It is somewhat good news for online anonymity that we don't know who Satoshi is. The amount of resources that have been poured into trying to uncover his identity is the equivalent of a medium-sized open source project. He has survived the army of geeks.
The state of user-user or user-corporation anonymity is good. If you want to stay anonymous from other users or a corporation then you can gain anonymity by spending a few hours reading tutorials/guides online and then installing Tails or Whonix (both which solve the metadata problem in OP and a variety of other attacks) or an alternative homebrew solution (machine isolation/snapshots) and apply a level of discipline to isolate your identity.
Last best OPSEC move Nakamoto made was to disappear - removes so many options in tracking him down. Hanging around and living off the credibility you've built with your anonymous persona is likely only going to breed complacency and the odds of slipping up increase each day (you see this in many cases)
I doubt he'll ever be tracked down. I doubt even a gov investigation starting today (for whatever reason) with all the power it has would achieve it (unless more than one person knows the secret, in which case a US investigation has a broad range of legal methods to compel testimony and reveal it).
I know a lot of people are sick of talking about Nakamoto and prefer to focus on what he produced (you can't even google his name anymore without 50% of the hits being about the Newsweek article), but being able to invent such an important piece of transformative technology and remain anonymous for so long, possible forever - is a brilliant accomplishment worthy of its own attention.
> It is somewhat good news for online anonymity that we don't know who Satoshi is.
Only if you believe that none of the identified candidates are him. Personally, I think not as much real effort has been spent as you think; I've found some pretty breathtaking stuff which no one has posted about publicly.
> Last best OPSEC move Nakamoto made was to disappear - removes so many options in tracking him down. Hanging around and living off the credibility you've built with your anonymous persona is likely only going to breed complacency and the odds of slipping up increase each day (you see this in many cases)
Yes, DPR comes to mind as an example of what happens when you don't know when to quit.
> I doubt even a gov investigation starting today (for whatever reason) with all the power it has would achieve it (unless more than one person knows the secret, in which case a US investigation has a broad range of legal methods to compel testimony and reveal it).
I disagree. Given what the Snowden leaks have revealed, I think the NSA, and possibly lower-level entities, could find him even now. They can attack gmx.com, AnonymousSpeech, Digirock, the Californian IP & Freenode, & the P2P Foundation looking for direct IP leaks or other information, either through penetration, legal demands, or their extensive databases of metadata; governments are the main sponsors of stylometric research (either code or writing), which are another excellent attack vector; and of course, they can simply do tailored attacks on major suspects, in the same way they've already individually gone after security researchers. For all we know, they've already done any of this - Snowden's info is dated.
> installing Tails or Whonix (both which solve the metadata problem in OP and a variety of other attacks)
I was surprised the article claims he was using Windows XP. There's a surprising number of leaks when using Windows software. These leaks are functional and can provide cool features, sure, but they're leaks nonetheless.
For example, if you embed a file in a Powerpoint presentation, the PPTX file includes the original full path to the file. "C:\Users\JLewis\SecretWorkForTheNSA\FormattedForPublicRelease.txt". Obviously this isn't exclusive to Windows operating systems, but I feel other OS environments generally don't encourage oversharing like Windows does.
>I doubt even a gov investigation starting today (for whatever reason) with all the power it has would achieve it (unless more than one person knows the secret, in which case a US investigation has a broad range of legal methods to compel testimony and reveal it).
As much as members of the Bitcoin community like to think of themselves as agitators, there were very clearly no laws broken here.
>As much as members of the Bitcoin community like to think of themselves as agitators, there were very clearly no laws broken here.
Yeah, that's all clear now, but 4 years ago the legal situation was much murkier. This was all very new ground and we had no idea how the U.S. government would react, particularly given some of the other things going on at the time (particularly the prosecution of E-Gold, which was centralized but shared some features with Bitcoin).
If I need to publish something and have it remain completely anonymous, convert it to ASCII TEXT. That is one of the few formats I understand well enough to be CERTAIN that it is free of metadata.
Now all I have to worry about is how I can anonymously publish it, text style analysis, and how to include diagrams without resorting to ASCII drawings.
It's not foolproof, but that does require that you have released a sufficiently large sample of LaTeX source under your real name (or something that can be traced to your real name) for comparison. Additionally, if you really want to release something typeset like that, but you're worried about fingerprinting, my guess is that it's not that hard to deliberately change your personal style by using a minimal set of packages and when necessary restricting yourself to the most popular packages. Even if your new personal style still ends up unique, it wouldn't match the fingerprint of anything you've released under your own name.
Yeah well that's not me... I've been on BBSes since 1988 and got my first proper internet shell account in 1991 when, incidentally, I was 13.
The reason I made the comment is because it rubbed me the wrong way to cite 13-year-old girl talk as prototypical gibberish. Are 13-year-old girls generally excitable and potentially annoying? Yes. Do they talk in gibberish as a matter of course? No, that's a thoughtless sexist trope.
And I'll place a blind bet that they text faster than you.
I wonder if there is a tool to obfuscate text to prevent analysis. one way I could think of is to use any online translation tool to translate to a foreign language and then back to english. and then fix the grammar slightly. the structure of the text should hopefully be different enough for any tool/human to recognize it's your style. is there an easier way to do this?
One of the methods they mentioned is machine translation, but they found that it wasn't terribly useful. It's a really neat talk and I highly recommend it. They also wrote some software to anonymize texts (Anonymouth) and their stylometry software (JStylo) is also freely available:
There is some free software available[0] to do stylometry analysis. And some software which purports to assist in anonymizing writings[1]. I've not really played around with either, so I can't speak to their ease of use and/or effectiveness. But it's at least somewhere to start.
Yeah, some work has been done in this area, but I only know about it in passing via a mention in one of Jacob Appelbaum's talks. This seems like it might be a decent place to start: https://www.youtube.com/watch?v=-b0Ta9h62_E
Reminds me of a concept of "google translate fixed point", i.e. you translate between english and an foreign language back and forth until the translation stops changing.
Don't be too sure about ASCII text file either, it may still contain a bit of metadata like the BOM (although then technically it's not pure ASCII, but rather UTF, but still it means you have to check the encoding used by your favourite text editor).
In case of UTF8, BOM isn't information at all, it's always the same 3 bytes (endianness mark is meaningless on byte-based encoding). And being added by default Windows plain text editor, it's fingerprinting usefulness is rather limited.
I think you'd be okay with any format, such as HTML, that you can eyeball in a plain text editor; you just need to eschew binary formats. So diagrams in SVG in preference to PNG?
Although the PDF spec says that the ID field is "optional", a lot of PDF-producing apps put it in anyway, and the way OoO calculates the ID is basically what the spec recommends, although it does say "Note that the calculation of the file IDs need not be reproducible. All that matters is that the file IDs are likely to be unique." This means that a CSPRNG would be a better choice, or even omitting the ID entirely.
The Author/CreationDate/Creator/Producer/etc. fields are also completely optional despite, once again, the insistence of applications to put them in. There are "PDF anonymisers" out there, and I've written one myself too, but not all of them remove all this information.
Interestingly enough there's a PDF from the NSA about removing metadata, which itself has most of the metadata removed, but not the ID nor creation/modification dates:
The author of the blog post makes the claim that Satoshi used Tor. I'm interested in what evidence there is for that. I googled and found a few people mentioning it, but no direct quote from Satoshi himself. I also searched the archives of his posts:
https://www.google.com/webhp?sourceid=chrome-instant&ion=1&e...
Suppose that claim is not true, or that he was not fastidious in his use of Tor, it seems to me the email service provider would have logs on where his emails were originating from. From his original paper his email is satoshin@gmx.com
I'm not sure who owns gmx.com, but I think it likely that if a sovereign state went after them, they would probably divulge the information. Not that I want this to happen, of course. I hope he's never uncovered and his legend grows with the success of Bitcoin. I hope he did use Tor. I'm just not certain there is evidence for it.
Edit: I am not Satoshi Nakamoto, although I wish I was
gmx is very popular among tor users because you can create an account with no strings attached. No other emails are needed, no other phone numbers are needed, and signup takes only a few webpage loads (important when dealing with latencies of up to 45 seconds).
This of course doesn't mean that Satoshi is a tor user, but a gmx account is consistent with typical tor behavior.
I just sent a message to him about this HN thread but you are always free to contact the author on their own site. He is one of the top cryptocurrencies experts right now and is engaged in many different threads/sites at the same time.
I would have thought he'd use a computer solely for his Satoshi identity, in which case his username probably is satoshi. This is the best way to ensure your computer doesn't leak anything you don't want it to: don't give it the information in the first place.
If someone finds Satoshi and publishes Satoshi's identity and Satoshi is a regular person. It would probably led to the destruction of Satoshi's life and not that unlikely Satoshi's death.
With that in mind, i think it is kind of stupid to look for Satoshi.
Proving he/she is who they say they are is difficult and could be countered. Satoshi is not a regular person, but that really doesn't matter in this argument. Why would being 'non regular' make a difference here?
The rest of your statement is an ad hominem argument. You state it is stupid to look for him because finding him would result in his death. That's a blaming statement of epic proportions, and is probably a result of your own emotions around Satoshi and Bitcoin, not a reality of this world. We don't know what we'd do if we found him.
This is funny, a couple of months ago everybody was saying how publishing the identity of a man who holds millions in an anonymous virtual currency would most likely lead to somebody attempting to extort him and put his life great danger.
I don't think very many people said that about the false Satoshi. They just said he would be harassed heavily and his life would be made much more difficult.
I think it's very unlikely anyone would threaten to murder or kidnap Satoshi.
People seem to forget there are lots of millionaires, multi millionaires, and billionaires around. For the most part in America, Europe, Japan, etc they are safe.
But I guess at least being downvoted means someone is reading it.
Yes, but they generally have their fortunes in various bank accounts, investment accounts, land/property, and other things that are very difficult to steal and monetize without leaving traces. How much security would you need if you had $20 million in gold bars in your living room, and the general public knew about it?
Why does everyone assume that Satoshi is a singular entity? What if Satoshi is legion? :/ Given that initial assumption, which large/government entities would be most likely to start such a project?
Wasn't there some article some time ago that Satoshi has been discovered? Was it shown to have been fake? At least on FB/G+ it went quite viral and I haven't seen anything since.
The most high-profile speculation to date came in a March 6, 2014, article in the magazine Newsweek,[30] when journalist Leah McGrath Goodman identified Dorian Prentice Satoshi Nakamoto, a Japanese American man living in California, whose birth name is Satoshi Nakamoto.
What's funny is, most of HN and most of the Bitcoin subreddit posters were saying that it seemed like the article was legit in the first 2-4 days of its release. And yet as I was reading the article, the day it came out, I seriously thought their correlations sounded way off and that they had the wrong guy.
I made a bunch of HN and reddit posts and even threads saying the Newsweek piece was very probably wrong, and was told to stop being a conspiracy nut. I even went into the official Bitcoin IRC to debate it with people, and found only 1 person agreeing with me and about 10 people against me.
It's scary to think that terrible journalism can be published and believed so easily.
- If Dorian was the real Satoshi, he would of course have used his 'real' account to try to disprove the claim.
- If not, the only to way to know for sure that he is not the guy is for the other 'real' Satoshi to prove that it couldn't be Dorian.
Simple as that. I agree that in the second case, the real Satoshi would not have a lot of incentive to prove the mistake. I'm not a conspiracy nut, I'm just saying that it has not been proven that Dorian is not the guy.
The state of user-user or user-corporation anonymity is good. If you want to stay anonymous from other users or a corporation then you can gain anonymity by spending a few hours reading tutorials/guides online and then installing Tails or Whonix (both which solve the metadata problem in OP and a variety of other attacks) or an alternative homebrew solution (machine isolation/snapshots) and apply a level of discipline to isolate your identity.
Last best OPSEC move Nakamoto made was to disappear - removes so many options in tracking him down. Hanging around and living off the credibility you've built with your anonymous persona is likely only going to breed complacency and the odds of slipping up increase each day (you see this in many cases)
I doubt he'll ever be tracked down. I doubt even a gov investigation starting today (for whatever reason) with all the power it has would achieve it (unless more than one person knows the secret, in which case a US investigation has a broad range of legal methods to compel testimony and reveal it).
I know a lot of people are sick of talking about Nakamoto and prefer to focus on what he produced (you can't even google his name anymore without 50% of the hits being about the Newsweek article), but being able to invent such an important piece of transformative technology and remain anonymous for so long, possible forever - is a brilliant accomplishment worthy of its own attention.