1 2017-09-02 13:25:20 <RealM9> Bitcoin network is easy to monitor right now for state-level or ISP level actors. They can 1)see IPs of lightweight node/SPV node users, because when they announce TX, it's unencrypted 2)monitor Full node traffic and determine which TXes are created by them 3)monitor Full nodes and see which TXes are announced to them by lighweight/SPV nodes, thus identify them by IP.
  2 2017-09-02 13:25:44 <RealM9> After that, this state level actor can associate names with bitcoin addresses
  3 2017-09-02 13:27:00 <RealM9> Currently,U.S agency like NSA can do it easily, because they intercept all U.S network traffic for 24h (iirc), so they can create specific apps for blockchain monitoring and identify a huge part of bitcoin network
  4 2017-09-02 13:28:25 <RealM9> The problem is that TXes are unencrypted. I read BIP151 (it encryots communications between nodes) and it's a great idea, that will make bitcoin network more private. But as i understand, it will be optional for everybody to use
  5 2017-09-02 13:30:32 <esotericnonsense> RealM9: you can run bitcoin over tor if you like
  6 2017-09-02 13:30:36 <esotericnonsense> RealM9: LN connections are encrypted also
  7 2017-09-02 13:30:37 <RealM9> To make bitcoin network private, first of all, all full node TX data should be encrypted when relayed BY DEFAULT. Block data should stay unencrypted, because it's faster and there is no need for it to be encrypted. But all TX data should be encrypted
  8 2017-09-02 13:31:30 <RealM9> Yes, i understand. TOR can make your tx private. But what i'm thinking is that all TXes should be private at protocol level. ISPs shouldn't see your TX data, if it's not over tor
  9 2017-09-02 13:31:53 <RealM9> I think most of network TX data should be encrypted, when sent
 10 2017-09-02 13:32:12 <RealM9> Everyone should have some privacy by default.
 11 2017-09-02 13:32:59 <RealM9> Sure, gov can operate many full nodes, but that's harder. If every connection is open and not encrypted, it's so easy to perform mass surveillance
 12 2017-09-02 13:33:06 <RealM9> Think about it
 13 2017-09-02 13:34:00 <esotericnonsense> RealM9: unauthenticated encryption is a problem wrt mitm as well if you want to do this for everyone
 14 2017-09-02 13:34:02 <esotericnonsense> however
 15 2017-09-02 13:34:20 <esotericnonsense> additionally I think 'by default' is a bit of a strange bar, your problem is that there are so many different implementations of wallets
 16 2017-09-02 13:35:14 <esotericnonsense> at the moment a bunch of them use centralised block explorer sites to show details about transactions
 17 2017-09-02 13:35:45 <RealM9> Bitcoin core at least
 18 2017-09-02 13:36:22 <RealM9> I think there was some BIP, how to protect against MITM, but i don't know much about it
 19 2017-09-02 13:38:11 <RealM9> I mean, use encrytion whenever is possible
 20 2017-09-02 13:42:00 <bytting> RealM9: The question becomes, how much is enough, and what goes into the core protocol layer, and what should go into the second layer. ANd what is the goals, fungibility, personal security...
 21 2017-09-02 13:42:07 <Megumiin> https://github.com/bitcoin/bips/blob/master/bip-0151.mediawiki
 22 2017-09-02 13:44:40 <RealM9> I think all TX data should be encrypted at the protocol layer
 23 2017-09-02 13:45:19 <RealM9> Think about websites. They use HTTPS, to stop ISPs and attackers from monitoring traffic
 24 2017-09-02 13:45:34 <Megumiin> websites are not peer-to-peer
 25 2017-09-02 13:45:55 <RealM9> And what problems does p2p create?
 26 2017-09-02 13:46:00 <Megumiin> Authentication
 27 2017-09-02 13:46:13 <RealM9> Are there any solutions?
 28 2017-09-02 13:46:14 <Megumiin> How do you know you're talking to another peer instead of a MITM setup by your ISP?
 29 2017-09-02 13:46:16 <Megumiin> No
 30 2017-09-02 13:46:34 <Megumiin> Short of accepting encryption without authentication
 31 2017-09-02 13:46:47 <Megumiin> but that doesn't prevent your ISP from listening
 32 2017-09-02 13:46:59 <Megumiin> It just makes it slightly harder and noticible
 33 2017-09-02 13:47:13 <RealM9> iirc there was some BIP for authentication, no?
