Topic: Anonymity (Read 68752 times)

The lack of anonymity is the worst thing in the Bitcoin protocol. In my opinion the anonymity should be fixed urgently if you want Bitcoin to be adopted my mainstream people! Most people who heard about bitcoin doesn't know their transactions could be traced. When they realize that they say bye bye Bitcoin. I was very enthusiastic about Bitcoin, I bought some domains and was going to build some websites but when I realize the lack of anonymity I stopped all my plans. Yes I know, there are work arounds but why should I use a system that involve work arounds in order to not be traced ?! If I use banks at least I know only a few people/institutions can see my transactions, using Bitcoin anybody can see my transactions, that's horror !!!

Why don't adopt zerocoin solution ? , it add complexity to protocol but mainstream people don't care about technical things, they just want an easy to use, cheap system...

I don't know about others, but for me, the reason is exactly that the authorities are, and will ask me to give up my rights whenever they have a chance. My rights(privacy, anonymity, etc) are my rights because I don't need to justify to anyone why I need it, rather, whenever I choose to compromise it a bit I do need some justifications.

You sound like you have something to hide.

I'll have a go with an example:

Bob hears about Bitcoin from a man in a bar, who sells him ten dollars worth.
Later that day, Bob decides to gamble his Bitcoin on Satoshi Dice and wins big time!
The next day he's in the same bar, and that man sidles up to him, angling for a handout from his big win.
Bob is really creeped out by this - how did this man even know he'd been gambling?
He loses interest in Bitcoin and advises his friends to stay away from it.

You could provide this privacy with a centralised mixer like the one at blockchain.info, and they can store logs to keep the feds happy. But if you don't want to sacrifice decentralization, you end up aiming at full anonymity.

This is a good point, and it's certainly what the politicians will be thinking. I think what we'll see are coin tainting and government mandated blacklist checking. It's just so easy to implement with a public ledger it's inevitable. On the conference security panel, Peter Vessenes talks like Bitcoin tainting is here already.

When blacklists are commonplace, you can still have your anonymity, you just use a "clean coins only" mixer.

This post may cause a flame war, so I apologize in advance if it happens. Now onto my post:

Is anybody else starting to feel the anonymity of the *coin clients will ultimately be the demise of them? We see scams popping up regularly from people who think things like child pornography, selling hard drugs to any age group, and various other acts that most sane people will view as disgusting. In the IRC channels (#litecoin at least) I can't tell you how many times I've seen questions involving evading taxes, at least as often as I see questions on how to get a mining rig setup. When I ask other engineers who are not currently involved in any crypto currency why they are not the usual answer is "I do not want to be grouped with the scum using them." (their words, not mine) or "Why hide if you have nothing to hide?" I understand privacy is everybody's right and not something any government should control but it seems the scammers have once again proven they will use any means necessary to make a buck. I used to advocate the use of bitcoin due to it's anonymity and lack of control by a overall authority however after the most recent case with Liberty Reserve I can no longer in my right conscious recommend it. So now I ask the more "in the know" / senior members of this community, what valid reasons are there for preserving the users identity?

Its worth someone coming out with a client or even a separate alt coin because The same people who will control all of mt gox US transactions also have access to the user data from the bitcoin foundation.

This could be dangerous for anyone wanting to use bitcoin for activism purposes, with the large data matching abilities this offers.

If 80% of the network is able to be identified it compromises the other 20% who dont want this for numerous reasons. Donating to wikileaks for example.

Let me see if I got this correctly since most laundering services only "mix" coins that it's trying to transfer...

What about a "cash" like system that's backed from miners(pools).

I first make these assumptions.
1. freshly generated coins from a block isn't linked to anything(or would only contain the Address of the pool which they came from.)
2. coins are tracked on a Address to Address basis.

The system is as follows.
a needs to send btc to b.
a instead send btc to S.
S as a server, uses fresh bitcoins to send the amount to b.
so the capability of S as a laundering service is equal the amount of hashrate that it generates bitcoins at.

tl;dr
Pools are the best launderers

Comments? sounds good to me.

Anonymity required?

Use coin mixing and money laundering services. They are all readily available today AFAIK.

A complicated reengineering of bitcoin is the last thing we need right now.

Most of the anonymity talk I see around Bitcoin seems to be oriented around the assumption that the attackers will be governments who will be forced to accumulate proof beyond a reasonable doubt in order to get a conviction in court.

I think we need to be talking as though the attackers will be criminal thugs who need just a whiff of suspicion, and who don't mind killing a lot of innocent people as long as they get the one they're after as well.

Because if Bitcoin, or some other untraceable, uninflatable, and non-centrally-controllable currency gains critical-mass popularity and takes off, that's what governments will become.

Guaranteed.

For them, it'll be a life-or-death case of us or them.

Heya I'm working under my own deadline over here for the next few months anyway, so I can't take on any new projects.

What I CAN do is:
Help you get OT built on your system,
and answer any questions,
and help you with any fixes,
related to the OT API.
(And I'm happy to do a chat if you need one.)

As I said before, the Use Cases are all pretty simple stuff... issue currency, open account, withdraw cash, deposit cash, market offer, write cheque, etc. The parameters are all what you'd expect: withdraw needs to know the account ID, the amount being withdrawn etc. Compared to what's going on behind the scenes (chaumian blinding, destruction of account history, etc) I think the API is sweet and easy. That's the whole point of the library.

You're right, I didn't mean fiat in the sense of "by decree", as if mandated by a government.

I just meant that Bitcoin's only value was based on the decision of early adopters to accept it, based on their future ability to pass it on to others, and not based on any other actual market value (such as a precious metal, or a bushel of wheat... or network resources.) In this sense, Bitcoin is more similar to dollars than gold, which is what I was trying to say. (Gold/silver has several thousand years of market history demonstrating that it is what markets naturally use unless they are perverted with some combination of force and fraud. You are probably closer comparing Bitcoin to the Pet Rock fad, at this point, than comparing it to Gold. Though time will tell, and I'm rooting for Bitcoin -- I'm a fan.)

My over-arching point was that if Bitcoin were used as the backing currency for an OT-based untraceable cash, and if that were built into an anonymous network (used to solve resource allocation issues) then many holes would be filled: the Bitcoin would be backed in network resources and would be untraceable, the OT would have a publicly-auditable, distributing backing, and the server could run hidden safely on the anonymous network, and the anonymous network would have proper resource allocation (which requires untraceable cash.) And those are all good things, no?

I believe fellowtraveler means here 'fiat' in the sense that bitcoin's only value is its use as payment, and not 'fiat' in the meaning that its value is forced by government decree. Compare this to gold which has a use as component for jewelry, even when not used as monetary system.

Would you care to support this statement? Bitcoin has value by fiat no more than gold does. Nobody is forced to accept Bitcoin for payment of debts, as they are dollars. The only entities that accept Bitcoin are those that value it as a currency.

That's what I was proposing. Your bitcoin-note might be signed by n nodes. Think of the note as (r, s1, s2, ..., sn). And let's say at least n/2+1 verifications are necessary for you to deposit. What if those n/2+1 are not online, or quit the network? What if one too many of them are malicious and give false replies?

Like fellowtraveler said: No "signing authority"? No untraceability.

That kind of thing could work as a multiple-bank system with an interbank protocol, as in the Open Transactions scheme (which by the way looks pretty cool, thank you fellowtraveler), where you trust the bank you are working with.

Our scheme, if I understand you correctly, should work differently. The network blindly signs the note and the bitcoins that are to be represented by the note are destroyed at the moment of "potential" generation. The notes don't have to be used immediately, Alice can store all her bitcoins indefinitely in such notes. When she gives one of them to Bob, Bob has to deposit the note to see if it is valid and not double-spent (a la online e-cash). Now the network verifies the note, adds it to the "spent" notes list, creates new bitcoins out of thin air and awards them to Bob. So it is radically different in the sense that "encapsulated" bitcoins are not stored anywhere but destroyed/re-created.


Good luck. I'd like to wander to a different direction but I very much would like to know if the above scheme is also what's in your mind.

FellowTraveller, yes you did reply but i'd moved on by that point.

Getting ruby to link with the latest version of openssl, getting the ruby headers for your library, figuring out how it works, figuring out how the server works, figuring out how to use it etc. Too many variables to calculate the time it would take me to get what I wanted.

I'll admit I'm not a great developer, having greater difficulty getting other peoples stuff to work I tend to just go and build my own. And on top of this Im slow getting things done(progrramming things) and dont have much time, I'll be starting back work after the spring break next week and will have even less time.

