Slashdot Mirror
Bitcoin Is Not Anonymous After All
Taco Cowboy points out a new study that shows it is possible to figure out the IP address of someone who pays for transactions anonymously online using bitcoins. "The Bitcoin system is not managed by a central authority, but relies on a peer-to-peer network on the Internet. Anyone can join the network as a user or provide computing capacity to process the transactions. In the network, the user's identity is hidden behind a cryptographic pseudonym, which can be changed as often as is wanted. Transactions are signed with this pseudonym and broadcast to the public network to verify their authenticity and attribute the Bitcoins to the new owner. In their new study, researchers at the Laboratory of Algorithmics, Cryptology and Security of the University of Luxembourg have shown that Bitcoin does not protect user's IP address and that it can be linked to the user's transactions in real-time. To find this out, a hacker would need only a few computers and about €1500 per month for server and traffic costs. Moreover, the popular anonymization network "Tor" can do little to guarantee Bitcoin user's anonymity, since it can be blocked easily."
Now that hitman I hired to kill my bookie's drug dealer is going to be able to hire a hacker to find me.
Researchers at the Laboratory of Algorithmics, Cryptology and Security of the University of Luxembourg wake up one morning and realize what any high school computer science student would have known.
Only idiots thought it was anonymous.
Anonymity was never a feature. Whoever thought that didn't read the bitcoin summary. ;) You not only know where it came from, you know where it has been, too.
The only reason it is popular is that governments didn't have tracking in place so it gained popularity as a currency for drug purchases. They do now have that tracking in place, however, so that ship sailed.
I think the paranoid anti-government crowd are just not good enough at comprehension to know what they're saying or why. They heard that bitcoin was anti-government, so they decided it must be full of magical anonymous unicorns with anonymous rainbow farts.
What next?!! Water is wet?
By its nature it should be obvious that bitcoin is not truly anonymous. Mod me down if you like, but when you think about it it's easy to see.
Do need more expensive hardware?
Bitcoin was NEVER meant to be anonymous. EVER.
They do not have such tracking in place. If you look at _every_single_ case of bitcoin-related criminals being busted, none of them were found through bitcoin or tor. They're found through stupid mistakes and old-fashioned police work - e.g., people use use the same username on Silk Road and eBay get busted, because they're stupid.
And you can absolutely guarantee that the three letter agencies remember every one of them. They can look at who you've made transactions with and usually get a very good idea just from that who you are. I imagine they get more from fronts and hacked/infiltrated organizations. If they need more and you've ever transacted with a commercial entity within their jurisdiction, you are a National Security Letter or local equivalent away from being identified.
This IP address thing is like discovering that the back door is unlocked and open when the front door is secured by a piece of string.
Quattuor res in hoc mundo sanctae sunt: libri, liberi, libertas et liberalitas.
Exactly, and this is the reason why I never believed that Bitcoin was truly anonymous.
Apart from the whole "bitcoin is only pseudo-anonymous" anyway, the article is wrong.
The IP you can trace a transaction back to is only the IP of the person that told you about the transaction. So unless you're connected directly to the person that made the transaction on the p2p network you're just getting the IP of the client that told you about it. Even then, you don't know if that is the person making the transaction or someone telling you that the transaction was made.
Bad research by people who should know better.
I find it hillarious that they so easily conclude tor doesn't fill these gaps because they deem it too easy to break. That right there is some pretty extraordinary claim, I would want to see them do it if its so easy.
I don't think there is any evidence that tor, in this particular use case, is actually so easy to break. So far all evidence is that weaknesses lie in the services behind hidden services, in browsers used to use web based services in particular, and potentially in hidden services themselves.
A bitcoin node transmitting transactions really should be pretty safe, and if they have any evidence to the contrary, that would be much more interesting than their hand waving clickbait claims.
"I opened my eyes, and everything went dark again"
Yes an ip will change or can change. Unless the ISP gives the details of that user. Who can request that?
Domestic spying is now "Benign Information Gathering"
" Moreover, the popular anonymization network "Tor" can do little to guarantee Bitcoin user's anonymity, since it can be blocked easily"....
What does this sentence even mean?
Bitcoin (Litecoin, Maxcoin, *coin (ok, most) ) can use a proxy. This proxy can go through TOR, I2P, 55 VPNs zig-zagging over the globe.
Bitcoin is Anonymous as you don't need to provide your identity. All transactions are however public: visible in the blockchain. It is like imagining a big mess of encrypted emails that everyone hosts on their machines, but you can only read the ones (spend bitcoins from) you have the key for.
Did I mention: you don't need to run a full node, and you can also use an on-line wallet.
Simple recipe:
1. mine some bitcoins
2. get a VPN
3. Use the VPN to get a free email address (google, riseup or else)
4. Use the VPN to get a VPS hosting
5. set up TOR on VPS hosting (hidden service)
6. and/or set up I2P on VPS hosting (eepsite)
7. Install Bitcoin, Litecoin, *Coin on the machine and run a full node through the VPN, TOR, I2P or combination of them
8. Use the VPN, TOR, I2P (or a combination of them) to access the machine where
9. Use the command line interface to send funds
10. Use any of the libraries to write your own web service to talk to the daemons to manage your funds
There ... find the IP where it came from.... found it ?
Rinse, repeat:
1. buy raspberry PI ...
