elective-stereophonic
elective-stereophonic
Anonymity on FreeMarket singapore
Please login or register.

Login with username, password and session length
Advanced search  

News:

Latest Stable Nxt Client: Nxt 1.12.2

Author Topic: Anonymity on FreeMarket  (Read 2679 times)

rodancap99

  • Newbie
  • *
  • Karma: +1/-0
  • Offline Offline
  • Posts: 5
    • View Profile
Anonymity on FreeMarket
« on: November 23, 2014, 04:59:22 am »

Could anybody comment on how anonymous free market transactions are. Are there any ways to anonymize interactions on free market? Thank you
Logged

PoofKnuckle

  • Board Moderator
  • Hero Member
  • ****
  • Karma: +111/-7
  • Offline Offline
  • Posts: 849
  • Your Concern is Noted.
    • View Profile
    • NXT FreeMarket
Re: Anonymity on FreeMarket
« Reply #1 on: November 23, 2014, 03:59:10 pm »

Could anybody comment on how anonymous free market transactions are. Are there any ways to anonymize interactions on free market? Thank you

The listings themselves are completely anonymous... except for your NXT account number, which is used to pay the network fee, and the listing includes that account number as your seller ID. The real issue, I think, is how anonymous NXT accounts are.

There are others here who know much more about that than I do, I hope they will join in.

Logged
NXT: NXT-WBVP-83YM-FRB3-9MQLY
BM-NBTVHaA41Ejh2G6krD9p5vM62vk84isM

rodancap99

  • Newbie
  • *
  • Karma: +1/-0
  • Offline Offline
  • Posts: 5
    • View Profile
Re: Anonymity on FreeMarket
« Reply #2 on: November 23, 2014, 04:33:51 pm »

Thank you so much
Logged

bobthebuilder

  • Jr. Member
  • **
  • Karma: +6/-0
  • Offline Offline
  • Posts: 41
    • View Profile
Re: Anonymity on FreeMarket
« Reply #3 on: January 03, 2015, 10:53:06 pm »

Couple of quick thoughts.
Easiest way to get all ips of users using freemarket would be to upload a custom image for an item on a server you control and logging all request for that image, log the ip, insert some passive surveillance on the users.  This field should force the use on anon img site or something similar. Or better to use the base64/data encoding of the image so that it is not downloaded from anywhere. 
Currently checking for some fun persistent xss vulns..those could be fun.
In the current state, using freemarket for anything that your LE would not like would be unwise.

 
Logged
nxt:NXT-LWCP-YAQW-Y4VU-H8L9Q
nxt pub key:91b6462a0bdedc9f6b9a4f00c2b83e19f722f5d86608130dd217ed834c9c9e77
nem: NBSHNW-FJUOA3-PMPTYY-TICBGC-3XRTZM-VXHCRB-YYQ4

blackyblack1

  • Hero Member
  • *****
  • Karma: +165/-82
  • Offline Offline
  • Posts: 1764
    • View Profile
Re: Anonymity on FreeMarket
« Reply #4 on: January 04, 2015, 11:26:17 am »

Couple of quick thoughts.
Easiest way to get all ips of users using freemarket would be to upload a custom image for an item on a server you control and logging all request for that image, log the ip, insert some passive surveillance on the users.  This field should force the use on anon img site or something similar. Or better to use the base64/data encoding of the image so that it is not downloaded from anywhere. 
Thank you for revealing us one of the attack vectors. Still viewing the picture is not illegal in most countries and attacker will need to reveal a fact of purchasing from the given IP.

Currently checking for some fun persistent xss vulns..those could be fun.
In the current state, using freemarket for anything that your LE would not like would be unwise.
XSS prevention was specifically introduced before the very first release. Please report us for any found vulnerabilities.
Logged

PoofKnuckle

  • Board Moderator
  • Hero Member
  • ****
  • Karma: +111/-7
  • Offline Offline
  • Posts: 849
  • Your Concern is Noted.
    • View Profile
    • NXT FreeMarket
Re: Anonymity on FreeMarket
« Reply #5 on: January 04, 2015, 03:23:16 pm »

Couple of quick thoughts.
Easiest way to get all ips of users using freemarket would be to upload a custom image for an item on a server you control and logging all request for that image, log the ip, insert some passive surveillance on the users.  This field should force the use on anon img site or something similar. Or better to use the base64/data encoding of the image so that it is not downloaded from anywhere. 
Currently checking for some fun persistent xss vulns..those could be fun.
In the current state, using freemarket for anything that your LE would not like would be unwise.

I would love to integrate an anon image service, something that, like FM, cannot be taken offline, something distributed. If anyone knows how to do this, speak up! This would be a great feature to include.

I like the idea of checking that the image is hosted on an anon service, though, that is something that could be done relatively quickly. The UI recommends a few, I could instead require them.
Logged
NXT: NXT-WBVP-83YM-FRB3-9MQLY
BM-NBTVHaA41Ejh2G6krD9p5vM62vk84isM

Peter2516

  • Hero Member
  • *****
  • Karma: +132/-27
  • Offline Offline
  • Posts: 1235
    • View Profile
Re: Anonymity on FreeMarket
« Reply #6 on: January 04, 2015, 03:47:26 pm »

Maybe Storj or Opal if they get the decentralized storage tech working?
Logged

PoofKnuckle

  • Board Moderator
  • Hero Member
  • ****
  • Karma: +111/-7
  • Offline Offline
  • Posts: 849
  • Your Concern is Noted.
    • View Profile
    • NXT FreeMarket
Re: Anonymity on FreeMarket
« Reply #7 on: January 04, 2015, 05:07:45 pm »

Maybe Storj or Opal if they get the decentralized storage tech working?

Storj has my attention, but as far as I can tell it's not ready yet. I am supposed to be a beta tester, but I haven't gotten around to buying any coins yet.

Logged
NXT: NXT-WBVP-83YM-FRB3-9MQLY
BM-NBTVHaA41Ejh2G6krD9p5vM62vk84isM

bobthebuilder

  • Jr. Member
  • **
  • Karma: +6/-0
  • Offline Offline
  • Posts: 41
    • View Profile
Re: Anonymity on FreeMarket
« Reply #8 on: January 04, 2015, 08:33:43 pm »


Thank you for revealing us one of the attack vectors. Still viewing the picture is not illegal in most countries and attacker will need to reveal a fact of purchasing from the given IP.

Sorry to burst the bubble. LE uses side chains of evidence all the time to identify suspects. Legally it is the fruit of the forbidden tree, but rarely is the evidence identified as such during a case. Once they have the suspects they are prone to manufacture reasons to look further.  Pretty soon all tor users and anon vpns on commercial ISP's in the US will be automatically forwarded to LE, if not already. Local LE has been steadily using the national tools for information gathering in the USA over the last 5 years or so.

Freemarket should do everything possible to combat this for privacy. As the blockchain is forever and all past dealings can be recovered from one person in the system and a $5 pipe wrench.  The system should make privacy and security automatic, from expiring message encryption ( messages cannot be read after a certain number of blocks or something) to pruning of listing items.

Honestly blockchains are not known for privacy unless very special care is taken.  It is up to Freemarket devs to make that part automatic.

You have done a great job of getting it live and in beta.
Logged
nxt:NXT-LWCP-YAQW-Y4VU-H8L9Q
nxt pub key:91b6462a0bdedc9f6b9a4f00c2b83e19f722f5d86608130dd217ed834c9c9e77
nem: NBSHNW-FJUOA3-PMPTYY-TICBGC-3XRTZM-VXHCRB-YYQ4

PoofKnuckle

  • Board Moderator
  • Hero Member
  • ****
  • Karma: +111/-7
  • Offline Offline
  • Posts: 849
  • Your Concern is Noted.
    • View Profile
    • NXT FreeMarket
Re: Anonymity on FreeMarket
« Reply #9 on: January 04, 2015, 08:39:22 pm »

I would advise against using a US based VPN. I don't, I use Cryptostorm:

https://cryptostorm.is

Logged
NXT: NXT-WBVP-83YM-FRB3-9MQLY
BM-NBTVHaA41Ejh2G6krD9p5vM62vk84isM

blackyblack1

  • Hero Member
  • *****
  • Karma: +165/-82
  • Offline Offline
  • Posts: 1764
    • View Profile
Re: Anonymity on FreeMarket
« Reply #10 on: January 04, 2015, 08:59:51 pm »


Thank you for revealing us one of the attack vectors. Still viewing the picture is not illegal in most countries and attacker will need to reveal a fact of purchasing from the given IP.
Freemarket should do everything possible to combat this for privacy. As the blockchain is forever and all past dealings can be recovered from one person in the system and a $5 pipe wrench.  The system should make privacy and security automatic, from expiring message encryption ( messages cannot be read after a certain number of blocks or something) to pruning of listing items.

Honestly blockchains are not known for privacy unless very special care is taken.  It is up to Freemarket devs to make that part automatic.

You have done a great job of getting it live and in beta.
Thank you for the suggestion. Not all past dealings can be revealed but only of the caught seller's. We are not concentrated on building a criminal heaven on the blockchain but on the building of the friendly and open market. So hardcore privacy will be implemented when the rest of the work is done.
Also we want to see Telepathy in action - it prevents blockchain analysis and does not reveals IP adresses. With the help of some ephemeral passwords it will help to build rock solid privacy.
Logged
 

elective-stereophonic
elective-stereophonic
assembly
assembly