Author

Topic: Reverse-engineer bitcoin transactions (Read 2463 times)

newbie
Activity: 1
Merit: 0
July 09, 2021, 01:24:13 PM
#26
hi Friscon,

Interesting in discussing the reverse engineering of crypto wallets.

I want to be part of it on the business end. I'm not a board person, i found this in a google search.

So I guess I was hoping to find you and I did, so let's talk.

I created an account just to be able to speak with you however, because i'm a new account that didn't go to well.

What's the best way on your end to communicate with each other?

I'll try to keep this tab open in waiting for your reply or message.

Mox
sr. member
Activity: 440
Merit: 250
April 06, 2012, 04:44:08 AM
#25
Fed would have an issue trying to get info from Mt Gox, it is based in Japan. Perhaps I read your OP incorrectly, this did not seem like a service to stress test anonymity, but rather a wholesale outing service that would link identities to bitcoins.
Ah,  I see your point.  Yes, I read OP's intent more as an anonymity testing tool.

Still, LE will be very interested in linking identities to bitcoin addresses already and I wouldn't be surprised if some entity is already working on it.  If that is the case, then your bitcoin transactional habits will eventually be known to LE (or advertisement agencies etc) whether you like it or not.  OP, I think, wants to build a service which will show you how non-anonymous you are (and me, and everyone) so that you can pre-emptively adjust your behaviour to achieve your desired anonymity.  Or so the devs can improve the algorithm, if possible.  Unfortunately the only way for *me* to know how anonymous I am is to know how anonymous *everyone else* is.

How about this: OP trawls the public web (and onionland maybe) and links bitcoin addresses with people, with forum usernames, with PGP keys, etc.  Then trawls the blockchain to build up a map of transactions between addresses, between wallets and between people.  Puts the data on a tor hidden server and you can interrogate the data base for your own bitcoins by signing some appropriate query string with the private key for those bitcoins.  The data returned will simply tell you your ID, if known, addresses/wallets traced to you, and if your transaction partners' IDs are known (but not who they are).
sr. member
Activity: 574
Merit: 250
April 05, 2012, 11:00:01 PM
#24
Fed would have an issue trying to get info from Mt Gox, it is based in Japan. Perhaps I read your OP incorrectly, this did not seem like a service to stress test anonymity, but rather a wholesale outing service that would link identities to bitcoins.

I would still choose not to use, participate or endorse this kind of activity, it doesn't benefit my anonymous use of bitcoin. It will give rise to a lot more laundering schema, and a lot more overhead as people shift coins around to randomize and defeat tracking. A lot of that overhead can be detrimental to the size and velocity of the blockchain.

A opt-in anonymity test? Sure, why not, decent enough idea if folks want to test themselves. A tool that can be used to link user identities and bitcoins without their permission or desire to be linked? No such a desirable thing. I believe a fair number of bitcoin users would prefer that their specific transactional habits remain their own private business.
sr. member
Activity: 312
Merit: 265
April 05, 2012, 05:56:29 PM
#23
I offer programming chops.  My background is math, computer science and 15 years experience coding for $ in scripting languages such as perl and JavaScript.
member
Activity: 98
Merit: 10
April 05, 2012, 04:34:46 PM
#22


Why do you think a programmer would partner with you if this idea is all you have to offer? I mean, what you are proposing isn't exactly ground-breaking or unique and you haven't demonstrated what you would bring to the project. 
sr. member
Activity: 440
Merit: 250
April 05, 2012, 03:32:58 PM
#21
I have to say, I disagree.  Bitcoin can be anonymous *if used correctly*, otherwise it is not.  If this guy wants just to trawl public webpages and categorize publicly available information, then he's not doing anything unlawful.  Of course, if he decides to hack MtGox to get the user<->userid database, well, that'd be different.  And in that sense, he'll be at a disadvantage compared to LE.

All it takes is for just one of the people you trade with to reveal their identity, and that will lead straight to you.  Now if you've passed your received coins through a mixer after *every single transaction*, then maybe they won't be able to associate any one of your transactions with any other.  Otherwise, you're on the hook.  And I'd be willing to bet that unless a majority of users take pains to hide their identity, then just about everyone will be visible to data mining.

I agree with OP - better that something like this be done in the open, so everyone can see how anonymous they are; otherwise everyone is just falling for the usual internet=anonymous delusion.  In fact, perhaps it would be good to offer a bounty to whoever can do the work, and present it as a navigable flow of interconnected and joined addresses and users (where known).  And then - yeah, see what could be done to the protocol to improve anonymity.  Like each block includes a built-in mixer, say.

IIRC there are several requirements for you to remain anonymous:

1. Never mix money from different receiving addresses - i.e. each wallet must have only one receiving address
2. Pass all received money through a mixer
3. Connect to bitcoin (and pools, exchanges etc) only through tor, and give them no personally identifying information.
4. Never publish your bitcoin address
5. Anything else?

Of course, you gotta hope that the mixer op doesn't sell you out. Or else do multiple passes through multiple mixers... losing x% each time.


Frisco- no offense mate, but hugely bad idea in my book. And I will take the signal honor of being the first to opt out of your monitoring or reverse engineering any data whatsoever on any transaction of mine, and if you are found to be doing so, I will pursue remedies available to those who have been illegally wiretapped. Gathering this kind of data and making it available for others to consume without a warrant violates all kinds of interesting laws in a variety of countries and will open you and whatever business model you want to release it under to a staggering amount of liability.
sr. member
Activity: 312
Merit: 265
April 05, 2012, 02:58:00 PM
#20
You can say that it is a bad idea, and I take no offence.  However, the convining argument for me would be that people wouldn't use the service. Are you saying that people will not want to find out how anymous their activity on the bitcoin network is ? I think you haven't said that.

But how is it illegal to build such a system ?  I don't think that you can opt out legally by saying,  "I don't want this bitcoin address to be analyzed". The privacy act does not protect you because I didn't collect any information from you in private.  (The privacy laws will also not protect a person if the Fed decides to find out the name of his mtgox account.)

Are you saying that it is illegal to use public information to determine a person's identity from a purely logical argument?

It is the same as saying that it is illegal to make a crawler bot that scans pages. Google and hundreds of smaller bots do it nightly. More over, the bitcoin data is already on my computer, downloaded by the bitcoin client. Even without web data, by only using bitcoin data, I could make a conclusion that a certain bitcoin address is suspicious.



sr. member
Activity: 574
Merit: 250
April 05, 2012, 02:10:59 PM
#19
Frisco- no offense mate, but hugely bad idea in my book. And I will take the signal honor of being the first to opt out of your monitoring or reverse engineering any data whatsoever on any transaction of mine, and if you are found to be doing so, I will pursue remedies available to those who have been illegally wiretapped. Gathering this kind of data and making it available for others to consume without a warrant violates all kinds of interesting laws in a variety of countries and will open you and whatever business model you want to release it under to a staggering amount of liability.
legendary
Activity: 980
Merit: 1000
April 05, 2012, 02:06:21 PM
#18
couldn't someone unload their coins to an unpublished wallet to cover their tracks?
sr. member
Activity: 312
Merit: 265
April 05, 2012, 02:03:26 PM
#17
Well, even if the source code will be available to which others can contribute, it is the graph database that will become more full with time that will be of value.  Who ever will build the database using their hardware will own it and/or sell it.  So if I do it, I could provide a download of the database for BTC, for those who don't want to use a hosted service.
hero member
Activity: 742
Merit: 500
April 05, 2012, 12:59:45 PM
#16
It's gonna be a website like bitcoinica or mtgox -- you don't see their code, right ? But you use it, and pay commissions.
I think those sites will only survive until someone figures out a decentralized and open way of doing trades.  This is a difficult problem, but people are working on it.
sr. member
Activity: 312
Merit: 265
April 05, 2012, 12:31:53 PM
#15
It's gonna be a website like bitcoinica or mtgox -- you don't see their code, right ? But you use it, and pay commissions.
hero member
Activity: 742
Merit: 500
April 05, 2012, 12:06:53 PM
#14
Open-Source:
The code will not be open-source, and will be hosted on our server.
I don't think the community is going to put much effort in supporting a closed source project that is used to monitor them...
sr. member
Activity: 312
Merit: 265
April 05, 2012, 12:01:06 PM
#13
TOR has nothing to do with it. People publish their donation addresses, and share with others their addresses for payment, and that info is recorded. You have to read the articles I linked if you want more clarification.
newbie
Activity: 42
Merit: 0
April 05, 2012, 11:29:13 AM
#12
Most people who use bitcoins use TOR, making your idea pretty impossible. Plus, if it was programmable by 1 guy in a very shot amount of time, im sure the IRS would have done it already, or at least wont be paying a 3rd party to do it for them.
sr. member
Activity: 312
Merit: 265
April 05, 2012, 11:24:17 AM
#11
If I was a fed troll, do you think I would ever admit it ? And if I wasn't , do you think I could convince you otherwise ? If it helps, I am the creator of online-tip jar.com which accepts bitcoin, and I can put any file or text under that domain -- would that convince you ?

I'm not paying -- I am looking for a programmer partner so that I wouldn't work solo.

Bitcoin is not anonymous:

https://en.bitcoin.it/wiki/Anonymity
http://anonymity-in-bitcoin.blogspot.ca/2011/07/bitcoin-is-not-anonymous.html


More over mtgox requires an ID to wire money, and they will expose it to the Fed if they request it.  If your bitcoin activity passes through mtgox, then it will could potentially identify a path in the overall bitcoin graph.

As I see it, to improve anonymity either the bitcoin protocol has to be changed, although I have no idea how, since the problem lies in the core of the design.

https://bitcointalksearch.org/topic/anonymity-241

Would bitcoin mixing help ? (Exchanging some bitcoins to others) it will but today it is expensive -- 5 percent. If I am going to keep my money in the bitcoin "offshore", I'd want to do it for large amounts, which makes 5 percent crazy amount. Imagine paying $10,000 to for $200,000.

So I would like to be able to check on some website -- how anonymous am I?

Now it is of course possible that IRS will develop their own software to do this, and they will eventually.  We don't want to have anonymity by obscurity. That's like saying that security by obscurity is ok, and we don't need RSA crypto system. I want to know that my money is 100 percent safe.
sr. member
Activity: 574
Merit: 250
April 04, 2012, 09:14:10 PM
#10
One question:

Why?

One observation:

The Government does not pay bounties for tools they feel they need to improve their ability to control the masses, they make their own, then outlaw yours and will punish you for trying to use it.

One suggestion:

Study up on the core concept here before suggesting something as antithetical as this. I cannot conceive that more than a token smattering of the community would care to even consider something so fundamentally evil and contrary to the very existence of bitcoin as an automated system for researching personal ownership and transactional information regarding an anonymous token of value.

One caution:

Boris- you smell like a Fed Troll, you sound like a Fed Troll, and I suspect your walk is pretty Fed Trollish... as such you have just painted a really, really huge target on yourself to have abuse heaped upon you. P'raps a little lurking and studying before dropping a turd in the punchbowl is in order? Otherwise get thee from hence, Foul Troll, your wicked kind is not welcome in this community of good souls.
member
Activity: 87
Merit: 10
COIN SUPPORTER
April 04, 2012, 08:57:33 PM
#9
How do you plan to get the user information other than occasional slipping or announcements or bribery?

If someone truly wishes to be anonymous, they won't use a real name if you try to bribe them. They won't say what the bitcoin address is. And they won't confirm that an address is theirs.

So are you sure it would really work?
member
Activity: 98
Merit: 10
April 04, 2012, 02:38:42 PM
#8
what are you paying?
legendary
Activity: 1099
Merit: 1000
April 04, 2012, 02:30:38 PM
#7
The idea

Project to recover identity of bitcoin users. Scanning web pages for bitcoin addresses, identifying them with people, and also scanning bitcoin transactions to try to reverse engineer which bitcoin address belongs to which person.


Why do it?

The IRS and CRA are gonna develop this inhouse sooner or later. If we do it first, we make money by getting IRS and CRA to pay us for the service, as well as, we will provide a way for Bitcoin users to check how clean are their bitcoins. We will charge BTC to use this service, so we will force CRA and IRS to buy bitcoin as well.


Programming:

I propose to implement the scanning and analyzing in Ruby or Perl.


You are:

Someone who is a good programmer, with time on your hands. Looking to do this in 1 man-month.

Open-Source:
The code will not be open-source, and will be hosted on our server.

What do you think?
Boris

yes, you came with a nice project for the whole community, you may also build a similar app for SR / DEA   Roll Eyes

member
Activity: 61
Merit: 10
April 04, 2012, 02:20:04 PM
#6
I want to stay anonymous with my money.I don't want some govt guy to start snooping around. Thats what drew me to bitcoins. Take away the anonymity and you lose some of the client base for bitcoin unless the protocol becomes more anonymous. Is this a community that values anonymity or one that wants to give it up?
sr. member
Activity: 312
Merit: 265
April 04, 2012, 11:25:29 AM
#5
So, of course 1 man-month will give us something that works, and it will have many loose ends.  We will have to add more sources with time. As the graph database becomes more and more complete, more relationships will surface. 

It is true that if someone doesn't publish their wallet, identifying them is a lot harder.  But it is still possible because the receving address is always the sending address.  You can read more about that on the pages that discuss anonimity of Bitcoin.  In a nutshell, if A, Bi are different people:

B1 -> A
B2 -> A
A  -> B3
A  -> B4

It is possible to identify A if either of B's will slip up and expose the identity of A. 

Another example is that many people who have a donation address A, will have to somehow transfer bitcoin to the address from which they indend to spend it.  This transfer is recorded and can be followed. Even if it is another account in their wallet.

The only way to really hide the link is to exchange your bitcoin to someone elses bitcoin (through OTC or bitcoin laundry). However, matching this info with account info of people can link two two bitcoins and continue following the path.

Perhaps our service will prompt changes to bitcoin protocol to make it more anonymous.

Still looking for a partner.  If you can post this thread in a non-newbie forum, please do it, cause I don't have access.

Boris
sr. member
Activity: 308
Merit: 250
April 04, 2012, 03:13:15 AM
#4
The idea

Project to recover identity of bitcoin users. Scanning web pages for bitcoin addresses, identifying them with people, and also scanning bitcoin transactions to try to reverse engineer which bitcoin address belongs to which person.

This might work for those who use a static address.   So maybe those who accept donations or those who share their data.  But for others who use Bitcoin in the manner it was architected (i.e., new address for each incoming payment), do you think you'll have any clue who they might be?
I support building it.  Some people will change their behavior, and some will not.  It is inevitable, and I think its smart to try to get there first.  Will be watching.
legendary
Activity: 2506
Merit: 1010
April 04, 2012, 12:25:21 AM
#3
The idea

Project to recover identity of bitcoin users. Scanning web pages for bitcoin addresses, identifying them with people, and also scanning bitcoin transactions to try to reverse engineer which bitcoin address belongs to which person.

This might work for those who use a static address.   So maybe this will work for those who accept donations or for those who share their data.

But for others who use Bitcoin in the manner it was architected (i.e., new address for each incoming payment), do you think you'll have any clue who they might be?
hero member
Activity: 812
Merit: 1000
April 03, 2012, 11:40:23 PM
#2
if it can be built in 1 man month, the IRS can build their own version in 14.4 minutes.
sr. member
Activity: 312
Merit: 265
April 03, 2012, 11:36:15 PM
#1
The idea

Project to recover identity of bitcoin users. Scanning web pages for bitcoin addresses, identifying them with people, and also scanning bitcoin transactions to try to reverse engineer which bitcoin address belongs to which person.


Why do it?

The IRS and CRA are gonna develop this inhouse sooner or later. If we do it first, we make money by getting IRS and CRA to pay us for the service, as well as, we will provide a way for Bitcoin users to check how clean are their bitcoins. We will charge BTC to use this service, so we will force CRA and IRS to buy bitcoin as well.


Programming:

I propose to implement the scanning and analyzing in Ruby or Perl.


You are:

Someone who is a good programmer, with time on your hands. Looking to do this in 1 man-month.

Open-Source:
The code will not be open-source, and will be hosted on our server.

What do you think?
Boris
Jump to: