From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1YZw7N-0000EE-Aa for bitcoin-development@lists.sourceforge.net; Mon, 23 Mar 2015 06:45:45 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of riseup.net designates 198.252.153.129 as permitted sender) client-ip=198.252.153.129; envelope-from=odinn.cyberguerrilla@riseup.net; helo=mx1.riseup.net; Received: from mx1.riseup.net ([198.252.153.129]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.76) id 1YZw7K-0002zb-RG for bitcoin-development@lists.sourceforge.net; Mon, 23 Mar 2015 06:45:45 +0000 Received: from berryeater.riseup.net (berryeater-pn.riseup.net [10.0.1.120]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK)) by mx1.riseup.net (Postfix) with ESMTPS id B6FB340CF1; Mon, 23 Mar 2015 06:45:36 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (Authenticated sender: odinn.cyberguerrilla) with ESMTPSA id 555B64200E Message-ID: <550FB68B.2030902@riseup.net> Date: Mon, 23 Mar 2015 06:45:31 +0000 From: odinn MIME-Version: 1.0 To: Thy Shizzle References: In-Reply-To: Content-Type: text/plain; charset=utf-8 X-Virus-Scanned: clamav-milter 0.98.6 at mx1 X-Virus-Status: Clean Content-Transfer-Encoding: quoted-printable X-Spam-Score: -1.4 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [198.252.153.129 listed in list.dnswl.org] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -0.0 SPF_PASS SPF: sender matches SPF record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines X-Headers-End: 1YZw7K-0002zb-RG Cc: bitcoin-development@lists.sourceforge.net Subject: Re: [Bitcoin-development] Criminal complaints against "network disruption as a service" startups X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Mar 2015 06:45:45 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Shizzle's opinion, it would seem, is highly important. I'm done here. Thy Shizzle: > Oh so you're talking about the criminality of one single entity? So > having a quick look, it seems that the issue is they are collecting > IPs and that kind of thing as well? So similar to what > http://getaddr.bitnodes.io is doing but without the funding from > the bitcoin foundation? If you are worried about your IP getting > out you're behind a VPN. They can only collect the information made > available to them. Botnets etc are completely different because you > are forcing control over something you have no right to do. If > companies want to sit there and collect publicly available > information that you are voluntarily making available to them, why > do you care? I can't see how it could be at all criminal. > Remembering that most privacy laws relate to information that YOU > PROVIDE to an entity during an agreement for service, payment, etc. > You are providing this information publicly and they are collecting > it from the public domain, not you giving it to them in an > agreement, therefore the usual provisions of privacy etc don't > apply. If you connect to their scraper node, of course they can log > that. How could it possibly be criminal?=20 > ________________________________ From: > odinn Sent: =E2=80=8E23/=E2=80=8E= 03/=E2=80=8E2015 > 4:50 PM To: Thy Shizzle Cc: > bitcoin-development@lists.sourceforge.net > >=20 Subject: Re: [Bitcoin-development] Criminal complaints against "network disruption as a service" startups >=20 > Back to what is Chainalysis and country of their origin, so > criminal complaints against them would likely relate to violation > of Swiss laws, as is described here:=20 > https://bitcointalk.org/index.php?topic=3D978088.msg10774882#msg1077488= 2 > > It is fairly obvious that Chainalysis is not merely doing what=20 > blockchain.info etc. is. Let's not delude ourselves here. >=20 > As stated, it would be advisable for such a firm to cease > operations, and it would seem that plenty of polite shots over the > bow have been given to Chainalysis, which should now fold up its > operation, pack its bags, and go back to its hole before trying to > serve its masters again in another way. Etc. >=20 > Corporations similar to Chainalysis which are domiciled in other=20 > countries which conduct collection of information in ways that > violate countries' laws (there are many countries and each have > their own ways of interpreting user privacy and what constitutes > permissible breach and in what circumstances) can indeed be held to > legal standards that may result in minimal or severe legal > penalties. It is true that analyzing information that is publicly > available, such as that which is in a library, is not illegal. But > the act of surveillance is. (Then there is the question of what > sort of surveillance, targeted or general, and whether it is > limited to the bitcoin network or if it moves beyond that to > attempts to correlate with usernames, IDs, IPs, and other > information available on fora and apparent from services, but I > won't get into that here.) Even if you argue that the manner in=20 > which you are performing your actions is not actually > "surveillance," or you argue that it is "legally permissible," > someone else will certainly come along and make a reasonable > argument that you are indeed engaging in illegal surveillance. > They may even suggest to a judge that you are in the process of > constructing a botnet and demand that your domains be seized, and > may successfully obtain an ex parte temporary restraining order > (TRO) against Chainalysis and similar corporations to have > domain(s) seized. Any and all arguments may be added in here, > there are 196 countries in the world today - each with their own > unique laws - (maybe less by the time you read this) and a shit-ton > of possible legal arguments that can be made by creative minds that > might want to sue you if you have been surveilling people, each > different depending on where your surveillance corporation is=20 > domiciled. There are plenty of legal processes available for > people to do exactly that. You are indeed subject to having that > happen to you if you continue to surveill the network even if you > are doing so on behalf of the state for the purpose of gathering > information for a state's compliance initiative. >=20 > So, don't delude yourself, and be happy if all that happens is > your little surveillance initiative has to close its doors (or gets > sued if it stays open). Because that is the legal side of things. > The extralegal stuff is far worse. The community is helping you by > asking you gently to close up shop and go away. It is a helpful > suggestion and I believe also a fair warning, again, a shot off the > bow. >=20 > On the development side, developers are certainly responsible for=20 > doing what they can to resist this kind of surveillance activity. > But I have a feeling that will be a different thread which is more=20 > technical and so won't comment on it here, except to say it will=20 > likely involve working toward giving the user an anonymity option=20 > which can be exercised as part of any transaction. >=20 > Thy Shizzle: >> I don't believe that at all. Analyzing information publicly=20 >> available is not illegal. Chainalysis or whatever you call it >> would be likened to observing who comes and feeds birds at the >> park everyday. You can sit in the park and observe who feeds the >> birds, just as you can connect to the Bitcoin P2P network and >> observe the blocks being formed into the chain and transactions >> etc. Unless there is some agreement taking place where it is >> specified that upon connecting to the Bitcoin P2P swarm you agree >> to a set of terms, however as every node is providing their own >> "entry" into the P2P swarm it becomes really up to the node >> providing the connection to uphold and enforce the terms of the >> agreement. If you allow people to connect to you without terms of >> agreement, you cannot cry foul when they record the data that >> passes through. To say Chainalysis needs to cease is silly, the >> whole point of the public blockchain is for Chainalysis, whether >> it be for the verification of transactions, research or >> otherwise. >=20 >> -----Original Message----- From: "odinn"=20 >> Sent: =E2=80=8E23/=E2=80=8E03/=E2=80= =8E2015 1:48 PM >> To: "bitcoin-development@lists.sourceforge.net"=20 >> Subject: Re:=20 >> [Bitcoin-development] Criminal complaints against "network=20 >> disruption as a service" startups >=20 >> If you (e.g. Chainalysis) or anyone else are doing surveillance >> on the network and gathering information for later use, and >> whether or not the ultimate purpose is to divulge it to other >> parties for compliance purposes, you can bet that ultimately the >> tables will be turned on you, and you will be the one having your >> ass handed to you so to speak, before or after you are served, in >> legal parlance. Whether or not the outcome of that is meaningful >> and beneficial to any concerned parties and what is the upshot of >> it in the end depends on on what you do and just how far you >> decide to take your ill-advised enterprise. >=20 >> Chainalysis and similar operations would be, IMHO, well advised >> to cease operations. This doesn't mean they will, but guess >> what: >=20 >> Shot over the bow, folks. >=20 >> Jan M=C3=B8ller: >>> What we were trying to achieve was determining the flow of >>> funds between countries by figuring out which country a >>> transaction originates from. To do that with a certain accuracy >>> you need many nodes. We chose a class C IP range as we knew >>> that bitcoin core and others only connect to one node in any >>> class C IP range. We were not aware that breadwallet didn't >>> follow this practice. Breadwallet risked getting tar-pitted, >>> but that was not our intention and we are sorry about that. >=20 >>> Our nodes DID respond with valid blocks and merkle-blocks and=20 >>> allowed everyone connecting to track the blockchain. We did=20 >>> however not relay transactions. The 'service' bit in the >>> version message is not meant for telling whether or how the >>> node relays transactions, it tells whether you can ask for >>> block headers only or full blocks. >=20 >>> Many implementations enforce non standard rules for handling=20 >>> transactions; some nodes ignore transactions with address >>> reuse, some nodes happily forward double spends, and some nodes >>> forward neither blocks not transactions. We did blocks but not=20 >>> transactions. >=20 >>> In hindsight we should have done two things: 1. relay=20 >>> transactions 2. advertise address from 'foreign' nodes >=20 >>> Both would have fixed the problems that breadwallet >>> experienced. My understanding is that breadwallet now has the >>> same 'class C' rule as bitcoind, which would also fix it. >=20 >>> Getting back on the topic of this thread and whether it is=20 >>> illegal, your guess is as good as mine. I don't think it is=20 >>> illegal to log incoming connections and make statistical >>> analysis on it. That would more or less incriminate anyone who >>> runs a web-server and looks into the access log. At lease one >>> Bitcoin service has been collecting IP addresses for years and >>> given them to anyone visiting their web-site (you know who) and >>> I believe that this practise is very wrong. We have no >>> intention of giving IP addresses away to anyone, but we believe >>> that you are free to make statistics on connection logs when >>> nodes connect to you. >=20 >>> On a side note: When you make many connections to the network=20 >>> you see lots of strange nodes and suspicious patterns. You can=20 >>> be certain that we were not the only ones connected to many=20 >>> nodes. >=20 >>> My takeaway from this: If nodes that do not relay transactions >>> is a problem then there is stuff to fix. >=20 >>> /Jan >=20 >>> On Fri, Mar 13, 2015 at 10:48 PM, Mike Hearn =20 >>> wrote: >=20 >>>> That would be rather new and tricky legal territory. >>>>=20 >>>> But even putting the legal issues to one side, there are=20 >>>> definitional issues. >>>>=20 >>>> For instance if the Chainalysis nodes started following the=20 >>>> protocol specs better and became just regular nodes that=20 >>>> happen to keep logs, would that still be a violation? If so,=20 >>>> what about blockchain.info? It'd be shooting ourselves in >>>> the foot to try and forbid block explorers given how useful >>>> they are. >>>>=20 >>>> If someone non-maliciously runs some nodes with debug >>>> logging turned on, and makes full system backups every night, >>>> and keeps those backups for years, are they in violation of=20 >>>> whatever pseudo-law is involved? >>>>=20 >>>> I think it's a bit early to think about these things right=20 >>>> now. Michael Gr=C3=B8nager and Jan M=C3=B8ller have been Bitcoin >>>> hackers for a long time. I'd be interested to know their >>>> thoughts on all of this. >>>>=20 >>>>=20 >>>> --------------------------------------------------------------------= ---------- >>>> >>>> > >>>>=20 >>>>=20 > Dive into the World of Parallel Programming The Go Parallel > Website, >>>> sponsored by Intel and developed in partnership with >>>> Slashdot Media, is your hub for all things parallel software=20 >>>> development, from weekly thought leadership blogs to news,=20 >>>> videos, case studies, tutorials and more. Take a look and >>>> join the conversation now. >>>> http://goparallel.sourceforge.net/=20 >>>> _______________________________________________=20 >>>> Bitcoin-development mailing list=20 >>>> Bitcoin-development@lists.sourceforge.net=20 >>>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development >>>> >>>> > >>>>=20 >>>>=20 >=20 >=20 >>> ---------------------------------------------------------------------= --------- > >>>=20 >>>=20 >=20 >> Dive into the World of Parallel Programming The Go Parallel=20 >> Website, sponsored >>> by Intel and developed in partnership with Slashdot Media, is=20 >>> your hub for all things parallel software development, from=20 >>> weekly thought leadership blogs to news, videos, case studies,=20 >>> tutorials and more. Take a look and join the conversation now.=20 >>> http://goparallel.sourceforge.net/ >=20 >=20 >=20 >>> _______________________________________________=20 >>> Bitcoin-development mailing list=20 >>> Bitcoin-development@lists.sourceforge.net=20 >>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development > >>>=20 >=20 >=20 >> ----------------------------------------------------------------------= -------- > >>=20 >=20 > Dive into the World of Parallel Programming The Go Parallel > Website, sponsored >> by Intel and developed in partnership with Slashdot Media, is >> your hub for all things parallel software development, from >> weekly thought leadership blogs to news, videos, case studies, >> tutorials and more. Take a look and join the conversation now.=20 >> http://goparallel.sourceforge.net/=20 >> _______________________________________________ >> Bitcoin-development mailing list >> Bitcoin-development@lists.sourceforge.net=20 >> https://lists.sourceforge.net/lists/listinfo/bitcoin-development >=20 >=20 >=20 - --=20 http://abis.io ~ "a protocol concept to enable decentralization and expansion of a giving economy, and a new social good" https://keybase.io/odinn -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJVD7aKAAoJEGxwq/inSG8C4KsIAIu5atra8Y9R9oejNryjMQkz UOVORw3y0eD8yaAiJJQzJjmNE6UXC92R3gM3KtQoQchSQ6RhyhZUZkzCY7k2Ug08 8UZnxjgAHCwScGUSgpDu2hcGDtC+Csa1EKOExjCxYCBlVRI+cCJqxIm9d7vGDi4V R1y57xtKtussJxhZKVjIxothkHtSy5HuaKdKLfI7ikoBAerOVY7bGCxE+drUr4OO Sgxe94M8z/ecFk3h37ZhuL2P+mNAlCKQkW592628XC0bXN8iT2vW7MnB3BLEBzvb TeWFYUFjs5v09B6Cw6LQWFGKdFwLGganybeEqoKNfzrihEAa19PFsRWHPStMUCM=3D =3DJnJQ -----END PGP SIGNATURE-----