Pages:
Author

Topic: This is circulating among net-sec specialists... (Read 3153 times)

legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
December 13, 2013, 10:48:35 AM
#22
I meant mining brand new coins, plus whatever transaction fees are there. You don't attempt to pay yourself your own transaction fees, not unless you have lots of hash power.

Brand new coins are clean. Attempting to trace where they came from is going to be difficult, if not impossible as the block could have been relayed by anyone. Or good luck to whoever is tracking where new blocks come from.

Now, if you're part of a mining pool, that's another story. Still possible to be mostly anonymous, as most pools don't ask for any real info. They just want your workers and hash power and take 1% to 2% as pool fee.
legendary
Activity: 2618
Merit: 1007
Exactly, it is not even difficult to do and just not doing it in public (making people aware of the fact that it can be done) does NOT mean in any way that it won't be done in private. Proper blockchain analysis tools would for example have shown pirateat40s scams much earlier or even prevented them.

Bitcoin is not anonymous (even though a lot of people act like it is) and this is increasingly becoming a problem. As said, unless there are proper tools out there that demonstrate to anyone how easily their payment to Wikileaks can be has been traced (this has been done YEARS ago!) there won't be much incentive to make Bitcoin more secure against deanonymisation.

Even ignoring the case that 2 TXINs does not 100% mean that 1 person owns both addresses, just looking at clusters like "Bitstamp customers" or "MtGox customers" will probably have much more data inherent than some people might expect.

Thanks for the link by the way, I took another look at neo4j because of it. Unfortunately there still seems to be no real way for time-coded data in there (I found https://github.com/ccattuto/neo4j-dynagraph/wiki/Representing-time-dependent-graphs-in-Neo4j which maybe even has been used in this project...) which is a pity - a lot of data is strongly time dependent.
sr. member
Activity: 266
Merit: 250
s nobody here seems to be too eager to actually work on things that would bring Bitcoin forward (blockchain analysis for example)
In this context, "bring bitcoin forward" sounds like a euphemism for activities of questionable ethics, like building software tools that would help repressive regimes crack down on dissidents.

As far as I can tell, the willingness of tech people to turn a blind eye to the ways in which their work is used is subsiding a bit.

On the other hand, blockchain analysis tools are the only way to objectively measure, and thus a prerequisite for improving, privacy techniques such as CoinJoin.

Yes, that's the bottom line. It's a very much needed double-edged sword.

That's why I post this. I found it rather strange that it wasn't even mentioned here.

There other should be more of this one and bluemeanie1's; in the open source space.

Every day I get more of a feeling a lot is being done on the private side, outside of the public eye.
legendary
Activity: 1400
Merit: 1013
s nobody here seems to be too eager to actually work on things that would bring Bitcoin forward (blockchain analysis for example)
In this context, "bring bitcoin forward" sounds like a euphemism for activities of questionable ethics, like building software tools that would help repressive regimes crack down on dissidents.

As far as I can tell, the willingness of tech people to turn a blind eye to the ways in which their work is used is subsiding a bit.

On the other hand, blockchain analysis tools are the only way to objectively measure, and thus a prerequisite for improving, privacy techniques such as CoinJoin.
legendary
Activity: 2618
Merit: 1007
Or mine your own coins. All mined coins are clean.
You can just model mined coins having coinbase + fee transactions as inputs, they are as traceable as anything else. If you want to launder coins by paying them to yourself as fees, this will NOT work.

Pirateat40s "GPUMAX"(was it called like that? Anyways, you could buy mining power at pools on the spot for BTC) scheme however seems to have been in quite some demand, and people paid a premium in BTC over mining costs.

"Information from trades" might also mean that someone doing a deposit of 10 BTC at an exchange can NOT do a sell transaction that sold 20 BTC. On the other hand the fiat part of exchanges is not as easily auditable, also exchanges rarely even report if their ticks are from sells or buys.

It looks like a quite interesting concept though, similar to what I had in mind even. As nobody here seems to be too eager to actually work on things that would bring Bitcoin forward (blockchain analysis for example) and rather either cirklejerks about prices in USD or wants to keep the illusion up that mixers even work (even CoinJoin depends upon the fact that YOU don't screw up at any point in time later AND that at least one other person you mixed with does never screw up - also you'll probably only be able to do very few transactions after mixing) I moved on to other fields...
legendary
Activity: 1176
Merit: 1001
Look, an italian doing something great. Glad to read it.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
Crypto only exchanges don't ask for your info. Exchanges that do fiat only need your info if you plan to do fiat deposits or withdrawals. Most crypto casinos also don't ask for any info.

At the risk of losing your coins, you can figure out a simple strategy to mix your coins by going through those.

Or mine your own coins. All mined coins are clean.
sr. member
Activity: 354
Merit: 250
I see nobody has keyed in on the most troubling part of this paper. It's not that entities are performing analytics. It's this:

Quote
BitIodine allows to label users automatically or semi-automatically with information on who they are and what they do, thanks to several web scrapers that incrementally update lists of addresses belonging to known identities, and that connect information from trades recorded in exchanges, thus allowing to trace money entering and exiting the Bitcoin economy.

Just to make sure this point isn't lost, I'm going to emphasize it a bit:

One or more of the major exchanges is handing over what should be considered private customer data to third parties.

I would assume that all major exchanges, or at least the ones that want to stay that way are doing so. Remember, these guys interface with the banking system. Most are trying to comply with AML/KYC, etc. Privacy is dead. Plan accordingly.
sr. member
Activity: 266
Merit: 250
I see nobody has keyed in on the most troubling part of this paper. It's not that entities are performing analytics. It's this:

Quote
BitIodine allows to label users automatically or semi-automatically with information on who they are and what they do, thanks to several web scrapers that incrementally update lists of addresses belonging to known identities, and that connect information from trades recorded in exchanges, thus allowing to trace money entering and exiting the Bitcoin economy.

Just to make sure this point isn't lost, I'm going to emphasize it a bit:

One or more of the major exchanges is handing over what should be considered private customer data to third parties.

I don't know, I wouldn't be so quick to assume that.

It seems to me more like they are able to identify addresses that belong to certain exchanges, and then map the btc coming in with the ones later coming out, or something of the such...
member
Activity: 84
Merit: 10
.
What steps can be taken with BTC and future currencies to stay one step ahead and protect anonymity?
legendary
Activity: 1400
Merit: 1013
I see nobody has keyed in on the most troubling part of this paper. It's not that entities are performing analytics. It's this:

Quote
BitIodine allows to label users automatically or semi-automatically with information on who they are and what they do, thanks to several web scrapers that incrementally update lists of addresses belonging to known identities, and that connect information from trades recorded in exchanges, thus allowing to trace money entering and exiting the Bitcoin economy.

Just to make sure this point isn't lost, I'm going to emphasize it a bit:

One or more of the major exchanges is handing over what should be considered private customer data to third parties.
full member
Activity: 121
Merit: 103
Mixers. Coin Join. Shared wallets.

Eventually, you need proof. "Likely" and "probably" won't cut it. "In the same transaction" is also not proof since it can be proven that different addresses from different owners can sign the same transaction (which is what Coin Join is supposed to be doing.)
the linking can definitely get tenuous, per your comments.

in most cases, someone is going to make a mistake and at least one of those links is going to be legitimate. being able to filter out the legit linkings from the coincidental ones seems like a tough problem.
sr. member
Activity: 266
Merit: 250
Mixers. Coin Join. Shared wallets.

Eventually, you need proof. "Likely" and "probably" won't cut it. "In the same transaction" is also not proof since it can be proven that different addresses from different owners can sign the same transaction (which is what Coin Join is supposed to be doing.)

Well.. think of it as a way of drastically reducing the possibilities.. it's easier from there on..

Anyway, also consider the latest Sheep scam has proven coin mixing is not the ultimate end-all solution for anonymity. Certain conditions have to be met for it work as intended and that is not always possible.

legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
Mixers. Coin Join. Shared wallets.

Eventually, you need proof. "Likely" and "probably" won't cut it. "In the same transaction" is also not proof since it can be proven that different addresses from different owners can sign the same transaction (which is what Coin Join is supposed to be doing.)
sr. member
Activity: 280
Merit: 257
bluemeanie
In case anyone's interested. I haven't found a mention of it in the forum.

http://miki.it/articles/papers/#bitiodine

I wrote a quick Bitcoin Block Chain Graph DB importer(uses Neo4j).  You can do most data mining operations with this basic data set.

https://github.com/BlueMeanie/bitcoingraphdb

-bm
hero member
Activity: 518
Merit: 500
Wow they show a wallet with $6m in BTC held by the CryptoLocker ransomware group.

That's not a  bad haul considering ....... and it could well be worth a lot more this time next year presuming the FBI doesn't seize it somehow.
sr. member
Activity: 266
Merit: 250
Wow they show a wallet with $6m in BTC held by the CryptoLocker ransomware group.

Looks like most people are not too keen on paying ransoms Smiley
hero member
Activity: 900
Merit: 1014
advocate of a cryptographic attack on the globe
Wow they show a wallet with $6m in BTC held by the CryptoLocker ransomware group.
sr. member
Activity: 266
Merit: 250
I'm sure various governments are already "all over" bitcoin forensics, they just don't tell us  Wink

No doubt about that.

Here's the underlying thesis:
http://miki.it/thesis

And the presentation:
http://miki.it/pdf/BitIodine_presentation.pdf
Pages:
Jump to: