Re: [Bitcoin-development] Criminal complaints against "network disruption as a service" startups
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Shizzle's opinion, it would seem, is highly important. I'm done here. Thy Shizzle: > Oh so you're talking about the criminality of one single entity? So > having a quick look, it seems that the issue is they are collecting > IPs and that kind of thing as well? So similar to what > http://getaddr.bitnodes.io is doing but without the funding from > the bitcoin foundation? If you are worried about your IP getting > out you're behind a VPN. They can only collect the information made > available to them. Botnets etc are completely different because you > are forcing control over something you have no right to do. If > companies want to sit there and collect publicly available > information that you are voluntarily making available to them, why > do you care? I can't see how it could be at all criminal. > Remembering that most privacy laws relate to information that YOU > PROVIDE to an entity during an agreement for service, payment, etc. > You are providing this information publicly and they are collecting > it from the public domain, not you giving it to them in an > agreement, therefore the usual provisions of privacy etc don't > apply. If you connect to their scraper node, of course they can log > that. How could it possibly be criminal? > From: > odinn<mailto:odinn.cyberguerri...@riseup.net> Sent: 23/03/2015 > 4:50 PM To: Thy Shizzle<mailto:thyshiz...@outlook.com> Cc: > bitcoin-development@lists.sourceforge.net<mailto:bitcoin-development@lists.sourceforge.net> > > Subject: Re: [Bitcoin-development] Criminal complaints against "network disruption as a service" startups > > Back to what is Chainalysis and country of their origin, so > criminal complaints against them would likely relate to violation > of Swiss laws, as is described here: > https://bitcointalk.org/index.php?topic=978088.msg10774882#msg10774882 > > It is fairly obvious that Chainalysis is not merely doing what > blockchain.info etc. is. Let's not delude ourselves here. > > As stated, it would be advisable for such a firm to cease > operations, and it would seem that plenty of polite shots over the > bow have been given to Chainalysis, which should now fold up its > operation, pack its bags, and go back to its hole before trying to > serve its masters again in another way. Etc. > > Corporations similar to Chainalysis which are domiciled in other > countries which conduct collection of information in ways that > violate countries' laws (there are many countries and each have > their own ways of interpreting user privacy and what constitutes > permissible breach and in what circumstances) can indeed be held to > legal standards that may result in minimal or severe legal > penalties. It is true that analyzing information that is publicly > available, such as that which is in a library, is not illegal. But > the act of surveillance is. (Then there is the question of what > sort of surveillance, targeted or general, and whether it is > limited to the bitcoin network or if it moves beyond that to > attempts to correlate with usernames, IDs, IPs, and other > information available on fora and apparent from services, but I > won't get into that here.) Even if you argue that the manner in > which you are performing your actions is not actually > "surveillance," or you argue that it is "legally permissible," > someone else will certainly come along and make a reasonable > argument that you are indeed engaging in illegal surveillance. > They may even suggest to a judge that you are in the process of > constructing a botnet and demand that your domains be seized, and > may successfully obtain an ex parte temporary restraining order > (TRO) against Chainalysis and similar corporations to have > domain(s) seized. Any and all arguments may be added in here, > there are 196 countries in the world today - each with their own > unique laws - (maybe less by the time you read this) and a shit-ton > of possible legal arguments that can be made by creative minds that > might want to sue you if you have been surveilling people, each > different depending on where your surveillance corporation is > domiciled. There are plenty of legal processes available for > people to do exactly that. You are indeed subject to having that > happen to you if you continue to surveill the network even if you > are doing so on behalf of the state for the purpose of gathering > information for a state's compliance initiative. > > So, don't delude yourself, and be happy if all that happens is > your little surveillance initiative has to close its doors (or get
Re: [Bitcoin-development] Criminal complaints against "network disruption as a service" startups