2. buy throw-away anonymous SIM online (through VPN, I2P, TOR, with bitcoins)
3. install TOR, VPN, I2P, solar panel, gsm modem, Bitcoind, *coind on raspberry PI
4. Take a long ride from home where there is still reception, climb a tree/rock/old building/tower. Install it there
Found my IP ?
and so on ...
Or did they mean: if you just run a full node from home and accidentally connect to one of their servers they propagate, they can see where the transaction was coming from the first time ?
bitcoind --printtoconsole
Looks like someone is trying to push the price of bitcoin down again.
To be perfectly fair, computer science has a lot of things that "any student can tell you are true" that have not been proven to be true, and the difference is a really big deal in academia (where a significant portion of your job is proving things and publishing the paper explaining the proof).
For example P!=NP is widely believed, highly intuitive, and the bases for some high profile algorithms (cryptography) but has never been proven.
So you're saying that a protocol which requires you to digitally sign each and every transaction to which you are a party, and all of whose transactions are stored in a distributed public ledger isn't anonymous?
MY GOD WHY WASN"T I TOLD!>?@
Step 1) Run a node with custom code to never blacklist tor nodes.
Step 2) Get attacked by clowns in mostly mitigatable ways.
Step 3) Wait for someone to sell/use in court an ip-to-wallet list.
Step 4) Profit and laugh with civil suits and criminal hacking charges.
What is discussed in the paper is an order of magnitude worse than what Aaron Swartz did.
Don't trust anything coming from the Luxembourg "University".
It's basically a highschool and the government decided hey let's put a "UNI" sign in front of it so we have one too for bragging rights.
It's even simpler than that... the IPs are in a limited pool, and are used for all your network transactions during the period. All there needs to be is an IP correlation between the transaction and that check of your GMail account during the same time period, and the IP links the two, flagging who you are. No need to track back through the ISP who was supposed to have that IP at that time (although that's trivial with a warrant too).
Who thought bitcoin was anonymous? It is a detailed, immutable list of transactions... it is downright transparent...
So tumble your coins, it's not hard.
Makes sense that you would believe that, being that the Bitcoin "developers" themselves even say so. You know, on their own website (bitcoin.org):
"Some effort is required to protect your privacy with Bitcoin. All Bitcoin transactions are stored publicly and permanently on the network, which means anyone can see the balance and transactions of any Bitcoin address. However, the identity of the user behind an address remains unknown until information is revealed during a purchase or in other circumstances. This is one reason why Bitcoin addresses should only be used once. Always remember that it is your responsibility to adopt good practices in order to protect your privacy."
If you ever believed that Bitcoin was anonymous it was either your own fault for not educating yourself on the topic, or the fault of Bitcoin proponents trying to sell it as a risk-free means of buying drugs online. Bitcoin never has been "truly anonymous," it's never been the goal of Bitcoin to be "truly anonymous."
Maybe the real problem with Bitcoin is that the people who obsess over it don't seem to have any clue how it works.
Bitcoin.org is pretty explicit that Bitcoin is not anonymous and that anonymity is very hard.
It's also the case that the user can't fail to notice that tor is broken. If someone DOS attacks tor to try to force you off of it... it's still your decision to abandon your privacy, or not.
It's interesting research, too bad it's sullied by deceptive hype trying to make it out to be more than it is.
1. It offers the same level of anonymitty as posting on a website. They can get your IP address. It solves the problem of paid services that get your full name, address, and a credit card number that can be repeated. So, its actually possible to charge money for a service that respects your privacy, instead of having to rely on free anonymous services, which will become unfeasiable at scale. Either they will include advertising to track you, or mine your data to get funding, either through advertising or clandestine services. funding with BTC, either paid service or donation is no less anonymous than using a website.
2. it offers money, outside the banking system. You can transfer money online without having to go through any third party, especially the banking system and affiliated companies such as paypal. The banking system cannot boycott things it does not like. Nor can anything else for that matter.
Also, masking your IP is not hard. As is concealing the source of transfering BTC. But, because bitcoins are considered monetary instruments, doing so just might be considered "money laundering" which is a pretty serious offense, and its not something I will discuss because
1. I am not offering anyone advice on how to commit such a serious offense
2. I am not willing to do the time for such myself
So someone finds out my IP address buys Dominos pizza every once in a while. Jokes on them because my bitcoind is behind 7 proxies! Even if they break my system, what are they really gaining? They're spending $1800 to find out my occasional eating habits? Good jorb!
Idea is that you can identify first node to broadcast an transaction order and reasonably assume its IP belongs to the issuer of transaction is an old one. And its a valid tactic, but easily defeated. TOR does defeat it. Sending out your transaction order only once(no need to spam it to everyone, it will propagate regardless) does defeat it.
And you can absolutely guarantee that the three letter agencies remember every one of them.
Wait I thought the fundamental point of the blockchain was that everyone remembers every transaction. Isn't this open and the history a fundamental part of bitcoin?
but I don't remember my 5 digit account anymore and don't give enough of a crap about this site to make a new account.
Such a lame place to be for someone who was with slashdot from nearly the beginning...
Thanks fuckers for making a good thing a piece of crap. What programming are you attempting to foist off on people today?
Seriously, anonymity was never expected out of bitcoins; more so, it was expected to be able to track them. If you know who paid who, you can discover if it was a legal payment or not. Also, people worried about privacy: your payments are already known, shared, put into predictive software... you're not losing any privacy by using bitcoin. Licit use of money is more important than supposedly breaching 'rights' that have already been breached by a different source. And to the reporter / poster: please research what you're sharing. News are a very dangerous thing if they're miscommunicated or misused.