Bitcoin and IP Address Privacy

By Milly Bitcoin – May 16, 2013

The Electronic Frontier Foundation (EFF) released a statement today about Bitcoin. It states in the footnote “the network doesn’t actively conceal the IP addresses from which transactions were initiated.” This article explains how IP addresses are handled on the Bitcoin network.

If you use a web wallet or a service that connects to a centralized wallet then this does not apply. Only those services that you connect to have your IP address. They broadcast the transactions so if there is to be an IP address collected on the Bitcoin network then it is their IP address.

Many people have visited Blockchain.info. When you click on any transaction you see a “Relayed by IP.” What they do is run a program that tries to connect to as many Bitcoin nodes as possible. They are connected to many more nodes than most users but not all of them. The first IP address they happen to see is what they report as the “Relayed by IP”.

IP addresses are recorded in the “debug.log” files of the connected nodes. It collects lists of other connected nodes and that is how the peer-to-peer connections are propagated.

2013-03-30 07:37:32 Added 26 addresses from xx.xx.xx.xx: 0 tried, 52 new

2013-03-30 07:37:32 trying connection xx.xx.xx.xx:8333 lastseen=80.8hrs

2013-03-30 07:37:32 connected xx.xx.xx.xx:8333

A node only knows about IP addresses of placed it is connected to. So Blockchain.info displays the IP address that is saved in their logs. There is no IP address broadcast or saved in the blockchain. You can see the data that is saved by going to http://blockexplorer.com/, click on any block number, and click on “Raw Block.

If you do wish to run a full a node and broadcast transactions it is easy to avoid a node that is collecting and displaying IP addresses. Simply place a list of nodes you want to connect to and Bitcoin won’t connect to any other nodes:

# … or use as many connect= settings as you like to connect ONLY

# to specific peers:

#connect=69.164.218.197

#connect=10.0.0.1:8333

Below is an example Bitcoin configuration file that you can find at https://en.bitcoin.it/wiki/Running_Bitcoin.

UPDATE 5/18: A review of the EFF announcement references the paper An Analysis of Anonymity in the Bitcoin System. The paper references the “pay to IP address” feature in Bitcoin that was used for the defunct Bitcoin Faucet that sent free bitcoins to new users. That feature is rarely used and most people don’t realize it exists.

The paper also quotes Dan Kamisky:

Security researcher Dan Kaminsky has performed an analysis of the Bitcoin system, investigating identity leakage at the TCP/IP layer. He found that by opening a connection to all public peers in the network at once, he could map IP addresses to Bitcoin public-keys, working from the assumption that \the first node to inform you of a transaction is the source of it. . . [this is] more or less true, and absolutely over time” [16]. Using this approach it is possible to map public-keys to IP addresses unless users are using an anonymising proxy technology such as TOR.

As explained above, this claim is not true as it is not possible to “absolutely” associate an IP with a transaction over any amount of time.

A quick check of Blockchain.info shows they have attributed large number of transactions to one of the nodes I operate. This includes numerous bets from Satoshi Dice.