This article is featured in Bitcoin Magazine’s “The Inscription Issue”. Click here to get your Annual Bitcoin Magazine Subscription.
Bitcoin allows for the permanent inscribing of data onto the public record. Still, whistleblowing on the blockchain remains a terrible idea.
Leaking information is risky business. If you’ve obtained sensitive information — particularly if you’re not supposed to be in possession of said information in the first place — you can’t just send out an email or post it to your Twitter feed. If you did, before you knew it, you’d be tracked, identified, and thrown in jail, while the data you obtained would quickly be deleted.
By inscribing information on the Bitcoin blockchain, the data you’ve obtained cannot be deleted. Just as a Bitcoin transaction is final, so is any information published to the blockchain. Forever there, for anyone in the world to see. But, what sounds like a great plan for leaking information — call it WikiLeaks 2.0 — is actually not a very smart idea.
Protecting whistleblowers is of the highest importance to any sophisticated publisher. And it for sure isn’t easy. By publishing data yourself directly to the Bitcoin blockchain, you may miss important data points that could identify you as the source. Readers would further be unable to verify the chain of custody, potentially discrediting your leak. In addition, neither Bitcoin nor the internet are privacy technologies, potentially leading to your identity leaking via various mechanisms to the public.
Many large corporations employ methods to identify sources of leaks, such as analyzing watermarks and digital fingerprints. Watermarking is the act of altering a piece of data to make it uniquely identifiable, while digital fingerprints are derived from information inherent to most forms of digital communication. Both are largely invisible to the human eye.
A popular way of watermarking is the modification of text spacing on documents accessible to employees. Using text spacing to watermark documents was famously employed by Elon Musk at Tesla to identify the individual behind a 2008 email leak, which disclosed that the company only had $9 million in cash on hand. Every email sent out at Tesla has a slightly different text spacing, forming a binary signature to identify the source of a leak.
Another way to watermark documents is via printers. Again, mostly invisible to the naked eye, most printers — particularly laser printers — form unique dotted patterns on printed documents in order to identify the printer a document was printed on.
This was the case for Reality Winner, who leaked classified information on the Russian interference of the 2016 U.S. elections to the U.S. newspaper The Intercept. The Intercept, financed by eBay founder and friend of U.S. intelligence Pierre Omidyar (dubbed “one of the scariest tech billionaires out there” by journalist Yasha Levine), published Winner’s documents without removing the document’s watermarks, allegedly leading to Winner’s arrest. While watermarking adds identifiable patterns to data, fingerprinting deducts identifiable patterns from data. For example, JPEG image headers usually contain unique metadata giving indications as to what device an image was taken on, as well as time and location of the image. Fingerprinting may also suggest what platform was used to communicate, as most platforms use differentiating compressor mechanisms to send data. Unless you are aware of all the ways a document can be watermarked and fingerprinted, leaking information yourself is not a good idea.
Establishing a chain of custody is important to protect the credibility of leaked information. Simply adding documents to the blockchain will not help journalists verify the integrity of the information you uploaded, leading to your leak likely being discredited.
Chain of custody is important to maintain ethical reporting standards. Just as law enforcement is required to protect chain of custody to ensure evidence has not been altered, journalists are expected to verify any and all information they receive. This is done by establishing where a specific document originated and through how many (and whose) hands it went in the aftermath. Without documentation of how and by whom a document has been handled, journalists can hardly determine whether a leak is genuine or has been tampered with. Generally, chain of custody attempts to answer the questions of who, when, why, where, and how a document has been discovered.
Discreditation has become somewhat of a profession. Generally, there are two ways to discredit a leak: discrediting the leaker and discrediting the leak itself. Discrediting the leaker can involve uncovering undesirable information about a target, such as sexual relations or health issues, or the outright framing of a leaker to invoke the perception of bias, focussing on who and why.
The discreditation of documents is largely carried out by sowing further uncertainty around a leak’s chain of custody. Chain of custody herein causes a dilemma, as the removal of metadata to protect us from identification makes the establishment of who, when, why, where, and how much harder. In digital forensics, it is therefore often focused on whether documents appear authentic, accurate, and complete, as well as whether documents are believable and explainable. Without an established chain of custody, the establishment of authenticity, accuracy, completeness, believability, and explainability becomes much harder to determine, making discreditation much easier.
While we can make sure that a leaked document has not been tampered with after adding it to the blockchain, we cannot answer the questions of who, when, why, where, and how, pertaining to the much misunderstood dilemma that a blockchain can only verify data it has produced itself — perfectly illustrated by Todd Eden in 2018, who added a picture of the Mona Lisa to the blockchain-based art platform VerisArt, turning himself into the verified Leonardo da Vinci. This makes leaking information on the Bitcoin blockchain pointless unless journalistic due diligence is applied.
Contrary to public opinion, Bitcoin is not privacy technology. Even if you have established no fingerprinting in documents and followed chain-of-custody procedures, publishing information on the public blockchain can still lead to your identification.
The easiest way to determine where a leak originated is through so-called supernodes. A supernode is a node in Bitcoin’s peer-to-peer network which establishes connections to as many nodes as possible, allowing it to tell from which node a transaction originated.
We may now think that using the Tor network may be enough to hide our private information from being obtained. But because blockchain surveillance works closely with government intelligence — Chainalysis has received over $3 million in the past two years by CIA’s venture capital fund In-Q-Tel, while its competitor Elliptic was founded out of a GCHQ accelerator — we must assume that blockchain surveillance firms have access to the resources of global passive adversaries.
A global passive adversary is an entity with the capabilities to watch the entire traffic on a given network. By doing so, it is able to determine the timing of when a packet has been sent and when it was received, correlating its sender and recipient. For example, if you used the Tor network from within the United States to access a website in the United States, the United States knows which websites you visited by correlating the timing of network requests sent and received. Because the United States is a global passive adversary, it possesses the abilities to link the timing of network requests globally.
To leak information securely, it is therefore advised to do so via the Tor network from an internet café while refraining from performing any other web request. If you leak a document from an internet café and have recently signed into your email from the same computer, your identity can be assumed even when using Tor. You should therefore never use your own computers to leak information, as computers, too, are fingerprinted throughout the world wide web, from browser window sizes used to the applications installed. Additionally, it is advised to visit locations from which information is to be leaked while leaving your phone at home, as intelligence is able to obtain your location records. Nation-states herein have the capability of tracking your location even when your GPS is disabled by tracking the network requests your phone sends to WiFi networks you pass by.
Unfortunately, it is improbable to find an internet café which allows you to install a Bitcoin node. The only other way to leak information securely therefore becomes purchasing a single-use throwaway computer, as using someone else’s node leaks further identifiable information to untrusted third parties. But, as soon as your personal devices and secret computer touch the same networks, you can again be identified.
Leaking information is incredibly important, especially when it pertains to abuses of power. But it’s also incredibly dangerous. Using Bitcoin as a platform for whistleblowing, as proposed numerous times throughout the ecosystem, is a terrible idea given the risks at hand.
The Tor network is insufficient to protect one’s privacy in the face of global passive adversaries, making direct publication to the Blockchain incredibly difficult while ensuring the protection of one’s identity, as the Bitcoin network is insufficient to protect one’s personally identifiable information in general. Documents can contain invisible fingerprints leading to one’s identification, and a lack of chain of custody will likely result in the discreditation of your leak.
It is dangerous to believe that you are safe from both government and corporate surveillance, as it results in less caution and more reckless action. It is always better to be safe than sorry. Unfortunately, this mantra does not seem to resonate with many Bitcoiners these days.
This article is featured in Bitcoin Magazine’s “The Inscription Issue”. Click here to get your Annual Bitcoin Magazine Subscription.
