This article was published in Bitcoin Magazine “Inscription problem”.click here To get an annual subscription to Bitcoin Magazine,
Bitcoin allows data to be permanently recorded in public records. Still, whistleblowing on blockchain is still a terrible idea.
Leaking information is a risky business. If you get hold of sensitive information, especially if you weren’t supposed to have it in the first place, you can’t just send an email or post it on your Twitter feed. If you do, you’ll be tracked down, identified, and jailed without even realizing it, while the data you got will be quickly deleted.
By writing information to the Bitcoin blockchain, the acquired data cannot be deleted. Just as Bitcoin transactions are final, so too is the information published on the blockchain. It’s there forever and everyone in the world can see it. But what sounds like a great plan against a data leak (we’ll call it WikiLeaks 2.0) is actually not a very smart idea.
Protecting whistleblowers is of paramount importance to sophisticated publishers. And it’s certainly not easy. If you publish your data directly to the Bitcoin blockchain yourself, you may miss important data points that could identify you as the source. Furthermore, the reader will not be able to see the chain of custody, which may undermine the credibility of the leak. Additionally, neither Bitcoin nor the Internet are privacy technologies, and personal information can be leaked to the public through a variety of mechanisms.
Watermarks and digital fingerprints
Many large companies employ methods to identify the source of leaks, such as watermarking and digital fingerprint analysis. A watermark is the act of changing data so that it can be uniquely identified, whereas a digital fingerprint is derived from information that is unique to most forms of digital communication. Both are almost invisible to the human eye.
A common way to watermark is to change the spacing of text on documents that employees can access. Watermarking documents using text spacing was famously used by Tesla’s Elon Musk to identify the individuals behind his 2008 email leak, but At the time, it was revealed that the company only had $9 million in cash on hand. Every email sent by Tesla has slightly different text spacing, forming a binary signature to identify the source of the leak.
Another way to watermark a document is with a printer. Again, in most cases it is not visible to the naked eye, but most printers, especially laser printers, will create a unique dotted pattern on the printed document to identify the printer the document was printed on.
This was the case with Reality Winner, who leaked classified information about Russian interference in the 2016 US election to a US newspaper. intercept. interceptis funded by Pierre Omidyar, the founder of eBay and a friend of the US intelligence community, who has been called “one of the scariest tech billionaires in the world” by journalist Yascha Levin. , allegedly published Winner’s documents without removing the document’s watermark, leading to Winner’s arrest.Watermarking adds an identifiable pattern to Data, fingerprinting subtracts discernible patterns from data. For example, JPEG image headers typically include unique metadata that indicates not only when and where the image was taken, but also what device the image was taken on. Since most platforms use differentiated compression mechanisms for data transmission, fingerprinting may also suggest which platform was used for the communication. Unless you know all the ways to watermark or fingerprint your documents, it’s not a good idea to leak the information yourself.
Distribution process management
In order to protect the reliability of leaked information, it is important to establish a storage process. Simply adding documents to the blockchain does not help journalists verify the integrity of the information they upload, potentially discrediting the leak.
Process control is important for maintaining ethical reporting standards. Just as law enforcement must protect their custody chain to ensure that evidence has not been tampered with, journalists are also expected to verify any information they receive. This is done by revealing where a particular document was created and how many (and in what) hands it has passed into since then. Without recording how and by whom documents were handled, it is difficult for journalists to determine whether a leak is genuine or has been tampered with. In general, custody management seeks to answer the questions of who, when, why, where, and how a document was discovered.
Discrediting has become something of a profession. Generally, he has two ways to discredit a leak. One is to discredit the leak, and the other is to discredit the leak itself. Discrediting a leaker includes revealing undesirable information about the target, such as sexual relationships or health issues, or blatantly framing the leaker to create perceptions of bias. who and why.
Damaging the credibility of documents is primarily done by instilling further uncertainty in the chain of custody of the leak. The storage process here poses a dilemma. When metadata is removed to protect against identification, it becomes even more difficult to determine who, when, why, where, and how. Therefore, digital forensics often focuses on whether documents are authentic, accurate, and complete, as well as whether they are reliable and explainable. Without an established chain of custody, reliability, accuracy, completeness, veracity, and explainability are much harder to establish, and it is easier to lose trust.
After adding a leaked document to a blockchain, you can be sure it hasn’t been tampered with, but who can help with the commonly misunderstood dilemma that blockchains can only verify data they themselves generate? The questions of when, why, where, and how cannot be answered. This is perfectly illustrated in 2018 when Todd Eden added a painting of the Mona Lisa to the blockchain-based art platform VerisArt, turning himself into a verified Leonardo da Vinci. Therefore, there is no point in leaking information on the Bitcoin blockchain unless journalistic due diligence is applied.
Personal information on the Internet
Contrary to popular opinion, Bitcoin is not a privacy technology. Even if you prove there are no fingerprints left on your documents and follow your storage procedures, your identity can still be determined if you publish your information on a public blockchain.
The easiest way to identify the source of a leak is to use so-called supernodes. A supernode is a node within Bitcoin’s peer-to-peer network that establishes connections to as many nodes as possible, allowing it to identify from which node a transaction originated.
We may now think that using the Tor network is enough to hide the capture of personal information. But blockchain surveillance is closely aligned with government intelligence agencies, with Chainalysis receiving more than $3 million in the past two years from the CIA’s venture capital fund In-Q-Tel, while competitor Elliptic has received GCHQ Since it was founded from an accelerator, we have to assume that blockchain monitoring is in place. Companies can access the resources of passive adversaries around the world.
A global passive adversary is an entity that has the ability to monitor all traffic on a particular network. This allows us to determine when packets are sent and received, and to associate senders and receivers. For example, if you visit your girlfriend’s website in the US using the Tor network from within the US, the US knows which of your girlfriend’s websites you visit by correlating the timing of your sending and receiving network requests. Because the United States is a global passive adversary, it has the ability to globally link the timing of network requests.
Therefore, the best way to safely leak information is to leak it from an Internet cafe over the Tor network without making any other web requests. If you leaked a document from an Internet cafe and you recently signed in to email from that same computer, your identity could be guessed even if you use Tor. Therefore, you should never use your computer to leak information. Computers are also fingerprinted across the World Wide Web, from the size of the browser window used to the applications installed. Additionally, intelligence agencies can obtain records of your location, so it’s a good idea to leave your phone at home and visit locations where your information is leaked. Here, the state has the ability to track your location even when GPS is disabled by tracking the network requests your phone sends to the WiFi networks it passes through.
Unfortunately, it is impossible to find an internet cafe where you can install a Bitcoin node. Therefore, the only other way to safely leak information would be to purchase a disposable computer. Using someone else’s node also exposes personally identifying information to untrusted third parties. But as soon as your personal device and secret computer connect to the same network, you can be identified again.
conclusion
Information leakage is very important, especially when it involves abuse of power. But it’s also extremely dangerous. Using Bitcoin as a whistleblowing platform, as has been proposed many times across the ecosystem, is a terrible idea considering the risks at hand.
The Tor network is inadequate to protect individual privacy in the face of a global passive adversary, and the Bitcoin network in general is inadequate to protect personally identifiable information. It is extremely difficult to publish directly to a blockchain while protecting an individual’s identity. Documents can contain invisible fingerprints that identify individuals, and a lack of archiving can undermine the credibility of a breach.
Believing that you are safe from government and corporate surveillance is dangerous. This will make them less cautious and lead to more reckless behavior. It’s always better to be safe than sorry. Unfortunately, this mantra doesn’t seem to resonate with many Bitcoiners these days.
This article was published in Bitcoin Magazine “Inscription problem”.click here To get an annual subscription to Bitcoin Magazine,
