Deanonymizing Tor: Your Bitcoin Transactions May Come Back To Haunt You (wired.com) 74
jwhyche, Slashdot reader #6,192, writes: If you bought some illegal narcotics off Silk Road or even gave money to Wikileaks. Researchers at Qatar University and Hamad Bin Khalifa University have been able to link these transactions with real world identities. They have been able to do this even if the transactions are years old. Their research shows how easy it is to link accounts to these transactions without using any of the tools available to law enforcement like search warrants or subpoenas.
The researchers started with 88 unique bitcoin addresses from Tor hidden services, and then searched 5 billion tweets and 1 million pages on the Bitcoin Talk forum -- ultimately linking 125 unique users to 20 Tor hidden services. "Bitcoin addresses should always be considered exploitable," the researchers conclude, "as they can be used to deanonymize users retroactively."
Their paper is titled "When a Small Leak Sinks a Great Ship: Deanonymizing Tor Hidden Service Users Through Bitcoin Transactions Analysis," and Wired summarizes one of their conclusions. "Even deleting profile information that includes bitcoin addresses may not be enough if a post has been cached or captured by services like the Internet Archive, they point out. 'If you're vulnerable now, you're vulnerable in the future.'"
haunt me again bitcoin...my banker calls me weekly with good news.
Of course he or she does. We all believe you.
Yes, my doctor told me during a house call, while I was getting a coal delivery. Now if you'll excuse me, I need to get some carbon paper for my typewriter.
one-time-use addresses (Score:2)
OTOH bitcoin transactions are inherently traceable, so even if there's no known way to determine who you are at this moment, in the future someone might figure out a way.
Re:one-time-use addresses (Score:5, Interesting)
This stopped working in the current state of Bitcoin, because you pay a fee for the amount of data you use on the blockchain, and the more addresses you accumulate, the more horrible the fees become.
Fees have got so high that addresses with a small balance (somewhere around $15-ish last time I checked, which is crazy) are effectively lost, because the fee is higher than the amount stored in the address.
The problem compounts for paying people. If I want to send you $15, I may have to spend somewhere around $15 in fees to do so, costing me a total of $30. At the end of this you will have an address with $15 worth on it, but which can't be actually spent, so I paid you, but you have effectively nothing anyway. At this point either you bump your prices, or try to consolidate your accounts through a very low fee transaction that might or not get processed, and that may take a week or so.
TL;DR: The modern bitcoin is completely useless as a payment system, and only remains of interest to people who hoard it and hope the price will rise. I expect it to crash and burn eventually as the realization sets in that it's not good for anything anymore except as a kind of gambling system.
Those people interested in something that approximates a currency can go with Bitcoin Cash, which is a fork that's far more in line with what Bitcoin used to be, or something else like Ethereum.
True, but that only makes the problem worse. The people and companies that accept BTC as payment don't use it as an independent system unrelated to everything else, but as something that converts to USD.
So if the minimum fee is 0.001 BTC, at $1/BTC that amounts to nothing, and at $10K/btc it's now $10 USD.
Bitcoin has a 1MB block size limit, which means people are also competing to get their transactions accepted by the network. The more competition there is, the higher the minimum fee rises.
Bitcoin also has
But thankfully the minimum fee has never been 0.001 BTC. Some crappy services have charged this, but that isnt what the miners charge unless you have a very edge case UTXO. Take a look at the mempool, its empty. 6 stat/B transactions are getting included in the next block. The fee competition was the result of spam attack. Bitcoin transaction volume hasn't collapsed but the fees did as soon as the spam ended.
TL;DR: The modern bitcoin is completely useless as a payment system, and only remains of interest to people who hoard it and hope the price will rise. I expect it to crash and burn eventually as the realization sets in that it's not good for anything anymore except as a kind of gambling system.
This. I hope it crashes soon, I need a new graphics card and the market is either dry or you pay insane prices. This madness has to stop.
I see the Bitcoin morons are getting more butt-hurt and even more stupid. Excellent. Please continue. And I do hope you never recover economically.
There is also the little problem that manufacturing BC mining-ASICs takes production capacity away from other things and that does affect gfx-card prices and availability. But I expect that argument will fly right over the hollow heads that drive this madness.
If Bitcoin crashes and Monero takes its place, then you haven't even seen what high GPU prices look like yet.
An AC that is desperately envious? Hehehehehehe. You fucked up your life, but I did not.
Those people interested in something that approximates a currency can go with Bitcoin Cash
Yes, let's go with something owned entirely by Chinese miners. No chance of a 51% attack by the Chinese government there.
LOL brand new 6 stat/byte tx's ($0.0069) are getting included in the next block. fees are the lowest they have been for some time now that the spam attack has stopped. Your post demonstrated absolutely zero domain knowledge.
Indeed. Bitcoin is not designed for anonymous payment, just for pseudonymous payment. That is something else entirely. All these people thinking Bitcoin is anonymous have either not bothered finding out any facts or are just kidding themselves. This has basically been known since Bitcoin exists and no expert is the least bit surprised by research results such as this one.
Anonymity must be a primary design goal in a communicating system or it will not be there. Sure, the effort for identifying a person will
so, uh, ... (Score:1)
how come no one can catch these supposed hackers who make off with millions of dollars of coin?
on the other hand i always knew this kind of shit was going to happen so i never used it. only the paranoid survive as andy grove said.
Wait, there's a flaw in your reasoning... what about the theme park and blackjack?
.. vigilante justice
...
Like swatting?
So all this time the NSA could have done that? (Score:1)
US law enforcement considers cyber as one big information only report. Everything is been tracked but no lawyer, human rights group, FOIA is going to find out collect it all methods.
Monero (Score:3)
A have to be reading this wrong. (Score:3)
But is it saying they just searched for idiots that publicly posted their bitcoin address under their real name? Wouldn't that be like tracking down a phone number to it's owner because they stupidly posted it publicly somewhere on the web?
It can't be that simple if it's called research, can it?
Re: (Score:3)
Indeed, but some times the best research is simple research.
But what I took away from the article isn't that they could look up a bunch of idiots that used easy track able information in their transactions. But that if they could do this with little effort, what could a government agency do if they put their mind to it.
Yup, those are two things I conflate all the time (Score:2)
1) Buying illegal narcotics on the Silk Road
2) Giving money to Wikileaks
Re: (Score:3)
It's a reasonably standard English idiom, and extremely common in Slashdot writeups, to use constructions of this form: If [bad thing], or even if [fairly innocent thing], then [bad consequence either way].
Captain Obvious... (Score:1)
Bitcoin is not, and was never intended to be, anonymous. It has always been pretty easy to associate a wallet with a person. Every transaction you make is public record on the Bitcoin blockchain.
Inaccurate Headline (Score:1)
They did not deanonymize *TOR*, the onion router network for anonymizing web traffic. They deanonymized Bitcoin transactions.
Tor != Bitcoin.
