bitcoin
Bitcoin (BTC) $ 84,317.59 0.54%
ethereum
Ethereum (ETH) $ 1,864.48 0.51%
tether
Tether (USDT) $ 1.00 0.02%
xrp
XRP (XRP) $ 2.11 0.65%
bnb
BNB (BNB) $ 602.66 1.75%
solana
Solana (SOL) $ 124.48 2.97%
usd-coin
USDC (USDC) $ 1.00 0.01%
dogecoin
Dogecoin (DOGE) $ 0.169467 1.36%
cardano
Cardano (ADA) $ 0.669544 0.97%
tron
TRON (TRX) $ 0.235559 0.14%
Blog

Whistleblowing In The Surveillance Age

This article is featured in Bitcoin Magazine’s “The Inscription Issue”. Click here to get your Annual Bitcoin Magazine Subscription.

Bitcoin allows for the permanent inscribing of data onto the public record. Still, whistleblowing on the blockchain remains a terrible idea.

Leaking information is risky business. If you’ve obtained sensitive information — particularly if you’re not supposed to be in possession of said information in the first place — you can’t just send out an email or post it to your Twitter feed. If you did, before you knew it, you’d be tracked, identified, and thrown in jail, while the data you obtained would quickly be deleted.

By inscribing information on the Bitcoin blockchain, the data you’ve obtained cannot be deleted. Just as a Bitcoin transaction is final, so is any information published to the blockchain. Forever there, for anyone in the world to see. But, what sounds like a great plan for leaking information — call it WikiLeaks 2.0 — is actually not a very smart idea.

Protecting whistleblowers is of the highest importance to any sophisticated publisher. And it for sure isn’t easy. By publishing data yourself directly to the Bitcoin blockchain, you may miss important data points that could identify you as the source. Readers would further be unable to verify the chain of custody, potentially discrediting your leak. In addition, neither Bitcoin nor the internet are privacy technologies, potentially leading to your identity leaking via various mechanisms to the public.

Watermarking and Digital Fingerprints

Many large corporations employ methods to identify sources of leaks, such as analyzing watermarks and digital fingerprints. Watermarking is the act of altering a piece of data to make it uniquely identifiable, while digital fingerprints are derived from information inherent to most forms of digital communication. Both are largely invisible to the human eye.

A popular way of watermarking is the modification of text spacing on documents accessible to employees. Using text spacing to watermark documents was famously employed by Elon Musk at Tesla to identify the individual behind a 2008 email leak, which disclosed that the company only had $9 million in cash on hand. Every email sent out at Tesla has a slightly different text spacing, forming a binary signature to identify the source of a leak.

Another way to watermark documents is via printers. Again, mostly invisible to the naked eye, most printers — particularly laser printers — form unique dotted patterns on printed documents in order to identify the printer a document was printed on.

Click the image above to subscribe!

This was the case for Reality Winner, who leaked classified information on the Russian interference of the 2016 U.S. elections to the U.S. newspaper The Intercept. The Intercept, financed by eBay founder and friend of U.S. intelligence Pierre Omidyar (dubbed “one of the scariest tech billionaires out there” by journalist Yasha Levine), published Winner’s documents without removing the document’s watermarks, allegedly leading to Winner’s arrest. While watermarking adds identifiable patterns to data, fingerprinting deducts identifiable patterns from data. For example, JPEG image headers usually contain unique metadata giving indications as to what device an image was taken on, as well as time and location of the image. Fingerprinting may also suggest what platform was used to communicate, as most platforms use differentiating compressor mechanisms to send data. Unless you are aware of all the ways a document can be watermarked and fingerprinted, leaking information yourself is not a good idea.

Chain Of Custody

Establishing a chain of custody is important to protect the credibility of leaked information. Simply adding documents to the blockchain will not help journalists verify the integrity of the information you uploaded, leading to your leak likely being discredited.

