[tor-dev] Finding location metadata in large "dark market" datasets
griffin at cryptolab.net
Sat Jul 18 01:23:34 UTC 2015
I came across a blog post that might interest you all. @techdad did a
quick analysis of public images from online black markets (such as Silk
Road et al) from 2011-2015, and came to the following conclusion:
"After parsing hundreds of thousands of images, I came across about 37
unique images that were not properly sanitized."
That's surprisingly low -- 0.00037% if one assumes 100k images
analyzed. Given the number of high-profile cases  where this
location information led to arrests, it's not very surprising that some
people likely took the time to remove the EXIF data, but I'm curious
whether a given website may have stripped the metadata for uploaded
images. The images that tested positive are shown on the blog post, and
8/37 were clearly from the same individual.
When mapped out, the location data is primarily in the US (5
locations), along with 1 location in France and Australia.
Incidentally, the full 1.6TB dataset from 2011-2015 is available on
the Internet Archive , just in case the Hacking Team disclosures
haven't used up all your hard drive space. ;-) This data on its own is
a rather interesting look into the workings of black markets -- many of
which no longer exist. Curious to see what you all think and what
analyses you'd like to see from this kind of data.
More information about the tor-dev