Pages:
Author

Topic: This message was too old and has been purged - page 2. (Read 37905 times)

newbie
Activity: 26
Merit: 24
Hi again,

Got some PM requests for clarifying legal issues etc. Your guess is as good as mine, but I think it is important to stress a few facts first:

1. Me explaining to coindesk/insidesbitcoins what Chainalysis do in general (Compliance, Investigations etc) has nothing to do with the nodes - we are not using transaction to IP mapping for anything but statistical research - aka the blog post already mentioned. This fact is, as I see it, highly relevant if we start to discuss any possible legal issues.

2. Claiming that Chainalysis should do anything illegal based on other nodes connecting to our nodes relaying INVs is highly speculative. I cannot see any difference btw that and connecting to any other service (HTTP/DNS etc) and recording that info for statistical purposes. Further, take e.g. blockchain.info where any first posted INVs are recorded and shared with all future users. How is our statistical analysis different from that ? And note even here that Chainalysis are not and have not any intention to share privacy sensitive info (IP numbers).

3. General legal considerations - I am by no means an expert on this - but this is a relevant discussion - when are you (illegally) eavesdropping by participating in a p2p network ? What are you allowed to do with the data/metadata (e.g. INVs and TXs) you receive ? What can you as a p2p user (legally) expect them to be used for ? Do we actually expect any regulation to cover here at all ?

Cheers,

Michael
hero member
Activity: 525
Merit: 510
Have you guys read this?

http://www.coindesk.com/chainalysis-ceo-denies-launching-sybil-attack-on-bitcoin-network/


Nevermind it's old news, nachoig already posted the link yesterday.
legendary
Activity: 4256
Merit: 1313
Quote
According to Coindesk, "Chainalysis denies any malicious behaviour – "the accusations got a little out of hand," Grønager said – and rather points to its technology being used to help law enforcement, for example in tracking and locating stolen funds."

So basically from what I understand is they were monitoring and recording all transaction that I have made because I was under general suspicion?

Cryptograpic geeks writing their maters thesis and doing some analysis on the blockchain is absolutely fine,
but I am not OK with companies monitoring a large number of users in order to do "something" with the archived data afterwards.

Yeah.  And their multiple statements seem at odds with each other.  Their statement quote above with regard to regulations and in the coin deskarticle do not match this:

Quote
We were preparing data for a blogpost on bitcoin traffic by volume btw different counties. We chose specifically to setup a number of nodes on the same /24 net to avoid any bitcoind or other vital parts of the network to be caught only on our nodes as we initially havn't build the transaction forwarding into the probes.

Their explanations make their motivations even more questionable and, to me, increase the degree that one should be suspicious of them and their actions since they try to excuse the behavior in ways that are at opposite extremes depending on who they are talking to. 

It is good though to see this type of activity now and take steps to mitigate it at least some.  While Tor is not the be-all, as has been discussed up thread, it is a useful tool in the bitcoin world.  It isn't difficult to set up, so if you are running a node, consider adding a hidden service.  There is a guide on setting up bitcoin core with Tor (https://www.sky-ip.org/configure-bitcoin-node-debian-ubuntu.html  ) that seems to be reasonably complete from looking it over.  Some things you may need to tailor to your own uses, such as if you want to be on Tor and clear.  There may be other guides out there too, but thought that one might be useful if anyone was looking for one.

Thank you E.K for bring this up, by the way. 

IMZ
legendary
Activity: 1498
Merit: 1000
Nice work, E.K.!
legendary
Activity: 1260
Merit: 1168
This message was too old and has been purged
legendary
Activity: 2380
Merit: 1150
First of all, I am pretty sure that chainalysis is violating Swiss laws by collecting this data and giving this data to their clients. But this is an issue for lawyers in Switzerland. Me, for my part, have sent a request to the Swiss data protection agency. I want to know WHAT they collect and see it.

Secondly, and this may be interesting:

Chainanalysis was established December 24, 2014. The company's capital is divided in three parts which are owned by:
- Trifork Holding AG
- SWIFT BIT HOLDING ApS
- CEPTACLE HOLDING ApS

Trifork Holding AG
The company was established in Switzerland. It was basically established by capital of "Blackbird Holding ApS" in Denmark, and "Trifork A/S", also in Denmark. "Trifork" is a software company, working for banks and also the government. President of the board of directors is Jorn Larsen who also is CEO of Chainanalysis.

Swift Bit Holding ApS
This holding company also is located in Denmark and owns Swift Bit, a software company of Jan Møller. Strange enough, these companies do not appear in his linkedin profile:
https://dk.linkedin.com/pub/jan-m%C3%B8ller/1/214/bb3


CEPTACLE HOLDING ApS
This company, too, is located in Denmark and controlled by Michael Grønager.

So basically, Chainanalysis is controlled by foreign corporations. And I want to know how Chainalaysis is complying with the Swiss Data Protection laws.

An IP address is, according to Swiss law, "personal data".

According to this law, Chainanalysis has to give access to all the data they have regarding a specific IP to the person who was using this IP at the time the data was collected. Such a request can be sent to Chainanalysis by e-mail and they have to respond without the right to charge anything for this. They have to tell them how they obtained this data and what they intend to do with it. Furthermore, they have to make sure and public how the personal data of users of the Bitcoin network is protected. If they don't, everybody can write a complaint to the Swiss data protection agency.

EDIT

According to Coindesk, "Chainalysis denies any malicious behaviour – "the accusations got a little out of hand," Grønager said – and rather points to its technology being used to help law enforcement, for example in tracking and locating stolen funds."

So my question: Is this the intention of them? If so: They are clearly violating Swiss laws and could face up to three years in jail.
legendary
Activity: 4256
Merit: 1313
The post quoted below and the one above from them above seem very different.  Traffic analysis vs tracking transactions for "travel rules" etc. 

The one above makes it sound much more innocuous than the quotes below.

New article at CoinDesk: http://www.coindesk.com/chainalysis-ceo-denies-launching-sybil-attack-on-bitcoin-network/

Quote
Chainalysis denies any malicious behaviour – "the accusations got a little out of hand," Grønager said – and rather points to its technology being used to help law enforcement, for example in tracking and locating stolen funds.

He told CoinDesk:

"Funnily, following the Reddit post we have received a ton of emails from people with stolen bitcoins and requests for finding them – so yes, there is indeed a need [for this kind of service] and yes, we have received a lot of positive feedback from potential customers."

Quote
Chainalysis sides with the regulators. In providing what it calls 'automated transaction reporting', the company says it is helping bitcoin companies conform to existing money transfer regulations, including the travel rule.

This, Grønager said, will help bitcoin businesses get bank accounts and promote the currency's use among mainstream financial institutions.

He added:

"If you as a MSB (money services business) are offering automated transactions you are obliged to have suitable automated transaction monitoring. That is not to be confused with monitoring the entire bitcoin network, but transfers between you and your client, may that be fiat or may that be bitcoin. We are providing tools for facilitating exactly that."
sr. member
Activity: 384
Merit: 258
Sounds to me, the interesting things may be:
- Who is sending how much to whom
- Linkage of IP to Wallet
- Where is money originating from and where do the money flows go
- Who is most likely running a Bitcoin service
I would add this one: Snapshot of network topology. Check if we still have the expected decentralized topology or if we have some hubs which may become future points of fragility (wrt data propagation).
hero member
Activity: 658
Merit: 501
Relevant Coindesk article -

http://www.coindesk.com/chainalysis-ceo-denies-launching-sybil-attack-on-bitcoin-network/

This whole situation make me even more motivated to increase full nodes to protect the network from "accidental" or deliberate attacks like this.
legendary
Activity: 3430
Merit: 1142
Ιntergalactic Conciliator
Is that the commands to block them from our nodes?

sudo iptables -I INPUT -m iprange --src-range 46.105.0.0-46.105.255.255 -j DROP
sudo iptables -I OUTPUT -m iprange --dst-range 46.105.0.0-46.105.255.255 -j DROP


i have setup several nodes around the world and i need to block this idiots.
Epic fail from them.. they just collpase their reputation in the bitcoin community.
One of my full node in uk is clean from that connections.
Thx for the info and i think we must check time to time who is connected to our node to see if something suspicious happens
sr. member
Activity: 252
Merit: 250
New article at CoinDesk: http://www.coindesk.com/chainalysis-ceo-denies-launching-sybil-attack-on-bitcoin-network/

Quote
Chainalysis denies any malicious behaviour – "the accusations got a little out of hand," Grønager said – and rather points to its technology being used to help law enforcement, for example in tracking and locating stolen funds.

