Pages:
Author

Topic: Blockchain Analytics is More of an Art Than Science - page 5. (Read 1362 times)

legendary
Activity: 2268
Merit: 18771
Lol.

They first refused to allow Laurent Salat to audit the code, simultaneously claiming that he was not a qualified expert, but then also claiming that he would steal their source code for OXT, which he runs. Amazing that he is both unqualified and too qualified at the same time.

Now they claim that a literal Bitcoin Core contributor is unqualified? The same people who as we saw earlier in this thread don't understand the different between legacy and segwit addresses and don't even understand the difference between bits and bytes are in no place to pass judgement on anyone, least of all a Bitcoin contributor. They are absolutely desperate that no one sees their code, and learns just how unscientific and deeply flawed it is.

Blockchain analysis is a scam.
copper member
Activity: 2940
Merit: 4101
Top Crypto Casino
Howdy people

The story continues. Let's have more fun about Chainalysis Grin

CHAINALYSIS DENOUNCES BITCOIN CORE CONTRIBUTOR AS “UNQUALIFIED”

Chainalysis attempts to render Bitcoin Core contributor Bryan Bishop as “unqualified” to audit Chainalysis’ source code as the surveillance firm’s own experts stumble cluelessly around the blockchain.

With the justice case US vs. Sterlingov (the mixer Bitcoin Fog), since their software is not accurate, the defense requested the Chainalysis’ source code to be audited.
They don't like this idea! Guess why? It's going to put their business at risk.

So their point is to say Bishop is not qualified. Bishop, who
- is a Bitcoin Core contributor,
- has participated in discussions on
. elliptic curve cryptography,
. ECDSA signature schemes,
. Schnorr signature schemes,
. BLS signature schemes,
. signature aggregation schemes,
. post-quantum cryptography,
. quantum mining,
. scrypt password hashing""

it's like saying your dentist isn't qualified to treat your toothache. Cheesy

Lol.


Yes LOL

Extreme bio hacker


https://www.courtlistener.com/docket/59988850/185/united-states-v-sterlingov/

legendary
Activity: 2268
Merit: 18771
It would be interesting to know how Chainalysis acquire accurate data that has gone through Mixer services?
As with everything else they do - they guess. Their guesses may or may not be accurate, depending on the service used to mix the coins. There are good mixers and bad mixers, Chainalysis have demixed Wasabi coinjoins in the past (which is how the DAO Ethereum hacker was identified), people can leak data via external methods such as browser fingerprints or IP addresses, and so on. Chainalysis are never going to willingly reveal their methods, because then they become easier to defend against.

But as we've seen in this thread the government don't seem to care about accuracy at all, and only care about being given "data" which fits their preconceived conclusions.
legendary
Activity: 3542
Merit: 1965
Leading Crypto Sports Betting & Casino Platform
It would be interesting to know how Chainalysis acquire accurate data that has gone through Mixer services? I can understand that data mining can be very accurate, if they were only dealing with unscrambled inputs and outputs from the Blockchain, but what happens after those tokens go through a Mixer service?

Yes, it is possible to mine through data that were recovered after a Mixer service were shutdown... and if they kept logs, but what happens if you push it through active Mixer services that does not keep any logs? 
legendary
Activity: 2268
Merit: 18771
What do you expect these companies to do
Not exist in the first place!

They obviously aren't going to say no to governments because governments are their biggest customer. They exist precisely for governments, so they can present made up findings filled with inaccuracies as the "evidence" the government wants to prosecute individuals they've decided they want to prosecute, regardless of any actual guilt or wrongdoing.

What should really happen is that blockchain analysis companies go bust and disappear. If we all stopped using centralized exchanges and used bitcoin properly peer to peer as it was designed, that removes a big chunk of their cash flow. And now we need to fight back in courts and prove as we've seen above that their entire analyses are so flawed that no one should take them seriously for any purpose, certainly not for a criminal trial.

If we keep throwing crap at it without giving it a spin first, how will we get to the point that we're eager to achieve?
The point we want to achieve is for everyone to realize blockchain analysis is provably nonsense.
hero member
Activity: 1750
Merit: 589
Such softwares used for tracing addresses only instigate stress on a victim that got scammed or lost their coin. A scam victim, who wants to track the address where he/she sent a transaction, needs to bring evidences; chats, photos and money to the agency that claim to trace blockchain transactions. Most victims end up losing more money added to the lost money. Its existence also gave birth to fraudulent agencies claiming to retrieve lost coins or tracking a scammer; with the slogan, a person that fell for scam can easily fall again. The results always appear differently based on the software used to track an address. If the software can't retrieve the lost coin, why depend on unrealistic results, in the name of tracing a person who may not be behind the crime or scam?
So what are we proposing the victims do should they experience hackings and scammings? Scoff it off and just move on? What if it's massive amounts of money we're talking about, like money that could pay off a mortgage or something, do we still tell them to man up and move on since "they're more likely to spend more money looking for the hacker and the money that was stolen from them rather than just moving on and working to earn that money back? Isn't that a little defeatist and at best even promotive of the heinous acts these hackers do on the daily?

Just cause our current system's crap doesn't mean we can't have people who deserve it be given the access to it, sure there are false positives and all that, but at the end of the day the more we use it the more propensity for improvement. If we keep throwing crap at it without giving it a spin first, how will we get to the point that we're eager to achieve?
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
Blockchain analysis companies are the practice of "being guilty until proven innocent". Living under a state which can put me behind the bars because I might be involved with some activity, with absolutely no scientific evidence is totalitarian. Literally everyone in the blockchain is potentially involved in some illegal activity.

But it's just genius. They've convinced the world that it's needed. A weapon to intrude into people's liberty and having them voluntarily handing it over is just the ultimate weapon.
legendary
Activity: 3066
Merit: 1129
I think it is more about who the customer is. If we are talking about governments, they will not give you a problem to solve, they will give you what solution they want, and you to work your way back from that to find the problem they want to find. So that means it is not going to be that easy to do it, and there will be a lot of people who are not certain about it as well. I know that it is not that simple but it could be done and I think it would be a smart decision to not say no to a government.

What do you expect these companies to do, to go out there and end up saying no to government and risk their entire business? They would bankrupt in a moment as soon as government starts attacking them for not doing what they want them to do.
sr. member
Activity: 700
Merit: 270
Blockchain Analytics is More of an Art Than Science

I am not saying their software is so wrong, but knowing there are false positives, it can be very dangerous.
Even if the false positive rate is only about lets say 0.1%, considering the millions address/transactions being tracked, it can make a lot of dammages.
In example: ""led to unjustified account restrictions and – even worse – land unsuspecting individuals on the radar of law enforcement agencies without probable cause.""

- Hello Chainalysis,
Do you know if your software is accurate?


- I have no scientific evidence for the accuracy.

- Really?

- Really, but clients say so

- Clients, you mean governments lying depending on their agenda?

- Yes



Quote
Chainalysis' head of investigations doesn't seem to have a great understanding of whether her company's flagship software even works.
Quote
Ekeland said Chainalysis’ Reactor is “a black box algorithm” that “relies on junk science.”

Coindesk, the woke media, didn't like the article talking bad about Chainalysis and decided to remove it
Chainalysis>>>Coindesk>>>DigitalCurrencyGroup
so here it is
https://bitcoinmagazine.com/technical/chainalysis-investigations-lead-is-unaware-of-scientific-evidence
You may be interested in Blockchain Analytics is More of an Art Than Science

Going by the article, there are something's I find even offensive, where is been quoted that Elizabeth Bisbee, the head of chainalysis investigations  doesn't seem to have a great understanding of whether her company's flagship software even works.
That's an indictment already on the company, especially considering the fact it is been said that people financial privacy are been violated.
This are serious red flags. Because user's are already given a negative feedback.
legendary
Activity: 3248
Merit: 1402
Join the world-leading crypto sportsbook NOW!
There are various things that sort of work somehow but aren't fully understood by people. One of them is GPT, as far as I know. Some things are understood by the developers, but a lot is like a black box situation, there's no deep understanding on how exactly something picks up patterns that it does, how it acts based on those patterns, etc. But that's kind of okay because linguistic models are known to be faulty, it's common knowledge they should be used with caution and should not be entrusted with decision-making. Blockchain analytics is a different thing if it can be used as evidence in court or affect major decisions on official policies.
I hope that some sort of research can be conducted to assess how often it makes mistakes and what kind of mistakes. For example, fingerprints are largely accurate but not 100%, and some people have been wrongfully convicted because of that. But there's research assessing the percentage of false positive cases, which is around 0.1%. Of course, if there's a chance of mistake, even a small one, I do think that it should mean that a person can't be convicted based on that evidence alone, but if Blockchain analysis actually have a much larger margin of error or if it's impossible to estimate it, it shouldn't be allowed to be used as evidence at all.
legendary
Activity: 2268
Merit: 18771
Absolutely unbelievable some of the revelations made in this document. (https://storage.courtlistener.com/recap/gov.uscourts.dcd.232431/gov.uscourts.dcd.232431.159.1.pdf)

First look at Bisbee's report. Bear in mind that this a report from the head of investigations at Chainalysis:

Quote
The table states that P2SH is “a SegWit address that begins with 3”. That is false.
Quote
The table uses the wrong unit of data when referring to compressed and uncompressed keys. The table uses bits instead of bytes.
Quote
The report states that “The first known Bitcoin Fog transaction where the change is a P2SH-WPKH Segwit address in block 534129: 9a7e1cdb9f68573eaf64ba4f8908ebf05aee932124 6188c1c746a297e8821ffb”. Reviewing this transaction, reveals there is no witness data and no addresses participating in this transaction that are SegWit enabled.
Quote
If RF means RBF, (Replace-by-Fee), then it is important to note that a majority of transactions in the report would never have been able to utilize RBF as it was not present in Bitcoin Core until Bitcoin Core v0.12 which was released November 1st, 2016.
This is a catalogue of incredibly basic errors. These are the kinds of questions which would be asked by newbies on this forum and would be followed by 10 replies within the hour correcting them. This is from the head of investigations, and there is no chance her report was not proof read by a handful of other people in Chainalysis too. How utterly embarrassing for Chainalysis. They have absolutely no idea about the very basics of the thing the claim to be able to track.

And then look at some of the other assumptions that they have made:

Quote
The Government uses this IP address to attribute ownership and control of the Mt. Gox accounts #2 and #3 to Mr. Sterlingov. However, this IP address appears to be a VPN, or a proxy server. That is, any number of entities or persons from anywhere in the world could be using this IP address at any one time.
VPNs/Tor, how they hell to they work? Roll Eyes

Quote
The discovery produced by the Government contains a spreadsheet authored by IRS-CI Devon Beckett, last updated on August 8, 2016. In it, he appears to refer to Chainalysis manipulating the data in this case because it did not fit in to the Government’s preconceived notions.
How very fair and unbiased. Decide their conclusion, then manipulate the data to fit it.

Quote
Mr. Sterlingov’s withdrawal pattern from Bitcoin Fog is entirely consistent with user withdrawals; this is corroborated by the Search Warrant Affidavit signed by IRS-CI Special Agent Leo Rovensky “These withdrawals occurred sporadically and in the same manner as a regular user.” The affidavit goes on to make a leap of logic stating that the likely reason Mr. Sterlingov’s withdrawals match other user withdrawals is that he was trying to obfuscate his ownership.
If your pattern of use is completely average and similar to everyone else's pattern of use, the only explanation is that you are doing it deliberately to obfuscate things, and not, you know, that you are just an average user. What a wild assumption.

An incredible collection of incompetence and ignorance. What a tragedy that so much of this space revolves around the complete hogwash that these scam merchants peddle to governments and centralized exchanges.
copper member
Activity: 2940
Merit: 4101
Top Crypto Casino
Concretely, how the inacuracy is with Chainalysis:

An example with the old mixer Bitcoin Fog

Quote
CipherTrace has found a discrepancy in accuracy of about 64% for the behavioral clustering heuristic

Now let's compare:

Quote
As opposed to behavioral clustering, FindNext heuristics are able to produce false discovery rates of only 0.62% and 0.02%, respectively.

Hold on,

Quote
a non-exhaustive list of errors in Bisbee’s expert report, such as the use of bits instead of bytes leading to incorrect mathematical assumptions as well as multiple apparent incorrect identifications of change addresses. The report further highlights the missing of a number of script types, such as P2PK, P2MS, P2WSH, or P2TR and the incorrect statement that “a SegWit address begins with 3”, which also identifies P2SH addresses

Conclusion:

Quote
“The blockchain forensics and tracing tools used in this case were misused to erroneously conclude that Mr. Sterlingov was the operator of Bitcoin Fog when no such evidence exists on-chain.”

https://bitcoinmagazine.com/technical/chainalysis-the-theranos-of-blockchain-forensics

So you could be thrown into court with false accusations against you. And they will say "the investigation says it's you"
Oh great finding Roll Eyes
Imagine what a government can do if you are a target for them An example with Julian Assange
hero member
Activity: 714
Merit: 1298
Blockchain Analytics is More of an Art Than Science

I am not saying their software is so wrong, but knowing there are false positives, it can be very dangerous.



That is why when building transaction one should operate on the base they know  all his addresses. There is a nice guide ( divided into four sections [1] , [2],[3] and[4]. )which sheds light  on heuristic used by those software. Thus, knowing that heuristic one can develop his own strategy against chainanalysis' clustering technique.
::::::::::::::::::::::::::   ::::::::::::::::::::::::::::  ::::::::::::::::::::::::::::::
[1]. Understanding Bitcoin Privacy with OXT — Part 1/4
[2]. Understanding Bitcoin Privacy with OXT — Part 2/4
[3]. Understanding Bitcoin Privacy with OXT — Part 3/4
[4]. Understanding Bitcoin Privacy with OXT — Part 4/4
full member
Activity: 1540
Merit: 219
When a user opens an account, they enter a user agreement. If the user agreement says that the service can freeze the account and seize funds, then there's no violation of law. If the rules don't mention such cases, then the users should be able to take their money. But most of the time the rules are very detailed and cover all potential cases.

People need to read what they sign.
If people start reading the terms and conditions before signing up on something, the faster we can point out terms that we all agree isn't agreeable towards the consumers. As much as I agree that the services aren't at fault when they do something to the account because it's in their "terms and conditions", we have to also call out those services that put unfair terms and conditions just to use their service, both sides should experience some change.
legendary
Activity: 4424
Merit: 4794
very true alot of people think using a service is a "right" when its not. businesses can ban users for any reason. but that business has to allow the customer to leave with their property(for the unwarranted reason).

When a user opens an account, they enter a user agreement. If the user agreement says that the service can freeze the account and seize funds, then there's no violation of law. If the rules don't mention such cases, then the users should be able to take their money. But most of the time the rules are very detailed and cover all potential cases.

People need to read what they sign.

business policy does not trump law.
a unregulated shady boiler room scam service could put bad terms into agreements to try to make scammed customers not chase their funds.. but a regulated exchange has to follow the regulations and cannot seize funds arbitrarily without a court order.

sometimes although no one likes regulations. its worth reading them. even if its to learn the limits of their powers and thresholds of authority

as for the unregulated scammy shady exchanges.. well the risk is on the customer obviously which is why its best in regulated and unregulated to never leave funds in an exchange eitherway for many reasons, but more so when it comes to unregulated exchanges as you have less legal protections and defenses and less methods to pursue recompense

my common rule is this: if you cant physically find someone your handing funds to, to slap them with a wet fish should they wrong you. dont hand funds to them in the first place
hero member
Activity: 1428
Merit: 513
Payment Gateway Allows Recurring Payments
Such companies track more than what you may think and not only to help an individual ripped off.
It's called data mining. They collect millions stuff.
Big companies like Bitstamp , etoro, and other CEXs are using it. So what do you think they're doing. CEXs provide them a lot of information about their customers trading on their platform.

It's not so different than a data broker.

data mining is such a powerfull industry, people do not realize what can be done with it... against them...
You are totally right; I might not be new to the cryptosphere, but I was new to the use of data and how valuable it is when I started to read about IOT. Because in IOT we value data and read how important it is to make decisions, increase sales, and send proposals to someone who is in need. It's like when your bank balance is low, and then you get to receive some messages from many lenders and other platforms that provide some type of insurance or loan that could help you out when you are broke.

The thing is, once they know you have no money or have money, they will start to advertise their services and products accordingly just to lure you into becoming their customer.

PS: Is it possible that the investigator who knows nothing is just a human error from her side while the system does have a lot of ongoing in that context? Just asking.
legendary
Activity: 3038
Merit: 2162
very true alot of people think using a service is a "right" when its not. businesses can ban users for any reason. but that business has to allow the customer to leave with their property(for the unwarranted reason).

When a user opens an account, they enter a user agreement. If the user agreement says that the service can freeze the account and seize funds, then there's no violation of law. If the rules don't mention such cases, then the users should be able to take their money. But most of the time the rules are very detailed and cover all potential cases.

People need to read what they sign.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
I'm just about 100% sure the 3 letter agencies of the US government have a lot better accuracy in determining what coins belong to who and where they go.

We can be sure of that, given that they have been working on it for at least 10 years, and this was confirmed by someone who had an insight into all that. If we look at the actual volume of their work, which included time, money and specific knowledge, then it is clear how much of a priority this issue was for them.

Companies like Chainalysis are guessing at best. BUT and this is the big BUT if the companies that USE their service are happy and pay on time that is all that Chainalysis (and the others like it) care about.
~snip~

Guessing pays very well today, and that's why many people started to engage in this business. It is obvious that all the companies that pay for their services need some kind of justification for the purpose of disclaimer in order to fight against money laundering and of course the state's enemy number 1 - terrorism.

This is the situation when someone says "based on the collected data, we did not think that we should take any actions to prevent...", and I guess that's exactly what such companies are for.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
I'm just about 100% sure the 3 letter agencies of the US government have a lot better accuracy in determining what coins belong to who and where they go.
Companies like Chainalysis are guessing at best. BUT and this is the big BUT if the companies that USE their service are happy and pay on time that is all that Chainalysis (and the others like it) care about.

It gives them the ability to tell regulators that they did their job the best they could in making sure they did not take any funds in from people or places they should not have.

That's it, over and out. Do you really think that ANY company wants to spend money on a product or service that they did not have to? It's just checking off the box that says we did what we had to do.

-Dave
legendary
Activity: 4424
Merit: 4794
the data which different transaction analysis sites produce is solely based on the credibility of the data provided to them..
for instance chain-analysis is sister companies of several dozen exchanges and services. so they share data about their customers.
this means if they have a customer on exchange A with email X and exchange B with the same email X. they can then try to find coin spend linkages

some crap analysis sites just do taint analysis without CEX/service customer data. so the results are subjective to the data they are given
Pages:
Jump to: