Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researcher Spots a Drug Buy In Bitcoin's Blockchain

Posted by timothy on from the press-one-if-you-have-used-our-system-before dept.

Sparrowvsrevolution writes "It should come as no surprise to Bitcoin users that despite the pseudonymity the cryptocurrency offers, its transactions can be tracked. But University of California at San Diego researcher Sarah Meiklejohn proved that privacy problem more clearly than ever by showing a reporter that she could detect a specific point in Bitcoin's blockchain record of transactions where he had spent Bitcoins in exchange for marijuana on the Silk Road, the most popular online Bitcoin-based black market for drugs. To simulate a law enforcement subpoena, the reporter for Forbes began by giving Meiklejohn a Bitcoin address associated with Forbes' account. But with just that information, Meiklejohn was able to draw on a "clustering" analysis she had performed to identify Silk Road addresses and match them with the one used in the .3 BTC drug buy. She admits that a user who took more efforts to obscure his or her Bitcoin address through a laundering service or other unidentified Bitcoin wallets would be harder to track."

20 of 78 comments (clear)

  1. Hey Bud! by Sponge+Bath · · Score: 4, Funny

    All I need are some tasty waves, a cool buzz, anonymous currency and I'm fine. -- Jeff Spicoli

    1. Re:Hey Bud! by Chrisq · · Score: 4, Funny
      let me fix that for you

      All I need are some tasty waves, a cool buzz, anonymous currency and I'm fined. -- Jeff Spicoli

    2. Re:Hey Bud! by Jane+Q.+Public · · Score: 2

      "All I need are some tasty waves, a cool buzz, anonymous currency and I'm fine. -- Jeff Spicoli"

      As the article admits, right at the beginning: an address does not necessarily point to an individual.

      This only shows that somebody using that address made that buy. It's evidence, but not very strong evidence.

      Example: I run an open guest network. Anybody within a square block or even more could have been using my access point to make those transactions.

  2. this is part of the protocol by stewsters · · Score: 4, Insightful

    A cryptocurency where everyone has a record of every transaction can be used to find a transaction between twoknown addresses? Is anyone surprised?

    1. Re:this is part of the protocol by sociocapitalist · · Score: 2

      A cryptocurency where everyone has a record of every transaction can be used to find a transaction between twoknown addresses? Is anyone surprised?

      " the reporter for Forbes began by giving Meiklejohn a Bitcoin address associated with Forbes' account. But with just that information, Meiklejohn was able to draw on a "clustering" analysis she had performed to identify Silk Road addresses"

      They had only the buyer's bitcoin address. The rest was extrapolated.

      This eliminates privacy for any transactions made from a bitcoin account funded via a normal (ie government monitored) bank account, which is one of the main reasons to use bitcoins to start with.

      --
      blindly antisocialist = antisocial
    2. Re:this is part of the protocol by Vintermann · · Score: 2

      Still, they only proved that Forbes had bought something at Silk Road. There are legal things being sold on silkroad too, and anyway the law is not indifferent to whether you bought cocaine or contraband.

      The point at which Forbes would get in trouble, was when law enforcement matched a known purchase on silk road to a shipment to a known address. Bear in mind, they could be on watch for a mysterious package in the mail to Forbes, based on nothing more than what the researched uncovered in this case.

      --
      xkcd is not in the sudoers file. This incident will be reported.
  3. huh? by Anonymous Coward · · Score: 3, Insightful

    He knew the exact time he made the transaction. He knew the amount. He knew other details.

    So, really, wtf?

    I am not going to read the article. This is some sort of fear mongering.

    1. Re:huh? by Trax3001BBS · · Score: 3, Interesting

      He knew the exact time he made the transaction. He knew the amount. He knew other details.

      So, really, wtf?

      I am not going to read the article. This is some sort of fear mongering.

      Ya stupid article (I didn't read it either). They purchase something safe like marijuana then have the balls to say they purchased drugs.
      Buy some Adderall I've seen lots of that for sale on the silk road.

    2. Re:huh? by plover · · Score: 3, Informative

      RTFS. The researcher didn't know any of those details. She was given only a Btc address, and she discovered the rest. The reporter who made the buy was able to confirm that she correctly identified those facts. ( I assume it was a test buy, and the materials turned over to the proper authorities.)

      I don't know if her methods would stand up in a courtroom. They would, however, be enough to put John Law on someone's trail, and possibly enough to seek a warrant.

      --
      John
    3. Re:huh? by fastest+fascist · · Score: 4, Informative

      All the researcher discovered was that the writer had sent funds to Silk Road. The article specifically points out they couldn't tell what, if anything, the bitcoins were used to buy. The headline is sensationalist, to say the least.

  4. Re:If you want drugs... by Thanshin · · Score: 5, Insightful

    Lobby your representatives to make them legal in your state.

    If you have the money required to have a representative, you don't need to follow such small laws.

  5. New addresses by vvaduva · · Score: 4, Interesting

    Just generate a new address whenever you buy illegal things if that's what you are into, or have several wallets that you rotate between to perform your transactions. If you reuse an address over and over again, of course you can be tracked. The safety factor is directly proportional with your ability to understand how this works and how you can be tracked

    1. Re:New addresses by Racemaniac · · Score: 2

      That sounds terrible... if this would become mainstream, that would mean that for 95% of the population using bitcoins safely would be too hard.
      If the system is so unsafe and easily to track if you use it normally, then i don't see where the anonymous claims of bitcoin come from.
      And if you have to create new wallets all the time to be really safe & not trackable, why the hell did they call it a wallet? a wallet is the thing you keep unchanged for years in real life, not something you throw away every day to keep your payments anonymous -_-

  6. Money and drugs by jrumney · · Score: 2

    What would be more interesting is to take a big enough sample so that the proportion of bitcoins that can be traced to drug purchases can be determined. Is it higher or lower than the proportion of US dollar bills with traces of cocaine on them?

  7. Re: Why? by Anonymous Coward · · Score: 2, Insightful

    Idiot. I'd rather someone points out the mistaken assumptions *publicly* than have people live in ignorance. She didn't create the problem, she's just pointing it out. This is straight up full disclosure security. If you have a problem with that, then you haven't been paying attention to security for the past decade.

  8. pseudonymous vs. anonymous by DrYak · · Score: 5, Insightful

    Indeed, you're right: lots of idiots seem not to grasp the difference between "Pseudonymous" and "Anonymous".

    And don't understand the whole purpose of bitcoin (although it's usually clearly stated on all promotionnal material).

    Bitcoin isn't done to be hidden and secret. (Nobody could know about a transaction beyond the two transacting parties). In fact that's the exact opposite: bitcoin are broadcasted widely accross the whole network, so the whole network works as a trusted witness of the transaction and no single malevolent entity could fake or falsify transaction (unless they control at least 51% of the whole network, which is rather difficult due to the computing power deployed by all mining participant).

    Bitcoin simply doesn't dirrectly advertise actual full name and identifications for each transaction, bitcoin simply attaches a (still traceable - and thus most importantly for the whole service - still verifiable) public key to each transaction.

    Bitcoin is done to be *out-of-reach* / *out-of-control*. Yes, it's not impossible to track down the identities behind a transaction. BUT even if government got the names, it can't go and knock at some banks door with order to freeze accounts. There are no accounts, there are no banks. Nobody can't force anything nor falsify anything (at least not without the necessary 51% control mentionned above. Which is currently even out of reach of the NSA). There's no goverment who could suddenly start manipulating exchange rates/inflation/etc.

    Bitcoin has been designed so there's nothing that could be done beyond what the 2 participant of a transaction decide.

    Don't use Bitcoin to hide. Use bitcoin to be the only in charge with what happens with your money.

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
    1. Re:pseudonymous vs. anonymous by Vintermann · · Score: 2

      it is possible to remain "anonymous".

      Not if you buy anything meaningful. If both parties in a trade are fully anonymous, and there is no intermediary, trust cannot exist. Either the buyer can avoid paying for the goods, or the seller can avoid actually delivering them.

      (If I recall correctly, there may be some extremely few information goods which can be securely sold in this manner, namely proofs of hard mathematical statements. Then you can mess around with blind signatures and zero-knowledge proofs. But the most advanced people have managed to get out of that is decentralized mixing services, which is essentially what zerocoin is. Mixing services are economically unsound, so this won't have any impact.)

      Now, if you conduct multiple trades there can be some limited trust (if we overlook the question of why anyone should trust you the very first time). But at that point, you've abandoned anonymity and settled for pseudonymity.

      --
      xkcd is not in the sudoers file. This incident will be reported.
  9. Re:If you want drugs... by dkleinsc · · Score: 4, Informative

    Alternately, if allowed by your state, start organizing citizens to put together a ballot initiative. If the folks in Washington state can do it, so can you.

    In Washington, it actually led to an extremely high voter turnout (pun fully intended). Apparently that's the kind of thing that leads people to actually care about politics.

    --
    I am officially gone from /. Long live http://www.soylentnews.com/
  10. Anonymity by DrYak · · Score: 2

    If the system is so unsafe and easily to track if you use it normally, then i don't see where the anonymous claims of bitcoin come from.

    Actual bitcoin proponent never claimed that it was ANONYMOUS (That would imply a hidden identity). They only mentioned that it is PSEUDONYMOUS. There are clear identities: they are not your actual name, but mainly your public keys. These keys are still traceable and thus - and that's the most important part for the whole service to work as intended - also still verifiable by anyone in the network. Anyone can verify any transaction because all public key and transaction are broadcasted on purpose to the whole network: so malevolent entity could try to falsify or influence or force any transaction. The majority of the network has to check and agree the transaction. A malevolent agent would need to control at least than 51% to outvote and falsify transaction history (which, given how much power is already deployed every where by bitcoin miner, is nearly impossible even to entity like the NSA)

    The only claims actually made about bitcoin by people who understand them is that THEY ARE NOT CONTROLLABLE. No government could do anythin about them. There is no bank with account that could be closed. There is no central bank that could start manipulating currency and inflation by printing more bills. ABSOLUTELY NO CONTROL on the network.
    The bank concept is distributed over the whole network. There's no Credit Card which could refuse your transaction. There's no PayPal which could block your account pending "further random verification process". There's no law enforcement who could decide that your assets must be frozen. There's no government going bankrupt and disturbing monetary equilibrium. Nothing. Exercising any form of control or forgery would require breaking this 51% limit mentioned above, which is beyond the reach of any entity.

    You don't use Bitcoins to be hidden. You use Bitcoin so you and the other guy at the other end of the transaction are the only people in charge with what happens with your transaction, and the whole network is your witness observing, checking and confirming that exactly that took place.

    Bitcoin, thanks to its hashcash mechanism, brings a way in which transaction securely takes place, why no single entity could ever be in control.

    (Also by the way using multiple "accounts" *IS* the normal way and is actually trivial to do from bitcoin software)

    And if you have to create new wallets all the time to be really safe & not trackable, why the hell did they call it a wallet?

    Just for lack of a better word. It's the closest thing that would map a concept to what is actually happening.

    Technically, they are collection of a big number of randomly generated keys holding BTC (=accounts) each collection protected by a password that you need to open (=wallet) before signing transactions and broadcasting it to the whole network.

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  11. Re:wake me up when someone is actually arrested by lxs · · Score: 2

    Good morning. Please press snooze to continue your slumber.