- Woman says Lyft driver tried to kidnap her 6 Years Ago
- Debunking the right-wing conspiracy theories from today’s impeachment hearing Today 4:29 PM
- Maroon 5 approves of the latest TikTok trend Today 3:54 PM
- ‘One month left in the decade’ meme wants to know what you’ve accomplished Today 3:53 PM
- Facebook Pay is the latest way to send your friends money Today 3:31 PM
- Diving into ‘The Mandalorian’s first big shocker Today 3:17 PM
- Disney+ will allow password sharing—to an extent Today 1:12 PM
- Black server says manager refused to discipline coworkers who sent racist receipt Today 12:47 PM
- Who is Jonah Hauer-King, Disney’s new Prince Eric? Today 12:47 PM
- Cut Katherine Langford ‘Avengers: Endgame’ scene lands on Disney+ Today 12:22 PM
- Planned Parenthood app to show abortion-seeking users their nearest options Today 12:21 PM
- ‘The Imagineering Story’ offers touching insight into Walt Disney’s vision Today 11:57 AM
- YouTube mom who was charged with child abuse dead at 48 Today 11:39 AM
- Every Marvel Cinematic Universe movie and show missing from Disney+ (and when they’ll show up) Today 11:35 AM
- HBO Max is planning a ‘Friends’ reunion special Today 11:10 AM
How Bitcoin and Tor fail to obscure your identity
Think you’re a master of Internet stealth? Think again.
Privacy is a big concern for Internet users, not least when, say, they’re smuggling drugs. And as a recent experiment’s shown, two services heavily reliant on the promise of anonymity—the “untraceable” cryptocurrency Bitcoin, which facilitates the online black market Silk Road, and the Tor network, designed to obscure your location and Internet usage—have plenty of vulnerabilities when it comes to protecting identities.
Tor, for its part, was the subject of a study by the U.S. Naval Research Laboratory and Georgetown University called “Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries.” In it, researchers found that the network’s security was even shabbier than previous reports had indicated. Although it uses thousands of relays to prevent traffic analysis, hackers—or “realistic adversaries”—with control of one or more routers can analyze where the traffic enters and exits Tor, using that data to pin down users’ personal details.
The results show that Tor faces even greater risks from traf?c correlation than previous studies suggested. An adversary that provides no more bandwidth than some volunteers do today can deanonymize any given user within three months of regular Tor use with over 50% probability and within six months with over 80% probability. We observe that use of BitTorrent is particularly unsafe, and we show that long-lived ports bear a large security cost for their performance needs. We also observe that the CongestionAware Tor proposal exacerbates these vulnerabilities.
The threat from these potential adversaries pales in comparison to that of state-backed organizations. Not only can the National Security Agency monitor your activity on Tor, but joining the network makes the agency more likely to collect your data, according to leaked documents.
Meanwhile, in a collaborative project from University of California, San Diego and George Mason University, titled “A Fistful of Bitcoins: Characterizing Payments Among Men with No Names,” researchers assessed the possibility of tracking transactions carried out within the peer-to-peer economy.
To accomplish this task, we developed a new clustering heuristic based on change addresses, allowing us to cluster addresses belonging to the same user. Then, using a small number of transactions labeled through our own empirical interactions with various services, we identify major institutions and the interactions between them. Even our relatively small experiment demonstrates that this approach can shed considerable light on the structure of the Bitcoin economy, how it is used, and those organizations who are party to it.
Although our work examines the current gap between actual and potential anonymity, one might naturally wonder—given that our new clustering heuristic is not fully robust in the face of changing behavior—how this gap will evolve over time, and what users can do to achieve stronger anonymity guarantees. We argue that to completely thwart our heuristics would require a signi?cant effort on the part of the user, and that this loss of usability is unlikely to appeal to all but the most motivated users (such as criminals).
What we can say at this point is that much of the so-called Deep Web is not so impenetrable as it aims to be, and time is not on the side of those conducting illegal business in its shadows. But until different methods for laundering money or trading illicit content online emerge, they may have no choice but to risk their anonymity—not to mention freedom—in order to make a buck.
As for the journalists, dissidents, and whistleblowers who rely on such software? They may soon find their troublesome opinions attached to an unfortunate byline.
Miles Klee is a novelist and web culture reporter. The former editor of the Daily Dot’s Unclick section, Klee’s essays, satire, and fiction have appeared in Lapham’s Quarterly, Vanity Fair, 3:AM, Salon, the Awl, the New York Observer, the Millions, and the Village Voice. He's the author of two odd books of fiction, 'Ivyland' and 'True False.'