Topic: Two researchers from University College Dublin investigate the the 500K theft. - page 2. (Read 4237 times)

Thank you for the study.  Nice chart porn!  You're right about the definition of "anonymous" being the key. 

No one has yet volunteered to be an expert witness for the plaintiffs in any court for the allinvain larceny or the mybitcoin class action, despite this being worth tens of thousands of dollars.  Gavin has even said in these forums that he doesn't want to be involved in helping the police or private investigators find or target individual users of the bitcoin client.  Thinks it would be unethical. 

In my experience it always kills these "bitcoin is not anonymous" discussion to point out that despite what Garzik, Gavin, and dan kaminsky claim about the lack of anonymity, not one of them has been able to solve a single stolen bitcoin case.  Tens of thousands of dollars just sitting there for the taking if they do, not to mention justice for the victims!

Maybe you can do better ferglar, but I doubt you can do anything beyond expound theory in obtuse academic language either.  If you really can link the mybitcoin coins to forum user names, then out with it!  Do you know who the thieves are, or not.  What is your % degree of certainty and can you be an expert witness?

Great to have you here fergalr, I will be reading your paper.

This is a personal opinion, but I think it is really really not.

Like, there's an issue by what we mean by 'anonymous' - but I certainly wouldn't go about casually using Bitcoin for anything I wanted to not be associated with, and assume that my transactions would get lost in the network.

If I was a casual user using the normal Bitcoin clients, over an extended period of time, to buy goods, and sell things, such that I transacted with some other parties, who knew my identity (e.g. they posted me something, or took a credit card payment from me), I would definitely assume that any further bitcoin transactions I did, using a standard client, would be associated with my identity.
Unless I really really took pains to make sure they weren't.


In that sense, its really not anonymous.

While there's a lot of complexity to the exact question of how anonymous it is, for casual users, the message really must be 'this does not hide your actions!'  There are so many pitfalls to walk into.


We didn't set out to.

We also didn't reveal all the different activity we saw among addresses we could identify by their forum names, from this forum, (and the addresses we could definitively link to them) or the addresses of public organisations.  It really is possible to link a lot of different public key addresses, just using the network traffic and transaction histories from the block chain.

There are definitely transactions going on, that are linked, in ways that the users don't think are linked.  No question about that.


Well, it wasn't!
We tried to give an even-handed analysis, highlighting the bits that were and weren't anonymous, and dealing with this subtlety, in the paper.


We had to find a balance in what we released, too - we didn't want to just ship tools allowing various identities to be resolved and tracked, with no warning, because there are some people who probably are counting on the anonymity that they don't really have.  This makes it harder to prove our point; that's ok.



Look at the SVG of the theft that we posted though, on the blog post: 
https://sites.google.com/site/btcanalysis/AllegedTheftBlogVersion.svg?attredirects=0&d=1

We've removed the names of any user accounts in there, but it is clearly showing a lot more detail than you'd expect to easily come out of the block chain. 
The blockexplorer addresses show up on mouseover.


I'll take any questions on this, if there are any (am presuming this forum does e-mail notification <--newbie ; but I'll check back anyway)

Hi there, I'm one of the study authors.



I think you'll find that's really not true; if you read through the (very long) allinvain thread, and note the addresses found, you'll see that they only managed to follow the Bitcoins a couple of hops out from the original theft.

With network analysis tools such as we used, we could follow the Bitcoins much further (many hops out).
We think the fact that the supposedly seperate streams re-converge shows the addresses used were still controlled by a single party, for quite a while after the theft.
None of this was uncovered on the initial thread.



We aren't in the business of exposing thefts, so we didn't go down that road as far as we could.
We think that the graphing, and analysis, that we did, shows its substantially easier to trace these things than we'd have a priori thought possible.

Happy to take any follow up questions.

All this paper did was graph public keys, ultimately achieving nothing. Unless you like pretty pictures, I guess.

Nothing new here, honestly.

That paper was good evidence that Bitcoin is, in fact, actually pretty darn anonymous. After all their analysis, they didn't provide a single piece of personal identifying information about the thief. Not even an IP address!

It's almost like the whole paper was written to prove the counter-point to the paper's title... hmm.

Much of that was figured out in the forum in the days afterwards. They did not do much to expose the theft or anonymity. They only showed it can be graphed and analyzed a little better this way.

http://gizmodo.com/5824503/anonymous-bitcoin-purchases-arent-actually-anonymous

I know people are going to zone in on the attack on anonymity, but ignoring that, given that most of us had knew this anyway, have a look at the white paper, some awesome graphics of the network.

http://arxiv.org/PS_cache/arxiv/pdf/1107/1107.4524v1.pdf