Bitcoin Is Not Anonymous After All 115
Taco Cowboy points out a new study that shows it is possible to figure out the IP address of someone who pays for transactions anonymously online using bitcoins. "The Bitcoin system is not managed by a central authority, but relies on a peer-to-peer network on the Internet. Anyone can join the network as a user or provide computing capacity to process the transactions. In the network, the user's identity is hidden behind a cryptographic pseudonym, which can be changed as often as is wanted. Transactions are signed with this pseudonym and broadcast to the public network to verify their authenticity and attribute the Bitcoins to the new owner. In their new study, researchers at the Laboratory of Algorithmics, Cryptology and Security of the University of Luxembourg have shown that Bitcoin does not protect user's IP address and that it can be linked to the user's transactions in real-time. To find this out, a hacker would need only a few computers and about €1500 per month for server and traffic costs. Moreover, the popular anonymization network "Tor" can do little to guarantee Bitcoin user's anonymity, since it can be blocked easily."
Aw man (Score:5, Funny)
Now that hitman I hired to kill my bookie's drug dealer is going to be able to hire a hacker to find me.
Re: (Score:2)
I think the hitman knows who you are and wants for cash to cover costs on top of the fee.
Re: (Score:1)
The only thing that is truely anonymous is this slashdot post. (tons and tons of sarcasm.)
Re: (Score:2)
Re: (Score:2)
You're fooling yourself. No one is safe from researchers.
Yeah, especially the taxpaying American public in recent years, it seems.
Re: (Score:2)
Re: (Score:2)
Well then you should have kept your wallet on blockchain.info and accessed that website from tor.
Oops...derp...I accidentally rendered TFA's point moot.
Re: (Score:2)
Bilgecoin...the preferred choice of money for murderers!
News flash (Score:1)
Researchers at the Laboratory of Algorithmics, Cryptology and Security of the University of Luxembourg wake up one morning and realize what any high school computer science student would have known.
News flash (Score:2, Insightful)
To be perfectly fair, computer science has a lot of things that "any student can tell you are true" that have not been proven to be true, and the difference is a really big deal in academia (where a significant portion of your job is proving things and publishing the paper explaining the proof).
For example P!=NP is widely believed, highly intuitive, and the bases for some high profile algorithms (cryptography) but has never been proven.
Re: (Score:2)
Science can often mean to prove things that seem relatively obvious. In not so few cases, they then turn out to be wrong, and in the other cases they turn from speculation to fact.
Without science, we would still believe the earth was flat, and that bloodletting was a good medical procedure to cure everything. After all, these things were obvious back then.
Re: (Score:2)
Don't flaunt, I'm sure we'll get with the "earth is flat" (some words in the bible that can be interpreted this way are there) once certain US school authorities finish rooting out evolution (which is obviously wrong because it's not explained that way in The Book).
Re: (Score:2)
Since I am based in Europe, I do observe these tendencies with some level fascination. It is just as if the US envies Europe the dark ages of non-enlightenment and wants to go into something similar to compensate.
Re: (Score:1)
Since I am based in Europe, I do observe these tendencies with some level fascination. It is just as if the US envies Europe the dark ages of non-enlightenment and wants to go into something similar to compensate.
I don't know that it is envy.
We do have a segment of the population believing that "we can do it better". Whether or not "it" is worth doing at all.
Re: (Score:2)
Makes sense.
It never was (Score:3, Insightful)
Only idiots thought it was anonymous.
Re: (Score:2)
No one ever expects anonymous!
Re: It never was (Score:2)
But I guess maybe that is just consistent with the idiot speculators and the value bubble.
Re: (Score:2)
Duh (Score:5, Interesting)
Anonymity was never a feature. Whoever thought that didn't read the bitcoin summary. ;) You not only know where it came from, you know where it has been, too.
The only reason it is popular is that governments didn't have tracking in place so it gained popularity as a currency for drug purchases. They do now have that tracking in place, however, so that ship sailed.
I think the paranoid anti-government crowd are just not good enough at comprehension to know what they're saying or why. They heard that bitcoin was anti-government, so they decided it must be full of magical anonymous unicorns with anonymous rainbow farts.
Re: (Score:1, Insightful)
No,
Bitcoins is an improvement in that it is centralized and the government can't prevent the transfer of coins. A government might say it is illegal to receive/spend/use bitcoins, but there is and always has been an underground economy that has ignored such laws. This gives those people the ability to do that in the same way that cash does. The government can easily prevent paypal, master card, etc from allowing people to send money to “lawless” foreign casinos. They can't do that with bitcoins.
