| HN Mirror

TL;DR: The Identity to BTC link has to be broken, no matter how you do it, and not in a way that is human-indecipherable but truly distanced.

If your target uses BTC to avoid CC payments, then they had better know how to prevent tracking the payment on the blockchain as well. If I were targeted by a bad actor with state level resources, I would assume any bitcoin transactions to ProtonVPN would be spotted easily and I would assume any wallets I've used are hot. There were lots of ways to do this explored by users of onion sites who purchased illegal items. One of the most popular was to 'launder' the coins using a mixing service which shuffles around the BTC (for a fee) and sends it to a wallet of your choice, typically a one time use wallet which sends the balance to your account on the onion site for purchases from other users. The onion site operators may also mix up their coins, making it a little harder still. The coins from origin are received, split into a bunch of tiny transactions all over in various wallets, like shuffling cards, then many wallets send small amounts whose sum is the amount laundered minus fees, to the final destination one way or another. I encourage you to browse forums on such sites for the scoop on what the users think they know, as well as what security researchers have published on the subject.

Example: User Alice wants to pay for services from Bob. Bob's services are a little questionable in Alice's jurisdiction and she is concerned about someone finding out about her payment. If Alice is being surveilled directly, and the attacker knows about the wallets Alice uses because they got records from the company she buys coins from (or somewhere else like sniffing her traffic), and the service is priced at $X on Y date given the bitcoin value at the time, the attacker can look for any transactions for that amount on dates which Alice visited the site and compare the transactions.

In our example, lets say Alice wants to upgrade to paid ProtonVPN service but doesn't want Throckmorton's Sign Company [1] to find out about it. TSC suspects Alice may be trying to smuggle information through a VPN. Alice is smart and uses all the best practices. She's got a locked down mobile device with no cellular antenna connected to a long range directional antenna. She leaves her phone at home, drives the most secure route available by avoiding main streets with traffic cameras and license plate scanners. She parks in a cheap apartment complex parking lot (no guards/cams) at the base of the mountain. She pulls a mountain bike from the trunk and places her handgun in a waist pack, and rides to a higher elevation scenic point with no security/safety cameras and infrequent civilian or police traffic, aims her high gain antenna at the hotels below, and gets a WiFi signal. She connects with a spoofed MAC address, from a Tails ISO on optical media, to somewhere she cannot be physically linked to, using a device modified for safety. She has a script which changes her apparent desktop resolution, browser size on every page load, user agent strings, window dimensions, all kinds of fingerprinting avoidance. Alice uses a virtual keyboard which randomizes the delay between keystrokes before forwarding her input. Alice checks her configuration for holes, checks TOR, checks DNS, etc. and everything is solid. Feeling secure now, Alice logs into a brand new Proton account not associated with her, checks the price, and pays via Bitcoin. She bought bitcoin from a reputable exchange and had it deposited to a new wallet. She then transfers these coins to another wallet which is brand new and uses this to pay Proton.

An unknown actor at a TSC subsidiary agency has absconded with classified intelligence reports. Agent A is being watched, his stuff searched, no reports found, and Agent A won't talk. TSC thinks Agent A leaked it. Surely he sent it to some damn media hippie who loves communism and Vegemite, and now the whole world will know. They must stop the leak. TSC knows Agent A is a Vegemite sympathizer and is known to talk with people from the media sometimes, which is why they were watching him. They know he eats at Joe's Restaurant. A TSC agent dresses in a shabby suit he rented and puts on a local law enforcement badge and ID. He goes to Joe's and interviews the manager under the auspices of a criminal investigation. The manager at Joe's was all too happy to point out that he comes in every Wednesday, sits at a table near the rear fire exit facing the door with his back to a wall in a part of the dining room with no clear window views. He always orders Vegemite sandwiches and dresses nice. But he noticed that once a month or so, Agent A has someone with him, a real pretty lady friend. He assumes they are having an affair, and he's curious about it, so he pays a little more attention to Agent A and thought there was something funny about him, and he's eager to tell the "policeman" all about it. Agent A always looks sharp but on those days he dresses down a little, wears sunglasses, and removes his wedding ring. The manager calls over Agent A's usual waiter and asks him to tell the nice officer all about this suspicious character. Agent A's waiter says he saw a media ID sticking out of her wallet when she paid one night, so he knows she works for XYZ media. Our friendly TSC agent thanks them for their time and leaves, giving them a business card with a "detective" to contact with any new details.

TSC has only to look at all bitcoin transactions received by Proton since the leak, and I imagine this is a small set, and look at where those coins came from. TSC can and does keep banking and financial records for companies who sell Bitcoin. They run a search against the transactions looking for any wallets associated with those used to pay Proton during the period since the leak. They find 666 wallets. 420 are from Alice's country. Of these payers, only 42 paid with BTC from a wallet which had no other appreciable history. They check these 42 and the wallets connected to them by BTC transactions and find exactly one which was separated by 2 degrees and funded by BTC from Alice's reputable exchange. They quickly search the exchange's records and find that the wallet in question was funded by an account with a CC# belonging to one Alice Suspect who lives right there in Big Brotherville, and her name is on the list of XYZ media employees. TSC now knows Alice bought a VPN account, and to some courts that might be enough to escalate this. In some jurisdictions that shit will get you killed. Alice lives in a civilized democratic nation however, so instead she becomes the target of a massive and focused TSC investigation. They raid her home or intercept her vehicle, maybe they throw her in a van with a burlap sack over her head. Regardless of how they get her, TSC agents find encrypted disks, and order her to unlock them or go to prison (or face a $5 hammer). Alice sure did a lot to cover her ass, for nothing. One leaker, one media contact locally with a BTC wallet which paid Proton. Even assuming they don't target Proton, but check against all records of all VPNs on a list, doesn't change much but computing requirements to find out who is buying VPN service with BTC on their list. Assuming they don't ever go to Joe's restaurant, or even know about the pretty lady, they know local media only has so many journalists, fewer who travel these circles, and fewer still who would touch something that hot. Even assume they check ALL journalists in the entire country, how freakin hard would you have to look? How many suspects would there be who have bitcoin exchange accounts? Monitoring their search entries or IP traffic would reveal a lot and narrow the list down. Assume this is all happening in a state with a highly developed legal system and TSC has to request warrants and subpoena records to get them, and show to the satisfaction of a court that she is guilty, they still have the authority needed to grab the rest of the info they need once they have a short list of targets and they can acquire the rest through this investigation. Assume TSC never found the actual documents on Alice or in her property, the original problem of Alice being known to use a VPN is still not solved. Another approach would be to check all persons of interest for bitcoin exchange accounts by CCs, emails, names, etc., and then check those accounts for direct or indirect payments to VPN receiving wallets. Let's even assume that Alice purchased a prepaid credit card and for some reason was able to buy bitcoins with it, now they just ask FailMart to give them the register record and the video from that time. Even assume Alice isn't a journalist but a source as the OP says, and this source doesn't want people knowing they got a VPN. Follow the same breadcrumbs and you still have a bloody short list, the rest is old school tradecraft and detective work. In a not so developed legal system, only a shred of suspicion can end your life without needing anything solid at all. You see where I'm going I hope. The moral of the story is, BTC come from money, money is watched, BTC are watchable, so without a mixnet or something between purchase of coins and purchase with said coins, or a way to acquire them with complete anonymity, you're holding up a sign with your name on it which is just obfuscated enough to seem anonymous to average people. Money and identity are linked thanks to our current global financial system and all of the people who have exploited it. Selling BTC is regulated to "prevent drug lords and child sex traffickers" and other evil persons of the week from using BTC to launder money, but it's watched anyhow and every technique to link identities of individuals to bitcoin purchases can be assumed to be in use.

[1] This is actually funny, a medical joke. https://radiopaedia.org/articles/throckmorton-sign-pelvis