[HN Gopher] A Bitcoin bust that took down the web's biggest chil... ___________________________________________________________________ A Bitcoin bust that took down the web's biggest child abuse site Author : jbegley Score : 107 points Date : 2022-04-08 19:14 UTC (3 hours ago) (HTM) web link (www.wired.com) (TXT) w3m dump (www.wired.com) | smokey_circles wrote: | Bitcoin is the polar opposite of an untraceable currency. This is | a strangely repeated claim. | | The whole point of bitcoin is trustless action. I don't have to | trust you because I can verify the transaction. | | If anyone can verify a transaction, it's obviously traceable. | | I think the confusion seems from the fact that you do not need to | issue a form of identity to use bitcoin. Which is how cash works | too. | | If your intention is to turn bitcoin into fiat, you will be found | out. Fiat is highly regulated, your identity is required. Unless | you turned bitcoin into pure cash, which is unlikely at scale. | | "Ah but Monero" no. Monero requires you to trust the authors | because you can't verify any of the transactions, especially the | genesis blocks. Use at your own peril. Bitcoin does not in anyway | attempt to mirror this. | | Half the value of a bank is that the bank authenticates | transactions have actually happened. Bitcoin does too. Publicly. | There's nothing "anonymous" about it. There's just no requirement | to tie an address to a human identity, but that doesn't mean it | can't be done (and you should always act like it has been done, | lest the law come for you too). | | The idea that crytocurrencies empower criminals because they're | anonymous is braindead. There's a lower barrier of entry but | scams are older than Central economies are. Crypto is just the | newest vehicle and getting rid of crypto will not get rid of | scammers (or ransomware). | | For example: The Bangladeshi bank heist. | werber wrote: | I'm not a fan or opponent of crypto, but the pervasiveness of | child pornography is insane. I started doing sex work at 11 and | was later human trafficked, and got a tattoo when I turned 18 | near my groin, in large part to know what images and videos were | of me underage. I consume and love porn, and have no shame in | that, and I'm sure a lot of reposters think they are posting a | barely legal image, but I have seen myself as a child online so | many times in legitimate places, Tumblr, twitter, reddit, etc. | This is a reality for so many people who have been abused, there | was an article recently on here about MindGeek, and there efforts | to make sure they didn't have child porn on their products, and | the takedown of x tube and all of that change, but it's fucking | hard. It's so much easier to tell if it's an 8 year old than a 15 | year old, even though the trauma is similar for the victim. I | don't know, I'm rambling, consume ethical pornography. | throwra620 wrote: | giraffe_lady wrote: | For a couple years around a decade ago I moderated a decent- | sized but not massive subreddit and the frequency of child porn | reports on there was chilling. It was every week at least. This | was not at all a sexual sub, not even adjacent to porn or | titillating images or anything. | | Reddit was more permissive than they should have been for a lot | longer than they should have been and may not be | representative. But even accounting for that, it really opened | my eyes to how common it can be. | | This is also what turned me against free speech fundamentalism | in the end. Every attempt at getting this addressed was shot | down in the name of free speech and anti-censorship. Every time | it was _actually_ improved caused what felt like an internet- | wide backlash against the changes. | commandlinefan wrote: | > shot down in the name of free speech and anti-censorship | | Not to defend the material in question in any way - but the | people who expressed concern... were right. As soon as Reddit | gave mods the tools they needed to expunge the really | terrible stuff from the site, those tools were almost | _immediately_ used to ban completely unrelated conspiracy | subs. | giraffe_lady wrote: | Um do you want to try again at not defending it? | | My information is very out of date but I'm curious how you | know how unrelated they were. | | My more-than-lay understanding is that the trading didn't | happen in the open. Users used questionable comments, line- | toeing images, and "jailbait jokes" to find each other and | then swapped in DMs or off-site entirely. | | Reddits mods have always had a rich grapevine. In my time I | never once heard of a sub getting banned that didn't have a | months or years long reputation for turning a blind eye to | that. Possibly that completely changed after I left, sure. | newguynewphone wrote: | throwanem wrote: | I think lots of folks would consider that an entirely | worthwhile tradeoff. Would you like to try to argue that | it's not? | rubyist5eva wrote: | > This is also what turned me against free speech | fundamentalism in the end. Every attempt at getting this | addressed was shot down in the name of free speech and anti- | censorship. | | The solution is to put these vile pieces of sludge in prison | forever, or execute them - not turn against liberty. This is | a red herring for at least morally questionable people. | giraffe_lady wrote: | If executing people fits with your conception of liberty I | think we have very different understandings of liberty, and | what "morally questionable" means. | notch656a wrote: | You execute part of my life every day you make me pay | taxes to keep these lowlifes in prison. That takes away | my liberty. | rubyist5eva wrote: | I have no objection whatsoever with executing people that | torture our most vulnerable for sexual gratification. | | Liberty means the freedom to do what is right. Child | exploitation isn't even in an adjacent universe to that. | worik wrote: | > I have no objection whatsoever with executing people | that torture our most vulnerable for sexual | gratification. | | I have a problem with you executing people. | | There are plenty of hypothetical people whom we could | agree deserve execution. | | The problem is: Who has the power? What else will they do | with it? | | If the subjects of that power are kept alive then there | is a chance to "put right" injustices, if not then not. | | That is the problem with execution as a "tool of justice" | hedora wrote: | The older I get, the more I believe the issue is with | centralization (which the DMCA had a huge part in | establishing). | | What if there were no redit servers, and each subredit was | self hosted? What would the incentive be for people to post | child porn on some small independently run server? | | As the subredit owner, you could just censor whoever you | wanted, with very little global internet drama. Tools for | autoflagging posts could still exist. Over-censored forums | would piss off users, and be easily replaced. Similarly, | under censored ones would lose users / get busted. | | This all worked fine pre-internet. Editors would decide who | and what would be posted. | | It still works for things like audio fiction podcasts, where | "slush readers" filter submissions, and money / reputation | are exchanged when stuff gets published. In addition to | leading to much better moderation than the big Internet | sites, it creates jobs for domain experts. | | The main problem is that it doesn't scale to a $1B/mo | business that investors can siphon money off of. Instead, | it's best structured as an ecosystem of small botique | businesses. | ktownsend wrote: | Thanks for taking the time to post this, and I'm sorry you had | such a sh*tty start to life. I think it's important to repeat | this over and over that the lines are so blurry with content | online, and it's not really getting better. | | The whole idea of ethical porn is something that needs more | discussion, and it's an area where if you enjoy porn you should | put your money where your ideals are and encourage something | involving consenting adults respecting certain norms, and | treating people involved with the human dignity they deserve. | Paying to encourage those kinds of ethical productions is the | only sensible solution, IMO. Endlessly frequenting copy-and- | paste free content sites is a race to the bottom that isn't | doing anyone any good. | | In any case, I hope you have some people in your life who have | shown you the respect you deserve as well, and been there to | help when you needed it, and not just take what they could get | from you whatever the cost. | | Edited for clarity and typos. | account-5 wrote: | Thank you for taking the time to write this. And sorry your | childhood started how it did. Your story is important and more | like it needs to be known more commonly. | | A couple of weeks ago on a related topic I was getting down | voted for expressing that the child in these images is | revictimised every time their images are viewed and shared. The | attitude was the harm was already done so there was no issues, | but that is definitely not the case. | ilamont wrote: | _For Gambaryan and Janczewski, the story was utterly typical. | IRS-CI agents did shoe-leather detective work, carried guns, and | made arrests, just like their FBI and DEA counterparts. But | because of the IRS's dowdy public image, they often found that | fellow agents treated them like accountants. "Don't audit me," | their peers from other law enforcement branches would joke when | they were introduced in meetings. Most IRS-CI agents had heard | the line enough times that it warranted an instant eye roll._ | | Reminds me of the postal inspector who blew open the case of two | foreign agents with sniper rifles and other weapons impersonating | federal officers in Washington DC. | | The Secret Service believed their B.S. story about being DHS | investigators working on J6 investigations. 4 SS agents | apparently took bribes from them, including one who protects the | president's wife. | | https://www.reuters.com/world/us/us-secret-service-places-ag... | jacquesm wrote: | That sounds like something pretty bad was brewing there. That | postal inspector did better than the Secret Service, which in a | normal world shouldn't be remotely possible. | Arrath wrote: | It should be noted that the Postal Inspectors are the real | deal, tangling with them is not advised. | numbsafari wrote: | The Secret Service has been a dumpster fire for decades. | ganzuul wrote: | By design or by incompetence? | jacquesm wrote: | Yes, but really: in a role like that accepting gifts | without immediately reporting even the attempt of such | gifts up the chain to ask for guidance on how to play it | seems to be beyond stupid, that's not just your garden | level variety of incompetence but something entirely | different. | ilamont wrote: | _They've gone through countless hours of ethics courses, | including (at minimum) a yearly refresher that covers | _exactly_ what to do if you feel like you're being | bribed, etc. | | They knew what they were doing._ | | https://twitter.com/Angry_Staffer/status/1512515586491879 | 435 | jacquesm wrote: | That would be my guess as well. There is no way this | would happen if it didn't have an element of will behind | it. | ceejayoz wrote: | For example: https://www.theguardian.com/us- | news/2020/dec/31/joe-biden-se... | | > Joe Biden is expected to receive Secret Service | protection with a new team that is more familiar to him and | replacing some agents amid concerns that they may be | politically allied with Donald Trump. | pvarangot wrote: | Two buddies from the office were former SS. Really nice guys, | apparently not the service that hires the smartest people. | Their boss was a Marine and the joke was that he could only | be the boss of former secret service agents because all other | federal agencies hired people smarter than him. | mzs wrote: | The indictment itself: | https://s3.documentcloud.org/documents/21580222/taherzadeh-a... | | Recent coverage makes it seem this started in Feb 2020 as | Soleimani retaliation: https://www.cbsnews.com/news/secret- | service-arian-taherzadeh... | | >Law enforcement sources told CBS News that investigators are | looking into the possibility that the two suspects have ties to | Iranian intelligence including to the Iranian Revolutionary | Guard Corps, an elite component of the Iranian military that | conducts special operations, or the Quds force. | | ... | | >The FBI also singled out a Homeland Security Investigations | (HSI) employee who interacted with Taherzadeh and is listed | among DHS personnel who received gifts from suspects in the | affidavit. According to a senior DHS official, the current | employee, who does not serve in a law enforcement capacity, has | not been put on administrative leave and is not the subject of | any internal review. | lifefeed wrote: | If you want to read the small ruling mentioned in the last | section, on the 4th amendment and the blockchain: | | United States v. Gratkowski, No. 19-50492 (5th Cir. 2020) | | https://law.justia.com/cases/federal/appellate-courts/ca5/19... | hanselot wrote: | technonerd wrote: | >He right-clicked on the page and chose "View page source" from | the resulting menu. | | >... | | >He spotted what he was looking for almost instantly: an IP | address. In fact, to Gambaryan's | | >surprise, every thumbnail image on the site seemed to display, | within the site's HTML, the IP >address of the server where it | was physically hosted: 121.185.153.64. | | That is indeed an opsec failure, along with using that same IP on | an exchange. Which later turns out to be a computer aka the abuse | website in the guys apartment. | moron123 wrote: | Crypto haters: See, bitcoin is not private, it sucks. | | Bitcoin maxis: See, Bitcorn can't be used for crime. | | Everyone will see what they want. | A4ET8a8uTh0 wrote: | "He was taken aback by what he saw: Many of this child abuse | site's users--and, by all appearances, its administrators--had | done almost nothing to obscure their cryptocurrency trails. An | entire network of criminal payments, all intended to be secret, | was laid bare before him." | | It is a weird story. On the one end, anyone using crypto by now | should know, there is a trail following it ( there are means to | obscure it, but a lot of ways to screw up too ). On the other, | does that mean this investigation was a low hanging fruit? | colechristensen wrote: | In order to use crypto secretly you have to heavily launder | your money in a way that's not easy or guaranteed to work.. | and the laundering itself is a crime which isn't so easy to | hide. | | People think it's private because they are told so but | actually it's a public ledger where anyone can see what | you've spent and associate you fairly easily by your behavior | and links to not so secret crypto addresses. | ksksks1 wrote: | Not really. You buy mining resources to mine it as opposed | to purchasing already mined bitcoin. | | There's rarely any paper trail between buying GPUs/ASICs | and the mining itself. That's why these currently sell | above the amount they'd be profitable mining with. Because | illicit actors are willing to pay a premium for anonymous | crypto. | colinmhayes wrote: | Where can you buy GPUs/ASICs with crypto? Or are you just | talking about the buyers? If the sellers get spooked I'm | not sure it matters if buyers are safe. | lmeyerov wrote: | We've been getting increasingly involved in crypto | investigation discussions, and largely: | | - money side _is_ getting more anonymous, e.g., monero / | tornado | | - ... in theory. Money crime still often using less | anonymous schemes and often at exchange points, so | chainanalysis-style companies still make sense, though | decreasingly so IMO. A lot of the startups have shifted to | verifying contracts, or providing (dubious) KYC risk | scores, and interesting to consider why. | | - For our customer base (half of which are sec/fraud/crime | teams)... what's happening is the criminal platforms + | participants have broken (digital) operational security. So | it is more about offchain data (app logs, ...) and | sometimes combining onchain<>offchain data. So not too | different from our projects tracking | malware/phishing/misinformation/etc via OSINT techniques | (IP addresses, unmasked metadata, ...), or detecting | account takeovers on their websites | | - ... more new, IMO, in this space is areas like graph | neural networks that have the potential to act smarter & | more automatically, e.g., understanding behavior. Very | early days here though, so interesting times ! | x86_64Ubuntu wrote: | I don't think it was low-hanging at the time (2017). They had | to figure out how to trace the bitcoin chain to unmask users. | They also had to cast a wide international net with different | jurisdictions and rules to get the people arrested by their | locality. | | Now having a clearnet IP address over Tor website, as well as | converting straight to fiat using standard exchanges is about | as low-hanging as it gets. | cdumler wrote: | My experience with friends in law enforcement is that what | defines the majority criminals is a lack of understanding of | risk. That lack creates a strong sense of "I know how to get | away with this." | | I remember a story of a guy being busted who ran a business, | bought his $500k house in cash, his half dozen trucks in | cash, and yet paid almost nothing in taxes. The thought was, | "I'll under-report my income, and pay everything all in cash | so they can't trace anything!" Except for the fact that | transactions over $10K get reported to the IRS, not to | mention all of the property to various agencies which circle | back to the IRS. | | People who have a least a clue what could go wrong tend to | also realize they probably aren't seeing other ways for it go | wrong, as well. | throwawayboise wrote: | Bank transactions over 10K get reported. If I roll into my | local Chevy dealer and buy a $75,000 truck for cash, does | that get reported? | meetups323 wrote: | What do you think Chevy is doing with that 75k besides | putting it in a bank of some sort? | rootusrootus wrote: | > does that get reported? | | Yes, absolutely. The same law that provides for banks | reporting deposits and withdrawals over $10K also puts | similar requirements on retail establishments that accept | payments that large. | notch656a wrote: | Although in practice they're probably buying a $9k | salvage truck in cash, then paying mechanics in cash to | fix it up to be a $75k truck. | | The same thing happens with houses. Someone buys an | absolute dumpster fire in cash. Then they pay contractors | to fix it up nice, beautiful appliances, tiling etc. The | house gets sold and the money ends up all in the white. | theonemind wrote: | https://fee.org/articles/why-its-time-to-revisit- | the-1970-fe... | | Used to be worth about $65,000. This will probably be a | requirement when $10,000 is worth $1,000 of today's dollars | --do nothing, and more and more stuff comes under reporting | requirements. | | Ridiculous that these things aren't inflation adjusted. I | ended up paying the alternative minimum tax once, the old | "millionaire's tax". Spoiler: I'm not a millionaire. If I | was, millionaire isn't what it used to be, either. | https://www.thebalance.com/alternative-minimum-tax-amt- | who-h... | notch656a wrote: | Even depositing / pulling out $2600 can earn you a SAR, | although you'll never know because the teller can't tell | you. | codedokode wrote: | The article mentions extradition, so I would like to hijack this | thread to disscuss that. Don't you think that extradition is | something like a custom from an age of slave trade? Queens and | Presidents trade their citizens like slaves. A person born in one | country, protected by its Constitution, gets brought into other | country where none of constitutional rights apply any more, where | he doesn't know local laws and local language, doesn't have a | lawyer, doesn't know his rights and where he cannot defend | himself as well as in his own country. Furthermore, a crime he | has commited might be punished much more strictly in that other | country, for example, 20 years instead of 4 years and | additionally he can be charged with crimes that are not a crime | in his country and wouldn't allow to extradite him. Also, that | country might not allow criminal's family to visit him in prison | (the right that he had in the country of origin). | | How is this compatible with human rights? The proper process | should be like this: if country A thinks that someone from | country B has commited a crime against them then they should come | to that country and prove it in a court without being able to add | additional charges. This is the only way where the defendand | won't be stripped of their rights. | | Am I missing something here and there are valid reasons why | prosecution for international crime cannot be implemented like | this? | joatmon-snoo wrote: | Extradition is generally thought of as when a person from | country A who is convicted of a crime in A flees to country B, | and country B then extradites said person to country A to serve | out their sentence. | | It's not meant to be a system to convict people incapable of | defending themselves in a foreign court. | | Plus, there are extradition treaties: countries A and B have to | _agree_ to the conditions under which A will extradite to B and | under which B will extradite to A. | | > The proper process should be like this: if country A thinks | that someone from country B has committed a crime against them | then they should come to that country and prove it in a court | without being able to add additional charges. | | Courts in country B generally have close to zero understanding | of the legal minutiae of country A. Ignoring jurisdiction | questions, what you're suggesting is that courts in country B | have to: * understand the hierarchy of the | legal system in A (what precedent is binding, what precedent is | advisory), * understand what is and isn't a law (e.g. if | A is a common law jurisdiction and B is not), * somehow | reconcile legal procedures in A with legal procedures in B | (e.g. when are you allowed to ask the judge to dismiss a case? | what's an acceptable situation to ask for N more weeks for | discovery? how much time is considered reasonable? who do you | file paperwork with?) * somehow decide what constitutes a | qualified attorney (e.g. in the U.S., every state has its own | qualification process for attorneys to practice in that state, | so being admitted to the bar in Colorado doesn't mean you can | practice in Florida, and this also extends to the federal govt) | | and goodness knows what else. | | In general it's good to assume that if there are millions of | people in a given system, there are _reasons_ (not necessarily | good ones, just plausible ones) the system works that way, | particularly when it's a system you have zero understanding of. | codedokode wrote: | > Ignoring jurisdiction questions, what you're suggesting is | that courts in country B have to: | | > understand the hierarchy of the legal system in A (what | precedent is binding, what precedent is advisory) | | No, I meant the court in country B would follow laws and | procedures of country B. | | > somehow decide what constitutes a qualified attorney | | This can be specified in an international treaty. | warent wrote: | If anyone knows of any organizations to help combat child sex | exploitation, please comment them here. | warent wrote: | Two organizations I know of: | | - https://ourrescue.org/ | | - https://www.thorn.org/ | vander_elst wrote: | Is there any real way to be anonymous while using Bitcoin and | actually exchanging it to fiat currency? Are there any exchanges | that are not regulated and don't require any authentication e.g. | an ATM that gives you cash for Bitcoin? | wmf wrote: | There's LocalBitcoins but it's under increased law enforcement | scrutiny. | x86_64Ubuntu wrote: | I think this is an old nut that's long been cracked, and the | answer is no. With Anti-ML and KYC legislation, it's really | difficult for any company to act like an unwitting agent, and | still have access to financial system. | yifanl wrote: | Define anonymous, but you could in theory sell your wallet to | someone else wholesale and they pay in cash for whatever value | of bitcoin is in the wallet. | | It's still potentially leaky because you're relianing on the | buyer to not get that traced back to you. | vander_elst wrote: | > define anonymous | | I guess like for several security topics: the process to find | my identity is too expensive/impractical/takes too much time. | I mean, we know it is possible to use brute force to crack | encrypted data, it just takes a trillions of years or | trillions of dollars so it becomes practically impossible. | kache_ wrote: | pay your taxes man, it's not worth it | | but fwiw with monero they don't know where the crypto came | from. Technically, you could have mined it in the early days. | So as long as you have to report on sale only and not | origination, everyone can party on | bigbillheck wrote: | > He right-clicked on the page | | Huh, usually right-clicking is what you do for NFTs. | stormdennis wrote: | Since the start of the pandemic, two years, I've used cash a | handful of times. People who use cash now stand out as suspicious | almost. The rest of us are an open book. Privacy is dead unless | we get a truly untraceable cryptocurrency that is in general use. | Privacy is a right and shouldn't be taken away to supposedly make | it harder for the minority to get away with crime. It doesn't | because what they'll do is use mules and proxies to mask | themselves creating a new layer of victims in the process. As | with anti-laundering legislation, the law-abiding are the ones | punished by their lives being made more difficult. | WaitWaitWha wrote: | I will (continue to be) cynical. This article and many others | recently[1] read like it is targeted at the non-technical general | public. | | To be more succinct, they read like 'current crypto currency | solutions like Bitcoins are all bad, and only used by bad | people.' The articles are begging for a savior to step in and | provide a solution; maybe the government... | | [1] from the same author, but he is not the only one of course: | | https://www.wired.com/story/hydra-market-shutdown/ | | https://www.wired.com/story/bitcoin-seizure-record-doj-crypt... | | https://www.wired.com/story/north-korea-cryptocurrency-theft... | shiado wrote: | This article is terrible honestly. Statements like "tracing a | cryptocurrency that once seemed untraceable". Excuse me what? Who | thought this? Idiots at three letter agencies? Pedophiles and | drug dealers? | | Here's what the Bitcoin whitepaper itself speculated. | | "As an additional firewall, a new key pair should be used for | each transaction to keep them from being linked to a common | owner. Some linking is still unavoidable with multi-input | transactions, which necessarily reveal that their inputs were | owned by the same owner. The risk is that if the owner of a key | is revealed, linking could reveal other transactions that | belonged to the same owner." | | And here's an early Bitcointalk thread. Traceability was | discussed and acknowledged from the very beginning. | | https://bitcointalk.org/index.php?topic=241 | Aaronstotle wrote: | Because of BTC's prominence on darknet markets, people who | hadn't heard of it naively assumed it wasn't traceable. | | It's reasonable to assume that if you were purchasing illicit | substances online, that the currency wouldn't be traceable, | when it reality it was because no one really cared at the time | for this new bitcoin thing. | | Keep in mind how most people don't read documentation for | anything, let alone a whitepaper | werber wrote: | I probably am not alone, but if I hadn't wasted money on | drugs a decade ago and had just kept the bitcoin I would be a | rich person. No one I know read a white paper back then, we | just found the Wild West, snorted, shot and popped it up | colinmhayes wrote: | I would go further and say that most of the users of this | site thought bitcoin was untraceable too. If they knew they | needed to mix their bitcoins if they didn't want to | government figuring out that they bought/sold child porn they | absolutely would've done that. | xiphias2 wrote: | I thought that all darknets moved away from BTC to more | private digital currencies after they realized how easy it is | to trace. | | I think Lex Friedman did interview with a drug dealer and he | told this as well. | | At the same time I don't use Monero for example as I'm not a | drug dealer and they are using really complex cryptography | for me to verify and trust. | Aaronstotle wrote: | That seems largely correct, Monero came out in 2014, so I | think it was a combination of law enforcement becoming more | familiar with how to track BTC payments and markets | realizing there's a better alternative. | | I think the fact that the U.S. Government put out a bounty | for cracking Monero shows that it's working fairly well so | far | anonporridge wrote: | The thing about monero, is that even if it is impossible | to track today, all the transactions are still in the | public blockchain, even if heavily obfuscated. It is | quite possible that it eventually will be cracked and all | historical transactions deobfuscated. Then it becomes as | simple to track things down as bitcoin is today. | | If this ever happens, it could lead to a massive wave of | crime resolution on par with what happened when DNA | testing became cheap and ubiquitous. | | Because of this, when it comes to significant organized | crime, physical cash and seedy banks like Chase and | Deustche Bank are still king. | | Bitcoin is for people who don't mind living in the light. | hedora wrote: | Everyone knows Bitcoin is for [catching] criminals. | | Some people missed one word in that sentence. :-) | AuryGlenz wrote: | I don't understand why these types of markets don't only take | Monero. Privacy is the whole point of that coin, no? | colinmhayes wrote: | This site was made by a 21 year old with terrible opsec. I | bet he, along with every user who got arrested also believed | that bitcoin was untraceable. | x86_64Ubuntu wrote: | The investigation took place in 2017, kind of before everyone | learned Bitcoin=Traceability. | vmception wrote: | They do now. Governments know they have to act very | decisively on these kinds of markets and activities because | each time they act it galvanizes everyone to implement the | more resilient technology. | | This is the antifragile nature that some proponents | acknowledge and like. | | Before there is proof of a state action, forums go back and | forth ad nauseum on what level of work and inconvenience is | necessary. After there is proof of a state action, they just | go ahead and implement the multisig escrow (making sure | consumers and merchants can get their money even if the | government seizes the servers, greatly increasing the costs | for the government while lowering the bounty collected) | privacy enhanced coins (like Monero), contribute to UI/UX | improvements for making Monero easier to use, etc | | If you look at these darknet busts, the level of effort and | coordination has gone up by orders of magnitude over the last | decade while the amounts seized have gone down. | voldacar wrote: | What are the biggest and most reputable darknet markets | currently? Do they still get taken down frequently? My | understanding is that it's easy for state-level actors to | unmask hidden service IPs through traffic correlation | attacks | vmception wrote: | Not sure, the way I would find out is open Tor browser | and go to dark.fail and then switch to the onion service | version of the site (the browser might prompt you, but | there should be one on dark.fail to copy and paste) | | Then just use that site like normal and it will have a | list of popular onion services like the New York Times | and Dread and also including darknet markets (DNMs) and | their mirrors, and the liveness of those URLs | | Then I would go on Dread (if its up) and see what people | are saying about any particular DNM, else I would find | the darknet market subreddit to see if there is anything | there, else find articles about current top markets. some | last for so long and are still lasting that they're | pretty reliable, so I would probably skip all this if | I've still got credentials to one thats still up. its a | hassle to sign up to some markets and some more secure | ones so it thwarts my curiosity | | for just browsing those sites I'm fine with Tor browser, | but if you actually want to buy things or download things | or communicate with a vendor I would say stick with | Whonix (or Tails if thats fine for you) because you need | other apps and having Tor for all connections and other | anonyming techniques at all times is better. | | (if you are going to a site with more objectionable | content for even viewing, don't use Tor browser either. | dark.fail doesn't list those) | Tangokat wrote: | The whole article is about A LOT of people thinking Bitcoin was | untraceable. They staked their entire lives on it. | skilled wrote: | Surprised it took you that long. I was done at "they couldn't | have been more wrong". | jjulius wrote: | >This article is terrible honestly. Statements like "tracing a | cryptocurrency that once seemed untraceable". Excuse me what? | Who thought this? Idiots at three letter agencies? Pedophiles | and drug dealers? | | There's often a disconnect on HN between what HN users | collectively know by virtue of this being their field of trade, | and what the average non-tech person is aware of. It's this | latter group of people that, by and large, as Bitcoin started | to become popular, were under the impression that it was | anonymous. | | Edit: It doesn't help that, as the article states, Satoshi even | said, "Participants can be anonymous," back in 2008[1]. To your | point, he did say this as he linked to the white paper you | mentioned, but average users are less likely to read the white | paper than we are. | | [1]https://www.metzdowd.com/pipermail/cryptography/2008-October | ... | hiq wrote: | > It doesn't help that, as the article states, Satoshi even | said, "Participants can be anonymous" | | Am I nitpicking if I say that's actually true? Anonymous | means "not identified by name; of unknown identity". | Disguised people can also be anonymous. The fine print is | that your disguise won't help you much when you go visit your | family and you're subject to gait profiling. | jacquesm wrote: | What interests me is that so many people discuss the same | thing and still seem to come away with entirely different | takes. | | You _can_ be anonymous if you deal with BTC exclusively just | as though you would with cash. But, and this is a very big | but: if you use the same addresses repeatedly or if the | addresses that you use can be linked _and_ your identity can | be tied to one of the addresses then all of your linked | transactions are now no longer anonymous. | | So you're anonymous right up to the point that you aren't, | and then it works retroactively on anything that can be tied | to that same identity. | | Cash doesn't really have that property, and is therefore more | anonymous than BTC, anonymity is in principle a boolean but | there appear to be grades of anonymity when you start looking | at it more closely. Anonymity as in 'the state of knowledge | about an individual' vs 'anonymity, the level of anonymity | that an individual can expect as the use of a particular | method of payment' are two different concepts that we lump | together as though they are the same thing. | blooalien wrote: | > "There's often a disconnect on HN between what HN users | collectively know by virtue of this being their field of | trade, and what the average non-tech person is aware of." | | In large part, "the average non-tech person" is not aware of | a great _many_ things because they _actively ignore or | dismiss_ those who _know_ those things and try to _warn them | in advance_ of impending troubles they face due to their | faulty Facebook acquired "knowledge" about any topic of | great importance or significance (until after they're bitten | in the ass by it, at which point they _blame_ those same | people they previously ignored). Network security issues are | one easy example. We 're ridiculed as "paranoid neck-beards" | for calling out clear and obvious security issues right up | until something bad happens and huge troves of | personal/private data are leaked or stolen, and then we're | raked over the coals for not somehow magically fixing an | issue that we were previously told were "unimportant paranoid | perfectionism". | throwaway82652 wrote: | I agree with your first paragraph but your edit is repeating | the same non-sequitur made by the article. I don't know why | journalists and people in these discussions keep referring | back to Satoshi's statements as if they mean anything. The | average non-tech person still has no idea who that is, will | never care who that is, was not following bitcoin back in | 2008 and has no reason to care about a random comment on a | mailing list or in a whitepaper. The average cryptographer or | hardcore blockchain person also probably has no reason to | care about them. The only reason to bring it up at all just | seems to be part of the myth-building. | jjulius wrote: | >The only reason to bring it up at all just seems to be | part of the myth-building. | | I don't understand how this can be what you think I'm | getting at, when my post was myth- _busting_. You agree | with me that most average, non-tech-oriented people seemed | to misunderstand that Bitcoin was largely anonymous. Now, | those assumptions had to come from _somewhere_ , right? I'm | not saying they know who Satoshi is, or what a Bitcoin | whitepaper is at all, nor am I saying Satoshi should be | lionized or mythologized. But what I am doing is pointing | to rhetoric used early on in Bitcoin's life that could've | easily made it's way into the lexicon of the less | technically-minded and explain how we ended up there. | | An analysis of how the myth was built, as it were, rather | than further building of the myth. | throwaway82652 wrote: | Thanks for the clarification, that makes a lot of sense. | But I honestly don't think you could chalk it up to any | statements made by Satoshi or anyone else in particular. | The tech press in general has a problem with not | understanding cryptography or "privacy tech" or whatever. | That's not a new thing. It really doesn't help that in | the last several years there are privacycoin pushers who | muddy the waters with confusing marketing statements that | are misleading to anyone who doesn't bury themselves in | crypto jargon. | lordnacho wrote: | It's non-trivial to go from a list of transactions to having a | nicely indexed DB with convenient tools for investigating. | | It's correct that you _can_ trace transactions through the | blockchain, but in practice you need something like Reactor to | be built and maintained. It 's not going to be obvious to | police, because the skill is a specialized thing in the domain | of coders, and those coders have to have a reason to look at | blockchain. | robbedpeter wrote: | The police department will ask IT, they will Google it, and | tell the cops to use one of the various commercial options | used to deanonymize wallets and transaction trails. A credit | card payment or trial sign-up later and if the service is any | good, they'll have what they need. | | I'd put anything available to the general public in the | "trivial" camp, even if the underlying tech is fantastically | complex or difficult. | lordnacho wrote: | Can't say it's trivial if they actually needed a guy from | the firm to work with them on this? | | I mean sure if there's some self service website then yeah. | Keep in mind this is back in 2017 though, a lot of stuff | has matured since. | wnevets wrote: | > Who thought this? | | A lot of people I've talked (face to face) about crypto with | kache_ wrote: | If only there was a way to avoid bitcoins traceability problem? | https://bitcointalk.org/index.php?topic=770.msg9074#msg9074 | | Ah, from satoshi himself! Group signatures. I wonder if someone | implemented a protocol that does this? | | https://en.wikipedia.org/wiki/CryptoNote | | Aha! | yjftsjthsd-h wrote: | Is that widely used? There's a world of difference between | "theoretically possible" and "commonly used", and I'm not | familiar enough to know which this is. | kache_ wrote: | monero implements the cryptonote protocol (with some | additional innovations of its own) and as far as I can | tell, it's pretty widely used | https://bitinfocharts.com/comparison/monero- | transactions.htm... | Spooky23 wrote: | Factually inaccurate nonsense is a big part of the whole Crypto | ecosystem. | | Many people held the opinion that these transactions were | anonymous or quasi anonymous. The dumber among them are in | prison. | vmception wrote: | yeah even my accomplished professional colleagues will | randomly (but predictably) make a quip about not reporting | taxes just because they opened a Coinbase account, or finally | moved a token onchain once. | | I don't think thats a crypto specific perspective, as there | is this super large population in this country (USA) that | only has the experience of their employer taking a big chunk | of their money for the whole year and giving it to the | government automatically, so a lot (most?) of that population | thinks that any situation where they have something valuable | on their own has no way of being known about for taxes. | Crypto amplifies that myth to those people, when its just a | total misunderstanding about how taxes and tax reporting | works, and how the blockchain works, and what organizations | already exist to specialize in watching the blockchain as | well as trades at exchanges. | cyral wrote: | Why does that make this article terrible? The criminals | involved believed that Bitcoin was untraceable, as does your | every day non-technical person, and the article explains how | that isn't the case. | Animats wrote: | Chainalysis is now working on NFT-related "rug pulls".[1] $2.8 | billion in 2021. Far more money in that than in child abuse. | | [1] https://www.coindesk.com/markets/2021/12/17/defi-rug-pull- | sc... | ktownsend wrote: | Sorry if this is too long form for HN, but if you read the | article you clearly have some patience as well. | | I'm surprised all the comments here seem to be solely around the | technical details with blockchain and crypto. It's HN, I get the | technical bent and find it interesting as well, but the human | side of this one is pretty rough, and it made me appreciate that | there are people -- likely sorely underpaid relative to what | they'd make elsewhere -- following these (sordid) threads, often | at significant emotional cost to themselves. | | I did appreciate the odd bits of relief like 'Bitcoin Jesus' and | 'Octopus Guy': | | > At one point Faruqui remembers a German official asking him, as | they stood in the cold outside the Seoul hotel where they were | staying, how the Americans had gotten the Koreans on board so | quickly. "Oh, Octopus Guy," Faruqui had explained. "You don't | have Octopus Guy. We have Octopus Guy." | | But mostly, humor aside, it made me wonder for the 1000th time if | I'm making the right career and life choices myself in a comfy, | well paid job where I'm probably near the top of the pyramid in | terms of professional respect, working on problems that I think | have reach and import in my narrow speciality ... but am I really | solving the problems that matter? I'm not in advertising (thank | whatever god you imagine), more in security lately, so the work | isn't meaningless ... but I work with some brilliant people whose | technical capacities I admire, and I wonder what would happen if | a bit more of that gray matter was directed at solving some of | the terrible problems described here? | | So much money is invested in understanding the psychology of how | to force better engagement and squeeze out every last penny of | hapless consumers in whatever social network. What would happen | if a fraction of that went into trying to focus on influencing | the people making these awful, life-destroying choices and | somehow (re)sensitizing them to the costs of their actions and | navigating them away from that preventatively, even if the | success rate is only 1-2 percent? Or identifying victims of abuse | through posting patterns to try to make sure they're potentially | being flagged to receive content and help they may not be able to | believe even exists? How much is invested in psychological | profiling to maximize profit for the most banal advertising ends, | when maybe for once some of that gray matter making those | algorithms could do something positive identifying patterns | indicative of abuse, beyond just the current simple fig leaf | approach to pretend the owners of your social network of choice | cares about your well being. | | I'd love to do better, and I'd take a decent pay cut if I felt I | could do something for that, and maybe even get to feel a bit | better as a person in this weird world as a side effect. Seems | like we not only should but could do a lot more here, before this | gets to the criminal investigation level. | wmf wrote: | FAANGs all have child safety departments where you can get paid | and do good. | FireBeyond wrote: | I have to feel that on some level, actively seeking out jobs | where you review CSAM on a daily basis should be at least | something of a red flag to those employers. | wmf wrote: | Child safety isn't only about CSAM BTW. | ktownsend wrote: | Indeed, I'd hate to be the recruiter for that. I can't | imagine the kind of psychological profile you'd need for | something like that. The end of the article describes the | psychological cost the investigation had on the | investigators who were parents themselves. | | But even at an algorithmic level, it seems like there are | all kinds of red flags you could pull out of public posts | and do a much better job of redirecting potentially | victimized people to some organisations doing meaningful | work to help victims. | | How many categories does my online profile fit in based on | all my interests, and how many hundreds of bright people | are wasting their lives to discern that I happen to like A | + B + C and I'm in financial bracket F, with political | leaning G ... to try to show me an advert I'm probably just | blocking anyway. ___________________________________________________________________ (page generated 2022-04-08 23:00 UTC)