[HN Gopher] A Bitcoin bust that took down the web's biggest chil...
___________________________________________________________________
A Bitcoin bust that took down the web's biggest child abuse site
Author : jbegley
Score : 107 points
Date : 2022-04-08 19:14 UTC (3 hours ago)
(HTM) web link (www.wired.com)
(TXT) w3m dump (www.wired.com)
| smokey_circles wrote:
| Bitcoin is the polar opposite of an untraceable currency. This is
| a strangely repeated claim.
|
| The whole point of bitcoin is trustless action. I don't have to
| trust you because I can verify the transaction.
|
| If anyone can verify a transaction, it's obviously traceable.
|
| I think the confusion seems from the fact that you do not need to
| issue a form of identity to use bitcoin. Which is how cash works
| too.
|
| If your intention is to turn bitcoin into fiat, you will be found
| out. Fiat is highly regulated, your identity is required. Unless
| you turned bitcoin into pure cash, which is unlikely at scale.
|
| "Ah but Monero" no. Monero requires you to trust the authors
| because you can't verify any of the transactions, especially the
| genesis blocks. Use at your own peril. Bitcoin does not in anyway
| attempt to mirror this.
|
| Half the value of a bank is that the bank authenticates
| transactions have actually happened. Bitcoin does too. Publicly.
| There's nothing "anonymous" about it. There's just no requirement
| to tie an address to a human identity, but that doesn't mean it
| can't be done (and you should always act like it has been done,
| lest the law come for you too).
|
| The idea that crytocurrencies empower criminals because they're
| anonymous is braindead. There's a lower barrier of entry but
| scams are older than Central economies are. Crypto is just the
| newest vehicle and getting rid of crypto will not get rid of
| scammers (or ransomware).
|
| For example: The Bangladeshi bank heist.
| werber wrote:
| I'm not a fan or opponent of crypto, but the pervasiveness of
| child pornography is insane. I started doing sex work at 11 and
| was later human trafficked, and got a tattoo when I turned 18
| near my groin, in large part to know what images and videos were
| of me underage. I consume and love porn, and have no shame in
| that, and I'm sure a lot of reposters think they are posting a
| barely legal image, but I have seen myself as a child online so
| many times in legitimate places, Tumblr, twitter, reddit, etc.
| This is a reality for so many people who have been abused, there
| was an article recently on here about MindGeek, and there efforts
| to make sure they didn't have child porn on their products, and
| the takedown of x tube and all of that change, but it's fucking
| hard. It's so much easier to tell if it's an 8 year old than a 15
| year old, even though the trauma is similar for the victim. I
| don't know, I'm rambling, consume ethical pornography.
| throwra620 wrote:
| giraffe_lady wrote:
| For a couple years around a decade ago I moderated a decent-
| sized but not massive subreddit and the frequency of child porn
| reports on there was chilling. It was every week at least. This
| was not at all a sexual sub, not even adjacent to porn or
| titillating images or anything.
|
| Reddit was more permissive than they should have been for a lot
| longer than they should have been and may not be
| representative. But even accounting for that, it really opened
| my eyes to how common it can be.
|
| This is also what turned me against free speech fundamentalism
| in the end. Every attempt at getting this addressed was shot
| down in the name of free speech and anti-censorship. Every time
| it was _actually_ improved caused what felt like an internet-
| wide backlash against the changes.
| commandlinefan wrote:
| > shot down in the name of free speech and anti-censorship
|
| Not to defend the material in question in any way - but the
| people who expressed concern... were right. As soon as Reddit
| gave mods the tools they needed to expunge the really
| terrible stuff from the site, those tools were almost
| _immediately_ used to ban completely unrelated conspiracy
| subs.
| giraffe_lady wrote:
| Um do you want to try again at not defending it?
|
| My information is very out of date but I'm curious how you
| know how unrelated they were.
|
| My more-than-lay understanding is that the trading didn't
| happen in the open. Users used questionable comments, line-
| toeing images, and "jailbait jokes" to find each other and
| then swapped in DMs or off-site entirely.
|
| Reddits mods have always had a rich grapevine. In my time I
| never once heard of a sub getting banned that didn't have a
| months or years long reputation for turning a blind eye to
| that. Possibly that completely changed after I left, sure.
| newguynewphone wrote:
| throwanem wrote:
| I think lots of folks would consider that an entirely
| worthwhile tradeoff. Would you like to try to argue that
| it's not?
| rubyist5eva wrote:
| > This is also what turned me against free speech
| fundamentalism in the end. Every attempt at getting this
| addressed was shot down in the name of free speech and anti-
| censorship.
|
| The solution is to put these vile pieces of sludge in prison
| forever, or execute them - not turn against liberty. This is
| a red herring for at least morally questionable people.
| giraffe_lady wrote:
| If executing people fits with your conception of liberty I
| think we have very different understandings of liberty, and
| what "morally questionable" means.
| notch656a wrote:
| You execute part of my life every day you make me pay
| taxes to keep these lowlifes in prison. That takes away
| my liberty.
| rubyist5eva wrote:
| I have no objection whatsoever with executing people that
| torture our most vulnerable for sexual gratification.
|
| Liberty means the freedom to do what is right. Child
| exploitation isn't even in an adjacent universe to that.
| worik wrote:
| > I have no objection whatsoever with executing people
| that torture our most vulnerable for sexual
| gratification.
|
| I have a problem with you executing people.
|
| There are plenty of hypothetical people whom we could
| agree deserve execution.
|
| The problem is: Who has the power? What else will they do
| with it?
|
| If the subjects of that power are kept alive then there
| is a chance to "put right" injustices, if not then not.
|
| That is the problem with execution as a "tool of justice"
| hedora wrote:
| The older I get, the more I believe the issue is with
| centralization (which the DMCA had a huge part in
| establishing).
|
| What if there were no redit servers, and each subredit was
| self hosted? What would the incentive be for people to post
| child porn on some small independently run server?
|
| As the subredit owner, you could just censor whoever you
| wanted, with very little global internet drama. Tools for
| autoflagging posts could still exist. Over-censored forums
| would piss off users, and be easily replaced. Similarly,
| under censored ones would lose users / get busted.
|
| This all worked fine pre-internet. Editors would decide who
| and what would be posted.
|
| It still works for things like audio fiction podcasts, where
| "slush readers" filter submissions, and money / reputation
| are exchanged when stuff gets published. In addition to
| leading to much better moderation than the big Internet
| sites, it creates jobs for domain experts.
|
| The main problem is that it doesn't scale to a $1B/mo
| business that investors can siphon money off of. Instead,
| it's best structured as an ecosystem of small botique
| businesses.
| ktownsend wrote:
| Thanks for taking the time to post this, and I'm sorry you had
| such a sh*tty start to life. I think it's important to repeat
| this over and over that the lines are so blurry with content
| online, and it's not really getting better.
|
| The whole idea of ethical porn is something that needs more
| discussion, and it's an area where if you enjoy porn you should
| put your money where your ideals are and encourage something
| involving consenting adults respecting certain norms, and
| treating people involved with the human dignity they deserve.
| Paying to encourage those kinds of ethical productions is the
| only sensible solution, IMO. Endlessly frequenting copy-and-
| paste free content sites is a race to the bottom that isn't
| doing anyone any good.
|
| In any case, I hope you have some people in your life who have
| shown you the respect you deserve as well, and been there to
| help when you needed it, and not just take what they could get
| from you whatever the cost.
|
| Edited for clarity and typos.
| account-5 wrote:
| Thank you for taking the time to write this. And sorry your
| childhood started how it did. Your story is important and more
| like it needs to be known more commonly.
|
| A couple of weeks ago on a related topic I was getting down
| voted for expressing that the child in these images is
| revictimised every time their images are viewed and shared. The
| attitude was the harm was already done so there was no issues,
| but that is definitely not the case.
| ilamont wrote:
| _For Gambaryan and Janczewski, the story was utterly typical.
| IRS-CI agents did shoe-leather detective work, carried guns, and
| made arrests, just like their FBI and DEA counterparts. But
| because of the IRS's dowdy public image, they often found that
| fellow agents treated them like accountants. "Don't audit me,"
| their peers from other law enforcement branches would joke when
| they were introduced in meetings. Most IRS-CI agents had heard
| the line enough times that it warranted an instant eye roll._
|
| Reminds me of the postal inspector who blew open the case of two
| foreign agents with sniper rifles and other weapons impersonating
| federal officers in Washington DC.
|
| The Secret Service believed their B.S. story about being DHS
| investigators working on J6 investigations. 4 SS agents
| apparently took bribes from them, including one who protects the
| president's wife.
|
| https://www.reuters.com/world/us/us-secret-service-places-ag...
| jacquesm wrote:
| That sounds like something pretty bad was brewing there. That
| postal inspector did better than the Secret Service, which in a
| normal world shouldn't be remotely possible.
| Arrath wrote:
| It should be noted that the Postal Inspectors are the real
| deal, tangling with them is not advised.
| numbsafari wrote:
| The Secret Service has been a dumpster fire for decades.
| ganzuul wrote:
| By design or by incompetence?
| jacquesm wrote:
| Yes, but really: in a role like that accepting gifts
| without immediately reporting even the attempt of such
| gifts up the chain to ask for guidance on how to play it
| seems to be beyond stupid, that's not just your garden
| level variety of incompetence but something entirely
| different.
| ilamont wrote:
| _They've gone through countless hours of ethics courses,
| including (at minimum) a yearly refresher that covers
| _exactly_ what to do if you feel like you're being
| bribed, etc.
|
| They knew what they were doing._
|
| https://twitter.com/Angry_Staffer/status/1512515586491879
| 435
| jacquesm wrote:
| That would be my guess as well. There is no way this
| would happen if it didn't have an element of will behind
| it.
| ceejayoz wrote:
| For example: https://www.theguardian.com/us-
| news/2020/dec/31/joe-biden-se...
|
| > Joe Biden is expected to receive Secret Service
| protection with a new team that is more familiar to him and
| replacing some agents amid concerns that they may be
| politically allied with Donald Trump.
| pvarangot wrote:
| Two buddies from the office were former SS. Really nice guys,
| apparently not the service that hires the smartest people.
| Their boss was a Marine and the joke was that he could only
| be the boss of former secret service agents because all other
| federal agencies hired people smarter than him.
| mzs wrote:
| The indictment itself:
| https://s3.documentcloud.org/documents/21580222/taherzadeh-a...
|
| Recent coverage makes it seem this started in Feb 2020 as
| Soleimani retaliation: https://www.cbsnews.com/news/secret-
| service-arian-taherzadeh...
|
| >Law enforcement sources told CBS News that investigators are
| looking into the possibility that the two suspects have ties to
| Iranian intelligence including to the Iranian Revolutionary
| Guard Corps, an elite component of the Iranian military that
| conducts special operations, or the Quds force.
|
| ...
|
| >The FBI also singled out a Homeland Security Investigations
| (HSI) employee who interacted with Taherzadeh and is listed
| among DHS personnel who received gifts from suspects in the
| affidavit. According to a senior DHS official, the current
| employee, who does not serve in a law enforcement capacity, has
| not been put on administrative leave and is not the subject of
| any internal review.
| lifefeed wrote:
| If you want to read the small ruling mentioned in the last
| section, on the 4th amendment and the blockchain:
|
| United States v. Gratkowski, No. 19-50492 (5th Cir. 2020)
|
| https://law.justia.com/cases/federal/appellate-courts/ca5/19...
| hanselot wrote:
| technonerd wrote:
| >He right-clicked on the page and chose "View page source" from
| the resulting menu.
|
| >...
|
| >He spotted what he was looking for almost instantly: an IP
| address. In fact, to Gambaryan's
|
| >surprise, every thumbnail image on the site seemed to display,
| within the site's HTML, the IP >address of the server where it
| was physically hosted: 121.185.153.64.
|
| That is indeed an opsec failure, along with using that same IP on
| an exchange. Which later turns out to be a computer aka the abuse
| website in the guys apartment.
| moron123 wrote:
| Crypto haters: See, bitcoin is not private, it sucks.
|
| Bitcoin maxis: See, Bitcorn can't be used for crime.
|
| Everyone will see what they want.
| A4ET8a8uTh0 wrote:
| "He was taken aback by what he saw: Many of this child abuse
| site's users--and, by all appearances, its administrators--had
| done almost nothing to obscure their cryptocurrency trails. An
| entire network of criminal payments, all intended to be secret,
| was laid bare before him."
|
| It is a weird story. On the one end, anyone using crypto by now
| should know, there is a trail following it ( there are means to
| obscure it, but a lot of ways to screw up too ). On the other,
| does that mean this investigation was a low hanging fruit?
| colechristensen wrote:
| In order to use crypto secretly you have to heavily launder
| your money in a way that's not easy or guaranteed to work..
| and the laundering itself is a crime which isn't so easy to
| hide.
|
| People think it's private because they are told so but
| actually it's a public ledger where anyone can see what
| you've spent and associate you fairly easily by your behavior
| and links to not so secret crypto addresses.
| ksksks1 wrote:
| Not really. You buy mining resources to mine it as opposed
| to purchasing already mined bitcoin.
|
| There's rarely any paper trail between buying GPUs/ASICs
| and the mining itself. That's why these currently sell
| above the amount they'd be profitable mining with. Because
| illicit actors are willing to pay a premium for anonymous
| crypto.
| colinmhayes wrote:
| Where can you buy GPUs/ASICs with crypto? Or are you just
| talking about the buyers? If the sellers get spooked I'm
| not sure it matters if buyers are safe.
| lmeyerov wrote:
| We've been getting increasingly involved in crypto
| investigation discussions, and largely:
|
| - money side _is_ getting more anonymous, e.g., monero /
| tornado
|
| - ... in theory. Money crime still often using less
| anonymous schemes and often at exchange points, so
| chainanalysis-style companies still make sense, though
| decreasingly so IMO. A lot of the startups have shifted to
| verifying contracts, or providing (dubious) KYC risk
| scores, and interesting to consider why.
|
| - For our customer base (half of which are sec/fraud/crime
| teams)... what's happening is the criminal platforms +
| participants have broken (digital) operational security. So
| it is more about offchain data (app logs, ...) and
| sometimes combining onchain<>offchain data. So not too
| different from our projects tracking
| malware/phishing/misinformation/etc via OSINT techniques
| (IP addresses, unmasked metadata, ...), or detecting
| account takeovers on their websites
|
| - ... more new, IMO, in this space is areas like graph
| neural networks that have the potential to act smarter &
| more automatically, e.g., understanding behavior. Very
| early days here though, so interesting times !
| x86_64Ubuntu wrote:
| I don't think it was low-hanging at the time (2017). They had
| to figure out how to trace the bitcoin chain to unmask users.
| They also had to cast a wide international net with different
| jurisdictions and rules to get the people arrested by their
| locality.
|
| Now having a clearnet IP address over Tor website, as well as
| converting straight to fiat using standard exchanges is about
| as low-hanging as it gets.
| cdumler wrote:
| My experience with friends in law enforcement is that what
| defines the majority criminals is a lack of understanding of
| risk. That lack creates a strong sense of "I know how to get
| away with this."
|
| I remember a story of a guy being busted who ran a business,
| bought his $500k house in cash, his half dozen trucks in
| cash, and yet paid almost nothing in taxes. The thought was,
| "I'll under-report my income, and pay everything all in cash
| so they can't trace anything!" Except for the fact that
| transactions over $10K get reported to the IRS, not to
| mention all of the property to various agencies which circle
| back to the IRS.
|
| People who have a least a clue what could go wrong tend to
| also realize they probably aren't seeing other ways for it go
| wrong, as well.
| throwawayboise wrote:
| Bank transactions over 10K get reported. If I roll into my
| local Chevy dealer and buy a $75,000 truck for cash, does
| that get reported?
| meetups323 wrote:
| What do you think Chevy is doing with that 75k besides
| putting it in a bank of some sort?
| rootusrootus wrote:
| > does that get reported?
|
| Yes, absolutely. The same law that provides for banks
| reporting deposits and withdrawals over $10K also puts
| similar requirements on retail establishments that accept
| payments that large.
| notch656a wrote:
| Although in practice they're probably buying a $9k
| salvage truck in cash, then paying mechanics in cash to
| fix it up to be a $75k truck.
|
| The same thing happens with houses. Someone buys an
| absolute dumpster fire in cash. Then they pay contractors
| to fix it up nice, beautiful appliances, tiling etc. The
| house gets sold and the money ends up all in the white.
| theonemind wrote:
| https://fee.org/articles/why-its-time-to-revisit-
| the-1970-fe...
|
| Used to be worth about $65,000. This will probably be a
| requirement when $10,000 is worth $1,000 of today's dollars
| --do nothing, and more and more stuff comes under reporting
| requirements.
|
| Ridiculous that these things aren't inflation adjusted. I
| ended up paying the alternative minimum tax once, the old
| "millionaire's tax". Spoiler: I'm not a millionaire. If I
| was, millionaire isn't what it used to be, either.
| https://www.thebalance.com/alternative-minimum-tax-amt-
| who-h...
| notch656a wrote:
| Even depositing / pulling out $2600 can earn you a SAR,
| although you'll never know because the teller can't tell
| you.
| codedokode wrote:
| The article mentions extradition, so I would like to hijack this
| thread to disscuss that. Don't you think that extradition is
| something like a custom from an age of slave trade? Queens and
| Presidents trade their citizens like slaves. A person born in one
| country, protected by its Constitution, gets brought into other
| country where none of constitutional rights apply any more, where
| he doesn't know local laws and local language, doesn't have a
| lawyer, doesn't know his rights and where he cannot defend
| himself as well as in his own country. Furthermore, a crime he
| has commited might be punished much more strictly in that other
| country, for example, 20 years instead of 4 years and
| additionally he can be charged with crimes that are not a crime
| in his country and wouldn't allow to extradite him. Also, that
| country might not allow criminal's family to visit him in prison
| (the right that he had in the country of origin).
|
| How is this compatible with human rights? The proper process
| should be like this: if country A thinks that someone from
| country B has commited a crime against them then they should come
| to that country and prove it in a court without being able to add
| additional charges. This is the only way where the defendand
| won't be stripped of their rights.
|
| Am I missing something here and there are valid reasons why
| prosecution for international crime cannot be implemented like
| this?
| joatmon-snoo wrote:
| Extradition is generally thought of as when a person from
| country A who is convicted of a crime in A flees to country B,
| and country B then extradites said person to country A to serve
| out their sentence.
|
| It's not meant to be a system to convict people incapable of
| defending themselves in a foreign court.
|
| Plus, there are extradition treaties: countries A and B have to
| _agree_ to the conditions under which A will extradite to B and
| under which B will extradite to A.
|
| > The proper process should be like this: if country A thinks
| that someone from country B has committed a crime against them
| then they should come to that country and prove it in a court
| without being able to add additional charges.
|
| Courts in country B generally have close to zero understanding
| of the legal minutiae of country A. Ignoring jurisdiction
| questions, what you're suggesting is that courts in country B
| have to: * understand the hierarchy of the
| legal system in A (what precedent is binding, what precedent is
| advisory), * understand what is and isn't a law (e.g. if
| A is a common law jurisdiction and B is not), * somehow
| reconcile legal procedures in A with legal procedures in B
| (e.g. when are you allowed to ask the judge to dismiss a case?
| what's an acceptable situation to ask for N more weeks for
| discovery? how much time is considered reasonable? who do you
| file paperwork with?) * somehow decide what constitutes a
| qualified attorney (e.g. in the U.S., every state has its own
| qualification process for attorneys to practice in that state,
| so being admitted to the bar in Colorado doesn't mean you can
| practice in Florida, and this also extends to the federal govt)
|
| and goodness knows what else.
|
| In general it's good to assume that if there are millions of
| people in a given system, there are _reasons_ (not necessarily
| good ones, just plausible ones) the system works that way,
| particularly when it's a system you have zero understanding of.
| codedokode wrote:
| > Ignoring jurisdiction questions, what you're suggesting is
| that courts in country B have to:
|
| > understand the hierarchy of the legal system in A (what
| precedent is binding, what precedent is advisory)
|
| No, I meant the court in country B would follow laws and
| procedures of country B.
|
| > somehow decide what constitutes a qualified attorney
|
| This can be specified in an international treaty.
| warent wrote:
| If anyone knows of any organizations to help combat child sex
| exploitation, please comment them here.
| warent wrote:
| Two organizations I know of:
|
| - https://ourrescue.org/
|
| - https://www.thorn.org/
| vander_elst wrote:
| Is there any real way to be anonymous while using Bitcoin and
| actually exchanging it to fiat currency? Are there any exchanges
| that are not regulated and don't require any authentication e.g.
| an ATM that gives you cash for Bitcoin?
| wmf wrote:
| There's LocalBitcoins but it's under increased law enforcement
| scrutiny.
| x86_64Ubuntu wrote:
| I think this is an old nut that's long been cracked, and the
| answer is no. With Anti-ML and KYC legislation, it's really
| difficult for any company to act like an unwitting agent, and
| still have access to financial system.
| yifanl wrote:
| Define anonymous, but you could in theory sell your wallet to
| someone else wholesale and they pay in cash for whatever value
| of bitcoin is in the wallet.
|
| It's still potentially leaky because you're relianing on the
| buyer to not get that traced back to you.
| vander_elst wrote:
| > define anonymous
|
| I guess like for several security topics: the process to find
| my identity is too expensive/impractical/takes too much time.
| I mean, we know it is possible to use brute force to crack
| encrypted data, it just takes a trillions of years or
| trillions of dollars so it becomes practically impossible.
| kache_ wrote:
| pay your taxes man, it's not worth it
|
| but fwiw with monero they don't know where the crypto came
| from. Technically, you could have mined it in the early days.
| So as long as you have to report on sale only and not
| origination, everyone can party on
| bigbillheck wrote:
| > He right-clicked on the page
|
| Huh, usually right-clicking is what you do for NFTs.
| stormdennis wrote:
| Since the start of the pandemic, two years, I've used cash a
| handful of times. People who use cash now stand out as suspicious
| almost. The rest of us are an open book. Privacy is dead unless
| we get a truly untraceable cryptocurrency that is in general use.
| Privacy is a right and shouldn't be taken away to supposedly make
| it harder for the minority to get away with crime. It doesn't
| because what they'll do is use mules and proxies to mask
| themselves creating a new layer of victims in the process. As
| with anti-laundering legislation, the law-abiding are the ones
| punished by their lives being made more difficult.
| WaitWaitWha wrote:
| I will (continue to be) cynical. This article and many others
| recently[1] read like it is targeted at the non-technical general
| public.
|
| To be more succinct, they read like 'current crypto currency
| solutions like Bitcoins are all bad, and only used by bad
| people.' The articles are begging for a savior to step in and
| provide a solution; maybe the government...
|
| [1] from the same author, but he is not the only one of course:
|
| https://www.wired.com/story/hydra-market-shutdown/
|
| https://www.wired.com/story/bitcoin-seizure-record-doj-crypt...
|
| https://www.wired.com/story/north-korea-cryptocurrency-theft...
| shiado wrote:
| This article is terrible honestly. Statements like "tracing a
| cryptocurrency that once seemed untraceable". Excuse me what? Who
| thought this? Idiots at three letter agencies? Pedophiles and
| drug dealers?
|
| Here's what the Bitcoin whitepaper itself speculated.
|
| "As an additional firewall, a new key pair should be used for
| each transaction to keep them from being linked to a common
| owner. Some linking is still unavoidable with multi-input
| transactions, which necessarily reveal that their inputs were
| owned by the same owner. The risk is that if the owner of a key
| is revealed, linking could reveal other transactions that
| belonged to the same owner."
|
| And here's an early Bitcointalk thread. Traceability was
| discussed and acknowledged from the very beginning.
|
| https://bitcointalk.org/index.php?topic=241
| Aaronstotle wrote:
| Because of BTC's prominence on darknet markets, people who
| hadn't heard of it naively assumed it wasn't traceable.
|
| It's reasonable to assume that if you were purchasing illicit
| substances online, that the currency wouldn't be traceable,
| when it reality it was because no one really cared at the time
| for this new bitcoin thing.
|
| Keep in mind how most people don't read documentation for
| anything, let alone a whitepaper
| werber wrote:
| I probably am not alone, but if I hadn't wasted money on
| drugs a decade ago and had just kept the bitcoin I would be a
| rich person. No one I know read a white paper back then, we
| just found the Wild West, snorted, shot and popped it up
| colinmhayes wrote:
| I would go further and say that most of the users of this
| site thought bitcoin was untraceable too. If they knew they
| needed to mix their bitcoins if they didn't want to
| government figuring out that they bought/sold child porn they
| absolutely would've done that.
| xiphias2 wrote:
| I thought that all darknets moved away from BTC to more
| private digital currencies after they realized how easy it is
| to trace.
|
| I think Lex Friedman did interview with a drug dealer and he
| told this as well.
|
| At the same time I don't use Monero for example as I'm not a
| drug dealer and they are using really complex cryptography
| for me to verify and trust.
| Aaronstotle wrote:
| That seems largely correct, Monero came out in 2014, so I
| think it was a combination of law enforcement becoming more
| familiar with how to track BTC payments and markets
| realizing there's a better alternative.
|
| I think the fact that the U.S. Government put out a bounty
| for cracking Monero shows that it's working fairly well so
| far
| anonporridge wrote:
| The thing about monero, is that even if it is impossible
| to track today, all the transactions are still in the
| public blockchain, even if heavily obfuscated. It is
| quite possible that it eventually will be cracked and all
| historical transactions deobfuscated. Then it becomes as
| simple to track things down as bitcoin is today.
|
| If this ever happens, it could lead to a massive wave of
| crime resolution on par with what happened when DNA
| testing became cheap and ubiquitous.
|
| Because of this, when it comes to significant organized
| crime, physical cash and seedy banks like Chase and
| Deustche Bank are still king.
|
| Bitcoin is for people who don't mind living in the light.
| hedora wrote:
| Everyone knows Bitcoin is for [catching] criminals.
|
| Some people missed one word in that sentence. :-)
| AuryGlenz wrote:
| I don't understand why these types of markets don't only take
| Monero. Privacy is the whole point of that coin, no?
| colinmhayes wrote:
| This site was made by a 21 year old with terrible opsec. I
| bet he, along with every user who got arrested also believed
| that bitcoin was untraceable.
| x86_64Ubuntu wrote:
| The investigation took place in 2017, kind of before everyone
| learned Bitcoin=Traceability.
| vmception wrote:
| They do now. Governments know they have to act very
| decisively on these kinds of markets and activities because
| each time they act it galvanizes everyone to implement the
| more resilient technology.
|
| This is the antifragile nature that some proponents
| acknowledge and like.
|
| Before there is proof of a state action, forums go back and
| forth ad nauseum on what level of work and inconvenience is
| necessary. After there is proof of a state action, they just
| go ahead and implement the multisig escrow (making sure
| consumers and merchants can get their money even if the
| government seizes the servers, greatly increasing the costs
| for the government while lowering the bounty collected)
| privacy enhanced coins (like Monero), contribute to UI/UX
| improvements for making Monero easier to use, etc
|
| If you look at these darknet busts, the level of effort and
| coordination has gone up by orders of magnitude over the last
| decade while the amounts seized have gone down.
| voldacar wrote:
| What are the biggest and most reputable darknet markets
| currently? Do they still get taken down frequently? My
| understanding is that it's easy for state-level actors to
| unmask hidden service IPs through traffic correlation
| attacks
| vmception wrote:
| Not sure, the way I would find out is open Tor browser
| and go to dark.fail and then switch to the onion service
| version of the site (the browser might prompt you, but
| there should be one on dark.fail to copy and paste)
|
| Then just use that site like normal and it will have a
| list of popular onion services like the New York Times
| and Dread and also including darknet markets (DNMs) and
| their mirrors, and the liveness of those URLs
|
| Then I would go on Dread (if its up) and see what people
| are saying about any particular DNM, else I would find
| the darknet market subreddit to see if there is anything
| there, else find articles about current top markets. some
| last for so long and are still lasting that they're
| pretty reliable, so I would probably skip all this if
| I've still got credentials to one thats still up. its a
| hassle to sign up to some markets and some more secure
| ones so it thwarts my curiosity
|
| for just browsing those sites I'm fine with Tor browser,
| but if you actually want to buy things or download things
| or communicate with a vendor I would say stick with
| Whonix (or Tails if thats fine for you) because you need
| other apps and having Tor for all connections and other
| anonyming techniques at all times is better.
|
| (if you are going to a site with more objectionable
| content for even viewing, don't use Tor browser either.
| dark.fail doesn't list those)
| Tangokat wrote:
| The whole article is about A LOT of people thinking Bitcoin was
| untraceable. They staked their entire lives on it.
| skilled wrote:
| Surprised it took you that long. I was done at "they couldn't
| have been more wrong".
| jjulius wrote:
| >This article is terrible honestly. Statements like "tracing a
| cryptocurrency that once seemed untraceable". Excuse me what?
| Who thought this? Idiots at three letter agencies? Pedophiles
| and drug dealers?
|
| There's often a disconnect on HN between what HN users
| collectively know by virtue of this being their field of trade,
| and what the average non-tech person is aware of. It's this
| latter group of people that, by and large, as Bitcoin started
| to become popular, were under the impression that it was
| anonymous.
|
| Edit: It doesn't help that, as the article states, Satoshi even
| said, "Participants can be anonymous," back in 2008[1]. To your
| point, he did say this as he linked to the white paper you
| mentioned, but average users are less likely to read the white
| paper than we are.
|
| [1]https://www.metzdowd.com/pipermail/cryptography/2008-October
| ...
| hiq wrote:
| > It doesn't help that, as the article states, Satoshi even
| said, "Participants can be anonymous"
|
| Am I nitpicking if I say that's actually true? Anonymous
| means "not identified by name; of unknown identity".
| Disguised people can also be anonymous. The fine print is
| that your disguise won't help you much when you go visit your
| family and you're subject to gait profiling.
| jacquesm wrote:
| What interests me is that so many people discuss the same
| thing and still seem to come away with entirely different
| takes.
|
| You _can_ be anonymous if you deal with BTC exclusively just
| as though you would with cash. But, and this is a very big
| but: if you use the same addresses repeatedly or if the
| addresses that you use can be linked _and_ your identity can
| be tied to one of the addresses then all of your linked
| transactions are now no longer anonymous.
|
| So you're anonymous right up to the point that you aren't,
| and then it works retroactively on anything that can be tied
| to that same identity.
|
| Cash doesn't really have that property, and is therefore more
| anonymous than BTC, anonymity is in principle a boolean but
| there appear to be grades of anonymity when you start looking
| at it more closely. Anonymity as in 'the state of knowledge
| about an individual' vs 'anonymity, the level of anonymity
| that an individual can expect as the use of a particular
| method of payment' are two different concepts that we lump
| together as though they are the same thing.
| blooalien wrote:
| > "There's often a disconnect on HN between what HN users
| collectively know by virtue of this being their field of
| trade, and what the average non-tech person is aware of."
|
| In large part, "the average non-tech person" is not aware of
| a great _many_ things because they _actively ignore or
| dismiss_ those who _know_ those things and try to _warn them
| in advance_ of impending troubles they face due to their
| faulty Facebook acquired "knowledge" about any topic of
| great importance or significance (until after they're bitten
| in the ass by it, at which point they _blame_ those same
| people they previously ignored). Network security issues are
| one easy example. We 're ridiculed as "paranoid neck-beards"
| for calling out clear and obvious security issues right up
| until something bad happens and huge troves of
| personal/private data are leaked or stolen, and then we're
| raked over the coals for not somehow magically fixing an
| issue that we were previously told were "unimportant paranoid
| perfectionism".
| throwaway82652 wrote:
| I agree with your first paragraph but your edit is repeating
| the same non-sequitur made by the article. I don't know why
| journalists and people in these discussions keep referring
| back to Satoshi's statements as if they mean anything. The
| average non-tech person still has no idea who that is, will
| never care who that is, was not following bitcoin back in
| 2008 and has no reason to care about a random comment on a
| mailing list or in a whitepaper. The average cryptographer or
| hardcore blockchain person also probably has no reason to
| care about them. The only reason to bring it up at all just
| seems to be part of the myth-building.
| jjulius wrote:
| >The only reason to bring it up at all just seems to be
| part of the myth-building.
|
| I don't understand how this can be what you think I'm
| getting at, when my post was myth- _busting_. You agree
| with me that most average, non-tech-oriented people seemed
| to misunderstand that Bitcoin was largely anonymous. Now,
| those assumptions had to come from _somewhere_ , right? I'm
| not saying they know who Satoshi is, or what a Bitcoin
| whitepaper is at all, nor am I saying Satoshi should be
| lionized or mythologized. But what I am doing is pointing
| to rhetoric used early on in Bitcoin's life that could've
| easily made it's way into the lexicon of the less
| technically-minded and explain how we ended up there.
|
| An analysis of how the myth was built, as it were, rather
| than further building of the myth.
| throwaway82652 wrote:
| Thanks for the clarification, that makes a lot of sense.
| But I honestly don't think you could chalk it up to any
| statements made by Satoshi or anyone else in particular.
| The tech press in general has a problem with not
| understanding cryptography or "privacy tech" or whatever.
| That's not a new thing. It really doesn't help that in
| the last several years there are privacycoin pushers who
| muddy the waters with confusing marketing statements that
| are misleading to anyone who doesn't bury themselves in
| crypto jargon.
| lordnacho wrote:
| It's non-trivial to go from a list of transactions to having a
| nicely indexed DB with convenient tools for investigating.
|
| It's correct that you _can_ trace transactions through the
| blockchain, but in practice you need something like Reactor to
| be built and maintained. It 's not going to be obvious to
| police, because the skill is a specialized thing in the domain
| of coders, and those coders have to have a reason to look at
| blockchain.
| robbedpeter wrote:
| The police department will ask IT, they will Google it, and
| tell the cops to use one of the various commercial options
| used to deanonymize wallets and transaction trails. A credit
| card payment or trial sign-up later and if the service is any
| good, they'll have what they need.
|
| I'd put anything available to the general public in the
| "trivial" camp, even if the underlying tech is fantastically
| complex or difficult.
| lordnacho wrote:
| Can't say it's trivial if they actually needed a guy from
| the firm to work with them on this?
|
| I mean sure if there's some self service website then yeah.
| Keep in mind this is back in 2017 though, a lot of stuff
| has matured since.
| wnevets wrote:
| > Who thought this?
|
| A lot of people I've talked (face to face) about crypto with
| kache_ wrote:
| If only there was a way to avoid bitcoins traceability problem?
| https://bitcointalk.org/index.php?topic=770.msg9074#msg9074
|
| Ah, from satoshi himself! Group signatures. I wonder if someone
| implemented a protocol that does this?
|
| https://en.wikipedia.org/wiki/CryptoNote
|
| Aha!
| yjftsjthsd-h wrote:
| Is that widely used? There's a world of difference between
| "theoretically possible" and "commonly used", and I'm not
| familiar enough to know which this is.
| kache_ wrote:
| monero implements the cryptonote protocol (with some
| additional innovations of its own) and as far as I can
| tell, it's pretty widely used
| https://bitinfocharts.com/comparison/monero-
| transactions.htm...
| Spooky23 wrote:
| Factually inaccurate nonsense is a big part of the whole Crypto
| ecosystem.
|
| Many people held the opinion that these transactions were
| anonymous or quasi anonymous. The dumber among them are in
| prison.
| vmception wrote:
| yeah even my accomplished professional colleagues will
| randomly (but predictably) make a quip about not reporting
| taxes just because they opened a Coinbase account, or finally
| moved a token onchain once.
|
| I don't think thats a crypto specific perspective, as there
| is this super large population in this country (USA) that
| only has the experience of their employer taking a big chunk
| of their money for the whole year and giving it to the
| government automatically, so a lot (most?) of that population
| thinks that any situation where they have something valuable
| on their own has no way of being known about for taxes.
| Crypto amplifies that myth to those people, when its just a
| total misunderstanding about how taxes and tax reporting
| works, and how the blockchain works, and what organizations
| already exist to specialize in watching the blockchain as
| well as trades at exchanges.
| cyral wrote:
| Why does that make this article terrible? The criminals
| involved believed that Bitcoin was untraceable, as does your
| every day non-technical person, and the article explains how
| that isn't the case.
| Animats wrote:
| Chainalysis is now working on NFT-related "rug pulls".[1] $2.8
| billion in 2021. Far more money in that than in child abuse.
|
| [1] https://www.coindesk.com/markets/2021/12/17/defi-rug-pull-
| sc...
| ktownsend wrote:
| Sorry if this is too long form for HN, but if you read the
| article you clearly have some patience as well.
|
| I'm surprised all the comments here seem to be solely around the
| technical details with blockchain and crypto. It's HN, I get the
| technical bent and find it interesting as well, but the human
| side of this one is pretty rough, and it made me appreciate that
| there are people -- likely sorely underpaid relative to what
| they'd make elsewhere -- following these (sordid) threads, often
| at significant emotional cost to themselves.
|
| I did appreciate the odd bits of relief like 'Bitcoin Jesus' and
| 'Octopus Guy':
|
| > At one point Faruqui remembers a German official asking him, as
| they stood in the cold outside the Seoul hotel where they were
| staying, how the Americans had gotten the Koreans on board so
| quickly. "Oh, Octopus Guy," Faruqui had explained. "You don't
| have Octopus Guy. We have Octopus Guy."
|
| But mostly, humor aside, it made me wonder for the 1000th time if
| I'm making the right career and life choices myself in a comfy,
| well paid job where I'm probably near the top of the pyramid in
| terms of professional respect, working on problems that I think
| have reach and import in my narrow speciality ... but am I really
| solving the problems that matter? I'm not in advertising (thank
| whatever god you imagine), more in security lately, so the work
| isn't meaningless ... but I work with some brilliant people whose
| technical capacities I admire, and I wonder what would happen if
| a bit more of that gray matter was directed at solving some of
| the terrible problems described here?
|
| So much money is invested in understanding the psychology of how
| to force better engagement and squeeze out every last penny of
| hapless consumers in whatever social network. What would happen
| if a fraction of that went into trying to focus on influencing
| the people making these awful, life-destroying choices and
| somehow (re)sensitizing them to the costs of their actions and
| navigating them away from that preventatively, even if the
| success rate is only 1-2 percent? Or identifying victims of abuse
| through posting patterns to try to make sure they're potentially
| being flagged to receive content and help they may not be able to
| believe even exists? How much is invested in psychological
| profiling to maximize profit for the most banal advertising ends,
| when maybe for once some of that gray matter making those
| algorithms could do something positive identifying patterns
| indicative of abuse, beyond just the current simple fig leaf
| approach to pretend the owners of your social network of choice
| cares about your well being.
|
| I'd love to do better, and I'd take a decent pay cut if I felt I
| could do something for that, and maybe even get to feel a bit
| better as a person in this weird world as a side effect. Seems
| like we not only should but could do a lot more here, before this
| gets to the criminal investigation level.
| wmf wrote:
| FAANGs all have child safety departments where you can get paid
| and do good.
| FireBeyond wrote:
| I have to feel that on some level, actively seeking out jobs
| where you review CSAM on a daily basis should be at least
| something of a red flag to those employers.
| wmf wrote:
| Child safety isn't only about CSAM BTW.
| ktownsend wrote:
| Indeed, I'd hate to be the recruiter for that. I can't
| imagine the kind of psychological profile you'd need for
| something like that. The end of the article describes the
| psychological cost the investigation had on the
| investigators who were parents themselves.
|
| But even at an algorithmic level, it seems like there are
| all kinds of red flags you could pull out of public posts
| and do a much better job of redirecting potentially
| victimized people to some organisations doing meaningful
| work to help victims.
|
| How many categories does my online profile fit in based on
| all my interests, and how many hundreds of bright people
| are wasting their lives to discern that I happen to like A
| + B + C and I'm in financial bracket F, with political
| leaning G ... to try to show me an advert I'm probably just
| blocking anyway.
___________________________________________________________________
(page generated 2022-04-08 23:00 UTC)