- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Sat, 20 Sep 2014 20:38:56 -0400
- To: Timothy Holborn <timothy.holborn@gmail.com>, Web Payments CG <public-webpayments@w3.org>
On 09/20/2014 01:12 PM, Timothy Holborn wrote: > http://www.neoscoin.com/ >From the whitepaper: """ Anonymity What is the true meaning of anonymous? Being unknown. The approach taken with Neos for anonymous transactions, completely eliminates any possibility of the transaction surfacing on the blockchain. With a multi-homed farm of secure nodes, transactions sent using “Arbitrush” send from the original sender, through the nodes, and to the recipient. Proof of Transaction is an option that can be either enabled or disabled in the Neos settings, or on-the-fly selectively during the send process. After our initial announcement, someone in the community requested the feature of selective PoT. Within 2 hours it was implemented. """ And from the Cryptoarticles story: http://www.cryptoarticles.com/crypto-news/neoscoin-lots-of-functionality-with-a-unique-anonymity-system """ For those of you wondering how ArtbitRush would work : Sender -> multi-homed farm -> Recipient (the sender "never sent" the coins, or so the blockchain thinks, it just came from "somewhere") In order to allow users to verify these anonymous transactions, a separate ArbitRush Transactions tab has been made available. Only the sender can see the status on the blockchain , because of a one-time key-pairing in the ArbitRush system. """ Who runs the "secure nodes"/"multi-homed farm"? Do they use UDP, TCP/IP, or a completely new protocol? Is there any form of SSL between the sending node and the "secure node"? Is the message encrypted to each secure node so an attacker doesn't know that it's a arbitrush transaction? How easy is it to spoof a secure node? I remain skeptical, I couldn't find anything in their whitepaper explaining how they achieve non-traceability. Seems that all an attacker would need to do would be to compromise one of the "secure nodes", or tap the network traffic. There is no "security considerations" section that I could find anywhere. Seems like /far less than/ Tor-like protections are being offered /and/ we're talking about a completely public ledger. Seems like it's pseudo-anonymity at best (which isn't a bad feature, just that people might be duped into thinking that it could actually protect them against organizations with modest resources). Does anyone know where we can read about the technical implementation behind the arbitrush stuff? -- manu -- Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) Founder/CEO - Digital Bazaar, Inc. blog: The Marathonic Dawn of Web Payments http://manu.sporny.org/2014/dawn-of-web-payments/
Received on Sunday, 21 September 2014 00:39:26 UTC