- Who needs glass slippers? This Cinderella cosplayer upgraded with a stunning glass arm 6 Years Ago
- How to check if Yahoo owes you $358 Today 9:25 AM
- How to stream Bears vs. Redskins on Monday Night Football Today 7:00 AM
- What are the best alternatives to the electoral college? Today 6:30 AM
- The best PS4 games you can’t play anywhere else Today 6:00 AM
- How to watch the 2019 Emmy Awards Today 5:00 AM
- How to stream ‘Power’ season 6, episode 5 Today 4:00 AM
- Former developer at software company deletes his code to protest its ties to ICE Saturday 4:21 PM
- A mysterious website is doxing Hong Kong protesters and journalists Saturday 1:44 PM
- The best ‘Skyrim’ followers and how to get them Saturday 1:26 PM
- Why Joel Osteen gets cyberbullied every time Houston floods Saturday 12:40 PM
- How to stream Jets vs. Patriots in Week 3 Saturday 12:39 PM
- 10 indie dating simulator games you should be playing Saturday 12:31 PM
- How to stream Packers vs. Broncos in Week 3 Saturday 12:14 PM
- Saudi crown prince’s former adviser suspended from Twitter Saturday 11:57 AM
How Bitcoin and Tor fail to obscure your identity
Think you’re a master of Internet stealth? Think again.
Privacy is a big concern for Internet users, not least when, say, they’re smuggling drugs. And as a recent experiment’s shown, two services heavily reliant on the promise of anonymity—the “untraceable” cryptocurrency Bitcoin, which facilitates the online black market Silk Road, and the Tor network, designed to obscure your location and Internet usage—have plenty of vulnerabilities when it comes to protecting identities.
Tor, for its part, was the subject of a study by the U.S. Naval Research Laboratory and Georgetown University called “Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries.” In it, researchers found that the network’s security was even shabbier than previous reports had indicated. Although it uses thousands of relays to prevent traffic analysis, hackers—or “realistic adversaries”—with control of one or more routers can analyze where the traffic enters and exits Tor, using that data to pin down users’ personal details.
The results show that Tor faces even greater risks from traf?c correlation than previous studies suggested. An adversary that provides no more bandwidth than some volunteers do today can deanonymize any given user within three months of regular Tor use with over 50% probability and within six months with over 80% probability. We observe that use of BitTorrent is particularly unsafe, and we show that long-lived ports bear a large security cost for their performance needs. We also observe that the CongestionAware Tor proposal exacerbates these vulnerabilities.
The threat from these potential adversaries pales in comparison to that of state-backed organizations. Not only can the National Security Agency monitor your activity on Tor, but joining the network makes the agency more likely to collect your data, according to leaked documents.
Meanwhile, in a collaborative project from University of California, San Diego and George Mason University, titled “A Fistful of Bitcoins: Characterizing Payments Among Men with No Names,” researchers assessed the possibility of tracking transactions carried out within the peer-to-peer economy.
To accomplish this task, we developed a new clustering heuristic based on change addresses, allowing us to cluster addresses belonging to the same user. Then, using a small number of transactions labeled through our own empirical interactions with various services, we identify major institutions and the interactions between them. Even our relatively small experiment demonstrates that this approach can shed considerable light on the structure of the Bitcoin economy, how it is used, and those organizations who are party to it.
Although our work examines the current gap between actual and potential anonymity, one might naturally wonder—given that our new clustering heuristic is not fully robust in the face of changing behavior—how this gap will evolve over time, and what users can do to achieve stronger anonymity guarantees. We argue that to completely thwart our heuristics would require a signi?cant effort on the part of the user, and that this loss of usability is unlikely to appeal to all but the most motivated users (such as criminals).
What we can say at this point is that much of the so-called Deep Web is not so impenetrable as it aims to be, and time is not on the side of those conducting illegal business in its shadows. But until different methods for laundering money or trading illicit content online emerge, they may have no choice but to risk their anonymity—not to mention freedom—in order to make a buck.
As for the journalists, dissidents, and whistleblowers who rely on such software? They may soon find their troublesome opinions attached to an unfortunate byline.
Miles Klee is a novelist and web culture reporter. The former editor of the Daily Dot’s Unclick section, Klee’s essays, satire, and fiction have appeared in Lapham’s Quarterly, Vanity Fair, 3:AM, Salon, the Awl, the New York Observer, the Millions, and the Village Voice. He's the author of two odd books of fiction, 'Ivyland' and 'True False.'