 34 2017-09-02 13:47:41 <Megumiin> no, only unauthenticated encryption
 35 2017-09-02 13:47:51 <Megumiin> (BIP151, which I just linked)
 36 2017-09-02 13:47:52 <esotericnonsense> think about what you are typing :)
 37 2017-09-02 13:47:58 <esotericnonsense> authenticated communication to nodes makes no sense
 38 2017-09-02 13:48:03 <esotericnonsense> the point is that they are unknown entities
 39 2017-09-02 13:48:47 <esotericnonsense> at best you could do something like ssh TOFU
 40 2017-09-02 13:49:28 <Megumiin> esotericnonsense: ips change, having pinned keys to ips could quickly isolate yourself from valid nodes
 41 2017-09-02 13:50:10 <Megumiin> TOFU only works when you're directly aware of when keys would change and to no longer expect previous keys
 42 2017-09-02 13:50:44 <RealM9> What abiu
 43 2017-09-02 13:50:49 <esotericnonsense> Megumiin: yeah, i kind of feel like this is just an intractable problem by definition, but i can see some degraded security mode vaguely, it's just hard to pin down
 44 2017-09-02 13:50:55 <RealM9> What about BIP150?
 45 2017-09-02 13:51:08 <esotericnonsense> i genuinely think this is a waste of time though. protect against ISP = vpn or tor (if you're not doing that anyway you've already lost in various other ways)
 46 2017-09-02 13:51:17 <esotericnonsense> protect against state level = ha
 47 2017-09-02 13:51:20 <esotericnonsense> ho ho ho he he he
 48 2017-09-02 13:51:57 <RealM9> Well, state can't hack any node. And if you use some good encryption...
 49 2017-09-02 13:52:17 <Megumiin> RealM9: that is an opt-in equivilent which only works if you directly add autheticated nodes.
 50 2017-09-02 13:52:20 <esotericnonsense> without authentication they can actively mitm it
 51 2017-09-02 13:52:31 <esotericnonsense> or they can just sybil you
 52 2017-09-02 13:52:38 <Megumiin> If using tor isn't a viable alternative, this is not either
 53 2017-09-02 13:52:57 <RealM9> Hm...shit...
 54 2017-09-02 13:53:05 <esotericnonsense> also 'state can't hack any node' is kind of an odd view to have
 55 2017-09-02 13:53:18 <RealM9> Every
 56 2017-09-02 13:53:20 <esotericnonsense> mass surveillance protection is one thing, targeted attacks = give up
 57 2017-09-02 13:53:22 <RealM9> Sorry, typo
 58 2017-09-02 13:53:23 <esotericnonsense> sure
 59 2017-09-02 13:53:43 <RealM9> That's what i think. We need to fight mass surveillance
 60 2017-09-02 13:54:24 <RealM9> If gov want to deanonymise someone it's a one thing. But if they monitor everybody, that's a problem
 61 2017-09-02 13:54:25 <Megumiin> If your only goal is to prevent passive surveillance bip151 is probably suffecient
 62 2017-09-02 13:55:02 <RealM9> Well, yeah, but it's very vulnerable...yeah
 63 2017-09-02 13:55:32 <RealM9> Hm, btw, how does the TOR protect against MITM?
 64 2017-09-02 13:56:12 <bytting> States could certainly need some protection against themself
 65 2017-09-02 13:56:18 <Megumiin> It doesn't, it just makes it extremely difficult to link the transaction back to you
 66 2017-09-02 13:56:45 <RealM9> I mean tor protocol. How does it protect against MITM
 67 2017-09-02 13:56:50 <RealM9> It's p2p too
 68 2017-09-02 13:57:00 <Megumiin> It doesn't really
 69 2017-09-02 13:57:05 <Megumiin> Any exit node is a defacto MITM
 70 2017-09-02 13:57:17 <RealM9> What about entry nodes?
 71 2017-09-02 13:57:32 <Megumiin> Any entry/relay node is a MITM, but they only get encrypted packets which they can't read
 72 2017-09-02 13:58:41 <RealM9> But when tor user tries to reach all nodes, entry, relay, exit. Could ISP mitm all these connections?
 73 2017-09-02 13:59:05 <RealM9> Oh, right now i understand. It doesnt work because tor goes trough various ISPs/countries...
 74 2017-09-02 14:00:19 <RealM9> Mitm attack*
 75 2017-09-02 14:01:26 <RealM9> Wait but no... fuck, now i fucking don't understand it. Could they?
 76 2017-09-02 14:01:52 <Megumiin> If every single entry/relay/exit node you used cooperated, they could fully track and MITM your connection.
 77 2017-09-02 14:02:06 <Megumiin> Tor only attempts to make that unlikely
 78 2017-09-02 14:02:15 <Megumiin> This is getting offtopic
 79 2017-09-02 14:04:34 <RealM9> Yeah... But if i understand correctly, a tor user first receives public keys of entry,relay,exit node no? ISP could possibly mitm these connections and insert his pubkeys, no?
 80 2017-09-02 14:04:53 <RealM9> Maybe i don't understand it well enough
 81 2017-09-02 14:07:29 <Megumiin> I couldn't tell you the speciffics, but I assume the tor clients trust tor's authenticaed list of nodes
 82 2017-09-02 14:08:35 <Megumiin> https://tor.stackexchange.com/questions/5/what-impact-does-tors-bootstrapping-process-have-for-attack-models
 83 2017-09-02 14:09:56 <Megumiin> https://www.torproject.org/docs/faq#KeyManagement
 84 2017-09-02 14:23:18 <RealM9> What if biggest full-node peer IP seed servers would use encrypted communication and their pubkey would be hard coded into full node softwares? Then they would receive peer IP info with their PubKeys? Then node could connect other peers and request their peer info+peer pubkeys. All pubkeys would be saved and wheny later used again, do it won't need to connect
 85 2017-09-02 14:24:11 <RealM9> *...when used again, it will have their pubkeys saved, so no more authentication needed
 86 2017-09-02 14:24:25 <RealM9> Problem would be if keys would be changed
 87 2017-09-02 14:24:34 <RealM9> All trust would start at the seeds
 88 2017-09-02 14:24:55 <RealM9> What do you think about something like this?
 89 2017-09-02 14:25:31 <esotericnonsense> centralized seeds kill the idea
 90 2017-09-02 14:25:44 <RealM9> But there are centralized seeds already, no?
 91 2017-09-02 14:26:16 <RealM9> Also, node will need to use them only once. At the first connection
 92 2017-09-02 14:27:00 <RealM9> Then it can just connect to other encrypted nodes and if needed, receive other encrypted peer info from them
 93 2017-09-02 14:27:12 <RealM9> Seed is just the start of the trust
 94 2017-09-02 14:28:56 <RealM9> Sure, if seed gets hacked and it's private key exposed AND if it's world level attacker, it could MITM everybody
 95 2017-09-02 14:29:54 <Megumiin> RealM9: It could also lie, and split the network, lie and make people unaware to find other nodes
 96 2017-09-02 14:30:31 <RealM9> But it already can, no?
 97 2017-09-02 14:30:34 <Megumiin> no
 98 2017-09-02 14:30:44 <RealM9> There are seeds already
 99 2017-09-02 14:30:54 <Megumiin> They only point you in the right direction
100 2017-09-02 14:30:59 <Megumiin> They don't tell you who you can/can't trust
101 2017-09-02 14:31:17 <RealM9> Hm, i don't understand
102 2017-09-02 14:31:30 <RealM9> They send you other full node IPs, no?
103 2017-09-02 14:31:38 <Megumiin> Yes, but they aren't authenticated
104 2017-09-02 14:31:51 <RealM9> Now they would send you full node IPs+their pubkeys
105 2017-09-02 14:31:52 <Megumiin> There are a few ways which you can find peers
106 2017-09-02 14:31:59 <Megumiin> What if they lie about their public keys?
107 2017-09-02 14:32:16 <RealM9> who?
108 2017-09-02 14:32:23 <RealM9> K...
109 2017-09-02 14:32:31 <Megumiin> The "trusted" person who tells you the list
110 2017-09-02 14:32:39 <Megumiin> What if that list is down?
111 2017-09-02 14:32:57 <Megumiin> What if that list is compromised by some government?
112 2017-09-02 14:33:00 <RealM9> If that list is down, new nodes couldn't connect
113 2017-09-02 14:33:04 <RealM9> Hm...
114 2017-09-02 14:33:07 <RealM9> Yeah
115 2017-09-02 14:33:25 <Megumiin> It becomes a centralized point of failure
116 2017-09-02 14:33:56 <RealM9> You're right... fck
117 2017-09-02 15:36:19 <RealM9> Is there any possible way how to solve this authentication problem?