Bitcoin Forum
March 28, 2024, 01:02:50 PM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Two researchers from University College Dublin investigate the the 500K theft.  (Read 4191 times)
YoYa (OP)
Hero Member
*****
Offline Offline

Activity: 809
Merit: 501


Always verify deals with me through my public key!


View Profile WWW
July 25, 2011, 08:10:54 PM
 #1

http://gizmodo.com/5824503/anonymous-bitcoin-purchases-arent-actually-anonymous

I know people are going to zone in on the attack on anonymity, but ignoring that, given that most of us had knew this anyway, have a look at the white paper, some awesome graphics of the network.

http://arxiv.org/PS_cache/arxiv/pdf/1107/1107.4524v1.pdf
The grue lurks in the darkest places of the earth. Its favorite diet is adventurers, but its insatiable appetite is tempered by its fear of light. No grue has ever been seen by the light of day, and few have survived its fearsome jaws to tell the tale.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1711630970
Hero Member
*
Offline Offline

Posts: 1711630970

View Profile Personal Message (Offline)

Ignore
1711630970
Reply with quote  #2

1711630970
Report to moderator
bitrebel
Sr. Member
****
Offline Offline

Activity: 364
Merit: 251


View Profile
July 25, 2011, 08:14:34 PM
 #2

http://gizmodo.com/5824503/anonymous-bitcoin-purchases-arent-actually-anonymous

I know people are going to zone in on the attack on anonymity, but ignoring that, given that most of us had knew this anyway, have a look at the white paper, some awesome graphics of the network.

http://arxiv.org/PS_cache/arxiv/pdf/1107/1107.4524v1.pdf

Much of that was figured out in the forum in the days afterwards. They did not do much to expose the theft or anonymity. They only showed it can be graphed and analyzed a little better this way.

Why does Bitrebel have 65+ Ignores?
Because Bitrebel says things that some people do not want YOU to hear.
evoorhees
Legendary
*
Offline Offline

Activity: 1008
Merit: 1021


Democracy is the original 51% attack


View Profile
July 25, 2011, 09:09:59 PM
 #3

That paper was good evidence that Bitcoin is, in fact, actually pretty darn anonymous. After all their analysis, they didn't provide a single piece of personal identifying information about the thief. Not even an IP address!

It's almost like the whole paper was written to prove the counter-point to the paper's title... hmm.
TraderTimm
Legendary
*
Offline Offline

Activity: 2408
Merit: 1121



View Profile
July 25, 2011, 09:57:11 PM
 #4

All this paper did was graph public keys, ultimately achieving nothing. Unless you like pretty pictures, I guess.

Nothing new here, honestly.

fortitudinem multis - catenum regit omnia
fergalr
Newbie
*
Offline Offline

Activity: 15
Merit: 0


View Profile
August 30, 2011, 11:09:18 PM
 #5

Hi there, I'm one of the study authors.


http://gizmodo.com/5824503/anonymous-bitcoin-purchases-arent-actually-anonymous

I know people are going to zone in on the attack on anonymity, but ignoring that, given that most of us had knew this anyway, have a look at the white paper, some awesome graphics of the network.

http://arxiv.org/PS_cache/arxiv/pdf/1107/1107.4524v1.pdf

Much of that was figured out in the forum in the days afterwards.

I think you'll find that's really not true; if you read through the (very long) allinvain thread, and note the addresses found, you'll see that they only managed to follow the Bitcoins a couple of hops out from the original theft.

With network analysis tools such as we used, we could follow the Bitcoins much further (many hops out).
We think the fact that the supposedly seperate streams re-converge shows the addresses used were still controlled by a single party, for quite a while after the theft.
None of this was uncovered on the initial thread.


They did not do much to expose the theft or anonymity. They only showed it can be graphed and analyzed a little better this way.

We aren't in the business of exposing thefts, so we didn't go down that road as far as we could.
We think that the graphing, and analysis, that we did, shows its substantially easier to trace these things than we'd have a priori thought possible.

Happy to take any follow up questions.
fergalr
Newbie
*
Offline Offline

Activity: 15
Merit: 0


View Profile
August 30, 2011, 11:24:18 PM
 #6

That paper was good evidence that Bitcoin is, in fact, actually pretty darn anonymous.

This is a personal opinion, but I think it is really really not.

Like, there's an issue by what we mean by 'anonymous' - but I certainly wouldn't go about casually using Bitcoin for anything I wanted to not be associated with, and assume that my transactions would get lost in the network.

If I was a casual user using the normal Bitcoin clients, over an extended period of time, to buy goods, and sell things, such that I transacted with some other parties, who knew my identity (e.g. they posted me something, or took a credit card payment from me), I would definitely assume that any further bitcoin transactions I did, using a standard client, would be associated with my identity.
Unless I really really took pains to make sure they weren't.


In that sense, its really not anonymous.

