[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-dev] Finding location metadata in large "dark market" datasets

To: tor-dev <tor-dev@xxxxxxxxxxxxxxxxxxxx>
Subject: [tor-dev] Finding location metadata in large "dark market" datasets
From: Griffin Boyce <griffin@xxxxxxxxxxxxx>
Date: Fri, 17 Jul 2015 21:23:34 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 17 Jul 2015 21:23:53 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cryptolab.net; s=stigmate; t=1437182615; bh=90G9hz7ymgXulwHCtn/NsnjWruPjo7xuvMoGCyl+FMc=; h=Date:From:To:Subject; b=TmXtRdbMzSa2Ah0VqtyusczWZZPImh7NR5hmi/sMwYXtVC0hlzCCp0gdiQGFSjcLW G6qLEfbq2C4bCrlSMxKkvZHE+e2mJKBpxh3CuAOc71v7aDwlzI0mgHrU/m4wXNVHG1 wBKq7effDRixX4+cKbLbmRRk4g2XG0p0QBGFMHsY=
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Roundcube Webmail

Hello all,

I came across a blog post that might interest you all. @techdad did aquick analysis of public images from online black markets (such as SilkRoad et al)[2] from 2011-2015, and came to the following conclusion:

"After parsing hundreds of thousands of images, I came across about 37unique images that were not properly sanitized."[1]

That's surprisingly low -- 0.00037% if one assumes 100k imagesanalyzed. Given the number of high-profile cases [4] where thislocation information led to arrests, it's not very surprising that somepeople likely took the time to remove the EXIF data, but I'm curiouswhether a given website may have stripped the metadata for uploadedimages. The images that tested positive are shown on the blog post, and8/37 were clearly from the same individual.

When mapped out, the location data is primarily in the US (5locations), along with 1 location in France and Australia.

Incidentally, the full 1.6TB dataset from 2011-2015 is available onthe Internet Archive [3], just in case the Hacking Team disclosureshaven't used up all your hard drive space. ;-) This data on its own isa rather interesting look into the workings of black markets -- many ofwhich no longer exist. Curious to see what you all think and whatanalyses you'd like to see from this kind of data.


best,
Griffin


[1] http://atechdad.com/Deanonymizing-Darknet-Data/
[2] http://www.gwern.net/Black-market%20archives
[3] https://archive.org/details/dnmarchives

[4]https://www.eff.org/deeplinks/2012/04/picture-worth-thousand-words-including-your-location



_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Prev by Author: [tor-dev] Stormy update
Next by Author: [tor-dev] Fwd: [DNSOP] [Gen-art] review: draft-ietf-dnsop-onion-tld-00
Previous by thread: Re: [tor-dev] 4th status report for OnioNS
Next by thread: [tor-dev] Some statistics on introduction point stability and correctness
Index(es):
- Author
- Thread