Topic: Is your Bitcoin address known to surveillance? (Read 390 times)

Well thank you very much. I am looking forward to more feedback and new ideas to improve. Cheers!

This is one of the best places to test new websites
I shared it here to get more feedback and opinions from senior bitcointalk members,
and I think first time that I saw someone talking about your website was in Twitter.

G'day everyone,

Joshua Marriage (@satoshua everywhere) here, the creator of HIBK.

Thanks OP for sharing my site, any chance you remember where you came across it?

Lots of great questions here (most are covered in FAQ on the site) pointing to less-technical users, so let me explain a few things.

How to use HIBK:

1. Paste BTC address
2. Check txs for privacy gotchas
3. Discover obfuscation resources

How HIBK works:

1. Request made to Blockstream's Esplora API to get recent transactions for address
2. Response with JSON data for those transactions from blockchain received
3. Privacy analysis script runs client-side in your browser to find 'privacy gotchas'

Few important technical points:

• HIBK is a static site hosted on Github Pages, so there's no server side processing.
• API requests, responses, and privacy analysis all take place locally in the browser.
• No tracking scripts or any nonsense like that, and everything is open source.

And a few 'marketing' points:

• No reflinks, never will be, at most I'll offer "Surveillance ≠ Sound Money" merch.
• I ran HIBK by BTC privacy OGs like Matt Odell and 6102bitcoin upon publishing.
• I've taken my inspiration from Troy Hunt's amazing Have I Been Pwned.

While on 'marketing'...

• Sousveillance: these links are to block explorers that help you better understand tx privacy
• Mixers and CoinJoins: tools (mostly wallets) that run implementations of privacy protocols
• Chain Hopping: non-KYC exchanges brought to my attention by @notsofast on twitter

I've noticed some confusion around how HIBK would determine whether an address is currently surveilled. That's not my intention, the idea is to help people to learn about 'privacy gotchas' that would lead to their address being "likely known to surveillance." These 'gotchas' are documented in detail by bitcoin privacy pioneer Chris Belcher (he's the dev funded by Human Rights Foundation to build out CoinSwap) on the bitcoin wiki.

Point being, if you're getting sloppy with your bitcoin opsec, chances are you're already known to blockchain surveillance companies. They tend to take a 'catch-all' approach, much like NSA practices popularised by the Snowden revelations. The most alarming thing when it comes to bitcoin, is the immutability of the present, past, and future. Prevention is the best cure and 'privacy gotchas' are the dots that surveillance companies join to eventually find some KYC transaction, or something else unsavoury.

I invite everyone to check the source code and even run the tool with Dev Tools Console open to see what queries are made. No data is stored and there are no connections to databases. The only 'database' as such involved is the bitcoin blockchain, of which I am querying through the Esplora API. That being said, is the reason I have a notice recommending you use a VPN, as I am unaware of what logging may take place at the infrastructure level by GitHub, and further on, by Blockstream.

Keep in mind this is barebones v1 and my hopes are to help publicise the importance of bitcoin privacy, because Surveillance ≠ Sound Money and it doesn't do the "bitcoin as a store of value" narrative any favours. Really appreciate everyone's feedback and my apologies if I haven't touched on your questions/assumptions here, I'll try to hang around and cover any other concerns.

Cheers!

LINKS:

HIBK: https://haveibeenknown.com/
FAQ: https://haveibeenknown.com/faq/
GitHub: https://github.com/satoshua/haveibeenknown (open source and deployed to Github Pages - see 'Environments')
Privacy Analysis: https://github.com/Blockstream/esplora/blob/master/client/src/lib/privacy-analysis.js (this script runs locally in your browser)
Blockstream Block Explorer: https://blockstream.info/
Blockstream's Esplora API docs: https://github.com/Blockstream/esplora/blob/master/API.md
List of non-KYC @notsofast showed me: https://kycnot.me/

Looks like a chain analysis of some sort that can be used by the public. I feel like this was created to counter companies selling their blockchain analysis to governments, private comapnies and exchanges (an example is Chainalysis Inc.)

Actually, it's a good site but they are marketing it wrongly. Basically they are differentiating addresses based on factors such as whether address is used once or more than once, whether output received on change address is used as input along with another address thus establishing connection between three of the addresses. But it doesn't mean you are prone to surveillance unless you specifically send bitcoin to the address which can be linked to your real identity through Centralized Exchanges or any other medium.

While using Bitcoins, user should follow the simple rule - 'One Address, One Transaction'. However, I don't mind receiving more than one inputs on my address if amount received is insignificant because that won't be much danger to my privacy.

I think it depends on who is watching you. For instance if the cops are watching you because of some theft or scam then they will constantly keep an eye on you. Also, since bitcoin is not fully anonymous the cops will be able to trace you and will catch you at some point because they have more access than anybody else.

