How Bitcoin and Tor fail to obscure your identity
Privacy is a big concern for Internet users, not least when, say, they’re smuggling drugs. And as a recent experiment's shown, two services heavily reliant on the promise of anonymity—the “untraceable” cryptocurrency Bitcoin, which facilitates the online black market Silk Road, and the Tor network, designed to obscure your location and Internet usage—have plenty of vulnerabilities when it comes to protecting identities.
Tor, for its part, was the subject of a study by the U.S. Naval Research Laboratory and Georgetown University called “Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries.” In it, researchers found that the network’s security was even shabbier than previous reports had indicated. Although it uses thousands of relays to prevent traffic analysis, hackers—or “realistic adversaries”—with control of one or more routers can analyze where the traffic enters and exits Tor, using that data to pin down users’ personal details.
The results show that Tor faces even greater risks from trafﬁc correlation than previous studies suggested. An adversary that provides no more bandwidth than some volunteers do today can deanonymize any given user within three months of regular Tor use with over 50% probability and within six months with over 80% probability. We observe that use of BitTorrent is particularly unsafe, and we show that long-lived ports bear a large security cost for their performance needs. We also observe that the CongestionAware Tor proposal exacerbates these vulnerabilities.
The threat from these potential adversaries pales in comparison to that of state-backed organizations. Not only can the National Security Agency monitor your activity on Tor, but joining the network makes the agency more likely to collect your data, according to leaked documents.
Meanwhile, in a collaborative project from University of California, San Diego and George Mason University, titled “A Fistful of Bitcoins: Characterizing Payments Among Men with No Names,” researchers assessed the possibility of tracking transactions carried out within the peer-to-peer economy.
To accomplish this task, we developed a new clustering heuristic based on change addresses, allowing us to cluster addresses belonging to the same user. Then, using a small number of transactions labeled through our own empirical interactions with various services, we identify major institutions and the interactions between them. Even our relatively small experiment demonstrates that this approach can shed considerable light on the structure of the Bitcoin economy, how it is used, and those organizations who are party to it.
Although our work examines the current gap between actual and potential anonymity, one might naturally wonder—given that our new clustering heuristic is not fully robust in the face of changing behavior—how this gap will evolve over time, and what users can do to achieve stronger anonymity guarantees. We argue that to completely thwart our heuristics would require a signiﬁcant effort on the part of the user, and that this loss of usability is unlikely to appeal to all but the most motivated users (such as criminals).
What we can say at this point is that much of the so-called Deep Web is not so impenetrable as it aims to be, and time is not on the side of those conducting illegal business in its shadows. But until different methods for laundering money or trading illicit content online emerge, they may have no choice but to risk their anonymity—not to mention freedom—in order to make a buck.
As for the journalists, dissidents, and whistleblowers who rely on such software? They may soon find their troublesome opinions attached to an unfortunate byline.