Poll

Do we need strong privacy measures in BTS 2.0?

Yes
Maybe
No
Don't care

Author [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] Topic: Privacy (developers click me!)  (Read 684 times)

Offline karnal

Privacy (developers click me!)
« on: June 09, 2015, 10:49:42 PM »

https://bitsharestalk.org/index.php/topic,16780.msg215213.html#msg215213

I'm concerned that this would get lost in the above thread, as it's not the main topic. So I am opening this thread in order to hopefully get some feedback from the developers regarding privacy (or the lack of it) in BTS 2.0.


1. What is wrong with TITAN ('illusion of privacy'), were the reasons discussed (and if yes, where?), and are the flaws fatal?

2. Is a replacement system being worked on ?

3. Is privacy a goal or high priority item in BTS 2.0 ?


I am deeply concerned about the eventuality that no thought has been given to privacy, in my opinion full transparency on these matters is the road to economic totalitarianism. Especially so on a blockchain.

I'm very strongly against the whole world now and forever knowing the full state of my economic affairs. That is a private matter that concerns me and a few other people. Surely many other shareholders feel the same. At least I hope so!

Offline Method-X

  • Hero Member
  • *****
  • Posts: 1120
  • VIRAL
    • View Profile
    • Dating & Relationship Advice For Smart Women
  • BTS: methodx
Re: Privacy (developers click me!)
« Reply #1 on: June 09, 2015, 10:55:33 PM »
If they could offer privacy they would. The fact of the matter is, no privacy was ever offered in the first place; only the illusion of privacy.

Offline roadscape

Re: Privacy (developers click me!)
« Reply #2 on: June 09, 2015, 11:12:08 PM »
Quote
Great effort went into designing a system for BitShares that would allow users to keep their balances secret. TITAN used stealth addresses which allowed the sender to create as many new balances for the receiver as necessary to avoid combining funds and revealing their identity. The problem is that timing attacks and voting patterns can more or less completely reveal all balances belonging to an individual account. To actually gain any privacy under TITAN would require significant manual effort, an abstention from voting, and require dividing transactions over hours or days to make a single “stealth” payment. As a result most people had a false sense of anonymity. The side effect of attempting to build in privacy was a lack of scalability and significant complexity in building lightweight wallets and infrastructure. Abandoning the requirement for anonymity opens up a wide range of design options that were denied to us before.

Under BitShares 2.0, each named account has exactly one balance per asset type and everyone can see what that balance is and all transaction history except the private content contained in memos. This significantly reduces memory consumption associated with maintaining many different balance records each containing a fraction of the account’s balance. This also greatly simplifies voting which can now be done on a per-account basis rather than per-balance basis. White-listing and web-of-trust implementations are now much easier to implement and maintain. Bottom line: the cost of maintaining the illusion of anonymity far outweighs its value which is practically zero.

Users can still create many different accounts that never transact with one another, and thereby maintain a high level of privacy. The difference is that users are aware of what is public, and have the ability to understand what is necessary to maintain their privacy.

https://bitshares.github.io/blog/2015/06/08/lessons-learned-from-bitshares-0.x/#anonymity-is-an-illusion
http://cryptofresh.com  |  witness: roadscape

Offline karnal

Re: Privacy (developers click me!)
« Reply #3 on: June 09, 2015, 11:35:12 PM »
Anonymity is an illusion, meanwhile here I am posting this from tor, with an account that was registered with an email that does not trace back to my 'real' identity.

Anonymity is an illusion, meanwhile we have Monero, Dash, Zerocash, and others.

Anonymity is an illusion, meanwhile I pay for 99% of the stuff in daily life with cash; The merchants have no idea who I am, the bank has no idea where I am and what I'm buying, and the advertisers have no idea what spam to push.

Anonymity is an illusion, meanwhile thousands of people use the Tor network daily and are able to circumvent censorship, and access and/or publish information that would otherwise potentially put them in great danger. And anyway, fuck Big Brother. We have the right to read what we want to read without BB compiling a neverending list of habits, preferences and favorite authors.

