<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">For downloading transactions unless you frequently receive<br>
transactions you wont be fetching every block. Or are you assuming<br>
bloom filters dialled up to the point of huge false positives? You<br>
said otherwise.<br></blockquote><div><br></div><div>Well, what I mean is, bitcoinj already gets criticised for having very low FP rates, but even with those rates we're applying them to hundreds of thousands of transactions per sync. So it's still enough FPs to trigger at least one per block, often several, yet people tell us this isn't enough to give meaningful privacy.</div><div> <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Relatedly I think bitcoin could do with a store-and-forward message<br>
bus with privacy and strong reliability via redundancy (but less<br>
redundancy maybe than consensus all-nodes must receiving and agree and<br>
store forever). <br></blockquote><div><br></div><div>Yup, see here:</div><div><br></div><div><a href="https://www.bitcoinauthenticator.org/subspace/">https://www.bitcoinauthenticator.org/subspace/</a><br></div><div><a href="https://groups.google.com/forum/#!topic/bitcoinj/_S15jo5mcDI">https://groups.google.com/forum/#!topic/bitcoinj/_S15jo5mcDI</a></div><div><br></div><div>Subspace looks like it's developing into what we need.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">You seem to be saying at one point that Tor is useless against<br>
pervasive eavesdropper threat model</blockquote><div><br></div><div>No, Tor is effective against in that threat model. What I meant is that without Tor, someone doing wire intercepts isn't going to be fazed by using multiple peers together, and with Tor it's not clear that syncing from multiple peers in parallel gives much an additional win.</div><div><br></div><div>Also, getting Tor practical enough to activate by default is tricky. Though the same people who are doing Subspace are trying it out to see what happens.</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">secondly that other types of attackers are disinterested (how do we know that?) or maybe that you<br>
dont care about privacy vs them (maybe some users do!)<br></blockquote><div><br></div><div>Some of my opinions are based on experience of HTTPS deployments, where many of the same issues apply.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">It would certainly be nice to get real privacy from a wider range of<br>
attackers but nothing (current situation) is clearly worse; using<br>
block bloom filters we'd make the pervasive case harder work, and the<br>
nosy full node learn nothing.</blockquote><div><br></div><div>Yes, but what's the best way to fix that?</div><div><br></div><div>The calculation goes like this: we have ~80 hours of hacking time to spend on privacy this quarter. Do we:</div><div><br></div><div>a) Do wire encryption</div><div>b) Make Bloom filter clients smarter</div><div>c) Optimise Tor</div><div>d) Do a new PIR protocol from scratch and possibly run out of time having failed to launch</div><div><br></div><div>Of these (d) is the least appealing to me, especially because I don't feel like submitting SPV related stuff to Bitcoin Core any more. If I were to work on the protocol it'd be in the context of Bitcoin XT, which rules out consensus changes or other things that rely on miners. Wire encryption would probably raise the bar for our spooky friends quite a lot, with minimal effort. The ROI looks good, compared to more complex PIR.</div></div></div></div>