Not private enough: Mixers and decoys won’t protect you for long

I often hear people say that tools like mixers or using fresh addresses for every crypto transaction are sufficient privacy protections because they provide plausible deniability. This is a naive understanding of how surveillance works.

Military surveillance

In a previous life, I led a program to equip a country in the Middle East with surveillance capability. They were interested in tracking military movements of a nearby country that posed a threat. We built a rich dataset of “facilities and assets,” largely by ingesting satellite imagery, but also intelligence from drones and other sources. The imagery was processed, analyzed and augmented with third-party data sources, such as Jane’s.

Source: Jane’s

A signal snapshot of a facility at a given point in time revealed data. But, it was the changes in data that yielded the most meaningful information. What aircraft is there? Where did it come from or move to? What other types of supporting infrastructure is around? Has anything changed? Where is electricity being used in the buildings? Has that changed? Based on the data, and changes in that data, what might that country be intentionally or unintentionally signaling?

Commercial digital surveillance

Later, a coworker from the intel project and I used some of the same techniques to surveile the internet, first for targeted marketing campaigns, and then in an effort to help companies connect with freelance workers. We were able to combine data from over two dozen sources to create rich profiles of people. It was fairly trivial to obtain PII. But it was the aggregation of data over time that yielded the richest insights.

For example, you can infer how much money someone makes based on their job history and location. You can infer someone’s travel and spending habits by the pictures they post online, which contain both metadata (e.g., date, location) and also what’s in the photo, just as we could determine what type of plane was at a given airbase. Using clues from language and cross links, it was often the case that we could find pseudo-anonymous accounts of known profiles. What we were able to discover was troubling, and we shut down the program.

This is happening around the world, both commercially, as we were doing, and in countries like China and the US.

Shield your assets

Mixers provide some level of probabilistic privacy. But that probabilistic information is extremely useful to surveillers, especially as the tapestry is woven over time. If a surveiller can create probabilistic models, it is enough to build incredibly rich profiles in order to predict, influence, or manipulate future behavior by testing and gauging responses.

The best means to protect yourself from this type of privacy intrusion is to reduce leakages. This makes it more difficult to create a complete picture. For example, it was more challenging to build rich profiles on civil engineers than programmers, simply because civil engineers tended to post less things online.

Reducing leakage includes limiting your use of public blockchains, where your financial dealings are stored in a public database, for everyone to see, for all time — and where it can be correlated with your other online behaviors. Tools like mixers may help obscure a particular transaction, but surveillance technology is rapidly getting more sophisticated, and it’s increasingly easier to probabilistically determine the counter parties of a single mixed transaction and to build profiles based on the aggregation of these probabilities over time. The best option in crypto to minimize data leakage is to store your wealth in a shielded address

There is no such thing as perfect privacy. But you can take steps to protect your current and future self from the prying eyes of others who may wish you harm.

Recent blog posts: