Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bitcoin Is Not Anonymous After All

Posted by samzenpus on from the pulling-back-the-curtain dept.

Taco Cowboy points out a new study that shows it is possible to figure out the IP address of someone who pays for transactions anonymously online using bitcoins. "The Bitcoin system is not managed by a central authority, but relies on a peer-to-peer network on the Internet. Anyone can join the network as a user or provide computing capacity to process the transactions. In the network, the user's identity is hidden behind a cryptographic pseudonym, which can be changed as often as is wanted. Transactions are signed with this pseudonym and broadcast to the public network to verify their authenticity and attribute the Bitcoins to the new owner. In their new study, researchers at the Laboratory of Algorithmics, Cryptology and Security of the University of Luxembourg have shown that Bitcoin does not protect user's IP address and that it can be linked to the user's transactions in real-time. To find this out, a hacker would need only a few computers and about €1500 per month for server and traffic costs. Moreover, the popular anonymization network "Tor" can do little to guarantee Bitcoin user's anonymity, since it can be blocked easily."

6 of 115 comments (clear)

  1. Aw man by Anonymous Coward · · Score: 5, Funny

    Now that hitman I hired to kill my bookie's drug dealer is going to be able to hire a hacker to find me.

  2. It never was by Anonymous Coward · · Score: 3, Insightful

    Only idiots thought it was anonymous.

  3. Duh by Aighearach · · Score: 5, Interesting

    Anonymity was never a feature. Whoever thought that didn't read the bitcoin summary. ;) You not only know where it came from, you know where it has been, too.

    The only reason it is popular is that governments didn't have tracking in place so it gained popularity as a currency for drug purchases. They do now have that tracking in place, however, so that ship sailed.

    I think the paranoid anti-government crowd are just not good enough at comprehension to know what they're saying or why. They heard that bitcoin was anti-government, so they decided it must be full of magical anonymous unicorns with anonymous rainbow farts.

    1. Re:Duh by Aighearach · · Score: 3, Insightful

      They have confiscated enough bitcoins that they can actually track most of the market now, for various reasons that have been explained on slashdot in the bitcoin-related stories.

      No noticeable country says that bitcoin is illegal. Barter is legal almost everywhere, so currencies are also legal. And the fact is, when it comes to bitcoin the US Government is a major market participant at this point.

      Bitcoin is way less anonymous than US Dollars, there is no question of that. No question at all. So if you're self-identifying as one of the "anti-government types," then yes, that is exactly what I was talking about. You believe something less anonymous to have been a step towards anonymity. You seem to fail to notice that I didn't pass any judgment or present any opinion on if anonymous payment is good or bad. I'm just pointing at the popular set of opinions that contract themselves. I would expect people who really believe in anonymous payment to use only non-electronic payment, at least until there is some sort of central authority that is trusted to maintain anonymity can back an electronic currency. You can't have a fiat currency without trust; you either need a trusted central authority, or the ability to track units of currency back to their original source, as in bitcoin. Lacking those, the most anonymous you can be is with cash, and things like CC cards purchased with cash, gift cards, or even money orders using an unknown alias.

      And how can bitcoin be a protest against unjust laws, when bitcoin is legal? That makes no sense at all.

  4. FUCK SAKE! It was NEVER anonymous by Anonymous Coward · · Score: 3, Insightful

    Bitcoin was NEVER meant to be anonymous. EVER.

  5. Re:The article is wrong. by TubeSteak · · Score: 5, Informative

    The IP you can trace a transaction back to is only the IP of the person that told you about the transaction.

    Try reading the paper.

    The crucial idea is that each client can be uniquely identied by a set of nodes he connects to (entry nodes). We show that this set can be learned at the time of connection and then used to identify the origin of a transaction.

    The crucial
    idea of our attack is to identify each client by an octet of
    outgoing connections it establishes. This octet of Bitcoin
    peers (entry nodes) serves as a unique identier of a client
    for the whole duration of a user session and will dierenti-
    ate even those users who share the same NAT IP address.
    We showed that most of these connections can be learned if
    the attacker maintains connections to a majority of Bitcoin
    servers. Then we show that the transaction propagation
    rules imply that the entry nodes will be among the rst
    that report the transaction to the attacker. As soon as the
    attacker receives the transaction from just 2-3 entry nodes
    he can with very high probability link the transaction to a
    specic client. Moreover a sequence of successfully mapped
    transactions can help the attacker to track dynamic changes
    in the entry node set, to keep the client identier fresh. The
    cost of the deanonymisation attack on the full Bitcoin net-
    work is under 1500 EUR.

    /all spelling mistakes are in the original text

    --
    [Fuck Beta]
    o0t!