Topic: This message was too old and has been purged - page 2. (Read 37888 times)

Hi again,

Got some PM requests for clarifying legal issues etc. Your guess is as good as mine, but I think it is important to stress a few facts first:

1. Me explaining to coindesk/insidesbitcoins what Chainalysis do in general (Compliance, Investigations etc) has nothing to do with the nodes - we are not using transaction to IP mapping for anything but statistical research - aka the blog post already mentioned. This fact is, as I see it, highly relevant if we start to discuss any possible legal issues.

2. Claiming that Chainalysis should do anything illegal based on other nodes connecting to our nodes relaying INVs is highly speculative. I cannot see any difference btw that and connecting to any other service (HTTP/DNS etc) and recording that info for statistical purposes. Further, take e.g. blockchain.info where any first posted INVs are recorded and shared with all future users. How is our statistical analysis different from that ? And note even here that Chainalysis are not and have not any intention to share privacy sensitive info (IP numbers).

3. General legal considerations - I am by no means an expert on this - but this is a relevant discussion - when are you (illegally) eavesdropping by participating in a p2p network ? What are you allowed to do with the data/metadata (e.g. INVs and TXs) you receive ? What can you as a p2p user (legally) expect them to be used for ? Do we actually expect any regulation to cover here at all ?

Cheers,

Michael

Have you guys read this?

http://www.coindesk.com/chainalysis-ceo-denies-launching-sybil-attack-on-bitcoin-network/

Nevermind it's old news, nachoig already posted the link yesterday.

Yeah.  And their multiple statements seem at odds with each other.  Their statement quote above with regard to regulations and in the coin deskarticle do not match this:


Their explanations make their motivations even more questionable and, to me, increase the degree that one should be suspicious of them and their actions since they try to excuse the behavior in ways that are at opposite extremes depending on who they are talking to. 

It is good though to see this type of activity now and take steps to mitigate it at least some.  While Tor is not the be-all, as has been discussed up thread, it is a useful tool in the bitcoin world.  It isn't difficult to set up, so if you are running a node, consider adding a hidden service.  There is a guide on setting up bitcoin core with Tor (https://www.sky-ip.org/configure-bitcoin-node-debian-ubuntu.html  ) that seems to be reasonably complete from looking it over.  Some things you may need to tailor to your own uses, such as if you want to be on Tor and clear.  There may be other guides out there too, but thought that one might be useful if anyone was looking for one.

Thank you E.K for bring this up, by the way. 

Nice work, E.K.!

This message was too old and has been purged

First of all, I am pretty sure that chainalysis is violating Swiss laws by collecting this data and giving this data to their clients. But this is an issue for lawyers in Switzerland. Me, for my part, have sent a request to the Swiss data protection agency. I want to know WHAT they collect and see it.

Secondly, and this may be interesting:

Chainanalysis was established December 24, 2014. The company's capital is divided in three parts which are owned by:
- Trifork Holding AG
- SWIFT BIT HOLDING ApS
- CEPTACLE HOLDING ApS

Trifork Holding AG
The company was established in Switzerland. It was basically established by capital of "Blackbird Holding ApS" in Denmark, and "Trifork A/S", also in Denmark. "Trifork" is a software company, working for banks and also the government. President of the board of directors is Jorn Larsen who also is CEO of Chainanalysis.

Swift Bit Holding ApS
This holding company also is located in Denmark and owns Swift Bit, a software company of Jan Møller. Strange enough, these companies do not appear in his linkedin profile:
https://dk.linkedin.com/pub/jan-m%C3%B8ller/1/214/bb3


CEPTACLE HOLDING ApS
This company, too, is located in Denmark and controlled by Michael Grønager.

So basically, Chainanalysis is controlled by foreign corporations. And I want to know how Chainalaysis is complying with the Swiss Data Protection laws.

An IP address is, according to Swiss law, "personal data".

According to this law, Chainanalysis has to give access to all the data they have regarding a specific IP to the person who was using this IP at the time the data was collected. Such a request can be sent to Chainanalysis by e-mail and they have to respond without the right to charge anything for this. They have to tell them how they obtained this data and what they intend to do with it. Furthermore, they have to make sure and public how the personal data of users of the Bitcoin network is protected. If they don't, everybody can write a complaint to the Swiss data protection agency.

EDIT

According to Coindesk, "Chainalysis denies any malicious behaviour – "the accusations got a little out of hand," Grønager said – and rather points to its technology being used to help law enforcement, for example in tracking and locating stolen funds."

So my question: Is this the intention of them? If so: They are clearly violating Swiss laws and could face up to three years in jail.

The post quoted below and the one above from them above seem very different.  Traffic analysis vs tracking transactions for "travel rules" etc. 

The one above makes it sound much more innocuous than the quotes below.

I would add this one: Snapshot of network topology. Check if we still have the expected decentralized topology or if we have some hubs which may become future points of fragility (wrt data propagation).

Relevant Coindesk article -

http://www.coindesk.com/chainalysis-ceo-denies-launching-sybil-attack-on-bitcoin-network/

This whole situation make me even more motivated to increase full nodes to protect the network from "accidental" or deliberate attacks like this.

Is that the commands to block them from our nodes?

sudo iptables -I INPUT -m iprange --src-range 46.105.0.0-46.105.255.255 -j DROP
sudo iptables -I OUTPUT -m iprange --dst-range 46.105.0.0-46.105.255.255 -j DROP


i have setup several nodes around the world and i need to block this idiots.
Epic fail from them.. they just collpase their reputation in the bitcoin community.
One of my full node in uk is clean from that connections.
Thx for the info and i think we must check time to time who is connected to our node to see if something suspicious happens

New article at CoinDesk: http://www.coindesk.com/chainalysis-ceo-denies-launching-sybil-attack-on-bitcoin-network/

Idiot... the bitcoin network is not your personal playground to just do whatever the hell you want on the network.  Have some respect for what others have done and keep your retarded experiment off the damn network.  Build your own node network in a closed environment if you want to experiment with the protocol or develop your own seperate coin network.  What the hell is the matter with you?

Hi all,

Chainalysis here - sorry to have caused any worry or confusion. We were preparing data for a blogpost on bitcoin traffic by volume btw different counties. We chose specifically to setup a number of nodes on the same /24 net to avoid any bitcoind or other vital parts of the network to be caught only on our nodes as we initially havn't build the transaction forwarding into the probes.

As we learned some SPV nodes were affected we have now shut down the nodes.

Sending a bitcoin transaction in a p2p network will always to some extend reveal your IP, like your IP is known by google as soon as you google something or by your preferred DNS server looking up domain names. We implicitly trust these services and that they do not reveal our behaviour on the internet. We also know that e.g. google of course profit from collecting this information which we accept to the extend that they don't sell specific information, but only statistical information compiled from their measurements.

We still think that there is a lot of interesting info you can learn from the bitcoin network by doing this kind of experiments, however, we also accept a do-not-trace wish from users. So perhaps the right way for network analysis research going forward is to:
1. Ensure probes comply 100% with the protocol (shame on us)
2. Add a link (url) to the specific purpose in the version name
3. Keep a tag in the version name [probe / recording / whatever] so nodes can choose to friendly opt out

But also note that the above measures and current protocol does not protect you against a real spy net at all, Tor is still the best solution for this purpose.

Sincerely,

Michael

There is an informative discussion of this topic on reddit:

http://www.reddit.com/r/Bitcoin/comments/2yxid5/chainalasys_vs_mycelium_the_full_story/

Excellent solution for sure. Always choose the tool that suits YOU best and you can always increase security. Blocking IPs is going to end up being a major task for any sysadmin regardless of their platform. There are tons of baddies out there!

gmaxwell: your thoughts on using bitcoin through a VPN privacy service?

Not portable by itself, and real no reason to use it: running large numbers of connections isn't good for the goodput of the network (data crosses in flight more often the higher the number of concurrency connections), makes the node more vulnerable to a number of DOS attacks, and burns external resources (esp if they're used to make outbound connections). Shipping that would just make the lazy abusive users even more abusive, and I've seen plenty of evidence to suggest that it would cause harm. So that takes it from low priority (no need, a pain to do portably) to basically negative priority.

We'll probably do so eventually but I would expect it to come after some much more powerful anti-abuse tools.

is there some reason the base client isn't using epoll?

ed:    and, tbh, i'm finding it odd people are just now mentioning the 46.105.201.xx shenanigans, i have some msg to drharibo about them from late february.  it's like those old snoopy nodes when dozens of them were going.  you block all you (know about) can and eat the rest

Huh? Whats with the ad homenem?  You're making objectively incorrect statements, the result is a web of FUD that would mislead people into making poor choices.   Linking to a bunch of things totally unrelated to this discussion is a weird strategy-- no one in this thread disagrees that anonymity (or more importantly, simple privacy) is important. That question hasn't even come up. That it is important doesn't justify or legitimize making a incorrect claims about it.

I just had an idea. I don't know if it's feasible, so let the experts chime in:

Is there any foolproof way a node could broadcast that it runs an unmodified bitcoin-core version? However, if there was such a way, a resourceful party could run hundreds of nodes on different ip's on different subnets which all appeared legit, but also with the purpose of collecting identifying data. And npbody can really know what the node operator does with all the info he gathers.

Fungibility is very important for bitcoin. Once businesses starts rejecting your transaction for whichever reason, we're back to square one. Nothing is as annoying as a bank shutting you down without even explaining why. Do we want the same for bitcoin?

Also I do not understand what makes bitcoin special over cash in terms of the regulatory environment. True, you can move bitcoin faster over longer distances (or at least assign a new owner to certain coins..), but I haven't seen any banks employ people to follow customers after withdrawing cash from an ATM to check what they're up to, where and how they spend their money. In essence, with the regulatory environment esp. in the US of today, we in essence have the digital version of this where large bitcoin companies have deployed technology for blockchain analysis where they trace incoming and outgoing funds to be "compliant". The only reason this is done is because it's possible.

Perhaps a certain level of regulations are smart, but why hassle the normal users and why this extended monitoring and spying. To me it seems like it's another security-theatre. I don't buy the arguments about bitcoin being used for nefarious purposes. Afaik, fiat money aka USD cash money is what's the favourite way of paying for criminals. When will we see a crackdown on the dollar? On a more serious note: All these legalities that's not contributing to the development for the human race, is doing the opposite. It makes me sad. We must of course relate to the real world, but if enough people chose not to participate in the current system it will break down.

/rant