[Freedombox-discuss] FreedomBox and Bitcoin (and the petition)

Ted Smith tedks at riseup.net
Mon Nov 12 20:28:54 UTC 2012 

On Mon, 2012-11-12 at 11:56 -0800, Jonathan Wilkes wrote:
> > 
> > The Bitcoin transaction log records transactions between addresses. If
> > you never change your Bitcoin address, the transaction log will
> > accumulate records of your transactions. 
> > 
> > Without a very significant amount of work, it is not possible to link a
> > Bitcoin address (even in this sense) to a home address, full legal name,
> > payment information, etc.. 
> 
> What makes you say it is a "very significant amount of work" to determine
> the originating IP address for a bitcoin transcation?  How much did it cost
> you to connect to all the Bitcoin nodes in existence?  I assume you tried or
> at least have a ballpark figure, since that is the most obvious way to
> link a Bitcoin address with an IP address.  (And as we both agreed above,
> when the attacker has the IP of the originator of the transaction they are
> only 1 step away from gaining info on home address, full legal name,
> payment information, etc...)[1]

I don't have any ballpark figure for that, since I'm using a nominal
metric for "work" that could be loosely defined as:

      * Work level 0: you already have the information you're looking
        for (you are an ISP and you are looking for the home address of
        a subscriber)
      * Work level 1: You don't have the information you're looking for,
        but you can obtain it via a legal-system process (you are the
        FBI and can ask an ISP for it)
      * Work level 1 (continued): You don't have the information you're
        looking for, but you can obtain it via an existing attack on
        someone who does (you are the Illuminati and can hack the ISP)
      * Work level 2: You need to write your own software to obtain the
        next piece of information you're looking for.

Not all work is created equal. It's easy to connect to all Bitcoin
nodes, but you'd have to write software to do it first. Writing software
is hard.

When the attacker has the IP address of a Bitcoin address, they're one
step away from getting the underlying home address -- but they have to
go through either the legal system or an existing attack. That's "one
step," but it's not an easy step.

> > 
> > With very little work (running Tor and using new addresses), you can
> > anonymize your Bitcoin participation to the same extent you could
> > anything.
> 
> I love how spying on the entire Bitcoin network, which has been done,
> demoed, and reported to the Bitcoin community by Dan Kaminsky,
> constitutes "a significant amount of work" in your informed opinion, yet
> downloading a 2gig blockchain over Tor is "very little work".

Yes, downloading a 2GB file over Tor takes about 10 seconds of human
effort if Tor and wget are installed, and about 5 minutes of human
effort if they aren't. If you assume a novice user that knows what Tor
is, then it'll take as long as it takes to download and run the Tor
Browser Bundle -- I don't know numbers off the top of my head, but I do
know it's been studied extensively, and if you're very interested you
can ask the Tor Project people to put you in contact with the people
doing usability studies on the TBB.

I don't know how long Dan spends writing his talks, but I'd throw down a
bitcoin that it takes longer than that, and is much more mentally
taxing. 

Further, the attacks discussed in that particular talk are pretty easy
to fix, especially if you control the entire software stack (which FBX
does).

> > 
> > Further, is the FBX going to tunnel all traffic through some TCP
> > mix-net? (I don't think it is.) All privacy is quantitative; there is no
> > concept of perfect anonymity. Nothing provides 100% privacy, and the FBX
> > isn't looking to do that anyway.
> 
> Nothing is 100%, but that doesn't mean there are some things that are
> clearly _not_ anonymous in any way, shape, or form, and using Bitcoin
> without going through Tor is one of them.  (Additionally, you might want
> to check to make sure that the Bitcoin reference client knows that Tor
> is now randomizing the socks port, because it was previously waiting to
> see the "magic Tor port number" to turn off listening, and if you don't do
> that you have worse than non-anonymity-- you have the false idea of
> anonymity, which is right where we started in this thread.)

Sure -- but putting Bitcoin through Tor is pretty cheap, far cheaper
than attacking it via any mechanism we've discussed.

Other things that aren't anonymous in any way, shape, or form include
all of the semantic web stuff discussed on this list, all of the social
networking stuff discussed on this list, and XMPP. This seems to be in
coherence with the original idea of the FBX, which was (from my memory)
"Replace Facebook et all with free alternatives."

More information about the Freedombox-discuss mailing list