Oh so you're talking about the criminality of one single entity? So having a quick look, it seems that the issue is they are collecting IPs and that kind of thing as well? So similar to what http://getaddr.bitnodes.io is doing but without the funding from the bitcoin foundation? If you are worried about your IP getting out you're behind a VPN. They can only collect the information made available to them. Botnets etc are completely different because you are forcing control over something you have no right to do. If companies want to sit there and collect publicly available information that you are voluntarily making available to them, why do you care? I can't see how it could be at all criminal. Remembering that most privacy laws relate to information that YOU PROVIDE to an entity during an agreement for service, payment, etc. You are providing this information publicly and they are collecting it from the public domain, not you giving it to them in an agreement, therefore the usual provisions of privacy etc don't apply. If you connect to their scraper node, of course they can log that. How could it possibly be criminal? From: odinn<mailto:odinn.cyberguerri...@riseup.net> Sent: 23/03/2015 4:50 PM To: Thy Shizzle<mailto:thyshiz...@outlook.com> Cc: bitcoin-development@lists.sourceforge.net<mailto:bitcoin-development@lists.sourceforge.net> Subject: Re: [Bitcoin-development] Criminal complaints against "network disruption as a service" startups -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Back to what is Chainalysis and country of their origin, so criminal complaints against them would likely relate to violation of Swiss laws, as is described here: https://bitcointalk.org/index.php?topic=978088.msg10774882#msg10774882 It is fairly obvious that Chainalysis is not merely doing what blockchain.info etc. is. Let's not delude ourselves here. As stated, it would be advisable for such a firm to cease operations, and it would seem that plenty of polite shots over the bow have been given to Chainalysis, which should now fold up its operation, pack its bags, and go back to its hole before trying to serve its masters again in another way. Etc. Corporations similar to Chainalysis which are domiciled in other countries which conduct collection of information in ways that violate countries' laws (there are many countries and each have their own ways of interpreting user privacy and what constitutes permissible breach and in what circumstances) can indeed be held to legal standards that may result in minimal or severe legal penalties. It is true that analyzing information that is publicly available, such as that which is in a library, is not illegal. But the act of surveillance is. (Then there is the question of what sort of surveillance, targeted or general, and whether it is limited to the bitcoin network or if it moves beyond that to attempts to correlate with usernames, IDs, IPs, and other information available on fora and apparent from services, but I won't get into that here.) Even if you argue that the manner in which you are performing your actions is not actually "surveillance," or you argue that it is "legally permissible," someone else will certainly come along and make a reasonable argument that you are indeed engaging in illegal surveillance. They may even suggest to a judge that you are in the process of constructing a botnet and demand that your domains be seized, and may successfully obtain an ex parte temporary restraining order (TRO) against Chainalysis and similar corporations to have domain(s) seized. Any and all arguments may be added in here, there are 196 countries in the world today - each with their own unique laws - (maybe less by the time you read this) and a shit-ton of possible legal arguments that can be made by creative minds that might want to sue you if you have been surveilling people, each different depending on where your surveillance corporation is domiciled. There are plenty of legal processes available for people to do exactly that. You are indeed subject to having that happen to you if you continue to surveill the network even if you are doing so on behalf of the state for the purpose of gathering information for a state's compliance initiative. So, don't delude yourself, and be happy if all that happens is your little surveillance initiative has to close its doors (or gets sued if it stays open). Because that is the legal side of things. The extralegal stuff is far worse. The community is helping you by asking you gently to close up shop and go away. It is a helpful suggestion and I believe also a fair warning, again, a shot off the bow. On the development side, developers are certainly responsible for doing what they can to resist this kind of surveillance activity. But I have a feeling that will be a different thread
Re: [Bitcoin-development] Criminal complaints against "network disruption as a service" startups
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Back to what is Chainalysis and country of their origin, so criminal complaints against them would likely relate to violation of Swiss laws, as is described here: https://bitcointalk.org/index.php?topic=978088.msg10774882#msg10774882 It is fairly obvious that Chainalysis is not merely doing what blockchain.info etc. is. Let's not delude ourselves here. As stated, it would be advisable for such a firm to cease operations, and it would seem that plenty of polite shots over the bow have been given to Chainalysis, which should now fold up its operation, pack its bags, and go back to its hole before trying to serve its masters again in another way. Etc. Corporations similar to Chainalysis which are domiciled in other countries which conduct collection of information in ways that violate countries' laws (there are many countries and each have their own ways of interpreting user privacy and what constitutes permissible breach and in what circumstances) can indeed