When A Small Leak Sinks A Great Ship: Deanonymizing Tor Hidden Service Users Through Bitcoin Transactions Analysis

https://arxiv.org/abs/1801.07501

Abstract: With the rapid increase of threats on the Internet, people are continuously seeking privacy and anonymity. Services such as Bitcoin and Tor were introduced to provide anonymity for online transactions and Web browsing. Due to its pseudonymity model, Bitcoin lacks retroactive operational security, which means historical pieces of information could be used to identify a certain user. We investigate the feasibility of deanonymizing users of Tor hidden services who rely on Bitcoin as a payment method by exploiting public information leaked from online social networks, the Blockchain, and onion websites. This, for example, allows an adversary to link a user with @alice Twitter address to a Tor hidden service with private.onion address by finding at least one past transaction in the Blockchain that involves their publicly declared Bitcoin addresses. To demonstrate the feasibility of this deanonymization attack, we carried out a real-world experiment simulating a passive, limited adversary. We crawled 1.5K hidden services and collected 88 unique Bitcoin addresses. We then crawled 5B tweets and 1M BitcoinTalk forum pages and collected 4.2K and 41K unique Bitcoin addresses, respectively. Each user address was associated with an online identity along with its public profile information. By analyzing the transactions in the Blockchain, we were able to link 125 unique users to 20 Tor hidden services, including sensitive ones, such as The Pirate Bay and Silk Road. We also analyzed two case studies in detail to demonstrate the implications of the resulting information leakage on user anonymity. In particular, we confirm that Bitcoin addresses should always be considered exploitable, as they can be used to deanonymize users retroactively. This is especially important for Tor hidden service users who actively seek and expect privacy and anonymity.

Read the PDF for full details.


Comments


[11 Points] enceladu:

Monero user not affected.


[1 Points] _PrinterPam_:

You shills aren't even trying to be sneaky anymore are you. Two of you come on here and post the exact same article within an hour of each other. Here's my reply from your compatriot's thread:

Clearly you're too dumb or too much of a shill for some other currency (XMR, obviously) to have bothered reading the paper. They scanned and collected BTC addresses that people were posting on social networks and other public places (which means the person was already identified) and then monitored those addresses. No technological measure can stop people from shooting themselves in the feet.

If you want to pump monero, then make a monero post and tout it all you want. But slinging dirt at a straw man is just lazy underhandedness.


[2 Points] thcisforme:

.


[2 Points] Vespco:

Social media is the tool they used, as researchers. Needless to say, the reseachers are significnatly less funded and less able to get addresses.

Governments however have access to much more: The NSA, FBI, CIA, IRS, and others can illegally obtain information, can get warrants, and have other complimentary means to find you. This issue of bitcoin resulting in the deanonymization of tor users goes hand in hand with blockchain analysis: they don't need the exact address, they just need to find which addresses are associated with other addresses and from there they can deanonymize tor users. Remember, they can get warrants for coinbase and other services and this information will include your bitcoin addresses, and likely if you've sent to different addresses. If you use bitcoin for casual and illegal purposes, it is very tricky to properly keep ALL the addresses to them fully separate, and in such a way that there isn't some account somewhere that knows a bit too much information.


[1 Points] GirlsDontLikeIce:

Cliffnotes : Don't be stupid and leak your dox.


[1 Points] GirlsDontLikeIce:

Cliffnotes : Don't be stupid and leak your dox.