š
Original date posted:2014-11-27
š Original message:Hello there,
quote:
> Please see also the following:
>
> https://cpunks.org//pipermail/cypherpunks/2014-November/005971.html
>
I agree about the severity of the Tor/Bitcoin issue, but I see no
point in bashing Bitcoin's financial privacy characteristics as
the linked pages seem to do.
Bitcoin can be useful as a part of a strategy to improve on privacy,
but it does not intend to be a run-and-forget solution for doing so.
A lot of issues found in this context can actually be traced back to
Tor's characteristics already known before. It's just that
Bitcoin makes Tor's deficiencies more measurable - before Bitcoin,
those interested in researching how Tor performs in an automated
context where a much smaller community. In the end, I guess both
projects can benefit from the research we can do now.
> Respect,
>
> - -Odinn
>
> Jeff Garzik:
> > I don't recall being contacted directly, but the attack has been
> > discussed. It relies on a number of conditions. For example, if
> > you are over Tor, they try to kick the machine off Tor, _assuming_
> > that it will fall back to non-Tor. That's only true for dual stack
> > nodes, which are not really 100% anonymous anyway -- you're
> > operating from your public IP anyway.
> >
Generally, it cannot be said that the attack vector described here is
irrelevant for non-dual-stack nodes. An attacker might not be able to
collect IP addresses of Tor-only nodes, but he can try to kick the
users from all Tor exit nodes he does not control, and proceed with
other attacks when a large number of Tor-only users connect through
his Tor exit node(s).
Since this attack vector has been discussed, I started making some
measurements on how effective it is to connect to Bitcoin using Tor,
and I found that the number of connections dropping to near-zero is
a situation which occurs rather frequently, which suggests that there
is still room to improve on the DoS handling.
Best regards,
Isidor
Isidor Zeuner [ARCHIVE] /
npub1wzā¦2jvxz
2023-06-07 15:27:33
in reply to nevent1qā¦z2ly
Author Public Key
npub1wz2sm8h4ylh9dn28688vjzwrmhaxnh3jl04p8jk3qeq7umwf8cus72jvxzPublished at
2023-06-07 15:27:33Event JSON
{
"id": "1220a7b3e14ceea835b39f1a65cb5f6c22f03a47631b636c1b1dcab039f8484d",
"pubkey": "70950d9ef527ee56cd47d1cec909c3ddfa69de32fbea13cad10641ee6dc93e39",
"created_at": 1686151653,
"kind": 1,
"tags": [
[
"e",
"361488dab143c9c8ffe7e1b6278eb4c26a4e028aa93b779a32013ddcda18317a",
"",
"root"
],
[
"e",
"43cccfa1141d355a3e470228a6e9d26557a7ed2eaa833172baf47d652b4ba91e",
"",
"reply"
],
[
"p",
"33228a8ed797b24e872fc0257c1515fc9bca74c0b230dcbb7d3d2bd38fd97ed7"
]
],
"content": "š
Original date posted:2014-11-27\nš Original message:Hello there,\n\nquote:\n\u003e Please see also the following:\n\u003e\n\u003e https://cpunks.org//pipermail/cypherpunks/2014-November/005971.html\n\u003e\n\nI agree about the severity of the Tor/Bitcoin issue, but I see no\npoint in bashing Bitcoin's financial privacy characteristics as\nthe linked pages seem to do.\n\nBitcoin can be useful as a part of a strategy to improve on privacy,\nbut it does not intend to be a run-and-forget solution for doing so.\n\nA lot of issues found in this context can actually be traced back to\nTor's characteristics already known before. It's just that\nBitcoin makes Tor's deficiencies more measurable - before Bitcoin,\nthose interested in researching how Tor performs in an automated\ncontext where a much smaller community. In the end, I guess both\nprojects can benefit from the research we can do now.\n\n\u003e Respect,\n\u003e\n\u003e - -Odinn\n\u003e\n\u003e Jeff Garzik:\n\u003e \u003e I don't recall being contacted directly, but the attack has been\n\u003e \u003e discussed. It relies on a number of conditions. For example, if\n\u003e \u003e you are over Tor, they try to kick the machine off Tor, _assuming_\n\u003e \u003e that it will fall back to non-Tor. That's only true for dual stack\n\u003e \u003e nodes, which are not really 100% anonymous anyway -- you're\n\u003e \u003e operating from your public IP anyway.\n\u003e \u003e\n\nGenerally, it cannot be said that the attack vector described here is\nirrelevant for non-dual-stack nodes. An attacker might not be able to\ncollect IP addresses of Tor-only nodes, but he can try to kick the\nusers from all Tor exit nodes he does not control, and proceed with\nother attacks when a large number of Tor-only users connect through\nhis Tor exit node(s).\n\nSince this attack vector has been discussed, I started making some\nmeasurements on how effective it is to connect to Bitcoin using Tor,\nand I found that the number of connections dropping to near-zero is\na situation which occurs rather frequently, which suggests that there\nis still room to improve on the DoS handling.\n\nBest regards,\n\nIsidor",
"sig": "78ef6104aca902c9baaf9942aed9544d3188f1bee71a4d92e782f09f983bdcb630a1d0d24a113e3e43f5c3ac4acde6f11c6596d37692465a8c5c044e16a3753d"
}