New Feature idea - tracking BTC address balance using the client?

Stephen Gornick

legendary

Activity: 2506

Merit: 1010

Quote from: Jine on March 02, 2012, 09:11:51 PM

Quote from: Stephen Gornick on March 02, 2012, 07:46:01 PM

Using https, only the domain is left unencrypted and exposed

No, it's not. The Host: header goes under HTTPS aswell, your browser directly connects to the IP-address and initiates a SSL-handshake first - after that, it submits a regular HTTP-request.

Er, sorry. Thanks for correcting me on that. Not even the domain is exposed.

Here's more info on it:

"If you look in a network sniffer, like Network Monitor, at the same request you would just see the encrypted data going backwards and forwards. No URLs, headers or content is visible in the packet trace":
- http://blog.httpwatch.com/2009/02/20/how-secure-are-query-strings-over-https/

sunnankar

legendary

Activity: 1031

Merit: 1000

Quote from: BrightAnarchist on March 02, 2012, 06:12:10 PM

Since the address is encoded into the URL, my ISP could merely save the places I have visited recently, and bam, someone would know "bitcoin addresses of interest" to me.

Good thinking about how to vanish particular information as a preemptive measure.

You may consider using a third-party to do the actual calling of information for you, like a Google Doc spreadsheet. Then you could either view the balances in the Google Doc spreadsheet or have the spreadsheet published online, without any addresses showing up, and then you would just visit the URL through a VPN. To add another layer of difficulty the URL would embed the spreadsheet information and the HTML would be encrypted.

Someone would have to be pretty darn smart and know exactly what they are looking for to put 2 and 2 together.

Here is the Google Doc embed code:

=ImportData("http://blockexplorer.com/q/getreceivedbyaddress/"&C159)
=ImportData("http://blockexplorer.com/q/getsentbyaddress/"&C159)
=ImportHtml("http://bitcoinwatch.com/", "table", 3)

Current Balance = Received-Sent
USD Value = Current Balance * USD Price

BkkCoins

hero member

Activity: 784

Merit: 1009

firstbits:1MinerQ

Also, the blockchain.info wallet allows you to add addresses without keys. This allows watching addresses without being able to send from them. I think he may also have an email notification upon activity but I haven't checked how that works.

You could conceivably create a wallet full of addresses containing stolen funds and then use it to monitor activity on the funds.

Jine

sr. member

Activity: 403

Merit: 250

Quote from: Stephen Gornick on March 02, 2012, 07:46:01 PM

Using https, only the domain is left unencrypted and exposed

No, it's not. The Host: header goes under HTTPS aswell, your browser directly connects to the IP-address and initiates a SSL-handshake first - after that, it submits a regular HTTP-request.

BrightAnarchist

donator

Activity: 853

Merit: 1000

Quote from: Stephen Gornick on March 02, 2012, 07:46:01 PM

Quote from: BrightAnarchist on March 02, 2012, 06:12:10 PM

Since the address is encoded into the URL, my ISP could merely save the places I have visited recently, and bam, someone would know "bitcoin addresses of interest" to me.

There's a URL for that. Use SSL (https://)

- https://blockexplorer.com
- https://blockchain.info

Using https, only the domain is left unencrypted and exposed should your ISP happen to do packet inspection. The path part and the rest of the URL are protected using SSL encryption.

Ahhh, I didn't even think of that. Thanks mate!

Stephen Gornick

legendary

Activity: 2506

Merit: 1010

Quote from: BrightAnarchist on March 02, 2012, 06:12:10 PM

Since the address is encoded into the URL, my ISP could merely save the places I have visited recently, and bam, someone would know "bitcoin addresses of interest" to me.

There's a URL for that. Use SSL (https://)

- https://blockexplorer.com
- https://blockchain.info

Using https, only ~~the domain~~ IP address is left unencrypted and exposed should your ISP happen to do packet inspection. The path part and the rest of the URL are protected using SSL encryption.

cypherdoc

legendary

Activity: 1764

Merit: 1002

Armory allows a watching wallet but requires satoshi to be open

bitcoinsarefun

member

Activity: 98

Merit: 10

Quote from: BrightAnarchist on March 02, 2012, 06:12:10 PM

You know, I thought I was being pretty safe by keep certain addresses secret, keeping my wallet offline and encrypted, etc etc.

But I just realized something - I often check the addresses using blockchain.info or blockexplorer.com

Since the address is encoded into the URL, my ISP could merely save the places I have visited recently, and bam, someone would know "bitcoin addresses of interest" to me.

I suppose the solution is to use TOR to check it, or just use the client ( but I don't want to load my precious offline savings wallet! ). So ideally, the thing would be to have the ability to WATCH or TRACK certain addresses using the Bitcoin client, without having to have the private key for that address.

Good idea or bad idea? thanks.

not a bad idea but why would your ISP care?

You concern is more about anonymity, right? There are other solutions ( you have mentioned at least one ) to visit the block* sites without compromising your anonymity

BrightAnarchist

donator

Activity: 853

Merit: 1000

You know, I thought I was being pretty safe by keep certain addresses secret, keeping my wallet offline and encrypted, etc etc.

But I just realized something - I often check the addresses using blockchain.info or blockexplorer.com

Since the address is encoded into the URL, my ISP could merely save the places I have visited recently, and bam, someone would know "bitcoin addresses of interest" to me.

I suppose the solution is to use TOR to check it, or just use the client ( but I don't want to load my precious offline savings wallet! ). So ideally, the thing would be to have the ability to WATCH or TRACK certain addresses using the Bitcoin client, without having to have the private key for that address.

Good idea or bad idea? thanks.

Topic: New Feature idea - tracking BTC address balance using the client? (Read 1440 times)