Bitcoin and IP Address Privacy

By Milly Bitcoin – May 16, 2013

The Electronic Frontier Foundation (EFF) released a statement today about Bitcoin.  It states in the footnote “the network doesn’t actively conceal the IP addresses from which transactions were initiated.”  This article explains how IP addresses are handled on the Bitcoin network.

If you use a web wallet or a service that connects to a centralized wallet then this does not apply.  Only those services that you connect to have your IP address.  They broadcast the transactions so if there is to be an IP address collected on the Bitcoin network then it is their IP address.

Many people have visited Blockchain.info.  When you click on any transaction you see a “Relayed by IP.”   What they do is run a program that tries to connect to as many Bitcoin nodes as possible.  They are connected to many more nodes than most users but not all of them.  The first IP address they happen to see is what they report as the “Relayed by IP”.

IP addresses are recorded in the “debug.log” files of the connected nodes.  It collects lists of other connected nodes and that is how the peer-to-peer connections are propagated.

2013-03-30 07:37:32 Added 26 addresses from xx.xx.xx.xx: 0 tried, 52 new
2013-03-30 07:37:32 trying connection xx.xx.xx.xx:8333 lastseen=80.8hrs
2013-03-30 07:37:32 connected xx.xx.xx.xx:8333

A node only knows about IP addresses of placed it is connected to.  So Blockchain.info displays the IP address that is saved in their logs.  There is no IP address broadcast or saved in the blockchain.  You can see the data that is saved by going to http://blockexplorer.com/, click on any block number, and click on “Raw Block.

If you do wish to run a full a node and broadcast transactions it is easy to avoid a node that is collecting and displaying IP addresses.  Simply place a list of nodes you want to connect to and Bitcoin won’t connect to any other nodes:

 # … or use as many connect= settings as you like to connect ONLY
# to specific peers:
#connect=69.164.218.197
#connect=10.0.0.1:8333

Below is an example Bitcoin configuration file that you can find at https://en.bitcoin.it/wiki/Running_Bitcoin.


UPDATE 5/18:  A review of the EFF announcement references the paper An Analysis of Anonymity in the Bitcoin System.  The paper references the “pay to IP address” feature in Bitcoin that was used for the defunct Bitcoin Faucet that sent free bitcoins to new users.  That feature is rarely used and most people don’t realize it exists.

The paper also quotes Dan Kamisky:

Security researcher Dan Kaminsky has performed an analysis of the Bitcoin system, investigating identity leakage at the TCP/IP layer. He found that by opening a connection to all public peers in the network at once, he could map IP addresses to Bitcoin public-keys, working from the assumption that \the first node to inform you of a transaction is the source of it. . . [this is] more or less true, and absolutely over time” [16]. Using this approach it is possible to map public-keys to IP addresses unless users are using an anonymising proxy technology such as TOR.

As explained above, this claim is not true as it is not possible to “absolutely” associate an IP with a transaction over any amount of time.

A quick check of Blockchain.info shows they have attributed large number of transactions to one of the nodes I operate.  This includes numerous bets from Satoshi Dice.


 # Use as many addnode= settings as you like to connect to specific peers
#addnode=69.164.218.197
#addnode=10.0.0.2:8333

# … or use as many connect= settings as you like to connect ONLY
# to specific peers:
#connect=69.164.218.197
#connect=10.0.0.1:8333

# Do not use Internet Relay Chat (irc.lfnet.org #bitcoin channel) to
# find other peers.
#noirc=0

# Maximum number of inbound+outbound connections.
#maxconnections=

# JSON-RPC options (for controlling a running Bitcoin/bitcoind process)

# server=1 tells Bitcoin-QT to accept JSON-RPC commands.
#server=0

# You must set rpcuser and rpcpassword to secure the JSON-RPC api
#rpcuser=Ulysseys
#rpcpassword=YourSuperGreatPasswordNumber_DO_NOT_USE_THIS_OR_YOU_WILL_GET_ROBBED_385593

# How many seconds bitcoin will wait for a complete RPC HTTP request.
# after the HTTP connection is established.
#rpctimeout=30

# By default, only RPC connections from localhost are allowed.  Specify
# as many rpcallowip= settings as you like to allow connections from
# other hosts (and you may use * as a wildcard character):
#rpcallowip=10.1.1.34
#rpcallowip=192.168.1.*

# Listen for RPC connections on this TCP port:
#rpcport=8332

# You can use Bitcoin or bitcoind to send commands to Bitcoin/bitcoind
# running on another host using this option:
#rpcconnect=127.0.0.1

# Use Secure Sockets Layer (also known as TLS or HTTPS) to communicate
# with Bitcoin -server or bitcoind
#rpcssl=1

# OpenSSL settings used when rpcssl=1
#rpcsslciphers=TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!AH:!3DES:@STRENGTH
#rpcsslcertificatechainfile=server.cert
#rpcsslprivatekeyfile=server.pem

# Miscellaneous options

# Set gen=1 to attempt to generate bitcoins
#gen=0

# Use SSE instructions to try to generate bitcoins faster.
#4way=1

# Pre-generate this many public/private key pairs, so wallet backups will be valid for
# both prior transactions and several dozen future transactions.
#keypool=100

# Pay an optional transaction fee every time you send bitcoins.  Transactions with fees
# are more likely than free transactions to be included in generated blocks, so may
# be validated sooner.
#paytxfee=0.00

# Allow direct connections for the ‘pay via IP address’ feature.
#allowreceivebyip=1

# User interface options

# Start Bitcoin minimized
#min=1

# Minimize to the system tray
#minimizetotray=1

bitcoinmilly1

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>