This article is featured in Bitcoin Magazine’s“The Inscription Issue”. Click here to get your Annual Bitcoin Magazine Subscription.
Bitcoin allows for the permanent inscribing of data onto the public record. Still, whistleblowing on the blockchain remains a terrible idea.
Leaking information is risky business. If you’ve obtained sensitive information — particularly if you’re not supposed to be in possession of said information in the first place — you can’t just send out an email or post it to your Twitter feed. If you did, before you knew it, you’d be tracked, identified, and thrown in jail, while the data you obtained would quickly be deleted.
By inscribing information on the Bitcoin blockchain, the data you’ve obtained cannot be deleted. Just as a Bitcoin transaction is final, so is any information published to the blockchain. Forever there, for anyone in the world to see. But, what sounds like a great plan for leaking information — call it WikiLeaks 2.0 — is actually not a very smart idea.
Protecting whistleblowers is of the highest importance to any sophisticated publisher. And it for sure isn’t easy. By publishing data yourself directly to the Bitcoin blockchain, you may miss important data points that could identify you as the source. Readers would further be unable to verify the chain of custody, potentially discrediting your leak. In addition, neither Bitcoin nor the internet are privacy technologies, potentially leading to your identity leaking via various mechanisms to the public.
Watermarking and Digital Fingerprints
Many large corporations employ methods to identify sources of leaks, such as analyzing watermarks and digital fingerprints. Watermarking is the act of altering a piece of data to make it uniquely identifiable, while digital fingerprints are derived from information inherent to most forms of digital communication. Both are largely invisible to the human eye.
A popular way of watermarking is the modification of text spacing on documents accessible to employees. Using text spacing to watermark documents was famously employed by Elon Musk at Tesla to identify the individual behind a 2008 email leak, which disclosed that the company only had $9 million in cash on hand. Every email sent out at Tesla has a slightly different text spacing, forming a binary signature to identify the source of a leak.
Another way to watermark documents is via printers. Again, mostly invisible to the naked eye, most printers — particularly laser printers — form unique dotted patterns on printed documents in order to identify the printer a document was printed on.
Click the image above to subscribe!
This was the case for Reality Winner, who leaked classified information on the Russian interference of the 2016 U.S. elections to the U.S. newspaper The Intercept. The Intercept, financed by eBay founder and friend of U.S. intelligence Pierre Omidyar (dubbed “one of the scariest tech billionaires out there” by journalist Yasha Levine), published Winner’s documents without removing the document’s watermarks, allegedly leading to Winner’s arrest. While watermarking adds identifiable patterns to data, fingerprinting deducts identifiable patterns from data. For example, JPEG image headers usually contain unique metadata giving indications as to what device an image was taken on, as well as time and location of the image. Fingerprinting may also suggest what platform was used to communicate, as most platforms use differentiating compressor mechanisms to send data. Unless you are aware of all the ways a document can be watermarked and fingerprinted, leaking information yourself is not a good idea.
Chain Of Custody
Establishing a chain of custody is important to protect the credibility of leaked information. Simply adding documents to the blockchain will not help journalists verify the integrity of the information you uploaded, leading to your leak likely being discredited.
Chain of custody is important to maintain ethical reporting standards. Just as law enforcement is required to protect chain of custody to ensure evidence has not been altered, journalists are expected to verify any and all information they receive. This is done by establishing where a specific document originated and through how many (and whose) hands it went in the aftermath. Without documentation of how and by whom a document has been handled, journalists can hardly determine whether a leak is genuine or has been tampered with. Generally, chain of custody attempts to answer the questions of who, when, why, where, and how a document has been discovered.
Discreditation has become somewhat of a profession. Generally, there are two ways to discredit a leak: discrediting the leaker and discrediting the leak itself. Discrediting the leaker can involve uncovering undesirable information about a target, such as sexual relations or health issues, or the outright framing of a leaker to invoke the perception of bias, focussing on who and why.
The discreditation of documents is largely carried out by sowing further uncertainty around a leak’s chain of custody. Chain of custody herein causes a dilemma, as the removal of metadata to protect us from identification makes the establishment of who, when, why, where, and how much harder. In digital forensics, it is therefore often focused on whether documents appear authentic, accurate, and complete, as well as whether documents are believable and explainable. Without an established chain of custody, the establishment of authenticity, accuracy, completeness, believability, and explainability becomes much harder to determine, making discreditation much easier.
While we can make sure that a leaked document has not been tampered with after adding it to the blockchain, we cannot answer the questions of who, when, why, where, and how, pertaining to the much misunderstood dilemma that a blockchain can only verify data it has produced itself — perfectly illustrated by Todd Eden in 2018, who added a picture of the Mona Lisa to the blockchain-based art platform VerisArt, turning himself into the verified Leonardo da Vinci. This makes leaking information on the Bitcoin blockchain pointless unless journalistic due diligence is applied.
Private Information On The Internet
Contrary to public opinion, Bitcoin is not privacy technology. Even if you have established no fingerprinting in documents and followed chain-of-custody procedures, publishing information on the public blockchain can still lead to your identification.
The easiest way to determine where a leak originated is through so-called supernodes. A supernode is a node in Bitcoin’s peer-to-peer network which establishes connections to as many nodes as possible, allowing it to tell from which node a transaction originated.
