Author Topic: Bitshares 2.0 - Best practice to ensure security / half privacy when migrating  (Read 2404 times)

0 Members and 1 Guest are viewing this topic.

Offline arhag

  • Hero Member
  • *****
  • Posts: 1214
    • View Profile
    • My posts on Steem
  • BitShares: arhag
  • GitHub: arhag
My recommendation:

1) create a new account (not necessarily registered)
2) dump the owner_key via wallet_dump_account_private_key <account name> "owner_key"
3) create a new address for it via wallet_address_create <accountname>
4) dump address private key via wallet_dump_private_key <address>
5) move some funds to that address
6) repeat 3 and 5 for the rest of your funds

Do you know if sending funds to an address like that is indistinguishable at the blockchain level from sending funds from a registered TITAN account to another registered TITAN account? Otherwise, one couldn't plausibly argue they are just sending funds "normally" to other people rather than distributing their own funds to addresses they control, thus compromising the entire point of the exercise. Of course that assumes people actually believe that you would even be sending such a huge fraction of your total balance to other people in exchange for goods and services over a period of a couple months even though such behavior was totally unusual for that balance in the prior months before the BitShares 2.0 announcement. In other words, privacy on a blockchain is really hard.

Edit:
I think the better solution would be to register many randomly named accounts using the faucet. Then move some large fraction to a centralized exchange (although you are exposed to counterparty risk during this time) and over a period of a couple weeks distribute a randomly valued (but still rounded close to a nice number) amount of the stake on the centralized exchange to one of the randomly named accounts registered less than a couple days ago. Then at randomly spaced intervals (not too long so that you can fit all of them in the few weeks you will do this process) repeat with another amount with a new randomly named account registered at the faucet. Perhaps the next month you then repeat again with another bulk transfer to a centralized exchange from your main BitShares account (you may avoid doing that all at once initially, despite the better privacy, for the sake of reducing counterparty risk) and repeat again with a new set of randomly named accounts until you are left with some amount on the centralized exchange that is less than some threshold (say less than 1000 BTS for example) which you would just leave on that exchange (or convert into some other asset over a period of at least a week through the exchange before withdrawing).

The hope is that at the blockchain level it appears as if you sold most of your stake (perhaps in opposition to the privacy changes with BitShares 2.0) and other new people bought that stake from centralized exchanges and joined the BitShares community. Of course, since they are random names we probably know it is just an existing member redistributing their funds. But that shouldn't matter as long as other community members are more or less following the same procedure during this same period. Then it becomes very difficult if not impossible to distinguish which subset of these randomly named accounts belong to which original BitShares named account. Finally, although the centralized exchanges will be able to track the association between these accounts, at least it won't be publicly available to the world and hopefully the exchanges will have no desire to exploit that knowledge.

Once again, privacy on a blockchain is ridiculously hard and it is not clear whether the above is worth the effort. Especially when you consider you can easily screw up after the migration and link your accounts together (say through voting patterns). Confidential transactions (optionally along with CoinJoin) would really help us here, and I can't wait to see what privacy solutions bytemaster and crew are coming up with for the future. Actually, confidential transactions (while useful in increasing privacy by hiding balances of stored BitAssets) would likely be a problem for BTS stake because of voting. I don't see how it would be possible to aggregate votes without exposing the plain-text value of BTS stake to the public. Perhaps BitBTS (separating out BTS value from BTS voting power) could help here.
« Last Edit: June 11, 2015, 03:11:51 am by arhag »

Offline betax

  • Hero Member
  • *****
  • Posts: 808
    • View Profile
My recommendation:

1) create a new account (not necessarily registered)
2) dump the owner_key via wallet_dump_account_private_key <account name> "owner_key"
3) create a new address for it via wallet_address_create <accountname>
4) dump address private key via wallet_dump_private_key <address>
5) move some funds to that address
6) repeat 3 and 5 for the rest of your funds

step 1) and 2) allow for recovery of the private keys used in 5) as a "fail safe" ..

in BitShares 2.0 you can simply import fractions of your funds to your new account ..

Thanks Xeroc, maybe we could sticky this as a formal recommendation.
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline karnal

  • Hero Member
  • *****
  • Posts: 1068
    • View Profile
It was just an example. There is the case though of that guy robbed at gunpoint in (I think NYC) last week.

Personally I know 2-3 separate people who cashed out (hundreds of thousands) of $fiat and bought gold as they were convinced shit would hit the fan some years ago, and they all independently got robbed of their gold, which was stored in their big residences.

Some spoke too much (if you have half a mil in gold stored in a vault at home, you should probably keep quiet about it), some trusted too many people with the info .. in the end it came back to bit them.

I don't think it's being paranoid that you choose not to post on facebook that you will be on bank A branch B day C time D to withdraw $10000 which you intend to store under the mattress as you no longer trust the bank (and if you think this is the stuff of conspiracy, I suggest some reading on recent events in Greece, Cyprus and elsewhere). I use the example of facebook as it is a public space, so I think it's not unfair to compare it to BTS 2.0 in that aspect.

Now I can imagine that maybe you live in a very nice place full of people who are very well off, otherwise I cannot see how you cannot see that advertising such things for everyone to see is bound to cause trouble.

If you doubt this then may I suggest you get the most expensive watch, suit, pair of shoes and sunglasses you can don, pack a briefcase with $10K, and happily walk around in a poor neighborhood.

May I suggest the Favelas in Rio if you are unsure where to conduct this experiment.


And on the interest of the financial/personal transparency you say you support, may I request that you post the following here:

- Your full name, registered address, government id#, social security # and country of birth.
- All of your bank accounts IBAN, plus read-only access to any and all online banking/brokerage accounts you possess.
- Your monthly salary, plus, if you keep such records, a detailed listing of your expenses.
- The estimated value of all your crypto currency/assets in USD.

You're going a little overboard here, financial transparency is not the same thing as giving away all your personal identification information. I'm for transparency but I'm not stupid. Some of the info you ask for is already available though, my identity is public on github, and my salary is (starting wednesday next week) my delegate pay. As an example of real-life financial transparency: in Norway everyone's tax statements, which include their net worth, are publicly available on the internet. Does this mean every rich person walks around with a body-guard worried that thugs will force them to hand over their money? No, it does not..

Your friends were stupid about their gold, storing expensive stuff in an expensive house makes you an easy target as houses get robbed all the time, and people also get forced to withdraw money from ATMs for example quite regularly.

Your facebook example also has no relevance imo, it's quite normal not to post that kind of information, nor does BTS or Bitcoin make that kind of information available.

Even under BTS 2.0, like with Bitcoin, you do not need to openly link your identity to an account, but in the end even if you do it's not much different from what already happens in the real world: we generally know who's rich or not, criminals do not need to be able to read your bank statement to know whether you make an interesting target or not.

If you prefer being cautious/anonymous, then take some precautions, use best practices, don't trade on centralized exchanges and don't tie your identity to an account etc.

Well, think about it, if you think fiat will fail spectacularly, then odds are you don't trust the bank to hold your gold either. History shows us that in all likelyhood it would be confiscated anyway.

They were stupid not because they hid the gold in their home, but because they spoke too much about it. Someone ratted out and probably got a nice commission out of it..

That's nice about Norway, one of the richest countries in the world where the big mama government caters to mostly everyone in case they happen to not be very well off. Try something like that in Brazil for instance... I doubt it would go so smoothly.

The Facebook example was an allusion to the fact that it is not paranoid behavior but merely caution to not be too upfront about ones' private financial life.

As for knowing who's rich/well-off or not, I respectfully disagree; Plenty of well-off people live well below their means, I've learned; many I know you would mistake for a nobody if you saw them on the street.

There is beauty to that (I'm pretty well off vs the average in this country myself).
Beauty that would not be possible should full-scale personal financial transparency come about.
I thouroughly enjoy being left alone to my own devices, living in an unassuming way for the most part. No one has any clue of how well I am, and that suits me very well. When I was younger and spoke about such things, it generated a sort of attention that I found unwelcome. Not to mention considerable envy, too, which was never my goal.

I'm sure this will be different in a place where mostly everyone is well off. But realize it isn't so everywhere.


I will use best practices and I will be cautious, as I always have been, it's just that we did have a solution that did work with the proper precautions, and it was extirpated with little warning; It'll make conducting private affairs in BTS harder in the future, and my point is that this is unecessary.


I'm looking forward to what Stan/BM may have to add here given his statement in the other privacy thread minutes ago.

Offline svk

It was just an example. There is the case though of that guy robbed at gunpoint in (I think NYC) last week.

Personally I know 2-3 separate people who cashed out (hundreds of thousands) of $fiat and bought gold as they were convinced shit would hit the fan some years ago, and they all independently got robbed of their gold, which was stored in their big residences.

Some spoke too much (if you have half a mil in gold stored in a vault at home, you should probably keep quiet about it), some trusted too many people with the info .. in the end it came back to bit them.

I don't think it's being paranoid that you choose not to post on facebook that you will be on bank A branch B day C time D to withdraw $10000 which you intend to store under the mattress as you no longer trust the bank (and if you think this is the stuff of conspiracy, I suggest some reading on recent events in Greece, Cyprus and elsewhere). I use the example of facebook as it is a public space, so I think it's not unfair to compare it to BTS 2.0 in that aspect.

Now I can imagine that maybe you live in a very nice place full of people who are very well off, otherwise I cannot see how you cannot see that advertising such things for everyone to see is bound to cause trouble.

