Tor Fingerprinting Makes Tracking Anonymous Bitcoin Users Trivial -
Bitcoin Breaking News Brief

Tor Fingerprinting Makes Tracking Anonymous Bitcoin Users Trivial


15 March 2016 – Several new Tor de-anonymizing techniques have come to light in the past few days, which primarily exploit old javascript injection bugs to identify Tor users uniquely with mouse movement patterns and metrics. Jose Carlos Norte published these new exploits on his blog last week, shortly after discovering them. The security hole enabling these exploits is a ten-month-old bug that was unfortunately never addressed by the Tor developers. Until these bugs are resolved, oppressive regimes and nations that frown upon the use and trading of cryptocurrency can easily track privacy minded people that want to use cryptocurrency without fear of persecution.

Also Read: Obama, Brave Inc Raise Concern for Bitcoiner Privacy

Bitcoin Users in Russia and China Can’t Rely on Tor



Tor remains the only method for many people to circumvent government surveillance and censorship

This is of great concern to people seeking economic freedom in internet surveillance states like China and Russia, where Bitcoin ownership and commerce is a legal gray area at best. With the recent fall of the Ruble, Peso, and  other currencies in crypto-hostile nations, not having anonymous access to the web is the difference between using Bitcoin and being locked away from their funds for many people worldwide. These exploits, as Jose describes them, makes tracking Tor users trivially easy compared to previous techniques discovered to be in use by government surveillance programs. No anonymizing solution is immune to exploits and scrutiny from government surveillance, but Tor, being the largest network available to people in places with pervasive Internet censorship and monitoring, has the most significant impact on network privacy.

The fact that these exploits stem from a ten-month-old bug that Tor devs were aware of makes this development all the more problematic – If one software analyst can find an array of flaws in Tor security, then who’s to say anti-Bitcoin regimes, places that typically have vast amounts of resources devoted to network surveillance and spying, aren’t already utilizing them? Techniques to analyze P2P and decentralized services have been evolving steadily over time, and efforts from open source developers have been mounting to address them. The Problem is that the people attempting to find holes in decentralized security are much better funded than those attempting to patch them, to the point of becoming a Sisyphean effort for the open source devs.

This, combined with recent reactionary legislation aimed at weakening encryption, makes evolution in blockchain and network anonymizer analysis all the more concerning in the Bitcoin community, regardless of their local regulatory climate. If criminalizing Bitcoin becomes readily enforceable through the use of exploits like this, then supporting an individual powered global economy with Crypto and decentralized marketplaces will become an increasingly difficult reality to realize.

Is Privacy important to Global bitcoin adoption? Let us Know in the Comments!

Images Courtesy of Michael Mandiberg, Tor Project

Tyson O'Ham

  • Anon Wibble

    So the moral of the story is: don’t run javascript. Which isn’t recommended anyway. Also tor is NOT designed for anonymous browsing random spywhere websites like facebook / google / hotmail / youtube / whatever. These websites install cookies on your browser to track you.

  • bitcoinist

    Mate Tokay| CEO

    Bitcoinist LTD
    1 Hova Villas Brighton & Hove
    BN3 3DH
    United Kingdom

    [email protected] W|
    Twitter: @matetokay

    © 2016 Bitcoinist Limited. All rights reserved.

    The information, and any attachments contained in this email may contain confidential and/or privileged information and is intended solely for the use of the intended named recipient(s). Any disclosure or dissemination in whatever form, by another other than the intended recipient is strictly prohibited. If you have received this transmission in error, please contact the sender and destroy this message and any attachments. Thank you. Save the environment – Think before you print!