blob: a6c9cbd238b350de5855e20c73076cee808014bc (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
|
Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192]
helo=mx.sourceforge.net)
by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <thyshizzle@outlook.com>) id 1YZvZH-0007TL-5V
for bitcoin-development@lists.sourceforge.net;
Mon, 23 Mar 2015 06:10:31 +0000
Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of outlook.com
designates 65.55.34.218 as permitted sender)
client-ip=65.55.34.218; envelope-from=thyshizzle@outlook.com;
helo=COL004-OMC4S16.hotmail.com;
Received: from col004-omc4s16.hotmail.com ([65.55.34.218])
by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256)
(Exim 4.76) id 1YZvZE-0005H2-3R
for bitcoin-development@lists.sourceforge.net;
Mon, 23 Mar 2015 06:10:31 +0000
Received: from COL401-EAS421 ([65.55.34.201]) by COL004-OMC4S16.hotmail.com
over TLS secured channel with Microsoft SMTPSVC(7.5.7601.22751);
Sun, 22 Mar 2015 23:10:21 -0700
X-TMN: [xUQegOibU5xtHgjzhmtgqRYyidKDsNSF]
X-Originating-Email: [thyshizzle@outlook.com]
Message-ID: <COL401-EAS421DD08D2BE08D9601E5139C20D0@phx.gbl>
Content-Type: multipart/alternative;
boundary="_45dd4ad8-c5b7-4083-ab52-0387b89558a8_"
MIME-Version: 1.0
To: odinn <odinn.cyberguerrilla@riseup.net>
From: Thy Shizzle <thyshizzle@outlook.com>
Date: Mon, 23 Mar 2015 17:10:12 +1100
X-OriginalArrivalTime: 23 Mar 2015 06:10:21.0973 (UTC)
FILETIME=[0B833C50:01D06530]
X-Spam-Score: -1.0 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/,
no trust [65.55.34.218 listed in list.dnswl.org]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(thyshizzle[at]outlook.com)
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 HTML_MESSAGE BODY: HTML included in message
-0.5 AWL AWL: Adjusted score from AWL reputation of From: address
X-Headers-End: 1YZvZE-0005H2-3R
Cc: bitcoin-development@lists.sourceforge.net
Subject: Re: [Bitcoin-development] Criminal complaints against "network
disruption as a service" startups
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Mon, 23 Mar 2015 06:10:31 -0000
--_45dd4ad8-c5b7-4083-ab52-0387b89558a8_
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"
Oh so you're talking about the criminality of one single entity? So having =
a quick look=2C it seems that the issue is they are collecting IPs and that=
kind of thing as well? So similar to what http://getaddr.bitnodes.io is do=
ing but without the funding from the bitcoin foundation? If you are worried=
about your IP getting out you're behind a VPN. They can only collect the i=
nformation made available to them. Botnets etc are completely different bec=
ause you are forcing control over something you have no right to do. If com=
panies want to sit there and collect publicly available information that yo=
u are voluntarily making available to them=2C why do you care? I can't see =
how it could be at all criminal. Remembering that most privacy laws relate =
to information that YOU PROVIDE to an entity during an agreement for servic=
e=2C payment=2C etc. You are providing this information publicly and they a=
re collecting it from the public domain=2C not you giving it to them in an =
agreement=2C therefore the usual provisions of privacy etc don't apply. If =
you connect to their scraper node=2C of course they can log that. How could=
it possibly be criminal?
________________________________
From: odinn<mailto:odinn.cyberguerrilla@riseup.net>
Sent: =E2=80=8E23/=E2=80=8E03/=E2=80=8E2015 4:50 PM
To: Thy Shizzle<mailto:thyshizzle@outlook.com>
Cc: bitcoin-development@lists.sourceforge.net<mailto:bitcoin-development@li=
sts.sourceforge.net>
Subject: Re: [Bitcoin-development] Criminal complaints against "network dis=
ruption as a service" startups
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Back to what is Chainalysis and country of their origin=2C so criminal
complaints against them would likely relate to violation of Swiss
laws=2C as is described here:
https://bitcointalk.org/index.php?topic=3D978088.msg10774882#msg10774882
It is fairly obvious that Chainalysis is not merely doing what
blockchain.info etc. is. Let's not delude ourselves here.
As stated=2C it would be advisable for such a firm to cease operations=2C
and it would seem that plenty of polite shots over the bow have been
given to Chainalysis=2C which should now fold up its operation=2C pack its
bags=2C and go back to its hole before trying to serve its masters again
in another way. Etc.
