Silk Road forums

Discussion => Security => Topic started by: goblin on June 02, 2012, 06:09 pm

Title: Bitcoin address and URL or service link
Post by: goblin on June 02, 2012, 06:09 pm
This is a question that I think only those veteran bitcoiners out there would be able to answer. Is it possible for someone who is monitoring the blockchain, to find out if a certain address is generated by a certain website or bitcoin service? Is there something in the string of characters which compose the BTC address which gives away its origin?

Suppose I have a registered bitcoin fog url; it comes with a BTC address automatically of course. Suppose I use it to send BTC to another address. Can a monitor know that the originatiing address is from bitcoin fog? Ditto if I generate a new bitcoin fog address: will they know where it's from?

Same for ANY BTC address. Can someone find its origins, whether instawallet, or mt. gox, or whatever? I always wonder about this.

Thanks all!

More to the point, can this compromise my anonymity in any way?
Title: Re: Bitcoin address and URL or service link
Post by: vlad1m1r on June 02, 2012, 11:12 pm
This is a question that I think only those veteran bitcoiners out there would be able to answer. Is it possible for someone who is monitoring the blockchain, to find out if a certain address is generated by a certain website or bitcoin service? Is there something in the string of characters which compose the BTC address which gives away its origin?

Suppose I have a registered bitcoin fog url; it comes with a BTC address automatically of course. Suppose I use it to send BTC to another address. Can a monitor know that the originatiing address is from bitcoin fog? Ditto if I generate a new bitcoin fog address: will they know where it's from?

Same for ANY BTC address. Can someone find its origins, whether instawallet, or mt. gox, or whatever? I always wonder about this.

Thanks all!

More to the point, can this compromise my anonymity in any way?

Hi buddy,

I'm afraid this isn't a Yes/No question!

The process used to generate Bitcoin addresses is the same for MtGox as it is for Silk Road or indeed any other service using online wallets (with the exception of Bitcoinfog which we'll discuss in a moment. Simply looking at an address in the block chain in itself will not tell you whether it is for example a Silk Road wallet.

However, if you type in a Bitcoin address in Blockchain.info you'll see a list of any coins going to and from that wallet. Type the address of those Bitcoin addresses and so on and you can track transactions throughout the block chain right back to the original address where you obtained your Bitcoins.

If, for example, you use your bank account to wire money to Dwolla and then to MtGox it will be obvious to anyone with access to MtGox's records that you bought say 10 bitcoins and then forwarded them to another address. If a vendor on Silk Road were to receive those coins at a later date and it's possible to link his or her identity to that BTC address e.g because they withdrew your Bitcoins from an exchange into their own bank account, then it wouldn't take a genius to work our what the coins were for, particularly if they view the vendors past sales.

You'll have seen this is a lot of "ifs" but it is a real risk and at the moment there isn't an easy solution. You can reduce the likelihood of your transactions being traced in this way by using anonymous methods to obtain and sell your Bitcoins e.g by cash in the mail and using mixers like Bitcoinfog.

As you probably know Bitcoinfog assigns a temporary ID to your coins before exchanging them with those of other users for a small commission of 1- 3%. This makes it much more difficult to trace your transactions but obviously if your Bitcoins can be seen being sent to one address and then a similar amount is sent to another address 24 hours later, this might show you're using a mixer. You can reduce the risk of this happening by using Bitcoinfog's settings to withdraw the money in random amounts over a longer period of time, and also have them sent to several addresses rather than one.

If you have obtained your Bitcoins in a safe way though either through paying cash or selling products/services, these kind of issues are a lot less pressing - however you must bear in mind if your identity can be linked to any BTC address, any transactions to or from that address can be traced.

V.







Title: Re: Bitcoin address and URL or service link
Post by: goblin on June 02, 2012, 11:16 pm
This is a question that I think only those veteran bitcoiners out there would be able to answer. Is it possible for someone who is monitoring the blockchain, to find out if a certain address is generated by a certain website or bitcoin service? Is there something in the string of characters which compose the BTC address which gives away its origin?

Suppose I have a registered bitcoin fog url; it comes with a BTC address automatically of course. Suppose I use it to send BTC to another address. Can a monitor know that the originatiing address is from bitcoin fog? Ditto if I generate a new bitcoin fog address: will they know where it's from?

Same for ANY BTC address. Can someone find its origins, whether instawallet, or mt. gox, or whatever? I always wonder about this.

Thanks all!

More to the point, can this compromise my anonymity in any way?

Hi buddy,

I'm afraid this isn't a Yes/No question!

The process used to generate Bitcoin addresses is the same for MtGox as it is for Silk Road or indeed any other service using online wallets (with the exception of Bitcoinfog which we'll discuss in a moment. Simply looking at an address in the block chain in itself will not tell you whether it is for example a Silk Road wallet.

However, if you type in a Bitcoin address in Blockchain.info you'll see a list of any coins going to and from that wallet. Type the address of those Bitcoin addresses and so on and you can track transactions throughout the block chain right back to the original address where you obtained your Bitcoins.

If, for example, you use your bank account to wire money to Dwolla and then to MtGox it will be obvious to anyone with access to MtGox's records that you bought say 10 bitcoins and then forwarded them to another address. If a vendor on Silk Road were to receive those coins at a later date and it's possible to link his or her identity to that BTC address e.g because they withdrew your Bitcoins from an exchange into their own bank account, then it wouldn't take a genius to work our what the coins were for, particularly if they view the vendors past sales.

You'll have seen this is a lot of "ifs" but it is a real risk and at the moment there isn't an easy solution. You can reduce the likelihood of your transactions being traced in this way by using anonymous methods to obtain and sell your Bitcoins e.g by cash in the mail and using mixers like Bitcoinfog.

As you probably know Bitcoinfog assigns a temporary ID to your coins before exchanging them with those of other users for a small commission of 1- 3%. This makes it much more difficult to trace your transactions but obviously if your Bitcoins can be seen being sent to one address and then a similar amount is sent to another address 24 hours later, this might show you're using a mixer. You can reduce the risk of this happening by using Bitcoinfog's settings to withdraw the money in random amounts over a longer period of time, and also have them sent to several addresses rather than one.

If you have obtained your Bitcoins in a safe way though either through paying cash or selling products/services, these kind of issues are a lot less pressing - however you must bear in mind if your identity can be linked to any BTC address, any transactions to or from that address can be traced.

V.

Thanks, vlad1m1r, that helps. Is there anyone else with maybe even more info?
Title: Re: Bitcoin address and URL or service link
Post by: vlad1m1r on June 02, 2012, 11:25 pm
I have just been reminded that SR vendors do have a mixer built into their accounts to stop their withdrawals being traced through block chain analysis. If I were in their place I would use Bitcoinfog too to be on the safe side but I'll leave it to our resident drug dealers to speak for themselves! :-D

V.
Title: Re: Bitcoin address and URL or service link
Post by: Trippyskies on June 02, 2012, 11:51 pm
+1 karma.  good info Vlad
Title: Re: Bitcoin address and URL or service link
Post by: goblin on June 03, 2012, 12:05 am
I have just been reminded that SR vendors do have a mixer built into their accounts to stop their withdrawals being traced through block chain analysis. If I were in their place I would use Bitcoinfog too to be on the safe side but I'll leave it to our resident drug dealers to speak for themselves! :-D

V.
vlad1m1r, yes, I also have thus heard, but I wonder about its effectiveness. After all, I never saw any analysis or explanation of how such a mixer is supposed to work. Does anyone know for sure? I don't know, I guess I'm just super paranoid, but I think that's the proper way to be in this increasingly authoritarian world.
Title: Re: Bitcoin address and URL or service link
Post by: vlad1m1r on June 03, 2012, 08:54 am
I have just been reminded that SR vendors do have a mixer built into their accounts to stop their withdrawals being traced through block chain analysis. If I were in their place I would use Bitcoinfog too to be on the safe side but I'll leave it to our resident drug dealers to speak for themselves! :-D

V.
vlad1m1r, yes, I also have thus heard, but I wonder about its effectiveness. After all, I never saw any analysis or explanation of how such a mixer is supposed to work. Does anyone know for sure? I don't know, I guess I'm just super paranoid, but I think that's the proper way to be in this increasingly authoritarian world.

Hi goblin,

For a brief explanation you can visit the Bitcoin wiki : https://en.bitcoin.it/wiki/Mixing_service

An oversimplified way to think of it is to think of the mixing service like  a big vault of coins with a large, imposing man standing outside. You and other users walk up to him with your box of coins and he then hands each you a token with the right number of coins written on it. He then takes your box and flings your coins into the vault onto the large pile of coins already in there.

The big pile of coins is then churned around a number of times (maybe using a large stick, I don't have much imagination!)

The big man then inspects your token and randomly takes that number of coins from the big pile. These could belong to anyone of course and will almost certainly not belong to the same person. He then places them in a new box which you can then collect anonymously.

The new box i.e the new Bitcoin address to which your coins are sent is crucial in that it breaks the easy to follow chain of transactions between your previous Bitcoin address and this one. As I mentioned before, Bitcoins must be sent from the same address at which they're received. (If we think of it as locked boxes once again, if I have coins in my box, in order to give them to you I must first unlock my own box, take them out and place them in yours, and a record of this is made.

 Using a mixing service hugely reduces the risk of your purchases being traced in this way. It's by no means perfect as it may still be possible to trace the transaction through examining Bitcoin transfers for similar amounts around the same time but if you have no choice but to obtain your Bitcoins in a traceable way e.g through bank transfer then I would say using a mixing service is essential.

V.



Title: Re: Bitcoin address and URL or service link
Post by: goblin on June 03, 2012, 12:22 pm
I have just been reminded that SR vendors do have a mixer built into their accounts to stop their withdrawals being traced through block chain analysis. If I were in their place I would use Bitcoinfog too to be on the safe side but I'll leave it to our resident drug dealers to speak for themselves! :-D

V.
vlad1m1r, yes, I also have thus heard, but I wonder about its effectiveness. After all, I never saw any analysis or explanation of how such a mixer is supposed to work. Does anyone know for sure? I don't know, I guess I'm just super paranoid, but I think that's the proper way to be in this increasingly authoritarian world.

Hi goblin,

For a brief explanation you can visit the Bitcoin wiki : https://en.bitcoin.it/wiki/Mixing_service

An oversimplified way to think of it is to think of the mixing service like  a big vault of coins with a large, imposing man standing outside. You and other users walk up to him with your box of coins and he then hands each you a token with the right number of coins written on it. He then takes your box and flings your coins into the vault onto the large pile of coins already in there.

The big pile of coins is then churned around a number of times (maybe using a large stick, I don't have much imagination!)

The big man then inspects your token and randomly takes that number of coins from the big pile. These could belong to anyone of course and will almost certainly not belong to the same person. He then places them in a new box which you can then collect anonymously.

The new box i.e the new Bitcoin address to which your coins are sent is crucial in that it breaks the easy to follow chain of transactions between your previous Bitcoin address and this one. As I mentioned before, Bitcoins must be sent from the same address at which they're received. (If we think of it as locked boxes once again, if I have coins in my box, in order to give them to you I must first unlock my own box, take them out and place them in yours, and a record of this is made.

 Using a mixing service hugely reduces the risk of your purchases being traced in this way. It's by no means perfect as it may still be possible to trace the transaction through examining Bitcoin transfers for similar amounts around the same time but if you have no choice but to obtain your Bitcoins in a traceable way e.g through bank transfer then I would say using a mixing service is essential.

V.
Thanks again, V. Wonderful to have someone like you around.

But do yo have an explanation that is more computerese (without going overboard as I am not a real techie)? It just seems that you have explained it in terms if a metaphor, rather than the nuts and bolts of how it actually works. Also, how exactly do we know that such a mixer is really there, without fallling into the trap of "trusting" DPR? After all, anyone can say anythihg they want about their service, but without verifying it, how do we really know? I hated Reagan, but his "trust but verify" routine is right on the mark.
Title: Re: Bitcoin address and URL or service link
Post by: vlad1m1r on June 03, 2012, 02:25 pm
I have just been reminded that SR vendors do have a mixer built into their accounts to stop their withdrawals being traced through block chain analysis. If I were in their place I would use Bitcoinfog too to be on the safe side but I'll leave it to our resident drug dealers to speak for themselves! :-D

V.
vlad1m1r, yes, I also have thus heard, but I wonder about its effectiveness. After all, I never saw any analysis or explanation of how such a mixer is supposed to work. Does anyone know for sure? I don't know, I guess I'm just super paranoid, but I think that's the proper way to be in this increasingly authoritarian world.

Hi goblin,

For a brief explanation you can visit the Bitcoin wiki : https://en.bitcoin.it/wiki/Mixing_service

An oversimplified way to think of it is to think of the mixing service like  a big vault of coins with a large, imposing man standing outside. You and other users walk up to him with your box of coins and he then hands each you a token with the right number of coins written on it. He then takes your box and flings your coins into the vault onto the large pile of coins already in there.

The big pile of coins is then churned around a number of times (maybe using a large stick, I don't have much imagination!)

The big man then inspects your token and randomly takes that number of coins from the big pile. These could belong to anyone of course and will almost certainly not belong to the same person. He then places them in a new box which you can then collect anonymously.

The new box i.e the new Bitcoin address to which your coins are sent is crucial in that it breaks the easy to follow chain of transactions between your previous Bitcoin address and this one. As I mentioned before, Bitcoins must be sent from the same address at which they're received. (If we think of it as locked boxes once again, if I have coins in my box, in order to give them to you I must first unlock my own box, take them out and place them in yours, and a record of this is made.

 Using a mixing service hugely reduces the risk of your purchases being traced in this way. It's by no means perfect as it may still be possible to trace the transaction through examining Bitcoin transfers for similar amounts around the same time but if you have no choice but to obtain your Bitcoins in a traceable way e.g through bank transfer then I would say using a mixing service is essential.

V.
Also, how exactly do we know that such a mixer is really there, without fallling into the trap of "trusting" DPR?

As far as I know there's no way to be certain that SR uses a mixer. Perhaps an analysis of the block chain would reveal this? I'd be happy to send you 0.01 Bitcoins from my SR account to yours and see if it seems to come from the same address if you want to do an experiment ; maybe send me a PM if interested?

V.