Re: [Bitcoin-development] Criminal complaints against "network disruption as a service" startups

author: odinn <odinn.cyberguerrilla@riseup.net> 2015-03-23 05:50:32 +0000
committer: bitcoindev <bitcoindev@gnusha.org> 2015-03-23 05:50:51 +0000
commit: 194b2afb37568a32c09bb33bf3b75dd22d951708 (patch)
tree: f005376a1984ff5def444c78eba695307ff614d4
parent: 9bccb56c280fb4242c78b33b546dc51f38992a6c (diff)
download: pi-bitcoindev-194b2afb37568a32c09bb33bf3b75dd22d951708.tar.gz
pi-bitcoindev-194b2afb37568a32c09bb33bf3b75dd22d951708.zip
1 files changed, 329 insertions, 0 deletions
diff --git a/e8/33847621848262159048b6de420fd4eebfb782 b/e8/33847621848262159048b6de420fd4eebfb782
new file mode 100644
index 000000000..90ee43435
--- /dev/null
+++ b/e8/33847621848262159048b6de420fd4eebfb782
@@ -0,0 +1,329 @@
+Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193]
+	helo=mx.sourceforge.net)
+	by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
+	(envelope-from <odinn.cyberguerrilla@riseup.net>) id 1YZvGF-0005kK-Fv
+	for bitcoin-development@lists.sourceforge.net;
+	Mon, 23 Mar 2015 05:50:51 +0000
+Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of riseup.net
+	designates 198.252.153.129 as permitted sender)
+	client-ip=198.252.153.129;
+	envelope-from=odinn.cyberguerrilla@riseup.net;
+	helo=mx1.riseup.net; 
+Received: from mx1.riseup.net ([198.252.153.129])
+	by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256)
+	(Exim 4.76) id 1YZvGD-0008Jh-Hr
+	for bitcoin-development@lists.sourceforge.net;
+	Mon, 23 Mar 2015 05:50:51 +0000
+Received: from berryeater.riseup.net (berryeater-pn.riseup.net [10.0.1.120])
+	(using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
+	(Client CN "*.riseup.net",
+	Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
+	by mx1.riseup.net (Postfix) with ESMTPS id 6FE39417B7;
+	Mon, 23 Mar 2015 05:50:43 +0000 (UTC)
+Received: from [127.0.0.1] (localhost [127.0.0.1])
+	(Authenticated sender: odinn.cyberguerrilla)
+	with ESMTPSA id 57BF640E10
+Message-ID: <550FA9A8.6050302@riseup.net>
+Date: Mon, 23 Mar 2015 05:50:32 +0000
+From: odinn <odinn.cyberguerrilla@riseup.net>
+MIME-Version: 1.0
+To: Thy Shizzle <thyshizzle@outlook.com>
+References: <COL401-EAS2273FA9CFE9B779BF339766C20D0@phx.gbl>
+In-Reply-To: <COL401-EAS2273FA9CFE9B779BF339766C20D0@phx.gbl>
+Content-Type: text/plain; charset=utf-8
+X-Virus-Scanned: clamav-milter 0.98.6 at mx1
+X-Virus-Status: Clean
+Content-Transfer-Encoding: quoted-printable
+X-Spam-Score: -1.4 (-)
+X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
+	See http://spamassassin.org/tag/ for more details.
+	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
+	sender-domain
+	-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/,
+	no trust [198.252.153.129 listed in list.dnswl.org]
+	-0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
+	-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
+	domain
+	-0.0 SPF_PASS               SPF: sender matches SPF record
+	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
+	not necessarily valid
+	0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
+	0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay
+	lines
+X-Headers-End: 1YZvGD-0008Jh-Hr
+Cc: bitcoin-development@lists.sourceforge.net
+Subject: Re: [Bitcoin-development] Criminal complaints against "network
+ disruption as a service" startups
+X-BeenThere: bitcoin-development@lists.sourceforge.net
+X-Mailman-Version: 2.1.9
+Precedence: list
+List-Id: <bitcoin-development.lists.sourceforge.net>
+List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
+	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
+List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
+List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
+List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
+List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
+	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
+X-List-Received-Date: Mon, 23 Mar 2015 05:50:51 -0000
+
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+Back to what is Chainalysis and country of their origin, so criminal
+complaints against them would likely relate to violation of Swiss
+laws, as is described here:
+https://bitcointalk.org/index.php?topic=3D978088.msg10774882#msg10774882
+
+It is fairly obvious that Chainalysis is not merely doing what
+blockchain.info etc. is. Let's not delude ourselves here.
