Bitcoin Forum>Bitcoin>Development & Technical Discussion
Author

Topic: Risks when publishing 'static' bitcoin addresses on the web (Read 1941 times)

davout
legendary
Activity: 1372
Merit: 1007
1davout
Risks when publishing 'static' bitcoin addresses on the web
December 15, 2010, 10:30:40 AM
#10
Quote from: FreeMoney on December 15, 2010, 09:49:15 AM
Quote from: davout on December 15, 2010, 09:11:31 AM
As soon as the person receiving donations spends the coins in larger amounts than the donations it will be possible to link the addresses together with the BBE.

Do you mean because coins will be sent from multiple addresses?

Can't this be avoided by spending exactly the amount received from one address?

Get 18BTC from 1Nk... and 10BTC from 1Lo... so you don't spend 20 because that will link them, you send 18 to mtgox then you send 10 to mtgox then you cash out 26 at some point later and sell 2 for USD or whatever.

Maybe I miss your point though.

No Smiley
You got my point perfectly ! Transferring to MtGox is a perfect counter measure since everything gets pooled.
However mt gox would then be aware of that. But that might be acceptable.

Just wanted to point out the fact that the one-address-per-payment solution is a good start but definitely sufficient to achieve a good level of anonymity
FreeMoney
legendary
Activity: 1246
Merit: 1016
Strength in numbers
Re: Risks when publishing 'static' bitcoin addresses on the web
December 15, 2010, 09:49:15 AM
#9
Quote from: davout on December 15, 2010, 09:11:31 AM
As soon as the person receiving donations spends the coins in larger amounts than the donations it will be possible to link the addresses together with the BBE.

Do you mean because coins will be sent from multiple addresses?

Can't this be avoided by spending exactly the amount received from one address?

Get 18BTC from 1Nk... and 10BTC from 1Lo... so you don't spend 20 because that will link them, you send 18 to mtgox then you send 10 to mtgox then you cash out 26 at some point later and sell 2 for USD or whatever.

Maybe I miss your point though.
davout
legendary
Activity: 1372
Merit: 1007
1davout
Re: Risks when publishing 'static' bitcoin addresses on the web
December 15, 2010, 09:11:31 AM
#8
As soon as the person receiving donations spends the coins in larger amounts than the donations it will be possible to link the addresses together with the BBE.
FatherMcGruder
sr. member
Activity: 322
Merit: 250
Re: Risks when publishing 'static' bitcoin addresses on the web
December 14, 2010, 03:20:16 PM
#7
Quote from: Gavin Andresen on December 14, 2010, 01:01:24 PM
If you deal with several charities this way, AND you're bundling up several donations before forwarding the coins to the charity, then it'll be hard to connect donors to particular charities.

What the receiver intends not merely to obfuscate the senders, but also his income?
Gavin Andresen
legendary
Activity: 1652
Merit: 2300
Chief Scientist
Re: Risks when publishing 'static' bitcoin addresses on the web
December 14, 2010, 01:01:24 PM
#6
Quote from: casascius on December 14, 2010, 12:49:00 PM
Quote from: davout on December 14, 2010, 12:44:47 PM
What exactly are you trying to acomplish here ?


To put a donate button on a website that generates a brand new address on demand for everyone who wants to donate, so all the donors don't donate to a common address that can tie everyone together.

If there was a language of choice, perhaps it would be Javascript, so it happened all in the browser.  Of course there has to be some way to get the generated keypair to the recipient, like e-mail or whatever, but somebody else can figure that out.

Simplest way:

Call getaccountaddress "charity_name"  when you generate the web page.  You'll get the same address over and over, until somebody donates.  Then you'll get a new address.

Then periodically call:
  getbalance "charity_name"
... and if the balance is greater than zero, call:
  sendfrom "charity_name" charity_real_bitcoin_address amount

... to send the charity the accumulated coins.

If you deal with several charities this way, AND you're bundling up several donations before forwarding the coins to the charity, then it'll be hard to connect donors to particular charities.
casascius
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
Re: Risks when publishing 'static' bitcoin addresses on the web
December 14, 2010, 12:49:00 PM
#5
Quote from: davout on December 14, 2010, 12:44:47 PM
What exactly are you trying to acomplish here ?


To put a donate button on a website that generates a brand new address on demand for everyone who wants to donate, so all the donors don't donate to a common address that can tie everyone together.

If there was a language of choice, perhaps it would be Javascript, so it happened all in the browser.  Of course there has to be some way to get the generated keypair to the recipient, like e-mail or whatever, but somebody else can figure that out.
davout
legendary
Activity: 1372
Merit: 1007
1davout
Re: Risks when publishing 'static' bitcoin addresses on the web
December 14, 2010, 12:44:47 PM
#4
What exactly are you trying to acomplish here ?

If you use the accounts feature of the bitcoin client you can generate as much addresses as you want for a given user.

If you want example code you should state which language you want the example in Smiley

casascius
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
Re: Risks when publishing 'static' bitcoin addresses on the web
December 14, 2010, 12:38:14 PM
#3
Maybe someone can publish some sample code for producing a brand new address "on the fly" from a web site, then transmit the corresponding public/private key pair to the person who is supposed to receive the funds.  Example, it could e-mail that information, encrypted with a public key belonging to the intended recipient.  There would need to be a way in the bitcoin client to easily import that into the wallet.dat.
mndrix
vip
Activity: 447
Merit: 258
Re: Risks when publishing 'static' bitcoin addresses on the web
December 14, 2010, 11:00:32 AM
#2
One risk of using a static address is that everyone knows how much has been sent to that address.  For example, one can see how much bitcoin has been donated to the EFF because they use a static address.  Each user has his own personal preference about such information being publicly available.

I'm also new to this, but I understand that no malicious attacks are possible given only a Bitcoin address.  Unless you consider free money malicious Smiley
swinewine
newbie
Activity: 44
Merit: 0
Re: Risks when publishing 'static' bitcoin addresses on the web
December 14, 2010, 06:49:50 AM
#1
Hi Guys,

We am working a web app that will involve giving users a bitcoin address to receive coins. I am wondering what are the dangers of publishing a 'static' bitcoin address on the users profile page of our site. Should we dynamically create address's for our users for each transaction or is it would it be ok to just give them a static address? I would like to know what kind of difficulties (malicious attacks??) might arise should we use static addresses ....

Your knowledge and expertise on this topic would be greatly appreciated as I am relatively a bitcoin noob  Smiley

Thanks guys,

BC
Bitcoin Forum>Bitcoin>Development & Technical Discussion
Jump to: