BitShares Forum

Main => Technical Support => Topic started by: retainer on April 24, 2016, 05:04:16 pm

Title: How trustless (and private) is using BitShares 2 light + an Openledger API?
Post by: retainer on April 24, 2016, 05:04:16 pm
I had some questions to which answers were difficult to find. I want to understand the trustlessness and privacy aspect of using BitShares through the combo of the BitShares 2 light client and Openledger.info as the API provider (or any other site that hosts such an API). I'd be thankful for any input on these matters.

1. Regarding the above use environment, which of these are known (even if just minimally, but to the extent of being able to identify users) to API provider site?
- wallet name
- account name
- transactions
- addresses
- account password
- private keys
- brainkey

2. Focusing on the brainkey: even if you answer that it never leaves the client, how much do you rely on this assumption? For example, if you used a custom mnemonic which is also used with a well-financed Bitcoin HD wallet (but your end-user security is very high, your only worry is the client communicating with the site API, and the mnemonic has a high entropy), would you feel safe?

3. Same thing as question 2, only for the account password. How well-guarded is this by the client from the API?

4. Is there any identifying information - apart from the IP address, (I'm just guessing here) the BTS addresses, transactions and the account name - which can be used by the API provider to identify the user? Like some cookie-like things, client fingerprint / user agent, wallet ID, anything?

Thank you a lot.
Title: Re: How trustless (and private) is using BitShares 2 light + an Openledger API?
Post by: xeroc on April 25, 2016, 07:03:18 am
1.
- wallet name is local meta information only and won't be transferred anywhere
- Private keys and brain key never leave the browser!
- account password is a local thing and is never transferred either.
- the set of accounts in your wallet however is a different thing as their balances and details are requested from the API server at the same time.

That said, your funds are secure but your privacy (with respect to linking several accounts) is compromised by the API connection. If you want to have more privacy, you can always run your own
full node:
http://docs.bitshares.eu/bitshares/tutorials/full-node-usage.html

2. Brain keys and private keys are only used to sign a transaction and unless you have loaded a hacked version of the html/js code (which shouldn't happen because of SSL) then you can safely assume that the keys don't leave the browser, or (even better) you can read the code and check for your self or pay someone to do so in an audit.
As usual in crypto currencies, the developers of the frontend cannot ensure the safety of the device using it. If your computer is compromised and you use BitShares, then your account will probably be compromised as well.

3. The account password is only used to encrypt the private keys locally. As long as the wallet is locked, the keys are not in plain text. Encryption is AES256 IIRC

4. Afaik there is a simple self-hosted tracking widget in OpenLedger to get some numbers about the countries from which people are using it but I haven't looked into it much.

Most important thing for frontend developers reading this is: There is no external Javascript being loaded in BitShares for security reasons!
Title: Re: How trustless (and private) is using BitShares 2 light + an Openledger API?
Post by: rnglab on April 25, 2016, 08:42:16 am
This is a great for a short FAQ.

Quote
I had some questions to which answers were difficult to find. I want to understand the trustlessness and privacy aspect of using BitShares through the combo of the BitShares 2 light client and Openledger.info as the API provider (or any other site that hosts such an API). I'd be thankful for any input on these matters.

It is just trustless. You are always the only one in control of your private keys/accounts.  OpenLedger and all service providers runs just another full node on the network and APIs interacts directly with the blockchain.  They also run a delayed full node that ensures user transactions never goes into a fork.

Regarding trust, as far as I know it's the same as running your own full node and API then using the Light client or web wallets option to add any node and connect through it.

Same happens with web interfaces like openledger,  maker dao, bitcash and every service running over the blockchain, into the DEx (decentralized exchange), web wallets just interacts with their own or any user specified  full node

Regarding privacy, accounts and their operations are all open in the blockchain. It's the same as for bitcoin,  or web browsing, is up to you to make your connections private.
Also, Stealth transfers/Blind accounts/Private mode seems to be pretty close. There's even a recent Stealth light client release for beta testing (had no time to follow this feature  last weeks though, updates are appreciated)

/*
There's still something to remark about hosted wallets. One of their benefits (plus all the ones they can choose to bring to users, and that's a lot), is being able to access your  accounts from everywhere while still being the only one in control of keys.

But there's still a little trade off that's being worked on: private keys resides only on your browser's cache until you make a backup. Web wallet users should backup their keys just after creating an account in case they miss access to that computer, or if cache is cleaned, before a backup is done. Please correct mi if I'm missing something here.

 Peermit is working on a promising 2FA implementation for example. You can have  2FA providers who you only need to trust  the funds (active keys) you want to, without compromising the ownership of your account (owner keys). A mail confirmation could be enough to approve a transaction from any device without messing with keys, wallet backups or seed brain keys. You could fund that account from the funds in your secure light wallet).

Also remember to lock your account when you leave a public machine, and if your want to ensure privacy over your accounts clean browser cache, as password only prevents operations (remember you are not logged in anywhere really,  you just bring your encrypted keys to talk with the blockchain through the interface.
*/


Quote
1. Regarding the above use environment, which of these are known (even if just minimally, but to the extent of being able to identify users) to API provider site?
- wallet name   #I guess wallets works is client side only, clarification would be great.
- account name # yes, they are public
- transactions # they are also public
- addresses # yes just public addesses
- account password # client side
- private keys # client side
- brainkey # client side

2 - Don't know about seed brain key entropy. Regarding devices and connections,  it;'s not bad to assume that your device or even SSL can be flawed. For big stake always use your most secure device (or even an offline one with xeroc new script to sign offline).

3 - If you keep using open source reviewed clients or or web wallets that should not be a problem.

4 - Don't think so for just an API provider. Web wallets requires some renown/trust in this regard.
Title: Re: How trustless (and private) is using BitShares 2 light + an Openledger API?
Post by: rnglab on April 25, 2016, 08:48:37 am
hey @xeroc, great answers. I started writing before you posted so I read it after posting myself .

Could you review my answers when you can? We can complement the simplest answers to let  all this very clear finally.

Edit: by the way I think those where the most important questions to clarify at this stage,  misconceptions here could be the first barrier to get inside. Many people don't even know what trustless means in this cases. I think we can't expect them to belive/understand by themselves how full nodes and wallets are just clean interfaces to the blockchain.

I hope some steem can help here.
Title: Re: How trustless (and private) is using BitShares 2 light + an Openledger API?
Post by: xeroc on April 25, 2016, 09:03:46 am
hey xeroc, I started writing before you posted . Could you review my answers when you can? We can complement good answers to make all this very clear.
looks great!

As for brain key entropy: The entropy of brain keys is exactly 256 bit .. so the same as private keys.

Side remark: Considering Security, BitShares has a slight advantage over most satoshi/bitcoin based blockchains because it does NOT use addresses but only public keys.
Since addresses are only 150bits, there are multiple (2^(256-150)) public keys that theoretically derive to the same address and if you never spend from your bitcoin address, they all could do so.
Because BitShares does NOT use addresses but the full length public key, you could consider it slightly more secure. Cheers
Title: Re: How trustless (and private) is using BitShares 2 light + an Openledger API?
Post by: rnglab on April 25, 2016, 09:17:39 am
hey xeroc, I started writing before you posted . Could you review my answers when you can? We can complement good answers to make all this very clear.
looks great!

As for brain key entropy: The entropy of brain keys is exactly 256 bit .. so the same as private keys.

Side remark: Considering Security, BitShares has a slight advantage over most satoshi/bitcoin based blockchains because it does NOT use addresses but only public keys.
Since addresses are only 150bits, there are multiple (2^(256-150)) public keys that theoretically derive to the same address and if you never spend from your bitcoin address, they all could do so.
Because BitShares does NOT use addresses but the full length public key, you could consider it slightly more secure. Cheers

Thanks for the clarification! Cheers
Title: Re: How trustless (and private) is using BitShares 2 light + an Openledger API?
Post by: Stan on April 25, 2016, 12:45:42 pm
This is the most useful thread I've seen in quite a while.
I learned stuff.

Thanks, Guys.