While there's a lot of complexity to the exact question of how anonymous it is, for casual users, the message really must be 'this does not hide your actions!'  There are so many pitfalls to walk into.

After all their analysis, they didn't provide a single piece of personal identifying information about the thief. Not even an IP address!

We didn't set out to.

We also didn't reveal all the different activity we saw among addresses we could identify by their forum names, from this forum, (and the addresses we could definitively link to them) or the addresses of public organisations.  It really is possible to link a lot of different public key addresses, just using the network traffic and transaction histories from the block chain.

There are definitely transactions going on, that are linked, in ways that the users don't think are linked.  No question about that.

It's almost like the whole paper was written to prove the counter-point to the paper's title... hmm.

Well, it wasn't!
We tried to give an even-handed analysis, highlighting the bits that were and weren't anonymous, and dealing with this subtlety, in the paper.


We had to find a balance in what we released, too - we didn't want to just ship tools allowing various identities to be resolved and tracked, with no warning, because there are some people who probably are counting on the anonymity that they don't really have.  This makes it harder to prove our point; that's ok.



Look at the SVG of the theft that we posted though, on the blog post: 
https://sites.google.com/site/btcanalysis/AllegedTheftBlogVersion.svg?attredirects=0&d=1

We've removed the names of any user accounts in there, but it is clearly showing a lot more detail than you'd expect to easily come out of the block chain. 
The blockexplorer addresses show up on mouseover.


I'll take any questions on this, if there are any (am presuming this forum does e-mail notification <--newbie ; but I'll check back anyway)
someotherguy
Member
**
Offline Offline

Activity: 94
Merit: 10


View Profile
August 30, 2011, 11:39:41 PM
 #7

That paper was good evidence that Bitcoin is, in fact, actually pretty darn anonymous.

This is a personal opinion, but I think it is really really not.

Like, there's an issue by what we mean by 'anonymous' - but I certainly wouldn't go about casually using Bitcoin for anything I wanted to not be associated with, and assume that my transactions would get lost in the network.

If I was a casual user using the normal Bitcoin clients, over an extended period of time, to buy goods, and sell things, such that I transacted with some other parties, who knew my identity (e.g. they posted me something, or took a credit card payment from me), I would definitely assume that any further bitcoin transactions I did, using a standard client, would be associated with my identity.
Unless I really really took pains to make sure they weren't.


In that sense, its really not anonymous.

While there's a lot of complexity to the exact question of how anonymous it is, for casual users, the message really must be 'this does not hide your actions!'  There are so many pitfalls to walk into.

After all their analysis, they didn't provide a single piece of personal identifying information about the thief. Not even an IP address!

We didn't set out to.

We also didn't reveal all the different activity we saw among addresses we could identify by their forum names, from this forum, (and the addresses we could definitively link to them) or the addresses of public organisations.  It really is possible to link a lot of different public key addresses, just using the network traffic and transaction histories from the block chain.

There are definitely transactions going on, that are linked, in ways that the users don't think are linked.  No question about that.

It's almost like the whole paper was written to prove the counter-point to the paper's title... hmm.

Well, it wasn't!
We tried to give an even-handed analysis, highlighting the bits that were and weren't anonymous, and dealing with this subtlety, in the paper.


We had to find a balance in what we released, too - we didn't want to just ship tools allowing various identities to be resolved and tracked, with no warning, because there are some people who probably are counting on the anonymity that they don't really have.  This makes it harder to prove our point; that's ok.



Look at the SVG of the theft that we posted though, on the blog post: 
https://sites.google.com/site/btcanalysis/AllegedTheftBlogVersion.svg?attredirects=0&d=1

We've removed the names of any user accounts in there, but it is clearly showing a lot more detail than you'd expect to easily come out of the block chain. 
The blockexplorer addresses show up on mouseover.


I'll take any questions on this, if there are any (am presuming this forum does e-mail notification <--newbie ; but I'll check back anyway)

Great to have you here fergalr, I will be reading your paper.
Big Time Coin
Sr. Member
****
Offline Offline

Activity: 332
Merit: 250



View Profile
August 31, 2011, 02:04:03 AM
 #8

Thank you for the study.  Nice chart porn!  You're right about the definition of "anonymous" being the key. 

No one has yet volunteered to be an expert witness for the plaintiffs in any court for the allinvain larceny or the mybitcoin class action, despite this being worth tens of thousands of dollars.  Gavin has even said in these forums that he doesn't want to be involved in helping the police or private investigators find or target individual users of the bitcoin client.  Thinks it would be unethical. 

In my experience it always kills these "bitcoin is not anonymous" discussion to point out that despite what Garzik, Gavin, and dan kaminsky claim about the lack of anonymity, not one of them has been able to solve a single stolen bitcoin case.  Tens of thousands of dollars just sitting there for the taking if they do, not to mention justice for the victims!

