W3C home > Mailing lists > Public > public-webpayments@w3.org > September 2014

Re: FYI - Anon TX??

From: Tim Holborn <timothy.holborn@gmail.com>
Date: Sun, 21 Sep 2014 11:54:28 +1000
Cc: Web Payments CG <public-webpayments@w3.org>
Message-Id: <5F47B853-A804-470F-B8D0-6EDA94540974@gmail.com>
To: Manu Sporny <msporny@digitalbazaar.com>

On 21 Sep 2014, at 10:38 am, Manu Sporny <msporny@digitalbazaar.com> wrote:

> On 09/20/2014 01:12 PM, Timothy Holborn wrote:
>> http://www.neoscoin.com/
> 
> From the whitepaper:
> 
> """
> Anonymity
> 
> What is the true meaning of anonymous? Being unknown. The approach taken
> with Neos for anonymous transactions, completely eliminates any
> possibility of the transaction surfacing on the blockchain. With a
> multi-homed farm of secure nodes, transactions sent using “Arbitrush”
> send from the original sender, through the nodes, and to the recipient.
> Proof of Transaction is an option that can be either enabled or disabled
> in the Neos settings, or on-the-fly selectively during the send process.
> After our initial announcement, someone in the community requested the
> feature of selective PoT. Within 2 hours it was implemented.
> """
> 
> And from the Cryptoarticles story:
> http://www.cryptoarticles.com/crypto-news/neoscoin-lots-of-functionality-with-a-unique-anonymity-system
> 
> """
> For those of you wondering how ArtbitRush would work :
> 
> Sender -> multi-homed farm -> Recipient (the sender "never sent" the
> coins, or so the blockchain thinks, it just came from "somewhere")
> 
> In order to allow users to verify these anonymous transactions, a
> separate ArbitRush Transactions tab has been made available. Only the
> sender can see the status on the blockchain , because of a one-time
> key-pairing in the ArbitRush system.
> """
> 
> Who runs the "secure nodes"/"multi-homed farm"?
> 
> Do they use UDP, TCP/IP, or a completely new protocol?
> 
> Is there any form of SSL between the sending node and the "secure node"?
> Is the message encrypted to each secure node so an attacker doesn't know
> that it's a arbitrush transaction? How easy is it to spoof a secure node?
> 
> I remain skeptical, I couldn't find anything in their whitepaper
> explaining how they achieve non-traceability. Seems that all an attacker
> would need to do would be to compromise one of the "secure nodes", or
> tap the network traffic. There is no "security considerations" section
> that I could find anywhere. Seems like /far less than/ Tor-like
> protections are being offered /and/ we're talking about a completely
> public ledger.
> 
> Seems like it's pseudo-anonymity at best (which isn't a bad feature,
> just that people might be duped into thinking that it could actually
> protect them against organizations with modest resources). Does anyone
> know where we can read about the technical implementation behind the
> arbitrush stuff?
> 
+1 interesting though.  

(mind, a while back, I started considering the constant idea of these technical people, delivering products that support ‘true anonymity’ humours in sight of the differences, and the loosing battle to try to explain to someone who’s acting ideologically the technical prerequisites involved in such a claim..  some solutions, are a bit like raising a flag sayin ‘pick me, pick me’ cause the difficulty involved in figuring it out,  well, it might make life a tad more interesting who’s job it is to do that stuff.  other solutions are more like, meh. ;)

in any case. the problem with defining the solution that is 100% secure is the existence problem.  if it exists, it’s not 100% secure.


> -- manu
> 
> -- 
> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
> Founder/CEO - Digital Bazaar, Inc.
> blog: The Marathonic Dawn of Web Payments
> http://manu.sporny.org/2014/dawn-of-web-payments/
Received on Sunday, 21 September 2014 02:00:23 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:03:39 UTC