Silk Road forums
Discussion => Security => Topic started by: newhorizen on January 28, 2012, 02:13 pm
-
When you spend your BTC's on SR the transfer from the buyers wallet to the sellers is randomized threw several dummy wallets? How secure is this?
With BTC I always thought you could always know the address of a wallet you sent to so a malicious LEO type could at least track the BTC thought the BTC system, right?
-
I've been thinking about the SR wallet and how it's setup, and it doesn't make sense. A user to user transaction is instant. When you buy something, your funds moving to escrow is instant. When you send or receive money, your wallet number doesn't change. User to user transactions do not use your SR wallet number.
Maybe this has been discussed before, but I have a feeling that SR has one giant wallet, and each user's individual wallet is a real wallet number that never gets used unless you want the coin to leave SR. SR setup the DB so that your wallet number is connected to your ID, but is never actually used by the BTC network. SR manages all your transactions with this ID, and only if you leave SR does it expose your wallet to the BTC network.
Having coin leave SR can take a few hours to move wallets....which is what you'd expect.
This is all speculation, but you could infer an answer to your question.
-
If you're curious what is happening with your BTC, after deposit to SR wallet:
[*] Go to www.blockexplorer.com - using tor!
[*] Enter your SR wallet address in the search box, hit enter.
Here's what I found:
Several hours after deposit (18 hours in my case), the BTC is sent in one whole chunk to another address. Using reason and logic, I've figured that this new address is one of very many mixing-pot addresses used by SR. After this the trail ends.
Conclusion: At best, an adversary can see that you are *using SR*, but cannot determine which buyers or sellers are interacting with each other. If SR has *some* legitimate (legal) items on sale, then it cannot be deduced that you have used BTC for anything illegal.
How? Adversary who makes deposits to escrow can find the address of SR mixing-pots. Therefore an adversary can trace all BTC in that mixing pot back to your MtGox or TradeHill account *if* you didn't pre-mix elsewhere.
Disclaimer: ^ the above info may or may not be in any ways correct.
-
That's my point, though. Unless you do something with your SR wallet outside of SR, it never shows up on the network. If you only stay within SR, you never hit the outside world.
I see the combinations of what happens as:
1. You buy BTC from a vendor, and then use it on a vendor, that information never leaves SR.
2. You buy BTC from a vendor, transfer it out, tumble it around, and then go back to SR, you exposed yourself.
3. You buy BTC on an exchange, tumble it around, and then go to SR, you exposed yourself.
In all 3 cases, SR is the weakest link, and it has built in tumbling algorithms. I think that option 1 minimizes exposure.
If I'm right about how SR handles an individual's "wallet" (I use quotes, because it's not possible for it to be a true wallet), SR could destroy the record of you using the coin after the transaction is done. Considering that they only show the last 30 days or so of transactions on your account screen, they're either removing them after that time or filtering them; I would guess removing. If you leave SR, your transaction's on the network, and the record is permanent (not completely anonymous, but cost prohibitive to track properly).
Back on your question....does it randomize through dummy wallets? I don't think it's really using wallets on transactions. I think it's more involved, and probably better, as they retain more control. Or that's worse.
Or I'm completely wrong.
-
Ok, thanks for your inputs. I asked the question as an idea to use SR as a Bitcoin washing service. These exist else where but are probably run by Russian hackers who if the transfer was large enough you would never see your BTC again. If correct you could set up a custom listing on SR just to "anonymize" your BTC to a fairly high standard pretty quick and easy.
-
Im sure the SR admins have thought this thru. Again, the way i see it is that everyone coins are put into one huge account. Im assuming that SR also is a bitcoin miner. These coins are added to the "pool" when sr transfers money out to you btc address, it creates dummy addresses as well. While leo would have to be very motivated to find a btc that came from SR. then they would have to prove to a jury (i can just see them trying to explain what a bitcoin is to a 70 year old grandmother) that bitcoin was used for illicit purposes and prove that it was you. Thats a lot of work.
On top of that, if you move your bitcoins from SR to a couple of computer wallets thru tor over a couple days in random amounts. this just makes things that much harder to trace. (not too many people want to go thru this trouble, but if your that worried about it, I would)...
While the bitcoin is not 100 percent anonymous, its pretty damn close if you do it right...Its the closes thing we have to anonymity so far.
Basically, SR is adding extra layers of protection. Just thinking about it makes me have a headache, lol..
-
1. You buy BTC from a vendor, and then use it on a vendor, that information never leaves SR.
2. You buy BTC from a vendor, transfer it out, tumble it around, and then go back to SR, you exposed yourself.
3. You buy BTC on an exchange, tumble it around, and then go to SR, you exposed yourself.
[1] SR explicitly recommends never to do this. Its also slow and inconvenient. Having USD on hand at MtGox or TradeHill is far more convenient.
[2] See ^
[3] "Tumble it around -> go to SR -> you exposed yourself" ...WTF??? I think you might want to clarify a little. The way its written it looks like you are suggesting that the tumbling was ineffective? How can you be exposed if your MtGox/tradehill coins were tumbled and cleaned prior to depositing to SR?
Before getting lost in the theory of it all, I highly recommend everyone checks out their wallets in blockexplorer.
-
Im sure the SR admins have thought this thru. Again, the way i see it is that everyone coins are put into one huge account.
That's what I think as well. It's the only way to make it work.
Lexus - You're not following what I wrote.
-
Lexus - You're not following what I wrote.
One can only follow the words as you've written them... I get the feeling that what you wrote is not precisely what you meant.
-
I know bitcoins have the record of every place they have come from
does this mean that if i have bitcoins in a wallet on my computer, my ip address will permenatly be connected to those bitcoins?
-
^ no, not at all.
By default, ipaddress sending is not enabled. There is a feature where you can send bitcoins to an ipaddress and it will go in that person's wallet, but its not enabled by default.
So having a wallet on your PC doesn't link your IP.
The question is --> how did the coins get in your wallet? Mining? MtGox? TradeHill? Most people like to anonymize their MtGox and TradeHill coins but I don't know if its entirely necessary. Its great for peace of mind though.
-
[1] SR explicitly recommends never to do this. Its also slow and inconvenient. Having USD on hand at MtGox or TradeHill is far more convenient.
This thread is about tracking BTC once you have it, not about getting ripped off trying to accumulate it. SR recommends against it because it is "not setup for this kind of product". That's why they recommend against it.
[3] "Tumble it around -> go to SR -> you exposed yourself" ...WTF??? I think you might want to clarify a little. The way its written it looks like you are suggesting that the tumbling was ineffective? How can you be exposed if your MtGox/tradehill coins were tumbled and cleaned prior to depositing to SR?
The wallet that you use on SR does not record any transactions on the network unless you transfer into or out of SR. Read what I wrote from the beginning, and you'll understand.
-
I'd actually think that the bitcoin tumbling websites would be pretty effective as the deposit address and sending address of the service wouldn't have to match at all. At the same time, I believe that SR's internal functioning was set up in a similar way; I remember reading about it, but I don't recall where exactly I read that.
-
I'd actually think that the bitcoin tumbling websites would be pretty effective
Absolutely. Me too. I tried asking unbiased what he meant by "If you Tumble, Then Go to Sr, You're exposed" but the answer was about something else... oh well.