Corporations similar to Chainalysis which are domiciled in other
countries which conduct collection of information in ways that violate
countries' laws (there are many countries and each have their own ways
of interpreting user privacy and what constitutes permissible breach
and in what circumstances) can indeed be held to legal standards that
may result in minimal or severe legal penalties. It is true that
analyzing information that is publicly available=2C such as that which
is in a library=2C is not illegal. But the act of surveillance is.
(Then there is the question of what sort of surveillance=2C targeted or
general=2C and whether it is limited to the bitcoin network or if it
moves beyond that to attempts to correlate with usernames=2C IDs=2C IPs=2C
and other information available on fora and apparent from services=2C
but I won't get into that here.) Even if you argue that the manner in
which you are performing your actions is not actually "surveillance=2C"
or you argue that it is "legally permissible=2C" someone else will
certainly come along and make a reasonable argument that you are
indeed engaging in illegal surveillance. They may even suggest to a
judge that you are in the process of constructing a botnet and demand
that your domains be seized=2C and may successfully obtain an ex parte
temporary restraining order (TRO) against Chainalysis and similar
corporations to have domain(s) seized. Any and all arguments may be
added in here=2C there are 196 countries in the world today - each with
their own unique laws - (maybe less by the time you read this) and a
shit-ton of possible legal arguments that can be made by creative
minds that might want to sue you if you have been surveilling people=2C
each different depending on where your surveillance corporation is
domiciled. There are plenty of legal processes available for people
to do exactly that. You are indeed subject to having that happen to
you if you continue to surveill the network even if you are doing so
on behalf of the state for the purpose of gathering information for a
state's compliance initiative.
So=2C don't delude yourself=2C and be happy if all that happens is your
little surveillance initiative has to close its doors (or gets sued if
it stays open). Because that is the legal side of things. The
extralegal stuff is far worse. The community is helping you by asking
you gently to close up shop and go away. It is a helpful suggestion
and I believe also a fair warning=2C again=2C a shot off the bow.
On the development side=2C developers are certainly responsible for
doing what they can to resist this kind of surveillance activity. But
I have a feeling that will be a different thread which is more
technical and so won't comment on it here=2C except to say it will
likely involve working toward giving the user an anonymity option
which can be exercised as part of any transaction.
Thy Shizzle:
> I don't believe that at all. Analyzing information publicly
> available is not illegal. Chainalysis or whatever you call it would
> be likened to observing who comes and feeds birds at the park
> everyday. You can sit in the park and observe who feeds the birds=2C
> just as you can connect to the Bitcoin P2P network and observe the
> blocks being formed into the chain and transactions etc. Unless
> there is some agreement taking place where it is specified that
> upon connecting to the Bitcoin P2P swarm you agree to a set of
> terms=2C however as every node is providing their own "entry" into
> the P2P swarm it becomes really up to the node providing the
> connection to uphold and enforce the terms of the agreement. If you
> allow people to connect to you without terms of agreement=2C you
> cannot cry foul when they record the data that passes through. To
> say Chainalysis needs to cease is silly=2C the whole point of the
> public blockchain is for Chainalysis=2C whether it be for the
> verification of transactions=2C research or otherwise.
>
> -----Original Message----- From: "odinn"
> <odinn.cyberguerrilla@riseup.net> Sent: =E2=80=8E23/=E2=80=8E03/=E2=80=8E=
2015 1:48 PM To:
> "bitcoin-development@lists.sourceforge.net"
> <bitcoin-development@lists.sourceforge.net> Subject: Re:
> [Bitcoin-development] Criminal complaints against "network
> disruption as a service" startups
>
> If you (e.g. Chainalysis) or anyone else are doing surveillance on
> the network and gathering information for later use=2C and whether or
> not the ultimate purpose is to divulge it to other parties for
> compliance purposes=2C you can bet that ultimately the tables will be
> turned on you=2C and you will be the one having your ass handed to
> you so to speak=2C before or after you are served=2C in legal parlance.
> Whether or not the outcome of that is meaningful and beneficial to
> any concerned parties and what is the upshot of it in the end
> depends on on what you do and just how far you decide to take your
> ill-advised enterprise.
>
> Chainalysis and similar operations would be=2C IMHO=2C well advised to
> cease operations. This doesn't mean they will=2C but guess what:
>
> Shot over the bow=2C folks.
>
> Jan M=C3=B8ller:
>> What we were trying to achieve was determining the flow of funds
>> between countries by figuring out which country a transaction
>> originates from. To do that with a certain accuracy you need
>> many nodes. We chose a class C IP range as we knew that bitcoin
>> core and others only connect to one node in any class C IP range.
>> We were not aware that breadwallet didn't follow this practice.
>> Breadwallet risked getting tar-pitted=2C but that was not our
>> intention and we are sorry about that.
>
>> Our nodes DID respond with valid blocks and merkle-blocks and
>> allowed everyone connecting to track the blockchain. We did
>> however not relay transactions. The 'service' bit in the version
>> message is not meant for telling whether or how the node relays
>> transactions=2C it tells whether you can ask for block headers only
>> or full blocks.
>
>> Many implementations enforce non standard rules for handling
>> transactions=3B some nodes ignore transactions with address reuse=2C
>> some nodes happily forward double spends=2C and some nodes forward
>> neither blocks not transactions. We did blocks but not
>> transactions.
>
>> In hindsight we should have done two things: 1. relay
>> transactions 2. advertise address from 'foreign' nodes
>
>> Both would have fixed the problems that breadwallet experienced.
>> My understanding is that breadwallet now has the same 'class C'
>> rule as bitcoind=2C which would also fix it.
>
>> Getting back on the topic of this thread and whether it is
>> illegal=2C your guess is as good as mine. I don't think it is
>> illegal to log incoming connections and make statistical analysis
>> on it. That would more or less incriminate anyone who runs a
>> web-server and looks into the access log. At lease one Bitcoin
>> service has been collecting IP addresses for years and given them
>> to anyone visiting their web-site (you know who) and I believe
>> that this practise is very wrong. We have no intention of giving
>> IP addresses away to anyone=2C but we believe that you are free to
>> make statistics on connection logs when nodes connect to you.
>
>> On a side note: When you make many connections to the network
>> you see lots of strange nodes and suspicious patterns. You can
>> be certain that we were not the only ones connected to many
>> nodes.
>
>> My takeaway from this: If nodes that do not relay transactions is
>> a problem then there is stuff to fix.
>
>> /Jan
>
>> On Fri=2C Mar 13=2C 2015 at 10:48 PM=2C Mike Hearn <mike@plan99.net>
>> wrote:
>
>>> That would be rather new and tricky legal territory.
>>>
>>> But even putting the legal issues to one side=2C there are
>>> definitional issues.
>>>
>>> For instance if the Chainalysis nodes started following the
>>> protocol specs better and became just regular nodes that
>>> happen to keep logs=2C would that still be a violation? If so=2C
>>> what about blockchain.info? It'd be shooting ourselves in the
>>> foot to try and forbid block explorers given how useful they
>>> are.
>>>
>>> If someone non-maliciously runs some nodes with debug logging
>>> turned on=2C and makes full system backups every night=2C and
>>> keeps those backups for years=2C are they in violation of
>>> whatever pseudo-law is involved?
>>>
>>> I think it's a bit early to think about these things right
>>> now. Michael Gr=C3=B8nager and Jan M=C3=B8ller have been Bitcoin hacker=
s
>>> for a long time. I'd be interested to know their thoughts on
>>> all of this.
>>>
>>>
>>> -----------------------------------------------------------------------=
-------
>>>
>>>
>
>>>
Dive into the World of Parallel Programming The Go Parallel Website=2C
>>> sponsored by Intel and developed in partnership with Slashdot
>>> Media=2C is your hub for all things parallel software
>>> development=2C from weekly thought leadership blogs to news=2C
>>> videos=2C case studies=2C tutorials and more. Take a look and join
>>> the conversation now. http://goparallel.sourceforge.net/
>>> _______________________________________________
>>> Bitcoin-development mailing list
>>> Bitcoin-development@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>>
>>>
>
>>>
>
>
>> ------------------------------------------------------------------------=
------
>
>>
>
> Dive into the World of Parallel Programming The Go Parallel
> Website=2C sponsored
>> by Intel and developed in partnership with Slashdot Media=2C is
>> your hub for all things parallel software development=2C from
>> weekly thought leadership blogs to news=2C videos=2C case studies=2C
>> tutorials and more. Take a look and join the conversation now.
>> http://goparallel.sourceforge.net/
>
>
>
>> _______________________________________________
>> Bitcoin-development mailing list
>> Bitcoin-development@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
>
> -------------------------------------------------------------------------=
-----
>
>
Dive into the World of Parallel Programming The Go Parallel Website=2C
sponsored
> by Intel and developed in partnership with Slashdot Media=2C is your
> hub for all things parallel software development=2C from weekly
> thought leadership blogs to news=2C videos=2C case studies=2C tutorials
> and more. Take a look and join the conversation now.
> http://goparallel.sourceforge.net/
> _______________________________________________ Bitcoin-development
> mailing list Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
- --
http://abis.io ~
"a protocol concept to enable decentralization
and expansion of a giving economy=2C and a new social good"
https://keybase.io/odinn
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCgAGBQJVD6mmAAoJEGxwq/inSG8CkLUH/iWvn7kp6KW2fe5RFca1eAmH
L+5P+kNDzMARIRt8A3CvopoQQMZx44aZ8pMdErUk+78A7oeP/x+scYEkSiXE17Iv
saBWv43mO+qFxgVrU7y+9njwLJoywHitBymhLGisi3hv+H7lfIMdPK2dLVThwxel
bVO0Ga8Y9qDYAwtK23yEOCT7klj5mT0tG50U4HxDpIXaJj8kCnVUC2O1MdYhr1pP
93cDuhBmXOg7sOLAPpdWVhgfnz0Vm8M0ZWUIK+4FGzpQugWHcmdp3YUDCeczOYzD
u5zVdAqvdL6qQcWkUcGfkKaAqfJH3u5F2zeQvDUEJeeEz1lWnrsXuT7cCvcp/TU=3D
=3D6io6
-----END PGP SIGNATURE-----
--_45dd4ad8-c5b7-4083-ab52-0387b89558a8_
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset="utf-8"
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html=3B charset=3Dutf-8">
</head>
<body>
<div>
<div style=3D"font-family: Calibri=2Csans-serif=3B font-size: 11pt=3B">Oh s=
o you're talking about the criminality of one single entity? So having a qu=
ick look=2C it seems that the issue is they are collecting IPs and that kin=
d of thing as well? So similar to what http://getaddr.bitnodes.io
is doing but without the funding from the bitcoin foundation? If you are w=
orried about your IP getting out you're behind a VPN. They can only collect=
the information made available to them. Botnets etc are completely differe=
nt because you are forcing control
over something you have no right to do. If companies want to sit there and=
collect publicly available information that you are voluntarily making ava=
ilable to them=2C why do you care? I can't see how it could be at all crimi=
nal. Remembering that most privacy
laws relate to information that YOU PROVIDE to an entity during an agreeme=
nt for service=2C payment=2C etc. You are providing this information public=
ly and they are collecting it from the public domain=2C not you giving it t=
o them in an agreement=2C therefore the
usual provisions of privacy etc don't apply. If you connect to their scrap=
er node=2C of course they can log that. How could it possibly be criminal?
</div>
</div>
<div dir=3D"ltr">
<hr>
<span style=3D"font-family: Calibri=2Csans-serif=3B font-size: 11pt=3B font=
-weight: bold=3B">From:
</span><span style=3D"font-family: Calibri=2Csans-serif=3B font-size: 11pt=
=3B"><a href=3D"mailto:odinn.cyberguerrilla@riseup.net">odinn</a></span><br=
>
<span style=3D"font-family: Calibri=2Csans-serif=3B font-size: 11pt=3B font=
-weight: bold=3B">Sent:
</span><span style=3D"font-family: Calibri=2Csans-serif=3B font-size: 11pt=
=3B">=E2=80=8E23/=E2=80=8E03/=E2=80=8E2015 4:50 PM</span><br>
<span style=3D"font-family: Calibri=2Csans-serif=3B font-size: 11pt=3B font=
-weight: bold=3B">To:
</span><span style=3D"font-family: Calibri=2Csans-serif=3B font-size: 11pt=
=3B"><a href=3D"mailto:thyshizzle@outlook.com">Thy Shizzle</a></span><br>
<span style=3D"font-family: Calibri=2Csans-serif=3B font-size: 11pt=3B font=
-weight: bold=3B">Cc:
</span><span style=3D"font-family: Calibri=2Csans-serif=3B font-size: 11pt=
=3B"><a href=3D"mailto:bitcoin-development@lists.sourceforge.net">bitcoin-d=
evelopment@lists.sourceforge.net</a></span><br>
<span style=3D"font-family: Calibri=2Csans-serif=3B font-size: 11pt=3B font=
-weight: bold=3B">Subject:
</span><span style=3D"font-family: Calibri=2Csans-serif=3B font-size: 11pt=
=3B">Re: [Bitcoin-development] Criminal complaints against "=3Bnetwork =
disruption as a service"=3B startups</span><br>
<br>
</div>
<div class=3D"BodyFragment">
<div class=3D"PlainText">-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA512<br>
<br>
Back to what is Chainalysis and country of their origin=2C so criminal<br>
complaints against them would likely relate to violation of Swiss<br>
laws=2C as is described here:<br>
<a href=3D"https://bitcointalk.org/index.php?topic=3D978088.msg10774882#msg=
10774882">https://bitcointalk.org/index.php?topic=3D978088.msg10774882#msg1=
0774882</a><br>
<br>
It is fairly obvious that Chainalysis is not merely doing what<br>
blockchain.info etc. is. Let's not delude ourselves here.<br>
<br>
As stated=2C it would be advisable for such a firm to cease operations=2C<b=
r>
and it would seem that plenty of polite shots over the bow have been<br>
given to Chainalysis=2C which should now fold up its operation=2C pack its<=
br>
bags=2C and go back to its hole before trying to serve its masters again<br=
>
in another way. Etc.<br>
<br>
Corporations similar to Chainalysis which are domiciled in other<br>
countries which conduct collection of information in ways that violate<br>
countries' laws (there are many countries and each have their own ways<br>
of interpreting user privacy and what constitutes permissible breach<br>
and in what circumstances) can indeed be held to legal standards that<br>
may result in minimal or severe legal penalties. =3B It is true that<br=
>
analyzing information that is publicly available=2C such as that which<br>
is in a library=2C is not illegal. But the act of surveillance is.<br>
(Then there is the question of what sort of surveillance=2C targeted or<br>
general=2C and whether it is limited to the bitcoin network or if it<br>
moves beyond that to attempts to correlate with usernames=2C IDs=2C IPs=2C<=
br>
and other information available on fora and apparent from services=2C<br>
but I won't get into that here.) =3B Even if you argue that the manner =
in<br>
which you are performing your actions is not actually "=3Bsurveillance=
=2C"=3B<br>
or you argue that it is "=3Blegally permissible=2C"=3B someone else=
will<br>
certainly come along and make a reasonable argument that you are<br>
indeed engaging in illegal surveillance. =3B They may even suggest to a=
<br>
judge that you are in the process of constructing a botnet and demand<br>
that your domains be seized=2C and may successfully obtain an ex parte<br>
temporary restraining order (TRO) against Chainalysis and similar<br>
corporations to have domain(s) seized. =3B Any and all arguments may be=
<br>
added in here=2C there are 196 countries in the world today - each with<br>
their own unique laws - (maybe less by the time you read this) and a<br>
shit-ton of possible legal arguments that can be made by creative<br>
minds that might want to sue you if you have been surveilling people=2C<br>
each different depending on where your surveillance corporation is<br>
domiciled. =3B There are plenty of legal processes available for people=
<br>
to do exactly that. =3B You are indeed subject to having that happen to=
<br>
you if you continue to surveill the network even if you are doing so<br>
on behalf of the state for the purpose of gathering information for a<br>
state's compliance initiative.<br>
<br>
So=2C don't delude yourself=2C and be happy if all that happens is your<br>
little surveillance initiative has to close its doors (or gets sued if<br>
it stays open). =3B Because that is the legal side of things. =3B T=
he<br>
extralegal stuff is far worse. =3B The community is helping you by aski=
ng<br>
you gently to close up shop and go away. It is a helpful suggestion<br>
and I believe also a fair warning=2C again=2C a shot off the bow.<br>
<br>
On the development side=2C developers are certainly responsible for<br>
doing what they can to resist this kind of surveillance activity. =3B B=
ut<br>
I have a feeling that will be a different thread which is more<br>
technical and so won't comment on it here=2C except to say it will<br>
likely involve working toward giving the user an anonymity option<br>
which can be exercised as part of any transaction.<br>
<br>
Thy Shizzle:<br>
>=3B I don't believe that at all. Analyzing information publicly<br>
>=3B available is not illegal. Chainalysis or whatever you call it would<=
br>
>=3B be likened to observing who comes and feeds birds at the park<br>
>=3B everyday. You can sit in the park and observe who feeds the birds=2C=
<br>
>=3B just as you can connect to the Bitcoin P2P network and observe the<b=
r>
>=3B blocks being formed into the chain and transactions etc. Unless<br>
>=3B there is some agreement taking place where it is specified that<br>
>=3B upon connecting to the Bitcoin P2P swarm you agree to a set of<br>
>=3B terms=2C however as every node is providing their own "=3Bentry&=
quot=3B into<br>
>=3B the P2P swarm it becomes really up to the node providing the<br>
>=3B connection to uphold and enforce the terms of the agreement. If you<=
br>
>=3B allow people to connect to you without terms of agreement=2C you<br>
>=3B cannot cry foul when they record the data that passes through. To<br=
>
>=3B say Chainalysis needs to cease is silly=2C the whole point of the<br=
>
>=3B public blockchain is for Chainalysis=2C whether it be for the<br>
>=3B verification of transactions=2C research or otherwise.<br>
>=3B <br>
>=3B -----Original Message----- From: "=3Bodinn"=3B<br>
>=3B <=3Bodinn.cyberguerrilla@riseup.net>=3B Sent: =E2=80=8E23/=E2=80=
=8E03/=E2=80=8E2015 1:48 PM To:<br>
>=3B "=3Bbitcoin-development@lists.sourceforge.net"=3B<br>
>=3B <=3Bbitcoin-development@lists.sourceforge.net>=3B Subject: Re:<b=
r>
>=3B [Bitcoin-development] Criminal complaints against "=3Bnetwork<br=
>
>=3B disruption as a service"=3B startups<br>
>=3B <br>
>=3B If you (e.g. Chainalysis) or anyone else are doing surveillance on<b=
r>
>=3B the network and gathering information for later use=2C and whether o=
r<br>
>=3B not the ultimate purpose is to divulge it to other parties for<br>
>=3B compliance purposes=2C you can bet that ultimately the tables will b=
e<br>
>=3B turned on you=2C and you will be the one having your ass handed to<b=
r>
>=3B you so to speak=2C before or after you are served=2C in legal parlan=
ce.<br>
>=3B Whether or not the outcome of that is meaningful and beneficial to<b=
r>
>=3B any concerned parties and what is the upshot of it in the end<br>
>=3B depends on on what you do and just how far you decide to take your<b=
r>
>=3B ill-advised enterprise.<br>
>=3B <br>
>=3B Chainalysis and similar operations would be=2C IMHO=2C well advised =
to <br>
>=3B cease operations. =3B This doesn't mean they will=2C but guess w=
hat:<br>
>=3B <br>
>=3B Shot over the bow=2C folks.<br>
>=3B <br>
>=3B Jan M=C3=B8ller:<br>
>=3B>=3B What we were trying to achieve was determining the flow of fun=
ds <br>
>=3B>=3B between countries by figuring out which country a transaction =
<br>
>=3B>=3B originates from. To do that with a certain accuracy you need<b=
r>
>=3B>=3B many nodes. We chose a class C IP range as we knew that bitcoi=
n<br>
>=3B>=3B core and others only connect to one node in any class C IP ran=
ge.<br>
>=3B>=3B We were not aware that breadwallet didn't follow this practice=
.<br>
>=3B>=3B Breadwallet risked getting tar-pitted=2C but that was not our<=
br>
>=3B>=3B intention and we are sorry about that.<br>
>=3B <br>
>=3B>=3B Our nodes DID respond with valid blocks and merkle-blocks and =
<br>
>=3B>=3B allowed everyone connecting to track the blockchain. We did<br=
>
>=3B>=3B however not relay transactions. The 'service' bit in the versi=
on<br>
>=3B>=3B message is not meant for telling whether or how the node relay=
s<br>
>=3B>=3B transactions=2C it tells whether you can ask for block headers=
only<br>
>=3B>=3B or full blocks.<br>
>=3B <br>
>=3B>=3B Many implementations enforce non standard rules for handling <=
br>
>=3B>=3B transactions=3B some nodes ignore transactions with address re=
use=2C <br>
>=3B>=3B some nodes happily forward double spends=2C and some nodes for=
ward <br>
>=3B>=3B neither blocks not transactions. We did blocks but not <br>
>=3B>=3B transactions.<br>
>=3B <br>
>=3B>=3B In hindsight we should have done two things: 1. relay<br>
>=3B>=3B transactions 2. advertise address from 'foreign' nodes<br>
>=3B <br>
>=3B>=3B Both would have fixed the problems that breadwallet experience=
d. <br>
>=3B>=3B My understanding is that breadwallet now has the same 'class C=
' <br>
>=3B>=3B rule as bitcoind=2C which would also fix it.<br>
>=3B <br>
>=3B>=3B Getting back on the topic of this thread and whether it is<br>
>=3B>=3B illegal=2C your guess is as good as mine. I don't think it is<=
br>
>=3B>=3B illegal to log incoming connections and make statistical analy=
sis<br>
>=3B>=3B on it. That would more or less incriminate anyone who runs a<b=
r>
>=3B>=3B web-server and looks into the access log. At lease one Bitcoin=
<br>
>=3B>=3B service has been collecting IP addresses for years and given t=
hem<br>
>=3B>=3B to anyone visiting their web-site (you know who) and I believe=
<br>
>=3B>=3B that this practise is very wrong. We have no intention of givi=
ng<br>
>=3B>=3B IP addresses away to anyone=2C but we believe that you are fre=
e to<br>
>=3B>=3B make statistics on connection logs when nodes connect to you.<=
br>
>=3B <br>
>=3B>=3B On a side note: When you make many connections to the network<=
br>
>=3B>=3B you see lots of strange nodes and suspicious patterns. You can=
<br>
>=3B>=3B be certain that we were not the only ones connected to many<br=
>
>=3B>=3B nodes.<br>
>=3B <br>
>=3B>=3B My takeaway from this: If nodes that do not relay transactions=
is<br>
>=3B>=3B a problem then there is stuff to fix.<br>
>=3B <br>
>=3B>=3B /Jan<br>
>=3B <br>
>=3B>=3B On Fri=2C Mar 13=2C 2015 at 10:48 PM=2C Mike Hearn <=3Bmike@=
plan99.net>=3B <br>
>=3B>=3B wrote:<br>
>=3B <br>
>=3B>=3B>=3B That would be rather new and tricky legal territory.<br>
>=3B>=3B>=3B <br>
>=3B>=3B>=3B But even putting the legal issues to one side=2C there a=
re <br>
>=3B>=3B>=3B definitional issues.<br>
>=3B>=3B>=3B <br>
>=3B>=3B>=3B For instance if the Chainalysis nodes started following =
the <br>
>=3B>=3B>=3B protocol specs better and became just regular nodes that=
<br>
>=3B>=3B>=3B happen to keep logs=2C would that still be a violation? =
If so=2C<br>
>=3B>=3B>=3B what about blockchain.info? It'd be shooting ourselves i=
n the<br>
>=3B>=3B>=3B foot to try and forbid block explorers given how useful =
they<br>
>=3B>=3B>=3B are.<br>
>=3B>=3B>=3B <br>
>=3B>=3B>=3B If someone non-maliciously runs some nodes with debug lo=
gging <br>
>=3B>=3B>=3B turned on=2C and makes full system backups every night=
=2C and<br>
>=3B>=3B>=3B keeps those backups for years=2C are they in violation o=
f<br>
>=3B>=3B>=3B whatever pseudo-law is involved?<br>
>=3B>=3B>=3B <br>
>=3B>=3B>=3B I think it's a bit early to think about these things rig=
ht<br>
>=3B>=3B>=3B now. Michael Gr=C3=B8nager and Jan M=C3=B8ller have been=
Bitcoin hackers<br>
>=3B>=3B>=3B for a long time. I'd be interested to know their thought=
s on<br>
>=3B>=3B>=3B all of this.<br>
>=3B>=3B>=3B <br>
>=3B>=3B>=3B <br>
>=3B>=3B>=3B --------------------------------------------------------=
----------------------<br>
>=3B>=3B>=3B<br>
>=3B>=3B>=3B<br>
>=3B<br>
>=3B>=3B>=3B <br>
Dive into the World of Parallel Programming The Go Parallel Website=2C<br>
>=3B>=3B>=3B sponsored by Intel and developed in partnership with Sla=
shdot <br>
>=3B>=3B>=3B Media=2C is your hub for all things parallel software<br=
>
>=3B>=3B>=3B development=2C from weekly thought leadership blogs to n=
ews=2C<br>
>=3B>=3B>=3B videos=2C case studies=2C tutorials and more. Take a loo=
k and join<br>
>=3B>=3B>=3B the conversation now. <a href=3D"http://goparallel.sourc=
eforge.net/">http://goparallel.sourceforge.net/</a>
<br>
>=3B>=3B>=3B _______________________________________________ <br>
>=3B>=3B>=3B Bitcoin-development mailing list <br>
>=3B>=3B>=3B Bitcoin-development@lists.sourceforge.net <br>
>=3B>=3B>=3B <a href=3D"https://lists.sourceforge.net/lists/listinfo/=
bitcoin-development">https://lists.sourceforge.net/lists/listinfo/bitcoin-d=
evelopment</a><br>
>=3B>=3B>=3B<br>
>=3B>=3B>=3B<br>
>=3B<br>
>=3B>=3B>=3B <br>
>=3B <br>
>=3B <br>
>=3B>=3B --------------------------------------------------------------=
----------------<br>
>=3B<br>
>=3B>=3B <br>
>=3B <br>
>=3B Dive into the World of Parallel Programming The Go Parallel<br>
>=3B Website=2C sponsored<br>
>=3B>=3B by Intel and developed in partnership with Slashdot Media=2C i=
s<br>
>=3B>=3B your hub for all things parallel software development=2C from<=
br>
>=3B>=3B weekly thought leadership blogs to news=2C videos=2C case stud=
ies=2C<br>
>=3B>=3B tutorials and more. Take a look and join the conversation now.=
<br>
>=3B>=3B <a href=3D"http://goparallel.sourceforge.net/">http://goparall=
el.sourceforge.net/</a><br>
>=3B <br>
>=3B <br>
>=3B <br>
>=3B>=3B _______________________________________________<br>
>=3B>=3B Bitcoin-development mailing list<br>
>=3B>=3B Bitcoin-development@lists.sourceforge.net <br>
>=3B>=3B <a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoi=
n-development">https://lists.sourceforge.net/lists/listinfo/bitcoin-develop=
ment</a><br>
>=3B <br>
>=3B <br>
>=3B <br>
>=3B --------------------------------------------------------------------=
----------<br>
>=3B<br>
>=3B <br>
Dive into the World of Parallel Programming The Go Parallel Website=2C<br>
sponsored<br>
>=3B by Intel and developed in partnership with Slashdot Media=2C is your=
<br>
>=3B hub for all things parallel software development=2C from weekly<br>
>=3B thought leadership blogs to news=2C videos=2C case studies=2C tutori=
als<br>
>=3B and more. Take a look and join the conversation now.<br>
>=3B <a href=3D"http://goparallel.sourceforge.net/">http://goparallel.sou=
rceforge.net/</a>
<br>
>=3B _______________________________________________ Bitcoin-development<=
br>
>=3B mailing list Bitcoin-development@lists.sourceforge.net <br>
>=3B <a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-deve=
lopment">https://lists.sourceforge.net/lists/listinfo/bitcoin-development</=
a><br>
>=3B <br>
<br>
- -- <br>
<a href=3D"http://abis.io">http://abis.io</a> ~<br>
"=3Ba protocol concept to enable decentralization<br>
and expansion of a giving economy=2C and a new social good"=3B<br>
<a href=3D"https://keybase.io/odinn">https://keybase.io/odinn</a><br>
-----BEGIN PGP SIGNATURE-----<br>
<br>
iQEcBAEBCgAGBQJVD6mmAAoJEGxwq/inSG8CkLUH/iWvn7kp6KW2fe5RFca1eAmH<br>
L+=3B5P+=3BkNDzMARIRt8A3CvopoQQMZx44aZ8pMdErUk+=3B78A7oeP/x+=3B=
scYEkSiXE17Iv<br>
saBWv43mO+=3BqFxgVrU7y+=3B9njwLJoywHitBymhLGisi3hv+=3BH7lfIMdPK2dL=
VThwxel<br>
bVO0Ga8Y9qDYAwtK23yEOCT7klj5mT0tG50U4HxDpIXaJj8kCnVUC2O1MdYhr1pP<br>
93cDuhBmXOg7sOLAPpdWVhgfnz0Vm8M0ZWUIK+=3B4FGzpQugWHcmdp3YUDCeczOYzD<br>
u5zVdAqvdL6qQcWkUcGfkKaAqfJH3u5F2zeQvDUEJeeEz1lWnrsXuT7cCvcp/TU=3D<br>
=3D6io6<br>
-----END PGP SIGNATURE-----<br>
</div>
</div>
</body>
</html>
--_45dd4ad8-c5b7-4083-ab52-0387b89558a8_--
|