 |
December 17, 2017, 01:30:39 PM |
|
Hello, Bitcoin / Tor hidden service users,
We are a group of researchers working on user privacy and anonymity in Bitcoin and Tor hidden services. As a part of our code of ethics, we would like to inform the community that the anonymity of certain users of Tor hidden services can be broken. In particular, the below-mentioned deanonymization attack targets Tor hidden service users who (1) use Bitcoin as a payment method, and (2) publicly share their Bitcoin addresses on social media. For example, an adversary can link @user social media account to activities with hidden.onion and deanonymize the user’s identify.
How does the attack work?
To illustrate the deanonymization attack, let us consider Alice, a privacy-savvy user who uses Tor, in the following scenario:
1- Alice uses a browser and creates an online identity @alice with a public profile on social network public.com.
2- Alice uses @alice to make a public post asking for donations to Bitcoin address BA.
3- Alice receives donations through a number of Bitcoin transactions, where BA is used as an output address.
4- Alice uses Tor browser to visit hidden service private.onion that has public Bitcoin address BH.
5- Alice makes a payment BA ---> BH to private.onion using BA as an input address and BH as an output address.
While steps 1--3 involve non-anonymous web browsing and public activities, Alice has some expectations of privacy and anonymity in steps 4--5, given that she is using Tor and Bitcoin. Step 5, however, leaks a piece of information, the transaction BA ---> BH in particular, that can be used by an adversary, Trudy, to link @alice to private.onion, as follows:
1- Trudy crawls public.com on regular basis, storing public user profiles and posts.
2- Trudy crawls hidden services on regular basis, storing accessible onion pages.
3- Trudy parses crawled data on regular basis, searching for Bitcoin addresses.
4- Trudy parses the blockchain on regular basis, searching for transactions between a user and hidden service addresses.
5- Trudy finds Bitcoin address BA on public.com, associated with online identity @alice.
6- Trudy finds Bitcoin address BH on private.onion.
7- Trudy finds transaction BA ---> BH and accordingly links @alice to private.onion.
Unknown to Alice, Trudy can effectively deanonymize Alice’s identity and link her to activities on private.onion using steps 1–7. More importantly, this attack vector is feasible retroactively in the future, starting from the time of the transaction BA ---> BH.
Has this attack been validated?
We have confirmed the feasibility of this attack using a small data sample, and have successfully linked 125 users of Twitter and BitcoinTalk forum to 20 hidden services, including WikiLeaks, Silk Road, and the Pirate Bay. We have reached out to the linked users and informed them about this threat and possible remedies.
I suspect I could be linked. What do I do?
If you suspect you might be an Alice, we recommend that you immediately remove all kinds of personally identifiable information that is associated with your social media accounts or simply delete these accounts all together. Furthermore, as noted by Bitcoin's whitepaper, using a new address for each transaction is the best way to reduce linkability of your transactions. If anonymity is a major concern for you, we recommend that you consider using more secure crypto-currencies, such as Monero or Zcash, which are provably secure.
Yours truly,
Bitcoin/Tor Privacy & Anonymity Research Team
|
