From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1V48cf-0006hc-Ub for bitcoin-development@lists.sourceforge.net; Tue, 30 Jul 2013 12:01:50 +0000 X-ACL-Warn: Received: from mail-we0-f171.google.com ([74.125.82.171]) by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1V48ce-0008RX-0O for bitcoin-development@lists.sourceforge.net; Tue, 30 Jul 2013 12:01:49 +0000 Received: by mail-we0-f171.google.com with SMTP id q55so5007987wes.16 for ; Tue, 30 Jul 2013 05:01:41 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=sender:date:from:to:message-id:subject:x-mailer:mime-version :content-type:x-gm-message-state; bh=H7I4SyEs6Wdowc1WAzHS5katzFSslx5bVi8KS65meHQ=; b=F28OUjA7EJz2M55y5huPyikQi2N/wAx5XgyN/ODljDfQS5Jf1tLm22D9uHJy4DLnKz QQFRCf/oxcdXvCfzXZoAJ1ql5rFOEqtksD0F2dvTDjCedeWdPcbElOUhXpEebnQjIsAT jyVNqHWGOpVN0cYxi0MUHfRkzhR8wHbY/g2krY7dDd01Y1UccINa4Hqc3zSyJoY98lHW SMBOk0Sv5uj0qPHu/WsMf2GyJqQJ6nBOIuBD6Q8MmmHLVPDTMR7+4C70k+acWz/Vkj+S vP8NW+Li4YdxGAH7SyW6wx5SstzTKY6DJC/WWN8viBcKqo8/Li+VQp0dKYPovx4YIS4H ONBw== X-Received: by 10.194.110.39 with SMTP id hx7mr45741829wjb.4.1375185701649; Tue, 30 Jul 2013 05:01:41 -0700 (PDT) Received: from [10.0.1.6] (dynamic-78-8-156-39.ssp.dialog.net.pl. [78.8.156.39]) by mx.google.com with ESMTPSA id s19sm28027435wik.11.2013.07.30.05.01.40 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Tue, 30 Jul 2013 05:01:40 -0700 (PDT) Sender: Bazyli Zygan Date: Tue, 30 Jul 2013 14:01:39 +0200 From: Bazyli Zygan To: Bitcoin Dev Message-ID: X-Mailer: sparrow 1.6.4 (build 1178) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="51f7ab23_532c34a5_c6" X-Gm-Message-State: ALoCoQkzSlUGk9Wr3fNCmUlHGHo5WtFs5Qd5dVyKctEzSumARmPwpfXI5OAqjG5ssCkgrQcWeT8F X-Spam-Score: 1.0 (+) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 1.0 HTML_MESSAGE BODY: HTML included in message X-Headers-End: 1V48ce-0008RX-0O Subject: [Bitcoin-development] Tor and Bitcoin X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Jul 2013 12:01:50 -0000 --51f7ab23_532c34a5_c6 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Content-Disposition: inline Hi everyone, We at Hive had plans to make our wallet proxy through Tor by default. When it became apparent that this was not presently possible because bitcoinj lacks SOCKS support, it opened a minor discussion suggesting that this is perhaps not advisable practice for SPV wallets in the first place. To quote Mike Hearn: > I think you have to be careful with Tor and Bitcoin. It isn't a no-brainer move. Virtually all people today don't have hacked internet connections. However when you connect outbound from Tor you have to pretty much assume your traffic is being packet logged and sometimes automatically MITMd by exit nodes, which in turn means you can be transparently connected to a sybil network. If you connect to a hidden service the issue is less problematic because you're authenticating the connection and can pick peers you have reason to believe are independent. > > Whilst it's unlikely an attacker would actually try to auto-sybil SPV connections made out of a Tor exit node, if they did, they could make the person connecting out believe in fake pending/unconfirmed transactions. For instance if you're meeting with someone to do a currency trade and you happen to run an exit node that has a lot of bandwidth and an exit policy that allows only Bitcoin, there's a chance the other persons Tor client will pick your exit. You can then swap the cash, give them a fake transaction and when it doesn't confirm, apologise and say you can't wait and have to go. Walk out with the cash and it'll take a while for the victim to realize that the transaction never did actually get broadcast at all, it was just an illusion. > > (this scenario worries me for mobile clients but instead of tor, the issue is an attacker controlled open wifi hotspot). > > I think to support Tor really well [in bitcoinj], we'd need not only to make SOCKS work, but also add a way to use hidden peers and then try and come up with an anti-sybil heuristic. Unfortunately it's unclear what such a heuristic would look like. Bitcoin-Qt uses different /16s as a rule of thumb when on the clearnet, but no such technique is usable on Tor because by definition you aren't supposed to know anything about the hidden peers. While the scenario outlined seems unlikely, it's best to be prepared... What do you all think? How can this be done properly? As we said to Mike, if Thailand has actually made Bitcoin illegal, then packet filtering may not be far off for certain regions, and it would nice to be proactive and prepared. At the moment, Thailand already has cruder, URL-based filtering... But vendors like Cisco are no doubt constantly selling them on the virtues of more advanced censorship technologies. Gregory Maxwell is the person who wrote the hidden service support for bitcoind, right? It might be interesting to get his comments here. /b grabhive.com (http://grabhive.com) | twitter.com/grabhive (http://twitter.com/grabhive) | gpg: A1D5047E --51f7ab23_532c34a5_c6 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline
Hi everyone,

