đź“… Original date posted:2015-08-07
đź“ť Original message:Hi,
Hope it is OK to post this on the list, was not sure where else to post
for answers from Bitcoin-Qt client developers.
As part of the Open Bitcoin Privacy Project’s ongoing wallet privacy
measurement efforts, we’ve selected the Bitcoin-Qt client v0.11.0 for
inclusion into our 2015 mid year survey.
While our volunteers will be performing a series of functional tests by
interacting with your application directly, several of the features we’d
like to examine are not easily discernible by non-developers, and for
this reason we’re asking for your help.
If you can answer the following questions about your wallet’s behavior
it will assist us with the process of accurately rating your wallet’s
privacy features.
Transaction Formatting
1. Does your application take any steps to create ambiguity between
transactions which unavoidably spend from multiple addresses at the same
time and intentional mixing transactions?
2. What algorithms does your application use for ordering inputs and
outputs in a transaction? In particular, how do you handle the change
output and do you take into account common practices of other wallet
applications when determining ordering?
3. Does your application minimize the harmful effects of address reuse
by spending every spendable input (“sweeping”) from an address when a
transaction is created?
4. Does your application fully implement BIP 62?
Mixing
5. If your application supports mixing:
a. What is the average number of participants a user can expect to
interact with on a typical join transaction?
b. Does your application attempt to construct join transactions in a way
that avoids distinguishing them from non-join transactions?
c. Does your application perform any kind of reversibility analysis on
join transactions prior to presenting them to the user for confirmation?
d. Is the mixing technique employed secure against correlation attacks
by the facilitator, such as a CoinJoin server or off-chain mixing
service?
e. Is the mixing technique employed secure against theft of funds by the
facilitator or its participants?
Donations
6. If your application has a fee or donation to the developers feature:
a. What steps do you take to make the donations indistinguishable from
regular spend in terms of output sizes and destination addresses?
Balance Queries and Tx Broadcasting
7. Please describe how your application obtains balance information in
terms of how queries from the user’s device can reveal a connection
between the addresses in their wallet.
a. Does the application keep a complete copy of the blockchain locally
(full node)?
b. Does the user’s device provide a filter which matches some fraction
of the blockchain while providing a false positive rate (bloom or prefix
filters)?
i. If so, approximately what fraction of the blockchain does the filter
match in a default configuration (0% - 100%)?
c. Does the user’s device query all of their addresses at the same time?
d. Does the user’s device query addresses individually in a manner that
does not allow the query responder to correlate queries for different
addresses?
e. Can users opt to obtain their balance information via Tor (or
equivalent means)?
8. Does the applications route outgoing transactions independently from
the manner in which it obtains balance information? Can users opt to
have their transactions submitted to the Bitcoin network via Tor (or an
equivalent means) independently of how they obtain their balance
information?
9. If your application supports multiple identities/wallets, does each
one connect to the network as if it were completely independent from the
other?
a. Does the application ever request balance information for addresses
belonging to multiple identities in the same network query?
b. Are outgoing transactions from multiple identities routed
independently of each other to the Bitcoin network?
c. When an identity/wallet is deleted, does the deletion process
eliminate all evidence from the user's device that the wallet was
previously installed?
Network Privacy
10. When a user performs a backup operation for their wallet, does this
generate any automatic network activity, such as a web query or email?
11. Does your application perform any lookup external to the user’s
device related to identifying transaction senders or recipients?
12. Does you application connect to known endpoints which would be
visible to an ISP, such as your domain?
13. If your application connects directly to nodes in the Bitcoin P2P
network, does it either use an unremarkable user agent string (Bitcoin
Core. BitcoinJ, etc), or randomize its user agent on each connection?
Physical Access
14. Does the application uninstall process for your application
eliminate all evidence from the user's device that the application was
previously installed? Does it also eliminate wallet data?
15. Does your application use techniques such as steganography to store
persistent wallet metadata in a form not identifiable as belong to a
Bitcoin wallet application?
16. Please describe the degree to which users can use passwords/PINs to
protect their data:
a. Can the user set a password/PIN to protect their private keys?
b. Can the user set a password/PIN to protect their public keys and
balance information?
c. Can the user set a password/PIN to encrypt other wallet metadata,
such as address books and transaction notes?
d. Does the application use a single password/PIN to cover all protected
data, or does it allow the use of multiple passwords/PINs?
Custodianship
17. Do you as a wallet provider ever have access to unencrypted copies
of the user’s private keys, public keys, or any other wallet metadata
which may be used to associate a user with their transactions or
balances?
Telemetry Data
18. If your application reports telemetry data, such as usage
information or automatic crash reporting, does the user have the
opportunity to review and approve all information transmitted before it
is sent?
Source Code and Building
19. Can a user of your application compile the application themselves in
a manner that produces a binary version identical to the version you
distribute (deterministic build system)?
Thank you for assisting us with this effort to measure privacy progress
in the Bitcoin wallet space. If at all possible, please return this
survey before 2015/08/13 to ensure the score for your application will
be as accurate as possible.
Sincerely,
Wei
Open Bitcoin Privacy Project Contributor
wei at openbitcoinprivacyproject.org [ARCHIVE] /
npub1zx…d86r6
2023-06-07 17:34:12
in reply to nevent1q…lhn7
Author Public Key
npub1zxv9lm5ve8prfv4td003fjjqe0pv4rf9ngcu04e0fwa035msw2eqvd86r6Published at
2023-06-07 17:34:12Event JSON
{
"id": "8be19dbd52c8e22bcf56bd3052e61e349b7b32a44df87c4c16aa7e4f8f983b93",
"pubkey": "11985fee8cc9c234b2ab6bdf14ca40cbc2ca8d259a31c7d72f4bbaf8d37072b2",
"created_at": 1686159252,
"kind": 1,
"tags": [
[
"e",
"f120eaec36582cb5bec2d076d480f2da4d83e939c8b34aa41fe69718bf16536c",
"",
"reply"
],
[
"p",
"a23dbf6c6cc83e14cc3df4e56cc71845f611908084cfe620e83e40c06ccdd3d0"
]
],
"content": "📅 Original date posted:2015-08-07\n📝 Original message:Hi,\n\nHope it is OK to post this on the list, was not sure where else to post \nfor answers from Bitcoin-Qt client developers.\n\nAs part of the Open Bitcoin Privacy Project’s ongoing wallet privacy \nmeasurement efforts, we’ve selected the Bitcoin-Qt client v0.11.0 for \ninclusion into our 2015 mid year survey.\n\nWhile our volunteers will be performing a series of functional tests by \ninteracting with your application directly, several of the features we’d \nlike to examine are not easily discernible by non-developers, and for \nthis reason we’re asking for your help.\n\nIf you can answer the following questions about your wallet’s behavior \nit will assist us with the process of accurately rating your wallet’s \nprivacy features.\n\n\tTransaction Formatting\n\n1.\tDoes your application take any steps to create ambiguity between \ntransactions which unavoidably spend from multiple addresses at the same \ntime and intentional mixing transactions?\n2.\tWhat algorithms does your application use for ordering inputs and \noutputs in a transaction? In particular, how do you handle the change \noutput and do you take into account common practices of other wallet \napplications when determining ordering?\n3.\tDoes your application minimize the harmful effects of address reuse \nby spending every spendable input (“sweeping”) from an address when a \ntransaction is created?\n4.\tDoes your application fully implement BIP 62?\n\nMixing\n\n5.\tIf your application supports mixing:\na.\tWhat is the average number of participants a user can expect to \ninteract with on a typical join transaction?\nb.\tDoes your application attempt to construct join transactions in a way \nthat avoids distinguishing them from non-join transactions?\nc.\tDoes your application perform any kind of reversibility analysis on \njoin transactions prior to presenting them to the user for confirmation?\nd.\tIs the mixing technique employed secure against correlation attacks \nby the facilitator, such as a CoinJoin server or off-chain mixing \nservice?\ne.\tIs the mixing technique employed secure against theft of funds by the \nfacilitator or its participants?\n\nDonations\n\n6.\tIf your application has a fee or donation to the developers feature:\na.\tWhat steps do you take to make the donations indistinguishable from \nregular spend in terms of output sizes and destination addresses?\n\nBalance Queries and Tx Broadcasting\n\n7.\tPlease describe how your application obtains balance information in \nterms of how queries from the user’s device can reveal a connection \nbetween the addresses in their wallet.\na.\tDoes the application keep a complete copy of the blockchain locally \n(full node)?\nb.\tDoes the user’s device provide a filter which matches some fraction \nof the blockchain while providing a false positive rate (bloom or prefix \nfilters)?\ni.\tIf so, approximately what fraction of the blockchain does the filter \nmatch in a default configuration (0% - 100%)?\nc.\tDoes the user’s device query all of their addresses at the same time?\nd.\tDoes the user’s device query addresses individually in a manner that \ndoes not allow the query responder to correlate queries for different \naddresses?\ne.\tCan users opt to obtain their balance information via Tor (or \nequivalent means)?\n8.\tDoes the applications route outgoing transactions independently from \nthe manner in which it obtains balance information? Can users opt to \nhave their transactions submitted to the Bitcoin network via Tor (or an \nequivalent means) independently of how they obtain their balance \ninformation?\n9.\tIf your application supports multiple identities/wallets, does each \none connect to the network as if it were completely independent from the \nother?\na.\tDoes the application ever request balance information for addresses \nbelonging to multiple identities in the same network query?\nb.\tAre outgoing transactions from multiple identities routed \nindependently of each other to the Bitcoin network?\nc.\tWhen an identity/wallet is deleted, does the deletion process \neliminate all evidence from the user's device that the wallet was \npreviously installed?\n\n\tNetwork Privacy\n\n10.\tWhen a user performs a backup operation for their wallet, does this \ngenerate any automatic network activity, such as a web query or email?\n11.\tDoes your application perform any lookup external to the user’s \ndevice related to identifying transaction senders or recipients?\n12.\tDoes you application connect to known endpoints which would be \nvisible to an ISP, such as your domain?\n13.\tIf your application connects directly to nodes in the Bitcoin P2P \nnetwork, does it either use an unremarkable user agent string (Bitcoin \nCore. BitcoinJ, etc), or randomize its user agent on each connection?\n\n\tPhysical Access\n\n14.\tDoes the application uninstall process for your application \neliminate all evidence from the user's device that the application was \npreviously installed? Does it also eliminate wallet data?\n15.\tDoes your application use techniques such as steganography to store \npersistent wallet metadata in a form not identifiable as belong to a \nBitcoin wallet application?\n16.\tPlease describe the degree to which users can use passwords/PINs to \nprotect their data:\na.\tCan the user set a password/PIN to protect their private keys?\nb.\tCan the user set a password/PIN to protect their public keys and \nbalance information?\nc.\tCan the user set a password/PIN to encrypt other wallet metadata, \nsuch as address books and transaction notes?\nd.\tDoes the application use a single password/PIN to cover all protected \ndata, or does it allow the use of multiple passwords/PINs?\n\nCustodianship\n\n17.\tDo you as a wallet provider ever have access to unencrypted copies \nof the user’s private keys, public keys, or any other wallet metadata \nwhich may be used to associate a user with their transactions or \nbalances?\n\n\tTelemetry Data\n\n18.\tIf your application reports telemetry data, such as usage \ninformation or automatic crash reporting, does the user have the \nopportunity to review and approve all information transmitted before it \nis sent?\n\n\tSource Code and Building\n\n19.\tCan a user of your application compile the application themselves in \na manner that produces a binary version identical to the version you \ndistribute (deterministic build system)?\n\nThank you for assisting us with this effort to measure privacy progress \nin the Bitcoin wallet space. If at all possible, please return this \nsurvey before 2015/08/13 to ensure the score for your application will \nbe as accurate as possible.\n\nSincerely,\n\nWei\nOpen Bitcoin Privacy Project Contributor",
"sig": "78c3b46e02bf678d26348f2acdea15536a26af8860fa219aa44803b9fbe39fc8cb171eab63e3eb8f68a86bd5913b0fcfde3f85ce6da3f37a41106455a7c50418"
}