The last time Hackerfall tried to access this page, it returned a not found error. A cached version of the page is below, or clickhereto continue anyway

Deanonymizing Darknet Data · atechdad

Deanonymizing Darknet Data

17 Jul 2015

Hey all,this is a pretty simple post, so Ill keep it quick. Yesterday, someone released a dump containing several archives of Darknet black-market sites for research purposes. This looked interesting, so I took them and did a little research.

One of the suggested uses by gwern was:

deanonymization and information leaks (eg GPS coordinates in metadata, usernames reused on the clearnet, valid emails in PGP public keys)

Sounds like a good start to me.

Assumptions:

What I did:

For my target, I chose a random archive with a decent amount of data. I wanted something that had potential. I also decided to only look at .jpg images. I did this so I could standardize on the method in which I collected the data.

I then hacked together a script that would extract all of the files I wanted from the tar.gz. The script would then get each files latitude and longitude if it existed within the metadata of each image.

Results:

After parsing hundreds of thousands of images, I came across about 37 unique images that were not properly sanitized. This means that the files contained exif data which may identify the latitude and longitude where the pictures were taken. (Keep in mind, this data could also be spoofed). Overall, it appears as if these images came from just a handfull of individuals.

Map:

For the curious, this is a sanitized montage of the images:

sigh.

Lessons Learned:

  1. You cannot depend on TOR alone to render yourself truly anonymous. If you dont understand, its probably better if you dont use it.
  2. Dont do illegal things. Youll get caught eventually.

So thats it. Have a good weekend!

-julian (@techdad)

Continue reading on atechdad.com