If you doubt this then may I suggest you get the most expensive watch, suit, pair of shoes and sunglasses you can don, pack a briefcase with $10K, and happily walk around in a poor neighborhood.

May I suggest the Favelas in Rio if you are unsure where to conduct this experiment.


And on the interest of the financial/personal transparency you say you support, may I request that you post the following here:

- Your full name, registered address, government id#, social security # and country of birth.
- All of your bank accounts IBAN, plus read-only access to any and all online banking/brokerage accounts you possess.
- Your monthly salary, plus, if you keep such records, a detailed listing of your expenses.
- The estimated value of all your crypto currency/assets in USD.

You're going a little overboard here, financial transparency is not the same thing as giving away all your personal identification information. I'm for transparency but I'm not stupid. Some of the info you ask for is already available though, my identity is public on github, and my salary is (starting wednesday next week) my delegate pay. As an example of real-life financial transparency: in Norway everyone's tax statements, which include their net worth, are publicly available on the internet. Does this mean every rich person walks around with a body-guard worried that thugs will force them to hand over their money? No, it does not..

Your friends were stupid about their gold, storing expensive stuff in an expensive house makes you an easy target as houses get robbed all the time, and people also get forced to withdraw money from ATMs for example quite regularly.

Your facebook example also has no relevance imo, it's quite normal not to post that kind of information, nor does BTS or Bitcoin make that kind of information available.

Even under BTS 2.0, like with Bitcoin, you do not need to openly link your identity to an account, but in the end even if you do it's not much different from what already happens in the real world: we generally know who's rich or not, criminals do not need to be able to read your bank statement to know whether you make an interesting target or not.

If you prefer being cautious/anonymous, then take some precautions, use best practices, don't trade on centralized exchanges and don't tie your identity to an account etc.

Worker: dev.bitsharesblocks

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
My recommendation:

1) create a new account (not necessarily registered)
2) dump the owner_key via wallet_dump_account_private_key <account name> "owner_key"
3) create a new address for it via wallet_address_create <accountname>
4) dump address private key via wallet_dump_private_key <address>
5) move some funds to that address
6) repeat 3 and 5 for the rest of your funds

step 1) and 2) allow for recovery of the private keys used in 5) as a "fail safe" ..

in BitShares 2.0 you can simply import fractions of your funds to your new account ..

Offline betax

  • Hero Member
  • *****
  • Posts: 808
    • View Profile
Exactly this is why I want to know what are the best practices for this before migration. I don't mind having 10+ random accounts if they are not easily linked to one. Obviously I am not in any way a thieve target as I don't hold much, but nevertheless better safe than sorry. I am still on loss here, so I don't have any tax issues.

I don't mind the transparency, and I am all for it. But as it was mentioned it is about security.
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline karnal

  • Hero Member
  • *****
  • Posts: 1068
    • View Profile
It was just an example. There is the case though of that guy robbed at gunpoint in (I think NYC) last week.

Personally I know 2-3 separate people who cashed out (hundreds of thousands) of $fiat and bought gold as they were convinced shit would hit the fan some years ago, and they all independently got robbed of their gold, which was stored in their big residences.

Some spoke too much (if you have half a mil in gold stored in a vault at home, you should probably keep quiet about it), some trusted too many people with the info .. in the end it came back to bit them.

I don't think it's being paranoid that you choose not to post on facebook that you will be on bank A branch B day C time D to withdraw $10000 which you intend to store under the mattress as you no longer trust the bank (and if you think this is the stuff of conspiracy, I suggest some reading on recent events in Greece, Cyprus and elsewhere). I use the example of facebook as it is a public space, so I think it's not unfair to compare it to BTS 2.0 in that aspect.

Now I can imagine that maybe you live in a very nice place full of people who are very well off, otherwise I cannot see how you cannot see that advertising such things for everyone to see is bound to cause trouble.

If you doubt this then may I suggest you get the most expensive watch, suit, pair of shoes and sunglasses you can don, pack a briefcase with $10K, and happily walk around in a poor neighborhood.

May I suggest the Favelas in Rio if you are unsure where to conduct this experiment.


And on the interest of the financial/personal transparency you say you support, may I request that you post the following here:

- Your full name, registered address, government id#, social security # and country of birth.
- All of your bank accounts IBAN, plus read-only access to any and all online banking/brokerage accounts you possess.
- Your monthly salary, plus, if you keep such records, a detailed listing of your expenses.
- The estimated value of all your crypto currency/assets in USD.
« Last Edit: June 10, 2015, 11:41:02 am by karnal »

Offline svk

While your scenario of thugs forcing you to hand over your money is scary, I think we need to look at this realistically. There are plenty of people in the world who are rich and are known to have lots of money in the bank, whether you can inspect their accounts or not, and they do not live in constant fear of someone forcing them to hand it over at gunpoint.

Even in the Bitcoin community we have lots of people who have publicly known identities that are Bitcoin millionaires, the Winklevoss twins for example, Wences Casares or Roger Ver. None of those people have so far lost their Bitcoin to thugs breaking their arms (although someone did attempt to extort Ver but failed). So while I appreciate your case for privacy, most people are not as careful (or paranoid ? ;) ) as you are, and won't require that amount of privacy.

I also think transparency in finance, be it personal, business, government, is the way to go, so I welcome the loss of TITAN.

Worker: dev.bitsharesblocks

Offline karnal

  • Hero Member
  • *****
  • Posts: 1068
    • View Profile
I find it very hard imagining maintaining privacy without TITAN, as made clear in the linked thread.

Whereas with TITAN (if you did it right) it was possible to obfuscate the trail, without it the trail is self-evident;

Who do you reckon these hypothetical 10 accounts which always seem to receive funds when you withdraw from the exchange belong to?
It is all in the clear, anyone will be able to say if the destination account belongs to an exchange, a casino, a certain merchant, etc.

Your competitors can see how much your company is making, where you spend it, and exactly when.
Your friendly neighbors can tell you have $50K sitting in your house (effectively, that's what it is). The IRS will be most pleased too, regardless of whether there is a crypto tax in your country or not. You will be scrutinized.

Say bitshares goes moon on us and you made $10 mil (there are worse problems to have :) ) .. thus making you a huge target for thieves who KNOW you are in possession of this money (you only have to slip up once to link all your accounts, and anyway the exchange already knows who you are - do you trust ALL their employees?).

Think crypto will save you? Lets see that holding up vs thieves who will have no issue torturing and kidnapping you until you input that password.
'I forgot the passphrase for my $10mil! Word, bros!' is not going to fly here.

Visualize it. Do you think you'll fool anyone by sending the $10m to 10, 20, or 30 accounts where chunks of $50K-$100K sit idly forever?
« Last Edit: June 10, 2015, 09:01:08 am by karnal »

Offline betax

  • Hero Member
  • *****
  • Posts: 808
    • View Profile
Many thanks for this, those are fantastic points for either 2.0 or 0.9xx. (apart from TITAN obviously..)

My question was also related on how to setup the accounts for best security when migrating towards 2.0. (I have rephrased the subject now) hence the thoughts on random naming.
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline karnal

  • Hero Member
  • *****
  • Posts: 1068
    • View Profile
What is the best way to ensure some type of security / half privacy before 2.0.

I am not obviously in the richest list, more like in the poor / fanboy list but nevertheless I do not want to appear in any list with all my balances.

My thoughts are the following:

1. Have a main account with lifetime membership to reduce fees (or more than one if associated others with businesses).
2. Have other accounts (as opposed to 1 cold storage) and have random amounts distributed across them, the accounts will be named randomly.
3. If I need to spend / sell pull out from one of the accounts to main account.
4. If I am buying (not much) use main account.
5. If I become rich (some miracle) step 2 again.

Please improve it, as this is rather simple.

Before 2.0 I would say:

- Transparently proxy your BitShares, it does not matter how many accounts you have if your IP is broadcasting transactions in the clear. Depending on who you are trying to defend against, not doing this could immediately spell failure.

- Register your accounts as TITAN, then over the course of days/weeks:
 - Slowly resend funds to your own account and then spread it around the other accounts with the same technique.
 - Keep in mind that sending from your non-TITAN account (presumably where you have the funds now) to a TITAN account will create a link between them.
 - Same goes for the .5 BTS registration fee. I *believe* there will be no discernible trail if you register a TITAN account *from* a TITAN account, however.
- Every now and then resend funds from the accounts to themselves, using different amounts each time. Make it look like normal transfers.

- I'd skip the random names, in the event you botch up and someone is trying to follow your footsteps, regularly sending funds to 10 accounts with random (e.g: xjdgFjdgf) names will stand out like a sore thumb.


Either way, all of this seems to be set to become a moot point soon; see https://bitsharestalk.org/index.php/topic,16823.0.html


Offline betax

  • Hero Member
  • *****
  • Posts: 808
    • View Profile
What is the best way to ensure some type of security / half privacy before 2.0. to ensure a good setup before migration.

I am not obviously in the richest list, more like in the poor / fanboy list but nevertheless I do not want to appear in any list with all my balances.

My thoughts are the following:

1. Have a main account with lifetime membership to reduce fees (or more than one if associated others with businesses).
2. Have other accounts (as opposed to 1 cold storage) and have random amounts distributed across them, the accounts will be named randomly.
3. If I need to spend / sell pull out from one of the accounts to main account.
4. If I am buying (not much) use main account.
5. If I become rich (some miracle) step 2 again.

Please improve it, as this is rather simple.
« Last Edit: June 10, 2015, 08:26:10 am by betax »
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads