Author

Topic: Multibit long term reliability? (Read 1912 times)

legendary
Activity: 1148
Merit: 1006
July 16, 2015, 08:12:08 AM
#30
-snip-
What do you mean with false positives?

Adding someone elses bitcoin address (as watch only ofc) will create wrong assumptions when someone wants to detect which address are yours and how much bitcoin you have.

Is this a feature of Multibit? I'm not aware that this can be done with Electrum, for example. Or do you speak about posting addresses? Sounds risky, if such address can be connected to other addresses that belong to a spammer then you might get red trust. Of course one could simply use an address from a websites wallet.

You can do this with Electrum, I posted a link above.

I nearly did not find your link about the cold wallets but the link about false positive addresses i can't find at all. Can you give the link again or point me to the thread you posted it in?
sr. member
Activity: 359
Merit: 251
July 13, 2015, 06:06:32 PM
#29
-snip-
What do you mean with false positives?

Adding someone elses bitcoin address (as watch only ofc) will create wrong assumptions when someone wants to detect which address are yours and how much bitcoin you have.

Is this a feature of Multibit? I'm not aware that this can be done with Electrum, for example. Or do you speak about posting addresses? Sounds risky, if such address can be connected to other addresses that belong to a spammer then you might get red trust. Of course one could simply use an address from a websites wallet.

You can do this with Electrum, I posted a link above.
legendary
Activity: 1148
Merit: 1006
July 13, 2015, 05:58:57 PM
#28
-snip-
What do you mean with false positives?

Adding someone elses bitcoin address (as watch only ofc) will create wrong assumptions when someone wants to detect which address are yours and how much bitcoin you have.

Is this a feature of Multibit? I'm not aware that this can be done with Electrum, for example. Or do you speak about posting addresses? Sounds risky, if such address can be connected to other addresses that belong to a spammer then you might get red trust. Of course one could simply use an address from a websites wallet.
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
July 09, 2015, 04:07:59 PM
#27
But if I owned Electrum then I would own all the electrum users, correct?

Nope, anyone can run an electrum server and since electrum is open source people can check for backdoors in the code (wallet and server).
sr. member
Activity: 359
Merit: 251
July 09, 2015, 04:06:36 PM
#26
But if I owned Electrum then I would own all the electrum users, correct? By own, I mean I can know their balances, tax them, and/or block them from accessing their funds.
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
July 09, 2015, 04:04:51 PM
#25
-snip-
Thank you for clarifying! That makes sense. So tell me this, if I were say, the government of Greece and I wanted to monitor all BTC transfers and tax or even ban a user, I could buy the Electrum server and boom, I'm in business.

That's a little scary.

Not exactly, you would have to make sure every citizen is using your server which is next to impossible. Its also very difficult (even for a state) to connect an IP address directly to a person. Most IP addresses are used by several persons and they can easily be hidden, e.g. via Tor, a proxy or a VPN.
sr. member
Activity: 359
Merit: 251
July 09, 2015, 03:39:36 PM
#24
-snip-
What do you mean with false positives?

Adding someone elses bitcoin address (as watch only ofc) will create wrong assumptions when someone wants to detect which address are yours and how much bitcoin you have.

Can you expand on this some?

When you are using electrum you get the all data from a server. If this server wanted to spy on you, they could know all your addresses and the balances. They cant spend your coins and if they would block your transactions you would probably connect to a different server. I assume the default configuration connects to a different server from time to time anyway, but lets assume you manually select a specific server for this. As above this server knows for which addresses you request information. If you now add a watch only addresses from a stranger you would also request information for that address. This could lead to false information about you. You cant actually spend those coins as you dont know the private key, you just know the address. For the server however it looks like the address is yours. Thats what Muhammed Zakir was refering to as "false positives". Its a positive in regards to "does address Y belong to X?", but in fact Y does not belong to X.



Thank you for clarifying! That makes sense. So tell me this, if I were say, the government of Greece and I wanted to monitor all BTC transfers and tax or even ban a user, I could buy the Electrum server and boom, I'm in business.

That's a little scary.
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
July 09, 2015, 02:55:01 PM
#23
-snip-
What do you mean with false positives?

Adding someone elses bitcoin address (as watch only ofc) will create wrong assumptions when someone wants to detect which address are yours and how much bitcoin you have.

Can you expand on this some?