Maybe you can do better ferglar, but I doubt you can do anything beyond expound theory in obtuse academic language either.  If you really can link the mybitcoin coins to forum user names, then out with it!  Do you know who the thieves are, or not.  What is your % degree of certainty and can you be an expert witness?

Big time, I'm on my way I'm making it, big time, oh yes
- Peter Gabriel
hugolp
Legendary
*
Offline Offline

Activity: 1148
Merit: 1001


Radix-The Decentralized Finance Protocol


View Profile
August 31, 2011, 05:27:58 AM
 #9

Quote
We think that the graphing, and analysis, that we did, shows its substantially easier to trace these things than we'd have a priori thought possible.

Then you had thought wrong and that is YOUR problem and not the problem of Bitcoin. Bitcoin members always stated the nature of Bitcoin and how under certain circumstances the transactions could be linked to the person. There is absolutely nothing new on what you are saying. It had all been said by the Bitcoin community already. You only have to see the reaction on the forums about your original blog post. The reaction was: so what? this was alredy known. The problem is that you are claiming the Bitcoin community was saying the contrary and its very dishonest from your part.

And the biggest problem is that I went to your blog post to point exactly this to you in a nice and educated way, but you keep going around with the same dishonest claims, so you are clearly doing it on purpose. If you are acting on good faith you should stop your claims that the Bitcoin community has publicited anything different. What you are saying is nothing special or new. It was well known.

We aren't in the business of exposing thefts, so we didn't go down that road as far as we could.

Why not? If you really can prove it as you claim why not do it?


               ▄████████▄
               ██▀▀▀▀▀▀▀▀
              ██▀
             ███
▄▄▄▄▄       ███
██████     ███
    ▀██▄  ▄██
     ▀██▄▄██▀
       ████▀
        ▀█▀
The Radix DeFi Protocol is
R A D I X

███████████████████████████████████

The Decentralized

Finance Protocol
Scalable
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
██▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀██
██                   ██
██                   ██
████████████████     ██
██            ██     ██
██            ██     ██
██▄▄▄▄▄▄      ██     ██
██▀▀▀▀██      ██     ██
██    ██      ██     
██    ██      ██
███████████████████████

███
Secure
      ▄▄▄▄▄
    █████████
   ██▀     ▀██
  ███       ███

▄▄███▄▄▄▄▄▄▄███▄▄
██▀▀▀▀▀▀▀▀▀▀▀▀▀██
██             ██
██             ██
██             ██
██             ██
██             ██
██    ███████████

███
Community Driven
      ▄█   ▄▄
      ██ ██████▄▄
      ▀▀▄█▀   ▀▀██▄
     ▄▄ ██       ▀███▄▄██
    ██ ██▀          ▀▀██▀
    ██ ██▄            ██
   ██ ██████▄▄       ██▀
  ▄██       ▀██▄     ██
  ██▀         ▀███▄▄██▀
 ▄██             ▀▀▀▀
 ██▀
▄██
▄▄
██
███▄
▀███▄
 ▀███▄
  ▀████
    ████
     ████▄
      ▀███▄
       ▀███▄
        ▀████
          ███
           ██
           ▀▀

███
Radix is using our significant technology
innovations to be the first layer 1 protocol
specifically built to serve the rapidly growing DeFi.
Radix is the future of DeFi
█████████████████████████████████████

   ▄▄█████
  ▄████▀▀▀
  █████
█████████▀
▀▀█████▀▀
  ████
  ████
  ████

Facebook

███

             ▄▄
       ▄▄▄█████
  ▄▄▄███▀▀▄███
▀▀███▀ ▄██████
    █ ███████
     ██▀▀▀███
           ▀▀

Telegram

███

▄      ▄███▄▄
██▄▄▄ ██████▀
████████████
 ██████████▀
   ███████▀
 ▄█████▀▀

Twitter

██████

...Get Tokens...
defxor
Hero Member
*****
Offline Offline

Activity: 530
Merit: 500


View Profile
August 31, 2011, 07:14:27 AM
 #10

We think the fact that the supposedly seperate streams re-converge shows the addresses used were still controlled by a single party, for quite a while after the theft.

That was about the supposed allinvain theft.

There are definitely transactions going on, that are linked, in ways that the users don't think are linked.  No question about that.

But is this too, or is it about Bitcoin more generally?

BitcoinPorn
Hero Member
*****
Offline Offline

Activity: 630
Merit: 500


Posts: 69


View Profile WWW
August 31, 2011, 09:50:42 AM
 #11

fergalr, well done paper, thanks for taking the time to put it out there, helps me understand a few aspects of Bitcoin I did not before.   Also, I agree with hugolp,

If you really can prove it as you claim why not do it?

guywhogotgoxed
Member
**
Offline Offline

Activity: 61
Merit: 10


View Profile
August 31, 2011, 06:01:38 PM
 #12

Unless the 25k BTC thieves use a public exchange to sell the coins (where they might submit personally identifying information), how do these graphs help?
fergalr
Newbie
*
Offline Offline

Activity: 15
Merit: 0


View Profile
August 31, 2011, 09:28:41 PM
 #13

Thank you for the study.  Nice chart porn!  You're right about the definition of "anonymous" being the key. 

No one has yet volunteered to be an expert witness for the plaintiffs in any court for the allinvain larceny or the mybitcoin class action, despite this being worth tens of thousands of dollars.  Gavin has even said in these forums that he doesn't want to be involved in helping the police or private investigators find or target individual users of the bitcoin client.  Thinks it would be unethical. 

That's a position I have a lot of sympathy for - I can see why you'd have to think about the ethics before actually going and deanonymising individual users - I guess a lot would depend on the context.

In my experience it always kills these "bitcoin is not anonymous" discussion to point out that despite what Garzik, Gavin, and dan kaminsky claim about the lack of anonymity, not one of them has been able to solve a single stolen bitcoin case.  Tens of thousands of dollars just sitting there for the taking if they do, not to mention justice for the victims!

Maybe you can do better ferglar, but I doubt you can do anything beyond expound theory in obtuse academic language either.  If you really can link the mybitcoin coins to forum user names, then out with it!

Well, first off, just to be clear, the theft in question wasn't of the mybitcoin coins - it was a separate alleged theft, as reported by the forum user allinvain, on this forum.
Although, there was an indication of a link between the two events.

There are a couple of 'nodes' (addresses which are bound together, using the 'linking' information leakage) which receive Bitcoins, which we believe it looks extremely likely came from the alleged theft, which we can identify as forum users.

This doesn't mean those users had anything to do with the theft - in fact, I'd say its considerably more likely that they didn't and that they either received just donations, or sold goods/services.  But I don't know.
We chose not to publish those usernames on our blog.

There wasn't a huge case either way for this decision - the data was all public, and the analysis not *that* hard to re-create; but its not really our role to be doing this sort of thing.
Its not that important to us, analyzing privacy in bitcoin, who the users are - what's important is that we could find them.


Do you know who the thieves are, or not.

We don't know who the thieves are.
Its probably fair to say that we don't even really want to know who the thieves are.


If the thieves were very careful, and kept all the bitcoin activity at arms length from themselves - e.g. they did all their bad stuff though TOR, (assuming a secure exit node) or through a computer that cannot be traced to them; and if they didn't use any of the Bitcoins they stole to buy or sell anything that could be traced to them (e.g. they left no traceable IP on any webserver of anyone they paid in bitcoins), and if they have no connection to any of the users the transferred accounts to, and if they used the myBitcoin service completely anonymously, and left no logs or payment details or IPs on it, then I believe they are completely anonymous, and won't be found.
I've no idea how they planned on getting the Bitcoins out - maybe there's a service out there where someone will leave $500K in a dead drop box, in exchange for bitcoins - I don't know.


But, if on the other hand, they believed that Bitcoin was sufficiently inherently anonymous, that their transactions would get lost in all that goes on in the Bitcoin network (a reasonable belief), or if they did things like bought traceable goods or services from the users that they sent bitcoins to, or if they left any traces of payment trail on myBitcoin - which we can see that it looks like they sent BTC to - that could be subpoena'd, then they are probably not anonymous.

Our point is that their actions in the Bitcoin network are not getting lost in the noise, and there are links there that people could investigate.

Our point is further, that if Bitcoin grows in adoption, in future, like a lot of the people on this forum want, then as things currently stand, with current software, casual users of Bitcoin will leak a lot of information, and leave large traces of their activity behind them, which it'll be possible to follow in an automated fashion.

Currently, a large exchange could probably label an awful lot of bitcoin transactions and flows, with whatever account details the exchange has access to.


  What is your % degree of certainty and can you be an expert witness?
I'm pretty certain of what I just said.

As I said, I couldn't directly provide the identity of the thieves, because I don't know it, and couldn't know it without other pieces of information, such as logs of various services, or information from other users.
Maybe even then it's not available; or maybe it is; thats a question for someone working on solving the theft to worry about. I'm not working on solving thefts, so I'm not likely to be an expert witness for anyone, any time soon.
fergalr
Newbie
*
Offline Offline

Activity: 15
Merit: 0


View Profile
August 31, 2011, 10:26:13 PM
 #14

Quote
We think that the graphing, and analysis, that we did, shows its substantially easier to trace these things than we'd have a priori thought possible.

Then you had thought wrong and that is YOUR problem and not the problem of Bitcoin.

What do you mean 'the problem of Bitcoin'?
I mean, the technology itself doesn't care, that's the technology.

But the users may care.
Look what it says on the Wikileaks site:
"Bitcoin is a secure and anonymous digital currency. Bitcoins cannot be easily tracked back to you, and are safer and faster alternative to other donation methods. You can send BTC to the following address:"
Do you think those sentences are true?  I think they are quite misleading.  But there they are.
I think this is very clear evidence that something is going wrong, with the Bitcoin community's understanding of the limits of anonymity in Bitcoin.


