Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Bitcoin Privacy

Bitcoin Is Not Anonymous After All 115

Taco Cowboy points out a new study that shows it is possible to figure out the IP address of someone who pays for transactions anonymously online using bitcoins. "The Bitcoin system is not managed by a central authority, but relies on a peer-to-peer network on the Internet. Anyone can join the network as a user or provide computing capacity to process the transactions. In the network, the user's identity is hidden behind a cryptographic pseudonym, which can be changed as often as is wanted. Transactions are signed with this pseudonym and broadcast to the public network to verify their authenticity and attribute the Bitcoins to the new owner. In their new study, researchers at the Laboratory of Algorithmics, Cryptology and Security of the University of Luxembourg have shown that Bitcoin does not protect user's IP address and that it can be linked to the user's transactions in real-time. To find this out, a hacker would need only a few computers and about €1500 per month for server and traffic costs. Moreover, the popular anonymization network "Tor" can do little to guarantee Bitcoin user's anonymity, since it can be blocked easily."
This discussion has been archived. No new comments can be posted.

Bitcoin Is Not Anonymous After All

Comments Filter:
  • Aw man (Score:5, Funny)

    by Anonymous Coward on Wednesday November 26, 2014 @05:46PM (#48470519)

    Now that hitman I hired to kill my bookie's drug dealer is going to be able to hire a hacker to find me.

    • I think the hitman knows who you are and wants for cash to cover costs on top of the fee.

      • by Anonymous Coward

        The only thing that is truely anonymous is this slashdot post. (tons and tons of sarcasm.)

        • You're fooling yourself. No one is safe from researchers.
          • You're fooling yourself. No one is safe from researchers.

            Yeah, especially the taxpaying American public in recent years, it seems.

            • Yeah, we don't need any research you already know everything! We should just all come to you with our questions. Explain to me again the thing about the earth being a perfect black body or something.
    • Well then you should have kept your wallet on blockchain.info and accessed that website from tor.

      Oops...derp...I accidentally rendered TFA's point moot.

  • by Anonymous Coward

    Researchers at the Laboratory of Algorithmics, Cryptology and Security of the University of Luxembourg wake up one morning and realize what any high school computer science student would have known.

    • News flash (Score:2, Insightful)

      by Anonymous Coward

      To be perfectly fair, computer science has a lot of things that "any student can tell you are true" that have not been proven to be true, and the difference is a really big deal in academia (where a significant portion of your job is proving things and publishing the paper explaining the proof).

      For example P!=NP is widely believed, highly intuitive, and the bases for some high profile algorithms (cryptography) but has never been proven.

    • by gweihir ( 88907 )

      Science can often mean to prove things that seem relatively obvious. In not so few cases, they then turn out to be wrong, and in the other cases they turn from speculation to fact.

      Without science, we would still believe the earth was flat, and that bloodletting was a good medical procedure to cure everything. After all, these things were obvious back then.

      • by yacc143 ( 975862 )

        Don't flaunt, I'm sure we'll get with the "earth is flat" (some words in the bible that can be interpreted this way are there) once certain US school authorities finish rooting out evolution (which is obviously wrong because it's not explained that way in The Book).

        • by gweihir ( 88907 )

          Since I am based in Europe, I do observe these tendencies with some level fascination. It is just as if the US envies Europe the dark ages of non-enlightenment and wants to go into something similar to compensate.

          • Since I am based in Europe, I do observe these tendencies with some level fascination. It is just as if the US envies Europe the dark ages of non-enlightenment and wants to go into something similar to compensate.

            I don't know that it is envy.

            We do have a segment of the population believing that "we can do it better". Whether or not "it" is worth doing at all.

  • It never was (Score:3, Insightful)

    by Anonymous Coward on Wednesday November 26, 2014 @05:47PM (#48470533)

    Only idiots thought it was anonymous.

  • Duh (Score:5, Interesting)

    by Aighearach ( 97333 ) on Wednesday November 26, 2014 @05:49PM (#48470539)

    Anonymity was never a feature. Whoever thought that didn't read the bitcoin summary. ;) You not only know where it came from, you know where it has been, too.

    The only reason it is popular is that governments didn't have tracking in place so it gained popularity as a currency for drug purchases. They do now have that tracking in place, however, so that ship sailed.

    I think the paranoid anti-government crowd are just not good enough at comprehension to know what they're saying or why. They heard that bitcoin was anti-government, so they decided it must be full of magical anonymous unicorns with anonymous rainbow farts.

    • Re: (Score:1, Insightful)

      by Anonymous Coward

      No,

      Bitcoins is an improvement in that it is centralized and the government can't prevent the transfer of coins. A government might say it is illegal to receive/spend/use bitcoins, but there is and always has been an underground economy that has ignored such laws. This gives those people the ability to do that in the same way that cash does. The government can easily prevent paypal, master card, etc from allowing people to send money to “lawless” foreign casinos. They can't do that with bitcoins.

      • Re:Duh (Score:4, Insightful)

        by Aighearach ( 97333 ) on Wednesday November 26, 2014 @10:53PM (#48471953)

        They have confiscated enough bitcoins that they can actually track most of the market now, for various reasons that have been explained on slashdot in the bitcoin-related stories.

        No noticeable country says that bitcoin is illegal. Barter is legal almost everywhere, so currencies are also legal. And the fact is, when it comes to bitcoin the US Government is a major market participant at this point.

        Bitcoin is way less anonymous than US Dollars, there is no question of that. No question at all. So if you're self-identifying as one of the "anti-government types," then yes, that is exactly what I was talking about. You believe something less anonymous to have been a step towards anonymity. You seem to fail to notice that I didn't pass any judgment or present any opinion on if anonymous payment is good or bad. I'm just pointing at the popular set of opinions that contract themselves. I would expect people who really believe in anonymous payment to use only non-electronic payment, at least until there is some sort of central authority that is trusted to maintain anonymity can back an electronic currency. You can't have a fiat currency without trust; you either need a trusted central authority, or the ability to track units of currency back to their original source, as in bitcoin. Lacking those, the most anonymous you can be is with cash, and things like CC cards purchased with cash, gift cards, or even money orders using an unknown alias.

        And how can bitcoin be a protest against unjust laws, when bitcoin is legal? That makes no sense at all.

        • by AmiMoJo ( 196126 ) *

          The point of Bitcoin is to remove control from governments, and to make pseudo-anonymous transactions possible online. Sure, in real life cash is better, but if you want to transact over the internet you need something like Bitcoin.

          Notice that I said pseudo-anonymous. An IP address does not identify an individual, it could be a shared connection, free public wifi, a VPN, or Tor. You need to take additional steps to become anonymous, but Bitcoin is still better than a credit card which conveys your name and

    • by Anonymous Coward

      They do not have such tracking in place. If you look at _every_single_ case of bitcoin-related criminals being busted, none of them were found through bitcoin or tor. They're found through stupid mistakes and old-fashioned police work - e.g., people use use the same username on Silk Road and eBay get busted, because they're stupid.

    • by Anonymous Coward

      It can be as anonymous as you want it to be. Want it to be super anonymous? Transmit the signed transaction in a coffee shop. Nobody knows anything. More anonymous? Transmit the signed transaction from an open wifi access point. Keep in mind that transmitting the transaction does not allow anyone seeing this to do anything with your Bitcoins themselves, since you have the private key.

      • by Anonymous Coward

        Seriously? Most coffee shops I know of have their Wi-Fi either locked down with some username/password info, require a password that changes daily, or require a credit card (a la Tengo.) There has just been too much abuse of open APs, especially where I live. Even the "open" ones try to MITM connections sometimes (interesting how 192.168.168.168 presents a self-signed key presented for Exchange transactions, for example.) If someone did something bad enough, it isn't hard to NSL the camera logs (most sh

        • by gl4ss ( 559668 )

          ...around here(Asia) finding an open AP is simple as finding apple pie. the wifis are either open or the password is something simple that never changes(phone number of the place usually), there's no way of telling if the person is inside the restaurant either or 50 meters down the street - only the expensive establishments have one time use code systems and such.

          also, in most western countries buying a data capable simcard anonymously is easy as pie as well and buying a phone to use it with anonymously is

          • In the US most phones don't have interchangeable sim cards, but you can buy a dumb phone with cash for $15-20 at a convenience store, and buy cards there to pay the account.

            TOR is encrypted but it isn't anonymous if the government knows about at least n nodes, which they do. And they control a large number that they have seized, it is broadly believed that the NSA owns enough of the nodes to see all the network traffic.

          • You won't find many open APs in China, since the official policy there is that all Internet users must be identifiable. Certainly not in cafés or what have you. Generally you have to register for username/password and receive it by email.

            What I usually end up doing in such places is flirting with the girl behind the counter until she offers to let me use hers. Unless my wife is with me, of course. ;)

        • They don't need a rubber hose, that is for the spooks. Law enforcement can easily just get a court order and you'll turn up at their office with your lawyer and blockchain data.

        • by aliquis ( 678370 )

          What about letting your browser lie about its data when you're doing something nasty and showing real data when you're not? ... and then?

  • What next?!! Water is wet?

  • Well... (Score:2, Offtopic)

    by Agares ( 1890982 )
    By its nature it should be obvious that bitcoin is not truly anonymous. Mod me down if you like, but when you think about it it's easy to see.
  • by Anonymous Coward on Wednesday November 26, 2014 @05:58PM (#48470595)

    Bitcoin was NEVER meant to be anonymous. EVER.

  • by Michael Woodhams ( 112247 ) on Wednesday November 26, 2014 @06:12PM (#48470685) Journal

    And you can absolutely guarantee that the three letter agencies remember every one of them. They can look at who you've made transactions with and usually get a very good idea just from that who you are. I imagine they get more from fronts and hacked/infiltrated organizations. If they need more and you've ever transacted with a commercial entity within their jurisdiction, you are a National Security Letter or local equivalent away from being identified.

    This IP address thing is like discovering that the back door is unlocked and open when the front door is secured by a piece of string.

    • by Agares ( 1890982 )
      Exactly, and this is the reason why I never believed that Bitcoin was truly anonymous.
      • by Anonymous Coward

        Makes sense that you would believe that, being that the Bitcoin "developers" themselves even say so. You know, on their own website (bitcoin.org):

        "Some effort is required to protect your privacy with Bitcoin. All Bitcoin transactions are stored publicly and permanently on the network, which means anyone can see the balance and transactions of any Bitcoin address. However, the identity of the user behind an address remains unknown until information is revealed during a purchase or in other circumstances. Thi

    • by AHuxley ( 892839 )
      Yes an ip will change or can change. Unless the ISP gives the details of that user. Who can request that?
      • It's even simpler than that... the IPs are in a limited pool, and are used for all your network transactions during the period. All there needs to be is an IP correlation between the transaction and that check of your GMail account during the same time period, and the IP links the two, flagging who you are. No need to track back through the ISP who was supposed to have that IP at that time (although that's trivial with a warrant too).

    • And you can absolutely guarantee that the three letter agencies remember every one of them.

      Wait I thought the fundamental point of the blockchain was that everyone remembers every transaction. Isn't this open and the history a fundamental part of bitcoin?

  • by ASDFnz ( 472824 ) on Wednesday November 26, 2014 @06:23PM (#48470735)

    Apart from the whole "bitcoin is only pseudo-anonymous" anyway, the article is wrong.

    The IP you can trace a transaction back to is only the IP of the person that told you about the transaction. So unless you're connected directly to the person that made the transaction on the p2p network you're just getting the IP of the client that told you about it. Even then, you don't know if that is the person making the transaction or someone telling you that the transaction was made.

    Bad research by people who should know better.

    • by TubeSteak ( 669689 ) on Wednesday November 26, 2014 @06:57PM (#48470945) Journal

      The IP you can trace a transaction back to is only the IP of the person that told you about the transaction.

      Try reading the paper.

      The crucial idea is that each client can be uniquely identied by a set of nodes he connects to (entry nodes). We show that this set can be learned at the time of connection and then used to identify the origin of a transaction.

      The crucial
      idea of our attack is to identify each client by an octet of
      outgoing connections it establishes. This octet of Bitcoin
      peers (entry nodes) serves as a unique identier of a client
      for the whole duration of a user session and will dierenti-
      ate even those users who share the same NAT IP address.
      We showed that most of these connections can be learned if
      the attacker maintains connections to a majority of Bitcoin
      servers. Then we show that the transaction propagation
      rules imply that the entry nodes will be among the rst
      that report the transaction to the attacker. As soon as the
      attacker receives the transaction from just 2-3 entry nodes
      he can with very high probability link the transaction to a
      specic client. Moreover a sequence of successfully mapped
      transactions can help the attacker to track dynamic changes
      in the entry node set, to keep the client identier fresh. The
      cost of the deanonymisation attack on the full Bitcoin net-
      work is under 1500 EUR.

      /all spelling mistakes are in the original text

  • by TheCarp ( 96830 ) <sjc AT carpanet DOT net> on Wednesday November 26, 2014 @06:25PM (#48470743) Homepage

    I find it hillarious that they so easily conclude tor doesn't fill these gaps because they deem it too easy to break. That right there is some pretty extraordinary claim, I would want to see them do it if its so easy.

    I don't think there is any evidence that tor, in this particular use case, is actually so easy to break. So far all evidence is that weaknesses lie in the services behind hidden services, in browsers used to use web based services in particular, and potentially in hidden services themselves.

    A bitcoin node transmitting transactions really should be pretty safe, and if they have any evidence to the contrary, that would be much more interesting than their hand waving clickbait claims.

  • by dindi ( 78034 ) on Wednesday November 26, 2014 @06:45PM (#48470863)

    " Moreover, the popular anonymization network "Tor" can do little to guarantee Bitcoin user's anonymity, since it can be blocked easily"....

    What does this sentence even mean?

    Bitcoin (Litecoin, Maxcoin, *coin (ok, most) ) can use a proxy. This proxy can go through TOR, I2P, 55 VPNs zig-zagging over the globe.

    Bitcoin is Anonymous as you don't need to provide your identity. All transactions are however public: visible in the blockchain. It is like imagining a big mess of encrypted emails that everyone hosts on their machines, but you can only read the ones (spend bitcoins from) you have the key for.

    Did I mention: you don't need to run a full node, and you can also use an on-line wallet.

    Simple recipe:
    1. mine some bitcoins
    2. get a VPN
    3. Use the VPN to get a free email address (google, riseup or else)
    4. Use the VPN to get a VPS hosting
    5. set up TOR on VPS hosting (hidden service)
    6. and/or set up I2P on VPS hosting (eepsite)
    7. Install Bitcoin, Litecoin, *Coin on the machine and run a full node through the VPN, TOR, I2P or combination of them
    8. Use the VPN, TOR, I2P (or a combination of them) to access the machine where
    9. Use the command line interface to send funds
    10. Use any of the libraries to write your own web service to talk to the daemons to manage your funds

    There ... find the IP where it came from.... found it ?

    Rinse, repeat:

    1. buy raspberry PI
    2. buy throw-away anonymous SIM online (through VPN, I2P, TOR, with bitcoins)
    3. install TOR, VPN, I2P, solar panel, gsm modem, Bitcoind, *coind on raspberry PI
    4. Take a long ride from home where there is still reception, climb a tree/rock/old building/tower. Install it there ...

    Found my IP ?

    and so on ...

    Or did they mean: if you just run a full node from home and accidentally connect to one of their servers they propagate, they can see where the transaction was coming from the first time ?
    bitcoind --printtoconsole

    • Read the article. They have a way of forcing disconnection of a server from the Tor network. They concede it's quite noticeable and it may not work if no non-tor fallback is used.
  • Looks like someone is trying to push the price of bitcoin down again.

    • As a big holder and long-time user of bitcoins, I'm in favor of the price not being pushed down. That said, TFS is inflammatory. TFA, which is open access, is actually an interesting read, and it's a clever attack. They also discuss possible mitigations. It's worth a read if you're into bitcoin.
      • I'd make some sort of metaphorical comparison, except that when referring to things demonstrating instability my stock phrase is 'up and down like the price of bitcoin.'

  • What?! (Score:2, Interesting)

    by Anonymous Coward

    Who thought bitcoin was anonymous? It is a detailed, immutable list of transactions... it is downright transparent...

    • I think the general reason people feel that Bitcoin is anonymous is that there are never real names attached to the transactions.
  • This has actually been known for sometime that bitcoin is not anonymous. There are still many advantages to BTC.

    1. It offers the same level of anonymitty as posting on a website. They can get your IP address. It solves the problem of paid services that get your full name, address, and a credit card number that can be repeated. So, its actually possible to charge money for a service that respects your privacy, instead of having to rely on free anonymous services, which will become unfeasiable at scale. Eit

  • Seriously, anonymity was never expected out of bitcoins; more so, it was expected to be able to track them. If you know who paid who, you can discover if it was a legal payment or not. Also, people worried about privacy: your payments are already known, shared, put into predictive software... you're not losing any privacy by using bitcoin. Licit use of money is more important than supposedly breaching 'rights' that have already been breached by a different source. And to the reporter / poster: please re

Do molecular biologists wear designer genes?

Working...