We at Hive had plans to make our w= allet proxy through Tor by default. When it became apparent that this was= not presently possible because bitcoinj lacks SOCKS support, it opened a= minor discussion suggesting that this is perhaps not advisable practice = for SPV wallets in the first place. To quote Mike Hearn:

I think you have to be c= areful with Tor and Bitcoin. It isn't a no-brainer move. Virtually all pe= ople today don't have hacked internet connections. However when you conne= ct outbound from Tor you have to pretty much assume your traffic is being= packet logged and sometimes automatically MITMd by exit nodes, which in = turn means you can be transparently connected to a sybil network. If you = connect to a hidden service the issue is less problematic because you're = authenticating the connection and can pick peers you have reason to belie= ve are independent.

Whilst it's unlikely an attacker would actuall= y try to auto-sybil SPV connections made out of a Tor exit node, if they = did, they could make the person connecting out believe in fake pending/un= confirmed transactions. =46or instance if you're meeting with someone to = do a currency trade and you happen to run an exit node that has a lot of = bandwidth and an exit policy that allows only Bitcoin, there's a chance t= he other persons Tor client will pick your exit. You can then swap the ca= sh, give them a fake transaction and when it doesn't confirm, apologise a= nd say you can't wait and have to go. Walk out with the cash and it'll ta= ke a while for the victim to realize that the transaction never did actua= lly get broadcast at all, it was just an illusion.

(this scenario = worries me for mobile clients but instead of tor, the issue is an attacke= r controlled open wifi hotspot).

I think to support Tor really wel= l =5Bin bitcoinj=5D, we'd need not only to make SOCKS work, but also add = a way to use hidden peers and then try and come up with an anti-sybil heu= ristic. Unfortunately it's unclear what such a heuristic would look like.= Bitcoin-Qt uses different /16s as a rule of thumb when on the clearnet, = but no such technique is usable on Tor because by definition you aren't s= upposed to know anything about the hidden peers.

While t= he scenario outlined seems unlikely, it's best to be prepared... What do = you all think=3F How can this be done properly=3F

As we said to Mike, if Thailand has actually made Bit= coin illegal, then packet filtering may not be far off for certain region= s, and it would nice to be proactive and prepared. At the moment, Thailan= d already has cruder, URL-based filtering... But vendors like Cisco are n= o doubt constantly selling them on the virtues of more advanced censorshi= p technologies.

Gregory Maxwel= l is the person who wrote the hidden service support for bitcoind, right=3F= It might be interesting to get his comments here.

/b

grabhive.com =7C twitter.com/grabhive =7C&n= bsp;gpg: A1D5047E

--51f7ab23_532c34a5_c6--