Topic: "You should assume your IP address can be associated with you.." -Gavin Anderson - page 3. (Read 4920 times)

What was OP?
Thread starter delete cause he worried he being bmtracked now?

Annoying when OP gets  deleted..

this isn't a suprise, really. you can see where transactions are broadcast from, so if sending from your own client, it would appear that your IP address could be narrowed down / linked to you. i've never been concerned, really.

Even though the Bitcoin reference implementation is not as modular as I'd like it to be, at least there's enough modularity that the P2P protocol is independent of the blockchain rules.

I know someone who's been doing theoretical work on how to create a self-organizing market for realtime data propagation. Perhaps one of these days that will turn into deployed software.

Absolutely true!  Not only that, but in the context of Bitcoin transaction communications it would be a really good fit (see previous post on this thread.)

It would be great if some transfer nodes were employing this technique in their communications, and if they were rewarded for doing so.  As things stand now transfer nodes are not even rewarded for providing transmission services within the network at all, much less for doing it in a defensive manner.  Alas.

Since the very early days (which was mid 2011 in my case) it struck me that Bitcoin has the potential to be very resilient because the data need is tiny and because it is not latency sensitive.  Absolutely the potential exists for transactions to be performed in even the most hostile environments though the methods you describe among others.

As I've alluded to before, I've assumed for some time that extensive deep packet capture and analysis has been underway.  The next shoe to drop would be active filtering.  We'd have to see compelling reason to do it, but if/when that reason comes into existence I expect that it will happen rapidly.  Even in this 'hostile environment' Bitcoin has a very real potential to continue to provide a framework for economic activity.

That said, it will never be exactly easy to use Bitcoin in an adverse environment.  A small fraction of people will have little trouble, and a growing fraction of people will develop the skills needed to do so, but we are still talking about a rarefied population.  And the notion of 'real time' activity would have to be drastically curtailed.  It never was a good fit with Bitcoin's design in the first place.  Anyway, this is the basis for my being fairly negative about efforts to extend the solution widely into the sphere of the masses and to try to forge it into a real-time solution (the domain of cash.)  Both of these will prove to be significant negatives if/when there is a genuine need for the solution.

I'm pretty much at the point now in the middle of 2014 of considering Bitcoin to be fatally damaged for the use-case that I envision as most valuable.  Maybe it could help bootstrap in a more viable and focused solution, but Bitcoin proper simply did not attempt to occupy the niche of a robust solution in a different and more hostile world than we see today.  Hopefully time will prove that it didn't matter much and nothing bad will happen in the real world.

There's a way to fix that, if you don't care about burning bandwidth.

Set up your node to transmit data to each peer at a fixed rate regardless of how much real traffic it actually has to send. Basically this would be 100% padding.

Disadvantages is that it eats up your bandwidth, and it puts a hard upper limit on the  maximum throughput of the network, but on the plus side timing attacks are useless.

I was just thinking about saying that you could use tor right before I read your last sentence.

At least hear me out on this.....

You could write and sign a TX, use blockchain.info over tor to push the transaction while using a public wifi with a lot of people around. Or you could skip using tor and just use the public wifi although it would leak your general location but your identity would probably be hidden

I've always been more concerned about timing analysis at the network level.  I've figured the NSA and such have taps almost everywhere.  At least since Mark Klein blew the whistle on AT&T's Narus nearly a decade ago.

An unhappy paradox is that one (or one like me) gains significant confidence in something only after it has been successfully attacked in specific ways.  TrueCrypt is a good example.

I bet it's a lot more secure now after two critical OpenSSL bugs have been fixed.

I'll feel a lot better about it if Tor ever switches to LibreSSL for encryption.

A full peer who is not masking their activity is susceptible to transaction counting.  That is, detection of transactions which originated at the peer rather than those being relayed.  Or at least that was supposed several years ago.  Several years ago most people thought it impractical though I personally always considered it a potential threat.  Now (post-Snowden) it seems likely that fine-grained packet are captured, retained, and analyzed.  At least for anyone who is tagged for enhanced monitoring, and I think that there is a strong possibility that all Bitcoin users are.

A non-compromised https connection to a non-compromised exchange or wallet service (if there is such a thing) would be theoretically more safe.  It would require timing analysis to match user activity with transactions (if they even leave the service) and that would be very easily thwarted by introducing some random delays.  This assumes that the service is somewhat popular (and thus, active) of course.

Go ahead and say the magic words 'tor'.  For my part I never trusted it.  At least not for highly critical work.  It being largely funded by the government to 'help Iranian dissidents' doesn't pass the smell test for me.  But to each his own.

Even with a dynamic IP address your identity can still be found.

Your ISP will keep logs of who is assigned what IP address at what times.

Tor and mixing, to mask the initial input should be enough.

Anytime a transaction is done which can be traced back like some payment then mix again.

Network snooping will show the transaction coming from the exchange.

The exchange, of course, knows it was your transaction and they'll have records showing such.

The same people who engage in widespread network snooping probably can just ask the exchange to give them those records (or they'll hack into the exchange and just extract the records themselves).

That's why I said if you use a web wallet you don't have any privacy.

It'll broadcast their IP if that is not masked.

What if you aren't sending from a personal wallet (Bitcoin-QT, etc), rather from an exchange (Cryptsy, mint, etc)? In that situation would it still be possible to trace where it was sent from? Or, since it is the exchange's server sending the transaction, would it be anonymous?

By default data is associated with you, unless you take counter measures.
Dragnet surveillance is very serious nowadays. IP address is one of the many things to track you.

That is good to know but an ISP provider retains address logs for 180 days to a year so it probably is still a valid concern
http://lifehacker.com/5923017/how-can-i-prevent-my-isp-from-tracking-my-every-move/all

This is not valid with Dynamic IP internet connections, like the connection I've right now.

Exactly right. That's why I've always kinda yukked up my sleeve at the "anonymous" nature of Bitcoin. Somebody could sniff out the packets used to send the Bitcoin and use the information in those packets to know where you sent it from no matter whether you sent it from your house or from your local cafe with Wi-Fi. About the only way to get around it is to use some kind of proxy service and even that isn't infallible.