Anonymity is an illusion, meanwhile even the UN gets it: http://www.ohchr.org/EN/Issues/FreedomOpinion/Pages/CallForSubmission.aspx


Au contraire, I would say. Anonymity is essential for fighting tyranny, oppresion and control. Anonymity is a human right.
https://en.wikipedia.org/wiki/Edward_Snowden#Global_surveillance_disclosures | Without anonymity, you are making their illegal/immoral job that much easier.

https://www.eff.org/issues/anonymity  >:(
https://www.eff.org/deeplinks/2013/10/online-anonymity-not-only-trolls-and-political-dissidents  8)

https://www.youtube.com/watch?v=o66FUc61MvU  :o





Even in Bitcoin it is possible to retain functional anonymity altough one needs to be very careful about it. Different wallets, minding change addresses, not mixing the wrong inputs, etc.

I may be wrong but this level of granularity does not seem to be present in BTS 2.0. The solution seems to be creating more accounts. Which presumably cannot be deleted. This does not scale; I've easily used 5000+ bitcoin addresses in the few years using it.



Also, while TITAN may have had its flaws, it was at least possible to maintain anonymity with the right precautions. It seems better to have the option rather than destroying the alternative and force everyone to be naked.

I would take a slower wallet which at least allows for the possibility of privacy rather than a super-fast one that is the wet dream of any bankrupt inflated government hellbent on getting its hand on every last dime it can.

It would be nice to have the choice.

Quote from: TFA
Users can still create many different accounts that never transact with one another, and thereby maintain a high level of privacy.

This one I find particularly misleading. Most users will be coming in from exchanges; The exchange then necessarily knows where the user withdrew to. And since all transaction history will now be public....

We are back to the same "problem" of having to carefully spread transactions over many hours/days and using dozens of accounts.
Except now the wallet has to be littered with them.

Offline karnal

Re: Privacy (developers click me!)
« Reply #4 on: June 09, 2015, 11:41:52 PM »
Quote from: Method-X
If they could offer privacy they would.

Non sequitur. Maybe they just don't think it's a priority. Maybe they don't want to offer it intentionally (US company and all that). Maybe they don't care. Or dozens of other possible explanations.

Quote from: Method-X
The fact of the matter is, no privacy was ever offered in the first place; only the illusion of privacy.

According to the official statement (the url already shared in this thread), it is possible, with the right precautions.

merockstar

  • Guest
Re: Privacy (developers click me!)
« Reply #5 on: June 10, 2015, 08:21:46 AM »
since there's a web app, the option to torify transactions does exist.


Offline karnal

Re: Privacy (developers click me!)
« Reply #7 on: June 10, 2015, 09:16:44 AM »
https://mises.org/library/international-war-cash

Quote from: TFA
But the actual aim of the recent flood of laws rendering cash transactions less convenient ....

and, more importantly, to expand the ability of governments to spy on and keep track of their citizens’ most private financial dealings.

Without privacy built in, BTS will become a tool of oppression rather than a tool of liberation. It will be less private than using a credit card, less private than using a bank account, less private than most other cryptos out there.


As a shareholder I'm deeply disturbed that the move to root out privacy from the project came unannounced, after being concocted in secrecy.

From the best thing in the crypto space (and the June 8th news add a lot to that, minus this point on privacy, imo) BitShares appears to have become the latest force on the road to economic totalitarianism.

I hope something can be done about this - and that there are many others in this community who can see the writing on the wall and also voice their opinions.

In terms of features BitShares is the best there is now, but if you retain nothing else, then please retain this: getting rid of anonymity, saying it doesn't matter, is a grave mistake. We have a right to privacy. We have a right to write anonymously, and to transact anonymously. Whatever we can do to not let this erode away, we should do.

Offline fav

  • Administrator
  • Hero Member
  • *****
  • Posts: 3390
  • No Pain, No Gain
    • View Profile
    • BitShares 2.0 SmartCoin
  • BTS: fav
Re: Privacy (developers click me!)
« Reply #8 on: June 10, 2015, 09:21:10 AM »
https://mises.org/library/international-war-cash

Quote from: TFA
But the actual aim of the recent flood of laws rendering cash transactions less convenient ....

and, more importantly, to expand the ability of governments to spy on and keep track of their citizens’ most private financial dealings.

Without privacy built in, BTS will become a tool of oppression rather than a tool of liberation. It will be less private than using a credit card, less private than using a bank account, less private than most other cryptos out there.


As a shareholder I'm deeply disturbed that the move to root out privacy from the project came unannounced, after being concocted in secrecy.

From the best thing in the crypto space (and the June 8th news add a lot to that, minus this point on privacy, imo) BitShares appears to have become the latest force on the road to economic totalitarianism.

I hope something can be done about this - and that there are many others in this community who can see the writing on the wall and also voice their opinions.

In terms of features BitShares is the best there is now, but if you retain nothing else, then please retain this: getting rid of anonymity, saying it doesn't matter, is a grave mistake. We have a right to privacy. We have a right to write anonymously, and to transact anonymously. Whatever we can do to not let this erode away, we should do.

I'm pretty sure we will see mixing services in the future. so if you feel threatened you could just setup a 1 time name, send assets through a mixer (like you can in bitcoin or dash for example) and you're pretty much anon.

so far all that's visible is a nickname attached to x-assets.

As for proxy management, I'm sure people concerned about that already use TAILS with BitShares client.

Offline karnal

Re: Privacy (developers click me!)
« Reply #9 on: June 10, 2015, 09:36:35 AM »
Would you trust even $5K to a mixer?

With DASH it's a no-risk operation, just turn on DarkSend. This loss means we get the same risk profile as bitcoin (trust a 3rd party not to run away with our $5k - seems odd, given the (good) emphasis put on decentralization around here), but with potentially more complications, since it probably won't be possible to delete accounts from the wallet.

Put another way, the list of passthrough accounts will never stop growing.
And by introducing mixers, it is possible to pay special attention to accounts which receive funds from mixers; Coinbase for instance has been known to terminate accounts due to that alone.

The mixers themselves would have to register thousands upon thousands of accounts that will only be used once for mixing purposes, littering the blockchain and creating a very simple to analyze pattern too.


As for BTS and transparent proxying, it sure is possible, just don't forget that your traffic fingerprint will immediately stand out due to transparent proxying (the resolve hostname / connect to IP directly generates a very distinct pattern); also, don't forget that Tor is far from being the only usage there is for a proxy.


Offline karnal

Re: Privacy (developers click me!)
« Reply #11 on: June 10, 2015, 11:37:49 AM »
Would you trust even $5K to a mixer?

no, I'd split it.

btw, why not hire a worker to implement a onchain mixer?

I'd split it too. It would get boring soon though.
And for this to scale in terms of management the accounts in the wallet must be deletable.

I'm not saying it isn't possible (since 0.9 does not seem to allow removing accounts, I already keep >1 wallet in 0.9 by symlinking .BitShares/wallets/default to the wallet I intend to use before starting up the client), I'm saying it ends up being a lot more trouble to maintain than TITAN ever was.

I can understand no TITAN means simplified clients, light wallets, etc, but look.. wasn't somebody already developing an android light wallet? And the online wallet did not use TITAN either (afaik - never really used it myself).

The statement that TITAN made the full client slow appears bogus as well, would it really slow things down if none of your accounts are TITAN?



To sum it up, it seems that we have now made privacy much more difficult and error prone to achieve, plus almost guaranteed to depend on a 3rd party service to get it. But I fully appreciate that I may be missing something here.

What do you think?

Offline sittingduck

  • Sr. Member
  • ****
  • Posts: 246
    • View Profile
Re: Privacy (developers click me!)
« Reply #12 on: June 10, 2015, 11:51:53 AM »
Privacy like Bitcoin devs proposed on the same day is possible.  Homomorphic encryption can also be used.   I view it like original iOS with no copy paste.  We either do it right or not at all.   


Sent from my iPhone using Tapatalk

Offline Stan

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2701
  • You need to think BIGGER, Pinky...
    • View Profile
    • Cryptonomex
  • BTS: Stan
Re: Privacy (developers click me!)
« Reply #13 on: June 10, 2015, 02:29:44 PM »
Bytemaster has already indicated that true privacy is on his radar. 
When a comprehensive solution is ready for prime time, it will appear in another appropriately foreshadowed surprise announcement.

Anything said on these forums does not constitute an intent to create a legal obligation or contract of any kind.   These are merely my opinions which I reserve the right to change at any time.

Offline jsidhu

  • Hero Member
  • *****
  • Posts: 1337
    • View Profile
Re: Privacy (developers click me!)
« Reply #14 on: June 10, 2015, 02:45:27 PM »
I don't think any privacy tech out there today is truly private.. Tor isn't private.. It also slows down blockchain syncing.
Hired by blockchain | Developer
delegate: dev.sidhujag

 

Google+