From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 0BD968AD for ; Fri, 7 Aug 2015 18:53:26 +0000 (UTC) X-Greylist: delayed 00:06:40 by SQLgrey-1.7.6 Received: from gproxy6-pub.mail.unifiedlayer.com (gproxy6-pub.mail.unifiedlayer.com [67.222.39.168]) by smtp1.linuxfoundation.org (Postfix) with SMTP id 305FA10A for ; Fri, 7 Aug 2015 18:53:24 +0000 (UTC) Received: (qmail 17518 invoked by uid 0); 7 Aug 2015 18:46:44 -0000 Received: from unknown (HELO CMOut01) (10.0.90.82) by gproxy6.mail.unifiedlayer.com with SMTP; 7 Aug 2015 18:46:44 -0000 Received: from just118.justhost.com ([173.254.28.118]) by CMOut01 with id 1umd1r01P2Yu7hZ01umgh1; Fri, 07 Aug 2015 12:46:43 -0600 X-Authority-Analysis: v=2.1 cv=NJxGpSKg c=1 sm=1 tr=0 a=iBV2HUWW4UcJ4JmVcQBhJA==:117 a=BY8XqHikAAAA:8 a=f5113yIGAAAA:8 a=7ihtSbDYAAAA:8 a=dXeZ1uqweWsA:10 a=IkcTkHD0fZMA:10 a=sTMQGeZHAJUA:10 a=JMHYQVG13d8A:10 a=uRRa74qj2VoA:10 a=s4HnjaPbsndlj-lAI0MA:9 a=x4DOchwY-bSQl89T:21 a=_16RloYJvFmk_5lV:21 a=QEXdDO2ut3YA:10 Received: from localhost ([127.0.0.1]:52207 helo=just118.justhost.com) by just118.justhost.com with esmtpa (Exim 4.84) (envelope-from ) id 1ZNmf8-0004Ak-D9 for bitcoin-dev@lists.linuxfoundation.org; Fri, 07 Aug 2015 12:46:38 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Date: Fri, 07 Aug 2015 12:46:36 -0600 From: wei@openbitcoinprivacyproject.org To: bitcoin-dev@lists.linuxfoundation.org Message-ID: X-Sender: wei@openbitcoinprivacyproject.org User-Agent: Roundcube Webmail/1.0.5 X-Identified-User: {7507:just118.justhost.com:stacksn1:openbitcoinprivacyproject.org} {sentby:smtp auth 127.0.0.1 authed with wei@openbitcoinprivacyproject.org} X-Spam-Status: No, score=-0.0 required=5.0 tests=BAYES_40,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [bitcoin-dev] Open Bitcoin Privacy Protect Privacy Questionnaire, Mid-Year 2015 report X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Aug 2015 18:53:26 -0000 Hi, Hope it is OK to post this on the list, was not sure where else to post for answers from Bitcoin-Qt client developers. As part of the Open Bitcoin Privacy Project’s ongoing wallet privacy measurement efforts, we’ve selected the Bitcoin-Qt client v0.11.0 for inclusion into our 2015 mid year survey. While our volunteers will be performing a series of functional tests by interacting with your application directly, several of the features we’d like to examine are not easily discernible by non-developers, and for this reason we’re asking for your help. If you can answer the following questions about your wallet’s behavior it will assist us with the process of accurately rating your wallet’s privacy features. Transaction Formatting 1. Does your application take any steps to create ambiguity between transactions which unavoidably spend from multiple addresses at the same time and intentional mixing transactions? 2. What algorithms does your application use for ordering inputs and outputs in a transaction? In particular, how do you handle the change output and do you take into account common practices of other wallet applications when determining ordering? 3. Does your application minimize the harmful effects of address reuse by spending every spendable input (“sweeping”) from an address when a transaction is created? 4. Does your application fully implement BIP 62? Mixing 5. If your application supports mixing: a. What is the average number of participants a user can expect to interact with on a typical join transaction? b. Does your application attempt to construct join transactions in a way that avoids distinguishing them from non-join transactions? c. Does your application perform any kind of reversibility analysis on join transactions prior to presenting them to the user for confirmation? d. Is the mixing technique employed secure against correlation attacks by the facilitator, such as a CoinJoin server or off-chain mixing service? e. Is the mixing technique employed secure against theft of funds by the facilitator or its participants? Donations 6. If your application has a fee or donation to the developers feature: a. What steps do you take to make the donations indistinguishable from regular spend in terms of output sizes and destination addresses? Balance Queries and Tx Broadcasting 7. Please describe how your application obtains balance information in terms of how queries from the user’s device can reveal a connection between the addresses in their wallet. a. Does the application keep a complete copy of the blockchain locally (full node)? b. Does the user’s device provide a filter which matches some fraction of the blockchain while providing a false positive rate (bloom or prefix filters)? i. If so, approximately what fraction of the blockchain does the filter match in a default configuration (0% - 100%)? c. Does the user’s device query all of their addresses at the same time? d. Does the user’s device query addresses individually in a manner that does not allow the query responder to correlate queries for different addresses? e. Can users opt to obtain their balance information via Tor (or equivalent means)? 8. Does the applications route outgoing transactions independently from the manner in which it obtains balance information? Can users opt to have their transactions submitted to the Bitcoin network via Tor (or an equivalent means) independently of how they obtain their balance information? 9. If your application supports multiple identities/wallets, does each one connect to the network as if it were completely independent from the other? a. Does the application ever request balance information for addresses belonging to multiple identities in the same network query? b. Are outgoing transactions from multiple identities routed independently of each other to the Bitcoin network? c. When an identity/wallet is deleted, does the deletion process eliminate all evidence from the user's device that the wallet was previously installed? Network Privacy 10. When a user performs a backup operation for their wallet, does this generate any automatic network activity, such as a web query or email? 11. Does your application perform any lookup external to the user’s device related to identifying transaction senders or recipients? 12. Does you application connect to known endpoints which would be visible to an ISP, such as your domain? 13. If your application connects directly to nodes in the Bitcoin P2P network, does it either use an unremarkable user agent string (Bitcoin Core. BitcoinJ, etc), or randomize its user agent on each connection? Physical Access 14. Does the application uninstall process for your application eliminate all evidence from the user's device that the application was previously installed? Does it also eliminate wallet data? 15. Does your application use techniques such as steganography to store persistent wallet metadata in a form not identifiable as belong to a Bitcoin wallet application? 16. Please describe the degree to which users can use passwords/PINs to protect their data: a. Can the user set a password/PIN to protect their private keys? b. Can the user set a password/PIN to protect their public keys and balance information? c. Can the user set a password/PIN to encrypt other wallet metadata, such as address books and transaction notes? d. Does the application use a single password/PIN to cover all protected data, or does it allow the use of multiple passwords/PINs? Custodianship 17. Do you as a wallet provider ever have access to unencrypted copies of the user’s private keys, public keys, or any other wallet metadata which may be used to associate a user with their transactions or balances? Telemetry Data 18. If your application reports telemetry data, such as usage information or automatic crash reporting, does the user have the opportunity to review and approve all information transmitted before it is sent? Source Code and Building 19. Can a user of your application compile the application themselves in a manner that produces a binary version identical to the version you distribute (deterministic build system)? Thank you for assisting us with this effort to measure privacy progress in the Bitcoin wallet space. If at all possible, please return this survey before 2015/08/13 to ensure the score for your application will be as accurate as possible. Sincerely, Wei Open Bitcoin Privacy Project Contributor