Author

Topic: The whole IP thing (Read 361 times)

legendary
Activity: 3472
Merit: 10611
July 28, 2020, 12:17:54 AM
#19
Wait but I thought the whole point of the IP thing being scratch out is because of the man in the middle attack because it doesn't provide any kind of authentication for your IP address?
that is correct.

Quote
At least if we used our addresses we will have the chance to sign and verify the messages proving their ownership of that address.
when you communicate your address over the internet (posting it on bitcointalk, clicking on the payment link in an online shop,...) you are already using a form of authentication without knowing when that website is using SSL encryption. there is no need for message signing.

Quote
I don't even see any kind of bad thing on providing your public address because as long as you don't use it on any kind of illicit activity it will just by another one of those addresses that is seen in the web.
it is probably because you don't value your privacy!
hero member
Activity: 1806
Merit: 672
July 27, 2020, 07:08:44 AM
#18
But as having Bitcoin wallets now you won't need to go through this kind of process and sending transactions is simple as copying and pasting or scanning the qr code of the address for you to send your payment. In other words having your own address is much better compared to having IP based transactions.

you are only thinking of "making purchases" where you go to a shop and copy the address they give you and make a payment. but what about sending money peer to peer?
lets say i wanted to send you money, i would have to contact you on another (centralized) platform like bitcointalk, twitter,... and ask for your address in which case the address would also be known to and stored by those platforms, hence 0 privacy. but if i knew your IP address i could simply contact your node in a 100% P2P manner and receive a new address and make my payment with a very good level of privacy.
as i pointed out above the security could be increased easily by incorporating web of trust concept into full node clients.

Wait but I thought the whole point of the IP thing being scratch out is because of the man in the middle attack because it doesn't provide any kind of authentication for your IP address? At least if we used our addresses we will have the chance to sign and verify the messages proving their ownership of that address. I don't even see any kind of bad thing on providing your public address because as long as you don't use it on any kind of illicit activity it will just by another one of those addresses that is seen in the web.
legendary
Activity: 3472
Merit: 10611
July 26, 2020, 10:44:55 PM
#17
But as having Bitcoin wallets now you won't need to go through this kind of process and sending transactions is simple as copying and pasting or scanning the qr code of the address for you to send your payment. In other words having your own address is much better compared to having IP based transactions.

you are only thinking of "making purchases" where you go to a shop and copy the address they give you and make a payment. but what about sending money peer to peer?
lets say i wanted to send you money, i would have to contact you on another (centralized) platform like bitcointalk, twitter,... and ask for your address in which case the address would also be known to and stored by those platforms, hence 0 privacy. but if i knew your IP address i could simply contact your node in a 100% P2P manner and receive a new address and make my payment with a very good level of privacy.
as i pointed out above the security could be increased easily by incorporating web of trust concept into full node clients.
hero member
Activity: 1806
Merit: 672
July 26, 2020, 05:43:18 PM
#16
Reading the link of what TryNinja mentioned I think that aside from the MITM attack clearly happening address transactions with a wallet are more practical compared to the proposed IP transactions that Bitcoin was supposed to have in its early years. With IP transactions the client/sender needs to contact the IP address first and then relay messages to the server before it generates a public key. But as having Bitcoin wallets now you won't need to go through this kind of process and sending transactions is simple as copying and pasting or scanning the qr code of the address for you to send your payment. In other words having your own address is much better compared to having IP based transactions.
legendary
Activity: 2422
Merit: 1451
Leading Crypto Sports Betting & Casino Platform
July 26, 2020, 05:40:56 PM
#15
Interesting tidbid of information to know that bitcoin used to have transactions by IP instead of just BTC addresses. Reading over the topic that was also linked above makes me understand the whole ordeal better. You learn something so often about this, no matter how much time you spend using and understanding bitcoin more.

What I see here, was an innovative idea that ultimately the Internet's backbone infrastructure wasn't built to support securely. Hugely interesting when you understand that it was actually forward looking.
jr. member
Activity: 52
Merit: 3
July 26, 2020, 05:32:15 PM
#14
Isn't this actually an ongoing issue on eth? Vast majority of wallets are web-based so ISP has a record of every address requested by the IP address

when using most of the altcoins such as etherum users have a lot more issues to be concerned about rather than their privacy and their IP address being recorded. that is why we see a lot of web wallet usage, no PGP verification or even existence of it for desktop wallets either. and a lot more.

They do at least allow hardware wallets to connect to the site (on desktop) which is good.

I agree it's a shame there's no full node version afaik...

The wallet you use can certainly get your ip but all your isp will know is thst you've connected to that wallet and not the actual address you've looked up/sent to.

This would create even more ways that the government can track your activity in the blockchain which I think is bad enough as it is, bringing IP back would only hurt those who use it if the government ever decides to prohibit it
jr. member
Activity: 41
Merit: 4
July 26, 2020, 05:17:03 PM
#13
Maybe it was disabled mainly because of this:

Quote
Unfortunately, the implementation provided no authentication, so any "man in the middle" could have intercepted your bitcoins during the transaction. When they see that you're sending a Bitcoin payment by IP address, they pretend to be the actual destination and send back their Bitcoin address. You end up sending bitcoins to the wrong person. It's therefore no longer a good idea to send bitcoins in this way, especially if you're using a proxy.
https://en.bitcoin.it/wiki/IP_transaction

There was some discussion in this old thread: [pull] Remove send to IP address and IP transactions support

I'm certain is due to this, any hard coded security risk needs to go, and this could become a very big problem early on, maybe there are better technologies now, but I think it's better we didn't risk it until new technologies were available.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
July 26, 2020, 03:07:38 PM
#12
Isn't this actually an ongoing issue on eth? Vast majority of wallets are web-based so ISP has a record of every address requested by the IP address

when using most of the altcoins such as etherum users have a lot more issues to be concerned about rather than their privacy and their IP address being recorded. that is why we see a lot of web wallet usage, no PGP verification or even existence of it for desktop wallets either. and a lot more.

They do at least allow hardware wallets to connect to the site (on desktop) which is good.

I agree it's a shame there's no full node version afaik...

The wallet you use can certainly get your ip but all your isp will know is thst you've connected to that wallet and not the actual address you've looked up/sent to.
legendary
Activity: 2128
Merit: 1293
There is trouble abrewing
July 26, 2020, 11:07:00 AM
#11
Isn't this actually an ongoing issue on eth? Vast majority of wallets are web-based so ISP has a record of every address requested by the IP address

when using most of the altcoins such as etherum users have a lot more issues to be concerned about rather than their privacy and their IP address being recorded. that is why we see a lot of web wallet usage, no PGP verification or even existence of it for desktop wallets either. and a lot more.
full member
Activity: 1204
Merit: 220
(ノಠ益ಠ)ノ
July 26, 2020, 10:56:31 AM
#10
Isn't this actually an ongoing issue on eth? Vast majority of wallets are web-based so ISP has a record of every address requested by the IP address
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
July 26, 2020, 06:47:41 AM
#9
IP of bitcoin senders can be traced when their transactions were relayed on network. Some people copy their address and use explorers to check their transactions that can leak their IPs too. Those details are not available for all, publicly but tech gurus and block explorers can get them. We never know those owners of block explorers will sell their data. We don't know. So, using Tor when making transactions and Tor browser when using block explorers.
legendary
Activity: 3472
Merit: 10611
July 25, 2020, 11:09:23 PM
#8
IIRC there's no clear reason why satoshi decide to move from public key (P2PK) to address (P2PKH), some people speculate because P2PKH is more convenient and shorter which leads to smaller transaction size.

when we talk about transaction size we should consider the overall size that is the sum of the transaction in mind and the one that has to spend it. a P2PK output only needs a signature so overall it is shorter since it is pubkey+signature+checksig but a P2PKH output needs all that and has the hash+dup+equalverify so it is taking more space.

in any case i believe the reasons were 2 things; first the slightly more convenience of using human readable strings called addresses that are shorter too compared to a hexadecimal string called public key that is longer (even compressed 33 bytes) and second was the small security gain in case a flaw were found in ECDSA the 160-bit preimage protection that HASH-160 offers can add small security.
full member
Activity: 1442
Merit: 153
★Bitvest.io★ Play Plinko or Invest!
July 25, 2020, 10:38:29 AM
#7
Never knew about this piece of history, thanks for the share. After all these years I can still learn something.
Me too I didn't know this one.

Also, IP thing is related to property. I remember reading that there are some people who think IPs should always never be assigned to people as it becomes a form of identification, which is bad for privacy. Ensuring IPs are recyclable helps prevent IP censorship.
Most probably the main reason for this is the privacy of every user, imagine if there are guys who laundered money and was able to use your IP address without you knowing, you'll be surprise when you open your front door full op police pointing guns at you lol kidding aside, if bitcoin can be transferred using IP address then bitcoin has no ultimate use, it will just be a dead project if that's the case. Satoshi won't do that, we might see where he's at.
legendary
Activity: 2674
Merit: 1226
Livecasino, 20% cashback, no fuss payouts.
July 25, 2020, 10:14:34 AM
#6
Never knew about this piece of history, thanks for the share. After all these years I can still learn something.

Also, IP thing is related to property. I remember reading that there are some people who think IPs should always never be assigned to people as it becomes a form of identification, which is bad for privacy. Ensuring IPs are recyclable helps prevent IP censorship.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
July 25, 2020, 01:36:09 AM
#5
Using IP as a way for users to request addresses allows the sender to know the IP that is associated with the address. Using IP as a identifier wouldn't help with the anonymity of the user. It does compromise the privacy to a certain extent but I don't think this was a primary consideration at that time.

legendary
Activity: 3472
Merit: 10611
July 24, 2020, 11:36:22 PM
#4
On the other hand, by sending funds with ip address I don't understand what information will be sent to nodes. Satoshi said that in order to send with ip, the ip owner must be online. So I thought that if he is online then he could simply choose the receiving address after you click "send".

you don't send bitcoin to IP, you would be sending it to an address/public-key. the IP address is simply the IP of the other full node and the data sent is similar to the messages that are being sent between two bitcoin nodes. you simply connected to the other node and asked for a new address/public-key and sent coins to that key.

as it was mentioned it was removed because there is no encryption in P2P protocol and that means the communication is susceptible to MITM which doesn't matter for other messages (version, tx, block, ...) but it matters for send-to-IP.

technically the P2P protocol could have been updated to add an encryption for this type of communication alone but possibly since it is pretty useless it was removed instead.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
July 24, 2020, 06:47:16 PM
#3
Yeah it was the mitm attacks that meant ip was removed from being a viable option...

Unnecessary history: I think public keys were original choice of payment but they were also phased out like ip due to reducing potential bruteforce attacks - I think it added security by redundancy hashing the public key.
legendary
Activity: 2758
Merit: 6830
July 24, 2020, 06:40:49 PM
#2
Maybe it was disabled mainly because of this:

Quote
Unfortunately, the implementation provided no authentication, so any "man in the middle" could have intercepted your bitcoins during the transaction. When they see that you're sending a Bitcoin payment by IP address, they pretend to be the actual destination and send back their Bitcoin address. You end up sending bitcoins to the wrong person. It's therefore no longer a good idea to send bitcoins in this way, especially if you're using a proxy.
https://en.bitcoin.it/wiki/IP_transaction

There was some discussion in this old thread: [pull] Remove send to IP address and IP transactions support
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
July 24, 2020, 06:16:40 PM
#1
Bitcoin started with 2 different ways to send funds. By address or by IP.

By address you simply send the information to many nodes that will send the information to others until all of them have received it. On the other hand, by sending funds with ip address I don't understand what information will be sent to nodes. Satoshi said that in order to send with ip, the ip owner must be online. So I thought that if he is online then he could simply choose the receiving address after you click "send".

Did this functionality get disabled due to the creation of wallets? People were using bitcoin core at that time, and they were all of them nodes. When wallets came out, you couldn't give your ip, because you were not a node.
Jump to: