[Freedombox-discuss] FreedomBox and Bitcoin (and the petition)

Ted Smith tedks at riseup.net
Tue Nov 13 01:00:18 UTC 2012


On Mon, 2012-11-12 at 14:13 -0800, Jonathan Wilkes wrote:

> I'm with you so far.
> 
> > 
> > When the attacker has the IP address of a Bitcoin address, they're one
> > step away from getting the underlying home address -- but they have to
> > go through either the legal system or an existing attack. That's "one
> > step," but it's not an easy step.
> 
> It's as easy as whichever of your so-called "work levels" is available to the
> attacker.  For example, work level 1 for the FBI or state law enforcement
> (or city law enforcement if you live in NY) is extremely easy.

It might sound easy (propaganda from both sides of the privacy debate
have an interest in making it appear easy), but in reality, how many
people are employed full time in order for that to happen?

> > 
> >>  > 
> >>  > With very little work (running Tor and using new addresses), you can
> >>  > anonymize your Bitcoin participation to the same extent you could
> >>  > anything.
> 
> Why run Bitcoin over Tor when you already stated that
> "without a very significant amount of work, it is not possible to link a
> Bitcoin address (even in this sense) to a home address, full legal name,
> payment information, etc.. "

It's cheap to do so, and it increases the adversary's cost probably
beyond what they can afford. It certainly puts you out of the
low-hanging fruit pile.

Further, "very significant" depends on your attacker model, and I think
we're defining that differently. For an ISP, which was the original
attacker being discussed in this thread, it would be quite expensive to
link a bitcoin address to a full legal name.

I'm guessing that your attacker model is something more like a
nation-state or the FBI, in which case yes, connecting a bitcoin address
to a full legal name would be easier. 

I'd also guess that when people argue not to use Tor by default on the
bitcoin forums, they're seeing themselves as pushing back against an
overreaction caused by a similar distance in attacker models.

> >> 
> >>  I love how spying on the entire Bitcoin network, which has been done,
> >>  demoed, and reported to the Bitcoin community by Dan Kaminsky,
> >>  constitutes "a significant amount of work" in your informed 
> > opinion, yet
> >>  downloading a 2gig blockchain over Tor is "very little work".
> > 
> > Yes, downloading a 2GB file over Tor takes about 10 seconds of human
> > effort if Tor and wget are installed, and about 5 minutes of human
> > effort if they aren't. If you assume a novice user that knows what Tor
> > is, then it'll take as long as it takes to download and run the Tor
> > Browser Bundle -- I don't know numbers off the top of my head, but I do
> > know it's been studied extensively, and if you're very interested you
> > can ask the Tor Project people to put you in contact with the people
> > doing usability studies on the TBB.
> > 
> > I don't know how long Dan spends writing his talks, but I'd throw down a
> > bitcoin that it takes longer than that, and is much more mentally
> > taxing. 
> 
> That's off topic-- we were discussing whether it is easy or hard to link an
> IP with a Bitcoin transaction, not how long it took for a researcher to
> originally discover the technique and write it into his talk.

The hardness of linking an IP to a bitcoin transaction is some function
of the hardness of figuring out how to do so and the hardness of
implementing it and the hardness of executing the actual technique.
Along the way, there might be a lot of other hard things, like
communicating to other humans how to implement/execute the attack.


> > 
> > Further, the attacks discussed in that particular talk are pretty easy
> > to fix, especially if you control the entire software stack (which FBX
> > does).
> 
> Then go ahead and submit a patch to Bitcoin.  If it makes it impossible for
> Bitcoin to be surveilled in the way that you now understand it can be,
> you'll be doing a service to the Bitcoin community.  That's a lot more valuable
> than making an uninformed claim about the difficulty of the attack.

Are you saying that running a Bitcoin client on, say, TAILS, would be
un-anonymous without some patch?

You haven't said that running Bitcoin through Tor hasn't fixed the
problems we've discussed in this thread, and it wouldn't be hard for the
Freedombox to include a tor-only mode that firewalled everything but a
Tor TransPort and routed all traffic through Tor. What patches do you
need under that configuration?

My impression of the talk is that the vulnerability is that some bitcoin
clients listen for connections, but that's a problem you can fix with a
firewall, which the FBX maintainers control.

> Something else you problem aren't aware of-- Blockchain.info already lists
> the IP of the Bitcoin node that relayed the transaction to it.  They even have
> a whois link to ease the work it would take to browse to Google.

Is this usually the originator of the transaction? With what probability
is that the case, and what's the base rate of Bitcoin transactions?

Could an ISP use that to de-anonymize their customer's bitcoin usage?
Could a vengeful ex-romantic-partner?

-- 
Sent from Ubuntu





More information about the Freedombox-discuss mailing list