But it is always better to keep your identity safe on the internet when you are making bitcoin transactions.
To be on the safer side you can use TOR or also create a private VPN if you are tech savvy enough to do so.
This will protect you from hackers or anybody who is keeping an eye on you.

I've tried mine via Tor and got the predictable result that the address is likely known (no wonder as it's publicly listed in my profile as well as in posts for sig campaings from the past). However, the fact that the address is known doesn't mean that it's under surveillance and probably doesn't even mean that it's linked to my real name or something like this (although I haven't been trying to avoid identification, so it's quite possible to do that with solid resources and skills. And similar to Maus0728 I got that link with a very general explanation. All in all, I am not sure if such services are useful to identify if the person is known to authorities or not.

Its good actually for personal good, but not in a way to detect if you are under surveillance because in the first place, tracks doesn't leave hints to who you really are. And going back, I said that it is good for yourself especially if you just want to know what sites or transactions you take since it shows records from block explorer. This is nothing new but a compilation of essential features of the blockchain.

The website does nothing more than aggregating data publicly available to anyone. If someone thinks it will tell you if the USA is watching you, nope. It simply uses different block explorersand web crawlers with basic privacy observation like Esplora, KYCP, Checkbitcoinaddress.com,...

Saying if an address is "known to surveillance" is also the same for the average Joe

For people who is not a big holder provably they will just ignore this thing since the surveyor cannot tract anything since most of the people are selling their BTC whenever they reach it to their personal wallets. But if you are a big volume holder provably you will get alerted for this information since they might use the data's to stole or whatever they can do to penetrate and hack your wallets "just my two cents".

It's obvious that most people don't give a shit about privacy and they would rather sell their asses for few bucks.
This topic is posted for privacy oriented people, and if you don't care about surveillance and privacy please skip this topic and post in some other place.

Don't worry, they won't snoop on you.

If you've used the Have I Been Pwned service which covers email leaks, HBIK is the exact thing, only for Bitcoin address.

I also checked the results and the first 4 links redirects me to [1] https://en.bitcoin.it that gives lecture to a specific issue why the specified bitcoin address that is pasted was compromised. And I think most of the links redirects the user to original services that is known by everyone.

Agreed. But even though that the website is not telling that the pasted address is under surveilance, it might give you a clue that the bitcoin address have been compromised because of address reuse, unconsolidated input etc. which will decrease users privacy.

Sorry not clicking the link, I don't want to give them an idea about my address.
Actually it doesn't really matter for me if my address is under surveillance, I know what I'm doing and I am not afraid my address will be compromise as I don't hold a lot of bitcoin, and I could even bear the risk of losing my money.

I'll let them find my address but I'm not gonna intentionally put my address in a site that says something like that.

You should know that Dash coin is trash that has nothing to do with privacy, and it is very easy to track everything happening on dash chain.
Don't have any illusion that you have any privacy or anonymity with Dash.
Chainalysis is tracking Dash and Zcash, so there is zero advantage compared to Bitcoin.
https://www.coindesk.com/crypto-forensics-firm-chainalysis-adds-tracing-support-for-zcash-dash

Honestly, I don't really care whether my BTC address is under surveillance or not to be perfectly honest unless it is linked to KYC documents that I provided in a particular website.

BTC addresses provide a good degree of anonymity that I am satisfied with. I usually use privacy oriented coins like Dash etc whenever I require a higher degree of anonymity. This is one of the primary reasons why I love conducting financial transactions in the crypto world.

I saw that, and it is explained that this services are used for Chain Hopping, Coinjoins and mixers.
No referral links have been used, I don't see any promotion and author asked for everyone to contribute, as this is still early phase demo mode.
If you know the code you can also check his github link:
https://github.com/satoshua/haveibeenknown

Looking at his github we can see that he is privacy oriented person who also created fungible.cc website:
 

I used one BTC address that is familiar to many on the forum, and what I got as a result is the following :

Source : https://haveibeenknown.com/

Each line of text of course leads to a direct link to a specific service, which can mean two things, or it's about someone wanting to educate users on how to achieve more privacy, or it's just about promoting certain services. It seems to me that given the first two links this is just an attempt to promote some services.

There is no word here on any kind of surveillance, but only about whether someone's public address is known in such a way that it may be associated with the actual identity of the owner.

I found about this website today, so I am still exploring it and that is why I posted in bitcointalk forum to get more information from more experienced members.
Not exactly sure how exactly they find this leaks, but it reminds me to similar websites like have-I-been-pwnd for emails and passwords

I just moved it to bitcoin discussion.

Oh well, looks like mine has some detections.

Interesting link though, just like the HIBP one.