Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1XtoWr-0006iQ-BF for bitcoin-development@lists.sourceforge.net; Thu, 27 Nov 2014 02:09:57 +0000 X-ACL-Warn: Received: from quidecco.de ([81.169.136.15]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.76) id 1XtoWo-0001PW-G3 for bitcoin-development@lists.sourceforge.net; Thu, 27 Nov 2014 02:09:57 +0000 Received: from localhost (localhost [127.0.0.1]) by quidecco.de (Postfix) with SMTP id A13D2E19A09; Thu, 27 Nov 2014 03:09:47 +0100 (CET) From: Isidor Zeuner To: odinn Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; format=flowed References: <54760A50.201@riseup.net> In-Reply-To: <54760A50.201@riseup.net> Message-Id: <20141127020947.A13D2E19A09@quidecco.de> Date: Thu, 27 Nov 2014 03:09:47 +0100 (CET) X-Spam-Score: -0.0 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain X-Headers-End: 1XtoWo-0001PW-G3 Cc: Bitcoin Development Subject: Re: [Bitcoin-development] Deanonymisation of clients in Bitcoin P2P network paper X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Nov 2014 02:09:57 -0000 Hello there, quote: > Please see also the following: > > https://cpunks.org//pipermail/cypherpunks/2014-November/005971.html > I agree about the severity of the Tor/Bitcoin issue, but I see no point in bashing Bitcoin's financial privacy characteristics as the linked pages seem to do. Bitcoin can be useful as a part of a strategy to improve on privacy, but it does not intend to be a run-and-forget solution for doing so. A lot of issues found in this context can actually be traced back to Tor's characteristics already known before. It's just that Bitcoin makes Tor's deficiencies more measurable - before Bitcoin, those interested in researching how Tor performs in an automated context where a much smaller community. In the end, I guess both projects can benefit from the research we can do now. > Respect, > > - -Odinn > > Jeff Garzik: > > I don't recall being contacted directly, but the attack has been > > discussed. It relies on a number of conditions. For example, if > > you are over Tor, they try to kick the machine off Tor, _assuming_ > > that it will fall back to non-Tor. That's only true for dual stack > > nodes, which are not really 100% anonymous anyway -- you're > > operating from your public IP anyway. > > Generally, it cannot be said that the attack vector described here is irrelevant for non-dual-stack nodes. An attacker might not be able to collect IP addresses of Tor-only nodes, but he can try to kick the users from all Tor exit nodes he does not control, and proceed with other attacks when a large number of Tor-only users connect through his Tor exit node(s). Since this attack vector has been discussed, I started making some measurements on how effective it is to connect to Bitcoin using Tor, and I found that the number of connections dropping to near-zero is a situation which occurs rather frequently, which suggests that there is still room to improve on the DoS handling. Best regards, Isidor