Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Bitcoin Privacy

Deanonymizing Tor: Your Bitcoin Transactions May Come Back To Haunt You (wired.com) 106

jwhyche, Slashdot reader #6,192, writes: If you bought some illegal narcotics off Silk Road or even gave money to Wikileaks. Researchers at Qatar University and Hamad Bin Khalifa University have been able to link these transactions with real world identities. They have been able to do this even if the transactions are years old. Their research shows how easy it is to link accounts to these transactions without using any of the tools available to law enforcement like search warrants or subpoenas.
The researchers started with 88 unique bitcoin addresses from Tor hidden services, and then searched 5 billion tweets and 1 million pages on the Bitcoin Talk forum -- ultimately linking 125 unique users to 20 Tor hidden services. "Bitcoin addresses should always be considered exploitable," the researchers conclude, "as they can be used to deanonymize users retroactively."

Their paper is titled "When a Small Leak Sinks a Great Ship: Deanonymizing Tor Hidden Service Users Through Bitcoin Transactions Analysis," and Wired summarizes one of their conclusions. "Even deleting profile information that includes bitcoin addresses may not be enough if a post has been cached or captured by services like the Internet Archive, they point out. 'If you're vulnerable now, you're vulnerable in the future.'"
This discussion has been archived. No new comments can be posted.

Deanonymizing Tor: Your Bitcoin Transactions May Come Back To Haunt You

Comments Filter:
  • HAHAHAHAHA

  • FWIW you can easily choose a one-time-use bitcoin address to deal with this problem. Some people advocate using a different address for each transaction (for example, if you are selling a lot of things, give each customer a different address, that way you can tell who has paid you).

    OTOH bitcoin transactions are inherently traceable, so even if there's no known way to determine who you are at this moment, in the future someone might figure out a way.
    • by vadim_t ( 324782 ) on Saturday January 27, 2018 @07:54PM (#56017417) Homepage

      This stopped working in the current state of Bitcoin, because you pay a fee for the amount of data you use on the blockchain, and the more addresses you accumulate, the more horrible the fees become.

      Fees have got so high that addresses with a small balance (somewhere around $15-ish last time I checked, which is crazy) are effectively lost, because the fee is higher than the amount stored in the address.

      The problem compounts for paying people. If I want to send you $15, I may have to spend somewhere around $15 in fees to do so, costing me a total of $30. At the end of this you will have an address with $15 worth on it, but which can't be actually spent, so I paid you, but you have effectively nothing anyway. At this point either you bump your prices, or try to consolidate your accounts through a very low fee transaction that might or not get processed, and that may take a week or so.

      TL;DR: The modern bitcoin is completely useless as a payment system, and only remains of interest to people who hoard it and hope the price will rise. I expect it to crash and burn eventually as the realization sets in that it's not good for anything anymore except as a kind of gambling system.

      Those people interested in something that approximates a currency can go with Bitcoin Cash, which is a fork that's far more in line with what Bitcoin used to be, or something else like Ethereum.

      • by gweihir ( 88907 )

        TL;DR: The modern bitcoin is completely useless as a payment system, and only remains of interest to people who hoard it and hope the price will rise. I expect it to crash and burn eventually as the realization sets in that it's not good for anything anymore except as a kind of gambling system.

        This. I hope it crashes soon, I need a new graphics card and the market is either dry or you pay insane prices. This madness has to stop.

        • If Bitcoin crashes and Monero takes its place, then you haven't even seen what high GPU prices look like yet.

      • by PRMan ( 959735 )

        Those people interested in something that approximates a currency can go with Bitcoin Cash

        Yes, let's go with something owned entirely by Chinese miners. No chance of a 51% attack by the Chinese government there.

      • by borcharc ( 56372 ) *

        LOL brand new 6 stat/byte tx's ($0.0069) are getting included in the next block. fees are the lowest they have been for some time now that the spam attack has stopped. Your post demonstrated absolutely zero domain knowledge.

      • This [one-time-use addresses] stopped working in the current state of Bitcoin, because you pay a fee for the amount of data you use on the blockchain, and the more addresses you accumulate, the more horrible the fees become.

        It makes no difference whether you use the same address or a different address. The fee is relative to the transaction size (in bytes); transaction size depends mainly on the number of inputs and outputs; and each time you receive funds, whether to an existing address or a new one, it creates a new output which requires a separate input in the spending transaction. If you make a payment using funds received in five previous transactions to the same address you pay exactly the same fees as you would if it ha

    • by gweihir ( 88907 )

      Indeed. Bitcoin is not designed for anonymous payment, just for pseudonymous payment. That is something else entirely. All these people thinking Bitcoin is anonymous have either not bothered finding out any facts or are just kidding themselves. This has basically been known since Bitcoin exists and no expert is the least bit surprised by research results such as this one.

      Anonymity must be a primary design goal in a communicating system or it will not be there. Sure, the effort for identifying a person will

      • Bitcoin isn't really designed for payments full stop. The design lends itself more as an investment avenue as you can't realistically have a transaction system that takes minutes (or more realistically at the moment hours or days to confirm) and costs significant amounts of money for the privilege of a transaction slower than any of the traditional transfer mechanisms
      • Yeah, bitcoin is a transaction system, not a money laundering system.
  • by Anonymous Coward

    how come no one can catch these supposed hackers who make off with millions of dollars of coin?

    on the other hand i always knew this kind of shit was going to happen so i never used it. only the paranoid survive as andy grove said.

  • And totally coincidentally it's served as a great tool for the NSA to get the international underworld, and terrorist rings, to identify themselves? Though it's inconceivable that anyone could have anticipated this so as to use it as a financial honey trap. It would take oodles of time, lots of resources, and a disregard for cost. ;) https://en.wikipedia.org/wiki/... [wikipedia.org] https://www.youtube.com/watch?... [youtube.com]
    • by AHuxley ( 892839 )
      Yes but tracking is more interesting than telling people how they are been tracked and what to stop doing to avoid been tracked.
      US law enforcement considers cyber as one big information only report. Everything is been tracked but no lawyer, human rights group, FOIA is going to find out collect it all methods.
  • Monero (Score:4, Informative)

    by Plugh ( 27537 ) on Saturday January 27, 2018 @07:45PM (#56017389) Homepage
    Monero [slashdot.org] is where the darknet markets are moving to, away from Bitcoin. The blockchain is itself encrypted, and soon it will be integrated with I2P
    • by Anonymous Coward

      You're still making up imaginary wealth, to devalue the wealth of everybody else (via inflation), and haven't worked a fucking second for it!
      No, the work of sneaking in and stuffing shit into a bag does not qualify. Nor does the work of telling others to do your work for you.

      Meanwhile, we here... the normal people, have actually made something of worth for our money. I created toys that allow children with disabilities to do the exercises that cure them while having a lot of fun and staying motivated. Your

  • by Fly Swatter ( 30498 ) on Saturday January 27, 2018 @07:57PM (#56017433) Homepage

    But is it saying they just searched for idiots that publicly posted their bitcoin address under their real name? Wouldn't that be like tracking down a phone number to it's owner because they stupidly posted it publicly somewhere on the web?

    It can't be that simple if it's called research, can it?

    • by jwhyche ( 6192 )

      Indeed, but some times the best research is simple research.

      But what I took away from the article isn't that they could look up a bunch of idiots that used easy track able information in their transactions. But that if they could do this with little effort, what could a government agency do if they put their mind to it.

    • by PRMan ( 959735 )
      That's exactly what it said. "If you bragged about a transaction amount or address on Twitter or on a Bitcoin forum, we can link you." Wow. However did you do that?
    • by hey! ( 33014 )

      No, the researchers were able to us normal investigative techniques to recover real names. It'd hardly be news if someone's ID was determined because they told the world, would it?

      I've long thought most Bitcoin users are naively confident that Bitcoin by itself protects their identity. This is typical in tech -- people rely too much on the properties of the technology to keep them safe and don't put enough thought into how they use the tech. Even if Bitcoin were technically perfect, every place where yo

  • 1) Buying illegal narcotics on the Silk Road
    2) Giving money to Wikileaks

    • It's a reasonably standard English idiom, and extremely common in Slashdot writeups, to use constructions of this form: If [bad thing], or even if [fairly innocent thing], then [bad consequence either way].

  • by Anonymous Coward

    Bitcoin is not, and was never intended to be, anonymous. It has always been pretty easy to associate a wallet with a person. Every transaction you make is public record on the Bitcoin blockchain.

  • Inaccurate Headline (Score:4, Informative)

    by Anonymous Coward on Saturday January 27, 2018 @09:06PM (#56017663)

    They did not deanonymize *TOR*, the onion router network for anonymizing web traffic. They deanonymized Bitcoin transactions.

    Tor != Bitcoin.

  • with native obfs4 implementation and TOR integration. BOOM!
  • So... what's the takeaway here?
    If you're a criminal, don't advertise on the overnet with the same address you're using for crime?
    Duh.

    I mean, that should be obvious.

  • Okay, let's have a show of hands- who didn't see this coming?

    Anytime anyone claims something is "anonymous" or "untrackable", bet on them being wrong.

    There's nothing that's truly "anonymous" or "untrackable" and yet people keep falling for these absurd claims.

Avoid strange women and temporary variables.

Working...