He told CoinDesk:

"Funnily, following the Reddit post we have received a ton of emails from people with stolen bitcoins and requests for finding them – so yes, there is indeed a need [for this kind of service] and yes, we have received a lot of positive feedback from potential customers."

Quote
Chainalysis sides with the regulators. In providing what it calls 'automated transaction reporting', the company says it is helping bitcoin companies conform to existing money transfer regulations, including the travel rule.

This, Grønager said, will help bitcoin businesses get bank accounts and promote the currency's use among mainstream financial institutions.

He added:

"If you as a MSB (money services business) are offering automated transactions you are obliged to have suitable automated transaction monitoring. That is not to be confused with monitoring the entire bitcoin network, but transfers between you and your client, may that be fiat or may that be bitcoin. We are providing tools for facilitating exactly that."
legendary
Activity: 1512
Merit: 1057
SpacePirate.io
Hi all,

Chainalysis here - sorry to have caused any worry or confusion. We were preparing data for a blogpost on bitcoin traffic by volume btw different counties. We chose specifically to setup a number of nodes on the same /24 net to avoid any bitcoind or other vital parts of the network to be caught only on our nodes as we initially havn't build the transaction forwarding into the probes.

As we learned some SPV nodes were affected we have now shut down the nodes.

Sending a bitcoin transaction in a p2p network will always to some extend reveal your IP, like your IP is known by google as soon as you google something or by your preferred DNS server looking up domain names. We implicitly trust these services and that they do not reveal our behaviour on the internet. We also know that e.g. google of course profit from collecting this information which we accept to the extend that they don't sell specific information, but only statistical information compiled from their measurements.

We still think that there is a lot of interesting info you can learn from the bitcoin network by doing this kind of experiments, however, we also accept a do-not-trace wish from users. So perhaps the right way for network analysis research going forward is to:
1. Ensure probes comply 100% with the protocol (shame on us)
2. Add a link (url) to the specific purpose in the version name
3. Keep a tag in the version name [probe / recording / whatever] so nodes can choose to friendly opt out

But also note that the above measures and current protocol does not protect you against a real spy net at all, Tor is still the best solution for this purpose.

Sincerely,

Michael


Idiot... the bitcoin network is not your personal playground to just do whatever the hell you want on the network.  Have some respect for what others have done and keep your retarded experiment off the damn network.  Build your own node network in a closed environment if you want to experiment with the protocol or develop your own seperate coin network.  What the hell is the matter with you?
newbie
Activity: 26
Merit: 24
Hi all,

Chainalysis here - sorry to have caused any worry or confusion. We were preparing data for a blogpost on bitcoin traffic by volume btw different counties. We chose specifically to setup a number of nodes on the same /24 net to avoid any bitcoind or other vital parts of the network to be caught only on our nodes as we initially havn't build the transaction forwarding into the probes.

As we learned some SPV nodes were affected we have now shut down the nodes.

Sending a bitcoin transaction in a p2p network will always to some extend reveal your IP, like your IP is known by google as soon as you google something or by your preferred DNS server looking up domain names. We implicitly trust these services and that they do not reveal our behaviour on the internet. We also know that e.g. google of course profit from collecting this information which we accept to the extend that they don't sell specific information, but only statistical information compiled from their measurements.

We still think that there is a lot of interesting info you can learn from the bitcoin network by doing this kind of experiments, however, we also accept a do-not-trace wish from users. So perhaps the right way for network analysis research going forward is to:
1. Ensure probes comply 100% with the protocol (shame on us)
2. Add a link (url) to the specific purpose in the version name
3. Keep a tag in the version name [probe / recording / whatever] so nodes can choose to friendly opt out

But also note that the above measures and current protocol does not protect you against a real spy net at all, Tor is still the best solution for this purpose.

Sincerely,

Michael
legendary
Activity: 1120
Merit: 1016
090930
member
Activity: 112
Merit: 10
is there a way to block certain ip in bitcoin.conf file?

You really want to use iptables (assuming you are on Linux and I cannot imagine why you would not be.) That way you never have to shut down the Daemon just to block an address.
What do you think of my ufw approach above? I find ufw easier to get than iptables.

Excellent solution for sure. Always choose the tool that suits YOU best and you can always increase security. Blocking IPs is going to end up being a major task for any sysadmin regardless of their platform. There are tons of baddies out there!
hero member
Activity: 609
Merit: 506
Tor stuff

gmaxwell: your thoughts on using bitcoin through a VPN privacy service?
staff
Activity: 4284
Merit: 8808
is there some reason the base client isn't using epoll?
Not portable by itself, and real no reason to use it: running large numbers of connections isn't good for the goodput of the network (data crosses in flight more often the higher the number of concurrency connections), makes the node more vulnerable to a number of DOS attacks, and burns external resources (esp if they're used to make outbound connections). Shipping that would just make the lazy abusive users even more abusive, and I've seen plenty of evidence to suggest that it would cause harm. So that takes it from low priority (no need, a pain to do portably) to basically negative priority.

We'll probably do so eventually but I would expect it to come after some much more powerful anti-abuse tools.
zvs
legendary
Activity: 1680
Merit: 1000
https://web.archive.org/web/*/nogleg.com
Latest Bitcoin Core with 2000 connections allowed
2000 connections is not possible, you'll run out of file descriptors. If you edit the code remove the limits you'll end up with arbitrary memory corruption.

is there some reason the base client isn't using epoll?

ed:    and, tbh, i'm finding it odd people are just now mentioning the 46.105.201.xx shenanigans, i have some msg to drharibo about them from late february.  it's like those old snoopy nodes when dozens of them were going.  you block all you (know about) can and eat the rest
staff
Activity: 4284
Merit: 8808
You seem to be rather insecure about my remarks about Tor, Bitcoin and so forth.
Huh? Whats with the ad homenem?  You're making objectively incorrect statements, the result is a web of FUD that would mislead people into making poor choices.   Linking to a bunch of things totally unrelated to this discussion is a weird strategy-- no one in this thread disagrees that anonymity (or more importantly, simple privacy) is important. That question hasn't even come up. That it is important doesn't justify or legitimize making a incorrect claims about it.
full member
Activity: 196
Merit: 103
I just had an idea. I don't know if it's feasible, so let the experts chime in:

Is there any foolproof way a node could broadcast that it runs an unmodified bitcoin-core version? However, if there was such a way, a resourceful party could run hundreds of nodes on different ip's on different subnets which all appeared legit, but also with the purpose of collecting identifying data. And npbody can really know what the node operator does with all the info he gathers.

Fungibility is very important for bitcoin. Once businesses starts rejecting your transaction for whichever reason, we're back to square one. Nothing is as annoying as a bank shutting you down without even explaining why. Do we want the same for bitcoin?

Also I do not understand what makes bitcoin special over cash in terms of the regulatory environment. True, you can move bitcoin faster over longer distances (or at least assign a new owner to certain coins..), but I haven't seen any banks employ people to follow customers after withdrawing cash from an ATM to check what they're up to, where and how they spend their money. In essence, with the regulatory environment esp. in the US of today, we in essence have the digital version of this where large bitcoin companies have deployed technology for blockchain analysis where they trace incoming and outgoing funds to be "compliant". The only reason this is done is because it's possible.

Perhaps a certain level of regulations are smart, but why hassle the normal users and why this extended monitoring and spying. To me it seems like it's another security-theatre. I don't buy the arguments about bitcoin being used for nefarious purposes. Afaik, fiat money aka USD cash money is what's the favourite way of paying for criminals. When will we see a crackdown on the dollar? On a more serious note: All these legalities that's not contributing to the development for the human race, is doing the opposite. It makes me sad. We must of course relate to the real world, but if enough people chose not to participate in the current system it will break down.

/rant

Pages:
Jump to: