----- Original Message ----- > From: Ted Smith <[email protected]> > To: [email protected] > Cc: > Sent: Monday, November 12, 2012 1:43 PM > Subject: Re: [Freedombox-discuss] FreedomBox and Bitcoin (and the petition) > > On Mon, 2012-11-12 at 10:28 -0800, Jonathan Wilkes wrote: >> ----- Original Message ----- >> >> > From: Daniel Pocock <[email protected]> >> > To: freedombox list <[email protected]> >> > Cc: >> > Sent: Monday, November 12, 2012 3:32 AM >> > Subject: [Freedombox-discuss] FreedomBox and Bitcoin (and the > petition) >> > >> > >> > >> > I'm just wondering if anybody has done any analysis of the > suitability >> > of Bitcoin for FreedomBox? >> > >> > For example, Bitcoin provides a certain amount of anonymity, but not >> > complete privacy. In other words, anybody can create an anonymous >> > Bitcoin account, but anyone else can trace the movements of Bitcoins >> > through that account. Does this lack of 100% privacy make it awkward >> > for FreedomBox to include Bitcoin? >> >> By your definition of anonymity, why even have a FBX? You get the same >> "certain amount of privacy" by signing up with an ISP who gives > you a >> dynamic IP address from a pool. After all, you can request to release your >> connection and renew it with a new IP after each web page you view. >> >> You might say the comparison isn't apt, because the ISP is a > centralized >> entity. But the ISP is one entity that can spy on you (possibly against > the >> terms of service)-- with Bitcoin anyone anywhere on the internet can do the >> same thing, for very little cost. > > > >> It's a 100% lack of privacy, by design. >> > > Your ISP knows your payment information, home address, full legal name, > and all your unencrypted/unanonymized traffic.
Glad you clarified that. What it means is that anyone who can connect to the IP of someone running a Bitcoin node who initiates a transaction is one step away from gaining that information, i.e., asking the ISP to give them some or all of that info. (But how do you know the node you connected to is the one who actually initiated the transaction? I'm sure you know the answer since you opined on the amount of work it takes to solve this problem.) > > The Bitcoin transaction log records transactions between addresses. If > you never change your Bitcoin address, the transaction log will > accumulate records of your transactions. > > Without a very significant amount of work, it is not possible to link a > Bitcoin address (even in this sense) to a home address, full legal name, > payment information, etc.. What makes you say it is a "very significant amount of work" to determine the originating IP address for a bitcoin transcation? How much did it cost you to connect to all the Bitcoin nodes in existence? I assume you tried or at least have a ballpark figure, since that is the most obvious way to link a Bitcoin address with an IP address. (And as we both agreed above, when the attacker has the IP of the originator of the transaction they are only 1 step away from gaining info on home address, full legal name, payment information, etc...)[1] > > With very little work (running Tor and using new addresses), you can > anonymize your Bitcoin participation to the same extent you could > anything. I love how spying on the entire Bitcoin network, which has been done, demoed, and reported to the Bitcoin community by Dan Kaminsky, constitutes "a significant amount of work" in your informed opinion, yet downloading a 2gig blockchain over Tor is "very little work". > > Further, is the FBX going to tunnel all traffic through some TCP > mix-net? (I don't think it is.) All privacy is quantitative; there is no > concept of perfect anonymity. Nothing provides 100% privacy, and the FBX > isn't looking to do that anyway. Nothing is 100%, but that doesn't mean there are some things that are clearly _not_ anonymous in any way, shape, or form, and using Bitcoin without going through Tor is one of them. (Additionally, you might want to check to make sure that the Bitcoin reference client knows that Tor is now randomizing the socks port, because it was previously waiting to see the "magic Tor port number" to turn off listening, and if you don't do that you have worse than non-anonymity-- you have the false idea of anonymity, which is right where we started in this thread.) -Jonathan [1] Please, oh please, let some Bitcoin fan come on here and tell me how that IP might be from an online wallet without realizing how using Bitcoin in that way negates nearly all of the desirable qualities of the protocol. (I say nearly all because from the standpoint of the thief it still retains the most desirable quality of all, which is that the transaction cannot be reversed.) > > > _______________________________________________ > Freedombox-discuss mailing list > [email protected] > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss > _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