be held to legal standards that may result in minimal or severe legal penalties. It is true that analyzing information that is publicly available, such as that which is in a library, is not illegal. But the act of surveillance is. (Then there is the question of what sort of surveillance, targeted or general, and whether it is limited to the bitcoin network or if it moves beyond that to attempts to correlate with usernames, IDs, IPs, and other information available on fora and apparent from services, but I won't get into that here.) Even if you argue that the manner in which you are performing your actions is not actually "surveillance," or you argue that it is "legally permissible," someone else will certainly come along and make a reasonable argument that you are indeed engaging in illegal surveillance. They may even suggest to a judge that you are in the process of constructing a botnet and demand that your domains be seized, and may successfully obtain an ex parte temporary restraining order (TRO) against Chainalysis and similar corporations to have domain(s) seized. Any and all arguments may be added in here, there are 196 countries in the world today - each with their own unique laws - (maybe less by the time you read this) and a shit-ton of possible legal arguments that can be made by creative minds that might want to sue you if you have been surveilling people, each different depending on where your surveillance corporation is domiciled. There are plenty of legal processes available for people to do exactly that. You are indeed subject to having that happen to you if you continue to surveill the network even if you are doing so on behalf of the state for the purpose of gathering information for a state's compliance initiative. So, don't delude yourself, and be happy if all that happens is your little surveillance initiative has to close its doors (or gets sued if it stays open). Because that is the legal side of things. The extralegal stuff is far worse. The community is helping you by asking you gently to close up shop and go away. It is a helpful suggestion and I believe also a fair warning, again, a shot off the bow. On the development side, developers are certainly responsible for doing what they can to resist this kind of surveillance activity. But I have a feeling that will be a different thread which is more technical and so won't comment on it here, except to say it will likely involve working toward giving the user an anonymity option which can be exercised as part of any transaction. Thy Shizzle: > I don't believe that at all. Analyzing information publicly > available is not illegal. Chainalysis or whatever you call it would > be likened to observing who comes and feeds birds at the park > everyday. You can sit in the park and observe who feeds the birds, > just as you can connect to the Bitcoin P2P network and observe the > blocks being formed into the chain and transactions etc. Unless > there is some agreement taking place where it is specified that > upon connecting to the Bitcoin P2P swarm you agree to a set of > terms, however as every node is providing their own "entry" into > the P2P swarm it becomes really up to the node providing the > connection to uphold and enforce the terms of the agreement. If you > allow people to connect to you without terms of agreement, you > cannot cry foul when they record the data that passes through. To > say Chainalysis needs to cease is silly, the whole point of the > public blockchain is for Chainalysis, whether it be for the > verification of transactions, research or otherwise. > > -Original Message- From: "odinn" > Sent: 23/03/2015 1:48 PM To: > "bitcoin-development@lists.sourceforge.net" > Subject: Re: > [Bitcoin-development] Criminal complaints against "net
Re: [Bitcoin-development] Criminal complaints against "network disruption as a service" startups
I don't believe that at all. Analyzing information publicly available is not illegal. Chainalysis or whatever you call it would be likened to observing who comes and feeds birds at the park everyday. You can sit in the park and observe who feeds the birds, just as you can connect to the Bitcoin P2P network and observe the blocks being formed into the chain and transactions etc. Unless there is some agreement taking place where it is specified that upon connecting to the Bitcoin P2P swarm you agree to a set of terms, however as every node is providing their own "entry" into the P2P swarm it becomes really up to the node providing the connection to uphold and enforce the terms of the agreement. If you allow people to connect to you without terms of agreement, you cannot cry foul when they record the data that passes through. To say Chainalysis needs to cease is silly, the whole point of the public blockchain is for Chainalysis, whether it be for the verification of transactions, research or otherwise. -Original Message- From: "odinn" Sent: 23/03/2015 1:48 PM To: "bitcoin-development@lists.sourceforge.net" Subject: Re: [Bitcoin-development] Criminal complaints against "network disruption as a service" startups -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 If you (e.g. Chainalysis) or anyone else are doing surveillance on the network and gathering information for later use, and whether or not the ultimate purpose is to divulge it to other parties for compliance