Silk Road forums
Discussion => Security => Topic started by: NOGGINS on May 09, 2012, 06:05 pm
-
Hi,
Could any1 enlighten me please.
The option to get another bitcoin address in your account setting is for what exactly??
If you was to change your BTC address and were still pending deposits of BTC into the account would they still arrive.
ie Would they go to the old account number and still be deposited in his account??
-
Any Bitcoin wallet address that has ever been generated for an account will always be valid for that account. Which means your coins are safely on their way.
-sSh-
-
To keep the leo one step behind.
-
Any Bitcoin wallet address that has ever been generated for an account will always be valid for that account. Which means your coins are safely on their way.
-sSh-
There are no expiration of the BTC addresses? You are joking right? Please tell me this is a joke. If SR was compromised then every address is forever logged?
To keep the leo one step behind.
Actually if squid tells the truth, SR logs everyones originating BTC addresses in a nice neat package of BTC address to UserName.
-
I was under the impression that they expire to make things more difficult for LE to find the coins on SR. Squid if you could clear this up I would appreciate it.
-
That's great thanks. Did look how to leave Karma for you but nothing obvious!
-
Could you also answer this.
Should your btc address for Silk Road change without you doing so??
As after looking through MTgox the other day i saw that my early withdrawals went to 1 address and my recent 1 went to another?? But both went to my account.
But i did not physically change the address???
Now this has also happened with the chap that i started the thread about hence the reason why it came to my attention.
Every time i deposit i copy and paste address .
Just wonder if it randomise its self every now and again.
-
Any Bitcoin wallet address that has ever been generated for an account will always be valid for that account. Which means your coins are safely on their way.
-sSh-
There are no expiration of the BTC addresses? You are joking right? Please tell me this is a joke. If SR was compromised then every address is forever logged?
To keep the leo one step behind.
Actually if squid tells the truth, SR logs everyones originating BTC addresses in a nice neat package of BTC address to UserName.
I am also curious about this. We should have the option to remove our ties to previous addresses. If every address is saved for each user, then why generate a new one? If SR was compromised and we were tied to our addresses, then it wouldn't be that much more difficult for LEs to connect addresses to users! Can someone explain?
-
All transactions are kept in the blockchain, it's how bitcoin works. If the addresses expired, the integrity of the blockchain, and the value of bitcoin itself, would crumble. Each transaction creates a new wallet address, which makes things more difficult to correlate. You would be much easier to track if all of your funds passed through the same address. Transactions are kept secure by this randomization and the tumblers the coins go through.
-sSh-
-
I've actually been saying this for for quite some time, if you check through my posts. Here is a link to my tutorial on this subject:
http://dkn255hz262ypmii.onion/index.php?topic=21578.msg221779#msg221779
This is why kmf and pine are being so anal retentive about the entire 'anonymous exit' / 'anonymous entry' thing. Maybe you've screwed up a bit, eh, but never fear, there's a solution.
Bitcoin by itself, is *not anonymous at all*. It is just that "identity" is not associated by default with the currency. Of course, the minute you use a credit card, your identity *is* associated with those acquired bitcoins. Not only is the network of transactions publicly available through the block chain, but SR holds the private keys for all your bitcoin addresses (it has to, because you continually have to change your address to prevent traffic analysis on the block chain), meaning that if SR is compromised, it means that if there is a direct link between your identity and the bitcoins obtained at an exchange and the bitcoins that wound up in an SR a/c, then law enforcement has a direct chain of evidence saying you acquired drugs.
There are two things to generate good anonymity.
1. A mixer to launder the bitcoins, preferably a blind mixer/blind signature mixer. Essentially you are swopping the bitcoins you obtained, with somebody else's bitcoins. This is awesome, because there is no public record on the block chain of what just happened. Do some googling to read about it.
2. Obtain and dispose of bitcoins for cash using anonymous methods. e.g. Cash deposits, cash in the mail, using P2P exchanges and so on.
