15 March 2016 – Several new Tor de-anonymizing techniques have come to light in the past few days, which primarily exploit old javascript injection bugs to identify Tor users uniquely with mouse movement patterns and metrics. Jose Carlos Norte published these new exploits on his blog last week, shortly after discovering them. The security hole enabling these exploits is a ten-month-old bug that was unfortunately never addressed by the Tor developers. Until these bugs are resolved, oppressive regimes and nations that frown upon the use and trading of cryptocurrency can easily track privacy minded people that want to use cryptocurrency without fear of persecution.
Also Read: Obama, Brave Inc Raise Concern for Bitcoiner Privacy
Bitcoin Users in Russia and China Can’t Rely on Tor
This is of great concern to people seeking economic freedom in internet surveillance states like China and Russia, where Bitcoin ownership and commerce is a legal gray area at best. With the recent fall of the Ruble, Peso, and other currencies in crypto-hostile nations, not having anonymous access to the web is the difference between using Bitcoin and being locked away from their funds for many people worldwide. These exploits, as Jose describes them, makes tracking Tor users trivially easy compared to previous techniques discovered to be in use by government surveillance programs. No anonymizing solution is immune to exploits and scrutiny from government surveillance, but Tor, being the largest network available to people in places with pervasive Internet censorship and monitoring, has the most significant impact on network privacy.
The fact that these exploits stem from a ten-month-old bug that Tor devs were aware of makes this development all the more problematic – If one software analyst can find an array of flaws in Tor security, then who’s to say anti-Bitcoin regimes, places that typically have vast amounts of resources devoted to network surveillance and spying, aren’t already utilizing them? Techniques to analyze P2P and decentralized services have been evolving steadily over time, and efforts from open source developers have been mounting to address them. The Problem is that the people attempting to find holes in decentralized security are much better funded than those attempting to patch them, to the point of becoming a Sisyphean effort for the open source devs.
This, combined with recent reactionary legislation aimed at weakening encryption, makes evolution in blockchain and network anonymizer analysis all the more concerning in the Bitcoin community, regardless of their local regulatory climate. If criminalizing Bitcoin becomes readily enforceable through the use of exploits like this, then supporting an individual powered global economy with Crypto and decentralized marketplaces will become an increasingly difficult reality to realize.
Is Privacy important to Global bitcoin adoption? Let us Know in the Comments!
Images Courtesy of Michael Mandiberg, Tor Project