Imagine its 5 years time, and Bitcoin is very widely adopted; and that I live in a really repressive regime, and had made a substantial donation to wikileaks.
The secret police come to my door - I'm confused, because I thought it was anonymous.  I donated from an address I'd never previously used.  I didn't realise that, a year later, when a piece of change (say) from that donation was also used in my weekly online grocery shop, with some other currency from my public 'donate to my blog' address, then I had inadvertently published, irrevocably, on the open Internet, that I previously made a donation to wikileaks.  Now I'm talking to the secret police, I'm wondering what it means for Bitcoin to be 'a secure and anonymous digital currency.' and I'm a little confused, because it actually turned out to be very easy for the Bitcoins to be tracked back to me.

Like, we could say 'its not the problem of bitcoin' - but I think the technology, as its used in the real world, does sort of have a problem, if scenarios like that arise.

Don't get me wrong, Bitcoin is a really cool system.
But it *does* have a real problem, when a substantial subset of its users think its anonymous, but it isn't.

When we looked, we could identify many users, by their user names here, who donated to wikileaks.  Maybe they are happy for that to be in the open- but maybe some of them aren't.  This could be a very real problem for some of them.  Does the Bitcoin community care?  I think they should.  

There were campaigns on this forum to get various organisations to accept Bitcoin donations.
So where's the campaign to correct that wikileaks page?




Bitcoin members always stated the nature of Bitcoin and how under certain circumstances the transactions could be linked to the person. There is absolutely nothing new on what you are saying. It had all been said by the Bitcoin community already.

There are differing levels of technical sophistication in the Bitcoin community.
Some people - the more technical people - state that Bitcoin provides no guarantee of anonymity.
We do acknowledge that in our paper.
But I think the Bitcoin community are doing a very bad job of disseminating that information.


And I think the reason for this is clear:
Its really easy to say that 'Bitcoin is not anonymous, all the transactions are there in the blockchain'.  But all it means is that someone said that.

Users will wonder 'Ok, so the information is there - but surely you can't actually follow transactions around the place?' - there are many threads on this forum where users are wondering exactly what can be done in practice.

Until our analysis, I had seen no one actually try and follow these things, or apply network analysis to it.

I mean, I saw the response to the 'allinvain' alleged theft - and the whole thread is there, and I've read it all - where they tried trace the Bitcoin flows - but they didn't have good tools, and they didn't get very far.
If you want, you can dig out the addresses they got to, and see where they are on the SVG we have - I've done that.
Its completely understandable, because they hadn't got purpose built tools.
But we actually built the tools, and had a go, and found you could follow Bitcoins much further.
And I think, as a (very casual) user of Bitcoin, that that is an important piece of information, and is well worth knowing.




You only have to see the reaction on the forums about your original blog post. The reaction was: so what? this was alredy known.

Yeah, but that's always easy to say.

Before doing this research, I had read up what was out there in the community, and the message I got was that the most technical users were saying 'Look, dont count on anonymity, you probably dont have it' and were saying that it might be possible to do network analysis.  But there were loads of people wondering how much anonymity you had in practice, and whether it was really possible to make sense of the transaction history.
And I honestly didn't know which to believe, because I could find no examples of where people had traced flows through the network.  

We didn't know whether we'd find clusters of nodes, and we were totally taken by surprise by how much information the account linking revealed.
So, actually going and trying to do some network analysis, told us a lot we didn't know - that these problems were real, in practice, as well as in theory.
We had to build a fair few tools, and tweak them, before we could properly see the structure in the network - it wasn't trivial.
I mean, if I'm wrong, send me a link to similar existing analysis.  (as opposed to a stated opinion, correct though it might be).

And that's just from the point of view of the most technical users - there are reams of less technical users out there, confused about the anonymity.
A lot of people read our blog - hopefully that will result in these people not thinking bitcoin is inherently anonymous, when it really isnt.


Do you want me to dig up examples of the differing opinions that are out there?
There's the wikileaks 'donate' page I mentioned.
There's loads of stuff on these forums.
There's blogs (by really very technically sophisticated people) like this: http://www.forbes.com/sites/timothylee/2011/07/14/advanced-bitcoin-anonymity/
and really, what they say isn't really wrong, though I'd expect them to be surprised by how much can be uncovered.


There's some good posts around by users such as jgarzik which I would say maybe even slightly over estimate the network analysis that is conducted on Bitcoin - but he's certainly making the point, many times, that it shouldn't be labelled as anonymous.
But there's lots of other users that disagree with that view, or aren't as technical as the core dev team.
And I think there's an extent to which these are just opinions - educated, though they may be - until someone goes and tries to do that kind of analysis.

