Re: [Bitcoin-development] Criminal complaints against "network disruption as a service" startups

[odinn <odinn.cyberguerrilla@riseup.net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Shizzle's opinion, it would seem, is highly important.  I'm done here.

Thy Shizzle:
> Oh so you're talking about the criminality of one single entity? So
> having a quick look, it seems that the issue is they are collecting
> IPs and that kind of thing as well? So similar to what
> http://getaddr.bitnodes.io is doing but without the funding from
> the bitcoin foundation? If you are worried about your IP getting
> out you're behind a VPN. They can only collect the information made
> available to them. Botnets etc are completely different because you
> are forcing control over something you have no right to do. If
> companies want to sit there and collect publicly available
> information that you are voluntarily making available to them, why
> do you care? I can't see how it could be at all criminal.
> Remembering that most privacy laws relate to information that YOU
> PROVIDE to an entity during an agreement for service, payment, etc.
> You are providing this information publicly and they are collecting
> it from the public domain, not you giving it to them in an
> agreement, therefore the usual provisions of privacy etc don't
> apply. If you connect to their scraper node, of course they can log
> that. How could it possibly be criminal? 
> ________________________________ From:
> odinn<mailto:odinn.cyberguerrilla@riseup.net> Sent: ‎23/‎03/‎2015
> 4:50 PM To: Thy Shizzle<mailto:thyshizzle@outlook.com> Cc:
> bitcoin-development@lists.sourceforge.net<mailto:bitcoin-development@lists.sourceforge.net>
>
> 
Subject: Re: [Bitcoin-development] Criminal complaints against "network
disruption as a service" startups
> 
> Back to what is Chainalysis and country of their origin, so
> criminal complaints against them would likely relate to violation
> of Swiss laws, as is described here: 
> https://bitcointalk.org/index.php?topic=978088.msg10774882#msg10774882
>
>  It is fairly obvious that Chainalysis is not merely doing what 
> blockchain.info etc. is. Let's not delude ourselves here.
> 
> As stated, it would be advisable for such a firm to cease
> operations, and it would seem that plenty of polite shots over the
> bow have been given to Chainalysis, which should now fold up its
> operation, pack its bags, and go back to its hole before trying to
> serve its masters again in another way. Etc.
> 
> Corporations similar to Chainalysis which are domiciled in other 
> countries which conduct collection of information in ways that
> violate countries' laws (there are many countries and each have
> their own ways of interpreting user privacy and what constitutes
> permissible breach and in what circumstances) can indeed be held to
> legal standards that may result in minimal or severe legal
> penalties.  It is true that analyzing information that is publicly
> available, such as that which is in a library, is not illegal. But
> the act of surveillance is. (Then there is the question of what
> sort of surveillance, targeted or general, and whether it is
> limited to the bitcoin network or if it moves beyond that to
> attempts to correlate with usernames, IDs, IPs, and other
> information available on fora and apparent from services, but I
> won't get into that here.)  Even if you argue that the manner in 
> which you are performing your actions is not actually
> "surveillance," or you argue that it is "legally permissible,"
> someone else will certainly come along and make a reasonable
> argument that you are indeed engaging in illegal surveillance.
> They may even suggest to a judge that you are in the process of
> constructing a botnet and demand that your domains be seized, and
> may successfully obtain an ex parte temporary restraining order
> (TRO) against Chainalysis and similar corporations to have
> domain(s) seized.  Any and all arguments may be added in here,
> there are 196 countries in the world today - each with their own
> unique laws - (maybe less by the time you read this) and a shit-ton
> of possible legal arguments that can be made by creative minds that
> might want to sue you if you have been surveilling people, each
> different depending on where your surveillance corporation is 
> domiciled.  There are plenty of legal processes available for
> people to do exactly that.  You are indeed subject to having that
> happen to you if you continue to surveill the network even if you
> are doing so on behalf of the state for the purpose of gathering
> information for a state's compliance initiative.
> 
> So, don't delude yourself, and be happy if all that happens is
> your little surveillance initiative has to close its doors (or gets
> sued if it stays open).  Because that is the legal side of things.
> The extralegal stuff is far worse.  The community is helping you by
> asking you gently to close up shop and go away. It is a helpful
> suggestion and I believe also a fair warning, again, a shot off the
> bow.
> 
> On the development side, developers are certainly responsible for 
> doing what they can to resist this kind of surveillance activity.
> But I have a feeling that will be a different thread which is more 
> technical and so won't comment on it here, except to say it will 
> likely involve working toward giving the user an anonymity option 
> which can be exercised as part of any transaction.
> 
> Thy Shizzle:
>> I don't believe that at all. Analyzing information publicly 
>> available is not illegal. Chainalysis or whatever you call it
>> would be likened to observing who comes and feeds birds at the
>> park everyday. You can sit in the park and observe who feeds the
>> birds, just as you can connect to the Bitcoin P2P network and
>> observe the blocks being formed into the chain and transactions
>> etc. Unless there is some agreement taking place where it is
>> specified that upon connecting to the Bitcoin P2P swarm you agree
>> to a set of terms, however as every node is providing their own
>> "entry" into the P2P swarm it becomes really up to the node
>> providing the connection to uphold and enforce the terms of the
>> agreement. If you allow people to connect to you without terms of
>> agreement, you cannot cry foul when they record the data that
>> passes through. To say Chainalysis needs to cease is silly, the
>> whole point of the public blockchain is for Chainalysis, whether
>> it be for the verification of transactions, research or
>> otherwise.
> 
>> -----Original Message----- From: "odinn" 
>> <odinn.cyberguerrilla@riseup.net> Sent: ‎23/‎03/‎2015 1:48 PM
>> To: "bitcoin-development@lists.sourceforge.net" 
>> <bitcoin-development@lists.sourceforge.net> Subject: Re: 
>> [Bitcoin-development] Criminal complaints against "network 
>> disruption as a service" startups
> 
>> If you (e.g. Chainalysis) or anyone else are doing surveillance
>> on the network and gathering information for later use, and
>> whether or not the ultimate purpose is to divulge it to other
>> parties for compliance purposes, you can bet that ultimately the
>> tables will be turned on you, and you will be the one having your
>> ass handed to you so to speak, before or after you are served, in
>> legal parlance. Whether or not the outcome of that is meaningful
>> and beneficial to any concerned parties and what is the upshot of
>> it in the end depends on on what you do and just how far you
>> decide to take your ill-advised enterprise.
> 
>> Chainalysis and similar operations would be, IMHO, well advised
>> to cease operations.  This doesn't mean they will, but guess
>> what:
> 
>> Shot over the bow, folks.
> 
>> Jan Møller:
>>> What we were trying to achieve was determining the flow of
>>> funds between countries by figuring out which country a
>>> transaction originates from. To do that with a certain accuracy
>>> you need many nodes. We chose a class C IP range as we knew
>>> that bitcoin core and others only connect to one node in any
>>> class C IP range. We were not aware that breadwallet didn't
>>> follow this practice. Breadwallet risked getting tar-pitted,
>>> but that was not our intention and we are sorry about that.
> 
>>> Our nodes DID respond with valid blocks and merkle-blocks and 
>>> allowed everyone connecting to track the blockchain. We did 
>>> however not relay transactions. The 'service' bit in the
>>> version message is not meant for telling whether or how the
>>> node relays transactions, it tells whether you can ask for
>>> block headers only or full blocks.
> 
>>> Many implementations enforce non standard rules for handling 
>>> transactions; some nodes ignore transactions with address
>>> reuse, some nodes happily forward double spends, and some nodes
>>> forward neither blocks not transactions. We did blocks but not 
>>> transactions.
> 
>>> In hindsight we should have done two things: 1. relay 
>>> transactions 2. advertise address from 'foreign' nodes
> 
>>> Both would have fixed the problems that breadwallet
>>> experienced. My understanding is that breadwallet now has the
>>> same 'class C' rule as bitcoind, which would also fix it.
> 
>>> Getting back on the topic of this thread and whether it is 
>>> illegal, your guess is as good as mine. I don't think it is 
>>> illegal to log incoming connections and make statistical
>>> analysis on it. That would more or less incriminate anyone who
>>> runs a web-server and looks into the access log. At lease one
>>> Bitcoin service has been collecting IP addresses for years and
>>> given them to anyone visiting their web-site (you know who) and
>>> I believe that this practise is very wrong. We have no
>>> intention of giving IP addresses away to anyone, but we believe
>>> that you are free to make statistics on connection logs when
>>> nodes connect to you.
> 
>>> On a side note: When you make many connections to the network 
>>> you see lots of strange nodes and suspicious patterns. You can 
>>> be certain that we were not the only ones connected to many 
>>> nodes.
> 
>>> My takeaway from this: If nodes that do not relay transactions
>>> is a problem then there is stuff to fix.
> 
>>> /Jan
> 
>>> On Fri, Mar 13, 2015 at 10:48 PM, Mike Hearn <mike@plan99.net> 
>>> wrote:
> 
>>>> That would be rather new and tricky legal territory.
>>>> 
>>>> But even putting the legal issues to one side, there are 
>>>> definitional issues.
>>>> 
>>>> For instance if the Chainalysis nodes started following the 
>>>> protocol specs better and became just regular nodes that 
>>>> happen to keep logs, would that still be a violation? If so, 
>>>> what about blockchain.info? It'd be shooting ourselves in
>>>> the foot to try and forbid block explorers given how useful
>>>> they are.
>>>> 
>>>> If someone non-maliciously runs some nodes with debug
>>>> logging turned on, and makes full system backups every night,
>>>> and keeps those backups for years, are they in violation of 
>>>> whatever pseudo-law is involved?
>>>> 
>>>> I think it's a bit early to think about these things right 
>>>> now. Michael Grønager and Jan Møller have been Bitcoin
>>>> hackers for a long time. I'd be interested to know their
>>>> thoughts on all of this.
>>>> 
>>>> 
>>>> ------------------------------------------------------------------------------
>>>>
>>>>
>
>>>> 
>>>> 
> Dive into the World of Parallel Programming The Go Parallel
> Website,
>>>> sponsored by Intel and developed in partnership with
>>>> Slashdot Media, is your hub for all things parallel software 
>>>> development, from weekly thought leadership blogs to news, 
>>>> videos, case studies, tutorials and more. Take a look and
>>>> join the conversation now.
>>>> http://goparallel.sourceforge.net/ 
>>>> _______________________________________________ 
>>>> Bitcoin-development mailing list 
>>>> Bitcoin-development@lists.sourceforge.net 
>>>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>>>
>>>>
>
>>>> 
>>>> 
> 
> 
>>> ------------------------------------------------------------------------------
>
>>> 
>>> 
> 
>> Dive into the World of Parallel Programming The Go Parallel 
>> Website, sponsored
>>> by Intel and developed in partnership with Slashdot Media, is 
>>> your hub for all things parallel software development, from 
>>> weekly thought leadership blogs to news, videos, case studies, 
>>> tutorials and more. Take a look and join the conversation now. 
>>> http://goparallel.sourceforge.net/
> 
> 
> 
>>> _______________________________________________ 
>>> Bitcoin-development mailing list 
>>> Bitcoin-development@lists.sourceforge.net 
>>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>>> 
> 
> 
>> ------------------------------------------------------------------------------
>
>> 
> 
> Dive into the World of Parallel Programming The Go Parallel
> Website, sponsored
>> by Intel and developed in partnership with Slashdot Media, is
>> your hub for all things parallel software development, from
>> weekly thought leadership blogs to news, videos, case studies,
>> tutorials and more. Take a look and join the conversation now. 
>> http://goparallel.sourceforge.net/ 
>> _______________________________________________
>> Bitcoin-development mailing list
>> Bitcoin-development@lists.sourceforge.net 
>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
> 
> 
> 

- -- 
http://abis.io ~
"a protocol concept to enable decentralization
and expansion of a giving economy, and a new social good"
https://keybase.io/odinn
-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJVD7aKAAoJEGxwq/inSG8C4KsIAIu5atra8Y9R9oejNryjMQkz
UOVORw3y0eD8yaAiJJQzJjmNE6UXC92R3gM3KtQoQchSQ6RhyhZUZkzCY7k2Ug08
8UZnxjgAHCwScGUSgpDu2hcGDtC+Csa1EKOExjCxYCBlVRI+cCJqxIm9d7vGDi4V
R1y57xtKtussJxhZKVjIxothkHtSy5HuaKdKLfI7ikoBAerOVY7bGCxE+drUr4OO
Sgxe94M8z/ecFk3h37ZhuL2P+mNAlCKQkW592628XC0bXN8iT2vW7MnB3BLEBzvb
TeWFYUFjs5v09B6Cw6LQWFGKdFwLGganybeEqoKNfzrihEAa19PFsRWHPStMUCM=
=JnJQ
-----END PGP SIGNATURE-----