We may now think that using the Tor network may be enough to hide our private information from being obtained. But because blockchain surveillance works closely with government intelligence — Chainalysis has received over $3 million in the past two years by CIA’s venture capital fund In-Q-Tel, while its competitor Elliptic was founded out of a GCHQ accelerator — we must assume that blockchain surveillance firms have access to the resources of global passive adversaries.
A global passive adversary is an entity with the capabilities to watch the entire traffic on a given network. By doing so, it is able to determine the timing of when a packet has been sent and when it was received, correlating its sender and recipient. For example, if you used the Tor network from within the United States to access a website in the United States, the United States knows which websites you visited by correlating the timing of network requests sent and received. Because the United States is a global passive adversary, it possesses the abilities to link the timing of network requests globally.
To leak information securely, it is therefore advised to do so via the Tor network from an internet café while refraining from performing any other web request. If you leak a document from an internet café and have recently signed into your email from the same computer, your identity can be assumed even when using Tor. You should therefore never use your own computers to leak information, as computers, too, are fingerprinted throughout the world wide web, from browser window sizes used to the applications installed. Additionally, it is advised to visit locations from which information is to be leaked while leaving your phone at home, as intelligence is able to obtain your location records. Nation-states herein have the capability of tracking your location even when your GPS is disabled by tracking the network requests your phone sends to WiFi networks you pass by.
Unfortunately, it is improbable to find an internet café which allows you to install a Bitcoin node. The only other way to leak information securely therefore becomes purchasing a single-use throwaway computer, as using someone else’s node leaks further identifiable information to untrusted third parties. But, as soon as your personal devices and secret computer touch the same networks, you can again be identified.
Conclusion
Leaking information is incredibly important, especially when it pertains to abuses of power. But it’s also incredibly dangerous. Using Bitcoin as a platform for whistleblowing, as proposed numerous times throughout the ecosystem, is a terrible idea given the risks at hand.
The Tor network is insufficient to protect one’s privacy in the face of global passive adversaries, making direct publication to the Blockchain incredibly difficult while ensuring the protection of one’s identity, as the Bitcoin network is insufficient to protect one’s personally identifiable information in general. Documents can contain invisible fingerprints leading to one’s identification, and a lack of chain of custody will likely result in the discreditation of your leak.
It is dangerous to believe that you are safe from both government and corporate surveillance, as it results in less caution and more reckless action. It is always better to be safe than sorry. Unfortunately, this mantra does not seem to resonate with many Bitcoiners these days.
This article is featured in Bitcoin Magazine’s“The Inscription Issue”. Click here to get your Annual Bitcoin Magazine Subscription.
In part three of this four-part series, Eric Yakes takes us through the inner mechanisms of the Bitcoin network.The Wall Street Analyst’s Intro to Bitcoin:The Dimensions of MoneyWhat Bitcoin DoesHow Bitcoin WorksThe Monetary Properties of BitcoinHow Bitcoin WorksBitcoin can send transactions and incorporate them into a public blockchain which serves as a ledger. Bitcoin is…
Bitcoiners have to endure a lot of criticism from those who are still skeptical of the digital asset. A lot of the time, this skepticism comes from misunderstandings about the true nature of what the network is capable of. Headlines like “Bitcoin Was Hacked,” “Bitcoin Is Used By Criminals,” and “Bitcoin Is Bad For The…
The partnership lets FTX exchange users in 40 countries easily spend their bitcoin and cryptocurrencies at any merchant that accepts Visa cards.FTX is launching bitcoin and crypto-backed debit cards in 40 countries. The exchange partnered with Visa and will focus on Latin America, Asia and Europe. The offering is available to US users, and the…
While the current environment for Bitcoin miners may be challenging, there are emerging opportunities for investment.This is an opinion editorial by Glyn Jones, founder and CEO of Icebreaker Finance, a specialist capital advisory business with focus on private credit, DeFi and Bitcoin mining.Bitcoin mining, an essential aspect of the cryptocurrency industry and an increasingly-important contributor…
The bill would establish a clearer framework for U.S. regulators to deal with Bitcoin and cryptocurrency.Senator Lummis is planning to introduce a detailed bill on Bitcoin and crypto next year.The bill would provide guidelines for categorizing digital assets and create a new regulatory agency to oversee the cryptocurrency market.Pro-bitcoin U.S. Senator Cynthia Lummis is preparing…
While "the smartest people in the room" scan the horizon, bitcoiners are out there actually building the future they want to live in.The below is a direct excerpt of Marty's Bent Issue #1259: "Bitcoin is action. The accumulated momentum is going to be hard to stop." Sign up for the newsletter here.This morning I listened…
Listen To This Interview: AppleSpotifyGoogleLibsynOvercast Last week, I had the opportunity to interview Tyler Winklevoss of Gemini and Winklevoss Capital. We discussed how crazy 2020 has been, as well as his passion for Bitcoin, personal life and outlook for 2021. We started our conversation by digging into an article that he and his brother, Cameron,…
The popular location project is a model to be replicated for areas seeking to seize the opportunities Bitcoin offers.As a former resident of Venezuela, Josef Dvoracek knows a thing or two about inflation, economic mismanagement, and the risks of fiat currencies.That's why he's been among the most enthusiastic pioneers of a new bitcoin payments ecosystem…
Recently a big snafu was made about changes to the BIP 85 repository. For those not familiar with the BIP, it's a very simple scheme to allow generating new word seeds from a derivation path in a pre-existing word seed that you have. The logic of the BIP is to enable people who utilize multiple