purposes, you can bet that ultimately the tables will be turned on you, and you will be the one having your ass handed to you so to speak, before or after you are served, in legal parlance. Whether or not the outcome of that is meaningful and beneficial to any concerned parties and what is the upshot of it in the end depends on on what you do and just how far you decide to take your ill-advised enterprise. Chainalysis and similar operations would be, IMHO, well advised to cease operations. This doesn't mean they will, but guess what: Shot over the bow, folks. Jan Møller: > What we were trying to achieve was determining the flow of funds > between countries by figuring out which country a transaction > originates from. To do that with a certain accuracy you need many > nodes. We chose a class C IP range as we knew that bitcoin core and > others only connect to one node in any class C IP range. We were > not aware that breadwallet didn't follow this practice. Breadwallet > risked getting tar-pitted, but that was not our intention and we > are sorry about that. > > Our nodes DID respond with valid blocks and merkle-blocks and > allowed everyone connecting to track the blockchain. We did however > not relay transactions. The 'service' bit in the version message is > not meant for telling whether or how the node relays transactions, > it tells whether you can ask for block headers only or full > blocks. > > Many implementations enforce non standard rules for handling > transactions; some nodes ignore transactions with address reuse, > some nodes happily forward double spends, and some nodes forward > neither blocks not transactions. We did blocks but not > transactions. > > In hindsight we should have done two things: 1. relay transactions > 2. advertise address from 'foreign' nodes > > Both would have fixed the problems that breadwallet experienced. > My understanding is that breadwallet now has the same 'class C' > rule as bitcoind, which would also fix it. > > Getting back on the topic of this thread and whether it is illegal, > your guess is as good as mine. I don't think it is illegal to log > incoming connections and make statistical analysis on it. That > would more or less incriminate anyone who runs a web-server and > looks into the access log. At lease one Bitcoin service has been > collecting IP addresses for years and given them to anyone visiting > their web-site (you know who) and I believe that this practise is > very wrong. We have no intention of giving IP addresses away to > anyone, but we believe that you are free to make statistics on > connection logs when nodes connect to you. > > On a side note: When you make many connections to the network you > see lots of strange nodes and suspicious patterns. You can be > certain that we were not the only ones connected to many nodes. > > My takeaway from this: If nodes that do not relay transactions is a > problem then there is stuff to fix. > > /Jan > > On Fri, Mar 13, 2015 at 10:48 PM, Mike Hearn > wrote: > >> That would be rather new and tricky legal territory. >> >> But even putting the legal issues to one side, there are >> definitional issues. >> >> For instance i
Re: [Bitcoin-development] Criminal complaints against "network disruption as a service" startups
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 If you (e.g. Chainalysis) or anyone else are doing surveillance on the network and gathering information for later use, and whether or not the ultimate purpose is to divulge it to other parties for compliance purposes, you can bet that ultimately the tables will be turned on you, and you will be the one having your ass handed to you so to speak, before or after you are served, in legal parlance. Whether or not the outcome of that is meaningful and beneficial to any concerned parties and what is the upshot of it in the end depends on on what you do and just how far you decide to take your ill-advised enterprise. Chainalysis and similar operations would be, IMHO, well advised to cease operations. This doesn't mean they will, but guess what: Shot over the bow, folks. Jan Møller: > What we were trying to achieve was determining the flow of funds > between countries by figuring out which country a transaction > originates from. To do that with a certain accuracy you need many > nodes. We chose a class C IP range as we knew that bitcoin core and > others only connect to one node in any class C IP range. We were > not aware that breadwallet didn't follow this practice. Breadwallet > risked getting tar-pitted, but that was not our intention and we > are sorry about that. > > Our nodes DID respond with valid blocks and merkle-blocks and > allowed everyone connecting to track the blockchain. We did however > not relay transactions. The 'service' bit in the version message is > not meant for telling whether or how the node relays transactions, > it tells whether you can ask for block headers only or full > blocks. > > Many implementations enforce non standard rules for handling > transactions; some nodes ignore transactions with address reuse, > some nodes happily forward double spends, and some nodes forward > neither blocks not transactions. We did blocks but not > transactions. > > In hindsight we should have done two things: 1. relay transactions > 2. advertise address from 'foreign' nodes > > Both would have fixed the