-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Shizzle's opinion, it would seem, is highly important. I'm done here. Thy Shizzle: > Oh so you're talking about the criminality of one single entity? So > having a quick look, it seems that the issue is they are collecting > IPs and that kind of thing as well? So similar to what > http://getaddr.bitnodes.io is doing but without the funding from > the bitcoin foundation? If you are worried about your IP getting > out you're behind a VPN. They can only collect the information made > available to them. Botnets etc are completely different because you > are forcing control over something you have no right to do. If > companies want to sit there and collect publicly available > information that you are voluntarily making available to them, why > do you care? I can't see how it could be at all criminal. > Remembering that most privacy laws relate to information that YOU > PROVIDE to an entity during an agreement for service, payment, etc. > You are providing this information publicly and they are collecting > it from the public domain, not you giving it to them in an > agreement, therefore the usual provisions of privacy etc don't > apply. If you connect to their scraper node, of course they can log > that. How could it possibly be criminal? > ________________________________ From: > odinn<mailto:odinn.cyberguerrilla@...> Sent: ‎23/‎03/‎2015 > 4:50 PM To: Thy Shizzle<mailto:thyshizzle@...> Cc: > bitcoin-development@...<mailto:bitcoin-development@...> > > Subject: Re: [Bitcoin-development] Criminal complaints against "network disruption as a service" startups > > Back to what is Chainalysis and country of their origin, so > criminal complaints against them would likely relate to violation > of Swiss laws, as is described here: > https://bitcointalk.org/index.php?topic=978088.msg10774882#msg10774882 > > It is fairly obvious that Chainalysis is not merely doing what > blockchain.info etc. is. Let's not delude ourselves here. > > As stated, it would be advisable for such a firm to cease > operations, and it would seem that plenty of polite shots over the > bow have been given to Chainalysis, which should now fold up its > operation, pack its bags, and go back to its hole before trying to > serve its masters again in another way. Etc. > > Corporations similar to Chainalysis which are domiciled in other > countries which conduct collection of information in ways that > violate countries' laws (there are many countries and each have > their own ways of interpreting user privacy and what constitutes > permissible breach and in what circumstances) can indeed be held to > legal standards that may result in minimal or severe legal > penalties. It is true that analyzing information that is publicly > available, such as that which is in a library, is not illegal. But > the act of surveillance is. (Then there is the question of what > sort of surveillance, targeted or general, and whether it is > limited to the bitcoin network or if it moves beyond that to > attempts to correlate with usernames, IDs, IPs, and other > information available on fora and apparent from services, but I > won't get into that here.) Even if you argue that the manner in > which you are performing your actions is not actually > "surveillance," or you argue that it is "legally permissible," > someone else will certainly come along and make a reasonable > argument that you are indeed engaging in illegal surveillance. > They may even suggest to a judge that you are in the process of > constructing a botnet and demand that your domains be seized, and > may successfully obtain an ex parte temporary restraining order > (TRO) against Chainalysis and similar corporations to have > domain(s) seized. Any and all arguments may be added in here, > there are 196 countries in the world today - each with their own > unique laws - (maybe less by the time you read this) and a shit-ton > of possible legal arguments that can be made by creative minds that > might want to sue you if you have been surveilling people, each > different depending on where your surveillance corporation is > domiciled. There are plenty of legal processes available for > people to do exactly that. You are indeed subject to having that > happen to you if you continue to surveill the network even if you > are doing so on behalf of the state for the purpose of gathering > information for a state's compliance initiative. > > So, don't delude yourself, and be happy if all that happens is > your little surveillance initiative has to close its doors (or gets > sued if it stays open). Because that is the legal side of things. > The extralegal stuff is far worse. The community is helping you by > asking you gently to close up shop and go away. It is a helpful > suggestion and I believe also a fair warning, again, a shot off the > bow. > > On the development side, developers are certainly responsible for > doing what they can to resist this kind of surveillance activity. > But I have a feeling that will be a different thread which is more > technical and so won't comment on it here, except to say it will > likely involve working toward giving the user an anonymity option > which can be exercised as part of any transaction. > > Thy Shizzle: >> I don't believe that at all. Analyzing information publicly >> available is not illegal. Chainalysis or whatever you call it >> would be likened to observing who comes and feeds birds at the >> park everyday. You can sit in the park and observe who feeds the >> birds, just as you can connect to the Bitcoin P2P network and >> observe the blocks being formed into the chain and transactions >> etc. Unless there is some agreement taking place where it is >> specified that upon connecting to the Bitcoin P2P swarm you agree >> to a set of terms, however as every node is providing their own >> "entry" into the P2P swarm it becomes really up to the node >> providing the connection to uphold and enforce the terms of the >> agreement. If you allow people to connect to you without terms of >> agreement, you cannot cry foul when they record the data that >> passes through. To say Chainalysis needs to cease is silly, the >> whole point of the public blockchain is for Chainalysis, whether >> it be for the verification of transactions, research or >> otherwise. > >> -----Original Message----- From: "odinn" >> <odinn.cyberguerrilla@...> Sent: ‎23/‎03/‎2015 1:48 PM >> To: "bitcoin-development@..." >> <bitcoin-development@...> Subject: Re: >> [Bitcoin-development] Criminal complaints against "network >> disruption as a service" startups > >> If you (e.g. Chainalysis) or anyone else are doing surveillance >> on the network and gathering information for later use, and >> whether or not the ultimate purpose is to divulge it to other >> parties for compliance purposes, you can bet that ultimately the >> tables will be turned on you, and you will be the one having your >> ass handed to you so to speak, before or after you are served, in >> legal parlance. Whether or not the outcome of that is meaningful >> and beneficial to any concerned parties and what is the upshot of >> it in the end depends on on what you do and just how far you >> decide to take your ill-advised enterprise. > >> Chainalysis and similar operations would be, IMHO, well advised >> to cease operations. This doesn't mean they will, but guess >> what: > >> Shot over the bow, folks. > >> Jan Møller: >>> What we were trying to achieve was determining the flow of >>> funds between countries by figuring out which country a >>> transaction originates from. To do that with a certain accuracy >>> you need many nodes. We chose a class C IP range as we knew >>> that bitcoin core and others only connect to one node in any >>> class C IP range. We were not aware that breadwallet didn't >>> follow this practice. Breadwallet risked getting tar-pitted, >>> but that was not our intention and we are sorry about that. > >>> Our nodes DID respond with valid blocks and merkle-blocks and >>> allowed everyone connecting to track the blockchain. We did >>> however not relay transactions. The 'service' bit in the >>> version message is not meant for telling whether or how the >>> node relays transactions, it tells whether you can ask for >>> block headers only or full blocks. > >>> Many implementations enforce non standard rules for handling >>> transactions; some nodes ignore transactions with address >>> reuse, some nodes happily forward double spends, and some nodes >>> forward neither blocks not transactions. We did blocks but not >>> transactions. > >>> In hindsight we should have done two things: 1. relay >>> transactions 2. advertise address from 'foreign' nodes > >>> Both would have fixed the problems that breadwallet >>> experienced. My understanding is that breadwallet now has the >>> same 'class C' rule as bitcoind, which would also fix it. > >>> Getting back on the topic of this thread and whether it is >>> illegal, your guess is as good as mine. I don't think it is >>> illegal to log incoming connections and make statistical >>> analysis on it. That would more or less incriminate anyone who >>> runs a web-server and looks into the access log. At lease one >>> Bitcoin service has been collecting IP addresses for years and >>> given them to anyone visiting their web-site (you know who) and >>> I believe that this practise is very wrong. We have no >>> intention of giving IP addresses away to anyone, but we believe >>> that you are free to make statistics on connection logs when >>> nodes connect to you. > >>> On a side note: When you make many connections to the network >>> you see lots of strange nodes and suspicious patterns. You can >>> be certain that we were not the only ones connected to many >>> nodes. > >>> My takeaway from this: If nodes that do not relay transactions >>> is a problem then there is stuff to fix. > >>> /Jan > >>> On Fri, Mar 13, 2015 at 10:48 PM, Mike Hearn <mike@...> >>> wrote: > >>>> That would be rather new and tricky legal territory. >>>> >>>> But even putting the legal issues to one side, there are >>>> definitional issues. >>>> >>>> For instance if the Chainalysis nodes started following the >>>> protocol specs better and became just regular nodes that >>>> happen to keep logs, would that still be a violation? If so, >>>> what about blockchain.info? It'd be shooting ourselves in >>>> the foot to try and forbid block explorers given how useful >>>> they are. >>>> >>>> If someone non-maliciously runs some nodes with debug >>>> logging turned on, and makes full system backups every night, >>>> and keeps those backups for years, are they in violation of >>>> whatever pseudo-law is involved? >>>> >>>> I think it's a bit early to think about these things right >>>> now. Michael Grønager and Jan Møller have been Bitcoin >>>> hackers for a long time. I'd be interested to know their >>>> thoughts on all of this. >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> >>>> > >>>> >>>> > Dive into the World of Parallel Programming The Go Parallel > Website, >>>> sponsored by Intel and developed in partnership with >>>> Slashdot Media, is your hub for all things parallel software >>>> development, from weekly thought leadership blogs to news, >>>> videos, case studies, tutorials and more. Take a look and >>>> join the conversation now. >>>> http://goparallel.sourceforge.net/ >>>> _______________________________________________ >>>> Bitcoin-development mailing list >>>> Bitcoin-development@... >>>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development >>>> >>>> > >>>> >>>> > > >>> ------------------------------------------------------------------------------ > >>> >>> > >> Dive into the World of Parallel Programming The Go Parallel >> Website, sponsored >>> by Intel and developed in partnership with Slashdot Media, is >>> your hub for all things parallel software development, from >>> weekly thought leadership blogs to news, videos, case studies, >>> tutorials and more. Take a look and join the conversation now. >>> http://goparallel.sourceforge.net/ > > > >>> _______________________________________________ >>> Bitcoin-development mailing list >>> Bitcoin-development@... >>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development > >>> > > >> ------------------------------------------------------------------------------ > >> > > Dive into the World of Parallel Programming The Go Parallel > Website, sponsored >> by Intel and developed in partnership with Slashdot Media, is >> your hub for all things parallel software development, from >> weekly thought leadership blogs to news, videos, case studies, >> tutorials and more. Take a look and join the conversation now. >> http://goparallel.sourceforge.net/ >> _______________________________________________ >> Bitcoin-development mailing list >> Bitcoin-development@... >> https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > > - -- http://abis.io ~ "a protocol concept to enable decentralization and expansion of a giving economy, and a new social good" https://keybase.io/odinn -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJVD7aKAAoJEGxwq/inSG8C4KsIAIu5atra8Y9R9oejNryjMQkz UOVORw3y0eD8yaAiJJQzJjmNE6UXC92R3gM3KtQoQchSQ6RhyhZUZkzCY7k2Ug08 8UZnxjgAHCwScGUSgpDu2hcGDtC+Csa1EKOExjCxYCBlVRI+cCJqxIm9d7vGDi4V R1y57xtKtussJxhZKVjIxothkHtSy5HuaKdKLfI7ikoBAerOVY7bGCxE+drUr4OO Sgxe94M8z/ecFk3h37ZhuL2P+mNAlCKQkW592628XC0bXN8iT2vW7MnB3BLEBzvb TeWFYUFjs5v09B6Cw6LQWFGKdFwLGganybeEqoKNfzrihEAa19PFsRWHPStMUCM= =JnJQ -----END PGP SIGNATURE-----