Hi all,

Chainalysis here - sorry to have caused any worry or confusion. We were preparing data for a blogpost on bitcoin traffic by volume btw different counties. We chose specifically to setup a number of nodes on the same /24 net to avoid any bitcoind or other vital parts of the network to be caught only on our nodes as we initially havn't build the transaction forwarding into the probes.

As we learned some SPV nodes were affected we have now shut down the nodes.

Sending a bitcoin transaction in a p2p network will always to some extend reveal your IP, like your IP is known by google as soon as you google something or by your preferred DNS server looking up domain names. We implicitly trust these services and that they do not reveal our behaviour on the internet. We also know that e.g. google of course profit from collecting this information which we accept to the extend that they don't sell specific information, but only statistical information compiled from their measurements.

We still think that there is a lot of interesting info you can learn from the bitcoin network by doing this kind of experiments, however, we also accept a do-not-trace wish from users. So perhaps the right way for network analysis research going forward is to:
1. Ensure probes comply 100% with the protocol (shame on us)
2. Add a link (url) to the specific purpose in the version name
3. Keep a tag in the version name [probe / recording / whatever] so nodes can choose to friendly opt out

But also note that the above measures and current protocol does not protect you against a real spy net at all, Tor is still the best solution for this purpose.

Sincerely,

Michael