When you are using electrum you get the all data from a server. If this server wanted to spy on you, they could know all your addresses and the balances. They cant spend your coins and if they would block your transactions you would probably connect to a different server. I assume the default configuration connects to a different server from time to time anyway, but lets assume you manually select a specific server for this. As above this server knows for which addresses you request information. If you now add a watch only addresses from a stranger you would also request information for that address. This could lead to false information about you. You cant actually spend those coins as you dont know the private key, you just know the address. For the server however it looks like the address is yours. Thats what Muhammed Zakir was refering to as "false positives". Its a positive in regards to "does address Y belong to X?", but in fact Y does not belong to X.
legendary
Activity: 1174
Merit: 1001
July 09, 2015, 02:45:42 PM
#22
The commenters on the MultiBit architecture are correct.

MultiBit HD connects directly to Bitcoin Core/XT nodes to:
+ get transaction data
+ send transactions

It connects to multibit.org for various housekeeping things but fails over and keeps going if multibit.org is down.
Specifically:
+ it checks a file on multibit.org to see if there is a new version(no multibit.org = no upgrade notification)
+ it gets the help from multibit.org (fails over to a local copy of the help - it'll be a bit out of date but no big deal)
+ if you create a new wallet it does a BRIT exchange to get a list of fee addresses (fails over to a hardwired list).

In V0.1.1 you no longer will see an annoying 'MultiBit HD - internet connection' dialog if our server is down - we've fixed that.

tl;dr; If the multibit.org server goes down you can carry on using MultiBit HD for all your bitcoin related tasks.


Blocking multibit.org in your firewall would be a good way to simulate that yes if you wanted to test it. Please unblock it once you've run the test ! :-)
Thanks for this. I too was wondering.
sr. member
Activity: 359
Merit: 251
July 09, 2015, 02:42:54 PM
#21
-snip-
What do you mean with false positives?

Adding someone elses bitcoin address (as watch only ofc) will create wrong assumptions when someone wants to detect which address are yours and how much bitcoin you have.

Can you expand on this some?
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
July 09, 2015, 02:22:37 PM
#20
-snip-
What do you mean with false positives?

Adding someone elses bitcoin address (as watch only ofc) will create wrong assumptions when someone wants to detect which address are yours and how much bitcoin you have.
legendary
Activity: 1148
Merit: 1006
July 09, 2015, 12:52:40 PM
#19
Thanks for explaining to me Muhammed Zakir. I didn't know that Multibit has unencrypted traffic. :O

See jim618's above post.

But i think electrum is more dangerous. I mean an attacker only would need to set up a server and he would get all the wallet addresses. Im not sure if a wallet needs to connect to him first but the auto connect is enabled by default. And when it's disabled then im still not sure if electrum isn't sometimes connecting to the other servers.

So i think electrum is a mess anonymitywise.

You can choose an Electrum server manually and to create false-positive, you can add watch-only addresses to your Electrum. Nonetheless, both Multibit and Electrum has its own downsides. You will have to make right choice.

http://www.thomasmonaco.com/electrum-vs-multibit-bitcoin-thin-client-comparison/ maybe helpful. Note that, this article compares Multibit Classic and Electrum not Multibit HD.

What do you mean with false positives?

The thing is that you never know who is behind an electrum server. Could be someone who wants to know what addresses are in certain wallets and wants to do whatever with it.
hero member
Activity: 560
Merit: 509
I prefer Zakir over Muhammed when mentioning me!
July 09, 2015, 07:11:25 AM
#18
Wait, so Electrum isn't secure?


Say you wanted to put your retirement savings into BTC, like for instance you live in Greece... Putting it in an Electrum Wallet with the cold storage guide here isn't "set-it and forget it" secure?

IF that's true then the guys at Bitcoin need to get their butts together to better prevent theft or cryptocurrency will never take off as a replacement for fiat on any scale that makes it feasible.


edited for readability. Brain gets ahead of fingers sometimes. Smiley

Electrum is[/is] secure and so does, Multibit.
sr. member
Activity: 359
Merit: 251
July 08, 2015, 03:51:12 PM
#17
Wait, so Electrum isn't secure?


Say you wanted to put your retirement savings into BTC, like for instance you live in Greece... Putting it in an Electrum Wallet with the cold storage guide here isn't "set-it and forget it" secure?

