Topic: Thinking about ways to make it more difficult to link IP address to txn creator. (Read 7831 times)

Posting an update here:

"Barclays partnering with Chainalysis in October and Coinalytics raising a $1.1m seed round in September. In August, Elliptic won "Security Project of the Year" after launching a blockchain visualization tool for the bitcoin blockchain.

Currently, Coinalytics... (blah blah blah)"

see http://www.coindesk.com/juan-llanos-blockchain-analytics-coinalytics/ for details. 

Once again, this calls to mind the necessity of implementing better privacy and / or anonymity solutions in bitcoin, which have not yet been actually implemented in Core ~ see as example:
https://github.com/bitcoin/bitcoin/issues/3226

Glad to see this discussion. Cross posting something that may be helpful:
https://bitcointalksearch.org/topic/m.11561739


It sounds like you are saying that if I am using both Tor and a VPN for example, that bitcoin protocol could be configured to support some of the traffic going off along Tor and some of it going off along my VPN. 

(...)


If the user would be creating a signed transaction (or indicate preferences for the wallet to create a transaction that would be broadcast at a later time when a certain threshold is met) without broadcasting immediately and could specify that the basic conditions as to where and when the broadcasts should occur and let the wallet handle the rest, this sounds good, so long as the recipient does not have trouble receiving what is being sent. 

I believe it would-- but I wouldn't bother with wallet notify. Why not poll? the whole idea is to be private-- obscuring exact timing would help, and polling even once per few seconds would be inconsequential work.

Pond protects its users from traffic analysis by running every (IIRC) 10 minutes against the server (connecting over Tor, of course) and moving a constant amount of data, regardless of if there are any messages. There is also a transact-now button if you're being impatient.

I assume the sidecar daemon needs to be notified somehow? So it doesn't have to poll.
Would -walletnotify fire?

This isn't the right thread for advertising scamcoins, but I suppose it is on topic in a kind of meta sense.

Thanks djohnston, I supposed it could be advertising but it seemed strange the dust didn't come directly from the vanity address, I guess it was sent from a change address

Rampion,

Congratulations you are first person to notice / post about the little surprise the Factom team sent out today!

We purposefully sent a little bitcoin to your address from the 1Factom vanity address.

The reason the Factom team sent these bitcoins out is to recognize you as an early adopter / supporter of new blockchain technology projects. (Your address was among many on the bitcoin ledger who previous supported other community projects)

We hope you will check out the Factom Software Sale and use this bit of bitcoin to claim your first Factoid(s) and thus be able to join our community as a beta tester / early adopter.

https://koinify.com/#/project/FACTOM

If you aren't interested, that's cool just keep the BTC as a small tip for being an active part of the community.

You rock.

Love Team Factom

I've just received dust from an address that seems to be linked with factom.

The transaction: https://blockchain.info/tx/a1b0b0019961b7906d8982416693d5868505aa8b38f5cc13028499a5ac555c85

The dust-sender (12HDgJEGdf3Wqr3ha5iUL2r8RcPa7BnBj2) was funded by 1FactomGnNFTsTVx8jiGjcLKDpyL65GDsH.

Another IP discovery attempt? Is Factom somehow involved?

A txn with an invalid signature will be invalid to all nodes.   All nodes validate signatures of txns and will not relay invalid txns.  A node sending invalid txns will be seen as misbehaving and will be banned.  Wallet behavior is different than node behavior.  A node should respond consistently based on what is known publicly (regardless of what private keys are in the local wallet or even if there is a local wallet).  If that isn't the case then there is an information leaking bug.  There was a 'penny flood' bug in the past but it didn't involve invalid signatures and has been patched consistently as of v0.80 (plus some earlier versions).


Exactly.  All nodes verify txns before relaying thus all nodes will ban a node sending a txn with an invalid signature.


Transactions which have outputs less than the dust threshold are valid. They are non-standard but any miner can include non-standard but valid txns in the block to be solved.  Some pools will accept non-standard txns.

I may be misreading the source, but: there is definitely an observable difference between a DoS ban and a penny-flooding disconnection with a rejected transaction.  

And those 1-satoshi transactions, AFAIK, are still getting mined and into the block chain somehow; I would presume that either some node operated by the attacker is mining them, or they are taking advantage of some bug in the security of one of the existing pools.

And it looks to me like a node that repeatedly sends tiny transactions with no fees, at a high rate, eventually gets disconnected due to a "penny flooding rule" - but not DoS banned.  The transaction is rejected, the sender is disconnected, but if the sender tries to reconnect, say, six hours later, they won't be rejected.

And it looks to me like a node that repeatedly sends a tx with an invalid transaction, gets disconnected AND DoS banned, and if the sender tries to reconnect any time in during the next 24 hours, the connection gets rejected.

If this has been fixed, which of these things am I wrong about? Is it not the case any more that the client identifies an incoming tx with a bad signature as an invalid tx?  

Thanks for the info ! I assume that Cryddit talks about txos already mined (ref. to 1 satoshi txs spamming the blockchain) but better to let him confirm.

That isn't what Cryddit is describing at least not precisely, and of course that was fixed years ago. (The 97% thing is just because there are long forgotten nodes left running on old software that no one maintains; they likely don't have wallets.)

I don't believe Cryddit is correct; but his description isn't precise enough for me to tell for sure.  I /think/ what he's saying is that I first tell all nodes a dust output that nodes won't mempool and likely won't get mined, then later I give nodes a transaction spending that transaction with an invalid signature. To most nodes this second transaction will be an orphan (spends an input they don't know about).  But Cryddit believes the recipient of the transaction will DOS ban you.   I think this is incorrect: first, if the transaction was mempool rejected then it wouldn't end up in their wallet unless it gets mined (in which case it would be available in the utxo set to all nodes), secondly even if it was in their wallet the wallet is not consulted for lookups on incoming transactions.  But perhaps Cryddit would be kind enough to clarify his thinking?

There are ways we know those dust txn could be used to reduce users' privacy though... send them to nodes that don't implement a dust check and then observe them rebroadcasting them when they don't get mined for a long time. This is part of why the anti-dust rules were implemented.

Send the BTC via a VPN or Internet client connected with Tor / VPN.

I hope so but I'm not sure why fix deployment is stuck at 97%

Wasn't that fixed 2 years ago?

Actually, it seems the vulnerability has already been identified in 2013:
- vulnerability description
- vulnerability description on the wiki
- related bitcointalk post

Bitcoin Core will sometimes respond differently to a peer sending it invalid transactions based on whether or not it hold the private keys for the inputs in that transaction?

If so, that's a bug which should be fixed.

It illustrates a good reason to separate the node functionality from the wallet functionality. Disable the wallet functionality in bitcoind and use Armory for your wallet and that attack won't work.

@Cryddit: If your theory is correct, we have a huge privacy problem...
Also note that dust spamming is only required to link "zero balance" addresses to ip addresses since the same method could be applied to current utxos.

While we're discussing ways to make it harder to link IP address to txn creator, I have a related issue. 

How can we make it harder to link IP address to both creator (whose wallet still contains the address of the spent txOut) and recipient (whose wallet contains the address of the newly created unspent txOut)? 

Anytime somebody wants to know who owns a particular txOut (or for that matter who owned it and spent it a long time ago, since the wallet doesn't throw old addresses away)  they can easily find out.

You know those weird one-satoshi transactions that people have been getting spammed with for months and months now?

I knew it was an effort to track users, but today I was elbows-deep in the source code and I just figured out exactly how it works. 

Somebody is using this to figure out who (which IP address) owns (or owned) what txOuts.

Here's what's going on. 

• First, they send a tiny txOut to the address on the block chain whose owner (or former owner) they want to know.
• Second, they connect to a bunch of different nodes and send them bogus transactions that spend that txOut without fees.  Repeatedly.
• They don't know the address's private key, so they can't provide a good signature for that tx.  But they don't need to.
         
  • If they've connected to a machine that has the wallet containing the key of the original txOut whose owner they're trying to find, that node will disconnect them as a misbehaving node, because the keys they provide don't match.
  • If they've connected to a machine that doesn't have the wallet containing the key to the original txOut, That node will just reject the transaction due to penny-flooding prevention and no fees.
       
• Because they can tell which thing happened, they can tell whether the node at this IP address owns, or owned, the address corresponding to the original txOut.

If you trust your vps provider.