--- Day changed Wed Feb 13 2019
02:33 -!- NHsFzpf9Ct [5e8c7d3f@gateway/web/freenode/ip.94.140.125.63] has joined #joinmarket     
02:42 -!- undeath [~undeath@hashcat/team/undeath] has joined #joinmarket     
03:32 < undeath> i'm wondering about #330. shouldn't those 'and' be 'or'?
03:33 -!- siom [~siom@31.13.191.152] has joined #joinmarket     
03:34 < undeath> oh wait, nvm
04:15 < belcher> did anyone notice this at the time? https://www.whitehouse.gov/briefings-statements/presidential-message-congress-united-states-2/
04:15 < belcher> the US president bans all cryptocurrency transactions related to venezuela 
04:40 -!- NHsFzpf9Ct [5e8c7d3f@gateway/web/freenode/ip.94.140.125.63] has quit [Ping timeout: 256 seconds]     
04:59 < waxwing> yeah i remember it. not a huge story but it did spread around a little.
05:00 < belcher> this is an interesting paper https://sci-hub.tw/10.1080/13600869.2019.1565105 Yalabık, İ. (2019). Anonymous Bitcoin v enforcement law. International Review of Law, Computers & Technology
05:00 < belcher> a bunch of lawyers writing about how bitcoin's anonymity affects divorce cases and debtors
05:00 < belcher> because they could hide their assets in bitcoin
05:01 < belcher> "According to enforcement rules, to be able to reach the available assets of a debtor with a search order one can enter the debtor’s house against the owner’s wishes, and may search the place, open every door, pull up the floorboards and dig up the yard if needed, to search available assets. Similarly, if a debtor can be forced to open a locked safe, then to force a debtor for revealing Bitcoin key password should also be possible." so
05:01 < belcher>  if the defendant is suspected of using bitcoin presumably they'll search his house
05:02 < belcher> and if the defendant has forgotten the password then presumably thats contempt of court :P
05:03 < belcher> the paper cites some bitcoin privacy papers which is why i found it, they talk about address clustering to find the defendants wallet
05:05 < belcher> in the bigger picture, im not sure if bitcoin provides much value over already-existing methods like secret offshore bank accounts... it seems the trick is getting the assets into the hidden place without the courts knowing about it, which will always be hard
05:12 < waxwing> yeah exactly. and yes that is a very interesting quote. not really different from cash, gold as you say (offshore bank accounts is a bit grayer, but in principle similar at least)
05:13 < waxwing> dig up the yard indeed. that misses the point. no one is going to do that without some specific data pointing to a buried in the yard scenario.
05:13 < belcher> iv heard of cases like in WWII where some jews decided to throw all their gold jewellery into the river rather than give it to the awful people who are invading and looting.... i wonder if similar things happen in divorce cases, where the emotions are so strong that people would rather destroy their own wealth than give it to their spouse
05:13 < waxwing> definitely that happens eh. passions run high.
05:13 < belcher> freshly disturbed ground is evidence enough i think, thats what is used to find buried bodied (according to crime dramas i watch)
05:14 < waxwing> the interesting case is where they can see it on the blockchain but can't prove someone owes the keys.
05:14 < belcher> in that case if the coins are later moved then thats evidence of contempt of court
05:14 < waxwing> like the various hacker cases e.g. one lurker in this channel ;)
05:15 < belcher> i.e. if the defendant says they lost their keys, but later the coins move
05:15 < waxwing> yeah but he could be in belize by then.
05:15 < belcher> that requires giving up your home and never coming back to your country, which is an extreme step not everyone will do (but is totally possible ofc)
05:16 < waxwing> not really asserting anything in particular about that scenario, only looking for ways in which it's different from all the other types of asset.
05:16 < belcher> i think if the courts get to the point of knowing you used bitcoin then its game over, because they could demand you explain every transaction even if you used a mixer or something
05:16 < waxwing> yeah it's game over for pretending you never had it; arguably, not game over for trying to avoid handing it over. very arguable, of course.
05:17 < belcher> i guess a good plan might be to withdraw lots of cash and claim you gambled it all in a casino but in reality you traded it for bitcoin... but that only works for relatively small amounts (you cant sell an entire house for cash and do this)
05:17 < waxwing> oh but also: suppose you see it on chain, and see the history, and *think* he owns it, but he asserts it was spent and currently is owned by the recipient. then it moving is not suspicious (or, as suspicious).
05:18 < belcher> what did you spend it on? show evidence please
05:18 < waxwing> let's say you payjoin to bustabit, then it isn't clear if bustabit owns it or you :)
05:18 < belcher> you'd need to give up your bustabit account i guess, the website should show your past deposits and withdrawals
05:19 < waxwing> or start your own exchange/business and get hacked :)
05:19 < waxwing> well if you assume LE has jurisdiction over every possible recipient on the planet, there's no out, whatever you do i guess.
05:19 < belcher> yep     
05:20 < belcher> the paper talks about the debitor case as well as the divorce case, so like you have debts but use bitcoin to get out of paying somehow
05:21 < waxwing> if you send it to a mixer that's Tor only and has no name attached, you can claim they stole it.
05:21 < belcher> according to the paper, the majority of debt cases never actually result in the creditor recovering the money, i guess its the getting blood from a stone effect
05:22 < belcher> i suppose creditors protect themselves with credit ratings, collateral, due diligence.. not getting the money after the fact
06:30 < belcher> very interesting paper about ransomware https://sci-hub.tw/10.1109/SP.2018.00047 they reverse-engineer several ransomware binaries to obtain bitcoin addresses, and then use chainalysis to try to track where the money went, they conclude it mostly went to the btc-e exchange
06:31 < belcher> apparently theres a ransomware called Spora which estimated the value of each victim's files and calculated the ransom from that, scary stuff
06:32 < belcher> the volume is about 16MM USD over 2 years, made by about 20k victims, the paper writes
06:35 < undeath> wow, gets to show why backups are important
06:35 < belcher> for sure
06:36 < belcher> a surprisingly high amount of victims are from south korea, the paper measures the geographic locations somehow
06:38 < belcher> "We stress that the clustering technique does not apply to CoinJoin transactions [23], which violate the co-spending heuristic. The sender of a CoinJoin transaction does not have access to the private keys of the input wallet addresses. Effectively, two addresses that are co-spent in the same CoinJoin transaction cannot be clustered together. To detect CoinJoin transactions in our clustering, we apply a set of heuristics [25]using BlockSci 
06:38 < belcher> [26]. We find no CoinJoin transactions in our clusters, although there is still a possibility that the heuristics might have failed to detect some CoinJoin transactions"
06:38 < belcher> reference [25] is a paper that measures joinmarket coinjoins
06:38 < belcher> so that part is saying the ransomware people didnt use joinmarket
06:39 < belcher> they seem to be sending almost straight to btc-e
06:39 < waxwing> re: South Korea, I bet i know why.
06:40 < waxwing> they had a crazy situation where everyone was essentially forced to use like WinXP, Win7 for years - because certain govt approved things required it. i remember reading about it.
06:40 < belcher> interesting
06:40 < waxwing> hmm now i write that it doesn't sound so special, a lot of institutions are forced to stick with legacy Win software.
06:40 < belcher> i thought it might indicate that the ransomware authors are korean, because they'd need to translate their malware into korean
06:40 < waxwing> but i remember reading some really interesting article about it a couple of years back.
06:41 < waxwing> i dunno. i mean, it's been a pretty huge thing in the west too, right.
06:41 < waxwing> was just thinking maybe they found more holes in korean infra.
06:42 < belcher> these researchers also do what iv been calling "mystery shopper payments" what they call "micropayments", where they send 0.001 btc to a new ransomware address and track where the money
06:42 < waxwing> re: btc-e yeah i think that's more-or-less common knowledge by now. pretty much all criminals used that exchange (if they used any centralized one), before it got "done over".
06:43 < waxwing> right active attacks. it's kind of silly that wallets (including ours!) don't handle that properly ...
06:43 < belcher> "We made a micropayment to each of the 28 seed ransom addresses.[5] What appears to be the ransomware operator later co-spent the ransom addresses with other wallet addresses, presumably in an attempt to aggregate ransom payments. All these 28 ransom addresses lead to the construction of a single Locky cluster with 7,093 addresses"
06:44 < belcher> looks like that ransomware guy sold his privacy for 0.001 btc xD
06:44 < belcher> actual Locky ransomware payments are in the same cluster so the method almost certainly works
06:44 < undeath> is there an easy way to prevent jm from spending such funds?
06:44 < waxwing> undeath, i opened an issue about it.
06:45 < waxwing> we could just lock down/freeze utxos that are inbound below a certain threshold and require manual activation, for example.
06:45 < belcher> not really afaik,  but the fact that JM uses coinjoin really limits how effect the method is
06:45 < waxwing> just spitballing though, never thought about in detail.
06:45 < waxwing> yeah fair point belcher 
06:46 < undeath> it's kinda true, all you could taint is the change but that is easily tracked anyway
06:46 < waxwing> JM's coinjoin defence doesn't apply to direct spends though, worth noting.
06:47 < belcher> id say awareness is the main factor, because when you think about it 0.001 btc is a low price for your privacy, it would be totally fine to leave it unspent
06:47 < undeath> sure
06:47 < belcher> maybe in the future researchers will have to pay more, is your privacy worth 0.1 btc or 1 btc?
