Silk Road forums

Discussion => Security => Topic started by: DeepSurfer on November 14, 2011, 11:37 pm

Title: The very truth about Bitcoins tumbling?
Post by: DeepSurfer on November 14, 2011, 11:37 pm
Hi Silk Road Forum members, I believe you will find what I´m about to post very interesting (even to crush it if you desire, I may be posting crap believing to be real truthfull and important stuff):

About all the weakness in a complete transaction through SR, there seems to be two mayor weak points: a)get the bitcoins and pay anonymously; 2) receive the product.

And I want to focus on the first point. There´s lot (as far as I have read here over the last month since I got to here) about how to tumble the transactions when it comes to get and transfers the bitcoins. And all seems to end in the following methods:

a) get the bitcoins, tumble them through InstantWallet, then send them at last to your SR Wallet.
b) get the bitcoins, and send them directly to your SR wallet.

The first method is the most popular while the second is regarded as dangerous. But, here´s the thing: SR has its own incorporated tumbler. And having read a lot about how BTC works, then you must figure out that all BTC´s operations are recorded publicly, so using all that "InstantWallet tumbling" seems useless at least SR built-in tumbler is worst than you in tumbling (which considering what I have read on how most of people here tumble his BTC´s means that or SR tumbler it´really primitive or the extra-tumbling is useless.)

What do you think?

( BTW, english it´s  not my born language, so you´ll understand why  this post may look written by a ignorant, sorry my bro´s.)
Title: Re: The very truth about Bitcoins tumbling?
Post by: readyrock on November 14, 2011, 11:47 pm
I know very little about tumbling but I am also interested in what some experts think about all this.  I always felt tumbling was pointless since all transaction are public.  I really don't have any expertise in this area but again would love to hear from someone who does.
Title: Re: The very truth about Bitcoins tumbling?
Post by: g4bb3r on November 15, 2011, 01:02 am
If you're just buying, SR's built in tumbler should do you fine.
Title: Re: The very truth about Bitcoins tumbling?
Post by: CrunchyFrog on November 15, 2011, 02:36 am
If you used non-anonymous means to obtain your BTC then breaking the link between them and you *before* using them for an illegal purpose simply makes good sense.  If you think that SR *could* be compromized by LE then breaking that link before sending them to SR also seems prudent.
Title: Re: The very truth about Bitcoins tumbling?
Post by: Jinx on November 15, 2011, 05:04 am
Ya, you can track the bitcoins publicly. However, there is know way to prove who had taken posetion of the bitcoins along the way. So, like sure you can say, "Hay, bitcoins where bought on MtGox and then were transferred to this address, and then were transferred to SR," however there is no way to prove who owned the middle address all you know is that the bitcoins ended up at SR. If you transfer bitcoin directly from SR to MtGox and cash out into your bank account. They may be able to prove that you got bitcoin form SR, but there is no way to prove that you sold anything on SR, what you sold, or that it was illegal to sell.

This is all considering you set your bitcoin client to go though TOR and you change your exit nodes.
Title: Re: The very truth about Bitcoins tumbling?
Post by: lazypeepsarebusted on November 15, 2011, 07:31 am
I think the built in mixing on SR is pretty close to worthless. It is clearly just mixing drug money with drug money. It might make it so an attacker doesn't know exactly who you sent bitcoins to, but they still know you got something off SR. It might make it so the attacker doesn't know exactly what you were paid for, but they still know you sold something on SR. You also need to be careful because the prices for stuff sold on SR are public. If you load just enough for a single item to SR and make a single transfer for that item, it probably isn't going to be very hard for an attacker to know exactly what you bought even though your coins were mixed. In short I think the mixing provided by SR is inadequate for two reasons; it doesn't hide the fact that you used SR in a vending or customer role...and it doesn't make it easy to hide what you were paid for. Also you really should start calling it mixing instead of tumbling, unless you like calling underlying systems by the brand name of the first company to get them popular. If you talk to security professionals about tumblers they are probably going to wonder wtf you are talking about.

http://g7pz322wcy6jnn4r.onion/opensource/II/Payment.html
Title: Re: The very truth about Bitcoins tumbling?
Post by: DeepSurfer on November 15, 2011, 09:42 am
Thanks a lot for your answers dudes, you were pretty clear about all what you said, it served to me a lot. I´m realizing for what you wrote that the best move is to get the bitcoins for then first time anonymously but is far from be easy. Otherwise the tumbling/mixing make sense for cutting the link between me and SR.

lazypeepsarebusted: As a matter of fact I didn´t know the word "tumble"or "tumbler" and a google translation to spanish gives me something like"to fell" and "glass" (?) but I always thought of it as meaning "mixing" or "blending"
Title: Re: The very truth about Bitcoins tumbling?
Post by: Beastie on November 16, 2011, 07:23 am
Even if the cops know you sent bitcoins to SR or got bitcoins from SR that is not enough to arrest you. That was good thinking about if one were to just load the exact amount to pay for something. However, there are still many combinations of items one could have bought for that price. Also, there is no way to know if the person actually spent that exact amount of bitcoins on SR, only that they loaded that amount. Just rounding up to the nearest bitcoin would be fine. SR dose not seem to send bitcoins from a buyer to a seller, because it happens right away. They must do that in a database like any sane person would do. All SR really needs to do is put all bitcoin in the same private key and then dish them back out to the person requesting a withdraw. In other words. you send bitcoin to that bitcoin address in your account page. Then SR adds that amount to your account the the database and sends the bitcoins to the single core bitcoin address. Then there is no way to tell to which seller the bitcoins are going to by looking at the bitcoin network. If you are a seller you could just resell you bitcoins on SR and just transfer the bitcoins to the buyers user name. That way the transaction dose not even happen it the bitcoin network, just in SR's database. Furthermore, Just because you received bitcoin from SR dose not even mean you sold anything at all. You could have just uploaded bitcoins and now you want them back. Also, there are many items for sale on SR that are not illegal. The only extra security measure you should take is to connect your bitcoin client though TOR, so if someone is monitoring the bitcoin network they do not trace the bitcoin address to your IP (which is only theoretically possible).

If you watch Dan Kaminskys talk on bitcoin security you will see that it is possible to track bitcoin addresses and theoretically IP's. However, not the owners of the addresses. He got all excited about this and said the network was not anonymous. However, he could not prove who the owner of the bitcoin address are. One can make guesses, but not nearly strong enough guesses to arrest you over or even get a search warrant.