Building it myself I have an idea of how long it will take, I dont need all the functionality of OT. I understand the basic concepts well, and think OT's a great idea, but it's not the easiest to use.

I'm at the point where Ive almost finished my first version of the server, the client needs a proper interface but thats it. a bitof testing, some bugs fixed, and its ready to start.

When I've got my first version done I'll re-investigate OT again, and be determined to get it to build and see whether I should go for that or continue using my own system.

To be clear Im building a stock market using ricardian contracts and bitcoin as the only currency, everything is priced in bitcoin. On top of that it will also be used to manage share ownership, that is for "companies" that issue share on this market they can put forward motions and people can vote on those motions with the shares they own. It will also have share dividend payment functionality.

I havn't gotten around to implementing the voting or dividend payments yet as other things come first but it would be relatively trivial. The system doesn't use it's own http server it uses ruby sinatra, which has a lot of flexibility and can hsve better http sesrvers put in front of it.

My contrracts are stored in a db, alng with everything else instead of on the file system.

I understand my own terrible code very well, and know what all the options are, I don't write cpp, and I dont know all the options in your system(theres a lot, its a big complex system). and other users on this forum have had a look at your system, and they've also found it hard to use, I know grondilu has also gone and made his own system, I don't know if that is because of the difficulty of using OT or if thats just because he wants to do it himself.

Right now, if you want me to use OT you're going to have to join me in my project and kind of hold my hand a little, maybe even do this with me jointly, for that I'd happily give you 1/2 of the ideas/businesses profit if it makes any.

If you want to arrange for a chat on IRC I'd be happy to do so, I've got plenty of questions about the way OT works.

The actual use cases are very simple:  Issue currency, create account, write cheque, deposit cheque, withdraw cash, deposit cash, etc. These are actually not confusing for you at all. In fact, you intuitively understand these concepts from normal, everyday banking. For users of any OT client, the concepts are all intuitive and easy for them to understand as a result of this direct analogy with all of the financial instruments. The only difference is that OT allows you to create new currency types (while obviously normal banks mainly deal in a single currency type with their everyday customers, like dollars or euros.)

Which API calls are used for each Use Case? Exact instructions are here:
https://github.com/FellowTraveler/Open-Transactions/wiki/Use-Cases

To see the notes for each individual API call, look here:
https://github.com/FellowTraveler/Open-Transactions/wiki/API

The "Use-Cases" file describes exactly which API calls to use for each Use Case, and the API file gives the exact details on using each call.

That's pretty exact as far as instructions go -- and of course if you have any questions, I will be very responsive to anyone using the OT API.

In fact, Nefario, you contacted me recently regarding a build issue you had, and I wrote you back (on Github and posted here.) It had turned out that my instructions were wrong for installing OpenSSL 1.0.0c on Linux--they were actually installing 0.9.8--so I fixed my instructions accordingly, and also wrote you back. (https://bitcointalksearch.org/topic/m.41445)

The updated installation instructions are here:
https://github.com/FellowTraveler/Open-Transactions/wiki/Install

My conclusion was that, due to my instructions having been wrong, you probably never had actually installed the right version of OpenSSL. (I never found out for sure because I didn't hear back from you -- but I'm sure I can help you get the software building on your system, if there are still any problems.)

There is also an OT client called Tempest that contains sample code for most of the OT API in Perl:
https://github.com/dspearson/tempest

(You asked for a code-based use case. Tempest implements most of the use cases.)

The Tempest author may also be contacted via email (as well as myself) to satisfy any questions you might have about using the API. He will be also be releasing a new version of Tempest sometime in the next month or so.

I hope this is helpful and clears up any confusion. OT of course is new software so this process is necessary where I provide support to early experimenters. This helps me refine the docs, the software, etc to continually make things easier for you to use it.

By the way, below is the current list of Use Cases available on OT. Please feel free to ask me for any clarifications, since this helps me to update my own FAQ and other documentation for the future benefit of others. In fact your last contact to me already resulted in a fix to my install doc.

USE CASES
-- (Client software starts up.) Initialize the library and load the wallet.
-- Display for the user:
    Server Contracts,
    Nyms (key pairs),
    Asset Accounts,
    and Asset Types (asset contracts).
-- Change the wallet’s local display label for any:
    server contract,
    asset type (asset contract),
    asset account,
    or nym.
-- Import a server contract (or asset contract) into the wallet.
-- Create a new Pseudonym (public/private key pair).
-- Register a public key (a “Nym”) at an OT server.
-- Issue a new Asset Type.
   (Uploads an asset contract which creates an issuer account.)
-- Retrieve any Currency Contract (by ID).
-- Create a new Asset Account (by asset type ID).
-- Write a cheque (or invoice)
-- Send a Message to another user
   (via the server, encrypted to the recipient’s public key and placed in his inbox.)
-- Deposit a cheque
-- Withdraw cash  ************
-- Deposit cash
-- Withdraw Voucher (like a cashier's cheque.)
-- Account-to-Account Transfer (received via inbox)
-- Create a new Basket Currency
-- Exchange Digital Assets in and out of Baskets (from your Asset Accounts)
-- Process your Inbox (Receipts and pending transfers)
-- Set up a Payment Plan
-- Issue a Market Offer

Make you library easier to use and give us a code based use case, OT is like Google Wave, maybe it's revolutionary if people knew what the hell it was.

If you would like to play with an actual implementation of Chaumian blinding,
then I recommend you check out my digital cash library, Open Transactions:  
https://github.com/FellowTraveler/Open-Transactions/wiki

Some scoff at blinded digital cash, since it involves withdrawing cash from a "server" and that means "client/server" which means it's not fully p2p distributed and instead is a "centralized solution"--and therefore politically uncool.

Let's keep in mind that blinded tokens are what provide the untraceability. No "signing authority"? No untraceability.

Let's also keep in mind that, as Chaum said, it's possible to run MULTIPLE SERVERS. (The various diagrams for Open Transactions depict this.)

Open Transactions also makes it possible to distribute funds across multiple servers, and to distribute currencies across multiple issuers (through basket currencies.)

If anyone really has a problem with running a server somewhere, let's also keep in mind that I2P and Tor are specifically designed to allow "HIDDEN SERVERS" to exist within the network, untraceable in their actual location yet still processing services online. Presumably any future anonymous networks will also feature this important functionality. Thus, it can be said that any hidden service (including Open Transactions, for example) is made possible by the p2p, distributed nature of the anonymous network on which it runs.

The publicly-auditable nature of Bitcoin means that, by its very nature, it cannot be untraceable. Software such as Open Transactions must be employed as a layer above, in order to add the functionality of untraceable cash, as well as the ability to use other instruments like markets, payment plans, cashier's cheques, etc.

I find it interesting how blinded token software such as Open Transactions complements Bitcoin (providing an untraceable layer), while Bitcoin provides a publicly-auditable and fully-distributed backing for the currency. (A backing which, unlike gold, cannot be confiscated from some central storage location.)

In fact, combined with some next-generation anonymous network, all three pieces conveniently solve the problems of the others!

I'll explain:

Bitcoin is fully distributed and decentralized, but it's not anonymous or untraceable, and in fact it's publicly auditable.
Open Transactions provides untraceability and anonymity, but you have to have somewhere to store the gold.
Bitcoin solves the problem of storing the gold (through its distributed nature), but it has no intrinsic value (it's more similar to dollars than to gold, in the sense of intrinsic value, due to its fiat nature.)
An anonymous network can hide your web activities, including your Bitcoin messages to each other and your communications with an Open Transactions server. But unfortunately, there are problems of resource allocation on an anonymous network. (Because you normally can't pay for something anonymously...)
...Unless you have digital cash. Therefore Open Transactions can be used to solve problems of resource allocation on anonymous networks, meanwhile the anonymous network is what makes it possible to safely hide an Open Transactions server.
Furthermore, the anonymous network also provides REAL value to Bitcoin (besides just "proof of work") since now the Bitcoins are redeemable in network resources. Thus it solves the problem of intrinsic value in the Bitcoin.
No issuer can ever lie about any currency in circulation, since the backing funds are publicly auditable.

Okay, in the second to last paragraph of Chaum's paper there is a small section "Elaborations"

He clearly states that it could be extended to a decentralised model where there are multiple clearing agents, i.e. signing authorities, so on that basis it can be done.

Seems wrong then to say that decentralisation precludes anonymity, red herring rule-of-thumb (rot).

I'll see if I can come up with a schema that fits easily into the bitcoin transaction model for comment. Would be based around the block-generating node blind signing the transactions in essence.

I suspect it is possible.  But we need someone with a big brain, or someone who has enough time to think about it thoroughly.