Author Topic: Privacy warning  (Read 4376 times)

0 Members and 1 Guest are viewing this topic.

Offline ByronP

  • Full Member
  • ***
  • Posts: 70
    • View Profile
To answer bitmarlys question about isps seeing the url: In short yes they can.

The dns system is not encrypted so the first thing that is done when trying to establish the tcp connection to the server is to contact a dns server and ask for the information about the host you are trying to connect to. In most cases this dns server that you hit first is controlled by your isp and they can see what host you are looking for. The dns server (won't get into dns authorities as this will get really long) returns the ip address that your machine will actually connect to. So a url of say google.com/?q=dns (transport doesn't matter aka: http, https, ws, wss, ftp, tftp...) is actually 173.194.123.46/?q=dns. Essentially the name of the host in this url is google.com and it is just a friendly mask for the ip address 173.194.123.46.

You can try this yourself by opening a command prompt and typing ping google.com (or any other domain you want).

Offline sittingduck

  • Sr. Member
  • ****
  • Posts: 246
    • View Profile
It is best of what's out there

Offline CoinHoarder

  • Hero Member
  • *****
  • Posts: 660
  • In Cryptocoins I Trust
    • View Profile
How does Bitshares 2.0 privacy compare to other contenders in the "anonymous" crypto space (when the feature is on of course, haha)? Dash, Monero, Etc..
https://www.decentralized.tech/ -> Market Data, Portfolios, Information, Links, Reviews, Forums, Blogs, Etc.
https://www.cryptohun.ch/ -> Tradable Blockchain Asset PvP Card Game

Offline santaclause102

  • Hero Member
  • *****
  • Posts: 2486
    • View Profile
So first create an account with a random account name and then import my keys from my BTS 1 wallet? If I do this does it matter to the purpose of keeping my privacy whether my BTS1 account name from which I exported the keys that I now import is linked to my identity?   
Account names in BTS1 are not linked to the balances/funds you are going to claim.
That is exactly what I needed to to know :)

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
So first create an account with a random account name and then import my keys from my BTS 1 wallet? If I do this does it matter to the purpose of keeping my privacy whether my BTS1 account name from which I exported the keys that I now import is linked to my identity?   
Account names in BTS1 are not linked to the balances/funds you are going to claim.

Offline bitmarley

  • Full Member
  • ***
  • Posts: 135
    • View Profile
Neat. :)
Thanks again.

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
2) .. the ISP only sees a SSL connection .. don't think they can figure out it's a websocket conenction .. and if they could .. they couldn't figure out its to a BitShares node
3-4) the relation of blockchain transactions and IP addresses can be shadowed by SSL or other techniques .. I wouldn't think anyone capable of intercepting your IP data can figure out what you are doing

Offline bitmarley

  • Full Member
  • ***
  • Posts: 135
    • View Profile
Thanks for your answers.


1) wss indicates web socket over SSL, so: yes

Great.

2) no

But aren't the first part of secure URLS i.e. wss://bitshares.openleddger.info sent to the ISP in plaintext to establish the connection?

3) of course! of account information including transsactions and balances are
   publicly readble from the blockchain. To prevent that you can use stealth
   transfers (see @cass's link above)

But could anyone log my IP address against the account balances I request and the transactions I send?

4) even if the connection was unencrypted .. all that is send is either public
   knowledge from the blockchain, or simply a already signed transaction.
   Nothing else

But for privacy one doesn't want their IP address connected to those public entries.....right?

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
Also important privacy questions about new Graphene client:

1) Is any part of the connection encrypted?
2) Does my ISP know I am using the light client?
3) Is the account identity exposed to recover balances? send transactions?
4) What is sent in plain text over the connection?

Thanks.

1) wss indicates web socket over SSL, so: yes
2) no
3) of course! of account information including transsactions and balances are
   publicly readble from the blockchain. To prevent that you can use stealth
   transfers (see @cass's link above)
4) even if the connection was unencrypted .. all that is send is either public
   knowledge from the blockchain, or simply a already signed transaction.
   Nothing else

Offline cass

  • Hero Member
  • *****
  • Posts: 4311
  • /(┬.┬)\
    • View Profile
█║▌║║█  - - -  The quieter you become, the more you are able to hear  - - -  █║▌║║█

Offline Method-X

  • Hero Member
  • *****
  • Posts: 1131
  • VIRAL
    • View Profile
    • Learn to code
  • BitShares: methodx
How are stealth transfers in BTS2 done? Is there a thread explaining it?

Offline bitmarley

  • Full Member
  • ***
  • Posts: 135
    • View Profile
Also important privacy questions about new Graphene client:

1) Is any part of the connection encrypted?
2) Does my ISP know I am using the light client?
3) Is the account identity exposed to recover balances? send transactions?
4) What is sent in plain text over the connection?

Thanks.

Offline santaclause102

  • Hero Member
  • *****
  • Posts: 2486
    • View Profile
So first create an account with a random account name and then import my keys from my BTS 1 wallet? If I do this does it matter to the purpose of keeping my privacy whether my BTS1 account name from which I exported the keys that I now import is linked to my identity?   

Offline sittingduck

  • Sr. Member
  • ****
  • Posts: 246
    • View Profile
Don't import to an account linked to you

Offline santaclause102

  • Hero Member
  • *****
  • Posts: 2486
    • View Profile
In case you didn't know, privacy is currently OFF by default in Graphene. If someone knows your account name, they can see all your balances and activity, unless you are using Confidential Transactions (not yet available in the GUI).

Simply hit Explorer, then Accounts, and you get this page: https://bitshares.openledger.info/#/explorer/accounts. Then you can search anyone's account by name. For example, here's Fav's account, one of our favorite forum regulars: https://bitshares.openledger.info/#/account/fav

If you value your privacy, act accordingly, perhaps by using an account name that isn't easily associated with your identity.

Have fun!
Is it correct that no one can see anyone's balance unless funds are transferred without the stealth mode? And then (no stealth mode used with transfer) only the amount tansfered is visible and to who it was sent?

And is is at all possible to keep your privacy when you import your keys / funds from Bitshares 0.9.3...? If it is possible what do I have to do in order to keep my privacy?
« Last Edit: October 16, 2015, 11:51:17 am by delulo »

Offline karnal

  • Hero Member
  • *****
  • Posts: 1068
    • View Profile
Stealth transfers are still possible via the CLI wallet, but not via the GUI.

Is there documentation concerning how to perform stealth transactions from the cli?

Any plans to implement GUI support for them?

Am I correct to assume that only transfers between accounts are shielded by this mechanism, and other things like placing market orders can be traced back ?

Offline bytemaster

Stealth transfers are still possible via the CLI wallet, but not via the GUI.

For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline speedy

  • Hero Member
  • *****
  • Posts: 1160
    • View Profile
  • BitShares: speedy
Thanks for bringing this up.

Does this apply to the old account type that used stealth addresses in BTS 0.9x ?

Are stealth address account types still supported?

Offline Chronos

In case you didn't know, privacy is currently OFF by default in Graphene. If someone knows your account name, they can see all your balances and activity, unless you are using Confidential Transactions (not yet available in the GUI).

Simply hit Explorer, then Accounts, and you get this page: https://bitshares.openledger.info/#/explorer/accounts. Then you can search anyone's account by name. For example, here's Fav's account, one of our favorite forum regulars: https://bitshares.openledger.info/#/account/fav

If you value your privacy, act accordingly, perhaps by using an account name that isn't easily associated with your identity.

Have fun!