Bitcoin Forum>Other>Archival>MultiBit
Pages:
Author

Topic: Multibit long term reliability? (Read 1910 times)

bitcoinmasterlord
legendary
Activity: 1148
Merit: 1006
Multibit long term reliability?
July 16, 2015, 08:12:08 AM
#30
Quote from: hodedowe on July 13, 2015, 06:06:32 PM
Quote from: bitcoinmasterlord on July 13, 2015, 05:58:57 PM
Quote from: shorena on July 09, 2015, 02:22:37 PM
Quote from: bitcoinmasterlord on July 09, 2015, 12:52:40 PM
-snip-
What do you mean with false positives?

Adding someone elses bitcoin address (as watch only ofc) will create wrong assumptions when someone wants to detect which address are yours and how much bitcoin you have.

Is this a feature of Multibit? I'm not aware that this can be done with Electrum, for example. Or do you speak about posting addresses? Sounds risky, if such address can be connected to other addresses that belong to a spammer then you might get red trust. Of course one could simply use an address from a websites wallet.

You can do this with Electrum, I posted a link above.

I nearly did not find your link about the cold wallets but the link about false positive addresses i can't find at all. Can you give the link again or point me to the thread you posted it in?
hodedowe
sr. member
Activity: 359
Merit: 251
Re: Multibit long term reliability?
July 13, 2015, 06:06:32 PM
#29
Quote from: bitcoinmasterlord on July 13, 2015, 05:58:57 PM
Quote from: shorena on July 09, 2015, 02:22:37 PM
Quote from: bitcoinmasterlord on July 09, 2015, 12:52:40 PM
-snip-
What do you mean with false positives?

Adding someone elses bitcoin address (as watch only ofc) will create wrong assumptions when someone wants to detect which address are yours and how much bitcoin you have.

Is this a feature of Multibit? I'm not aware that this can be done with Electrum, for example. Or do you speak about posting addresses? Sounds risky, if such address can be connected to other addresses that belong to a spammer then you might get red trust. Of course one could simply use an address from a websites wallet.

You can do this with Electrum, I posted a link above.
bitcoinmasterlord
legendary
Activity: 1148
Merit: 1006
Re: Multibit long term reliability?
July 13, 2015, 05:58:57 PM
#28
Quote from: shorena on July 09, 2015, 02:22:37 PM
Quote from: bitcoinmasterlord on July 09, 2015, 12:52:40 PM
-snip-
What do you mean with false positives?

Adding someone elses bitcoin address (as watch only ofc) will create wrong assumptions when someone wants to detect which address are yours and how much bitcoin you have.

Is this a feature of Multibit? I'm not aware that this can be done with Electrum, for example. Or do you speak about posting addresses? Sounds risky, if such address can be connected to other addresses that belong to a spammer then you might get red trust. Of course one could simply use an address from a websites wallet.
shorena
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
Re: Multibit long term reliability?
July 09, 2015, 04:07:59 PM
#27
Quote from: hodedowe on July 09, 2015, 04:06:36 PM
But if I owned Electrum then I would own all the electrum users, correct?

Nope, anyone can run an electrum server and since electrum is open source people can check for backdoors in the code (wallet and server).
hodedowe
sr. member
Activity: 359
Merit: 251
Re: Multibit long term reliability?
July 09, 2015, 04:06:36 PM
#26
But if I owned Electrum then I would own all the electrum users, correct? By own, I mean I can know their balances, tax them, and/or block them from accessing their funds.
shorena
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
Re: Multibit long term reliability?
July 09, 2015, 04:04:51 PM
#25
Quote from: hodedowe on July 09, 2015, 03:39:36 PM
-snip-
Thank you for clarifying! That makes sense. So tell me this, if I were say, the government of Greece and I wanted to monitor all BTC transfers and tax or even ban a user, I could buy the Electrum server and boom, I'm in business.

That's a little scary.

Not exactly, you would have to make sure every citizen is using your server which is next to impossible. Its also very difficult (even for a state) to connect an IP address directly to a person. Most IP addresses are used by several persons and they can easily be hidden, e.g. via Tor, a proxy or a VPN.
hodedowe
sr. member
Activity: 359
Merit: 251
Re: Multibit long term reliability?
July 09, 2015, 03:39:36 PM
#24
Quote from: shorena on July 09, 2015, 02:55:01 PM
Quote from: hodedowe on July 09, 2015, 02:42:54 PM
Quote from: shorena on July 09, 2015, 02:22:37 PM
Quote from: bitcoinmasterlord on July 09, 2015, 12:52:40 PM
-snip-
What do you mean with false positives?

Adding someone elses bitcoin address (as watch only ofc) will create wrong assumptions when someone wants to detect which address are yours and how much bitcoin you have.

Can you expand on this some?

When you are using electrum you get the all data from a server. If this server wanted to spy on you, they could know all your addresses and the balances. They cant spend your coins and if they would block your transactions you would probably connect to a different server. I assume the default configuration connects to a different server from time to time anyway, but lets assume you manually select a specific server for this. As above this server knows for which addresses you request information. If you now add a watch only addresses from a stranger you would also request information for that address. This could lead to false information about you. You cant actually spend those coins as you dont know the private key, you just know the address. For the server however it looks like the address is yours. Thats what Muhammed Zakir was refering to as "false positives". Its a positive in regards to "does address Y belong to X?", but in fact Y does not belong to X.



Thank you for clarifying! That makes sense. So tell me this, if I were say, the government of Greece and I wanted to monitor all BTC transfers and tax or even ban a user, I could buy the Electrum server and boom, I'm in business.

That's a little scary.
shorena
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
Re: Multibit long term reliability?
July 09, 2015, 02:55:01 PM
#23
Quote from: hodedowe on July 09, 2015, 02:42:54 PM
Quote from: shorena on July 09, 2015, 02:22:37 PM
Quote from: bitcoinmasterlord on July 09, 2015, 12:52:40 PM
-snip-
What do you mean with false positives?

Adding someone elses bitcoin address (as watch only ofc) will create wrong assumptions when someone wants to detect which address are yours and how much bitcoin you have.

Can you expand on this some?

When you are using electrum you get the all data from a server. If this server wanted to spy on you, they could know all your addresses and the balances. They cant spend your coins and if they would block your transactions you would probably connect to a different server. I assume the default configuration connects to a different server from time to time anyway, but lets assume you manually select a specific server for this. As above this server knows for which addresses you request information. If you now add a watch only addresses from a stranger you would also request information for that address. This could lead to false information about you. You cant actually spend those coins as you dont know the private key, you just know the address. For the server however it looks like the address is yours. Thats what Muhammed Zakir was refering to as "false positives". Its a positive in regards to "does address Y belong to X?", but in fact Y does not belong to X.
wlefever
legendary
Activity: 1174
Merit: 1001
Re: Multibit long term reliability?
July 09, 2015, 02:45:42 PM
#22
Quote from: jim618 on July 03, 2015, 03:37:49 AM
The commenters on the MultiBit architecture are correct.

MultiBit HD connects directly to Bitcoin Core/XT nodes to:
+ get transaction data
+ send transactions

It connects to multibit.org for various housekeeping things but fails over and keeps going if multibit.org is down.
Specifically:
+ it checks a file on multibit.org to see if there is a new version(no multibit.org = no upgrade notification)
+ it gets the help from multibit.org (fails over to a local copy of the help - it'll be a bit out of date but no big deal)
+ if you create a new wallet it does a BRIT exchange to get a list of fee addresses (fails over to a hardwired list).

In V0.1.1 you no longer will see an annoying 'MultiBit HD - internet connection' dialog if our server is down - we've fixed that.

tl;dr; If the multibit.org server goes down you can carry on using MultiBit HD for all your bitcoin related tasks.


Blocking multibit.org in your firewall would be a good way to simulate that yes if you wanted to test it. Please unblock it once you've run the test ! :-)
Thanks for this. I too was wondering.
hodedowe
sr. member
Activity: 359
Merit: 251
Re: Multibit long term reliability?
July 09, 2015, 02:42:54 PM
#21
Quote from: shorena on July 09, 2015, 02:22:37 PM
Quote from: bitcoinmasterlord on July 09, 2015, 12:52:40 PM
-snip-
What do you mean with false positives?

Adding someone elses bitcoin address (as watch only ofc) will create wrong assumptions when someone wants to detect which address are yours and how much bitcoin you have.

Can you expand on this some?
shorena
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
Re: Multibit long term reliability?
July 09, 2015, 02:22:37 PM
#20
Quote from: bitcoinmasterlord on July 09, 2015, 12:52:40 PM
-snip-
What do you mean with false positives?

Adding someone elses bitcoin address (as watch only ofc) will create wrong assumptions when someone wants to detect which address are yours and how much bitcoin you have.
bitcoinmasterlord
legendary
Activity: 1148
Merit: 1006
Re: Multibit long term reliability?
July 09, 2015, 12:52:40 PM
#19
Quote from: Muhammed Zakir on July 08, 2015, 08:54:43 AM
Quote from: bitcoinmasterlord on July 08, 2015, 07:16:36 AM
Thanks for explaining to me Muhammed Zakir. I didn't know that Multibit has unencrypted traffic. :O

See jim618's above post.

Quote from: bitcoinmasterlord on July 08, 2015, 07:16:36 AM
But i think electrum is more dangerous. I mean an attacker only would need to set up a server and he would get all the wallet addresses. Im not sure if a wallet needs to connect to him first but the auto connect is enabled by default. And when it's disabled then im still not sure if electrum isn't sometimes connecting to the other servers.

So i think electrum is a mess anonymitywise.

You can choose an Electrum server manually and to create false-positive, you can add watch-only addresses to your Electrum. Nonetheless, both Multibit and Electrum has its own downsides. You will have to make right choice.

http://www.thomasmonaco.com/electrum-vs-multibit-bitcoin-thin-client-comparison/ maybe helpful. Note that, this article compares Multibit Classic and Electrum not Multibit HD.

What do you mean with false positives?

The thing is that you never know who is behind an electrum server. Could be someone who wants to know what addresses are in certain wallets and wants to do whatever with it.
Muhammed Zakir
hero member
Activity: 560
Merit: 509
I prefer Zakir over Muhammed when mentioning me!
Re: Multibit long term reliability?
July 09, 2015, 07:11:25 AM
#18
Quote from: hodedowe on July 08, 2015, 03:51:12 PM
Wait, so Electrum isn't secure?


Say you wanted to put your retirement savings into BTC, like for instance you live in Greece... Putting it in an Electrum Wallet with the cold storage guide here isn't "set-it and forget it" secure?

IF that's true then the guys at Bitcoin need to get their butts together to better prevent theft or cryptocurrency will never take off as a replacement for fiat on any scale that makes it feasible.


edited for readability. Brain gets ahead of fingers sometimes. Smiley

Electrum is[/is] secure and so does, Multibit.
hodedowe
sr. member
Activity: 359
Merit: 251
Re: Multibit long term reliability?
July 08, 2015, 03:51:12 PM
#17
Wait, so Electrum isn't secure?


Say you wanted to put your retirement savings into BTC, like for instance you live in Greece... Putting it in an Electrum Wallet with the cold storage guide here isn't "set-it and forget it" secure?

IF that's true then the guys at Bitcoin need to get their butts together to better prevent theft or cryptocurrency will never take off as a replacement for fiat on any scale that makes it feasible.


edited for readability. Brain gets ahead of fingers sometimes. Smiley
Muhammed Zakir
hero member
Activity: 560
Merit: 509
I prefer Zakir over Muhammed when mentioning me!
Re: Multibit long term reliability?
July 08, 2015, 08:54:43 AM
#16
Quote from: bitcoinmasterlord on July 08, 2015, 07:16:36 AM
Thanks for explaining to me Muhammed Zakir. I didn't know that Multibit has unencrypted traffic. :O

See jim618's above post.

Quote from: bitcoinmasterlord on July 08, 2015, 07:16:36 AM
But i think electrum is more dangerous. I mean an attacker only would need to set up a server and he would get all the wallet addresses. Im not sure if a wallet needs to connect to him first but the auto connect is enabled by default. And when it's disabled then im still not sure if electrum isn't sometimes connecting to the other servers.

So i think electrum is a mess anonymitywise.

You can choose an Electrum server manually and to create false-positive, you can add watch-only addresses to your Electrum. Nonetheless, both Multibit and Electrum has its own downsides. You will have to make right choice.

http://www.thomasmonaco.com/electrum-vs-multibit-bitcoin-thin-client-comparison/ maybe helpful. Note that, this article compares Multibit Classic and Electrum not Multibit HD.
jim618
legendary
Activity: 1708
Merit: 1066
Re: Multibit long term reliability?
July 08, 2015, 08:18:51 AM
#15
Quote from: bitcoinmasterlord on July 08, 2015, 07:16:36 AM
Thanks for explaining to me Muhammed Zakir. I didn't know that Multibit has unencrypted traffic. :O

But i think electrum is more dangerous. I mean an attacker only would need to set up a server and he would get all the wallet addresses. Im not sure if a wallet needs to connect to him first but the auto connect is enabled by default. And when it's disabled then im still not sure if electrum isn't sometimes connecting to the other servers.

So i think electrum is a mess anonymitywise.

All the traffic to and from Bitcoin Core nodes (and between them when they relay transactions) is unencrypted.
nonbody
hero member
Activity: 826
Merit: 501
2local[IEO] - https://2local.io/
Re: Multibit long term reliability?
July 08, 2015, 07:19:18 AM
#14
no servers, i have been using it for the past year and have had only one problem... my payment from genesis mining didn't come through for a week, turns out it was genesis mining not the wallet Cheesy
bitcoinmasterlord
legendary
Activity: 1148
Merit: 1006
Re: Multibit long term reliability?
July 08, 2015, 07:16:36 AM
#13
Thanks for explaining to me Muhammed Zakir. I didn't know that Multibit has unencrypted traffic. :O

But i think electrum is more dangerous. I mean an attacker only would need to set up a server and he would get all the wallet addresses. Im not sure if a wallet needs to connect to him first but the auto connect is enabled by default. And when it's disabled then im still not sure if electrum isn't sometimes connecting to the other servers.

So i think electrum is a mess anonymitywise.
Muhammed Zakir
hero member
Activity: 560
Merit: 509
I prefer Zakir over Muhammed when mentioning me!
Re: Multibit long term reliability?
July 04, 2015, 12:05:27 PM
#12
Quote from: bitcoinmasterlord on July 04, 2015, 10:22:34 AM
Oh, right... i don't know how i forgot what it meant. Tongue

But Multibit doesn't store the blockchain,

Electrum does not store the blockchain too.

Quote from: bitcoinmasterlord on July 04, 2015, 10:22:34 AM
so still nobody except the multibit wallet knows all the addresses in that wallet?

No. An attacker can know, if not all, most of your addresses but I don't know if Multibit is using a modified BitcoinJ which solves this problem.

Quote from: bitcoinmasterlord on July 04, 2015, 10:22:34 AM
It's different to electrum where the servers practically know all the addresses in a electrum wallet?

Yes but Multibit's connections to nodes are unecrypted which is far less secure than Electrum's connections. You can add some watch-only addresses which do not belong to you to create false-positive.

Quote from: bitcoinmasterlord on July 04, 2015, 10:22:34 AM
Sorry for asking you out. Smiley

No problem.
bitcoinmasterlord
legendary
Activity: 1148
Merit: 1006
Re: Multibit long term reliability?
July 04, 2015, 10:22:34 AM
#11
Quote from: Muhammed Zakir on July 03, 2015, 09:38:29 AM
Quote from: bitcoinmasterlord on July 03, 2015, 07:57:04 AM
Quote from: jim618 on July 03, 2015, 03:37:49 AM
The commenters on the MultiBit architecture are correct.

MultiBit HD connects directly to Bitcoin Core/XT nodes to:
+ get transaction data
+ send transactions

So where is this node? It's a server isn't it? I know that the server can't spend the coins but still, he knows all addresses in that wallet, right? Its similar to electrum as long as iam not wrong.

So theoretically i see a risk.

Nodes are not servers, they are Bitcoin Core/XT clients which opened inbound connections. See https://bitcoin.org/en/full-node.

Oh, right... i don't know how i forgot what it meant. Tongue

But Multibit doesn't store the blockchain, so still nobody except the multibit wallet knows all the addresses in that wallet?

It's different to electrum where the servers practically know all the addresses in a electrum wallet?

Sorry for asking you out. Smiley
Pages:
Bitcoin Forum>Other>Archival>MultiBit
Jump to: