[tor-bugs] #25057 [Webpages/Blog]: Warn Tor users not run BitCoin in same tor instance using blog and official twitter.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Jan 28 04:41:53 UTC 2018
#25057: Warn Tor users not run BitCoin in same tor instance using blog and official
twitter.
---------------------------+----------------------
Reporter: cypherpunks | Owner: hiro
Type: task | Status: new
Priority: High | Milestone:
Component: Webpages/Blog | Version:
Severity: Critical | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
---------------------------+----------------------
Comment (by cypherpunks):
6 CONCLUSION
We show that using Bitcoin as a payment method for Tor hidden ser-
vices leaks information that can be used to deanonymize their users.
This represents a serious threat to these users, because they actively
seek to maintain their anonymity by using Tor. The deanonymiza-
tion is mainly due to the lack of retroactive operational security
present in Bitcoin’s pseudonymity model.
In particular, by inspecting historical transactions in the Blockchain,
an adversary can link users, who publicly share their Bitcoin addresses
on online social networks, with hidden services, which publicly share
their Bitcoin addresses on their onion landing pages.
In a real-world experiment, we were able to link many users
of Twitter and the BitcoinTalk forum to various hidden services,
including WikiLeaks, Silk Road, and The Pirate Bay.
Using information from their public user profiles, we were able to show
concrete
case studies where the anonymity of the users is broken.
Our results has one immediate implication:
Bitcoin addresses should always be assumed compromised as they can be used
to deanonymize users.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25057#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list