[tor-dev] Finding location metadata in large "dark market" datasets

Griffin Boyce griffin at cryptolab.net
Sat Jul 18 01:23:34 UTC 2015

Hello all,

   I came across a blog post that might interest you all.  @techdad did a 
quick analysis of public images from online black markets (such as Silk 
Road et al)[2] from 2011-2015, and came to the following conclusion:

"After parsing hundreds of thousands of images, I came across about 37 
unique images that were not properly sanitized."[1]

   That's surprisingly low -- 0.00037% if one assumes 100k images 
analyzed.  Given the number of high-profile cases [4] where this 
location information led to arrests, it's not very surprising that some 
people likely took the time to remove the EXIF data, but I'm curious 
whether a given website may have stripped the metadata for uploaded 
images.  The images that tested positive are shown on the blog post, and 
8/37 were clearly from the same individual.

   When mapped out, the location data is primarily in the US (5 
locations), along with 1 location in France and Australia.

   Incidentally, the full 1.6TB dataset from 2011-2015 is available on 
the Internet Archive [3], just in case the Hacking Team disclosures 
haven't used up all your hard drive space. ;-)  This data on its own is 
a rather interesting look into the workings of black markets -- many of 
which no longer exist.  Curious to see what you all think and what 
analyses you'd like to see from this kind of data.


[1] http://atechdad.com/Deanonymizing-Darknet-Data/
[2] http://www.gwern.net/Black-market%20archives
[3] https://archive.org/details/dnmarchives

More information about the tor-dev mailing list