For a website taking payments with bitcoins, better: IP or bitcoin addresses?
For a website taking payments with bitcoins, which is better: taking payments through IP solely or using tons of bitcoin addresses that you have to reuse and reuse?
And why?
Bitcoin addresses also provide better anonymity. In my opinion they are ideal. Otherwise it’s necessary to use tor or the like also to guarantee anonymity.
Bitcoin addresses also provide better anonymity. In my opinion they are ideal. Otherwise it’s necessary to use tor or the like also to guarantee anonymity.
Isn’t that “unsafe”? Say I am an exit node listening for bitcoin transactions and grab them? Or is everything public/private key encrypted?[1]
[1]Which is my guess.
[Deleted] Quote from: soultcer on May 14, 2010, 07:58:57 PM
Actually no, transfering coins via IP address isn’t encrypted. When you transfer coins to an IP, the recipient creates a new address just for that transaction and tells you to transfer coins to that address. A malicious exit node could sniff all Bitcoin traffic and intercept those transactions easily.
So for everyone: DO NOT USE IP ADDRESSES AS DESTINATIONS, ALWAYS USE BITCOIN ADDRESSES.
I suggest we disable IP transactions while the user uses a Proxy! Just to be on the safe side.
I suggest we disable IP transactions while the user uses a Proxy!
Just to be on the safe side. That’s a good idea. At the very least a warning dialog explaining that it’ll connect to the IP and send the information cleartext, giving the chance to cancel.
Quote from: Xunie on May 14, 2010, 9:52:53 PM UTCI suggest we disable IP transactions while the user uses a Proxy! Just to be on the safe side.
That’s a good idea. At the very least a warning dialog explaining that it’ll connect to the IP and send the information cleartext, giving the chance to cancel.
Note: I also suggest we show the warning everytime and do not give the user an option to disable that. (Like a checkbox that is marked “Show this warning everytime I use a proxy and send an IP transaction.”. That’d be bad in my opinion, a user would disable it and forget about the proxy he’s connecting through!)
Actually no, transfering coins via IP address isn’t encrypted. When you transfer coins to an IP, the recipient creates a new address just for that transaction and tells you to transfer coins to that address. A malicious exit node could sniff all Bitcoin traffic and intercept those transactions easily.
So for everyone: DO NOT USE IP ADDRESSES AS DESTINATIONS, ALWAYS USE BITCOIN ADDRESSES.
That’s not “for everyone”, but for those up to buy or sell some stuff more… strange. I believe the core aim of BC is to be an easy to carry non-centralized currency, anonimity is a surplus not a mandatory field. Otherwise we would rather call it TorPay. So, unless the transaction is for the a new pedo movie, some crack shipment or some stuff alike, there’s no reason to use Tor, and therefore no exit nodes and no proxies. In the end trimming your advice: If you’re up to make a “non conventional” payment over Tor, use the destination’s BC Address, if you’re buying or selling something normal, use IP or BC address. 😉
Then we’ve the eternal ballance: Usability x Security. Too much security = too few usability (the most secure computer in the planet is… anyone since it’s switched off) and too much usability = too few security. Ballance is better than paranoia. 😉
It’s not just an issue with proxies. Since there’s no authentication, any “man in the middle” can intercept your BitCoin transfer, including your ISP and other people on your wireless connection. It’s like logging into your bank’s website without HTTPS.
BitCoin should use an authentication method like SSH: the receiver signs the BitCoin address and other info with a permanent public key, the hash of the public key is displayed to the sender before any transfer, and the receiver makes this hash known through other trusted channels.