Topic: Re: How 'Anonymous' is Bitcoin? (Read 5072 times)

Ask your question in the newbie area. If you don't ask, you won't get answers.

Onkel Paul

I want to disscus about Bitcoin forum........ who know>? help me! 

There are various mixing services that does that for you for a lil fee after than no one can track your coins.
We have seen before if you don't use change address it's not anonymous one can track the destination and link it with xyz.
Regarding IPS"s using a third party ip changers will solve it or use TOR+VPN makes it real hard to track.

Yes, the concept/theory of a poisoned node is correct.  It is because, like Skype actually, every time you use a full wallet (like Armory) it broadcasts your IP address every time you boot up and/or send or receive (it's not clear to me which, but it's one or the other).  From this information a dedicated person can track your activities--if they have specialized software like the researchers from the paper below.  Or, as in the paper involving Tor, they can set up 'poisoned nodes' next to yours (possibly geographically located, so they are the first nodes to greet your PC when you boot up), and intercept your bitcoin communications that you think are heading to Tor, but in fact are going to the poisoned nodes.  But to do so, they need to have lots of such bad, poisoned nodes (the article mentions renting lots of servers), to trick the good nodes, which is something only either a big government agency or a very sophisticated criminal syndicate can afford to do, not your casual basement hacker.

TonyT

 
https://www.getbitcoin.com.au/bitcoin-news/investigation-white-paper-anonymous-bitcoin

Although numerous Bitcoin clients exist, none of them are specialized for data collection. Available clients often need to balance receiving and spending bitcoins, vetting and rejecting invalid transactions, maintaining a user's wallet, mining bitcoins, and, perhaps most detrimental to our study, disconnecting from "poorly-behaving" peers; these were precisely the peers we were interested in.  Because existing software had integrated functionality that interfered with our goals, we decided to build our own Bitcoin client called CoinSeer, which was a lean tool designed exclusively for data collection. For 5 months, between July 24, 2012 and January 2, 2013, CoinSeer created an outbound connection to every listening peer whose IP address was advertised on the Bitcoin network. We maintained that connection until either the remote peer hung up or timed out. In any given hour, we were connected to a median of 2,678 peers; for the duration of our collection period, we consistently maintained more connections than the only other Bitcoin superclient we know of - blockchain.info. This data collection effort required storing 60 GB of data per week

There were some papers and articles published about the deanonymization the bitcoin network and such, reading those may help you understanding how such techniques work. One of them e.g.

http://www.coindesk.com/eavesdropping-attack-can-unmask-60-bitcoin-clients/ (June 2014)
Informal description of the client deanonymization attack on the Bitcoin P2P network

"The researchers also found that the attack could be designed to prevent the use of the Tor network, which anonymises traffic. Additionally, the attack can 'glue' transactions, so that transactions performed on one machine using multiple bitcoin addresses can be grouped together."

(Also asking here, is this concept/theory correct?)
Something like this tells me that if all transactions (and hence addresses) in a wallet can be tied together, then if a single transaction reveals your identity (at any point in time), your wallet and subsequent transactions are compromised. Assuming someone is willing to invest the time and effort.

This is only true if you do it properly (i.e. run your wallet on the PC, and let it connect to the bitcoin p2p network through Tor).
Connecting to online wallets through Tor is risky, because there are malicious exit nodes performing man-in-the-middle attacks and stealing passwords.
I don't use online wallets or Tor, so I can't give advice on how to do this securely.

Onkel Paul

Mixer can keep records, you don't know if they are saying the truth. Your Bitcoins can easily be tracked if you don't use a mixer and a new address for every transaction. Unless you are a criminal, no one is going to waste their time inspecting blockchain for your transactions. To try to gain maximum anonymity, try using time delay feature on bitmixer.

There isn't any risk to send Bitcoins by tor, your Bitcoins aren't going to get stolen as it doesn't visit any website, just connecting to nodes and broadcast your transaction. The security risk here is minimal.

Not nearly as people think it is. While it does have some anonymity built in, its by far from being anonymous.

Private InternetAcces does the trick for me, easy, encrypted and no logs.

You can also use Security Kiss: http://www.securitykiss.com/

mixers don't keep records, but if you don't trust them, your bitcoin can be traced to you more easily, even if you hide your IP.  Your IP address is not going to be logged unless the government or police are after you.  Then they will ask your ISP to track you, or they will install their own backdoor sniffer program without asking.  So you must trust somebody or you will be traced.  How do you intend to buy BTC?  The same trust exists, unless you buy it in person from a stranger in your town.

Using Armor without TOR is safer I have heard, than using it with TOR, since TOR has lots of spyware sites in it (the dark network) that will steal your BTC.  

But I'm a newbie, so ask around.  

I don't trust mixers, I don't trust VPNs. Do I remain anonymous? Will my IP be traced when sending/receiving BTC?

What happens if I use Armory without TOR?

If you worry about IP addresses being tracked (which are not permanent, unlike BTC addresses), just follow this protocol:  wash your BTC twice, using two different mixers, sending the output of one into the input of the second, and the output of the second back to your Armory wallet.  Next, go to the VPN that accepts bitcoins, they advertise on this forum but they're easy enough to find (or find an equivalent service on the net) and buy a year (or month, etc) of VPN service.  Pay them in BTC with a fake name and some email address.  Click the checkbox in Armory settings so it works with the VPN (see the Armory Help files, it's easy to find).  Now you can use Armory without Tor, and not only are you secure but also your IP address is hidden by the VPN.  And the chances of the VPN ripping off your BTC in a 'man in the middle' attack is very small (they are a reputable company, I've looked them up).

Blockchain and coinbase. On blockchain I had Google second factor authentication and a second password when sending money and in Coinbase I just had a password, and after a "conextion untrusted" screen, the funds were gone.

I've read that's because when using clearnet sites with TOR the exit node may be "infected" and the hacker can obtain your details, that's why I no longer trust online wallets with TOR and I've decided to use Armory for a hot wallet as well. But I want to use it with TOR, and I'm a Little paranoid to be honest. I also have a cold wallet in Armory and if they hack that wallet... that would de a disaster.

EDIT:

And what happens if I use Armory withouth TOR? Do I remain anonymous? Will my IP be traced when sending/receiving BTC?

Maybe it's not really necessary to use TOR with Armory after all...

I just want to prevent someone to know my IP when sending/receiving BTC, that's all

What was your client for the hot wallet that you lost money in?  What brand? How did you lose the money?  Keyboard logger?

Hello everyone,

I need your help here.

I'm currently using Armory (1 cold wallet and 1 hot wallet for small amounts) Both wallets with multiple addresses.

I want to use Armory with TOR because I don't want to show my real IP. I've read all the discussion about the IP not being shown in the blockchain but I want to be as safest as possible.

I have to configure Bitcoin QT and then change some parameter at bitcoin.conf if I'm not wrong.

My question is...

Is it secure enough? I lost 1 BTC using blockchain + TOR (a few days ago) and 1 BTC using coinbase + TOR ( a few months ago)

I used them as hot wallets, while the rest of the BTC were, and still are in a cold wallet with Armory.

So basically, I'm chanching now to Armory + TOR for a hot wallet since I no longer trust online wallets + TOR

What are your thoughts?

Is it a good idea?

Any tips?

Maybe it's better to don't use Armory + TOR for a hot wallet?

And what about Armory + TOR for a cold wallet? I've been running Armory without TOR all this time.

I'm quite paranoid and lost here, any help would be much appreciated!!

Best regards!!

In theory this is correct, but in practice it is not. The court/government would first need to find the mixing service (both bitmixer and bitcoin fog essentially have anon owners, so finding them would be very difficult). Your statement also assumes that a mixer will keep logs, which is something that most mixers claim not to do, and if it is trust that mixers are not keeping logs then there is no information to give

Even a Coin mixer wouldn't really guarantee anonymity. Incase you get into a legal issue, then the coin mixer will have to give up details on thee address from which funds are generated and to which they land into.

Yes, when I wrote my original post I did not know that.  Can you recommend a coin mixer?  If so please let me know.  I will probably pick the 'most popular one' and take my chances with the minimum number of coins they let you wash at any one time.

You say: "If you're paranoid about that, better find a coin mixer, mix your coins after acquiring them, and then transfer them to a multitude of HD wallets".  Why transfer the mixed coins to a multitude of HD wallets?  Hard drive wallets?  Is this for security (as in Armory "offline" wallets that live on your hard drive but are not connected to the internet)?  Or in case one wallet is stolen or compromised, you won't lose all your money?  This goes to security, not anonymity, right?

TonyT

Thanks for that information.  It was 36 hours on a 1.5 Mbps connection before the blockchain (about 35 GB large it seems) was downloaded, and now, it is "Synchronizing with Network" and will take another couple of hours to do that.

BTW I am probably going to take my chances washing my bitcoins once I buy them, using Tor to anonymize the internet address, as recommended earlier.  You have to fiddle with the Armory settings to allow it to work with Tor according to the manual.

TonyT