[ianso]

Yar, I realise the Hezbollah thingy is only tangentally applicable, but I couldn't find a better example of a single mistake compromising an identity and thereby a network. I think that someone (maybe Cory Doctorow?) wrote a better, at-length post about how hard it is to stay anonymous but I couldn't find it, so I used this example instead.

Point 6 is my main stepping-stone from 'organised and capable' to 'government'. FWIW governments have deliberately set up 'dodgy banks' as a way of attracting money launderers and then busting them, so I think it's valid.

[scintill76]

Well, at least you agree the Hezbollah analogy is a stretch. Not sure I buy the opsec argument, or I don't understand it. Maintaining anonymity in this context doesn't seem very hard, although I may be naive there. Satoshi isn't an assassin in a high-profile paramilitary organization (so far as we know!) He doesn't have those kinds of people looking for him, the ones with extensive network taps, long histories of surveilling specific targets, and a drive to get answers even at high cost and legal/moral/diplomatic jeopardy. Or at least I doubt any law enforcement, natsec, or spy agencies thought much of this post[1] at the time, if they weren't the poster.

Of course there are more mundane slipups than the ones you mentioned, such as letting a traceable IP address into the email path log, etc. It just seems pretty easy to avoid those, and thus easy to avoid detection from people that are merely good researchers, as opposed to wide-scale network surveillers and crackers.

Bottom line, to borrow a point from sibling poster csomar, look at the trail that led to Ross Ulbricht (at least the one they're feeding the public, that doesn't involve NSA surveillance and cracking.) I believe ultimately he blew his cover by using his real name in a Gmail address. (He also recycled a pseudonym in multiple contexts that allowed investigators to link the little clues in each context together.. I guess Satoshi did that too, although arguably without such obvious clues.) It seems like not doing things this stupid would be good enough.

It has just occurred to me that there are non-technical things like language usage and times of online activity. People have analyzed stuff like this for Satoshi, but I don't think there's much conclusive, so I don't know if that's due to Satoshi's prowess or just the weak nature of such evidence. Even if there were pretty solid clues here, how would you really _prove_ that since Professor So-and-So used phrase XYZ in a paper and Satoshi did too, that means they are the same person? So what if there's only one known world-class cryptographer in the timezone Satoshi appears to be posting from?

[1]http://www.mail-archive.com/cryptography@metzdowd.com/msg099...

[hwh]

I guess my perspective on this is blurred by me being German, or in a broader context, European. Our institutions are not really known for laying such "traps". I guess it's different in the world of the secret services (as opposed to traditional law enforcement). And well, yes, in the US there's the DEA, maybe the FBI, too, but I always thought that their ability to legally create "dodgy banks" or similar are kind of a Hollywood thing.

In general, the US seems a lot more willing and capable to really invest capacities in fighting money laundery than any agency I can imagine here in the EU.

[celticninja]

yeah but those are much more easily controlled, there is no controlling bitcoin once it is out in the wild.

If it was an NSA project to catch, say terrorists, well first they have to wait for bitcoint o get enough traction for it to be worthwhile being used by terrorists, then you have to factor in the amount of work required to identify those terrorists and that you may actually enable terrorists that would otherwise have failed to get funding i.e. you assist in terrorist plots more than you identify terrorists from it.

[csomar]

but I couldn't find a better example of a single mistake compromising an identity and thereby a network.

Silkroad? Seems like the perfect example to me.