+
+As stated, it would be advisable for such a firm to cease operations,
+and it would seem that plenty of polite shots over the bow have been
+given to Chainalysis, which should now fold up its operation, pack its
+bags, and go back to its hole before trying to serve its masters again
+in another way. Etc.
+
+Corporations similar to Chainalysis which are domiciled in other
+countries which conduct collection of information in ways that violate
+countries' laws (there are many countries and each have their own ways
+of interpreting user privacy and what constitutes permissible breach
+and in what circumstances) can indeed be held to legal standards that
+may result in minimal or severe legal penalties.  It is true that
+analyzing information that is publicly available, such as that which
+is in a library, is not illegal. But the act of surveillance is.
+(Then there is the question of what sort of surveillance, targeted or
+general, and whether it is limited to the bitcoin network or if it
+moves beyond that to attempts to correlate with usernames, IDs, IPs,
+and other information available on fora and apparent from services,
+but I won't get into that here.)  Even if you argue that the manner in
+which you are performing your actions is not actually "surveillance,"
+or you argue that it is "legally permissible," someone else will
+certainly come along and make a reasonable argument that you are
+indeed engaging in illegal surveillance.  They may even suggest to a
+judge that you are in the process of constructing a botnet and demand
+that your domains be seized, and may successfully obtain an ex parte
+temporary restraining order (TRO) against Chainalysis and similar
+corporations to have domain(s) seized.  Any and all arguments may be
+added in here, there are 196 countries in the world today - each with
+their own unique laws - (maybe less by the time you read this) and a
+shit-ton of possible legal arguments that can be made by creative
+minds that might want to sue you if you have been surveilling people,
+each different depending on where your surveillance corporation is
+domiciled.  There are plenty of legal processes available for people
+to do exactly that.  You are indeed subject to having that happen to
+you if you continue to surveill the network even if you are doing so
+on behalf of the state for the purpose of gathering information for a
+state's compliance initiative.
+
+So, don't delude yourself, and be happy if all that happens is your
+little surveillance initiative has to close its doors (or gets sued if
+it stays open).  Because that is the legal side of things.  The
+extralegal stuff is far worse.  The community is helping you by asking
+you gently to close up shop and go away. It is a helpful suggestion
+and I believe also a fair warning, again, a shot off the bow.
+
+On the development side, developers are certainly responsible for
+doing what they can to resist this kind of surveillance activity.  But
+I have a feeling that will be a different thread which is more
+technical and so won't comment on it here, except to say it will
+likely involve working toward giving the user an anonymity option
+which can be exercised as part of any transaction.
+
+Thy Shizzle:
+> I don't believe that at all. Analyzing information publicly
+> available is not illegal. Chainalysis or whatever you call it would
+> be likened to observing who comes and feeds birds at the park
+> everyday. You can sit in the park and observe who feeds the birds,
+> just as you can connect to the Bitcoin P2P network and observe the
+> blocks being formed into the chain and transactions etc. Unless
+> there is some agreement taking place where it is specified that
+> upon connecting to the Bitcoin P2P swarm you agree to a set of
+> terms, however as every node is providing their own "entry" into
+> the P2P swarm it becomes really up to the node providing the
+> connection to uphold and enforce the terms of the agreement. If you
+> allow people to connect to you without terms of agreement, you
+> cannot cry foul when they record the data that passes through. To
+> say Chainalysis needs to cease is silly, the whole point of the
+> public blockchain is for Chainalysis, whether it be for the
+> verification of transactions, research or otherwise.