And if you're really paranoid, then do both. Then I give you the Paranoid Pine Seal of Approval and you contently snooze with gentle snores during the night.
If you are concerned you are traceable, then send me a PM for advice with the keyword 'halp' in the subject line.
-
An excellent post Pine, thank you - you've expressed it much more eloquently than I could!
In order to have an understanding of how the BTC network operates it helps to have an understanding of Public Key Cryptography - each Bitcoin address is little more than a public key, used to encrypt the coins and of course the corresponding private key is required to unlock them. If it helps think of your public key being a lockable box in which you place the coins and the private key being a physical key with which you can unlock the box and remove the coins.
This applies regardless of the type of wallet you use, be it on your computer, a virtual wallet like the one linked to your SR account or even a paper wallet.
In the case of an electronic wallet, the block chain is constantly analysed and any coins you have sent/received are updated into your wallet. The system by its very nature must be open in the sense of recording each transaction because as Pine explains you need to continually update your address to make it difficult for transactions to be traced and yet make sure you have an accurate record of whose coins are whose at all times.
A central server could regulate this in theory but has a number of potential drawbacks, not the least of which some right wing Judge could come along and send the whole thing crashing down.
If your identity can be linked to any BTC address, as I mentioned this would make it possible to trace any past/subsequent transactions to/from that address. Although this is a theoretical vulnerability it underlines the importance of buying and selling BTC for cash, although I probably would say this as this is a service I offer to people in UK/Europe on here!
SR has a built in mixer but I am not sure this is suitable for very large amounts of BTC - perhaps Pine can confirm?
V.
I've actually been saying this for for quite some time, if you check through my posts. Here is a link to my tutorial on this subject:
http://dkn255hz262ypmii.onion/index.php?topic=21578.msg221779#msg221779
This is why kmf and pine are being so anal retentive about the entire 'anonymous exit' / 'anonymous entry' thing. Maybe you've screwed up a bit, eh, but never fear, there's a solution.
Bitcoin by itself, is *not anonymous at all*. It is just that "identity" is not associated by default with the currency. Of course, the minute you use a credit card, your identity *is* associated with those acquired bitcoins. Not only is the network of transactions publicly available through the block chain, but SR holds the private keys for all your bitcoin addresses (it has to, because you continually have to change your address to prevent traffic analysis on the block chain), meaning that if SR is compromised, it means that if there is a direct link between your identity and the bitcoins obtained at an exchange and the bitcoins that wound up in an SR a/c, then law enforcement has a direct chain of evidence saying you acquired drugs.
There are two things to generate good anonymity.
1. A mixer to launder the bitcoins, preferably a blind mixer/blind signature mixer. Essentially you are swopping the bitcoins you obtained, with somebody else's bitcoins. This is awesome, because there is no public record on the block chain of what just happened. Do some googling to read about it.
2. Obtain and dispose of bitcoins for cash using anonymous methods. e.g. Cash deposits, cash in the mail, using P2P exchanges and so on.
And if you're really paranoid, then do both. Then I give you the Paranoid Pine Seal of Approval and you contently snooze with gentle snores during the night.
If you are concerned you are traceable, then send me a PM for advice with the keyword 'halp' in the subject line.
-
Any Bitcoin wallet address that has ever been generated for an account will always be valid for that account. Which means your coins are safely on their way.
-sSh-
There are no expiration of the BTC addresses? You are joking right? Please tell me this is a joke. If SR was compromised then every address is forever logged?
To keep the leo one step behind.
Actually if squid tells the truth, SR logs everyones originating BTC addresses in a nice neat package of BTC address to UserName.
I am also curious about this. We should have the option to remove our ties to previous addresses. If every address is saved for each user, then why generate a new one? If SR was compromised and we were tied to our addresses, then it wouldn't be that much more difficult for LEs to connect addresses to users! Can someone explain?
Generating a new address can be useful as the Blockchain isn't a neat little list and every time you move coins across addresses you make it harder to trace a transaction but in principle yes, generating a new address doesn't greatly increase your safety if another has been compromised, it's a preventative measure. It's also true that it's not currently possible to tell through block chain analysis whether the coins you sent to another address were to an address of your own or someone else, so once again sending coins to yourself in random amounts to several addresses can help to obscure the trail.
Severing the link between coins at one address and another before sending won't work for the simple reason as I explained below that Bitcoins operate on the basis of Public Key Cryptography i.e if I send you an e-mail encrypted with your Public Key you MUST use your own Private Key to decrypt it before sending it to anyone else.
Mixers on the other hand do allow you to do this in a limited fashion by swapping your coins with those of others though of course you are trusting the mixing service not to abscond with your coins and that there are sufficient coins to swap around so that you don't receive any of your own back. It may however be possible to trace the flow of coins through the mixer if it can be shown you made a deposit and then later withdrew a similar amount.
In short, the only truly safe method for buyers to purchase BTC is to sell goods in exchange for them and/or buy them with cash.
V.
-
SR has a built in mixer but I am not sure this is suitable for very large amounts of BTC - perhaps Pine can confirm
I have my own theory on how SR's mixer operates, but it wouldn't be a good idea to post it here.
Generating a new address can be useful as the Blockchain isn't a neat little list and every time you move coins across addresses you make it harder to trace a transaction but in principle yes, generating a new address doesn't greatly increase your safety if another has been compromised, it's a preventative measure. It's also true that it's not currently possible to tell through block chain analysis whether the coins you sent to another address were to an address of your own or someone else, so once again sending coins to yourself in random amounts to several addresses can help to obscure the trail.
I have to disagree because it depends on what you mean by that, see my note on convergence below. You have to be precise because it matters. I mean, there are a couple of activities that I'd regard as a 'suspect signature' on the Bitcoin network:
- A loop. This is where bitcoins go on a simple or complex journey, but ultimately come back to an address they visited before. This strongly implies that all activities in the loop were orchestrated by the same person.
- A convergence. This is where bitcoins spread out among many addresses from a single point, possibly undergoing journeys through other wallets, but all the funds ultimately come back to a single address or a series of addresses that can be shown to be controlled by the same person.
i.e. what I am saying, is that if the identity of the person who obtained the coins initially is known, and then all those coins wind up in a series of SR accounts, then you might as well as just bought the bitcoins with your credit card and fired them directly into SR for all the difference it makes.
That is: you must either:
a: use a mixer. Ideally a blind signature mixer (ask me why). This makes you untraceable.
b: obtain bitcoins with cash in the first place. This makes your identity anonymous.
Either of those options is very easy to achieve and gives you good anonymity. If you do both, then you are both anonymous and untraceable. Hence the Pine Seal of Approval badge.
Severing the link between coins at one address and another before sending won't work for the simple reason as I explained below that Bitcoins operate on the basis of Public Key Cryptography i.e if I send you an e-mail encrypted with your Public Key you MUST use your own Private Key to decrypt it before sending it to anyone else.
Mixers on the other hand do allow you to do this in a limited fashion by swapping your coins with those of others though of course you are trusting the mixing service not to abscond with your coins and that there are sufficient coins to swap around so that you don't receive any of your own back. It may however be possible to trace the flow of coins through the mixer if it can be shown you made a deposit and then later withdrew a similar amount.
In short, the only truly safe method for buyers to purchase BTC is to sell goods in exchange for them and/or buy them with cash.
V.
We ought to have an entire thread on how mixers work and their caveats to be honest. It is possible for a mixer to be compromised i.e. a man in the middle attack, but it not possible for a blind mixer to be compromised. There are also ways of using certain services which make life incredibly difficult for LEO. I have a headache now though -.-
-
Hey Pine, once your headache has eased, I'd love to know more about the differences between blind signature and standard mixers. I do agree that we could use a whole thread on that, though, so it's easier for everyone to find.
-
Appa: http://dkn255hz262ypmii.onion/index.php?topic=22631.msg234550#msg234550
-
seemed to have opened a can of worms??
-
seemed to have opened a can of worms??
:D