06:47 < belcher> we get interesting economic effects there
06:47 < undeath> there is also another problem, where you can link a user's cj output to a different cj output of the same user
06:47 < undeath> when they are used together
06:48 < belcher> what do you mean
06:49 < undeath> if you receive such a "mystery shopper payment" to a previously used address and later on use it as an input together with some other address those two are linked
06:50 < belcher> yes, in that sense the mystery shopper payment is a kind of forced address reuse
06:50 < belcher> in this paper the mystery shopper payment happens for brand-new addresses fwiw
06:52 < belcher> that part where they attempt to find coinjoin transactions so they can exclude them is an example of how great payjoin/p2ep is for privacy, because they are indistinguishable from non-coinjoin txes
06:53 < belcher> also it say it shows how great coinjoinxt and coinswap would be, and how not-that-great tumblebit would be
06:54 < belcher> the downside for CJXT and coinswap is a certain number of people know the mapping between inputs and outputs, while in tumblebit nobody knows the mapping (unless theres a sybil attack)
06:56 < undeath> it should be feasible to check if a utxo in the jm wallet came from a tx where the wallet was involved, that should be ok for internal addresses
06:57 < belcher> yes     
06:57 < belcher> another possible method is to code JM to automatically ignore deposits on addresses that have been used before
06:58 < undeath> the problem i see there is that someone can dos you by sending payments to still active addresses
06:58 < undeath> jm would see the address has been reused and refuse to use any of the available utxos
06:58 < belcher> what do you mean by "still active addresses" ?
06:59 < undeath> I mean an address that still has another utxo
06:59 < belcher> oh     
07:00 < belcher> ok so, modifying the scheme a bit: 1) if an address has been fully-spent from and is now empty, then ignore any further deposits 2) if an address has UTXOs on it then spend all the UTXOs in one transaction
07:00 < belcher> when i say ignore i mean ignore-by-default, so the user can always override if they accidentally get paid on the same address again
07:00 < undeath> oh, yes, that would work
07:01 < belcher> btw "we made micropayments to both of the Sage ransom addresses. However, the bitcoins have since remained in the addresses without being transferred to other wallet addresses. As a result, we are unable to find Sage’s cluster."
07:01 < undeath> heh     
07:01 < belcher> "In general, ransomware operators may ignore micropayments, especially when the payment amount is below some minimum threshold. In addition, micropayments may even cause suspicion to the operators, although in our case Cerber and Locky continued to process our micropayments (as well as potential victim payments) throughout our analysis."
07:01 < undeath> it shouldn't be that hard to find someone that has paid them
07:02 < belcher> fascinating really, so Sage got away with it but Cerber and Locky didnt
07:02 < belcher> apparently they didnt manage to..
07:02 < belcher> the sage ransomware isnt included in the study they say
07:05 < belcher> "To determine if we have potentially missed clusters, we corroborate the timing of payment eventson the blockchain against the timing of two external indicators of ransomware activity: relative number of searches accordingto Google Trends [27], and discovery of new binaries on VirusTotal [28]. Our assumption is that if, during some period,we discover new binaries for a ransomware family and/or observe relevant Google searches while we do not 
07:05 < belcher> observing any incoming bitcoins into the ransomware’s cluster, then we may have missed payment clusters."
07:05 < belcher> fascinating, these researchers are really smart, they're aware of their tools and the potential limitations of their tools
07:13 < belcher> they conclude they are in fact missing most clusters for CryptoDefense, CryptoLocker, and CryptoWall, but probably have all the clusters for the other ransomware they study
07:13 < belcher> maybe those three mentioned ransomware are careful with coin control, or they get googled more for some reason
07:18 < belcher> chainalysis excludes coinjoin transactions according to the paper, presumably those are just joinmarket ones and maybe wasabi
07:25 < belcher> looks like btc-e is just a significant destination but not the only one, the biggest slice in the pie chart is actually "unknown", while localbitcoins, bitmixer and bitcoinfog are also common
07:26 < belcher> one ransomware called CryptoXXX is ~96% sent to Unknown, so who knows whats happening there, maybe sold for cash in person
07:27 < belcher> the ownership of addresses is found using chainalysis's API
07:27 < waxwing> right. so more evidence chainalysis is basically shit-all, plus exchange data handed over to them :)
07:27 < waxwing> def worth $100 million or whatever it is
07:28 < belcher> i wonder if btc-e shared info with them
07:28 < waxwing> heh. when were they shut down? i want to say early 2017 or late 2016.
07:28 < belcher> something around then yes
07:28 < waxwing> also, when was this paper? i guess it was after the cookie meets the blockchain from narayanan et al
07:28 < belcher> Locky and CryptoDefense ransomwares sent 30-40% to btc-e, they seem to be the only ones
07:29 < belcher> yes, paper is published may 2018
07:29 < undeath> was during summer in 2016 or 2017
07:29 < belcher> WannaCry seems to be 100% Unknown
07:29 < undeath> i think it was 2017
07:29 < belcher> i think they wrote btc-e in the abstract of the paper just because its the only result they have
07:29 < belcher> in reality it looks the vast majority of the money is gone
07:30 < waxwing> am i doing something illegal if i share that sci-hub link? i'm not sure how the status of that is now.
07:31 < waxwing> oh; Levin is one of the authors!
07:31 < belcher> idk     
07:31 < belcher> long live sci-hub for making this available though, and not behind some academic paywall
07:31 < undeath> probably depends on what country you are in
07:32 < belcher> who is Levin ?
07:32 < waxwing> main guy (originator?) of chainalysis.
07:32 < belcher> oooh
07:33 < belcher> academics paywalls are such bullshit IMO, i was trying to get maths papers on the lognormal distribution written in the 1970s, sci-hub was the only source
07:33 < waxwing> well yeah obvs. just don't want to link it on e.g. mastodon if there's a legality issue or w/e.
07:34 < belcher> you could link this https://ieeexplore.ieee.org/abstract/document/8418627
07:34 < undeath> i'm sure international science could advance much faster if knowledge was actually open…
07:34 < waxwing> interesting, in [39] Shamir of RSA fame did an analysis of the bitcoin transaction graph.
07:34 < belcher> and maybe suggest that people copypaste the DOI into sci-hub themselves
07:34 < belcher> oh yes he did
07:35 < belcher> undeath most research is done in universities and they just pay for all the subscriptions, but once you leave the academic world you get almost entirely shut-out
07:35 < belcher> also some universities cant or wont pay, apparently in iran their entire science sector depends on sci-hub and similar
07:36 < belcher> note that the researchers or peer-reviews themselves dont benefit from this, the income is almost entirely kept by the publishers
07:36 < waxwing> when it comes to crypto i almost never have trouble finding the paper after ddg or google. one good option is the authors just host it themselves.
07:36 < undeath> there's also the issue of searching for related papers, which is much harder when there is no centralized spot
07:36 < belcher> google scholar is pretty good for that
07:37 < belcher> and web of knowledge, but that is paid-for
07:37 < belcher> google scholar at least finds what cites what
07:37 < waxwing> yeah it's not easy but maybe it depends on the field; in cryptography i don't think i've ever failed to find the references available for free from the title.
07:39 < waxwing> i guess the korea thing is somewhat more plausibly NK hacking crews (maybe they outsource to China, too); i know there were reports of them hacking SK exchanges. it is pretty plausible.
07:44 < undeath> thanks for the recommendations, belcher! both sites seem pretty useful
11:25 -!- siom [~siom@31.13.191.152] has quit [Remote host closed the connection]     
12:49 < belcher> Levin was that guy who tweeted asking people not to use coinjoin, i remembered now :p
13:07 < belcher> theres a paper here called "the unreasonable effectiveness of address clustering" which makes the point that two big reasons that the CIOH works so well is 1) address reuse and 2) the relative centralization of the bitcoin economy
13:08 < belcher> point 2) makes me think it would be most productive to get payjoin adopted by places like casinos (and exchanges but the regulated ones will never do it)
13:09 < belcher> another way could be to get the operators of some of the big services to do hand-made coinjoins with each other so it looks like they're all in the same cluster
13:11 < belcher> although getting them to coinjoin with each other can be beaten with a method where you find the one transaction that causes a massive increase in the size of a cluster, and exclude it
13:11 < belcher> in the wild, address clusters only grow slowly
15:28 < undeath> the bitcoin.it wiki article on anonymity and coinjoin doesn't mention any working cj implementation. there's room for advertisement if anyone's feeling bored
15:49 -!- undeath [~undeath@hashcat/team/undeath] has quit [Quit: WeeChat 2.3]     
16:20 -!- AgoraRelay [~jmrelayfn@p5DE4ABA8.dip0.t-ipconnect.de] has quit [Ping timeout: 258 seconds]     
16:38 -!- AgoraRelay [~jmrelayfn@p5DE4A8FE.dip0.t-ipconnect.de] has joined #joinmarket     
17:27 -!- AgoraRelay [~jmrelayfn@p5DE4A8FE.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]     
17:30 -!- StopAndDecrypt [~StopAndDe@unaffiliated/stopanddecrypt] has joined #joinmarket     
17:37 -!- AgoraRelay [~jmrelayfn@p5DE4AD64.dip0.t-ipconnect.de] has joined #joinmarket     
21:26 -!- v_unimportant_pe [~user@45.74.60.139] has quit [Ping timeout: 250 seconds]     
21:26 -!- v_unimportant_pe [~user@45.74.60.132] has joined #joinmarket