+>=20
+> -----Original Message----- From: "odinn"
+> <odinn.cyberguerrilla@riseup.net> Sent: =E2=80=8E23/=E2=80=8E03/=E2=80=8E=
+2015 1:48 PM To:
+> "bitcoin-development@lists.sourceforge.net"
+> <bitcoin-development@lists.sourceforge.net> Subject: Re:
+> [Bitcoin-development] Criminal complaints against "network
+> disruption as a service" startups
+>=20
+> If you (e.g. Chainalysis) or anyone else are doing surveillance on
+> the network and gathering information for later use, and whether or
+> not the ultimate purpose is to divulge it to other parties for
+> compliance purposes, you can bet that ultimately the tables will be
+> turned on you, and you will be the one having your ass handed to
+> you so to speak, before or after you are served, in legal parlance.
+> Whether or not the outcome of that is meaningful and beneficial to
+> any concerned parties and what is the upshot of it in the end
+> depends on on what you do and just how far you decide to take your
+> ill-advised enterprise.
+>=20
+> Chainalysis and similar operations would be, IMHO, well advised to=20
+> cease operations.  This doesn't mean they will, but guess what:
+>=20
+> Shot over the bow, folks.
+>=20
+> Jan M=C3=B8ller:
+>> What we were trying to achieve was determining the flow of funds=20
+>> between countries by figuring out which country a transaction=20
+>> originates from. To do that with a certain accuracy you need
+>> many nodes. We chose a class C IP range as we knew that bitcoin
+>> core and others only connect to one node in any class C IP range.
+>> We were not aware that breadwallet didn't follow this practice.
+>> Breadwallet risked getting tar-pitted, but that was not our
+>> intention and we are sorry about that.
+>=20
+>> Our nodes DID respond with valid blocks and merkle-blocks and=20
+>> allowed everyone connecting to track the blockchain. We did
+>> however not relay transactions. The 'service' bit in the version
+>> message is not meant for telling whether or how the node relays
+>> transactions, it tells whether you can ask for block headers only
+>> or full blocks.
+>=20
+>> Many implementations enforce non standard rules for handling=20
+>> transactions; some nodes ignore transactions with address reuse,=20
+>> some nodes happily forward double spends, and some nodes forward=20
+>> neither blocks not transactions. We did blocks but not=20
+>> transactions.
+>=20
+>> In hindsight we should have done two things: 1. relay
+>> transactions 2. advertise address from 'foreign' nodes
+>=20
+>> Both would have fixed the problems that breadwallet experienced.=20
+>> My understanding is that breadwallet now has the same 'class C'=20
+>> rule as bitcoind, which would also fix it.
+>=20
+>> Getting back on the topic of this thread and whether it is
+>> illegal, your guess is as good as mine. I don't think it is
+>> illegal to log incoming connections and make statistical analysis
+>> on it. That would more or less incriminate anyone who runs a
+>> web-server and looks into the access log. At lease one Bitcoin
+>> service has been collecting IP addresses for years and given them
+>> to anyone visiting their web-site (you know who) and I believe
+>> that this practise is very wrong. We have no intention of giving
+>> IP addresses away to anyone, but we believe that you are free to
+>> make statistics on connection logs when nodes connect to you.
+>=20
+>> On a side note: When you make many connections to the network
+>> you see lots of strange nodes and suspicious patterns. You can
+>> be certain that we were not the only ones connected to many
+>> nodes.
+>=20
+>> My takeaway from this: If nodes that do not relay transactions is
+>> a problem then there is stuff to fix.
+>=20
+>> /Jan
+>=20
+>> On Fri, Mar 13, 2015 at 10:48 PM, Mike Hearn <mike@plan99.net>=20
+>> wrote:
+>=20
+>>> That would be rather new and tricky legal territory.
+>>>=20
+>>> But even putting the legal issues to one side, there are=20
+>>> definitional issues.
+>>>=20
+>>> For instance if the Chainalysis nodes started following the=20
+>>> protocol specs better and became just regular nodes that
+>>> happen to keep logs, would that still be a violation? If so,
+>>> what about blockchain.info? It'd be shooting ourselves in the
+>>> foot to try and forbid block explorers given how useful they
+>>> are.
+>>>=20
+>>> If someone non-maliciously runs some nodes with debug logging=20
+>>> turned on, and makes full system backups every night, and
+>>> keeps those backups for years, are they in violation of
+>>> whatever pseudo-law is involved?
+>>>=20
+>>> I think it's a bit early to think about these things right
+>>> now. Michael Gr=C3=B8nager and Jan M=C3=B8ller have been Bitcoin hack=
+ers
+>>> for a long time. I'd be interested to know their thoughts on
+>>> all of this.
+>>>=20
+>>>=20
+>>> ---------------------------------------------------------------------=
+---------
+>>>
+>>>
+>
+>>>=20
+Dive into the World of Parallel Programming The Go Parallel Website,
+>>> sponsored by Intel and developed in partnership with Slashdot=20
+>>> Media, is your hub for all things parallel software
+>>> development, from weekly thought leadership blogs to news,
+>>> videos, case studies, tutorials and more. Take a look and join
+>>> the conversation now. http://goparallel.sourceforge.net/=20
+>>> _______________________________________________=20
+>>> Bitcoin-development mailing list=20
+>>> Bitcoin-development@lists.sourceforge.net=20
+>>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
+>>>
+>>>
+>
+>>>=20
+>=20
+>=20
+>> ----------------------------------------------------------------------=
+--------
+>
+>>=20
+>=20
+> Dive into the World of Parallel Programming The Go Parallel
+> Website, sponsored
+>> by Intel and developed in partnership with Slashdot Media, is
+>> your hub for all things parallel software development, from
+>> weekly thought leadership blogs to news, videos, case studies,
+>> tutorials and more. Take a look and join the conversation now.=20
+>> http://goparallel.sourceforge.net/
+>=20
+>=20
+>=20
+>> _______________________________________________
+>> Bitcoin-development mailing list
+>> Bitcoin-development@lists.sourceforge.net=20
+>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
+>=20
+>=20
+>=20
+> -----------------------------------------------------------------------=
+-------
+>
+>=20
+Dive into the World of Parallel Programming The Go Parallel Website,
+sponsored
+> by Intel and developed in partnership with Slashdot Media, is your
+> hub for all things parallel software development, from weekly
+> thought leadership blogs to news, videos, case studies, tutorials
+> and more. Take a look and join the conversation now.
+> http://goparallel.sourceforge.net/=20
+> _______________________________________________ Bitcoin-development
+> mailing list Bitcoin-development@lists.sourceforge.net=20
+> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
+>=20
+
+- --=20
+http://abis.io ~
+"a protocol concept to enable decentralization
+and expansion of a giving economy, and a new social good"
+https://keybase.io/odinn
+-----BEGIN PGP SIGNATURE-----
+
+iQEcBAEBCgAGBQJVD6mmAAoJEGxwq/inSG8CkLUH/iWvn7kp6KW2fe5RFca1eAmH
+L+5P+kNDzMARIRt8A3CvopoQQMZx44aZ8pMdErUk+78A7oeP/x+scYEkSiXE17Iv
+saBWv43mO+qFxgVrU7y+9njwLJoywHitBymhLGisi3hv+H7lfIMdPK2dLVThwxel
+bVO0Ga8Y9qDYAwtK23yEOCT7klj5mT0tG50U4HxDpIXaJj8kCnVUC2O1MdYhr1pP
+93cDuhBmXOg7sOLAPpdWVhgfnz0Vm8M0ZWUIK+4FGzpQugWHcmdp3YUDCeczOYzD
+u5zVdAqvdL6qQcWkUcGfkKaAqfJH3u5F2zeQvDUEJeeEz1lWnrsXuT7cCvcp/TU=3D
+=3D6io6
+-----END PGP SIGNATURE-----
+
+
author	odinn <odinn.cyberguerrilla@riseup.net>	2015-03-23 05:50:32 +0000
committer	bitcoindev <bitcoindev@gnusha.org>	2015-03-23 05:50:51 +0000
commit	194b2afb37568a32c09bb33bf3b75dd22d951708 (patch)
tree	f005376a1984ff5def444c78eba695307ff614d4
parent	9bccb56c280fb4242c78b33b546dc51f38992a6c (diff)
download	pi-bitcoindev-194b2afb37568a32c09bb33bf3b75dd22d951708.tar.gz pi-bitcoindev-194b2afb37568a32c09bb33bf3b75dd22d951708.zip