📅 Original date posted:2015-07-24
📝 Original message:> Sent: Friday, July 24, 2015 at 6:44 AM
> From: "Eric Voskuil" <eric at voskuil.org>
> To: "Slurms MacKenzie" <slurms at gmx.us>, bitcoin-dev at lists.linuxfoundation.org
> Subject: Re: [bitcoin-dev] Making Electrum more anonymous
>
> This is why privacy remains a significant issue. Privacy is an essential
> aspect of fungibility. This is a central problem for Bitcoin.
Somewhat under discussed too, really. Peoples money doesn't fly out the window when their privacy is ripped out from under them, as such discussing it seems a little meaningless. As some of the most popular wallets don't even use change addresses, for the comfort of the developers and at the cost of the user.
> Solving the latter two problems can go a long way to reducing the impact
> of the former. But currently the only solution is to run a full chain
> wallet. This is not a viable solution for many scenarios, and getting
> less so.
Which makes the general clambering for demise of the full node wallet all the more baffling.
> Well because of presumed relationship in time these are not actually
> separated requests. Which is why even the (performance-unrealistic)
> option of a distinct Tor route for each independent address request is
> *still* problematic.
Yep, any leak is a useful leak. Even if you only expose one single address request to me, I now have an idea of what timezone you are in and can eliminate it from other implausible ones. Onion routing is not a solution in my mind, you're just asking for people to sybil attack Electrum clients to capture as much timing data as possible. There's no defending against that.
> Introducing truly-random timing variations into the mixnet solutions can
> mitigate timing attacks, but yes, this just makes the already
> intolerable performance problem much worse.
Realistically this is all too broken to be building wallets on top of.
SPV clients are neither secure nor private, we should feel guilty for ever promoting them.
Slurms MacKenzie [ARCHIVE] /
npub168…hhm7q
2023-06-07 15:42:47
in reply to nevent1q…jgw2
Author Public Key
npub168j7xscxgv5tup3uxm0tpkktvc9ctzwuhj5szyhec3y4qwmrawaq9hhm7qSeen on
wss://relay.nostr.bandPublished at
2023-06-07 15:42:47Event JSON
{
"id": "2f025751fbf345738e2f1985636ed0d11e664f6f9a77e713b235a7a661fb0892",
"pubkey": "d1e5e343064328be063c36deb0dacb660b8589dcbca90112f9c449503b63ebba",
"created_at": 1686152567,
"kind": 1,
"tags": [
[
"e",
"118b9de54e189b18402c92d943ea538ff30d5f541b4aeaba9bb62ae15123b652",
"",
"root"
],
[
"e",
"d86fb77d5d8efd0ad356316750a10d083a1fd0f72f3aa15c7b5e25e43c59b141",
"",
"reply"
],
[
"p",
"82205f272f995d9be742779a3c19a2ae08522ca14824c3a3b01525fb5459161e"
]
],
"content": "📅 Original date posted:2015-07-24\n📝 Original message:\u003e Sent: Friday, July 24, 2015 at 6:44 AM\n\u003e From: \"Eric Voskuil\" \u003ceric at voskuil.org\u003e\n\u003e To: \"Slurms MacKenzie\" \u003cslurms at gmx.us\u003e, bitcoin-dev at lists.linuxfoundation.org\n\u003e Subject: Re: [bitcoin-dev] Making Electrum more anonymous\n\u003e \n\u003e This is why privacy remains a significant issue. Privacy is an essential\n\u003e aspect of fungibility. This is a central problem for Bitcoin. \n\nSomewhat under discussed too, really. Peoples money doesn't fly out the window when their privacy is ripped out from under them, as such discussing it seems a little meaningless. As some of the most popular wallets don't even use change addresses, for the comfort of the developers and at the cost of the user. \n\n\n\u003e Solving the latter two problems can go a long way to reducing the impact\n\u003e of the former. But currently the only solution is to run a full chain\n\u003e wallet. This is not a viable solution for many scenarios, and getting\n\u003e less so.\n\nWhich makes the general clambering for demise of the full node wallet all the more baffling.\n\n\n\u003e Well because of presumed relationship in time these are not actually\n\u003e separated requests. Which is why even the (performance-unrealistic)\n\u003e option of a distinct Tor route for each independent address request is\n\u003e *still* problematic.\n\nYep, any leak is a useful leak. Even if you only expose one single address request to me, I now have an idea of what timezone you are in and can eliminate it from other implausible ones. Onion routing is not a solution in my mind, you're just asking for people to sybil attack Electrum clients to capture as much timing data as possible. There's no defending against that.\n\n\n\u003e Introducing truly-random timing variations into the mixnet solutions can\n\u003e mitigate timing attacks, but yes, this just makes the already\n\u003e intolerable performance problem much worse.\n\nRealistically this is all too broken to be building wallets on top of. \n\nSPV clients are neither secure nor private, we should feel guilty for ever promoting them.",
"sig": "975dd68d864daa081bceb043805c4f38ea4a496f235a74ce527115494c62cfb25518b7281e329950de216421418c617160912c69bd8457bc5adf7326b656ac89"
}