From: odinn <odinn.cyberguerrilla@riseup•net>
To: Thy Shizzle <thyshizzle@outlook•com>
Cc: bitcoin-development@lists•sourceforge.net
Subject: Re: [Bitcoin-development] Criminal complaints against "network disruption as a service" startups
Date: Mon, 23 Mar 2015 06:45:31 +0000 [thread overview]
Message-ID: <550FB68B.2030902@riseup.net> (raw)
In-Reply-To: <COL401-EAS421DD08D2BE08D9601E5139C20D0@phx.gbl>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Shizzle's opinion, it would seem, is highly important. I'm done here.
Thy Shizzle:
> Oh so you're talking about the criminality of one single entity? So
> having a quick look, it seems that the issue is they are collecting
> IPs and that kind of thing as well? So similar to what
> http://getaddr.bitnodes.io is doing but without the funding from
> the bitcoin foundation? If you are worried about your IP getting
> out you're behind a VPN. They can only collect the information made
> available to them. Botnets etc are completely different because you
> are forcing control over something you have no right to do. If
> companies want to sit there and collect publicly available
> information that you are voluntarily making available to them, why
> do you care? I can't see how it could be at all criminal.
> Remembering that most privacy laws relate to information that YOU
> PROVIDE to an entity during an agreement for service, payment, etc.
> You are providing this information publicly and they are collecting
> it from the public domain, not you giving it to them in an
> agreement, therefore the usual provisions of privacy etc don't
> apply. If you connect to their scraper node, of course they can log
> that. How could it possibly be criminal?
> ________________________________ From:
> odinn<mailto:odinn.cyberguerrilla@riseup•net> Sent: 23/03/2015
> 4:50 PM To: Thy Shizzle<mailto:thyshizzle@outlook•com> Cc:
> bitcoin-development@lists.sourceforge.net<mailto:bitcoin-development@lists•sourceforge.net>
>
>
Subject: Re: [Bitcoin-development] Criminal complaints against "network
disruption as a service" startups
>
> Back to what is Chainalysis and country of their origin, so
> criminal complaints against them would likely relate to violation
> of Swiss laws, as is described here:
> https://bitcointalk.org/index.php?topic=978088.msg10774882#msg10774882
>
> It is fairly obvious that Chainalysis is not merely doing what
> blockchain.info etc. is. Let's not delude ourselves here.
>
> As stated, it would be advisable for such a firm to cease
> operations, and it would seem that plenty of polite shots over the
> bow have been given to Chainalysis, which should now fold up its
> operation, pack its bags, and go back to its hole before trying to
> serve its masters again in another way. Etc.
>
> Corporations similar to Chainalysis which are domiciled in other
> countries which conduct collection of information in ways that
> violate countries' laws (there are many countries and each have
> their own ways of interpreting user privacy and what constitutes
> permissible breach and in what circumstances) can indeed be held to
> legal standards that may result in minimal or severe legal
> penalties. It is true that analyzing information that is publicly
> available, such as that which is in a library, is not illegal. But
> the act of surveillance is. (Then there is the question of what
> sort of surveillance, targeted or general, and whether it is
> limited to the bitcoin network or if it moves beyond that to
> attempts to correlate with usernames, IDs, IPs, and other
> information available on fora and apparent from services, but I
> won't get into that here.) Even if you argue that the manner in
> which you are performing your actions is not actually
> "surveillance," or you argue that it is "legally permissible,"
> someone else will certainly come along and make a reasonable
> argument that you are indeed engaging in illegal surveillance.
> They may even suggest to a judge that you are in the process of
> constructing a botnet and demand that your domains be seized, and
> may successfully obtain an ex parte temporary restraining order
> (TRO) against Chainalysis and similar corporations to have
> domain(s) seized. Any and all arguments may be added in here,
> there are 196 countries in the world today - each with their own
> unique laws - (maybe less by the time you read this) and a shit-ton
> of possible legal arguments that can be made by creative minds that
> might want to sue you if you have been surveilling people, each
> different depending on where your surveillance corporation is
> domiciled. There are plenty of legal processes available for
> people to do exactly that. You are indeed subject to having that
> happen to you if you continue to surveill the network even if you
> are doing so on behalf of the state for the purpose of gathering
> information for a state's compliance initiative.
>
> So, don't delude yourself, and be happy if all that happens is
> your little surveillance initiative has to close its doors (or gets
> sued if it stays open). Because that is the legal side of things.
> The extralegal stuff is far worse. The community is helping you by
> asking you gently to close up shop and go away. It is a helpful
> suggestion and I believe also a fair warning, again, a shot off the
> bow.
>
> On the development side, developers are certainly responsible for
> doing what they can to resist this kind of surveillance activity.
> But I have a feeling that will be a different thread which is more
> technical and so won't comment on it here, except to say it will
> likely involve working toward giving the user an anonymity option
> which can be exercised as part of any transaction.
>
> Thy Shizzle:
>> I don't believe that at all. Analyzing information publicly
>> available is not illegal. Chainalysis or whatever you call it
>> would be likened to observing who comes and feeds birds at the
>> park everyday. You can sit in the park and observe who feeds the
>> birds, just as you can connect to the Bitcoin P2P network and
>> observe the blocks being formed into the chain and transactions
>> etc. Unless there is some agreement taking place where it is
>> specified that upon connecting to the Bitcoin P2P swarm you agree
>> to a set of terms, however as every node is providing their own
>> "entry" into the P2P swarm it becomes really up to the node
>> providing the connection to uphold and enforce the terms of the
>> agreement. If you allow people to connect to you without terms of
>> agreement, you cannot cry foul when they record the data that
>> passes through. To say Chainalysis needs to cease is silly, the
>> whole point of the public blockchain is for Chainalysis, whether
>> it be for the verification of transactions, research or
>> otherwise.
>
>> -----Original Message----- From: "odinn"
>> <odinn.cyberguerrilla@riseup•net> Sent: 23/03/2015 1:48 PM
>> To: "bitcoin-development@lists•sourceforge.net"
>> <bitcoin-development@lists•sourceforge.net> Subject: Re:
>> [Bitcoin-development] Criminal complaints against "network
>> disruption as a service" startups
>
>> If you (e.g. Chainalysis) or anyone else are doing surveillance
>> on the network and gathering information for later use, and
>> whether or not the ultimate purpose is to divulge it to other
>> parties for compliance purposes, you can bet that ultimately the
>> tables will be turned on you, and you will be the one having your
>> ass handed to you so to speak, before or after you are served, in
>> legal parlance. Whether or not the outcome of that is meaningful
>> and beneficial to any concerned parties and what is the upshot of
>> it in the end depends on on what you do and just how far you
>> decide to take your ill-advised enterprise.
>
>> Chainalysis and similar operations would be, IMHO, well advised
>> to cease operations. This doesn't mean they will, but guess
>> what:
>
>> Shot over the bow, folks.
>
>> Jan Møller:
>>> What we were trying to achieve was determining the flow of
>>> funds between countries by figuring out which country a
>>> transaction originates from. To do that with a certain accuracy
>>> you need many nodes. We chose a class C IP range as we knew
>>> that bitcoin core and others only connect to one node in any
>>> class C IP range. We were not aware that breadwallet didn't
>>> follow this practice. Breadwallet risked getting tar-pitted,
>>> but that was not our intention and we are sorry about that.
>
>>> Our nodes DID respond with valid blocks and merkle-blocks and
>>> allowed everyone connecting to track the blockchain. We did
>>> however not relay transactions. The 'service' bit in the
>>> version message is not meant for telling whether or how the
>>> node relays transactions, it tells whether you can ask for
>>> block headers only or full blocks.
>
>>> Many implementations enforce non standard rules for handling
>>> transactions; some nodes ignore transactions with address
>>> reuse, some nodes happily forward double spends, and some nodes
>>> forward neither blocks not transactions. We did blocks but not
>>> transactions.
>
>>> In hindsight we should have done two things: 1. relay
>>> transactions 2. advertise address from 'foreign' nodes
>
>>> Both would have fixed the problems that breadwallet
>>> experienced. My understanding is that breadwallet now has the
>>> same 'class C' rule as bitcoind, which would also fix it.
>
>>> Getting back on the topic of this thread and whether it is
>>> illegal, your guess is as good as mine. I don't think it is
>>> illegal to log incoming connections and make statistical
>>> analysis on it. That would more or less incriminate anyone who
>>> runs a web-server and looks into the access log. At lease one
>>> Bitcoin service has been collecting IP addresses for years and
>>> given them to anyone visiting their web-site (you know who) and
>>> I believe that this practise is very wrong. We have no
>>> intention of giving IP addresses away to anyone, but we believe
>>> that you are free to make statistics on connection logs when
>>> nodes connect to you.
>
>>> On a side note: When you make many connections to the network
>>> you see lots of strange nodes and suspicious patterns. You can
>>> be certain that we were not the only ones connected to many
>>> nodes.
>
>>> My takeaway from this: If nodes that do not relay transactions
>>> is a problem then there is stuff to fix.
>
>>> /Jan
>
>>> On Fri, Mar 13, 2015 at 10:48 PM, Mike Hearn <mike@plan99•net>
>>> wrote:
>
>>>> That would be rather new and tricky legal territory.
>>>>
>>>> But even putting the legal issues to one side, there are
>>>> definitional issues.
>>>>
>>>> For instance if the Chainalysis nodes started following the
>>>> protocol specs better and became just regular nodes that
>>>> happen to keep logs, would that still be a violation? If so,
>>>> what about blockchain.info? It'd be shooting ourselves in
>>>> the foot to try and forbid block explorers given how useful
>>>> they are.
>>>>
>>>> If someone non-maliciously runs some nodes with debug
>>>> logging turned on, and makes full system backups every night,
>>>> and keeps those backups for years, are they in violation of
>>>> whatever pseudo-law is involved?
>>>>
>>>> I think it's a bit early to think about these things right
>>>> now. Michael Grønager and Jan Møller have been Bitcoin
>>>> hackers for a long time. I'd be interested to know their
>>>> thoughts on all of this.
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>>
>>>>
>
>>>>
>>>>
> Dive into the World of Parallel Programming The Go Parallel
> Website,
>>>> sponsored by Intel and developed in partnership with
>>>> Slashdot Media, is your hub for all things parallel software
>>>> development, from weekly thought leadership blogs to news,
>>>> videos, case studies, tutorials and more. Take a look and
>>>> join the conversation now.
>>>> http://goparallel.sourceforge.net/
>>>> _______________________________________________
>>>> Bitcoin-development mailing list
>>>> Bitcoin-development@lists•sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>>>
>>>>
>
>>>>
>>>>
>
>
>>> ------------------------------------------------------------------------------
>
>>>
>>>
>
>> Dive into the World of Parallel Programming The Go Parallel
>> Website, sponsored
>>> by Intel and developed in partnership with Slashdot Media, is
>>> your hub for all things parallel software development, from
>>> weekly thought leadership blogs to news, videos, case studies,
>>> tutorials and more. Take a look and join the conversation now.
>>> http://goparallel.sourceforge.net/
>
>
>
>>> _______________________________________________
>>> Bitcoin-development mailing list
>>> Bitcoin-development@lists•sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>>>
>
>
>> ------------------------------------------------------------------------------
>
>>
>
> Dive into the World of Parallel Programming The Go Parallel
> Website, sponsored
>> by Intel and developed in partnership with Slashdot Media, is
>> your hub for all things parallel software development, from
>> weekly thought leadership blogs to news, videos, case studies,
>> tutorials and more. Take a look and join the conversation now.
>> http://goparallel.sourceforge.net/
>> _______________________________________________
>> Bitcoin-development mailing list
>> Bitcoin-development@lists•sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
>
- --
http://abis.io ~
"a protocol concept to enable decentralization
and expansion of a giving economy, and a new social good"
https://keybase.io/odinn
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCgAGBQJVD7aKAAoJEGxwq/inSG8C4KsIAIu5atra8Y9R9oejNryjMQkz
UOVORw3y0eD8yaAiJJQzJjmNE6UXC92R3gM3KtQoQchSQ6RhyhZUZkzCY7k2Ug08
8UZnxjgAHCwScGUSgpDu2hcGDtC+Csa1EKOExjCxYCBlVRI+cCJqxIm9d7vGDi4V
R1y57xtKtussJxhZKVjIxothkHtSy5HuaKdKLfI7ikoBAerOVY7bGCxE+drUr4OO
Sgxe94M8z/ecFk3h37ZhuL2P+mNAlCKQkW592628XC0bXN8iT2vW7MnB3BLEBzvb
TeWFYUFjs5v09B6Cw6LQWFGKdFwLGganybeEqoKNfzrihEAa19PFsRWHPStMUCM=
=JnJQ
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2015-03-23 6:45 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-23 6:10 Thy Shizzle
2015-03-23 6:45 ` odinn [this message]
-- strict thread matches above, loose matches on Subject: below --
2015-03-23 3:38 Thy Shizzle
2015-03-23 5:50 ` odinn
2015-03-13 20:01 Justus Ranvier
2015-03-13 21:48 ` Mike Hearn
2015-03-13 22:03 ` Justus Ranvier
2015-03-13 22:08 ` Mike Hearn
2015-03-13 22:16 ` Justus Ranvier
2015-03-13 22:24 ` Mike Hearn
2015-03-13 22:38 ` Justus Ranvier
2015-03-16 8:44 ` Jan Møller
2015-03-16 19:33 ` Aaron Voisine
2015-03-23 2:44 ` odinn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=550FB68B.2030902@riseup.net \
--to=odinn.cyberguerrilla@riseup$(echo .)net \
--cc=bitcoin-development@lists$(echo .)sourceforge.net \
--cc=thyshizzle@outlook$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox