Slashdot Mirror
Researcher Spots a Drug Buy In Bitcoin's Blockchain
Sparrowvsrevolution writes "It should come as no surprise to Bitcoin users that despite the pseudonymity the cryptocurrency offers, its transactions can be tracked. But University of California at San Diego researcher Sarah Meiklejohn proved that privacy problem more clearly than ever by showing a reporter that she could detect a specific point in Bitcoin's blockchain record of transactions where he had spent Bitcoins in exchange for marijuana on the Silk Road, the most popular online Bitcoin-based black market for drugs. To simulate a law enforcement subpoena, the reporter for Forbes began by giving Meiklejohn a Bitcoin address associated with Forbes' account. But with just that information, Meiklejohn was able to draw on a "clustering" analysis she had performed to identify Silk Road addresses and match them with the one used in the .3 BTC drug buy. She admits that a user who took more efforts to obscure his or her Bitcoin address through a laundering service or other unidentified Bitcoin wallets would be harder to track."
All I need are some tasty waves, a cool buzz, anonymous currency and I'm fine. -- Jeff Spicoli
A cryptocurency where everyone has a record of every transaction can be used to find a transaction between twoknown addresses? Is anyone surprised?
He knew the exact time he made the transaction. He knew the amount. He knew other details.
So, really, wtf?
I am not going to read the article. This is some sort of fear mongering.
Lobby your representatives to make them legal in your state.
Futurist Traditionalism
Just generate a new address whenever you buy illegal things if that's what you are into, or have several wallets that you rotate between to perform your transactions. If you reuse an address over and over again, of course you can be tracked. The safety factor is directly proportional with your ability to understand how this works and how you can be tracked
What would be more interesting is to take a big enough sample so that the proportion of bitcoins that can be traced to drug purchases can be determined. Is it higher or lower than the proportion of US dollar bills with traces of cocaine on them?
but you're talking about people who also use tor to hide activity from the government
(if you don't understand the irony, you don't know anything about tor's history and original purpose)
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Idiot. I'd rather someone points out the mistaken assumptions *publicly* than have people live in ignorance. She didn't create the problem, she's just pointing it out. This is straight up full disclosure security. If you have a problem with that, then you haven't been paying attention to security for the past decade.
Indeed, you're right: lots of idiots seem not to grasp the difference between "Pseudonymous" and "Anonymous".
And don't understand the whole purpose of bitcoin (although it's usually clearly stated on all promotionnal material).
Bitcoin isn't done to be hidden and secret. (Nobody could know about a transaction beyond the two transacting parties). In fact that's the exact opposite: bitcoin are broadcasted widely accross the whole network, so the whole network works as a trusted witness of the transaction and no single malevolent entity could fake or falsify transaction (unless they control at least 51% of the whole network, which is rather difficult due to the computing power deployed by all mining participant).
Bitcoin simply doesn't dirrectly advertise actual full name and identifications for each transaction, bitcoin simply attaches a (still traceable - and thus most importantly for the whole service - still verifiable) public key to each transaction.
Bitcoin is done to be *out-of-reach* / *out-of-control*. Yes, it's not impossible to track down the identities behind a transaction. BUT even if government got the names, it can't go and knock at some banks door with order to freeze accounts. There are no accounts, there are no banks. Nobody can't force anything nor falsify anything (at least not without the necessary 51% control mentionned above. Which is currently even out of reach of the NSA). There's no goverment who could suddenly start manipulating exchange rates/inflation/etc.
Bitcoin has been designed so there's nothing that could be done beyond what the 2 participant of a transaction decide.
Don't use Bitcoin to hide. Use bitcoin to be the only in charge with what happens with your money.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Yeah and how would the money arrive in that separate address/wallet to be spent on drugs?
Unless you only generate the bitcoins you spend purely by mining (in which case you must have very strong and thus expensive processing/hashing power) at some point bitcoin money needs to be transfered to this wallet before being spent on banned goods.
By using a separate address/wallet (which is nonetheless a good *security* advice, only not an efficient advice to *hide identity*) you only add just on extra step of the chain that an investigator has to trace. As any inverstigator needs the capability to follow steps in the chain ANYWAY in order to investigate bitcoin transaction, you only added a tinybit more work.
If you need actual anonymity, you need one of the various whirlpool implementations which actually are nothing more than a practical implementation of the bitcoin-equivalent of money laundering (mixing it in a such way that track is lost about which money came from where)-
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
If the system is so unsafe and easily to track if you use it normally, then i don't see where the anonymous claims of bitcoin come from.
Actual bitcoin proponent never claimed that it was ANONYMOUS (That would imply a hidden identity). They only mentioned that it is PSEUDONYMOUS. There are clear identities: they are not your actual name, but mainly your public keys. These keys are still traceable and thus - and that's the most important part for the whole service to work as intended - also still verifiable by anyone in the network. Anyone can verify any transaction because all public key and transaction are broadcasted on purpose to the whole network: so malevolent entity could try to falsify or influence or force any transaction. The majority of the network has to check and agree the transaction. A malevolent agent would need to control at least than 51% to outvote and falsify transaction history (which, given how much power is already deployed every where by bitcoin miner, is nearly impossible even to entity like the NSA)
The only claims actually made about bitcoin by people who understand them is that THEY ARE NOT CONTROLLABLE. No government could do anythin about them. There is no bank with account that could be closed. There is no central bank that could start manipulating currency and inflation by printing more bills. ABSOLUTELY NO CONTROL on the network.
The bank concept is distributed over the whole network. There's no Credit Card which could refuse your transaction. There's no PayPal which could block your account pending "further random verification process". There's no law enforcement who could decide that your assets must be frozen. There's no government going bankrupt and disturbing monetary equilibrium. Nothing. Exercising any form of control or forgery would require breaking this 51% limit mentioned above, which is beyond the reach of any entity.
You don't use Bitcoins to be hidden. You use Bitcoin so you and the other guy at the other end of the transaction are the only people in charge with what happens with your transaction, and the whole network is your witness observing, checking and confirming that exactly that took place.
Bitcoin, thanks to its hashcash mechanism, brings a way in which transaction securely takes place, why no single entity could ever be in control.
(Also by the way using multiple "accounts" *IS* the normal way and is actually trivial to do from bitcoin software)
And if you have to create new wallets all the time to be really safe & not trackable, why the hell did they call it a wallet?
Just for lack of a better word. It's the closest thing that would map a concept to what is actually happening.
Technically, they are collection of a big number of randomly generated keys holding BTC (=accounts) each collection protected by a password that you need to open (=wallet) before signing transactions and broadcasting it to the whole network.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
So, you use TOR (I know, NSA yada-yada, just use the latest source and compile yourself ) over a VPN you bought with bitcoins anonymously, with a freshly opened google/yahoo/riseup/whatever account for the store/market/service...
You use your gaming machine to run for a few days to generate the 0.3 BTC/LTC/whatever coin. You run your miner over tor/vpn/i2p through a service that doesn't need a signup.
You create a new wallet and you make one transaction.. over VPN (or VPNs and TOR and/or i2p)
They will see the transaction, but the user will be untraceable..... you can create a new wallet for every buy so a new send address is guaranteed, just move the blockchain (8 gigs) over or mount them over a share.....
No link to financial info, no link to real identity, no link to IP address of physical location. No previous transaction to look at...
Of course, if you are ordering drugs to your home address, then why even bother doing the above... if you just want to buy something privately (e.g. digital goods or services) then you are pretty safe (and paranoid following the above)...
It is like the "NSA can copy your phone contents" .. well, maybe you are using the wrong phone.... email ? probably you shouldn't use gmail/yahoo with your creditcard info and home address there... oh, and force your retarded friends and relatives to install GPG ... how about that for a start :O
take advantage of all these gambling sites, especially those with Texas Hold'em.
New Economic Perspectives
If they had their shit together enough to go out and deal with reality and other humans, they wouldn't need drugs in the first place. But in all seriousness, these are the same idiots that have drugs mailed or FedEx'ed to them and think that they are going to get away with it.
Good morning. Please press snooze to continue your slumber.
Because first you need to know one.
I mean, I wouldn't buy clearly illegal things over the internet, especially from total strangers, because it seems like the potential for getting caught would be pretty high. But I also wouldn't buy these specific illegal things from people I do know, even if I wanted them, because I don't *know* any. And it's not like you can just walk out in the street and yell "hey, anyone know any dealers of illegal narcotics?!", and expect to get any responses other than, if you're lucky, bafflement, or if you're unlucky, cops. :p
I'm pretty sure some bitcoin proponents have claimed that, unless you want to get into No True Scotsman arguments.
We're not speaking ethics or moral or other complex softscience.
It's math and crypto. Either you do understand bitcoin and your opinion matters.
Or you're clueless and could as well be claiming that bitcoin were invented by aliens as a complex plot to hypnotise the president of the wolrd into making homosexuality mandatory.
I am simply saying that nobody who did actually understand how bitcoin work could even honestly claim that bitcoin guarantee true anonymity.
Anonymity was probably claimed by the same kind of miner who constantly ask "will this be better at mining bitcoin than a GPU" whenever some manufacturer release a CPU with a little bit more cores (HINT: no, it doesn't. Bitcoin mining is computation-bound. Ultra massive SIMD like GPU are order of magnitude better than CPU at doing simple repetitive computation. No matter if Xeon Phi has 32 instead of 8 cores. FPGA could be even better. ASICs are the theoretical best. The more silicon you dedicate at the specific task you seek to optimise, the better) or constantly ask for an Scrypt FPGA or ASIC for Litecoins (No, it won't work. Scrypt is memory-bound. Currently GPU are the best option. Not due to computationnal power, but due to massive memory bandwidth. Yes, custom circuitry could go theoretically faster, but FPGA and ASIC aren't the answer. Not because Litecoin is "magically anti-FPGA". But simply because we need to optimise for memory bandwidth).
The same people will probably pretend that bitcoin are magically anonymous, or that bitcoin magically protect them from taxes.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Well actually you could do worse.
If you had almost unlimited computing power, you could generate your own private keys and actually rewrite a "different" bitcoin transaction history. If you control enough hashing power AND bitcoin nodes, you could actually present your version of bitcoin history as the official one and the current one would like a fork attempt.
In theory.
In practice you would probably require a magic virus which turns the whole internet into a giant botnet to pull this stunt.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
What kind of idiot buys drugs over the Internet? That is truly, profoundly, deeply stupid. What kind of sad, pathetic shut-in can't just hand money to an actual human being?
Yeah. Better to buy your weed locally and support your local off the grid economy.
This space unintentionally left blank.
There's nothing to stop a government agency or criminal with a zero-day from taking over those endpoints and monitoring/creating/deleting/hiding any active bitcoin transaction they like.
The fundamental difference between decentralized crypto-currencies like bitcoin and absolutely every other form of currency, is the absence of central control.
Yes the could hack into your computer. But that would *require* hacking into the computer (which nonetheless would also be pretty much illegal under lots of jurisdiction in the absence of a whole mandate paperwork. And even if the likes NSA and co might still be doing it, there are still going for trouble once exposed).
Whereas dollars, euros, yens, swiss francs, etc. and credit cards, debit accounts, etc. can be directly manipulated at the bank level without your involvement, in a completely legal and normal way.
Take the "wallet" metaphore:
- with bitcoins, the only way to do anything would be to steal your wallet. It works as if you had gold coins / precious stones in your wallet.
- with anything else: your card could get blocked *by the credit card company*, your accounts linked to your debit card could be *frozen by the banks*, and the whole value of the bills and coins could get (and in fact are regularly victims of) inflation, devaluation, and other forms of currency manipulation by the central bank (which start printing more bills to get itself out of debt, and similar). All this happens without the wallet ever leaving your possession. All this happening completely outside your scope. At the banks and credit card companies and government. Not because someone illegally broke into something or stole something. Just because that's the way these currencies are organised (with central authorities responsible for them).
That's the fundamental difference.
- classical currencies and transaction are controller by single central authorities. which have complete control over it *by design*. There's always someone responsible for any step.
- distributed crypto-currencies aren't controlled by anyone in particular. the responsibilities are distributed over the whole network. No one has officially any say about it.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]