SoylentNews is people
SoylentNews
Submitted via IRC for TheMightyBuzzard
More and more shopping Web sites accept cryptocurrencies as a method of payment, but users should be aware that these transactions can be used to deanonymize them – even if they are using blockchain anonymity techniques such as CoinJoin.
Independent researcher Dillon Reisman and Steven Goldfeder, Harry Kalodner and Arvind Narayanan from Princeton University have demonstrated that third-party online tracking provides enough information to identify a transaction on the blockchain, link it to the user's cookie and, ultimately, to the user's real identity.
"Based on tracking cookies, the transaction can be linked to the user's activities across the web. And based on well-known Bitcoin address clustering techniques, it can be linked to their other Bitcoin transactions," they noted.
Add to this the fact that many merchants additionally leak users' PII such as name or email address to trackers, and if becomes obvious that trackers can easily link the transaction to a user's web profile and identity.
But, until know, it was possible to believe that using mixing technique such as the aforementioned CoinJoin or other types of coin mixing would prevent the linkage of Bitcoin addresses to user's identity. Unfortunately, that's not true.
Source: https://www.helpnetsecurity.com/2017/08/21/identify-users-behind-bitcoin-transactions/
(Score: 0) by Anonymous Coward on Monday August 21 2017, @09:22PM (1 child)
I Am Absolutely Serious.
Old builds of safari have an Activity window that makes it easy to spot one-pixel GIFs
(Score: 2) by Hyperturtle on Tuesday August 22 2017, @02:20PM
Unless one is taking elaborate means of obfusication, this is difficult to prevent with modern mainstream commerce--identification is big business. Just look at some of the cookies that get saved on your PCs.
The use of bitcoin identifies one as an outlier for sure. You're part of a rare group of people that may be receptive to products that promise privacy -- or expensive video cards! Too good for marketing to pass up--bitcoin users often are buying frivolous or expensive items as a means to 'get rid' of them when spending credit or cash would look bad.
The domain/host entry is good advice for resolving to 127.x.x.x. I suggest also simply setting up a local DNS server. Even if it is on a DD-WRT router or a raspberry pi or an old windows 2000 server. Don't put it online with a public IP, and make sure it just for dns and dhcp--simple stuff and you really don't need to worry too much about the security of it if you don't use it to surf the web or as a file share.
You can even use different 127.x.x.x addresses -- I use a series of different ones (it's a whole 127.x.x.x range you can use!) so that way I can check and see what sites are directing me where, based on what actually resolves and ends up logged, instead of a zillion attempts to 127.0.0.1. With some creativeness, you can have 127.0.0.x be trackers, 127.0.1.x for pixels, 127.0.2.x for MS ads and skype issues, etc.. you may find you can spend a lot of time filtering your filtering like that, but when in doubt, 127.0.0.1 stops it and you can worry about organizing it later, if ever.
DNS filtering is cheap, easy, and effective for the effort. It is far easier than trying to block things on a traditional firewall, and requires little performance power no matter what your connection speed. (Firewalls tend to need to get modernized as internet and local network connections increase... but this is easy to get going if you dont know how and set aside some time on a weekend to do it...)
If you're a Windows user, some versions of Windows know to ignore various efforts to block domains in the host file or integrated windows firewall, but it can't easily overcome an external blockage of some kind. That makes it worth the $50 in raspberry pi hardware, I think...
Having a DNS server do all of filtering for you can really make the home network experience much easier to update and maintain when it comes to issues like this, because one central device (or a few if you like redundancy--it's still cheap) takes the update, rather than every pc, laptop, tablet and phone (on the wifi at least) that you own, and will work with both wired and wireless if you point all dns requests to that.