Pages:
Author

Topic: [ANNOUNCE] Bitcoin Fog: Secure Bitcoin Anonymization - page 31. (Read 301578 times)

newbie
Activity: 36
Merit: 0
Sometimes silence speaks masses.
newbie
Activity: 36
Merit: 0
It should be reachable right now. If it is not, try restarting tor (or press "use new identity" in the Vidalia control panel).

Yes it is reachable now, but please do not make it appear as though there is a chance I just "don't know what Im doing".


Your service was unreachable for over 72 hours and while I was fortunate enough to not have any coins there at the time it went down, I know plenty of people that do/did.

You posted on the twitter feed it would be back up in 4 hours, then when it came back up, you deleted the twitter post.


Does anyone get ANY type of explanation as to why your service (and everyones coins) were AWOL for so long?

Or would you just like me to apply said tin-foil hat...announce that the site was compromised and everyone should get their coins out ASAP and never use the site again?

Full Disclosure buddy. Full Disclosure.
member
Activity: 84
Merit: 13
It should be reachable right now. If it is not, try restarting tor (or press "use new identity" in the Vidalia control panel).
newbie
Activity: 36
Merit: 0
I can confirm site is unreachable at this moment.
legendary
Activity: 2506
Merit: 1010
I received an inquiry by an individual who says the service "appears to be down".  I've not accessed it myself.  Can anyone confirm that the site is accessible and / or that access to funds (withdrawals) is still possible?
member
Activity: 84
Merit: 13
As suggested by our users, we now support multiple deposit addresses per user.
Before it was slow to collect multiple transactions on the same account and direct every transaction to a different address for anonymity: users had to get a new address, deposit bitcoins, and then wait until our system gets all the needed confirmations, THEN get a new address and repeat. Now, with multiple addresses, users can deposit to all of them simultaneously.


We are also considering making a slight change to this: we think that re-using old addresses, which have been deleted by users seems like a good idea. In this new scheme, when an address has been deleted by one user, it may be re-assigned to another Fog user, thus making all future deposits to that address go to the second user. This seems to help obscuring the origin of the bitcoins: even if authorities would find one of your deposit addresses, they won't even be sure that all the deposits to that address were made by you. More generally speaking, there won't be any specific sense anymore in linking "input address" to "output address", they would have to do it transaction-wise only.

What do you think about this idea? If you don't like to discuss in the open, please use the secure contact form on our onion service.

If there won't be any critical opinions against this, we will implement it in 1 month.
sr. member
Activity: 294
Merit: 250
Sub... may end up using this if it pans out ok.
hero member
Activity: 950
Merit: 1001
People who are (rightly, IMHO) afraid this could be a honeypot, could consider making their own 'fogger'.
On the other hand, isn't it possible to design a distributed 'fogger', and eventually include it (as an option) in the bitcoin client?

I would love to see a bunch of these foggers - use them in series and only one of them has to work as advertised.

However, I don't think we should ever include them in the official client.
* either gives preference to specific businesses or introduces trust problems
* associates the whole Bitcoin project with eeeeeeevil "money laundering"
* adds complexity and potential security vulnerabilities
full member
Activity: 406
Merit: 100
People who are (rightly, IMHO) afraid this could be a honeypot, could consider making their own 'fogger'.
On the other hand, isn't it possible to design a distributed 'fogger', and eventually include it (as an option) in the bitcoin client?
member
Activity: 84
Merit: 13
Problems with the freenet website are finally seem to be resolved. The extra time was due to the domain transfer. Also, we are now on bitcoin-hosting.com which is good the bitcoin economy Smiley

Now for the important news: be advised, someone has put a fake link on the tor hidden wiki and called it Bitcoin Fog, when in reality it leads to a completely different website which reportedly even scams people. Please always use the original link published here in the first post of this topic, http://fogcore5n3ov3tui.onion

We have of course contacted the hidden wiki in order to modify the link, but it is not gone yet. Be careful.
member
Activity: 84
Merit: 13
Yes, after all this time we got the news today that the hoster is stopping delivering the kind of hosting we were using. And they tell us this after they have shut down the site without any warnings... Now we are just waiting on them to give us domain transfer codes so we can get move the site to another company...
hero member
Activity: 484
Merit: 500
Site still down ! any updates ?
member
Activity: 84
Merit: 13
UPD: we now saw that even the .onion address was down for some time. That sure must have looked like we have decided we've had enough and ran away with all the money Wink. This is not the case. Apparently, due to how the onion routing in the Tor works, and specifically due to the rendezvous points algorithm, the website can appear down if some of the Tor nodes holding that point go down.
Anyway, right now it is accessible again.

We are checking what the situation with bitcoinfog.com is, since we are not hosting those servers ourselves, we have to check with the external company.

Quote
Don't the exchanges run similiar to this service?  If I withdraw bitcoins from an exchange, wether from a purchase or transfered from another wallet, they come from a mixed pool of coins and not a specific address attached to my account.  Or do I have that wrong?

We have discussed this a little bit earlier. As I see it, you do get some anonymity by mixing it like that (and that is the only other choice apart from mixing services I guess), but those companies do not try to make your payments anonymous deliberately, do not mix a lot just to hide all the traces. Most of them are also run as legitimate, visible businesses, which will be forced to reveal information about your funds, should such a request be made by the authorities. I would assume they are also keeping very long logs, since they don't have any reason not to. Us on the other hand, the authorities have to find first, which, as Silk Road have demonstrated, can prove problematic.
donator
Activity: 798
Merit: 500
Don't the exchanges run similiar to this service?  If I withdraw bitcoins from an exchange, wether from a purchase or transfered from another wallet, they come from a mixed pool of coins and not a specific address attached to my account.  Or do I have that wrong?
member
Activity: 84
Merit: 13
Quote
I made a deposit on the 8th, it still shows the balance as being updated (it's been much more than 2 hours)

I apologize for that. We have built in an automatic lockdown in the system if it senses that someone is trying to do some strange requests/tampering with the sent data and so on. It seems that now that our service is a little bigger than before, such things happen more and more often, and some lockdowns have been happening. Since we don't really have the manpower to monitor the service fully 24/7 (although it is checked on every day), these delays have been happening. Each time we have to check exactly what happened and if there was no real risk of hack-ins and loosing funds, restart the service. We have done it now.

Certainly, this is not the way it is supposed to work (lock down when *anything* happens), this was a setting that worked for us in the beginning, but now we obviously have to rework our routines, but still keep the service secure.

I apologize for all the delays, (and they did indeed happen a couple of times before due to these lockdowns), and we will be working on getting rid of them. As of now, we have not detected any actual breaches of our security and all the funds are intact. If your payouts are still not going starting to go through after this message, please contact us.
full member
Activity: 136
Merit: 100
Couple of itms:

I made a deposit on the 8th, it still shows the balance as being updated (it's been much more than 2 hours) Also,  http://www.bitcoinfog.com/ is down. Something's up?

member
Activity: 84
Merit: 13
Quote
I say "I didn't do that" but they decide they have the proof and prosecute anyway.
How exactly could they prove they are your coins? It is not even trivial for them to prove they were your coins if they were transferred from your address directly, since a virus could've stolen your wallet.dat and made that transaction.
If you live in a country where "proof" is just a word and the authorities do as they please, then perhaps no, our service will not help you, but then again, nothing will really.

Also, at this point our service mainly deals with making it difficult to *find* you, not convict you, since to my knowledge, there hasn't been any real bitcoin-related conviction yet anywhere in the world to see as an example.
hero member
Activity: 784
Merit: 1009
firstbits:1MinerQ
Please help explain why I wouldn't be a fool to use a service like this. Maybe I have it wrong but as soon as I mix my money thru such a service I would be potentially linking my funds with any number of potentially illegal transactions (from the perspective of any given govt). The deniability of being involved with such money trails is possibly worse than the deniability of my own usage.

Let's say someone steals coins and then funnels them thru a mixer. My funds are mixed up with those funds and some LEO tracks them to my funds being removed via MtGox. They come to arrest me with a funds trail that shows I stole the money and transferred it via several steps to MtGox to withdraw. I say "I didn't do that" but they decide they have the proof and prosecute anyway. Maybe they eventually lose or not depending on my ability to deny the transactions. In the meantime they have searched and analyzed everything in my home/business. If I hadn't mixed my funds I would never have been tagged initially and avoided the hassle.

I don't much like the idea that in a game of musical chairs I may be the sucker getting tagged with some criminal money trail. It may be that such accusations may never hold up in court but I'd rather avoid being associated, accused, interrogated, and released. An in some cases I'm sure that they wouldn't go through such a legal process. They would just make the association and use it as grounds for detention. Subtle arguments about deniability may just be ignored.
member
Activity: 84
Merit: 13
We have been thinking about whether it is safe to reveal such information, but it seems that revealing an average total throughput wouldn't hurt too much. As of right now (February 2012) we have on average somewhat over 150-200BTC going through the system per day, some days more, some days less. We will not reveal the number of transactions at this time, as that would aid an analyzer in distinguishing real payouts from our internal transfers we make to obfuscate the money flow.

The warning about withdrawing amount that our internal calculations consider too big to be transferred to a single bitcoin address to be considered obscure enough is now in effect. You will see it on the withdrawal page. The actual warning limit is recalculated on a daily basis, but there isn't just a hard limit at which a warning will be shown every time. Instead, there is a window, inside which the probability of showing a warning varies from 0 to 1. This is done to make it hard for anyone, through a lot of testing, determine the limit exactly, thus exact information about the internal state of the system. Naturally, based on this setup, if the amount is very high, much higher than the calculated limit, a warning will always be shown. It is just inside the window that there is a non-100% probability of that.

The good thing is that we see that a substantial amount of users actually do follow our advice about not blindly inserting/removing too similar amounts, but instead are leaving a buffer of funds in the fog and withdrawing it at a later time so that no two input/output pairs do show a similar amount. This greatly increases obscurity for all the users, even the ones not following the advice.

Personally, it is great of course to make a little extra money on the side, but more importantly, it is great to actually have a way of anonymizing bitcoins for my other projects that I know is legit and anonymous. It is difficult to be sure of that for all the people that don't actually have direct access to our server, but at least we now provide the better functionality than the competition. Once again, I would like to thank all the users that have trusted our service and we will continue to work on staying secure and keep developing the service.
legendary
Activity: 1386
Merit: 1097
Can you publish daily/weekly/monthly amount laundered on the site? I think it's important for the people to know they're not alone using this service, which breaks the anonymity. I think *this* was the concern of fivemileshigh.
Pages:
Jump to: