22

Since you send bitcoin payments through one of the Bitcoin clients, I assume it announces the payment to the network, so each computer it connects to in order to do so would know the IP address from which you announce the payment.

So when you make a bitcoin payment, who gets your address IP, and also which of them will know you are the originator of the transaction message and thus the wallet owner, and not just re-broadcasting it?

Does the sellers themselves see your IP address, and can they be reasonably sure that they are seeing the IP address of the wallet's owner (and not somebody else)?

Edit: Some clarifications - I'm not talking about visiting the seller's own webpage, suppose I'm viewing it through Tor. And I'm not talking about using an online wallet, since you don't really connect to the Bitcoin network yourself then.

sashoalm
  • 587
  • 1
  • 4
  • 12
  • I imagine that Bitcoin clients only send payments up to a central server. The recipient is then notified that a payment has been made, and retrieves it from the central server. I wouldn't think the recipient would know your IP, but the central server could probably link payments together. – RoraΖ Jan 14 '15 at 12:34
  • 9
    @raz There is no central server for bitcoin. Transactions are distributed into the network. – Thomas Stets Jan 14 '15 at 12:46
  • @ThomasStets Ah so it's more like the way Tor operates then? – RoraΖ Jan 14 '15 at 12:47
  • 2
    @raz not exactly. In TOR you have a more or less fixed set or router nodes, that are used by the clients. For bitcoin the network consists of all the clients currently online. There are a few more or less fixed servers that are used to help clients join the network, but basically the network are the clients. – Thomas Stets Jan 14 '15 at 12:57
  • This may help: http://cointext.com/bitcoin-and-ip-address-privacy/ – paj28 Jan 14 '15 at 13:51
  • @MarkC.Wallace Sorry about that, I removed the "I assume" part. – sashoalm Jan 14 '15 at 13:56
  • 9
    Any questions about Bitcoin can be asked on https://bitcoin.stackexchange.com – Philipp Jan 14 '15 at 15:23
  • @Philipp I hope it wasn't inappropriate to ask here, it's also security-related, so there's a certain overlap. – sashoalm Jan 14 '15 at 16:10
  • You shouldn't use bitcoin over Tor. See my answer. – Tyler Jan 14 '15 at 17:00
  • @ThomasStets: Uhm so whom exactly does your Bitcoin client contact when you want to make a transaction, then? All 4 billion IPv4 addresses? If not, then how is this receiver chosen? – user541686 Jan 15 '15 at 00:53
  • @ThomasStets, "Here's how it works. When you perform a transaction on the bitcoin network, your bitcoin client typically joins the network by connecting to a set of **eight servers**. This initial set of connections are your entry nodes, and each user gets a unique set of entry nodes." - The first link in my answer. – Tyler Jan 15 '15 at 15:54

4 Answers4

24

The receiver won't learn your IP, but a somewhat determined adversary could. (Of course, if the seller is an adversary, then they could.) This isn't a part of the protocol (there's no sender_IP field in the transaction), it is accomplished via listening in many places on the mesh network and doing statistics to determine the originating node of a transaction. Bitcoin unmask attack. No one knows you're the originator, unless they're watching many nodes in the network. The transaction, when first sent, is indistinguishable from a forwarded transaction; so the first node to see it will think the true sender is just forwarding from another node.

You don't want to run Bitcoin over Tor, because it would allow the exit node to arbitrarily confuse your client as to the real state of the external bitcoin network. It can do this because it is the middle man in the only link b/t the client and the outside world. Bitcoin over Tor attack. To understand how this can work even with bitcoin's POW system, consider that, since there is only one point of connection (the Tor exit node) b/t the bitcoin client and the rest of the network, it is trivial for the exit node segment the network, isolating the client from all legit nodes and all legit POW. The attacker can then run its own bitcoin node on the segmented network, making the only hashing power on the network that of the user (you) and of the attacker. To execute the well known 51% attack, all the attacker needs is more hashing power than you. (Given that most clients don't having hashing enabled at all, any amount of hashing the attacker wants to do would be sufficient, given enough time.)

To be clear, you can use Tor to proxy your browser. But don't use it to proxy your Bitcoin client.

If it's really a problem, and you're willing to sacrifice absolute control of your coins, I would recommend using a web client that doesn't require much info to register and doing so through Tor. That way the unmask attack only unmasks the web client's server, which has no way of tracing you since you access it through Tor. If you're not willing to sacrifice a little control, then I don't believe there is a totally anonymous way to transact in Bitcoin.

Tyler
  • 341
  • 1
  • 5
  • Another question - what if you run a thin-client like MultiBit, does it normally forward payments, or will it stand out? "This IP forwards too few payments, so all payments from it must be from a wallet owned by whoever is using that IP". – sashoalm Jan 14 '15 at 17:27
  • Multibit and most (all?) thin-clients are, AFAIK, completely disconnected from the bitcoin network. It sends transactions and gets address balances through a centralized server (that is a full node) acting as a mediator with the network. – Tyler Jan 14 '15 at 17:29
  • That's why it is so fast. It queries the server "What is the balance for address X" where X is the user's address and the server just gives the information needed for address X. – Tyler Jan 14 '15 at 17:31
  • 1
    So if you use MultiBit nobody can know your IP unless MultiBit wants to cooperate (or are hacked). – sashoalm Jan 14 '15 at 17:46
  • Wait, are you saying the bitcoin protocol isn't secure against MITM? If it is secure, then how is a "Bitcoin over Tor attack" a problem? Is that just a type of DOS attack? – Ajedi32 Jan 14 '15 at 17:46
  • 1
    Actually, I was wrong. Transaction sends happen like they do with full nodes. https://github.com/jim618/multibit/blob/bip21/src/main/java/com/google/bitcoin/core/Wallet.java#L649. I know receives are centralized, so that means that it is known that literally any transaction from your IP originates with you. – Tyler Jan 14 '15 at 18:01
  • 1
    @Ajedi32, read the link. They can't steal your coins, but they can double spend against you or not forward your transactions, etc. It's secure against MITM as long as the MITM doesn't have arbitrary control over **all** your traffic. So, e.g., your ISP could MITM you, but another node's ISP couldn't. – Tyler Jan 14 '15 at 18:04
  • 1
    @Tyler I did skim the article, though I missed the part near the beginning where they stated what kind of attacks were possible with this attack. I get why a MITM allows DDoS, but I don't get why MITM allows double-spending (shouldn't transactions be secured with a nonce?); I guess I'll have to read up on the Bitcoin protocol more... – Ajedi32 Jan 14 '15 at 18:16
  • @Ajedi32, it's because the MITM can just not relay any new blocks from the real network, giving them unlimited time to mine their own blocks. Essentially, they can fork the blockchain without the client ever being able to tell, since the MITM controls all access to the rest of the network. – Tyler Jan 14 '15 at 22:45
  • @Adjedi32, see edit to the bitcoin/tor paragraph and let me know if that clarifies. Thanks for you feedback, btw. – Tyler Jan 14 '15 at 22:55
  • @Tyler Your explanation seems reasonably plausible. Again though, I don't understand Bitcoin well enough to have anything more than a shallow understanding of how this attack would work. – Ajedi32 Jan 14 '15 at 23:50
  • Would it be possible (and safe?) to send your own transactions over TOR, but still participate in the p2p bitcoin network directly? (in theory, not that any software supports this out of the box). – Peter Cordes Jan 15 '15 at 07:24
  • @Peter, worst that could happen is that your transaction isn't relayed. That's not too big of a problem, IMO. Good idea. (You may want to ask this on Bitcoin.SE to make sure I'm not wrong.) – Tyler Jan 15 '15 at 11:52
  • I can't pretend to know much about Bitcoin, but I'm interested in why you say tor can allow the exit node to confuse the client. Assuming you are running both tor *and* https, how can tor's exit note confuse any client? – abligh Jan 15 '15 at 13:03
  • 1
    @abligh Good point. As I understand it, it's actually not Tor's exit node, but the attacker's Bitcoin servers that are confusing the client in this attack. – Ajedi32 Jan 15 '15 at 14:51
  • @abligh, first, bitcoin doesn't run over http(s). Second, to correct Ajedi32, the problem here is only possible if the Tor exit node is the attacker. Being an exit node is exactly what gives the attacker the privileged position to be the only link between the client and the bitcoin network, thus enabling them to segment the client from the rest of the network and do bad things to them like I described in my answer. – Tyler May 17 '16 at 00:33
5

From my basic understanding, since bitcoin network is peer to peer, you do not directly connect to your destination, but broadcast the message to your peers.

Because of this, those peers are the ones that see your true IP address (and most likely they are the only ones). Because of this, it might be possible to trace back the transaction to you, but no ordinary vendor would have the computing resources to do so. It would requure having access to peers, which would need to be quite targeted. Feasable, but most likely only governmental agencies would be able to pull it off.

If you worry about the anonymity of your bitcoin transactions, I suggest using TOR, or other anonymizing network, and tunneling wallet traffic over it. Note that all it would take is 1 screw up, so keep that wallet safe and never run it unless you are absolutely sure the connection is properly anonimized. Electrium(spelling?) bitcoin wallet supports socks proxies well.

Side note, vendors are not often interested in the IP address you paid from, as it is most often irrelevant. I would presume you would look at a web page that is a bitcoin payment request, and they would track the IP addresses visiting that page.

user4294507
  • 333
  • 1
  • 2
  • 1
    Do those peers that see your broadcast know that you are the wallet owner, as opposed to just re-broadcasting someone else's payment message? – sashoalm Jan 14 '15 at 13:55
  • 1
    @sashoalm No, they do not. (unless the attackers control such a large part of the nodes that they can trace that you couldn't have received the transaction from anyone else) The transaction is broadcast the same way whether it's your own or rebroadcasting for another. – Tim S. Jan 14 '15 at 15:32
3

When you send a payment through Bitcoin (or similar altcoin) your PC will connect to at least one node in the P2P network. It will then get replicated throughout the network, and eventually wind up in a block.

As of this writing, your Bitcoin payment needs to be sent to any of these 6,000 nodes to be included in the network.

That means one node will "see" your source IP, and none of the others.

Edit:

There is controversy about using ToR, some of that has been published in the past 2 months, and I haven't read them. But in theory, sending a transaction over ToR (and not verifying the Tx is in a block) should be sufficient for sending a Bitcoin payment.

Ismael Miguel suggests using a VPS or a proxy which will "know" your IP address. In my mind this seems very similar to using a SPV client, as you're trusting an external node, which then must relay out.

I will research this and update and comment on the best solution when I can.

makerofthings7
  • 50,090
  • 54
  • 250
  • 536
  • 2
    You shouldn't use bitcoin over Tor. See my answer. – Tyler Jan 14 '15 at 17:00
  • If you are so worried about being anonymous, use a proxy or a VPS to connect to the internet. Don't use ToR, please. ToR is great to browse the internet, but you may be hurting others by passing all the bitcoin client traffic over it, resulting in a slower network for us all. – Ismael Miguel Jan 14 '15 at 17:06
  • 2
    @IsmaelMiguel The average Bitcoin transaction is 180 bytes. If ToR can't handle that, then it's more fragile than I thought – makerofthings7 Jan 14 '15 at 17:11
  • That is one transaction. What about receiving 500 blocks? – Ismael Miguel Jan 14 '15 at 17:12
  • 1
    Ok, it seems that it is not clear which answer is the correct one, so I'll refrain from accepting any answer for now, and leave the upvotes to decide it. – sashoalm Jan 14 '15 at 17:14
  • 1
    The question is about a client sending a payment. You can use a SPV client over ToR for example – makerofthings7 Jan 14 '15 at 17:14
  • 2
    Suggestion: If you are going to do it, it would be polite to at least pre-sync by downloading most of the blockchain over the normal internet via bootstrap.dat. https://bitcoin.org/en/download – Tyler Jan 14 '15 at 17:14
  • 1
    @sashoalm The answer is correct. I just disagree with the recommendation of sending all traffic over ToR. You can safely accept it. – Ismael Miguel Jan 14 '15 at 17:16
  • 1
    When the client makes a payment, it has to also receive the confirmation across the whole network. That means: receive blocks. The blocks are what contains the transactions and it's status. For the transaction to be confirmed, you need **at most** the same amount of blocks as the number of confirmations. With luck, you get a block with more than 1 confirmation. Also notice that this would flood the ToR network with redundant traffic, since all blocks are the same for all clients. – Ismael Miguel Jan 14 '15 at 17:20
  • 3
    You don't need to delete the ToR part. You should improve it by, for example, saying to use it only and only to send the transaction. This step is really only needed to send, not to receive. And you can point out other methods as the ones I said: a VPS or a proxy. – Ismael Miguel Jan 14 '15 at 17:54
2

Others have already mentioned that it is possible but difficult to track the IP of the transaction broadcaster.

However I should note that you don't need to rely solely on web wallets to hide your IP.

Several bitcoin wallet clients support raw transactions and therefore allow you to sign a transaction without broadcasting it to the network. You can then use some other node to broadcast it for you, and that includes web-based tools such as this one, which you can easily use via Tor.

ktorn
  • 216
  • 1
  • 3
  • 1
    +1, I knew about raw txs, but only in relation to their use in cold wallets. This is a better solution. – Tyler Jan 15 '15 at 17:13