BitShares Forum

Main => Technical Support => Topic started by: karnal on June 09, 2015, 10:49:42 pm

Title: Privacy (developers click me!)
Post by: karnal on June 09, 2015, 10:49:42 pm
https://bitsharestalk.org/index.php/topic,16780.msg215213.html#msg215213

I'm concerned that this would get lost in the above thread, as it's not the main topic. So I am opening this thread in order to hopefully get some feedback from the developers regarding privacy (or the lack of it) in BTS 2.0.


1. What is wrong with TITAN ('illusion of privacy'), were the reasons discussed (and if yes, where?), and are the flaws fatal?

2. Is a replacement system being worked on ?

3. Is privacy a goal or high priority item in BTS 2.0 ?


I am deeply concerned about the eventuality that no thought has been given to privacy, in my opinion full transparency on these matters is the road to economic totalitarianism. Especially so on a blockchain.

I'm very strongly against the whole world now and forever knowing the full state of my economic affairs. That is a private matter that concerns me and a few other people. Surely many other shareholders feel the same. At least I hope so!
Title: Re: Privacy (developers click me!)
Post by: Method-X on June 09, 2015, 10:55:33 pm
If they could offer privacy they would. The fact of the matter is, no privacy was ever offered in the first place; only the illusion of privacy.
Title: Re: Privacy (developers click me!)
Post by: roadscape on June 09, 2015, 11:12:08 pm
Quote
Great effort went into designing a system for BitShares that would allow users to keep their balances secret. TITAN used stealth addresses which allowed the sender to create as many new balances for the receiver as necessary to avoid combining funds and revealing their identity. The problem is that timing attacks and voting patterns can more or less completely reveal all balances belonging to an individual account. To actually gain any privacy under TITAN would require significant manual effort, an abstention from voting, and require dividing transactions over hours or days to make a single “stealth” payment. As a result most people had a false sense of anonymity. The side effect of attempting to build in privacy was a lack of scalability and significant complexity in building lightweight wallets and infrastructure. Abandoning the requirement for anonymity opens up a wide range of design options that were denied to us before.

Under BitShares 2.0, each named account has exactly one balance per asset type and everyone can see what that balance is and all transaction history except the private content contained in memos. This significantly reduces memory consumption associated with maintaining many different balance records each containing a fraction of the account’s balance. This also greatly simplifies voting which can now be done on a per-account basis rather than per-balance basis. White-listing and web-of-trust implementations are now much easier to implement and maintain. Bottom line: the cost of maintaining the illusion of anonymity far outweighs its value which is practically zero.

Users can still create many different accounts that never transact with one another, and thereby maintain a high level of privacy. The difference is that users are aware of what is public, and have the ability to understand what is necessary to maintain their privacy.

https://bitshares.github.io/blog/2015/06/08/lessons-learned-from-bitshares-0.x/#anonymity-is-an-illusion
Title: Re: Privacy (developers click me!)
Post by: karnal on June 09, 2015, 11:35:12 pm
Anonymity is an illusion, meanwhile here I am posting this from tor, with an account that was registered with an email that does not trace back to my 'real' identity.

Anonymity is an illusion, meanwhile we have Monero, Dash, Zerocash, and others.

Anonymity is an illusion, meanwhile I pay for 99% of the stuff in daily life with cash; The merchants have no idea who I am, the bank has no idea where I am and what I'm buying, and the advertisers have no idea what spam to push.

Anonymity is an illusion, meanwhile thousands of people use the Tor network daily and are able to circumvent censorship, and access and/or publish information that would otherwise potentially put them in great danger. And anyway, fuck Big Brother. We have the right to read what we want to read without BB compiling a neverending list of habits, preferences and favorite authors.

Anonymity is an illusion, meanwhile even the UN gets it: http://www.ohchr.org/EN/Issues/FreedomOpinion/Pages/CallForSubmission.aspx


Au contraire, I would say. Anonymity is essential for fighting tyranny, oppresion and control. Anonymity is a human right.
https://en.wikipedia.org/wiki/Edward_Snowden#Global_surveillance_disclosures (https://en.wikipedia.org/wiki/Edward_Snowden#Global_surveillance_disclosures) | Without anonymity, you are making their illegal/immoral job that much easier.

https://www.eff.org/issues/anonymity  >:(
https://www.eff.org/deeplinks/2013/10/online-anonymity-not-only-trolls-and-political-dissidents  8)

https://www.youtube.com/watch?v=o66FUc61MvU  :o





Even in Bitcoin it is possible to retain functional anonymity altough one needs to be very careful about it. Different wallets, minding change addresses, not mixing the wrong inputs, etc.

