References: <CABdy8DKS4arkkCLGC=66SUJm5Ugib1EWP7B6MkQRX1k-yd3WBw@mail.gmail.com>
	<CANEZrP3v=ySS4gragaWuBMWi_swocRRRq_kw2edo6+9kifgrFQ@mail.gmail.com>
	<54D3D636.1030308@voskuil.org>
	<CANEZrP3ekWQWeV=Yw_E=n0grORBLHaXLUh3w0EFQdz=HsjWvZw@mail.gmail.com>
	<279489A5-1E46-48A2-8F58-1A25821D4D96@gmail.com>
	<CANEZrP3VAWajxE=mNxb6sLSQbhaQHD=2TgRKvYrEax2PAzCi2A@mail.gmail.com>
	<6AEDF3C4-DEE0-4E31-83D0-4FD92B125452@voskuil.org>
	<CABdy8DLRGyy5dvmVb_B3vao7Qwz-zdAC3-+2nJkg9rSsU6FLbw@mail.gmail.com>
Mime-Version: 1.0 (1.0)
In-Reply-To: <CABdy8DLRGyy5dvmVb_B3vao7Qwz-zdAC3-+2nJkg9rSsU6FLbw@mail.gmail.com>
Content-Type: multipart/alternative;
	boundary=Apple-Mail-E29AADEE-165D-43DB-AF5B-B3EFDD9AD2D4
Content-Transfer-Encoding: 7bit
Message-Id: <C28CD881-DAB8-4EDB-B239-7D45A825EAF0@voskuil.org>
From: Eric Voskuil <eric@voskuil.org>
Date: Thu, 5 Feb 2015 14:10:51 -0800
To: Paul Puey <paul@airbitz.co>
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Proposal for P2P Wireless (Bluetooth LE)
	transfer of Payment URI
Precedence: list


--Apple-Mail-E29AADEE-165D-43DB-AF5B-B3EFDD9AD2D4
Content-Type: text/plain;
	charset=us-ascii
Content-Transfer-Encoding: quoted-printable

A MITM can receive the initial broadcast and then spoof it by jamming the or=
iginal. You then only see one.

e

> On Feb 5, 2015, at 2:07 PM, Paul Puey <paul@airbitz.co> wrote:
>=20
> So if you picked up the BLE broadcast request. All you know is that *someo=
ne* within 100m is requesting bitcoin at a certain address. Not necessarily w=
ho. The *name* is both optional, and possibly just a *handle* of the user. I=
f I'm sitting 5 ft away from someone at dinner and wanted to pay them via BL=
E, I might see "Monkey Dude" on my list and simply ask him "is that you?" If=
 so, I send it. If there are two "Monkey Dude's" Then I have to bother with t=
he address prefix, but not otherwise.
>=20
>> On Thu, Feb 5, 2015 at 1:46 PM, Eric Voskuil <eric@voskuil.org> wrote:
>> BLE has an advertised range of over 100m.=20
>>=20
>> http://www.bluetooth.com/Pages/low-energy-tech-info.aspx
>>=20
>> In the case of mass surveillance that range could most likely be extended=
 dramatically by the reviewer. I've seen  WiFi ranges of over a mile with a s=
trong (not FCC approved) receiver.
>>=20
>> WiFi hotspots don't have strong identity or a guaranteed position, so the=
y can't be trusted for location.
>>=20
>> e
>>=20
>> On Feb 5, 2015, at 1:36 PM, Mike Hearn <mike@plan99.net> wrote:
>>=20
>>>> This sounds horrible. You could basically monitor anyone with a wallet i=
n a highly populated area and track them super easily by doing facial recogn=
ition.
>>>=20
>>> We're talking about BLE, still? The radio tech that runs in the so calle=
d "junk bands" because propagation is so poor?
>>>=20
>>> My watch loses its connection to my phone if I just put it down and walk=
 around my apartment. I'm all for reasonable paranoia, but Bluetooth isn't g=
oing to be enabling mass surveillance any time soon. It barely goes through a=
ir, let alone walls.
>>>=20
>>> Anyway, whatever. I'm just bouncing around ideas for faster user interfa=
ces. You could always switch it off or set it to be triggered by the presenc=
e of particular wifi hotspots, if you don't mind an initial bit of setup.
>>>=20
>>> Back on topic - the debate is interesting, but I think to get this to th=
e stage of being a BIP we'd need at least another wallet to implement it? Th=
en I guess a BIP would be useful regardless of the design issues. The prefix=
 matching still feels flaky to me but it's hard to know if you could really s=
wipe payments out of the air in practice, without actually trying it.
>=20

--Apple-Mail-E29AADEE-165D-43DB-AF5B-B3EFDD9AD2D4
Content-Type: text/html;
	charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html><head><meta http-equiv=3D"content-type" content=3D"text/html; charset=3D=
utf-8"></head><body dir=3D"auto"><div>A MITM can receive the initial broadca=
st and then spoof it by jamming the original. You then only see one.</div><d=
iv><br></div><div>e<br></div><div><br>On Feb 5, 2015, at 2:07 PM, Paul Puey &=
lt;<a href=3D"mailto:paul@airbitz.co">paul@airbitz.co</a>&gt; wrote:<br><br>=
</div><blockquote type=3D"cite"><div><div dir=3D"ltr">So if you picked up th=
e BLE broadcast request. All you know is that *someone* within 100m is reque=
sting bitcoin at a certain address. Not necessarily who. The *name* is both o=
ptional, and possibly just a *handle* of the user. If I'm sitting 5 ft away f=
rom someone at dinner and wanted to pay them via BLE, I might see "Monkey Du=
de" on my list and simply ask him "is that you?" If so, I send it. If there a=
re two "Monkey Dude's" Then I have to bother with the address prefix, but no=
t otherwise.</div><div class=3D"gmail_extra">
<br><div class=3D"gmail_quote">On Thu, Feb 5, 2015 at 1:46 PM, Eric Voskuil <=
span dir=3D"ltr">&lt;<a href=3D"mailto:eric@voskuil.org" target=3D"_blank">e=
ric@voskuil.org</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" s=
tyle=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div d=
ir=3D"auto"><div>BLE has an advertised range of over 100m.&nbsp;</div><div><=
br></div><div><a href=3D"http://www.bluetooth.com/Pages/low-energy-tech-info=
.aspx" target=3D"_blank">http://www.bluetooth.com/Pages/low-energy-tech-info=
.aspx</a><br><br><span style=3D"background-color:rgba(255,255,255,0)">In the=
 case of mass surveillance that range could most likely be extended dramatic=
ally by the reviewer. I've seen &nbsp;WiFi ranges of over a mile with a stro=
ng (not FCC approved) receiver.</span></div><div><span style=3D"background-c=
olor:rgba(255,255,255,0)"><br></span></div><div>WiFi hotspots don't have str=
ong identity or a guaranteed position, so they can't be trusted for location=
.</div><div><span style=3D"background-color:rgba(255,255,255,0)"><br></span>=
</div><div><span style=3D"background-color:rgba(255,255,255,0)">e</span></di=
v><div><br>On Feb 5, 2015, at 1:36 PM, Mike Hearn &lt;<a href=3D"mailto:mike=
@plan99.net" target=3D"_blank">mike@plan99.net</a>&gt; wrote:<br><br></div><=
blockquote type=3D"cite"><div><div dir=3D"ltr"><div class=3D"gmail_extra"><d=
iv class=3D"gmail_quote"><blockquote class=3D"gmail_quote" style=3D"margin:0=
 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir=3D"auto"><di=
v>This sounds horrible. You could basically monitor anyone with a wallet in a=
 highly populated area and track them super easily by doing facial recogniti=
on.</div></div></blockquote><div><br></div><div>We're talking about BLE, sti=
ll? The radio tech that runs in the so called "junk bands" because propagati=
on is so poor?</div><div><br></div><div>My watch loses its connection to my p=
hone if I just put it down and walk around my apartment. I'm all for reasona=
ble paranoia, but Bluetooth isn't going to be enabling mass surveillance any=
 time soon. It barely goes through air, let alone walls.</div><div><br></div=
><div>Anyway, whatever. I'm just bouncing around ideas for faster user inter=
faces. You could always switch it off or set it to be triggered by the prese=
nce of particular wifi hotspots, if you don't mind an initial bit of setup.<=
/div><div><br></div><div>Back on topic - the debate is interesting, but I th=
ink to get this to the stage of being a BIP we'd need at least another walle=
t to implement it? Then I guess a BIP would be useful regardless of the desi=
gn issues. The prefix matching still feels flaky to me but it's hard to know=
 if you could really swipe payments out of the air in practice, without actu=
ally trying it.</div><div><br></div><div><br></div></div></div></div>
</div></blockquote></div></blockquote></div><br></div>
</div></blockquote></body></html>=

--Apple-Mail-E29AADEE-165D-43DB-AF5B-B3EFDD9AD2D4--