Chain of custody is important to maintain ethical reporting standards. Just as law enforcement is required to protect chain of custody to ensure evidence has not been altered, journalists are expected to verify any and all information they receive. This is done by establishing where a specific document originated and through how many (and whose) hands it went in the aftermath. Without documentation of how and by whom a document has been handled, journalists can hardly determine whether a leak is genuine or has been tampered with. Generally, chain of custody attempts to answer the questions of who, when, why, where, and how a document has been discovered.

Discreditation has become somewhat of a profession. Generally, there are two ways to discredit a leak: discrediting the leaker and discrediting the leak itself. Discrediting the leaker can involve uncovering undesirable information about a target, such as sexual relations or health issues, or the outright framing of a leaker to invoke the perception of bias, focussing on who and why.

The discreditation of documents is largely carried out by sowing further uncertainty around a leak’s chain of custody. Chain of custody herein causes a dilemma, as the removal of metadata to protect us from identification makes the establishment of who, when, why, where, and how much harder. In digital forensics, it is therefore often focused on whether documents appear authentic, accurate, and complete, as well as whether documents are believable and explainable. Without an established chain of custody, the establishment of authenticity, accuracy, completeness, believability, and explainability becomes much harder to determine, making discreditation much easier.

While we can make sure that a leaked document has not been tampered with after adding it to the blockchain, we cannot answer the questions of who, when, why, where, and how, pertaining to the much misunderstood dilemma that a blockchain can only verify data it has produced itself — perfectly illustrated by Todd Eden in 2018, who added a picture of the Mona Lisa to the blockchain-based art platform VerisArt, turning himself into the verified Leonardo da Vinci. This makes leaking information on the Bitcoin blockchain pointless unless journalistic due diligence is applied.

Private Information On The Internet

Contrary to public opinion, Bitcoin is not privacy technology. Even if you have established no fingerprinting in documents and followed chain-of-custody procedures, publishing information on the public blockchain can still lead to your identification.

The easiest way to determine where a leak originated is through so-called supernodes. A supernode is a node in Bitcoin’s peer-to-peer network which establishes connections to as many nodes as possible, allowing it to tell from which node a transaction originated.

We may now think that using the Tor network may be enough to hide our private information from being obtained. But because blockchain surveillance works closely with government intelligence — Chainalysis has received over $3 million in the past two years by CIA’s venture capital fund In-Q-Tel, while its competitor Elliptic was founded out of a GCHQ accelerator — we must assume that blockchain surveillance firms have access to the resources of global passive adversaries.

A global passive adversary is an entity with the capabilities to watch the entire traffic on a given network. By doing so, it is able to determine the timing of when a packet has been sent and when it was received, correlating its sender and recipient. For example, if you used the Tor network from within the United States to access a website in the United States, the United States knows which websites you visited by correlating the timing of network requests sent and received. Because the United States is a global passive adversary, it possesses the abilities to link the timing of network requests globally.

To leak information securely, it is therefore advised to do so via the Tor network from an internet café while refraining from performing any other web request. If you leak a document from an internet café and have recently signed into your email from the same computer, your identity can be assumed even when using Tor. You should therefore never use your own computers to leak information, as computers, too, are fingerprinted throughout the world wide web, from browser window sizes used to the applications installed. Additionally, it is advised to visit locations from which information is to be leaked while leaving your phone at home, as intelligence is able to obtain your location records. Nation-states herein have the capability of tracking your location even when your GPS is disabled by tracking the network requests your phone sends to WiFi networks you pass by.

Unfortunately, it is improbable to find an internet café which allows you to install a Bitcoin node. The only other way to leak information securely therefore becomes purchasing a single-use throwaway computer, as using someone else’s node leaks further identifiable information to untrusted third parties. But, as soon as your personal devices and secret computer touch the same networks, you can again be identified.

Conclusion

Leaking information is incredibly important, especially when it pertains to abuses of power. But it’s also incredibly dangerous. Using Bitcoin as a platform for whistleblowing, as proposed numerous times throughout the ecosystem, is a terrible idea given the risks at hand.

The Tor network is insufficient to protect one’s privacy in the face of global passive adversaries, making direct publication to the Blockchain incredibly difficult while ensuring the protection of one’s identity, as the Bitcoin network is insufficient to protect one’s personally identifiable information in general. Documents can contain invisible fingerprints leading to one’s identification, and a lack of chain of custody will likely result in the discreditation of your leak.

It is dangerous to believe that you are safe from both government and corporate surveillance, as it results in less caution and more reckless action. It is always better to be safe than sorry. Unfortunately, this mantra does not seem to resonate with many Bitcoiners these days. 

This article is featured in Bitcoin Magazine’s “The Inscription Issue”. Click here to get your Annual Bitcoin Magazine Subscription.

Related Posts
How-lightning-is-revolutionizing-crowdfunding
Bitcoin Magazine Feed

How Lightning Is Revolutionizing Crowdfunding

Lightning enables live, updated crowdfunding in a decentralized manner that limits the impact of third parties involved.This is an opinion editorial by Kroum Kroumov, a copywriter, editor and UX writer.Crowdfunding has always been a great way to get funding for your work and to send your ambitions flying. Most internet crowdfunding platforms haven’t kept up…
The-great-migration:-as-speech-is-censored,-bitcoin-finds-mastodon
Bitcoin Magazine Feed

The Great Migration: As Speech Is Censored, Bitcoin Finds Mastodon

Sources: Twitter and bitcoinhackers.org Well, it finally happened. With a week or so remaining in Donald Trump’s four-year term in office as the 45th President of the United States of America, Twitter permanently suspended his account. After close review of recent Tweets from the @realDonaldTrump account and the context around them we have permanently suspended…
Report:-global-investment-funds-hold-more-than-$43-billion-in-bitcoin
Bitcoin Magazine Feed

Report: Global Investment Funds Hold More Than $43 Billion In Bitcoin

Investment funds worldwide hold a collective bitcoin supply worth $43.2 billion, spread across various investment vehicles, per a new report.Global investment funds now hold more than $43 billion worth of bitcoin on behalf of their clients, according to a report from Financial News. Corporate bitcoin holdings, meanwhile, have reached a total of $6.5 billion.Anatoly Crachilov,…
Why-i-find-the-bitcoin-community-so-compelling
Bitcoin Magazine Feed

Why I Find The Bitcoin Community So Compelling

The Bitcoin community assembles like minded people who hold the values of freedom and sovereignty above all else.Listen To This Episode:AppleSpotifyGoogleLibsynOvercastArt and Bitcoin — both draw in some of the most creative minds in the world. I discussed this and more interesting intersections with Bitcoin Magazine’s PhoenixBTC. We touched on how bitcoin affects time preference,…
Mayors-around-the-us-race-to-embrace,-be-paid-in-bitcoin
Bitcoin Magazine Feed

Mayors Around the US Race To Embrace, Be Paid in Bitcoin

The mayors of Jackson, TN, and Tampa, FL, are the latest to join the cohort of US mayors converting their paychecks into bitcoin.The mayors of Jackson, TN, and Tampa, FL, have committed to convert their next paychecks into bitcoin.Game theory is playing out gracefully and mayors across the country are racing to portray their towns…
Bitcoin-banks:-we-should-build-them-ourselves
Bitcoin Magazine Feed

Bitcoin Banks: We Should Build Them Ourselves

Bitcoin banks are going to happen. We already have a few of them. We’re going to have more of them. Existing legacy banks are going to start offering services. New banks are going to be founded around Bitcoin. This is completely unavoidable at this point. Bitcoin doesn’t scale. Even absent that, people value other services
Massmutual-bitcoin-investment-has-tripled-in-dollar-value
Bitcoin Magazine Feed

MassMutual Bitcoin Investment Has Tripled In Dollar Value

The Massachusetts-based insurance company’s $100 million bitcoin purchase in December 2020 is now worth more than $300 million.MassMutual has more than tripled the dollar value of its bitcoin investment in under one year.The insurance company bought an undisclosed amount of BTC for $100,000,000 on December 10, 2020, when the bitcoin price was hovering around $18,500.The…
Loading data ...
Comparison
View chart compare
View table compare
Back To Top