problems that breadwallet experienced. > My understanding is that breadwallet now has the same 'class C' > rule as bitcoind, which would also fix it. > > Getting back on the topic of this thread and whether it is illegal, > your guess is as good as mine. I don't think it is illegal to log > incoming connections and make statistical analysis on it. That > would more or less incriminate anyone who runs a web-server and > looks into the access log. At lease one Bitcoin service has been > collecting IP addresses for years and given them to anyone visiting > their web-site (you know who) and I believe that this practise is > very wrong. We have no intention of giving IP addresses away to > anyone, but we believe that you are free to make statistics on > connection logs when nodes connect to you. > > On a side note: When you make many connections to the network you > see lots of strange nodes and suspicious patterns. You can be > certain that we were not the only ones connected to many nodes. > > My takeaway from this: If nodes that do not relay transactions is a > problem then there is stuff to fix. > > /Jan > > On Fri, Mar 13, 2015 at 10:48 PM, Mike Hearn > wrote: > >> That would be rather new and tricky legal territory. >> >> But even putting the legal issues to one side, there are >> definitional issues. >> >> For instance if the Chainalysis nodes started following the >> protocol specs better and became just regular nodes that happen >> to keep logs, would that still be a violation? If so, what about >> blockchain.info? It'd be shooting ourselves in the foot to try >> and forbid block explorers given how useful they are. >> >> If someone non-maliciously runs some nodes with debug logging >> turned on, and makes full system backups every night, and keeps >> those backups for years, are they in violation of whatever >> pseudo-law is involved? >> >> I think it's a bit early to think about these things right now. >> Michael Grønager and Jan Møller have been Bitcoin hackers for a >> long time. I'd be interested to know their thoughts on all of >> this. >> >> >> -- >> >> Dive into the World of Parallel Programming The Go Parallel Website, >> sponsored by Intel and developed in partnership with Slashdot >> Media, is your hub for all things parallel software development, >> from weekly thought leadership blogs to news, videos, case >> studies, tutorials and more. Take a look and join the >> conversation now. http://goparallel.sourceforge.net/ >> ___ >> Bitcoin-development mailing list >> Bitcoin-development@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/bitcoin-development >> >> > > > > -- > > Dive into the Wo
Re: [Bitcoin-development] Criminal complaints against "network disruption as a service" startups
Thanks Jan, we added several additional checks for non-standard protocol responses, and also made the client revert to DNS seeding more quickly if it runs into trouble, so it's now more robust against sybil/DOS attack. I mentioned in the coindesk article that I didn't think what your nodes were doing was intended to be malicious with respect to network disruption. It's our job to better handle non-standard or even malicious behavior from random p2p nodes. Aaron Voisine co-founder and CEO breadwallet.com On Mon, Mar 16, 2015 at 1:44 AM, Jan Møller wrote: > What we were trying to achieve was determining the flow of funds between > countries by figuring out which country a transaction originates from. > To do that with a certain accuracy you need many nodes. We chose a class C > IP range as we knew that bitcoin core and others only connect to one node > in any class C IP range. We were not aware that breadwallet didn't follow > this practice. Breadwallet risked getting tar-pitted, but that was not our > intention and we are sorry about that. > > Our nodes DID respond with valid blocks and merkle-blocks and allowed > everyone connecting to track the blockchain. We did however not relay > transactions. The 'service' bit in the version message is not meant for > telling whether or how the node relays transactions, it tells whether you > can ask for block headers only or full blocks. > > Many implementations enforce non standard rules for handling transactions; > some nodes ignore transactions with address reuse, some nodes happily > forward double spends, and some nodes forward neither blocks not > transactions. We did blocks but not transactions. > > In hindsight we should have done two things: > 1. relay transactions > 2. advertise address from 'foreign' nodes > > Both would have fixed the problems that breadwallet experienced. My > understanding is that breadwallet now has the same 'class C' rule as > bitcoind, which would also fix it. > > Getting back on the topic of this thread and whether it is illegal, your > guess is as good as mine. I don't think it is illegal to log incoming > connections and make statistical analysis on it. That would more or less > incriminate anyone who runs a web-server and looks into the access log. > At lease one Bitcoin service has been collecting IP addresses for years > and given them to anyone visiting their web-site (you know who) and I > believe that this practise is very wrong. We have no intention of giving IP > addresses away to anyone, but we believe that you are free to make > statistics on connection logs when nodes connect to you. > > On a side note: When you make many connections to the network you see lots > of strange nodes and suspicious patterns. You can be certain that we were > not the only ones connected to many nodes. > > My takeaway from this: If nodes that do not relay transactions is a > problem then there is stuff to fix. > > /Jan > > On Fri, Mar 13, 2015 at 10:48 PM, Mike Hearn wrote: > >> That would be rather new and tricky legal territory. >> >> But even putting the legal issues to one side, there are definitional >> issues. >> >> For instance if the Chainalysis nodes started following the protocol >> specs better and became just regular nodes that happen to keep logs, would >> that still be a violation? If so, what about blockchain.info? It'd be >> shooting ourselves in the foot to try and forbid block explorers given how >> useful they are. >> >> If someone non-maliciously runs some nodes with debug logging turned on, >> and makes full system backups every night, and keeps those backups for >> years, are they in violation of whatever pseudo-law is involved? >> >> I think it's a bit early to think about these things right now. Michael >> Grønager and Jan Møller have been Bitcoin hackers for a long time. I'd be >> interested to know their thoughts on all of this. >> >> >> -- >> Dive into the World of Parallel Programming The Go Parallel Website, >> sponsored >> by Intel and developed in partnership with Slashdot Media, is your hub >> for all >> things parallel software development, from weekly thought leadership >> blogs to >> news, videos, case studies, tutorials and more. Take a look and join the >> conversation now. http://goparallel.sourceforge.net/ >> ___ >> Bitcoin-development mailing list >> Bitcoin-development@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/bitcoin-development >> >> > > > -- > Dive into the World of Parallel Programming The Go Parallel Website, > sponsored > by Intel and developed in partnership with Slashdot Media, is your hub for > all > things parallel software development, from weekly thought leadership blogs > to > news, videos, case studies, tutorials and more. Take a look and join the > conversation
Re: [Bitcoin-development] Criminal complaints against "network disruption as a service" startups
What we were trying to achieve was determining the flow of funds between countries by figuring out which country a transaction originates from. To do that with a certain accuracy you need many nodes. We chose a class C IP range as we knew that bitcoin core and others only connect to one node in any class C IP range. We were not aware that breadwallet didn't follow this practice. Breadwallet risked getting tar-pitted, but that was not our intention and we are sorry about that. Our nodes DID respond with valid blocks and merkle-blocks and allowed everyone connecting to track the blockchain. We did however not relay transactions. The 'service' bit in the version message is not meant for telling whether or how the node relays transactions, it tells whether you can ask for block headers only or full blocks. Many implementations enforce non standard rules for handling transactions; some nodes ignore transactions with address reuse, some nodes happily forward double spends, and some nodes forward neither blocks not transactions. We did blocks but not transactions. In hindsight we should have done two things: 1. relay transactions 2. advertise address from 'foreign' nodes Both would have fixed the problems that breadwallet experienced. My understanding is that breadwallet now has the same 'class C' rule as bitcoind, which would also fix it. Getting back on the topic of this thread and whether it is illegal, your guess is as good as mine. I don't think it is illegal to log incoming connections and make statistical analysis on it. That would more or less incriminate anyone who runs a web-server and looks into the access log. At lease one Bitcoin service has been collecting IP addresses for years and given them to anyone visiting their web-site (you know who) and I believe that this practise is very wrong. We have no intention of giving IP addresses away to anyone, but we believe that you are free to make statistics on connection logs when nodes connect to you. On a side note: When you make many connections to the network you see lots of strange nodes and suspicious patterns. You can be certain that we were not the only ones connected to many nodes. My takeaway from this: If nodes that do not relay transactions is a problem then there is stuff to fix. /Jan On Fri, Mar 13, 2015 at 10:48 PM, Mike Hearn wrote: > That would be rather new and tricky legal territory. > > But even putting the legal issues to one side, there are definitional > issues. > > For instance if the Chainalysis nodes started following the protocol specs > better and became just regular nodes that happen to keep logs, would that > still be a violation? If so, what about blockchain.info? It'd be shooting > ourselves in the foot to try and forbid block explorers given how useful > they are. > > If someone non-maliciously runs some nodes with debug logging turned on, > and makes full system backups every night, and keeps those backups for > years, are they in violation of whatever pseudo-law is involved? > > I think it's a bit early to think about these things right now. Michael > Grønager and Jan Møller have been Bitcoin hackers for a long time. I'd be > interested to know their thoughts on all of this. > > > -- > Dive into the World of Parallel Programming The Go Parallel Website, > sponsored > by Intel and developed in partnership with Slashdot Media, is your hub for > all > things parallel software development, from weekly thought leadership blogs > to > news, videos, case studies, tutorials and more. Take a look and join the > conversation now. http://goparallel.sourceforge.net/ > ___ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Criminal complaints against "network disruption as a service" startups
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/13/2015 05:24 PM, Mike Hearn wrote: > Well they don't set NODE_NETWORK, so they don't claim to be > providing network services. But then I guess the Chainalysis nodes > could easily just clear that bit flag too. If a peer claims to provide network services, and does not do so while consuming another node's resources, that might be considered exceeding authorized access. bitcoind should probably have more fine-grained control over how it allocates connection resources between peers vs clients. -BEGIN PGP SIGNATURE- iQIcBAEBAgAGBQJVA2bPAAoJECpf2nDq2eYjm/UP/0MZmdEBameT6tnLnebkru5d UeHsX6Qikv3qF+i936SkoDylg08PJNWlpApuXC5t52x262V763y9tGV8qqh3vTSf LeLeKY1M4mYCjHjegpz3JXzzF9i9OqgWl+0OxGOHDHyp8COfzKzC9FEUP3XBqitb swyeS2t0LkzJnXYV8z8pDOxn4pZN0cUaKPvBIRKEUs4PgA4JVpRTM5Rvzi7oOItz GHknxH++ja7kfFpgRSJMh3gHu4xhRiHfzGPaszrrrznpubNr42+4ouBy+QDr2XYr 1AtklROYLySeUtd0yNxeWdeaLIBSTiiDisNkD62MOTr0Zmdnc6M7IefSCqLN4fD9 wPu5a5h4HI/N/4/+kUhGmW+g5vagKMkCVlUIsG7gpGQJk4HyLElAdmgDToPJTrvr htrd7k5HjjZu8oAt/vYcx15myuQ7VXc7v193g7m3kRRx4rnZ5XCu5BJd92uaOW1e 9ARhN7hfNQbfVkZw0f+qfG0fzMSAk3aHxpao7topwKARQfYJ++Mry5qAzFfxWred IHXHbd4JqafsUJxTqDvm7oVP+l+XqlFkZTGi5u6NjPSeJL0IMFI5NqOepqAqwi0P n9tePxN19+TmK2TSGtuzWBNZXcbwujSmvzRnDouxpcTyhRXc5YBbetI4/s0xcAyK sQ2dm0SKF4S8MclylelW =IpAp -END PGP SIGNATURE- 0xEAD9E623.asc Description: application/pgp-keys -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Criminal complaints against "network disruption as a service" startups
> > Don't SPV clients announce their intentions by the act of uploading a > filter? > Well they don't set NODE_NETWORK, so they don't claim to be providing network services. But then I guess the Chainalysis nodes could easily just clear that bit flag too. > What I'd actually like to see is for network users to pay for the node > resources that they consume It's not quite pay-as-you-go, but I just posted a scheme for funding of network resources using crowdfunding contracts here: https://github.com/bitcoin/bitcoin/issues/5783#issuecomment-79460064 That comment doesn't have any kind of provision for access control, but group signatures could be extended in both directions: the server proves it was a part of the group that was funded by the contract, and the client proves it was in group that funded the contract, but it's done in a (relatively) anonymous way. Then any client can use any node it funded, or at least, buy priority access. But it's rather complicated. I'd hope that nodes can be like email accounts: yes they have a cost but in practice people everyone gets one for free because of random commercial cross-subsidisation, self hosting and other things. -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Criminal complaints against "network disruption as a service" startups
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/13/2015 05:08 PM, Mike Hearn wrote: > > That definition would include all SPV clients? Don't SPV clients announce their intentions by the act of uploading a filter? > I get what you are trying to do. It just seems extremely tricky. Certainly the protocol could be designed in a way that provides finer-grained access controls and connection limits, which would make the situation more clear. What I'd actually like to see is for network users to pay for the node resources that they consume, so that anyone who wants to place increased load on the network would compensate node operators for the burden: http://bitcoinism.liberty.me/2015/02/09/economic-fallacies-and-the-block-size-limit-part-2-price-discovery/ Absent that kind of comprehensive solution, problems like this will continue to recur. -BEGIN PGP SIGNATURE- iQIcBAEBAgAGBQJVA2HLAAoJECpf2nDq2eYjcvYP/iqYBxboMmTPLp9Kx3GlBdR/ IPtCxVoaZQkqrAHlbbED1YHoI7QqaufdPMb9mw8bErFX7E89u4gD93jvx2x+skqW KtqIyc5fHe4MgbtGypvE5GjSiqZZIqn7EYzLGVE5ydmO4SKpfodXIIRuQRkZ1fTG j0ovFc/bmigS7Cvf3gsMT5oW26IcEaH6mAZ/YU5oVEi1LGff8hUTq90uddOCpoqp mIj8MHMdd0yvtihjLwyJPdfT0qTOkbAxHJqwPLoOWzmrN0z1PbU9qcf0aHdDnMlT +jWHqHzSxjwyB1bmUhi6vZKVFfd1moOTI3BBj+Jqjc+xaOmXCcyAtpfzq97VITZw qhAnYM4unsC0A1GH3fQEJPvoOy0kwyNNtI7z5YOrRJtihCpFSbtULqN9DUmxwgKL /0cmOc2SyjgflTiCejazBIJk4Ie+WcV2cbgepdX8USb0tusQs+jn2HMFGUfxywTz riy9Ex8Wftl12LAYXSbMQl7GnADYG9t0HIY3JqPAhAzEdPynXUduveatiQyNc6SH IqXraTgHj6IFFWB7eLjWuIleyxcFC81qTFNUYxEajGDLbCX00emKiR3RUpVZ/wP7 8CXcV4zco1y1+va1eD/7eNhTW/Xuf3+KdqJs2reLq23fLV01HA92sRYbgLIxb0Yz yBsE+PpY06vrHqoVD/4l =Ofbb -END PGP SIGNATURE- 0xEAD9E623.asc Description: application/pgp-keys -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Criminal complaints against "network disruption as a service" startups
> > I'm not talking about keeping logs, I mean purporting to be a network > peer in order to gain a connection slot and then not behaving as one > (not relaying transactions) That definition would include all SPV clients? I get what you are trying to do. It just seems extremely tricky. -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Criminal complaints against "network disruption as a service" startups
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/13/2015 04:48 PM, Mike Hearn wrote: > That would be rather new and tricky legal territory. > > But even putting the legal issues to one side, there are > definitional issues. > > For instance if the Chainalysis nodes started following the > protocol specs better and became just regular nodes that happen to > keep logs, would that still be a violation? If so, what about > blockchain.info? It'd be shooting ourselves in the foot to try and > forbid block explorers given how useful they are. I'm not talking about keeping logs, I mean purporting to be a network peer in order to gain a connection slot and then not behaving as one (not relaying transactions), thereby depriving the peers to which operator actually intends to offer service of the ability to connect. That someone wants to run a large number of nodes in order to make their own logs more saleable, does not mean they are entitled to break the protocol to make other node operators subsidize their log collection. Especially if a data collection company is deploying nodes that do not relay and aggressively reconnect after a ban, it seems like they'd have a hard time arguing that they were not knowingly exceeding authorized access. -BEGIN PGP SIGNATURE- iQIcBAEBAgAGBQJVA16sAAoJECpf2nDq2eYjxsUP/3ASGcsdGR8IEO7Fk8VghuVp jwIIM8Bu/WsoWKG76GhuPKs/qC0VC6GXKpGUBVy7bF8uwdhfdSXcyld9MIzIENJF I0wMX6B3SjqQG/g0rNZ91Dh3xKIF39/TQdDERM3yiQi1oavAc5TPLReN9ZbyRcVw vCfPWorTvrad5INCn/krcEopbI013aW2ryWnkN6sFGinF5Yf4xhrNQbQeGbhlH15 /XUIBva6/PbUs4HaC+wqJPSUfB4OmcP1ZfXMuPDEmKEWdI+3WqUYF4sNAVOke560 +RL5qMJIxSUMYMAb3p+025Fn6WOc2wupQzpH/ISkuaI+5+ne54Mx/ZHJg7Z7inov WMKfiUS6R8EHrY8IoNpO9uNqsgC+y0vlU3ELqu+gOhFTpMK7pVX2aAek8Qe7hSHy GwtG5U6AFubLqyzP9/pBJHnmDG71brsKffAXOePDjXWfLfhy78aeQ3HOnzVhv9QK snmE2C6Ex/tQDUwT9MKTdw59Hy7E7GdQlSPH+MYQKUBlkpWLDGpi7oriBRwvEy4/ NJCJU9+x7jijD7vrjBE+LSYdIQoZqE240N6teWqVc2wRPM8g+e+kSQqfjdKQdiQY waeKHBKerqRq2EGffeJWV1RIEFtFND1l8zw/5ZQF4w959zLvhk/QPHzxKyTbCM2f 3DOgEWCJFLsNzpPQ8es2 =MV9D -END PGP SIGNATURE- 0xEAD9E623.asc Description: application/pgp-keys -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Criminal complaints against "network disruption as a service" startups
That would be rather new and tricky legal territory. But even putting the legal issues to one side, there are definitional issues. For instance if the Chainalysis nodes started following the protocol specs better and became just regular nodes that happen to keep logs, would that still be a violation? If so, what about blockchain.info? It'd be shooting ourselves in the foot to try and forbid block explorers given how useful they are. If someone non-maliciously runs some nodes with debug logging turned on, and makes full system backups every night, and keeps those backups for years, are they in violation of whatever pseudo-law is involved? I think it's a bit early to think about these things right now. Michael Grønager and Jan Møller have been Bitcoin hackers for a long time. I'd be interested to know their thoughts on all of this. -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
[Bitcoin-development] Criminal complaints against "network disruption as a service" startups
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Given the recent news about Chainanalysis (https://www.reddit.com/r/Bitcoin/comments/2yvy6b/a_regulatory_compliance_service_is_sybil/), and other companies who are disrupting the Bitcoin network (https://www.reddit.com/r/Bitcoin/comments/2we0d9/in_an_unrelated_thread_a_bitcoin_dev_claimed/copzt3x) it might be worth reviewing the terms of the Computer Fraud and Abuse Act and similar legislation in other countries. Although it's not possible to stop network attacks by making them illegal, it's certainly possible to stop traditionally funded companies from engaging in that activity. Note there exist no VC-funded DDoS as a service companies operating openly. It's also worth discussing ways to make the responsibilities of network peers more explicit in the protocol, so that when an entity decides to access the network for purposes other than for what full node operators made connection slots available that behavior will be a more obvious violation of various anti-hacking laws. -BEGIN PGP SIGNATURE- iQIcBAEBAgAGBQJVA0IFAAoJECpf2nDq2eYjp0IP+wVsW69xOpFIX4yRTHrEQYh7 MCPM7OTkIay/O13TSewbxTRPww9Z6vOpmrDkFlWGYKyrLWyqUGwcKqOscE8r3P3U xdV5ACppol5HXra/bykxuaXJWF/yTM7PybFNQ2Ary0X41CFrOUITsO8SwWDl8jBu GtRgbWdALA6IQeeRLVQmMo3zC/uShOplOh/HrS2z9ZtXSm3rNkLzhnUWfznbixb0 9C1yvIM5VOwoNcRKt7uoX6cl4mFsBO3Gfjz4rr5gABerTltBlRk4c3jnUDUlQiFC cppX9eaEYMLR7y0gHWnmzWcFW7LFwMR2isyJ79O2cpUpYNzbfp0fWetM1WVAMFSK 7hyUlwVx4WgaVRT5hDb6QPHHvzCYjYq+19+9/uChh9P3s3QkKuFJUVYwHQ+wnruK hPS3/vb7Tmt1eLTUeno4RRyJJ7likHsNA2bxWSG9rDezTownkSVZe2BQh3GIZOBg H8Nu2IDWK4pHJaCiswW4jfDsucuYiP7978p8ZFbZbymeflsXz1qyUHSVm9kngfZn sYUK4rgRsdrPpong0nqlmWcQW3VgmNO1tw5gmUqWTxQLnrCxgqnSdT7srzAw1ZaS YIAaB1rBy8k7QyDCOyIsIV+n1H26ZBa8PrqdRExlz6PuWcywjuEbcIfEl9QSURA+ pLuNJ+uQN+JBjKokmaSQ =ZO1/ -END PGP SIGNATURE- 0xEAD9E623.asc Description: application/pgp-keys -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development