Pages:
Author

Topic: Miners: Time to deprioritise/filter address reuse! - page 13. (Read 51855 times)

legendary
Activity: 1064
Merit: 1000
I'd previously run something similar on my miners.

Beyond encouraging behavior that improves privacy for everyone and making censorship more of a non-starter, this has a benefit of giving naturally more equitable access to the shared resource of the blockchain:  If someone is self-identifying as a single user by using an address over and over again, why not use that information to give other transactions (which may all be from independent users) more equal access?

The specific details of what form the deprioritization takes are less clear. Right now this patch implements a hard prohibition on reuse that has a one block scope. E.g. if there are 10 transactions with 1APPLE and if all miners ran this patch it would take 10 blocks for them all to make it in.   I'd probably prefer something softer (e.g. treat reuse as having half or quarter the fee/priority), but with longer memory... but the important thing is to get it out there and explore the ideas and effects, and also clean up some of the Bitcoin ecosystem which was lazily reusing addresses constantly for no reason except nothing was incentivizing them to fix it.

We need to get some things (like BIP32) deployed to eliminate some of the sources of reuse, but it does no good if only the paranoids use it,  faster confirmations will be an added incentive for the changes than the amorphous and indirect benefits of inoculating our economy against censorship and loss of privacy.

The patch should be submitted to the main bitcoin project imo so it makes it into the next release.
legendary
Activity: 882
Merit: 1000
Could you provide a concrete example to explain why reusing addresses by A will affect B if B always carefully choosing address. and how both A and B never reusing addresses prevent it? I'm still not so clear about it.

Since the drawbacks are very apparent, IMHO you need a very clear explanation about the benefit and why the benefit is far more important than the drawbacks.

http://blockexplorer.com/address/1Lukejrwhew7sj4TvWCKksaVo7aLpedHDt

Follow the coins back ~12 hops to where they were generated, then follow forward where they were sent to "A". Easy to identify the recipient and owner. Backwards, not so much.

Now if B's next payment with the change from that transaction is to "free Tibet", buy "recreational substances", or pay a hitman to whack a business partner, association with the transaction A may reveal identity. When A is shared and reused, as in "this is the donation address for Eligius", any separate-channel information about someone making a donation to Eligius can be used with this known address to reveal a path to their money.
A question of mine is posted in https://bitcointalksearch.org/topic/m.3589360.
legendary
Activity: 882
Merit: 1000
Could you provide a concrete example to explain why reusing addresses by A will affect B if B always carefully choosing address. and how both A and B never reusing addresses prevent it? I'm still not so clear about it.
A always reuses addresses. Blockchain.info uses this to display their name and IP address along with their transactions, everyone else they've ever transacted with knows who they are, anyone can identify who they are with a simple google search, etc. Because A reuses so often even if A sometimes doesn't reuse, the coins they receive inevitably get mixed up with the non-reused one. A is entirely public.

Now B is super careful and paranoid... and we're not even in a world where blacklisting or whitelisting prevents B from comfortably using his paranoid practices. He never reuses.  Someone is trying to figure out who B is because they want to defraud him.  Initially they are thwarted by B's pratices but then they see that B initially received his coins from A. Everyone knows who A is. Moreover, they see when they did so. From that alone they've learned a ton of information about B, beyond that they can now go ask A to tell them— they could coerce A, or just trick him, as we've already established that A is pretty happy go lucky and not very cautious.   Beyond that it isn't just A,  B also transacts with other people who are not hygienic and those all potentially leak information too.

This actually works in practice, too... A nice whitehat hacker on IRC was playing around with brainwallet cracking and hit a phrase with ~250 BTC in it.  We were able to identify the owner from just the address alone, because they'd been paid by a Bitcoin service that reused addresses and he was able to talk them into giving up the users contact information. He actually got the user on the phone, they were shocked and confused— but grateful to not be out their coin.  A happy ending there. (This isn't the only example of it, by far ... but its one of the more fun ones).

Uh. We've gone pretty far offtopic here, perhaps these posts should be split from this thread?
https://bitcointalksearch.org/topic/m.3589360
I've create a new topic and put my question there.
legendary
Activity: 1512
Merit: 1036
Could you provide a concrete example to explain why reusing addresses by A will affect B if B always carefully choosing address. and how both A and B never reusing addresses prevent it? I'm still not so clear about it.

Since the drawbacks are very apparent, IMHO you need a very clear explanation about the benefit and why the benefit is far more important than the drawbacks.

http://blockexplorer.com/address/1Lukejrwhew7sj4TvWCKksaVo7aLpedHDt

Follow the coins back ~12 hops to where they were generated, then follow forward where they were sent to "A". Easy to identify the recipient and owner. Backwards, not so much.

Now if B's next payment with the change from that transaction is to "free Tibet", buy "recreational substances", or pay a hitman to whack a business partner, association with the transaction A may reveal identity. When A is shared and reused, as in "this is the donation address for Eligius", any separate-channel information about someone making a donation to Eligius can be used with this known address to reveal a path to their money.
staff
Activity: 4284
Merit: 8808
Could you provide a concrete example to explain why reusing addresses by A will affect B if B always carefully choosing address. and how both A and B never reusing addresses prevent it? I'm still not so clear about it.
A always reuses addresses. Blockchain.info uses this to display their name and IP address along with their transactions, everyone else they've ever transacted with knows who they are, anyone can identify who they are with a simple google search, etc. Because A reuses so often even if A sometimes doesn't reuse, the coins they receive inevitably get mixed up with the non-reused one. A is entirely public.

Now B is super careful and paranoid... and we're not even in a world where blacklisting or whitelisting prevents B from comfortably using his paranoid practices. He never reuses.  Someone is trying to figure out who B is because they want to defraud him.  Initially they are thwarted by B's pratices but then they see that B initially received his coins from A. Everyone knows who A is. Moreover, they see when they did so. From that alone they've learned a ton of information about B, beyond that they can now go ask A to tell them— they could coerce A, or just trick him, as we've already established that A is pretty happy go lucky and not very cautious.   Beyond that it isn't just A,  B also transacts with other people who are not hygienic and those all potentially leak information too.

This actually works in practice, too... A nice whitehat hacker on IRC was playing around with brainwallet cracking and hit a phrase with ~250 BTC in it.  We were able to identify the owner from just the address alone, because they'd been paid by a Bitcoin service that reused addresses and he was able to talk them into giving up the users contact information. He actually got the user on the phone, they were shocked and confused— but grateful to not be out their coin.  A happy ending there. (This isn't the only example of it, by far ... but its one of the more fun ones).

Uh. We've gone pretty far offtopic here, perhaps these posts should be split from this thread?
legendary
Activity: 882
Merit: 1000
I have a business like a gas station or a fast food, in order to actually serve all my customers and have the bitcoins in my account (transaction confirmed)
Why do you need that? Do you accept credit cards? Do you wait for them to confirm as well (6 months)?
with this limit of 1/block or 250/day I would have to use multiple addresses.
You have to use multiple addresses anyway.
"Addresses" are badly named: "invoice id" would be more accurate.
What will happen if you have 1000 customers a day ?
If you use the same address all the time, it'll be impossible to know which of the 10 or so paying-right-now customers failed to pay their bill.

Thanks for the response.
So the only inconvenience will be if you use the same address to pay for something you'll have to wait two block.
This is not as bad as it seems for the average user.

But , what will happen if the next pool decides to raise this for 1 to 100?
I'm more concern about what this could lead to that what it actually does , to be sincere.



I think client can help in this case. Whenever you are sending out BTC from an address, all unspent BTC are spent and send to a newly generated change address. In this case, no one will send out BTC with the same address more than once.

I just don't agree on forbidding one address to accept BTC for multiple times. That makes many things complicated and brings no apparent advantage. It will be enough to restrict an address to be used again once its balance is spent.

This could significantly reduce the frequency people have to change their donation address, tip address, and mining income address. But still it invalidates some useful applications, such as MasterCoin and maybe ColorCoin.
legendary
Activity: 882
Merit: 1000
No one asks you to make your btc addresses public. You can keep it as secret as you will. You can always choose to generate one-time receiving address if you want. But is there any reason to stop others to use one address as their public address if they think they don't mind?
Because reusing addresses makes it open to everyone, not just the relevant parties you'd like (or have been ordered to) disclose them to. Worse, your lack of privacy make everyone you transact with and everyone they transact with less private.  Your comments about "always choose" are empty promises in the face of proposals to have black and white lists which will limit your ability to transact, and empty in the face of privacy losses created by people who you've transacted with.

I can turn everything you've said right around— there is nothing preventing you from privately identifying yourself and registering your addresses. You can always do this and the parties you transact with can to. Nothing about requiring privacy preserving behavior in the public network prevents you from separately having information disclosed about you, nothing can prevent investigations from happening. But the converse is not true, the lack of privacy in the public network very easily prevents people from choosing to be private at all, and it very easily can make Bitcoin worthless as a money like good.

Could you provide a concrete example to explain why reusing addresses by A will affect B if B always carefully choosing address. and how both A and B never reusing addresses prevent it? I'm still not so clear about it.

Since the drawbacks are very apparent, IMHO you need a very clear explanation about the benefit and why the benefit is far more important than the drawbacks.

 
hero member
Activity: 826
Merit: 501
in defi we trust
I have a business like a gas station or a fast food, in order to actually serve all my customers and have the bitcoins in my account (transaction confirmed)
Why do you need that? Do you accept credit cards? Do you wait for them to confirm as well (6 months)?
with this limit of 1/block or 250/day I would have to use multiple addresses.
You have to use multiple addresses anyway.
"Addresses" are badly named: "invoice id" would be more accurate.
What will happen if you have 1000 customers a day ?
If you use the same address all the time, it'll be impossible to know which of the 10 or so paying-right-now customers failed to pay their bill.

Thanks for the response.
So the only inconvenience will be if you use the same address to pay for something you'll have to wait two block.
This is not as bad as it seems for the average user.

But , what will happen if the next pool decides to raise this for 1 to 100?
I'm more concern about what this could lead to that what it actually does , to be sincere.

legendary
Activity: 2576
Merit: 1186
I have a business like a gas station or a fast food, in order to actually serve all my customers and have the bitcoins in my account (transaction confirmed)
Why do you need that? Do you accept credit cards? Do you wait for them to confirm as well (6 months)?
with this limit of 1/block or 250/day I would have to use multiple addresses.
You have to use multiple addresses anyway.
"Addresses" are badly named: "invoice id" would be more accurate.
What will happen if you have 1000 customers a day ?
If you use the same address all the time, it'll be impossible to know which of the 10 or so paying-right-now customers failed to pay their bill.
hero member
Activity: 826
Merit: 501
in defi we trust
Somebody please explain to me the following situation..
I have a business like a gas station or a fast food, in order to actually serve all my customers and have the bitcoins in my account (transaction confirmed) with this limit of 1/block or 250/day I would have to use multiple addresses.
You already have to use one address per purchase (/customer) or you cannot tell who paid you. This is already the universal practice in Bitcoin payment processing.

Quote
Won't this just put more pressure on the blockchain when people we'll try to cash out?
No, a payment is a payement is a payment. There are no accounts or balances in the blockchain itself— it's completely blind to things like addresses.

Thanks for the info
staff
Activity: 4284
Merit: 8808
Somebody please explain to me the following situation..
I have a business like a gas station or a fast food, in order to actually serve all my customers and have the bitcoins in my account (transaction confirmed) with this limit of 1/block or 250/day I would have to use multiple addresses.
You already have to use one address per purchase (/customer) or you cannot tell who paid you. This is already the universal practice in Bitcoin payment processing.

Quote
Won't this just put more pressure on the blockchain when people we'll try to cash out?
No, a payment is a payement is a payment. There are no accounts or balances in the blockchain itself— it's completely blind to things like addresses.
hero member
Activity: 826
Merit: 501
in defi we trust
Somebody please explain to me the following situation..
I have a business like a gas station or a fast food, in order to actually serve all my customers and have the bitcoins in my account (transaction confirmed) with this limit of 1/block or 250/day I would have to use multiple addresses. Won't this just put more pressure on the blockchain when people we'll try to cash out?

What will happen if you have 1000 customers a day ?
staff
Activity: 4284
Merit: 8808
No one asks you to make your btc addresses public. You can keep it as secret as you will. You can always choose to generate one-time receiving address if you want. But is there any reason to stop others to use one address as their public address if they think they don't mind?
Because reusing addresses makes it open to everyone, not just the relevant parties you'd like (or have been ordered to) disclose them to. Worse, your lack of privacy make everyone you transact with and everyone they transact with less private.  Your comments about "always choose" are empty promises in the face of proposals to have black and white lists which will limit your ability to transact, and empty in the face of privacy losses created by people who you've transacted with.

I can turn everything you've said right around— there is nothing preventing you from privately identifying yourself and registering your addresses. You can always do this and the parties you transact with can to. Nothing about requiring privacy preserving behavior in the public network prevents you from separately having information disclosed about you, nothing can prevent investigations from happening. But the converse is not true, the lack of privacy in the public network very easily prevents people from choosing to be private at all, and it very easily can make Bitcoin worthless as a money like good.
legendary
Activity: 882
Merit: 1000
So you mean BTC is mainly adopted by people wants 100% privacy?  On the contrary, it's possible that the majority haven't adopt BTC just because of the anonymity. Most of people heard of BTC but haven't convinced to use them because they think the government will not allow such things to exist. The main objective of BTC foundation is not to increase its anonymity, but to explain to the authority that it's not as anonymous as they think.
This isn't about anonymity.
If the government wants to know who you are, they'll subpoena your landlord to tell them.
Are you saying the majority of people want the unknown to-be-rapist down the street to know their every purchase, telling him where you've been and what you buy?
They want the pedophile-to-be to know when and where they drop their children off at childcare?

Why will they know my every purchase, and where I've been?  I don't understand. Just because I put a fixed receiving address on the mining pool?  Many people on this forum put their btc address in their signature for tips, what kind of privacy they lose?

It only happens when they are using that address to buy something requiring name and shipping address, right? I believe no one will use public address to pay for something they don't want others know anyway.
legendary
Activity: 2576
Merit: 1186
So you mean BTC is mainly adopted by people wants 100% privacy?  On the contrary, it's possible that the majority haven't adopt BTC just because of the anonymity. Most of people heard of BTC but haven't convinced to use them because they think the government will not allow such things to exist. The main objective of BTC foundation is not to increase its anonymity, but to explain to the authority that it's not as anonymous as they think.
This isn't about anonymity.
If the government wants to know who you are, they'll subpoena your landlord to tell them.
Are you saying the majority of people want the unknown to-be-rapist down the street to know their every purchase, telling him where you've been and what you buy?
They want the pedophile-to-be to know when and where they drop their children off at childcare?
sr. member
Activity: 321
Merit: 250
yeah, I think we should all put gmaxwell's post in our sigs for all to see.   ;-)
legendary
Activity: 882
Merit: 1000
hero member
Activity: 994
Merit: 507
staff
Activity: 4284
Merit: 8808
But even these changes to the input selection algorithm will not help you if all of your income is from one source (one pool to your one payout address) and you go on a spending spree
Sure they will, the first transaction will take all your coins from that source and they'll end up at a new, never used before, change address.

D&T answered Eleuthria exactly, the miner payout case was a major design consideration for me for BIP32. It can still be happily locked, and the users non-mining addresses can be unknown to the pool.. and yet every payment can be to a new address known only to the user and the pool. Basically everything you could want there except not being widely deployed. Yet. Isn't it good we've had this conversation now? Smiley
staff
Activity: 4284
Merit: 8808
For those who wants complete anonymity, they can go for some altcoins supporting it. In my opinion, BTC is supposed to be used by everyone and everywhere as mainstream currency. So please stop doing things like this to push the majority away just for the sake of niche market.
I can't seem to find the link to your bank account records, mind posting them for us?

Luke is pretty much the last person you'd expect to give a crap about underground uses. But privacy is _not_ only a consideration for them, or even primarily for them: dope dealers—or whatever you want your bogeyman to be—can buy their way to privacy even in a system which is very non-private.

Financial privacy is an essential element to fungibility in Bitcoin: if you can meaningfully distinguish one coin from another, then their fungibility is weak. If our fungibility is too weak in practice, then we cannot be decentralized: if someone important announces a list of stolen coins they won't accept coins derived from, you must carefully check coins you accept against that list and return the ones that fail.  Everyone gets stuck checking blacklists issued by various authorities because in that world we'd all not like to get stuck with bad coins. This adds friction and transactional costs and makes Bitcoin less valuable as a money.

Financial privacy is an essential criteria for the efficient operation of a free market: if you run a business, you cannot effectively set prices if your suppliers and customers can see all your transactions against your will. You cannot compete effectively if your competition is tracking your sales.  Individually your informational leverage is lost in your private dealings if you don't have privacy over your accounts: if you pay your landlord in Bitcoin without enough privacy in place, your landlord will see when you've received a pay raise and can hit you up for more rent.

Financial privacy is essential for personal safety: if thieves can see your spending, income, and holdings, they can use that information to target and exploit you. Without privacy malicious parties have more ability to steal your identity, snatch your large purchases off your doorstep, or impersonate businesses you transact with towards you... they can tell exactly how much to try to scam you for.

Financial privacy is essential for human dignity: no one wants the snotty barista at the coffee shop or their nosy neighbors commenting on their income or spending habits. No one wants their baby-crazy in-laws asking why they're buying contraception (or sex toys). Your employer has no business knowing what church you donate to. Only in a perfectly enlightened discrimination free world where no one has undue authority over anyone else could we retain our dignity and make our lawful transactions freely without self-censorship if we don't have privacy.

Most importantly, financial privacy isn't incompatible with things like law enforcement or transparency. You can always keep records, be ordered (or volunteer) to provide them to whomever, have judges hold against your interest when you can't produce records (as is the case today).  None of this requires _globally_ visible public records.

Globally visible public records in finance are completely unheard-of. They are undesirable and arguably intolerable. The Bitcoin whitepaper made a promise of how we could get around the visibility of the ledger with pseudonymous addresses, but the ecosystem has broken that promise in a bunch of places and we ought to fix it. Bitcoin could have coded your name or IP address into every transaction. It didn't. The whitepaper even has a section on privacy. It's incorrect to say that Bitcoin isn't focused on privacy. Sufficient privacy is an essential prerequisite for a viable digital currency.

So, again, I ask—let's see your bank records; I'm sure there is an export to CSV.  Mtgox transaction dumps? Stock trading accounts. Let's see you—even just you—post all this before you presume to say that you think that's what the public wants forced on everyone.
Pages:
Jump to: