[Freedombox-discuss] FreedomBox and Bitcoin (and the petition)

Jonathan Wilkes jancsika at yahoo.com
Mon Nov 12 19:56:50 UTC 2012


----- Original Message -----

> From: Ted Smith <tedks at riseup.net>
> To: freedombox-discuss at lists.alioth.debian.org
> Cc: 
> Sent: Monday, November 12, 2012 1:43 PM
> Subject: Re: [Freedombox-discuss] FreedomBox and Bitcoin (and the petition)
> 
> On Mon, 2012-11-12 at 10:28 -0800, Jonathan Wilkes wrote:
>>  ----- Original Message -----
>> 
>>  > From: Daniel Pocock <daniel at pocock.com.au>
>>  > To: freedombox list <freedombox-discuss at lists.alioth.debian.org>
>>  > Cc: 
>>  > Sent: Monday, November 12, 2012 3:32 AM
>>  > Subject: [Freedombox-discuss] FreedomBox and Bitcoin (and the 
> petition)
>>  > 
>>  > 
>>  > 
>>  > I'm just wondering if anybody has done any analysis of the 
> suitability
>>  > of Bitcoin for FreedomBox?
>>  > 
>>  > For example, Bitcoin provides a certain amount of anonymity, but not
>>  > complete privacy.  In other words, anybody can create an anonymous
>>  > Bitcoin account, but anyone else can trace the movements of Bitcoins
>>  > through that account.  Does this lack of 100% privacy make it awkward
>>  > for FreedomBox to include Bitcoin?
>> 
>>  By your definition of anonymity, why even have a FBX?  You get the same
>>  "certain amount of privacy" by signing up with an ISP who gives 
> you a
>>  dynamic IP address from a pool.  After all, you can request to release your
>>  connection and renew it with a new IP after each web page you view.
>> 
>>  You might say the comparison isn't apt, because the ISP is a 
> centralized
>>  entity.  But the ISP is one entity that can spy on you (possibly against 
> the
>>  terms of service)-- with Bitcoin anyone anywhere on the internet can do the
>>  same thing, for very little cost. 
> 
> 
> 
>>   It's a 100% lack of privacy, by design.
>> 
> 
> Your ISP knows your payment information, home address, full legal name,
> and all your unencrypted/unanonymized traffic.

Glad you clarified that.  What it means is that anyone who can connect to
the IP of someone running a Bitcoin node who initiates a transaction is
one step away from gaining that information, i.e., asking the ISP to give them
some or all of that info.  (But how do you know the node you connected
to is the one who actually initiated the transaction?  I'm sure you know the
answer since you opined on the amount of work it takes to solve
this problem.)

> 
> The Bitcoin transaction log records transactions between addresses. If
> you never change your Bitcoin address, the transaction log will
> accumulate records of your transactions. 
> 
> Without a very significant amount of work, it is not possible to link a
> Bitcoin address (even in this sense) to a home address, full legal name,
> payment information, etc.. 

What makes you say it is a "very significant amount of work" to determine
the originating IP address for a bitcoin transcation?  How much did it cost
you to connect to all the Bitcoin nodes in existence?  I assume you tried or
at least have a ballpark figure, since that is the most obvious way to
link a Bitcoin address with an IP address.  (And as we both agreed above,
when the attacker has the IP of the originator of the transaction they are
only 1 step away from gaining info on home address, full legal name,
payment information, etc...)[1]

> 
> With very little work (running Tor and using new addresses), you can
> anonymize your Bitcoin participation to the same extent you could
> anything.

I love how spying on the entire Bitcoin network, which has been done,
demoed, and reported to the Bitcoin community by Dan Kaminsky,
constitutes "a significant amount of work" in your informed opinion, yet
downloading a 2gig blockchain over Tor is "very little work".

> 
> Further, is the FBX going to tunnel all traffic through some TCP
> mix-net? (I don't think it is.) All privacy is quantitative; there is no
> concept of perfect anonymity. Nothing provides 100% privacy, and the FBX
> isn't looking to do that anyway.

Nothing is 100%, but that doesn't mean there are some things that are
clearly _not_ anonymous in any way, shape, or form, and using Bitcoin
without going through Tor is one of them.  (Additionally, you might want
to check to make sure that the Bitcoin reference client knows that Tor
is now randomizing the socks port, because it was previously waiting to
see the "magic Tor port number" to turn off listening, and if you don't do
that you have worse than non-anonymity-- you have the false idea of
anonymity, which is right where we started in this thread.)

-Jonathan

[1] Please, oh please, let some Bitcoin fan come on here and tell me how
that IP might be from an online wallet without realizing how using Bitcoin in
that way negates nearly all of the desirable qualities of the protocol. (I say
nearly all because from the standpoint of the thief it still retains the most
desirable quality of all, which is that the transaction cannot be reversed.)


> 
> 
> _______________________________________________
> Freedombox-discuss mailing list
> Freedombox-discuss at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
> 



More information about the Freedombox-discuss mailing list