Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of riseup.net
	designates 198.252.153.129 as permitted sender)
	client-ip=198.252.153.129;
	envelope-from=odinn.cyberguerrilla@riseup.net;
	helo=mx1.riseup.net; 
Message-ID: <550FB68B.2030902@riseup.net>
Date: Mon, 23 Mar 2015 06:45:31 +0000
From: odinn <odinn.cyberguerrilla@riseup.net>
MIME-Version: 1.0
To: Thy Shizzle <thyshizzle@outlook.com>
References: <COL401-EAS421DD08D2BE08D9601E5139C20D0@phx.gbl>
In-Reply-To: <COL401-EAS421DD08D2BE08D9601E5139C20D0@phx.gbl>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Cc: bitcoin-development@lists.sourceforge.net
Subject: Re: [Bitcoin-development] Criminal complaints against "network
 disruption as a service" startups
Precedence: list

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Shizzle's opinion, it would seem, is highly important.  I'm done here.

Thy Shizzle:
> Oh so you're talking about the criminality of one single entity? So
> having a quick look, it seems that the issue is they are collecting
> IPs and that kind of thing as well? So similar to what
> http://getaddr.bitnodes.io is doing but without the funding from
> the bitcoin foundation? If you are worried about your IP getting
> out you're behind a VPN. They can only collect the information made
> available to them. Botnets etc are completely different because you
> are forcing control over something you have no right to do. If
> companies want to sit there and collect publicly available
> information that you are voluntarily making available to them, why
> do you care? I can't see how it could be at all criminal.
> Remembering that most privacy laws relate to information that YOU
> PROVIDE to an entity during an agreement for service, payment, etc.
> You are providing this information publicly and they are collecting
> it from the public domain, not you giving it to them in an
> agreement, therefore the usual provisions of privacy etc don't
> apply. If you connect to their scraper node, of course they can log
> that. How could it possibly be criminal?=20
> ________________________________ From:
> odinn<mailto:odinn.cyberguerrilla@riseup.net> Sent: =E2=80=8E23/=E2=80=8E=
03/=E2=80=8E2015
> 4:50 PM To: Thy Shizzle<mailto:thyshizzle@outlook.com> Cc:
> bitcoin-development@lists.sourceforge.net<mailto:bitcoin-development@li=
sts.sourceforge.net>
>
>=20
Subject: Re: [Bitcoin-development] Criminal complaints against "network
disruption as a service" startups
>=20
> Back to what is Chainalysis and country of their origin, so
> criminal complaints against them would likely relate to violation
> of Swiss laws, as is described here:=20
> https://bitcointalk.org/index.php?topic=3D978088.msg10774882#msg1077488=
2
>
>  It is fairly obvious that Chainalysis is not merely doing what=20
> blockchain.info etc. is. Let's not delude ourselves here.
>=20
> As stated, it would be advisable for such a firm to cease
> operations, and it would seem that plenty of polite shots over the
> bow have been given to Chainalysis, which should now fold up its
> operation, pack its bags, and go back to its hole before trying to
> serve its masters again in another way. Etc.
>=20
> Corporations similar to Chainalysis which are domiciled in other=20
> countries which conduct collection of information in ways that
> violate countries' laws (there are many countries and each have
> their own ways of interpreting user privacy and what constitutes
> permissible breach and in what circumstances) can indeed be held to
> legal standards that may result in minimal or severe legal
> penalties.  It is true that analyzing information that is publicly
> available, such as that which is in a library, is not illegal. But
> the act of surveillance is. (Then there is the question of what
> sort of surveillance, targeted or general, and whether it is
> limited to the bitcoin network or if it moves beyond that to
> attempts to correlate with usernames, IDs, IPs, and other
> information available on fora and apparent from services, but I
> won't get into that here.)  Even if you argue that the manner in=20
> which you are performing your actions is not actually
> "surveillance," or you argue that it is "legally permissible,"
> someone else will certainly come along and make a reasonable
> argument that you are indeed engaging in illegal surveillance.
> They may even suggest to a judge that you are in the process of
> constructing a botnet and demand that your domains be seized, and
> may successfully obtain an ex parte temporary restraining order
> (TRO) against Chainalysis and similar corporations to have
> domain(s) seized.  Any and all arguments may be added in here,
> there are 196 countries in the world today - each with their own
> unique laws - (maybe less by the time you read this) and a shit-ton
> of possible legal arguments that can be made by creative minds that
> might want to sue you if you have been surveilling people, each
> different depending on where your surveillance corporation is=20
> domiciled.  There are plenty of legal processes available for
> people to do exactly that.  You are indeed subject to having that
> happen to you if you continue to surveill the network even if you
> are doing so on behalf of the state for the purpose of gathering
> information for a state's compliance initiative.
>=20
> So, don't delude yourself, and be happy if all that happens is
> your little surveillance initiative has to close its doors (or gets
> sued if it stays open).  Because that is the legal side of things.
> The extralegal stuff is far worse.  The community is helping you by
> asking you gently to close up shop and go away. It is a helpful
> suggestion and I believe also a fair warning, again, a shot off the
> bow.
>=20
> On the development side, developers are certainly responsible for=20
> doing what they can to resist this kind of surveillance activity.
> But I have a feeling that will be a different thread which is more=20
> technical and so won't comment on it here, except to say it will=20
> likely involve working toward giving the user an anonymity option=20
> which can be exercised as part of any transaction.
>=20
> Thy Shizzle:
>> I don't believe that at all. Analyzing information publicly=20
>> available is not illegal. Chainalysis or whatever you call it
>> would be likened to observing who comes and feeds birds at the
>> park everyday. You can sit in the park and observe who feeds the
>> birds, just as you can connect to the Bitcoin P2P network and
>> observe the blocks being formed into the chain and transactions
>> etc. Unless there is some agreement taking place where it is
>> specified that upon connecting to the Bitcoin P2P swarm you agree
>> to a set of terms, however as every node is providing their own
>> "entry" into the P2P swarm it becomes really up to the node
>> providing the connection to uphold and enforce the terms of the
>> agreement. If you allow people to connect to you without terms of
>> agreement, you cannot cry foul when they record the data that
>> passes through. To say Chainalysis needs to cease is silly, the
>> whole point of the public blockchain is for Chainalysis, whether
>> it be for the verification of transactions, research or
>> otherwise.
>=20
>> -----Original Message----- From: "odinn"=20
>> <odinn.cyberguerrilla@riseup.net> Sent: =E2=80=8E23/=E2=80=8E03/=E2=80=
=8E2015 1:48 PM
>> To: "bitcoin-development@lists.sourceforge.net"=20
>> <bitcoin-development@lists.sourceforge.net> Subject: Re:=20
>> [Bitcoin-development] Criminal complaints against "network=20
>> disruption as a service" startups
>=20
>> If you (e.g. Chainalysis) or anyone else are doing surveillance
>> on the network and gathering information for later use, and
>> whether or not the ultimate purpose is to divulge it to other
>> parties for compliance purposes, you can bet that ultimately the
>> tables will be turned on you, and you will be the one having your
>> ass handed to you so to speak, before or after you are served, in
>> legal parlance. Whether or not the outcome of that is meaningful
>> and beneficial to any concerned parties and what is the upshot of
>> it in the end depends on on what you do and just how far you
>> decide to take your ill-advised enterprise.
>=20
>> Chainalysis and similar operations would be, IMHO, well advised
>> to cease operations.  This doesn't mean they will, but guess
>> what:
>=20
>> Shot over the bow, folks.
>=20
>> Jan M=C3=B8ller:
>>> What we were trying to achieve was determining the flow of
>>> funds between countries by figuring out which country a
>>> transaction originates from. To do that with a certain accuracy
>>> you need many nodes. We chose a class C IP range as we knew
>>> that bitcoin core and others only connect to one node in any
>>> class C IP range. We were not aware that breadwallet didn't
>>> follow this practice. Breadwallet risked getting tar-pitted,
>>> but that was not our intention and we are sorry about that.
>=20
>>> Our nodes DID respond with valid blocks and merkle-blocks and=20
>>> allowed everyone connecting to track the blockchain. We did=20
>>> however not relay transactions. The 'service' bit in the
>>> version message is not meant for telling whether or how the
>>> node relays transactions, it tells whether you can ask for
>>> block headers only or full blocks.
>=20
>>> Many implementations enforce non standard rules for handling=20
>>> transactions; some nodes ignore transactions with address
>>> reuse, some nodes happily forward double spends, and some nodes
>>> forward neither blocks not transactions. We did blocks but not=20
>>> transactions.
>=20
>>> In hindsight we should have done two things: 1. relay=20
>>> transactions 2. advertise address from 'foreign' nodes
>=20
>>> Both would have fixed the problems that breadwallet
>>> experienced. My understanding is that breadwallet now has the
>>> same 'class C' rule as bitcoind, which would also fix it.
>=20
>>> Getting back on the topic of this thread and whether it is=20
>>> illegal, your guess is as good as mine. I don't think it is=20
>>> illegal to log incoming connections and make statistical
>>> analysis on it. That would more or less incriminate anyone who
>>> runs a web-server and looks into the access log. At lease one
>>> Bitcoin service has been collecting IP addresses for years and
>>> given them to anyone visiting their web-site (you know who) and
>>> I believe that this practise is very wrong. We have no
>>> intention of giving IP addresses away to anyone, but we believe
>>> that you are free to make statistics on connection logs when
>>> nodes connect to you.
>=20
>>> On a side note: When you make many connections to the network=20
>>> you see lots of strange nodes and suspicious patterns. You can=20
>>> be certain that we were not the only ones connected to many=20
>>> nodes.
>=20
>>> My takeaway from this: If nodes that do not relay transactions
>>> is a problem then there is stuff to fix.
>=20
>>> /Jan
>=20
>>> On Fri, Mar 13, 2015 at 10:48 PM, Mike Hearn <mike@plan99.net>=20
>>> wrote:
>=20
>>>> That would be rather new and tricky legal territory.
>>>>=20
>>>> But even putting the legal issues to one side, there are=20
>>>> definitional issues.
>>>>=20
>>>> For instance if the Chainalysis nodes started following the=20
>>>> protocol specs better and became just regular nodes that=20
>>>> happen to keep logs, would that still be a violation? If so,=20
>>>> what about blockchain.info? It'd be shooting ourselves in
>>>> the foot to try and forbid block explorers given how useful
>>>> they are.
>>>>=20
>>>> If someone non-maliciously runs some nodes with debug
>>>> logging turned on, and makes full system backups every night,
>>>> and keeps those backups for years, are they in violation of=20
>>>> whatever pseudo-law is involved?
>>>>=20
>>>> I think it's a bit early to think about these things right=20
>>>> now. Michael Gr=C3=B8nager and Jan M=C3=B8ller have been Bitcoin
>>>> hackers for a long time. I'd be interested to know their
>>>> thoughts on all of this.
>>>>=20
>>>>=20
>>>> --------------------------------------------------------------------=
----------
>>>>
>>>>
>
>>>>=20
>>>>=20
> Dive into the World of Parallel Programming The Go Parallel
> Website,
>>>> sponsored by Intel and developed in partnership with
>>>> Slashdot Media, is your hub for all things parallel software=20
>>>> development, from weekly thought leadership blogs to news,=20
>>>> videos, case studies, tutorials and more. Take a look and
>>>> join the conversation now.
>>>> http://goparallel.sourceforge.net/=20
>>>> _______________________________________________=20
>>>> Bitcoin-development mailing list=20
>>>> Bitcoin-development@lists.sourceforge.net=20
>>>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>>>
>>>>
>
>>>>=20
>>>>=20
>=20
>=20
>>> ---------------------------------------------------------------------=
---------
>
>>>=20
>>>=20
>=20
>> Dive into the World of Parallel Programming The Go Parallel=20
>> Website, sponsored
>>> by Intel and developed in partnership with Slashdot Media, is=20
>>> your hub for all things parallel software development, from=20
>>> weekly thought leadership blogs to news, videos, case studies,=20
>>> tutorials and more. Take a look and join the conversation now.=20
>>> http://goparallel.sourceforge.net/
>=20
>=20
>=20
>>> _______________________________________________=20
>>> Bitcoin-development mailing list=20
>>> Bitcoin-development@lists.sourceforge.net=20
>>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>>>=20
>=20
>=20
>> ----------------------------------------------------------------------=
--------
>
>>=20
>=20
> Dive into the World of Parallel Programming The Go Parallel
> Website, sponsored
>> by Intel and developed in partnership with Slashdot Media, is
>> your hub for all things parallel software development, from
>> weekly thought leadership blogs to news, videos, case studies,
>> tutorials and more. Take a look and join the conversation now.=20
>> http://goparallel.sourceforge.net/=20
>> _______________________________________________
>> Bitcoin-development mailing list
>> Bitcoin-development@lists.sourceforge.net=20
>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>=20
>=20
>=20

- --=20
http://abis.io ~
"a protocol concept to enable decentralization
and expansion of a giving economy, and a new social good"
https://keybase.io/odinn
-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJVD7aKAAoJEGxwq/inSG8C4KsIAIu5atra8Y9R9oejNryjMQkz
UOVORw3y0eD8yaAiJJQzJjmNE6UXC92R3gM3KtQoQchSQ6RhyhZUZkzCY7k2Ug08
8UZnxjgAHCwScGUSgpDu2hcGDtC+Csa1EKOExjCxYCBlVRI+cCJqxIm9d7vGDi4V
R1y57xtKtussJxhZKVjIxothkHtSy5HuaKdKLfI7ikoBAerOVY7bGCxE+drUr4OO
Sgxe94M8z/ecFk3h37ZhuL2P+mNAlCKQkW592628XC0bXN8iT2vW7MnB3BLEBzvb
TeWFYUFjs5v09B6Cw6LQWFGKdFwLGganybeEqoKNfzrihEAa19PFsRWHPStMUCM=3D
=3DJnJQ
-----END PGP SIGNATURE-----