I may be wrong but this level of granularity does not seem to be present in BTS 2.0. The solution seems to be creating more accounts. Which presumably cannot be deleted. This does not scale; I've easily used 5000+ bitcoin addresses in the few years using it.



Also, while TITAN may have had its flaws, it was at least possible to maintain anonymity with the right precautions. It seems better to have the option rather than destroying the alternative and force everyone to be naked.

I would take a slower wallet which at least allows for the possibility of privacy rather than a super-fast one that is the wet dream of any bankrupt inflated government hellbent on getting its hand on every last dime it can.

It would be nice to have the choice.

Quote from: TFA
Users can still create many different accounts that never transact with one another, and thereby maintain a high level of privacy.

This one I find particularly misleading. Most users will be coming in from exchanges; The exchange then necessarily knows where the user withdrew to. And since all transaction history will now be public....

We are back to the same "problem" of having to carefully spread transactions over many hours/days and using dozens of accounts.
Except now the wallet has to be littered with them.
Title: Re: Privacy (developers click me!)
Post by: karnal on June 09, 2015, 11:41:52 pm
Quote from: Method-X
If they could offer privacy they would.

Non sequitur. Maybe they just don't think it's a priority. Maybe they don't want to offer it intentionally (US company and all that). Maybe they don't care. Or dozens of other possible explanations.

Quote from: Method-X
The fact of the matter is, no privacy was ever offered in the first place; only the illusion of privacy.

According to the official statement (the url already shared in this thread), it is possible, with the right precautions.
Title: Re: Privacy (developers click me!)
Post by: merockstar on June 10, 2015, 08:21:46 am
since there's a web app, the option to torify transactions does exist.
Title: Re: Privacy (developers click me!)
Post by: karnal on June 10, 2015, 08:28:25 am
since there's a web app, the option to torify transactions does exist.

It does if you can run the webapp locally.

But either way, proxy support should be baked in.
Title: Re: Privacy (developers click me!)
Post by: karnal on June 10, 2015, 09:16:44 am
https://mises.org/library/international-war-cash

Quote from: TFA
But the actual aim of the recent flood of laws rendering cash transactions less convenient ....

and, more importantly, to expand the ability of governments to spy on and keep track of their citizens’ most private financial dealings.

Without privacy built in, BTS will become a tool of oppression rather than a tool of liberation. It will be less private than using a credit card, less private than using a bank account, less private than most other cryptos out there.


As a shareholder I'm deeply disturbed that the move to root out privacy from the project came unannounced, after being concocted in secrecy.

From the best thing in the crypto space (and the June 8th news add a lot to that, minus this point on privacy, imo) BitShares appears to have become the latest force on the road to economic totalitarianism.

I hope something can be done about this - and that there are many others in this community who can see the writing on the wall and also voice their opinions.

In terms of features BitShares is the best there is now, but if you retain nothing else, then please retain this: getting rid of anonymity, saying it doesn't matter, is a grave mistake. We have a right to privacy. We have a right to write anonymously, and to transact anonymously. Whatever we can do to not let this erode away, we should do.
Title: Re: Privacy (developers click me!)
Post by: fav on June 10, 2015, 09:21:10 am
https://mises.org/library/international-war-cash

Quote from: TFA
But the actual aim of the recent flood of laws rendering cash transactions less convenient ....

and, more importantly, to expand the ability of governments to spy on and keep track of their citizens’ most private financial dealings.

Without privacy built in, BTS will become a tool of oppression rather than a tool of liberation. It will be less private than using a credit card, less private than using a bank account, less private than most other cryptos out there.


As a shareholder I'm deeply disturbed that the move to root out privacy from the project came unannounced, after being concocted in secrecy.

From the best thing in the crypto space (and the June 8th news add a lot to that, minus this point on privacy, imo) BitShares appears to have become the latest force on the road to economic totalitarianism.

I hope something can be done about this - and that there are many others in this community who can see the writing on the wall and also voice their opinions.

In terms of features BitShares is the best there is now, but if you retain nothing else, then please retain this: getting rid of anonymity, saying it doesn't matter, is a grave mistake. We have a right to privacy. We have a right to write anonymously, and to transact anonymously. Whatever we can do to not let this erode away, we should do.

I'm pretty sure we will see mixing services in the future. so if you feel threatened you could just setup a 1 time name, send assets through a mixer (like you can in bitcoin or dash for example) and you're pretty much anon.

so far all that's visible is a nickname attached to x-assets.

As for proxy management, I'm sure people concerned about that already use TAILS with BitShares client.
Title: Re: Privacy (developers click me!)
Post by: karnal on June 10, 2015, 09:36:35 am
Would you trust even $5K to a mixer?

With DASH it's a no-risk operation, just turn on DarkSend. This loss means we get the same risk profile as bitcoin (trust a 3rd party not to run away with our $5k - seems odd, given the (good) emphasis put on decentralization around here), but with potentially more complications, since it probably won't be possible to delete accounts from the wallet.

Put another way, the list of passthrough accounts will never stop growing.
And by introducing mixers, it is possible to pay special attention to accounts which receive funds from mixers; Coinbase for instance has been known to terminate accounts due to that alone.

The mixers themselves would have to register thousands upon thousands of accounts that will only be used once for mixing purposes, littering the blockchain and creating a very simple to analyze pattern too.


As for BTS and transparent proxying, it sure is possible, just don't forget that your traffic fingerprint will immediately stand out due to transparent proxying (the resolve hostname / connect to IP directly generates a very distinct pattern); also, don't forget that Tor is far from being the only usage there is for a proxy.
Title: Re: Privacy (developers click me!)
Post by: fav on June 10, 2015, 09:55:04 am
Would you trust even $5K to a mixer?

no, I'd split it.

btw, why not hire a worker to implement a onchain mixer?
Title: Re: Privacy (developers click me!)
Post by: karnal on June 10, 2015, 11:37:49 am
Would you trust even $5K to a mixer?

no, I'd split it.

btw, why not hire a worker to implement a onchain mixer?

I'd split it too. It would get boring soon though.
And for this to scale in terms of management the accounts in the wallet must be deletable.

I'm not saying it isn't possible (since 0.9 does not seem to allow removing accounts, I already keep >1 wallet in 0.9 by symlinking .BitShares/wallets/default to the wallet I intend to use before starting up the client), I'm saying it ends up being a lot more trouble to maintain than TITAN ever was.

I can understand no TITAN means simplified clients, light wallets, etc, but look.. wasn't somebody already developing an android light wallet? And the online wallet did not use TITAN either (afaik - never really used it myself).

The statement that TITAN made the full client slow appears bogus as well, would it really slow things down if none of your accounts are TITAN?



To sum it up, it seems that we have now made privacy much more difficult and error prone to achieve, plus almost guaranteed to depend on a 3rd party service to get it. But I fully appreciate that I may be missing something here.

What do you think?
Title: Re: Privacy (developers click me!)
Post by: sittingduck on June 10, 2015, 11:51:53 am
Privacy like Bitcoin devs proposed on the same day is possible.  Homomorphic encryption can also be used.   I view it like original iOS with no copy paste.  We either do it right or not at all.   


Sent from my iPhone using Tapatalk
Title: Re: Privacy (developers click me!)
Post by: Stan on June 10, 2015, 02:29:44 pm
Bytemaster has already indicated that true privacy is on his radar. 
When a comprehensive solution is ready for prime time, it will appear in another appropriately foreshadowed surprise announcement.

Title: Re: Privacy (developers click me!)
Post by: jsidhu on June 10, 2015, 02:45:27 pm
I don't think any privacy tech out there today is truly private.. Tor isn't private.. It also slows down blockchain syncing.
Title: Re: Privacy (developers click me!)
Post by: karnal on June 10, 2015, 02:48:16 pm
Bytemaster has already indicated that true privacy is on his radar. 
When a comprehensive solution is ready for prime time, it will appear in another appropriately foreshadowed surprise announcement.

Hi Stan, could you link a source for the BM statement ?

Title: Re: Privacy (developers click me!)
Post by: karnal on June 10, 2015, 02:54:32 pm
I don't think any privacy tech out there today is truly private.. Tor isn't private.. It also slows down blockchain syncing.

We don't have anything better than tor for anon comms.

Plenty of stuff appears to work. Even the NSA can't crack PGP, ZRTP,  and OTR. Look it up on last years' CCC videos (youtube), as one possible source for this.

The fight isn't lost, we have tools that do work! :)

As for slowing down syncing, I regularly get 1MB/s syncing other coins, using Tor. Maybe it could be 2MB/s.. but I'm not greedy. It's fast enough really.

And either way it's not the syncing that's the issue, it's the broadcasting of transactions. It'll betray the fact that you own the funds.
Title: Re: Privacy (developers click me!)
Post by: bytemaster on June 10, 2015, 03:17:27 pm
A privacy solution is in the works the likes of which is inconceivable to the crypto community at present.   That is all I have to say about that.
Title: Re: Privacy (developers click me!)
Post by: karnal on June 10, 2015, 03:25:51 pm
You give me hope, bytemaster.  :)
Title: Re: Privacy (developers click me!)
Post by: oldman on June 10, 2015, 04:29:00 pm
A privacy solution is in the works the likes of which is inconceivable to the crypto community at present.   That is all I have to say about that.

Privacy is freedom, and there is nothing so desperately needed in the world today as financial freedom.

BitShares coupled with absolute, total privacy will be a global revolution.
Title: Re: Privacy (developers click me!)
Post by: ElMato on June 10, 2015, 04:56:24 pm
A privacy solution is in the works the likes of which is inconceivable to the crypto community at present.   That is all I have to say about that.

 +5% +5% +5%
Title: Re: Privacy (developers click me!)
Post by: Akado on June 10, 2015, 05:00:32 pm
A privacy solution is in the works the likes of which is inconceivable to the crypto community at present.   That is all I have to say about that.

That means it is going to be a different method than the one we see in the so self-proclaimed "anon" coins?
Title: Re: Privacy (developers click me!)
Post by: Tuck Fheman on June 10, 2015, 06:09:36 pm
A privacy solution is in the works the likes of which is inconceivable to the crypto community at present.   That is all I have to say about that.

(http://media.giphy.com/media/13py6c5BSnBkic/giphy.gif)
Title: Re: Privacy (developers click me!)
Post by: Tuck Fheman on June 10, 2015, 06:21:09 pm
Bytemaster has already indicated that true privacy is on his radar. 
When a comprehensive solution is ready for prime time, it will appear in another appropriately foreshadowed surprise announcement.

Hi Stan, could you link a source for the BM statement ?

8:53 (https://soundcloud.com/beyond-bitcoin-hangouts/pt1-beyond-bitcoin-ann-of-btsv2-06-09-2015-dev-hangout-s3#t=8:53): bytemaster: We've been talking the past several months about TITAN being phased out. There's a lot of reasons. Peformance and getting rid of false sense of property. Voting was revealing your account. You didn't have direct control of how your identy was leaked out. We decided to stop trying to automate privacy, and instead to give the user direct control. You can still create many accounts and make sure you never transfer funds between your account.

14:34 (https://soundcloud.com/beyond-bitcoin-hangouts/pt1-beyond-bitcoin-ann-of-btsv2-06-09-2015-dev-hangout-s3#t=14:34): Someone could implement a mixing service?

14:49 (https://soundcloud.com/beyond-bitcoin-hangouts/pt1-beyond-bitcoin-ann-of-btsv2-06-09-2015-dev-hangout-s3#t=14:49): bytemaster : Yes. Any solution used with bitcoin could be used here. We haven't given up on privacy. We're not prepared to talk about it at this time.

Title: Re: Privacy (developers click me!)
Post by: karnal on June 10, 2015, 09:21:43 pm
A privacy solution is in the works the likes of which is inconceivable to the crypto community at present.   That is all I have to say about that.

Privacy is freedom, and there is nothing so desperately needed in the world today as financial freedom.

BitShares coupled with absolute, total privacy will be a global revolution.

YES!  +5%
Title: Re: Privacy (developers click me!)
Post by: karnal on June 10, 2015, 09:24:45 pm
Bytemaster has already indicated that true privacy is on his radar. 
When a comprehensive solution is ready for prime time, it will appear in another appropriately foreshadowed surprise announcement.

Hi Stan, could you link a source for the BM statement ?

8:53 (https://soundcloud.com/beyond-bitcoin-hangouts/pt1-beyond-bitcoin-ann-of-btsv2-06-09-2015-dev-hangout-s3#t=8:53): bytemaster: We've been talking the past several months about TITAN being phased out. There's a lot of reasons. Peformance and getting rid of false sense of property. Voting was revealing your account. You didn't have direct control of how your identy was leaked out. We decided to stop trying to automate privacy, and instead to give the user direct control. You can still create many accounts and make sure you never transfer funds between your account.

14:34 (https://soundcloud.com/beyond-bitcoin-hangouts/pt1-beyond-bitcoin-ann-of-btsv2-06-09-2015-dev-hangout-s3#t=14:34): Someone could implement a mixing service?

14:49 (https://soundcloud.com/beyond-bitcoin-hangouts/pt1-beyond-bitcoin-ann-of-btsv2-06-09-2015-dev-hangout-s3#t=14:49): bytemaster : Yes. Any solution used with bitcoin could be used here. We haven't given up on privacy. We're not prepared to talk about it at this time.

Wow, thanks Tuck!! -- you actually went searching for it! Much appreciated  +5% +5% +5% +5% +5%

Guess I should figure out why soundcloud is not working with tor browser :-[