have enough
> 
> There are about ten exit nodes that do only this today. [One of
> which is run by Mike Hearn who has advocated building in censorship
> capabilities to Tor, and blocking (historically) tainted coins 
> (such as you have now or might receive through otherwise
> completely innocent transactions with you, or from your own
> trans/mixing with others).]
> 
> Then there is question if your client will select such 'only *coin'
> nodes versus those with high bandwidth and open exit policies.
> 
> There are also a fair number of hidden services in Tor/I2P/CJDNS 
> that act as bitcoin nodes.
> 
> As related tangent, yes, the bitcoin protocol needs to be
> encrypted on the wire, at least bitcoin node to bitcoin node with
> TLS, obviously and urgently so, particularly if you wish to guard
> your trans from wire listeners.
> 
> You might be best to in fact run bitcoin always and entirely over
> Tor, especially while transacting. But then also routinely compare
> that received blockchain to one you receive via alternate/trusted
> sources, such as clearnet or signed bittorrent checkpoints.
> 

- -- 
http://abis.io ~
"a protocol concept to enable decentralization
and expansion of a giving economy, and a new social good"
https://keybase.io/odinn
-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJUTwaXAAoJEGxwq/inSG8CS9AH/3fAXquPqScp66hu1B+8Vu8D
GZUDz597FEEfpWQ1aV4KX7CEjk+YrH0nOAnzk60LmscTW7Mj9anb1hSKAL8KS0sW
VcqVkOdbtT7A082zLTo2A+6qtVOhngQXLP+2mk4tIAQ25Qe0Bgcu8+p5C17lEuNf
7eDgw6PNZ2m29jydCGsz7pElruayIeQrEMhI/Wq5+XxDepLNqxx9m99E82+AOX2V
Jlt3umh/jLisxyWFm3WCpJB8XRtZP8QgPj2qYeBT0WEugw0QrphGAlrup0tFUGGZ
+hmP1OXLolYOgH9Tl18f6feqP+5NlbulBC5Y5FIK3ttFO4cIDX0GVRQdOH8X9ow=
=DJk/
-----END PGP SIGNATURE-----