Opened 4 months ago

Closed 2 months ago

#25057 closed task (implemented)

Warn Tor users about how to use Bitcoin over Tor, using blog and official twitter.

Reported by: cypherpunks Owned by: Jaruga
Priority: Medium Milestone:
Component: Community/Tor Support Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

https://arxiv.org/pdf/1801.07501.pdf

Tor users can be de-anonymized by Bitcoin.

Child Tickets

Change History (6)

comment:1 Changed 4 months ago by cypherpunks

6 CONCLUSION

We show that using Bitcoin as a payment method for Tor hidden ser-
vices leaks information that can be used to deanonymize their users.

This represents a serious threat to these users, because they actively
seek to maintain their anonymity by using Tor. The deanonymiza-
tion is mainly due to the lack of retroactive operational security
present in Bitcoin’s pseudonymity model.

In particular, by inspecting historical transactions in the Blockchain,
an adversary can link users, who publicly share their Bitcoin addresses
on online social networks, with hidden services, which publicly share
their Bitcoin addresses on their onion landing pages.

In a real-world experiment, we were able to link many users
of Twitter and the BitcoinTalk forum to various hidden services,
including WikiLeaks, Silk Road, and The Pirate Bay.

Using information from their public user profiles, we were able to show concrete
case studies where the anonymity of the users is broken.

Our results has one immediate implication:
Bitcoin addresses should always be assumed compromised as they can be used to deanonymize users.

comment:2 Changed 4 months ago by cypherpunks

Summary: Warn Tor users not run BitCoin in same tor instance using blog and official twitter.Warn Tor users about how to use Bitcoin over Tor, using blog and official twitter.

comment:3 Changed 4 months ago by cypherpunks

Suggestion #1: Don't use Bitcoin but use Monero.
https://www.reddit.com/r/Monero/comments/6zjnm6/how_is_monero_untraceable/

Suggestion #2: Use software wallet which allow you to create/delete wallet-ID,
and delete wallet ID each time you send|receive money.

Suggestion #3: Don't proxy Bitcoin on the same Tor executable. Just run another tor|tor.exe and use it.

comment:4 Changed 4 months ago by teor

Component: Webpages/BlogCommunity/Tor Support
Owner: changed from hiro to phoul
Priority: HighMedium
Severity: CriticalNormal

Bitcoin is one of the many applications that it isn't safe to use over Tor.
We should add it to the list in the user support guide.

comment:5 Changed 2 months ago by Jaruga

Owner: changed from phoul to Jaruga
Status: newassigned

That is an interesting idea. While I cannot speak to anything regarding the blog or the official Twitter, I will certainly look into creating a page on the wiki that touches on these topics. Perhaps it can be used as a reference if such a thing did occur.

comment:6 Changed 2 months ago by Jaruga

Resolution: implemented
Status: assignedclosed
Note: See TracTickets for help on using tickets.