š
Original date posted:2014-12-08
š Original message:> >
> > [As an aside I agree that there are lots of things to improve here,
> > but the fact that users can in theory be forced off of tor via DOS
> > attacks is not immediately concerning to me because its a conscious
> > choice users would make to abandon their privacy
>
>
> Bitcoin already has a large population of users who have little or no
> technical skill, it wouldn't surprise me at all if it was found to be the
> clear majority by now. Assuming success and growth in future, very few
> users will make any decisions at all about their privacy, they will just
> accept the defaults. In such a world no consumer wallet is going to
> directly expose Tor to end users - if used at all it'll just be used behind
> the scenes. So automated fallback or control over exits would be a concern
> for such wallets.
>
In order to get more synergy between Bitcoin users of varying skill
levels, my suggestion would be a cleaner separation between technical
mechanisms and policies (possibly suitable for users without technical
skills).
Core development would mean providing suitable mechanisms by which it
is possible to run Bitcoin on different constraints. This may include
ways to handle attacks specific to the Tor/Bitcoin combination.
People who like to research what is possible with the protocol can
then experiment on how these mechanisms can be used in order to
mitigate these attacks.
Finally, distributors of consumer wallets can use this research in
order to distribute their wallet with policies which may be less prone
to Tor-specific attacks. Or leave this out altogether if their
audience has different expectations for connecting to Bitcoin.
The tricky part is probably to figure out what is the greatest common
denominator of what keeps Bitcoin stable and running while still
leaving room for customized policies. But I think that separating
concerns like this is better than letting a debate about how to
mitigate certain Tor-related attacks evolve towards a debate about Tor
or not Tor.
> My gut feeling about this stuff has changed over time. I don't think it'd
> be a great idea to tie Bitcoin to Tor too deeply, convenient though its
> infrastructure is. Most apps don't need a whole lot of onion routing - a
> small amount built in to the p2p layer would be sufficient. Tor is huge,
> complicated and could be a liability in future.
>
I think it would be very interesting to explore alternatives for
Tor. But at this point, completely abandoning Tor would mean that
users either have to agree to have their transactions correlated to
their IP address, or to trust their transactions to a third party
where they are not subject to the security guarantees Bitcoin's
logic can provide anymore. In my opinion, it's a rather huge
sacrifice.
What I find interesting, however, is that a lot of suggestions I see
with respect to attacks related to Tor/Bitcoin (including my own)
involve some kind of extra effort required for Tor users on Bitcoin in
order to protect themselves against these attacks. So, it may be
interesting to explore if it is viable to think of Tor's privacy
guarantees as coming for free. Going from there, if it cannot be
guaranteed to work completely for free, the question would be to what
extent the required extra effort should be a shared effort of the
network, and to what extent users requiring the improved privacy
should use their own resources in order to make it possible.
Best regards,
Isidor
Isidor Zeuner [ARCHIVE] /
npub1wzā¦2jvxz
2023-06-07 15:27:39
in reply to nevent1qā¦8t0y
Author Public Key
npub1wz2sm8h4ylh9dn28688vjzwrmhaxnh3jl04p8jk3qeq7umwf8cus72jvxzPublished at
2023-06-07 15:27:39Event JSON
{
"id": "9c778fe6f116b5a468456b305ff297ceed552f3f3e8718603469acdce9462ca2",
"pubkey": "70950d9ef527ee56cd47d1cec909c3ddfa69de32fbea13cad10641ee6dc93e39",
"created_at": 1686151659,
"kind": 1,
"tags": [
[
"e",
"aa6f4a583b3a6686edd3886328939a36834ecf395b67c0a67ebdec900123a41a",
"",
"root"
],
[
"e",
"bccee982894c9ee8b5478a8cc8de9af7edc3a5707af15c288ded621676ad1f04",
"",
"reply"
],
[
"p",
"70950d9ef527ee56cd47d1cec909c3ddfa69de32fbea13cad10641ee6dc93e39"
]
],
"content": "š
Original date posted:2014-12-08\nš Original message:\u003e \u003e\n\u003e \u003e [As an aside I agree that there are lots of things to improve here,\n\u003e \u003e but the fact that users can in theory be forced off of tor via DOS\n\u003e \u003e attacks is not immediately concerning to me because its a conscious\n\u003e \u003e choice users would make to abandon their privacy\n\u003e\n\u003e\n\u003e Bitcoin already has a large population of users who have little or no\n\u003e technical skill, it wouldn't surprise me at all if it was found to be the\n\u003e clear majority by now. Assuming success and growth in future, very few\n\u003e users will make any decisions at all about their privacy, they will just\n\u003e accept the defaults. In such a world no consumer wallet is going to\n\u003e directly expose Tor to end users - if used at all it'll just be used behind\n\u003e the scenes. So automated fallback or control over exits would be a concern\n\u003e for such wallets.\n\u003e\n\nIn order to get more synergy between Bitcoin users of varying skill\nlevels, my suggestion would be a cleaner separation between technical\nmechanisms and policies (possibly suitable for users without technical\nskills).\n\nCore development would mean providing suitable mechanisms by which it\nis possible to run Bitcoin on different constraints. This may include\nways to handle attacks specific to the Tor/Bitcoin combination.\n\nPeople who like to research what is possible with the protocol can\nthen experiment on how these mechanisms can be used in order to\nmitigate these attacks.\n\nFinally, distributors of consumer wallets can use this research in\norder to distribute their wallet with policies which may be less prone\nto Tor-specific attacks. Or leave this out altogether if their\naudience has different expectations for connecting to Bitcoin.\n\nThe tricky part is probably to figure out what is the greatest common\ndenominator of what keeps Bitcoin stable and running while still\nleaving room for customized policies. But I think that separating\nconcerns like this is better than letting a debate about how to\nmitigate certain Tor-related attacks evolve towards a debate about Tor\nor not Tor.\n\n\u003e My gut feeling about this stuff has changed over time. I don't think it'd\n\u003e be a great idea to tie Bitcoin to Tor too deeply, convenient though its\n\u003e infrastructure is. Most apps don't need a whole lot of onion routing - a\n\u003e small amount built in to the p2p layer would be sufficient. Tor is huge,\n\u003e complicated and could be a liability in future.\n\u003e\n\nI think it would be very interesting to explore alternatives for\nTor. But at this point, completely abandoning Tor would mean that\nusers either have to agree to have their transactions correlated to\ntheir IP address, or to trust their transactions to a third party\nwhere they are not subject to the security guarantees Bitcoin's\nlogic can provide anymore. In my opinion, it's a rather huge\nsacrifice.\n\nWhat I find interesting, however, is that a lot of suggestions I see\nwith respect to attacks related to Tor/Bitcoin (including my own)\ninvolve some kind of extra effort required for Tor users on Bitcoin in\norder to protect themselves against these attacks. So, it may be\ninteresting to explore if it is viable to think of Tor's privacy\nguarantees as coming for free. Going from there, if it cannot be\nguaranteed to work completely for free, the question would be to what\nextent the required extra effort should be a shared effort of the\nnetwork, and to what extent users requiring the improved privacy\nshould use their own resources in order to make it possible.\n\nBest regards,\n\nIsidor",
"sig": "dee5cb9d1ec4e82e2e3d653a875bbe9bf946283ab89c7618d5488181f9db6e69e9d492a0008c215df88506660ea79010cd99f4c8992528b3f7d0da9488c18a04"
}