From: "jeffrey E." <[email protected]> To: Vincenzo Iozzo >, Joi Ito Subject: Re: de-anonymize tor/bitcoin Date: Sat, 23 Aug 2014 10:34:26 +0000 http://www.foxnews.corn/politics/2014/08/22/food-stamp-fraud-rampant-gao-rew_rt/ make food stamps a test bed for transparant cyryto? govt on our side On Sat, Aug 23, 2014 at 5:54 AM, Vincenzo Iozzo fl > wrote: Jeffrey, this stuff is a bit heavy but if you care for it here are a couple of links: I) One obvious technique to de-anonymize tor is to control the 'exit nodes', meaning the nodes that connect Tor to the Internet. If you control enough of them you can de-anonymize a lot of it. 2) A friend of mine (among other people), found ways to de-anonymize a lot of the 'hidden services' (roughly the 'secret' websites inside tor) much more efficiently. I believe Tor fixed those flaws by now, but it's a pretty ingenious attack: http://www.ieee-securityrg/TC/SP2013/papers/4977a080.pdf The bottom line there is that with roughly Silk you can realistically de-anonymize any hidden service on tor. You do that by 'pretending' to be one of the servers handing out the addresses of the hidden services 3) The third option is to just attack the machine(s) of the 'bad guys', this is for instance what the FBI did a while ago against a network oh pedophiles: http:/Avww.reddit.corn/r/onions/comments/1 jmrta/founder_of the_freedom_hosting_arrested_held/ This option is targeted but it always works. The trick there was to attack the computer and then have the computer connect to a non-tor website, by doing that they could get the IP address and de-anonymize the user. Of course once you have control over the machine you can do much more that that, but they sticked to that As for bitcoin itself, I believe I sent you the Bitlodine paper. Another very good one is this: http://cseweb.ucsd.edut-smeiklejohn/files/imc13.pdf Now some of these approaches are probabilistic, (3) is not. But I guess my point is: if you *really* want