From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1YZvGF-0005kK-Fv for bitcoin-development@lists.sourceforge.net; Mon, 23 Mar 2015 05:50:51 +0000 Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of riseup.net designates 198.252.153.129 as permitted sender) client-ip=198.252.153.129; envelope-from=odinn.cyberguerrilla@riseup.net; helo=mx1.riseup.net; Received: from mx1.riseup.net ([198.252.153.129]) by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.76) id 1YZvGD-0008Jh-Hr for bitcoin-development@lists.sourceforge.net; Mon, 23 Mar 2015 05:50:51 +0000 Received: from berryeater.riseup.net (berryeater-pn.riseup.net [10.0.1.120]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK)) by mx1.riseup.net (Postfix) with ESMTPS id 6FE39417B7; Mon, 23 Mar 2015 05:50:43 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (Authenticated sender: odinn.cyberguerrilla) with ESMTPSA id 57BF640E10 Message-ID: <550FA9A8.6050302@riseup.net> Date: Mon, 23 Mar 2015 05:50:32 +0000 From: odinn MIME-Version: 1.0 To: Thy Shizzle References: In-Reply-To: Content-Type: text/plain; charset=utf-8 X-Virus-Scanned: clamav-milter 0.98.6 at mx1 X-Virus-Status: Clean Content-Transfer-Encoding: quoted-printable X-Spam-Score: -1.4 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [198.252.153.129 listed in list.dnswl.org] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -0.0 SPF_PASS SPF: sender matches SPF record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines X-Headers-End: 1YZvGD-0008Jh-Hr Cc: bitcoin-development@lists.sourceforge.net Subject: Re: [Bitcoin-development] Criminal complaints against "network disruption as a service" startups X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Mar 2015 05:50:51 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Back to what is Chainalysis and country of their origin, so criminal complaints against them would likely relate to violation of Swiss laws, as is described here: https://bitcointalk.org/index.php?topic=3D978088.msg10774882#msg10774882 It is fairly obvious that Chainalysis is not merely doing what blockchain.info etc. is. Let's not delude ourselves here. As stated, it would be advisable for such a firm to cease operations, and it would seem that plenty of polite shots over the bow have been given to Chainalysis, which should now fold up its operation, pack its bags, and go back to its hole before trying to serve its masters again in another way. Etc. Corporations similar to Chainalysis which are domiciled in other countries which conduct collection of information in ways that violate countries' laws (there are many countries and each have their own ways of interpreting user privacy and what constitutes permissible breach and in what circumstances) can indeed be held to legal standards that may result in minimal or severe legal penalties. It is true that analyzing information that is publicly available, such as that which is in a library, is not illegal. But the act of surveillance is. (Then there is the question of what sort of surveillance, targeted or general, and whether it is limited to the bitcoin network or if it moves beyond that to attempts to correlate with usernames, IDs, IPs, and other information available on fora and apparent from services, but I won't get into that here.) Even if you argue that the manner in which you are performing your actions is not actually "surveillance," or you argue that it is "legally permissible," someone else will certainly come along and make a reasonable argument that you are indeed engaging in illegal surveillance. They may even suggest to a judge that you are in the process of constructing a botnet and demand that your domains be seized, and may successfully obtain an ex parte temporary restraining order (TRO) against Chainalysis and similar corporations to have domain(s) seized. Any and all arguments may be added in here, there are 196 countries in the world today - each with their own unique laws - (maybe less by the time you read this) and a shit-ton of possible legal arguments that can be made by creative minds that might want to sue you if you have been surveilling people, each different depending on where your surveillance corporation is domiciled. There are plenty of legal processes available for people to do exactly that. You are indeed subject to having that happen to you if you continue to surveill the network even if you are doing so on behalf of the state for the purpose of gathering information for a state's compliance initiative. So, don't delude yourself, and be happy if all that happens is your little surveillance initiative has to close its doors (or gets sued if it stays open). Because that is the legal side of things. The extralegal stuff is far worse. The community is helping you by asking you gently to close up shop and go away. It is a helpful suggestion and I believe also a fair warning, again, a shot off the bow. On the development side, developers are certainly responsible for doing what they can to resist this kind of surveillance activity. But I have a feeling that will be a different thread which is more technical and so won't comment on it here, except to say it will likely involve working toward giving the user an anonymity option which can be exercised as part of any transaction. Thy Shizzle: > I don't believe that at all. Analyzing information publicly > available is not illegal. Chainalysis or whatever you call it would > be likened to observing who comes and feeds birds at the park > everyday. You can sit in the park and observe who feeds the birds, > just as you can connect to the Bitcoin P2P network and observe the > blocks being formed into the chain and transactions etc. Unless > there is some agreement taking place where it is specified that > upon connecting to the Bitcoin P2P swarm you agree to a set of > terms, however as every node is providing their own "entry" into > the P2P swarm it becomes really up to the node providing the > connection to uphold and enforce the terms of the agreement. If you > allow people to connect to you without terms of agreement, you > cannot cry foul when they record the data that passes through. To > say Chainalysis needs to cease is silly, the whole point of the > public blockchain is for Chainalysis, whether it be for the > verification of transactions, research or otherwise. >=20 > -----Original Message----- From: "odinn" > Sent: =E2=80=8E23/=E2=80=8E03/=E2=80=8E= 2015 1:48 PM To: > "bitcoin-development@lists.sourceforge.net" > Subject: Re: > [Bitcoin-development] Criminal complaints against "network > disruption as a service" startups >=20 > If you (e.g. Chainalysis) or anyone else are doing surveillance on > the network and gathering information for later use, and whether or > not the ultimate purpose is to divulge it to other parties for > compliance purposes, you can bet that ultimately the tables will be > turned on you, and you will be the one having your ass handed to > you so to speak, before or after you are served, in legal parlance. > Whether or not the outcome of that is meaningful and beneficial to > any concerned parties and what is the upshot of it in the end > depends on on what you do and just how far you decide to take your > ill-advised enterprise. >=20 > Chainalysis and similar operations would be, IMHO, well advised to=20 > cease operations. This doesn't mean they will, but guess what: >=20 > Shot over the bow, folks. >=20 > Jan M=C3=B8ller: >> What we were trying to achieve was determining the flow of funds=20 >> between countries by figuring out which country a transaction=20 >> originates from. To do that with a certain accuracy you need >> many nodes. We chose a class C IP range as we knew that bitcoin >> core and others only connect to one node in any class C IP range. >> We were not aware that breadwallet didn't follow this practice. >> Breadwallet risked getting tar-pitted, but that was not our >> intention and we are sorry about that. >=20 >> Our nodes DID respond with valid blocks and merkle-blocks and=20 >> allowed everyone connecting to track the blockchain. We did >> however not relay transactions. The 'service' bit in the version >> message is not meant for telling whether or how the node relays >> transactions, it tells whether you can ask for block headers only >> or full blocks. >=20 >> Many implementations enforce non standard rules for handling=20 >> transactions; some nodes ignore transactions with address reuse,=20 >> some nodes happily forward double spends, and some nodes forward=20 >> neither blocks not transactions. We did blocks but not=20 >> transactions. >=20 >> In hindsight we should have done two things: 1. relay >> transactions 2. advertise address from 'foreign' nodes >=20 >> Both would have fixed the problems that breadwallet experienced.=20 >> My understanding is that breadwallet now has the same 'class C'=20 >> rule as bitcoind, which would also fix it. >=20 >> Getting back on the topic of this thread and whether it is >> illegal, your guess is as good as mine. I don't think it is >> illegal to log incoming connections and make statistical analysis >> on it. That would more or less incriminate anyone who runs a >> web-server and looks into the access log. At lease one Bitcoin >> service has been collecting IP addresses for years and given them >> to anyone visiting their web-site (you know who) and I believe >> that this practise is very wrong. We have no intention of giving >> IP addresses away to anyone, but we believe that you are free to >> make statistics on connection logs when nodes connect to you. >=20 >> On a side note: When you make many connections to the network >> you see lots of strange nodes and suspicious patterns. You can >> be certain that we were not the only ones connected to many >> nodes. >=20 >> My takeaway from this: If nodes that do not relay transactions is >> a problem then there is stuff to fix. >=20 >> /Jan >=20 >> On Fri, Mar 13, 2015 at 10:48 PM, Mike Hearn =20 >> wrote: >=20 >>> That would be rather new and tricky legal territory. >>>=20 >>> But even putting the legal issues to one side, there are=20 >>> definitional issues. >>>=20 >>> For instance if the Chainalysis nodes started following the=20 >>> protocol specs better and became just regular nodes that >>> happen to keep logs, would that still be a violation? If so, >>> what about blockchain.info? It'd be shooting ourselves in the >>> foot to try and forbid block explorers given how useful they >>> are. >>>=20 >>> If someone non-maliciously runs some nodes with debug logging=20 >>> turned on, and makes full system backups every night, and >>> keeps those backups for years, are they in violation of >>> whatever pseudo-law is involved? >>>=20 >>> I think it's a bit early to think about these things right >>> now. Michael Gr=C3=B8nager and Jan M=C3=B8ller have been Bitcoin hack= ers >>> for a long time. I'd be interested to know their thoughts on >>> all of this. >>>=20 >>>=20 >>> ---------------------------------------------------------------------= --------- >>> >>> > >>>=20 Dive into the World of Parallel Programming The Go Parallel Website, >>> sponsored by Intel and developed in partnership with Slashdot=20 >>> Media, is your hub for all things parallel software >>> development, from weekly thought leadership blogs to news, >>> videos, case studies, tutorials and more. Take a look and join >>> the conversation now. http://goparallel.sourceforge.net/=20 >>> _______________________________________________=20 >>> Bitcoin-development mailing list=20 >>> Bitcoin-development@lists.sourceforge.net=20 >>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development >>> >>> > >>>=20 >=20 >=20 >> ----------------------------------------------------------------------= -------- > >>=20 >=20 > Dive into the World of Parallel Programming The Go Parallel > Website, sponsored >> by Intel and developed in partnership with Slashdot Media, is >> your hub for all things parallel software development, from >> weekly thought leadership blogs to news, videos, case studies, >> tutorials and more. Take a look and join the conversation now.=20 >> http://goparallel.sourceforge.net/ >=20 >=20 >=20 >> _______________________________________________ >> Bitcoin-development mailing list >> Bitcoin-development@lists.sourceforge.net=20 >> https://lists.sourceforge.net/lists/listinfo/bitcoin-development >=20 >=20 >=20 > -----------------------------------------------------------------------= ------- > >=20 Dive into the World of Parallel Programming The Go Parallel Website, sponsored > by Intel and developed in partnership with Slashdot Media, is your > hub for all things parallel software development, from weekly > thought leadership blogs to news, videos, case studies, tutorials > and more. Take a look and join the conversation now. > http://goparallel.sourceforge.net/=20 > _______________________________________________ Bitcoin-development > mailing list Bitcoin-development@lists.sourceforge.net=20 > https://lists.sourceforge.net/lists/listinfo/bitcoin-development >=20 - --=20 http://abis.io ~ "a protocol concept to enable decentralization and expansion of a giving economy, and a new social good" https://keybase.io/odinn -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJVD6mmAAoJEGxwq/inSG8CkLUH/iWvn7kp6KW2fe5RFca1eAmH L+5P+kNDzMARIRt8A3CvopoQQMZx44aZ8pMdErUk+78A7oeP/x+scYEkSiXE17Iv saBWv43mO+qFxgVrU7y+9njwLJoywHitBymhLGisi3hv+H7lfIMdPK2dLVThwxel bVO0Ga8Y9qDYAwtK23yEOCT7klj5mT0tG50U4HxDpIXaJj8kCnVUC2O1MdYhr1pP 93cDuhBmXOg7sOLAPpdWVhgfnz0Vm8M0ZWUIK+4FGzpQugWHcmdp3YUDCeczOYzD u5zVdAqvdL6qQcWkUcGfkKaAqfJH3u5F2zeQvDUEJeeEz1lWnrsXuT7cCvcp/TU=3D =3D6io6 -----END PGP SIGNATURE-----