IF that's true then the guys at Bitcoin need to get their butts together to better prevent theft or cryptocurrency will never take off as a replacement for fiat on any scale that makes it feasible.


edited for readability. Brain gets ahead of fingers sometimes. Smiley
hero member
Activity: 560
Merit: 509
I prefer Zakir over Muhammed when mentioning me!
July 08, 2015, 08:54:43 AM
#16
Thanks for explaining to me Muhammed Zakir. I didn't know that Multibit has unencrypted traffic. :O

See jim618's above post.

But i think electrum is more dangerous. I mean an attacker only would need to set up a server and he would get all the wallet addresses. Im not sure if a wallet needs to connect to him first but the auto connect is enabled by default. And when it's disabled then im still not sure if electrum isn't sometimes connecting to the other servers.

So i think electrum is a mess anonymitywise.

You can choose an Electrum server manually and to create false-positive, you can add watch-only addresses to your Electrum. Nonetheless, both Multibit and Electrum has its own downsides. You will have to make right choice.

http://www.thomasmonaco.com/electrum-vs-multibit-bitcoin-thin-client-comparison/ maybe helpful. Note that, this article compares Multibit Classic and Electrum not Multibit HD.
legendary
Activity: 1708
Merit: 1066
July 08, 2015, 08:18:51 AM
#15
Thanks for explaining to me Muhammed Zakir. I didn't know that Multibit has unencrypted traffic. :O

But i think electrum is more dangerous. I mean an attacker only would need to set up a server and he would get all the wallet addresses. Im not sure if a wallet needs to connect to him first but the auto connect is enabled by default. And when it's disabled then im still not sure if electrum isn't sometimes connecting to the other servers.

So i think electrum is a mess anonymitywise.

All the traffic to and from Bitcoin Core nodes (and between them when they relay transactions) is unencrypted.
hero member
Activity: 826
Merit: 501
2local[IEO] - https://2local.io/
July 08, 2015, 07:19:18 AM
#14
no servers, i have been using it for the past year and have had only one problem... my payment from genesis mining didn't come through for a week, turns out it was genesis mining not the wallet Cheesy
legendary
Activity: 1148
Merit: 1006
July 08, 2015, 07:16:36 AM
#13
Thanks for explaining to me Muhammed Zakir. I didn't know that Multibit has unencrypted traffic. :O

But i think electrum is more dangerous. I mean an attacker only would need to set up a server and he would get all the wallet addresses. Im not sure if a wallet needs to connect to him first but the auto connect is enabled by default. And when it's disabled then im still not sure if electrum isn't sometimes connecting to the other servers.

So i think electrum is a mess anonymitywise.
hero member
Activity: 560
Merit: 509
I prefer Zakir over Muhammed when mentioning me!
July 04, 2015, 12:05:27 PM
#12
Oh, right... i don't know how i forgot what it meant. Tongue

But Multibit doesn't store the blockchain,

Electrum does not store the blockchain too.

so still nobody except the multibit wallet knows all the addresses in that wallet?

No. An attacker can know, if not all, most of your addresses but I don't know if Multibit is using a modified BitcoinJ which solves this problem.

It's different to electrum where the servers practically know all the addresses in a electrum wallet?

Yes but Multibit's connections to nodes are unecrypted which is far less secure than Electrum's connections. You can add some watch-only addresses which do not belong to you to create false-positive.

Sorry for asking you out. Smiley

No problem.
legendary
Activity: 1148
Merit: 1006
July 04, 2015, 10:22:34 AM
#11
The commenters on the MultiBit architecture are correct.

MultiBit HD connects directly to Bitcoin Core/XT nodes to:
+ get transaction data
+ send transactions

So where is this node? It's a server isn't it? I know that the server can't spend the coins but still, he knows all addresses in that wallet, right? Its similar to electrum as long as iam not wrong.

So theoretically i see a risk.

Nodes are not servers, they are Bitcoin Core/XT clients which opened inbound connections. See https://bitcoin.org/en/full-node.

Oh, right... i don't know how i forgot what it meant. Tongue

But Multibit doesn't store the blockchain, so still nobody except the multibit wallet knows all the addresses in that wallet?

It's different to electrum where the servers practically know all the addresses in a electrum wallet?

Sorry for asking you out. Smiley
hero member
Activity: 560
Merit: 509
I prefer Zakir over Muhammed when mentioning me!
July 03, 2015, 09:38:29 AM
#10
The commenters on the MultiBit architecture are correct.

MultiBit HD connects directly to Bitcoin Core/XT nodes to:
+ get transaction data
+ send transactions

So where is this node? It's a server isn't it? I know that the server can't spend the coins but still, he knows all addresses in that wallet, right? Its similar to electrum as long as iam not wrong.

So theoretically i see a risk.

Nodes are not servers, they are Bitcoin Core/XT clients which opened inbound connections. See https://bitcoin.org/en/full-node.
sgk
legendary
Activity: 1470
Merit: 1002
!! HODL !!
July 03, 2015, 08:08:18 AM
#9
I just upgraded to MultiBit (I know, I know) and I see that it stores your BTC in a wallet and that it has to talk to a server to get updated. I've been burned by "cloud" software before, so does anyone know if the Multibit server goes down or they go out of business if my wallet will still operate properly?

I'd hate to lose >20 BTC because Mr. Multibit didn't pay his server bill this month Cheesy

As long as you have your private keys, it does not matter what wallet you use.
So no need to panic. Just export your private keys and store them safely. Also print them on paper and store safely.

As long as you have your private keys, you can always recover your Bitcoins using numerous other wallets even if Multibit goes out of existence.
sr. member
Activity: 359
Merit: 251
July 03, 2015, 08:00:20 AM
#8
The "node" he's talking about is the bitcoin network of servers, not Multibit.



Thanks Jim, I get it now. Now if only you'd make it so we can solo mine against Multibit Cheesy





TLDR: Still using Multibit.
legendary
Activity: 1148
Merit: 1006
July 03, 2015, 07:57:04 AM
#7
The commenters on the MultiBit architecture are correct.

MultiBit HD connects directly to Bitcoin Core/XT nodes to:
+ get transaction data
+ send transactions

So where is this node? It's a server isn't it? I know that the server can't spend the coins but still, he knows all addresses in that wallet, right? Its similar to electrum as long as iam not wrong.

So theoretically i see a risk.
legendary
Activity: 1708
Merit: 1066
July 03, 2015, 03:37:49 AM
#6
The commenters on the MultiBit architecture are correct.

MultiBit HD connects directly to Bitcoin Core/XT nodes to:
+ get transaction data
+ send transactions

It connects to multibit.org for various housekeeping things but fails over and keeps going if multibit.org is down.
Specifically:
+ it checks a file on multibit.org to see if there is a new version(no multibit.org = no upgrade notification)
+ it gets the help from multibit.org (fails over to a local copy of the help - it'll be a bit out of date but no big deal)
+ if you create a new wallet it does a BRIT exchange to get a list of fee addresses (fails over to a hardwired list).

In V0.1.1 you no longer will see an annoying 'MultiBit HD - internet connection' dialog if our server is down - we've fixed that.

tl;dr; If the multibit.org server goes down you can carry on using MultiBit HD for all your bitcoin related tasks.


Blocking multibit.org in your firewall would be a good way to simulate that yes if you wanted to test it. Please unblock it once you've run the test ! :-)
jr. member
Activity: 60
Merit: 5
July 02, 2015, 11:36:32 PM
#5
The MultiBit(HD) client tries to lookup on the MultiBit HTTP(S) server if there is a new software version, and looks up for help pages. If the MultiBit HTTP(S) server is down, You can still use Your MultiBit(HD) client.

You can see what happened the last time when the multibit.org site was down and an explanation by Jim from MultiBit here.

I think You could simulate and test that also by blocking the IP address that resolves from multibit.org in Your computers firewall.
sr. member
Activity: 359
Merit: 251
July 02, 2015, 02:57:02 PM
#4
Maybe I'm wrong, I thought when it said "Synchronizing" that it was syncing with the multibit server somewhere. Glad to see that's not true.
sr. member
Activity: 476
Merit: 252
ImmVRse | Disrupting the VR industry
July 02, 2015, 02:53:07 PM
#3
There's no cloud, you can always export your privatekey to other client and use your bitcoins.
legendary
Activity: 3248
Merit: 1070
July 02, 2015, 01:54:37 PM
#2
multibit server? i think you have some confusion there, multibit is just a light version of the client Core, multibit operate with nodes(and you are one of those nodes), there isn't a centralized server to which you connect
sr. member
Activity: 359
Merit: 251
July 02, 2015, 01:17:16 PM
#1
I just upgraded to MultiBit (I know, I know) and I see that it stores your BTC in a wallet and that it has to talk to a server to get updated. I've been burned by "cloud" software before, so does anyone know if the Multibit server goes down or they go out of business if my wallet will still operate properly?

I'd hate to lose >20 BTC because Mr. Multibit didn't pay his server bill this month Cheesy
Jump to: