11/21/14

Bitcoin and Tor Support

Bitcoin and Tor Support

It is possible to run Bitcoin as a Tor hidden service, and connect to such services.

The following directions assume you have a Tor proxy running on port 9050. Many distributions default to having a SOCKS proxy listening on port 9050, but others may not. In particular, the Tor Browser Bundle defaults to listening on a random port. See Tor Project FAQ:TBBSocksPort for how to properly configure Tor.bitcoin-gollum

1. Run bitcoin behind a Tor proxy

The first step is running Bitcoin behind a Tor proxy. This will already make all outgoing connections be anonymized, but more is possible.

-socks=5        SOCKS5 supports connecting-to-hostname, which can be used instead

of doing a (leaking) local DNS lookup. SOCKS5 is the default,

but SOCKS4 does not support this. (SOCKS4a does, but isn’t

implemented).

-proxy=ip:port  Set the proxy server. If SOCKS5 is selected (default), this proxy

server will be used to try to reach .onion addresses as well.

-onion=ip:port  Set the proxy server to use for tor hidden services. You do not

need to set this if it’s the same as -proxy. You can use -noonion

to explicitly disable access to hidden service.

-listen         When using -proxy, listening is disabled by default. If you want

to run a hidden service (see next section), you’ll need to enable

it explicitly.

-connect=X      When behind a Tor proxy, you can specify .onion addresses instead

-addnode=X      of IP addresses or hostnames in these parameters. It requires

-seednode=X     SOCKS5. In Tor mode, such addresses can also be exchanged with

other P2P nodes.

In a typical situation, this suffices to run behind a Tor proxy:

./bitcoin -proxy=127.0.0.1:9050

2. Run a bitcoin hidden server

If you configure your Tor system accordingly, it is possible to make your node also reachable from the Tor network. Add these lines to your /etc/tor/torrc (or equivalent config file):

HiddenServiceDir /var/lib/tor/bitcoin-service/

HiddenServicePort 8333 127.0.0.1:8333

HiddenServicePort 18333 127.0.0.1:18333

The directory can be different of course, but (both) port numbers should be equal to your bitcoind’s P2P listen port (8333 by default).

-externalip=X   You can tell bitcoin about its publicly reachable address using

this option, and this can be a .onion address. Given the above

configuration, you can find your onion address in

/var/lib/tor/bitcoin-service/hostname. Onion addresses are given

preference for your node to advertize itself with, for connections

coming from unroutable addresses (such as 127.0.0.1, where the

Tor proxy typically runs).

-listen         You’ll need to enable listening for incoming connections, as this

is off by default behind a proxy.

-discover       When -externalip is specified, no attempt is made to discover local

IPv4 or IPv6 addresses. If you want to run a dual stack, reachable

from both Tor and IPv4 (or IPv6), you’ll need to either pass your

other addresses using -externalip, or explicitly enable -discover.

Note that both addresses of a dual-stack system may be easily

linkable using traffic analysis.

In a typical situation, where you’re only reachable via Tor, this should suffice:

./bitcoind -proxy=127.0.0.1:9050 -externalip=57qr3yd1nyntf5k.onion -listen

(obviously, replace the Onion address with your own). If you don’t care too much about hiding your node, and want to be reachable on IPv4 as well, additionally specify:

./bitcoind … -discover

and open port 8333 on your firewall (or use -upnp).

If you only want to use Tor to reach onion addresses, but not use it as a proxy for normal IPv4/IPv6 communication, use:

./bitcoin -onion=127.0.0.1:9050 -externalip=57qr3yd1nyntf5k.onion -discover

07/18/14

Speaking at the NYC Bitcoin Center -HD-BIP32 Multi-sig Business Wallet

gAtO - will be Ringing the Trading Bell and presenting his HD-BIP32 Multi-sig Business wallet at the NYC Bitcoin Center with my good friend Dr. Nicolas T. Courtois from the University College London on Monday July 21 2014. If anyone is in the NYC area and wants to come on down for the show and after do a little Bitcoin trading – Come on Down. - gAtO oUt

poster_NYC

06/18/14

Business HD-BIP32 sub-wallet and Multi-Sig

Business HD-BIP32 sub-wallet and Multi-Sig -the Safest Wallet Anywhere!

gAtO hear- Business are all hot and heavy about the security of business Multi-Sig Bitcoin wallets. But in fact you need 3 different wallets and the ability to control them and the private keys and if it’s a long term like a cold storage wallet who knows the status of those wallets.bip32-Multi-sig_01

Your financial security while using Bitcoins needs help and Multi-sig wallets are a major improvements to it’s safety and security, but controlling 3 different wallets with 3 different backups and 3 different places can get a little confusing. With my new business HD-BIP32 wallets you control all the sub-wallets with just 1 master-wallets and just 1 backup. You control every sub-wallet you create. This assures you that only you can extract the funds in your business multi-sig wallets.

With my new business HD-BIP32 wallet allows you control of all the sub-wallets and you can create millions of sub-wallets and use them to create and release funds from any Multi-Sig wallet you create.

You can save the salt/genesis of your business HD-BIP32 master-wallet and with 1 backup you can always recreate your wallets from scratch. So now even if something happens to you, your family or business can take the backup and re-create the master-wallet and all the sub-wallets you control and always get your money out of my multi-sig HD-BIP32 sub-wallet I created.

the kinda geek side of HD Bip32 wallets:

The OLD normal Bitcoin reference wallet uses randomly generated keys. In order to avoid the necessity for a backup after every transaction, (by default) 100 keys are cached in a pool of reserve keys. Still, these wallets are not intended to be shared and used on several systems simultaneously. They support hiding their private keys by using the wallet encrypt feature and not sharing the password, but such “neutered” wallets lose the power to generate public keys as well.

Deterministic wallets do not require such frequent backups, and elliptic curve mathematics permit schemes where one can calculate the public keys without revealing the private keys. This permits for example a webshop business to let its webserver generate fresh addresses (public key hashes) for each order or for each customer, without giving the webserver access to the corresponding private keys (which are required for spending the received funds).

However, deterministic wallets typically consist of a single “chain” of keypairs. The fact that there is only one chain means that sharing a wallet happens on an all-or-nothing basis. However, in some cases one only wants some (public) keys to be shared and recoverable. In the example of a webshop, the webserver does not need access to all public keys of the merchant’s wallet; only to those addresses which are used to receive customer’s payments, and not for example the change addresses that are generated when the merchant spends money. Hierarchical deterministic wallets allow such selective sharing by supporting multiple keypair chains, derived from a single root. -gAtO OuT…  

https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki

 

05/17/14

Bitcoin 2.0 and the Segway Bike

Bitcoin 2.0 and the Segway Bike

gAtO Imagine – some of the business side applications we can build with future triggered events being executed by Autonomous Cyber Robots. All build on the basic Bitcoin 1.0 code but not using the coins but the blockchain – there be treasure in that blockchain but it’s all math ugh!!!.

segway_bike_Bitcoin

Ok first what is Bitcoin 2.0? Basically it’s a new way to have a cyber robot or a cyber drone that can do what you instruct them to do. It is a timestamp triggered event and you can now just add business rules to it that will work in cyberspace.

What do you do online today?

  • Shop for things and have them delivered
  • Online banking
  • Buy and sell stocks and bonds
  • Send donations to Charities or political organizations

So now you can build cyber-business rules to be execute on the web and put them into one of these cyber robot or a cyber drone. I use these 2 terms because when people hear drones they think attacks and such and yes you can now build digital FINANCIAL  warriors that can execute based on events, millions of them and they can be used for good and evil.

timeStamp- or -blockchain-trigger event – robots with business rules- example//

  • Send 100 Bitcoins to my family every 6 months after I die.
  • Buy or sell stocks ambiguously  – Digital Business Contracts – or Personalities
  • Any transaction that can be performed on the web!
  • Set up a corporation by an Ethereum digital actors
  • Any Business rule that can executed digitally 

gAtO lOvE Ethereum //= it is a platform and a programming language that makes it possible for any developer to build and publish next-generation distributed applications. https://www.ethereum.org/  Next Generation Smart Contracts and a Decentralize Application Platform. Non-geek cyber-business rules OK…

GAtO used to lug around an Osborne luggable computer… 1.0 laptops – but gAtO was cool aligning 10MB (yes 10 Mega Bytes) hard rives the size of a large home freezer. The good old computers days… Out of hardware back to Biz -mEoW

MasterCoin – The Master Protocol facilitates the creation and trading of smart properties and user currencies as well as other types of smart contracts. Mastercoins serve as the binding between bitcoins (BTC), smart properties and smart contracts created on top of the Mastercoin Protocol. Non-geek cyber-business rules OK…

Similar Alt-coins but both the same (going after the business side) in a way but these seem to be a new wave of Bitcoin 1.0 off shoots. Now NameCoin and Trusted coin are on a different course, since they are more into the digital Notary service that can be done with any blockchain type Bitcoin off shoot. And LiteCoin 84 Million -versus- 21 Million in Bitcoins another fight but of a different financial play on this alt-coin. LiteCoin is around $10 bucks Per so we have to keep an I on them too.

Once again these another development are being built on the shoulder of the great Satoshi Nakamoto work. GaTo as a technologist love all these new and exciting toys to play with. Then I think about the Segway Bike I alway wanted one but then again really, I’m I really ready to give up walking? Back in 2001 it was so cool, it was the evolution of the bicycle or was it???

13 years later this evolution the revolution of the bicycle is seem by most as the Mall Police ride by. Ok maybe in Seattle or San Francisco I can see that but really. Now Bicycle Cops are everywhere but real cops on a Serway Bike – you know maybe I don’t really want one anymore. But I wonder if I can buy one with Bitcoins? ummm

DogE-Coin is hot with the young bloods as a NEW digital currency that’s taking Reddit and other places by storm- I know gAtOCoin, maybe I’ll start one of my own, there only about 500 Alt-Coins around and growing all built on the Bitcoin core code. Bitcoin is only 5 Years Old -Wow- Imagine in another 3-5 years // world wide currencies all over doing different things creating the NEW Cyber-System D-(system) that no government can controls, of the people and by the people. Double -Wow

gAtO’s bet is on Bitcoin, simple it has payed it’s dues, from an underground play toy to International financial deals like flying to the Moon on Virgin Air, I wonder if I can buy that with Litecoins- you listening Richard Branson I’m mining Namecoin too Richard.

The new Bitcoin business Investors and Incubators are hopping with new Bitcoin 2.0 ideas, but is it different if it’s control by the users, not the sole players like the bankers and older financial players. But truth be told these will bring newer workable solutions that will trickle down to the normal person. We must be careful because these new worldwide cyber solution will have little government controls so the game is changing and the ability to jump on this but NOT to give up privacy with government toys like TPM – Trusted Computer Platform – yes July 2015 all Windows 8 devices will have TPM 2.0 in control of your devices. The US solution cyber Kill Switch.

AT least Apple has not added TPM into it’s hardware but they banned against Bitcoin -Steve told you to Innovate Apple- But that’s another battle.

You can trust your government spying on you IF you have nothing to hide RIGHT!!! - gAtO oUt

Digital System D-

System D is a slang phrase pirated from French-speaking Africa and the Caribbean. The French have a word that they often use to describe particularly effective and motivated people. They call them débrouillards. To say a man is a débrouillard is to tell people how resourceful and ingenious he is. The former French colonies have sculpted this word to their own social and economic reality. They say that inventive, self-starting, entrepreneurial merchants who are doing business on their own, without registering or being regulated by the bureaucracy and, for the most part, without paying taxes, are part of “l’economie de la débrouillardise.” Or, sweetened for street use, “Systeme D.” This essentially translates as the ingenuity economy, the economy of improvisation and self-reliance, the do-it-yourself, or DIY, economy.

 

03/24/13

Tor is NOT the ONLY Anonymous Network

gAtO fOuNd – this very interesting and wanted to share –

Tor does some things good, but other anonymous networks do other things better. Only when used together do they work best. And of course you want to already know how to use them should something happen to Tor and you are forced to move to another network.fin_07

Try them! You may even find something interesting you cannot find on Tor!

Anonymous networks

These are well known and widely deployed anonymous networks that offer strong anonymity and high security. They are all open source, in active development, have been online for many years and resisted attack attempts. They run on multiple operating systems and are safe to use with default settings. All are well regarded.

  • Tor – Fast anonymous internet access, hidden websites, most well known.
  • I2P – Hidden websites, anonymous bittorrent, mail, out-proxy to internet, other services.
  • Freenet – Static website hosting, distributed file storage for large files, decentralized forums.

Less well known

Also anonymous networks, but less used and possibly more limited in functionality.

  • GnuNet – Anonymous distributed file storage.
  • OneSwarm – Bittorrent, has a non-anonymous mode, requires friends for anonymity.
  • RetroShare – File-sharing, chat, forums, mail. Requires friends, and not anonymous to those friends, only the rest of the network.
  • Omemo – Distributed social storage platform. Uncertain to what extent it is anonymous.

Non-free networks

These are anonymous networks, but are not open source. Therefore their security and anonymity properties is hard to impossible to verify, and though the applications are legit, they may have serious weaknesses. Do not rely on them for strong anonymity.

  • Osiris – Serverless portal system, does not claim to provide any real anonymity.

In development

  • Phantom – Hidden Services, native IPv6 transport.
  • GlobaLeaks – Open Source Whistleblowing Framework.
  • FreedomBox – Project to create personal servers for distributed social networking, email and audio/video communications.
  • Telex – A new way to circumvent Internet censorship.
  • Project Byzantium – Bootable live distribution of Linux to set up wireless mesh nodes with commonly available hardware.
  • Hyperboria A distributed meshnet built on cjdns.

Routing Platforms

These are internets overlaid on the internet. They provide security via encryption, but only provides weak to none anonymity on their own. Only standard tools such as OpenVPN and Quagga are required to connect. Responsibility for a sufficiently anonymous setup is placed on the user and their advertised routes. More suited for private groups as things out in the open can be firewalled by other participants. Can be layered above or below other anonymity nets for more security and fun.

  • Anonet – AnoNet2, a more open replacement for AnoNet1.
  • dn42 – Another highly technical routing community.
  • CJDNS, an IPV6 overlay network that provides end to end encryption. It is not anonymous by itself.

Alternative Internet

  • Netsukuku – A project that aims to build a global P2P online network completely independent from the Internet by using Wi-Fi. The software is still in active development, although the site is no longer updated. A new site is in progress of being built.
  • Many other wireless communities building mesh networks as an alternative to the Internet, e.g. Freifunk, http://guifi.net and many more around the globe. see also

Alternative domain name systems

  • Namecoin – Cryptocurrency with the added ability to support a decentralised domain name system currently as a .bit.
  • OpenNIC – A user controlled Network Information Center offering a democratic, non-national, alternative to the traditional Top-Level Domain registries.
  • Dot-P2P – Another decentralized DNS service without centralized registry operators (at July 18, 2012 page is not accessible and has not known anything about the status of project from February 2011).

See Also

11/13/12

Protocol-Level Hidden Server Discovery -WRONG

sOrRy – AROGANT gAtO - Open letter to:zhenling – jluo -wkui – xinwenfu – at seu.edu.cn cs.uvic.ca cs.uml.edu  – I wrote to you and gave you a chace to reply so her it goes for everyone to see that you rigged your lab in real life it does not work like you claim – gATO OuT – may be wrong mAyBe Si -nO 

zhenling@seu.edu.cn
jluo@seu.edu.cn
wkui@cs.uvic.ca
xinwenfu@cs.uml.edu

Protocol-Level Hidden Server Discovery

Since entry onion router is the only node that may know the real IP address of the hidden service— -note [3] The assumption was made in virtually all attacks towards the Tor network. This is reasonable because onion networks routers are set up by volunteers.

WRONG folks — So criminals work in these sterile structured surrounding – following rules and making assumptions that I’m stupid enough to not know how to control ENTRY and EXIT nodes into my Tor Website— COme on Dudes this is not school it’s the real world… otwxbdvje5ttplpv.onion here is my site now find my IP —

WHo am I – Richard Amores – @gAtOmAlO2 – I run http://uscyberlabs.com – I just finished a boot -“ The Deep Dark Web” Amazon New eBook -The Deep Dark Web – http://www.amazon.com/dp/B009VN40DU   Print Book – http://www.amazon.com/The-Deep-Dark-Web-hidden/dp/1480177598 :- I do a we bit of real life research and I disagree — I go thru a proxie and a VPN in EU… before I go into Tor so the chances that you will find my IP just went up a notch or too. But I’m a legit – Security Researcher – imagine if I run Silk Road — making a bunch of Bitcoins a DAY— how many layers do they have—

how about a basic BRIDGE RELAY — and there it goes – u can’t touch this — how about a simple modification of the torrc file with these
HiddenServiceAuthorizeClient AND – HidServAuth
with these few modification the Tor site is hidden unless you have the key (HiddenServiceAuthorizeClient) in your browser/- that was generated to match the HidServAuth)-of the server– I think that your chances of finding my mean ass hidden service ip address —are ZERO…

I like what you’ll did cool analyst and you explained it great – but this puts fear into people – dissidents will maybe not use Tor because of what you guy’s say and maybe they may get caught and killed… It’s not only CRIMINALS — I know that gets grants money — but Tor is used to communicate and it allows – Freedom of Speech in Cyberspace- I’m gonna write something about this and I want to be nice so please explain why — you can say from an educational place of knowledge and allow this – “in the box” thinking that is being hacked everyday because they say— we did everything they told us to do— this is wrong and not true —

If you could get the IP of Silk Road — or better yet – PEDO BEAR the largest PEDO directory in TOR — tell me the IP and I will take it down myself— but don’t come at me saying we are right and every hacker is wrong  — learn please our world is depending on your great minds —

later,
RickA- @gAtOmAlO2 http://uscyberlabs.com

Here is the original paper —http://www.cs.uml.edu/~xinwenfu/paper/HiddenServer.pdf
A recent paper entitled Protocol Level Hidden Server Discovery, by Zhen Ling, Kui Wu, Xinwen Fu and Junzhou Luo.  Paper is starting to be discussed in the Tor community.  From my perspective, it is a nice attack to reveal the IP address of a hidden service.  It would require resources to actually implement effectively, but for Law enforcement trying to shutdown and arrest owners of illegal websites selling drugs, weapons, or child pornography and are hiding behind Tor, it is an option.  Of course that also means the capability to find anyone that might be doing something a government or large entity does not agree with. The paper is here.
This stuff reminds me of a statement a professor said to a class I was in once:  “Guns are not good or bad.  It depends on who is holding the gun and which end is pointed at you.”

10/28/12

Cyber-War Digital -vs- Global Currency

gAtO rEaD - in Forbes – “Biitcoin Prevent Monetary Tyranny” -mEoW- Currency tyranny by global bankers and government can be down right ugly. They can shape debt into deliberate inflation, they can enforce persecutory capital control or even pre-arrange default – let’s not forget LIBOR manipulation and austerity against countries after they have ripped out all natural resources, install a puppet king and all that jazz —/ everything controlled by THE BANK CARTEL. On the other side of the coin..//

On Oct. 6 Susanne Posel reported -/ an attempt to hack into the U.S.A executive branch’s computer system through an unclassified network.  That’s the White House kitties with a simple “Spear Phishing” attack. They trolled for names of Top Military and government officials in Google’s Gmail account and got a few hit. Once again “Open Source Intelligence”  

– everything goes somewhere and gAtO (as well as others) goes everywhere.

A few days later the Iranians government blocked Gmail by government officials due to fears that Email can be a point of infection for attacks- I think that’s in the security 101 course

Bruce Schneier one of our cyber gods that knows what he is talking about say’s it best about chicken little screaming “the cyber Sky is falling” – STROKING CYBER FEARS – “Secretary Panetta’s recent comments are just the latest; search the Internet for “cyber 9/11,” “cyber Pearl-Harbor,” “cyber Katrina,” or — my favorite — “cyber Armageddon.” But Bruce says it best in his own words  “There’s an enormous amount of money and power that results from pushing cyberwar and cyberterrorism: power within the military, the Department of Homeland Security, and the Justice Department; and lucrative government contracts supporting those organizations. As long as cyber remains a prefix that scares, it’ll continue to be used as a bugaboo.”  -may I add-/ to make lots of MONEY in private-corporation and government contracts worldwide. Fear + Cyber Security = BIG $$$

Fear is what bankers see as Africa is the first country that is being targeted for the BitCoin virtual currency. Imagine the turmoil in Nigeria and other places in Africa it has had a history of unstable governments the idea of a digital currency is appealing… La-Times read -Africa — the next frontier for virtual currency?

BUT the Bitcoin is NOT ready People[1] Satoshi warned us – it’s BETA software – It has only 21 Million bit coins and the last Bitcoin will be mined in 2040 – Governments and corporations have already started the propaganda that Bitcoin’s are EVIL. — 

The most important thing is, we must all be active in out lives to make the new future- They fear us “the people” will wake up and take control of our lives” – the new generation was born with a cell device in their hand and they are using it earlier and earlier to communicate.

The Cyber war that we see is not as bad as the Cyber War that is being fought with fear and propaganda because the bankers will lose control with – One World Currency – One World Government – that is what the hacktivist want, the new kids, the new generation.

Cyberspace is the city of Babel and in this mystical city everyone was able to communicate to anyone and exchange idea, dreams and culture—/ but this cause the priest to lose control so they destroyed it and made it EVIL. It’s only Evil when you lose your power, It is EVIL when you give them control and power — it’s our turn now -gAtO oUt

References:

[1] Satoshi Nakamoto – Bitcoin Creator -https://en.bitcoin.it/wiki/Satoshi_Nakamoto

http://latimesblogs.latimes.com/world_now/2012/04/bitcoin-virtual-money-africa-rudiger-koch.html

http://www.forbes.com/sites/jonmatonis/2012/10/04/bitcoin-prevents-monetary-tyranny/ Bitcoin Prevent Monetary Tyranny