Welcome to the October 2018 edition of the Spectrecoin newsletter and the first of the planned monthly publications. In this edition we will focus on what core team member @Helix has been working on over the last few week to organise and automate the building of Spectrecoin wallets. He has worked tirelessly on setting up the build automation and we are now seeing some great results. We will cover this in more detail below and try to explain how this works.
The Spectrecoin lead developer @Tek has also been busy with fine tuning the source code, exploring and learning and has been able to fix the TOR w/ OBFS4 integration that appears to have had issues since the release of v1.4. We will cover this in some more detail below.
As you all know, September, late summer, is always a slow time for cryptocurrencies but you need to rest assured that the team is working on this project daily and we have some exciting news and plans, not all of which we can discuss in detail yet. Please also accept some apologies for not always being dead on time with things as I am still balancing a demanding ‘day job‘, family and Spectrecoin. I am transitioning into working part time for my ‘day-job’ and the other half will be dedicated to Spectrecoin. We are still a very small project but dedicated and determined to deliver a top-tier privacy crypto.
@Helix has been hard at work, sometimes 24 hours a day it seems to me, to bring effective automation to Spectrecoin builds. This work has been ongoing for some weeks and I know many of you might be slightly confused about what this actually means and how it works. @Helix has therefore supplied a a quick overview over the automated build processes that Spectrecoin are now using. Below are links to documents that offer some more details around the automated builds:
download the PDF version to explain the automation:
The toolchain is based on Jenkins, running on AWS (Amazon Web Services) and is mostly Dockerized, i.e. converting an application to run within a Docker container. This means in short that once we push changes to the Spectrecoin repo for bug fixes, new features, new releases or other updates, Jenkins orchestrates the builds and the end result is that we very quickly get updated builds released to our users. The builds are automatically quality checked and this also ensures more stable releases. The Linux builds are now working and the Windows automation is near complete and the Mac automation will follow. As @Helix has provided a detailed documents describing the Spectrecoin continuous integration setup I will not go into further details here. Please see the links above.
Spectrecoin bootstrap on GitHub
As part of the new release process we will be uploading the Spectrecoin blockchain to the GitHub repo regulary to make it easier to sync the blockchain from scratch or to reload it if you’ve had a crash of some sort. You should be able to find the latest blockchain here:
To make use of the bootstrap just download the zip file and unzip the content into the Spectrecoin data directory, which will be:
Windows: %appdata%\Spectrecoin\ Mac OSX: /Users/*USERNAME*/Library/Application Support/Spectrecoin/ Linux: ~/.spectrecoin/
Content of the data directory:
blk0001.dat - The main blockchain data file txleveldb/* - The files of the transaction database
Then just start the wallet and let it sync. The bootstrap is not automated yet but will be uploaded whenever we have a new build. It is generally recommended that you sync from scratch but if you want to save time and trust us use the bootstrap.
TOR w/ OBFS4 pre-configured
We are just about ready to release Spectrecoin 2.0.8 w/ TOR running as a separate process and it’s a good opportunity to go over some facts about what makes Spectrecoin one of the most private cryptocurrencies around with regards to network security and global access. A pre-release is currently available for Windows users. Mac and Linux users will have to wait until the release version.
Spectrecoin has used TOR as default since back in 2016 and is one of the few if not the only cryptocurrency that had TOR integrated as a part of the codebase. We have now decided to run Tor as a separate process. This provides the same level of privacy but enables us to always use the latest version of TOR and to use the TOR plugins / bridges more effectively. As always, the Spectrecoin wallet communicates exclusively through TOR and will never associate itself with your public IP address, but only broadcast over the network using an .onion address. It is also important to note that the Spectrecoin network rejects any network connection other than TOR. Only nodes reachable via .onion addresses are accepted.
With the release of 2.0.8 we will have two versions, one with TOR+OBFS4 preconfigured and one “normal” version with TOR and OBFS4 as an option. This makes it more user friendly for our friends in certain TOR censored countries like Turkey that can just use the pre-configured version and they will know that OBFS4 is always running as part of the Spectrecoin wallet as a separate process. Below you can see a screenshot from the Windows ‘task manager‘ where it is evident that all network communication is through OBFS4.
We are likely to offer alternative TOR bridges / plugins very soon, such as Meek that mimics other web-traffic and has been proven to work in China (https://trac.torproject.org/projects/tor/wiki/doc/meek). We are planning to offer the plugins as part of a proposed installation package for Spectrecoin that will be similar to what you find in the Tor browser where you can select the plugin to use.
Here is a small sneak peak at the Spectrecoin installer we are working on:
There may be other cryptocurrencies that have the option of routing traffic through Tor but this is not as secure and there are possibilities for information leaks. We would be happy to learn about other crypto projects that have TOR integrated and as default.
If you are unsure about what TOR and OBFS4 is there is a short summary below:
What is TOR (The Onion Router)
When you communicate over the internet you ‘display‘ your IP address (something like 220.127.116.11) and that IP address is unique to you at that particular time and your identity could be ascertained by your ISP and provided to a third party. TOR uses encryption to hide your real IP address and will route your traffic through multiple TOR relay nodes. You will then display only a so called ‘onion‘ address that can not be linked to your real IP address (something like esplqy7twp75ddpb.onion).
So, what the problem with TOR
Some governments around the world, such as China, Saudi-Arabia, Turkey, Iran and France are either blocking TOR or trying to block TOR traffic. They are using so called ‘deep package inspection‘ and other tools to analyse the data you transmit over your internet connection. If TOR traffic is detected they will restrict or block that connection and it may also be that they take an interest in what you might be doing. As more and more governments are trying to control and censor the internet we can expect that tools like TOR and I2P might be increasingly targeted in the future. The solution is to ‘hide’ your TOR traffic inside a so called obfuscation layer, such as OBFS4. This is know as a TOR pluggable transport or bridge and also includes Meek.
What is OBFS4
In the words of the author, Yawning Angel, describing OBFS4 “This is a protocol obfuscation layer for TCP protocols. Its purpose is to keep a third party from telling what protocol is in use based on message contents.” In other words, OBFS4 (when activated) will obfuscate / hide the TOR traffic so an observer will not be able to tell that you are in fact using TOR.
What is Meek
A transport that uses HTTP for carrying bytes and TLS (Transport Layer Security is an encryption protocol) for obfuscation. Traffic is relayed through a third-party server such as Google or Azure. It uses a trick to talk to the third party so that it looks like it is talking to an unblocked server.
Spectrecoin will always strive to be at the forefront of developing our network security. We are also aware of a new technology known as ‘Dandelion‘ and we have been discussing implementation of this for Spectrecoin and as soon as we know more we will publish additional information. Expect this to be on a future roadmap.
Spectrecoin will become an official legal entity and will be set up as a not-for-profit organisation that will act as the development fund custodian. We are in the process of exploring different option for how to set this up but it appears likely at this point that Spectrecoin will become a UK ‘Community Interest Company‘ (CIC) and be registered in the UK as I am based in the UK. A CIC is in law a not-for-profit structure and is an asset-locked body that must ensure that any profits or assets are used principally for the benefit of the community, which in this case means the continued development of Spectrecoin. An asset-locked body means that the CIC cannot distribute profits to its members. By doing this the development fund is ring-fenced within a this legal entity which would then carry out the required activities in order to develop, maintain and promote Spectrecoin. Outside developers and other parties would contract with the company.
The CIC would only be able to pay market rate salaries to members working for the company.
This will ensure a long term future for Spectrecoin and would allow the CIC to agree on rules for how to manage the development fund and how new members can join and how members could leave. The CIC would in effect ‘own‘ the Spectrecoin GitHub repo and would own the sole right to manage the development fund according to the not-for-profit ideals of a CIC.
This ensures trust in that the development fund will only be used to compensate for work done and for development, project management and promotion. Given that the CIC would be under strict UK tax and reporting rules the community can trust that the accounting is proper that the CIC is operating legeally and under scrutiny
This does not detract from our mission of delivering a top-tier anonymous cryptocurrency and the fact that Spectrecoin becomes a legal entity does not in any way impose any restrictions on development or does not pose any restrictions on our freedom to create great software. It only secures the development fund and would make the members liable under law for any abuse of funds.
You can expect a further update on this in the November newsletter.
Whats on in October
@Tek is coming to London, UK between 12/10/2018 and 14/10/2018 to meet with me, @Mandica, and discuss details around future development of Spectrecoin. This will be an in depth discussion on where we are and what we will be aiming to implement over the next 6 months. It is the first ever meeting of Spectrecoin core team members and we planning to hold a meeting around every 6 months. As you are aware, the Spectrecoin core team is spread out in different countries and all communication so far as been through Discord, Skype and other online forums but meeting in person will enable a more detailed discussion around our plans, development, roadmap and governance.
Whilst @Tek is in London we have also arranged to meet with a couple of eminent researchers and academics who are experts in the field of stealth address technology and ring signatures. We are aiming to agree on a collaboration over a few months to essentially search for weaknesses and vulnerabilities in the Spectrecoin code. In other words, trying to break the code and hence improve and strengthen the privacy and anonymity of Spectrecoin. We anticipate that peer reviewed papers around Spectrecoin privacy will result from this collaboration and cement our position as a privacy coin that takes our privacy very seriously indeed.
Full details of this will be in the upcoming November 2018 newsletter. We are not able to give further details until this has been finally agreed with the other parties.