So I think contribute a lot by having a go at doing an analysis towards the type jgarzik mentions, and actually seeing how well we get on.


The problem is that you are claiming the Bitcoin community was saying the contrary and its very dishonest from your part.

Well, I've shown examples of the differing confused opinions that are out there - I guess it depends what you mean by 'community'.
Is whoever wrote that wikileaks page part of the community?  (I dont like constantly picking on wikileaks here - but they are an organisation that is supposed to be all about protecting anonymity, so I guess its ok to hold them to a high standard).


As to the claim that I'm being dishonest - look, I'm a research student, I've no axe to grind here, I've no short financial position on Bitcoin; we're really interested in the currency, and chose to spend time on this, as opposed to other possible projects, because its interesting.  We're doing our best to publish our work out in the open, blog about it, engage with people in forums.  There's a sentence or two in the paper, and on the blogs, where we acknowledge that the technical users know anonymity was never designed in, and I think we do a good job of addressing the subtleties of the definition of 'anonymity' in the comments.

So, like, its really obvious there's nothing dishonest here.


And the biggest problem is that I went to your blog post to point exactly this to you in a nice and educated way, but you keep going around with the same dishonest claims, so you are clearly doing it on purpose. If you are acting on good faith you should stop your claims that the Bitcoin community has publicited anything different. What you are saying is nothing special or new. It was well known.

I've tried to address these concerns above.



I guess we can agree to differ on what exactly 'the Bitcoin community' thinks.  You think they know exactly what the limits of anonymity are (i.e. its not anonymous).  I think there's a lot of confusion out there, and uncertainty over how anonymous it is in practice.  

Now I think my position is well supported by simply googling 'bitcoin anonymous' and seeing all the articles that call it anonymous - but look, at the end of the day, as long as people don't think its obscuring their tracks, when its not, we are both happy, right?

And our research adds an actual attempt to investigate and quantify this, rather than just make unsubstantiated - though educated - claims.  Depending on how much of a scientist one is, the attempt to actually try it has a greater or lessor merit - I put a lot of stock in that sort of thing.


We aren't in the business of exposing thefts, so we didn't go down that road as far as we could.

Why not? If you really can prove it as you claim why not do it?

Dealt with this in my previous post.


Thanks for the feedback, btw - appreciate you taking the time to disagree with me, even if I don't agree with your disagreement  Tongue
k
Sr. Member
****
Offline Offline

Activity: 451
Merit: 250


View Profile
August 31, 2011, 10:43:05 PM
Last edit: August 31, 2011, 11:14:43 PM by k
 #15

Hi fergalr,

thanks for your paper and your responses here. Welcome to the forum.

Have you given any thought to other applications these tools and this type of network analysis could be used for - for example could it be used somehow to estimate the real size of the bitcoin economy, i.e. differentiate the purchase of goods and services from just shifting bitcoins to different addresses owned by the same person? Or identify the different exchanges and see the flow of bitcoins to them and thus if you see a larger than normal flow of bitcoins to a particular exchange it might indicate that a sell-off is likely and predict a price drop before it happens? Maybe nothing like this is possible, just thinking out loud and wondering about possible other uses for this type of analysis.

thanks
k
fergalr
Newbie
*
Offline Offline

Activity: 15
Merit: 0


View Profile
August 31, 2011, 11:04:28 PM
 #16

Hi fergalr,

thanks for your paper and your responses here. Welcome to the forum.
Thanks!

Have you given any thought to other applications these tools and this type of network analysis could be used for - for example could it be used somehow to estimate the real size of the bitcoin economy, i.e. differentiate the purchase of goods and services from just shifting bitcoins to different addresses owned by the same person?


These are really interesting questions.

We thought briefly about these issues, although our main focus was on anonymity, and once it became clear to us that users were less anonymous than we expected, on making our analysis public.

So, there is a large connected component (http://en.wikipedia.org/wiki/Connected_component_%28graph_theory%29)  of Bitcoin addresses - i.e. a set of addresses that are all connected via other addresses, where 2 addresses are connected if they have exchanged bitcoins.

Bitcoins in accounts outside that large connected component could probably be discarded from any attempt to estimate the velocity of money (http://en.wikipedia.org/wiki/Velocity_of_money).
There are definitely examples of this - where someone consolidates a large bunch of mined bitcoins, but then doesn't do anything else with them.  You'd really want these consolidation events to not show up in an analysis of the velocity of money, and hence the size of the economy - so you could probably do some work on this - a crude first pass being to just look at Bitcoins within the large connected component.


So, that's one type of analysis you could do.
The other thing is that we typically 'link' all the addresses that the block chain reveals are controlled by a single user (because their private key parts are used in a single transaction).  This collapses many addresses together - from something like 1.2M unique addresses down to to .8M 'collapsed nodes'.
Now, there is an issue here, that occasionally some key management services, like myBitcoin, where the private keys are controlled centrally, show up as a single node, in this graph - and obviously can have a lot of different users. 
So you basically lose transactions that occur within a single 'virtual' service, that are backed onto the Bitcoin network.

But for the vast majority of nodes, you get a network that much more resembles the user->user transaction network.
So, its not perfect - there will definitely be accounts that are controlled by a single user, that still show up as multiple accounts, and there'll be some accounts, where users use a service that shares their private keys, that now look like a single account - but it's certainly a different, and interesting, view of the network, on which to do economic analysis.

From looking at it, I'd say its a better view, and that things like velocity of money calculated on this network, would be more accurate.

The other thing I should say is that there were some forum users here that built a 'bitcoin days destroyed' metric that is also interesting.
Some combination of the two ideas might be beneficial, in terms of analysing the economy.



You could probably build further heuristic methods - to look at the volume of Bitcoins that flow a certain distance, through the resolved nodes, and use this as a better barometer of the current market activity.


Or identify the different exchanges and see the flow of bitcoins to them and thus if you see a larger than normal flow of bitcoins to a particular exchange it might indicate that a sell-off is likely and predict a price drop before it happens?

That sort of stuff is very interesting - things like that are probably possible.
Like, if nothing else, you can look at large volume movements that happen outside exchanges - its probably possible to correlate such movements with increased probability of near future volatility, if nothing else.


Maybe nothing like this is possible, just thinking out load and wondering about possible other uses for this type of analysis.

thanks
k

From my point of view, while we've thought a little in that direction, it is a whole other research topic!

But it definitely sounds like a very interesting one - especially if Bitcoin gains momentum, and people start doing serious trading on it - I like the direction you are thinking in.

fergalr
Newbie
*
Offline Offline

Activity: 15
Merit: 0


View Profile
August 31, 2011, 11:19:13 PM
 #17

While we're speculating, I'd like to say that some other things that would be very interesting to look at are:

1) Active attacks on anonymity, on the bitcion network.
There's some people using mixers.  But how do you know your coins are really mixed?
Lets say you trust the mixer.

But what if your coin is mixed with a bunch of other coins, all of which belong to an adversary?
If I was interested in actively attacking Bitcoin, I'd be flooding mixers all the time.

I could make it appear to another user that their coins were mixed, when in actual fact, I controlled all of the coins they were mixed with, and could tell for sure what the incoming and outgoing coins were.
Obviously, as the mixer takes a fee, there's a cost, in Bitcoins, to doing this.

But, while I've seen a lot of talk on mixers out there, I haven't seen this sort of threat mentioned (maybe I'm missing something - this is something to consider, not something I've thought about in depth.

2) The IP layer work that Dan Kaminsky did - could that be put together with Bitcoin layer work like we did?

3) There's whole classes of timing and statistical attacks we didn't consider.
k
Sr. Member
****
Offline Offline

Activity: 451
Merit: 250


View Profile
August 31, 2011, 11:23:28 PM
 #18

thanks, lots of food for thought here.

you could probably try to correlate bitcoin movements with the historical price record and see if there is anything interesting there.
The public permanent ledger nature of bitcoin really makes lots of interesting things possible.

kjj
Legendary
*
Offline Offline

Activity: 1302
Merit: 1024



View Profile
September 01, 2011, 02:33:41 AM
 #19

1) Active attacks on anonymity, on the bitcion network.
There's some people using mixers.  But how do you know your coins are really mixed?
Lets say you trust the mixer.

But what if your coin is mixed with a bunch of other coins, all of which belong to an adversary?
If I was interested in actively attacking Bitcoin, I'd be flooding mixers all the time.

I could make it appear to another user that their coins were mixed, when in actual fact, I controlled all of the coins they were mixed with, and could tell for sure what the incoming and outgoing coins were.
Obviously, as the mixer takes a fee, there's a cost, in Bitcoins, to doing this.

But, while I've seen a lot of talk on mixers out there, I haven't seen this sort of threat mentioned (maybe I'm missing something - this is something to consider, not something I've thought about in depth.

If the mixer is designed well, and if the operator of the mixer is trustworthy, then it doesn't matter much what coins you get back, the same ones, or different ones.  The crypto community probably already has a pretty good idea of which properties the mixer needs to have.  I bet that the cypherpunks list probably even had detailed discussions on how to create a distributed system that didn't rely on the trustworthiness of any particular subset of mixer operators.  We just don't know which thread to look in, because they didn't know they were talking about bitcoin at the time, they thought they were talking about an email mixer, or how to protect an onion router from traffic analysis attacks, or something.

I liked the paper, by the way.

I always consider claims of anonymity to be false until shown true.  And even then I'm still cautious.  I remember well that the first few things I had read about bitcoin made claims about anonymity that (surprise!) later turned out to be less than true.  I tend to blame journalists for bad journalism, but in this case I might be willing to cut them some slack.  Bitcoin is hard.

I would say that by now, most people in the community (at least in the threads that I read) have a fairly good idea of the level of privacy actually available for various types of transactions.  Of course, an attacker with the ability to aggregate data from a lot of places can overcome casual efforts at partitioning and end up knowing a hell of a lot.

Some day, there will be a simple web based tool, like blockexplorer, but much more sinister.  You'll be able to punch in an address, and it will track things forwards, backwards and sideways.  It will magically divine every address in your wallet that you have ever received money from, and if you've ever used or sent to a static address, it will be able to tell you a lot about yourself and what you like to spend your coins on.

The good news is that places that generate new addresses for every transaction will make it much less accurate.  And hopefully a network of decent mixmasters will provide hard edges, or at least plausible ones.

Most people don't know how serious white collar investigations work, so they don't realize just how much effort it will be for someone to keep those edges solid.  Real investigations cast a wide net.  They look at someone, then they look at everyone around that person, and then everyone around all of them, and so forth.  They look for coincidences first, and then patterns, and then evidence.  Honestly, if you let it get to the evidence stage, you've already lost.

I see a lot of people on these forums that say things like "well, they can't prove <this step>".  It doesn't matter.  They don't need to prove that step, they just need to see the pattern, and then find some other step that they can prove.  Where there is a pattern, there will also be evidence of something, something that they can use.  They are professionals, and you are an amateur.  They are much better at finding evidence than you are at hiding it.

For anyone seriously considering hiding some crime behind bitcoins, I offer this advice.  Don't.  And if you ignore that part, try to avoid coincidences, and make damn sure you don't leave patterns.  Be many different people, with different personalities, different habits, different patterns.  And if you must transfer money from a wallet that can be linked to you (and this is any wallet that you haven't taken great pains to keep apart from yourself), to an illicit wallet, make sure it is for something legitimate, with paperwork, and hopefully eyewitnesses that really think that they saw you buy or sell something.  Don't try to launder funds more than once, unless you have a legitimate, documented, witnessed sequence of transactions that will look completely normal and mundane.  And finally, make damn sure that you lose a hell of a lot of money along the way.  If 50,000 bitcoins leaves one side, 50,000 bitcoins had better not pop up on the other side, not even months or years apart and from totally different directions.

Sorry.  This is long, rambling, and I think I veered offtopic a bit.  Fun though.

17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8
I routinely ignore posters with paid advertising in their sigs.  You should too.
Big Time Coin
Sr. Member
****
Offline Offline

Activity: 332
Merit: 250



View Profile
September 01, 2011, 05:10:27 AM
 #20

Thanks for your reply Fergalr.  I give much respect to your well thought out comments and honesty regarding the extent of your capabilities and knowledge.  I've been thinking about this subject a lot because it really stunned me that despite all the "highly technical" users claims that bitcoin was not anonymous, no one has solved any of the big thefts. 


2) The IP layer work that Dan Kaminsky did - could that be put together with Bitcoin layer work like we did?


I asked him in his thread how much it would cost to put together a tool but it must have freaked him and the others in the thread out because the thread immediately died.  https://bitcointalk.org/index.php?topic=34383.msg436871#msg436871.  And DK hasn't posted since.  That was not my intention at all  Cry

Anyway, you seem to be a smart and talented programmer enough to be able to replicate kaminsky's work for the conference and get a working tool going in a reasonable timeframe.  And I get the feeling that unlike him, my direct and public approach will not be scary to you or kill this thread.  It could be merged with your already existing tool like this (not sure if feasible):

a) run your address tracing and linking tool to find all the coins that were stored through the Mybitcoin portal.  You can start with my address info here: https://bitcointalk.org/index.php?topic=34225.msg428519#msg428519.  That should give you all their coins with current address locations.  Also see if any forum user can be linked to it.

b) run the real-time ip monitoring tool targeting those addresses to harvest the ips + any other scrape-able info when the coins are moved

c) use your tools to see what they are doing with the coins.  By now you should know what wallets are exchange wallets, so if they are cashing out through an exchange bingo fire up the subpoenas.  If they are using dead drop or in-person cash-out then go back to dktool do geolocation on the IP, see what can be done... harder road but at least we know we're on it at that point.

But the key is b.  Hmm thinking about how much it would cost.  A database of every transaction made with IPs would be nice to start collecting, could be valuable in the future.  Of course, with DK's you don't get very many IP addresses because some users are a few hops away from an inbound node  Huh He wasn't too clear on that point in his slides and I was not at the conference.

Another potentially profitable use for your work: We do need a tool to keep pool operators honest.  If the stolen block storage node and the pool general fund node can be linked, tool could monitor that.  Right now it is very easy for them to sneak blocks, and we miners have to guess if they are doing it or not by comparing pool luck to expected luck.  Vladimir's self defense for miners thread talks about this.

Big time, I'm on my way I'm making it, big time, oh yes
- Peter Gabriel
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!