Re:Duh (Score:4, Insightful)
They have confiscated enough bitcoins that they can actually track most of the market now, for various reasons that have been explained on slashdot in the bitcoin-related stories.
No noticeable country says that bitcoin is illegal. Barter is legal almost everywhere, so currencies are also legal. And the fact is, when it comes to bitcoin the US Government is a major market participant at this point.
Bitcoin is way less anonymous than US Dollars, there is no question of that. No question at all. So if you're self-identifying as one of the "anti-government types," then yes, that is exactly what I was talking about. You believe something less anonymous to have been a step towards anonymity. You seem to fail to notice that I didn't pass any judgment or present any opinion on if anonymous payment is good or bad. I'm just pointing at the popular set of opinions that contract themselves. I would expect people who really believe in anonymous payment to use only non-electronic payment, at least until there is some sort of central authority that is trusted to maintain anonymity can back an electronic currency. You can't have a fiat currency without trust; you either need a trusted central authority, or the ability to track units of currency back to their original source, as in bitcoin. Lacking those, the most anonymous you can be is with cash, and things like CC cards purchased with cash, gift cards, or even money orders using an unknown alias.
And how can bitcoin be a protest against unjust laws, when bitcoin is legal? That makes no sense at all.
Re: (Score:2)
The point of Bitcoin is to remove control from governments, and to make pseudo-anonymous transactions possible online. Sure, in real life cash is better, but if you want to transact over the internet you need something like Bitcoin.
Notice that I said pseudo-anonymous. An IP address does not identify an individual, it could be a shared connection, free public wifi, a VPN, or Tor. You need to take additional steps to become anonymous, but Bitcoin is still better than a credit card which conveys your name and
Duh (Score:1)
They do not have such tracking in place. If you look at _every_single_ case of bitcoin-related criminals being busted, none of them were found through bitcoin or tor. They're found through stupid mistakes and old-fashioned police work - e.g., people use use the same username on Silk Road and eBay get busted, because they're stupid.
Re: (Score:2)
They should call it an Exhibitionist, not a Crypto, currency.
Re: (Score:1)
Bitcoin is money with metadata.
Would it be more accurate to say: "Bitcoin is cash with metadata"
Re: (Score:1)
It can be as anonymous as you want it to be. Want it to be super anonymous? Transmit the signed transaction in a coffee shop. Nobody knows anything. More anonymous? Transmit the signed transaction from an open wifi access point. Keep in mind that transmitting the transaction does not allow anyone seeing this to do anything with your Bitcoins themselves, since you have the private key.
Re: (Score:1)
Seriously? Most coffee shops I know of have their Wi-Fi either locked down with some username/password info, require a password that changes daily, or require a credit card (a la Tengo.) There has just been too much abuse of open APs, especially where I live. Even the "open" ones try to MITM connections sometimes (interesting how 192.168.168.168 presents a self-signed key presented for Exchange transactions, for example.) If someone did something bad enough, it isn't hard to NSL the camera logs (most sh
Re: (Score:2)
...around here(Asia) finding an open AP is simple as finding apple pie. the wifis are either open or the password is something simple that never changes(phone number of the place usually), there's no way of telling if the person is inside the restaurant either or 50 meters down the street - only the expensive establishments have one time use code systems and such.
also, in most western countries buying a data capable simcard anonymously is easy as pie as well and buying a phone to use it with anonymously is
Re: (Score:2)
In the US most phones don't have interchangeable sim cards, but you can buy a dumb phone with cash for $15-20 at a convenience store, and buy cards there to pay the account.
TOR is encrypted but it isn't anonymous if the government knows about at least n nodes, which they do. And they control a large number that they have seized, it is broadly believed that the NSA owns enough of the nodes to see all the network traffic.
Re: (Score:2)
You won't find many open APs in China, since the official policy there is that all Internet users must be identifiable. Certainly not in cafés or what have you. Generally you have to register for username/password and receive it by email.
What I usually end up doing in such places is flirting with the girl behind the counter until she offers to let me use hers. Unless my wife is with me, of course. ;)
Re: (Score:2)
They don't need a rubber hose, that is for the spooks. Law enforcement can easily just get a court order and you'll turn up at their office with your lawyer and blockchain data.
Re: (Score:1)
What about letting your browser lie about its data when you're doing something nasty and showing real data when you're not? ... and then?
Duh... (Score:2)
What next?!! Water is wet?
Re: (Score:2)
What next?!! Water is wet?
That depends how much scotch its in.
Well... (Score:2, Offtopic)
FUCK SAKE! It was NEVER anonymous (Score:3, Insightful)
Bitcoin was NEVER meant to be anonymous. EVER.
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
I believe there are some extra crypto additions proposed which would make it much more anonymous rather than pseudonymous. I can't find the article off hand though.
Re: (Score:2)
Of course it was meant to be anonymous. Why in Sam Hill would people be using Bitcoins to pay for hit men, drugs, and sex trafficking if it wasn't thought to be anonymous?
Re: (Score:1)
So "crypto-currency" was an abuse of language, or false advertising, or bait-and-switch. Why are libertarians so criminal-minded?
Re: (Score:2)
It's still crypto-currency, although I think "decentralized digital currency" is a better description, since the crypto is really just an implementation detail, not a feature. Crypto is used to validate the integrity of the currency and transactions, not to provide anonymity.
Re: (Score:2)
Because it's trivial to move over borders and easy to launder.
Re: (Score:2)
While some cryptocurrencies under recent development have aimed to provide for more possibility of transaction anonymity for various reasons, the degree to which they succeed—and, in consequence, the degree to which they offer benefits for money laundering efforts—is controversial. [wikipedia.org]
Bold is mine.
Re: (Score:2)
Not sure what the point is. The article is about money laundering, and describes how it's easier to launder digital currencies and how they're controversial because of this.
Bitcoin is at best pseudonymous, each wallet is a pseudonym with a very carefully documented and very public ledger. When the bitcoins are converted to or from hard currency, a trail of that transaction is likely recorded.
Re: (Score:2)
Not sure what the point is.
The point is that Bitcoin was supposed to be anonymous but it isn't.
Then someone says, "But wait ... it wasn't meant to be anonymous, it was meant to launder money."
Guess what's needed for laundering money that Bitcoin doesn't have?
Re: (Score:1)
IP address != person
Maybe in less than 1% of cases. All the rest of the time, the only one using the IP address is the person who pays for the internet access.
So it's reasonable anonymous if you consider your identity.
It's only reasonable if you think shoving your head in the sand gives you reasonably anonymity.
Every single transaction is broadcast to the world (Score:3, Informative)
And you can absolutely guarantee that the three letter agencies remember every one of them. They can look at who you've made transactions with and usually get a very good idea just from that who you are. I imagine they get more from fronts and hacked/infiltrated organizations. If they need more and you've ever transacted with a commercial entity within their jurisdiction, you are a National Security Letter or local equivalent away from being identified.
This IP address thing is like discovering that the back door is unlocked and open when the front door is secured by a piece of string.
Re: (Score:2)
Re: (Score:1)
Makes sense that you would believe that, being that the Bitcoin "developers" themselves even say so. You know, on their own website (bitcoin.org):
"Some effort is required to protect your privacy with Bitcoin. All Bitcoin transactions are stored publicly and permanently on the network, which means anyone can see the balance and transactions of any Bitcoin address. However, the identity of the user behind an address remains unknown until information is revealed during a purchase or in other circumstances. Thi
Re: (Score:2)
Re: (Score:2)
It's even simpler than that... the IPs are in a limited pool, and are used for all your network transactions during the period. All there needs to be is an IP correlation between the transaction and that check of your GMail account during the same time period, and the IP links the two, flagging who you are. No need to track back through the ISP who was supposed to have that IP at that time (although that's trivial with a warrant too).
Re: (Score:2)
And you can absolutely guarantee that the three letter agencies remember every one of them.
Wait I thought the fundamental point of the blockchain was that everyone remembers every transaction. Isn't this open and the history a fundamental part of bitcoin?
The article is wrong. (Score:3, Insightful)
Apart from the whole "bitcoin is only pseudo-anonymous" anyway, the article is wrong.
The IP you can trace a transaction back to is only the IP of the person that told you about the transaction. So unless you're connected directly to the person that made the transaction on the p2p network you're just getting the IP of the client that told you about it. Even then, you don't know if that is the person making the transaction or someone telling you that the transaction was made.
Bad research by people who should know better.
Re: (Score:2)
Even then there is no way to tell if the transaction is coming from the node you are connected to OR another node that is connecting to it.
In some circumstances it could even be from a node that you are connected to but passed through another node you are connected too.
You have no way of knowing.
Re: (Score:2)
Saying "No way to tell" without stating a reason doesn't advance the discussion.
You first, I say there is no way to tell, if you (or anyone) has a way please tell me.
Re: (Score:2)
The network favors well connected nodes, so you can make it very likely that a client will choose your node to enter the transaction into the network.
So?
You still don't know if the transaction came from that node or is just being passed on by that node.
Re:The article is wrong. (Score:5, Informative)
The IP you can trace a transaction back to is only the IP of the person that told you about the transaction.
Try reading the paper.
The crucial idea is that each client can be uniquely identied by a set of nodes he connects to (entry nodes). We show that this set can be learned at the time of connection and then used to identify the origin of a transaction.
The crucial
idea of our attack is to identify each client by an octet of
outgoing connections it establishes. This octet of Bitcoin
peers (entry nodes) serves as a unique identier of a client
for the whole duration of a user session and will dierenti-
ate even those users who share the same NAT IP address.
We showed that most of these connections can be learned if
the attacker maintains connections to a majority of Bitcoin
servers. Then we show that the transaction propagation
rules imply that the entry nodes will be among the rst
that report the transaction to the attacker. As soon as the
attacker receives the transaction from just 2-3 entry nodes
he can with very high probability link the transaction to a
specic client. Moreover a sequence of successfully mapped
transactions can help the attacker to track dynamic changes
in the entry node set, to keep the client identier fresh. The
cost of the deanonymisation attack on the full Bitcoin net-
work is under 1500 EUR.
/all spelling mistakes are in the original text
clickbait study (Score:3)
I find it hillarious that they so easily conclude tor doesn't fill these gaps because they deem it too easy to break. That right there is some pretty extraordinary claim, I would want to see them do it if its so easy.
I don't think there is any evidence that tor, in this particular use case, is actually so easy to break. So far all evidence is that weaknesses lie in the services behind hidden services, in browsers used to use web based services in particular, and potentially in hidden services themselves.
A bitcoin node transmitting transactions really should be pretty safe, and if they have any evidence to the contrary, that would be much more interesting than their hand waving clickbait claims.
And that killed the whole article (Score:3)
" Moreover, the popular anonymization network "Tor" can do little to guarantee Bitcoin user's anonymity, since it can be blocked easily"....
What does this sentence even mean?
Bitcoin (Litecoin, Maxcoin, *coin (ok, most) ) can use a proxy. This proxy can go through TOR, I2P, 55 VPNs zig-zagging over the globe.
Bitcoin is Anonymous as you don't need to provide your identity. All transactions are however public: visible in the blockchain. It is like imagining a big mess of encrypted emails that everyone hosts on their machines, but you can only read the ones (spend bitcoins from) you have the key for.
Did I mention: you don't need to run a full node, and you can also use an on-line wallet.
Simple recipe:
1. mine some bitcoins
2. get a VPN
3. Use the VPN to get a free email address (google, riseup or else)
4. Use the VPN to get a VPS hosting
5. set up TOR on VPS hosting (hidden service)
6. and/or set up I2P on VPS hosting (eepsite)
7. Install Bitcoin, Litecoin, *Coin on the machine and run a full node through the VPN, TOR, I2P or combination of them
8. Use the VPN, TOR, I2P (or a combination of them) to access the machine where
9. Use the command line interface to send funds
10. Use any of the libraries to write your own web service to talk to the daemons to manage your funds
There ... find the IP where it came from.... found it ?
Rinse, repeat:
1. buy raspberry PI ...
2. buy throw-away anonymous SIM online (through VPN, I2P, TOR, with bitcoins)
3. install TOR, VPN, I2P, solar panel, gsm modem, Bitcoind, *coind on raspberry PI
4. Take a long ride from home where there is still reception, climb a tree/rock/old building/tower. Install it there
Found my IP ?
and so on ...
Or did they mean: if you just run a full node from home and accidentally connect to one of their servers they propagate, they can see where the transaction was coming from the first time ?
bitcoind --printtoconsole
Re: (Score:3)
bitcoin price manipulation (Score:2)
Looks like someone is trying to push the price of bitcoin down again.
Re: (Score:3)
Re: (Score:2)
I'd make some sort of metaphorical comparison, except that when referring to things demonstrating instability my stock phrase is 'up and down like the price of bitcoin.'
What?! (Score:2, Interesting)
Who thought bitcoin was anonymous? It is a detailed, immutable list of transactions... it is downright transparent...
Re: (Score:2)
Re: (Score:2)
This is actually very simple. So simple, in fact, that I'm surprised everybody doesn't already understand it. Electronic anonymity is entirely dependent upon electronic security, and electronic security is inversely proportional to usefulness. Your computer is most secure disassembled in
This has been known for some time actually (Score:2)
1. It offers the same level of anonymitty as posting on a website. They can get your IP address. It solves the problem of paid services that get your full name, address, and a credit card number that can be repeated. So, its actually possible to charge money for a service that respects your privacy, instead of having to rely on free anonymous services, which will become unfeasiable at scale. Eit
Re: (Score:2)
Use your damn head (Score:1)