logoalt Hacker News

maxrmk01/21/20256 repliesview on HN

Cool! Contrary to some of the other posters I think this definitely counts as deanonymization, or at least is close enough. How anonymous would satoshi be today if we had his location to within 250 miles?

Repeated applications of this attack (maybe disguised somehow?) could let you track someone’s travel over time, and it is usually only takes 4-5 zip code sized locations to uniquely identify someone.

Replies

aimazon01/21/2025

The counter point is that anyone who cares about being anonymous is using methods to disguise their identity that cannot be compromised by this attack, e.g: a VPN. Plus, there are much more effective versions of this attack, like sending a link to an endpoint that you control -- getting someone to click a link isn't hard if you're considered trustworthy enough to send them notifications. And less technical versions, like correlating when the user is online vs. offline with timezones around the world.

The method that both Apple and Cloudflare use in their own privacy software (iCloud Private Relay for apple, WARP for Cloudflare) is specifically based on the idea that your region is not information that reveals your identity. If you enable Apple Private Relay, your origin IP will be obscured but the IP your traffic is routed through will be in the same country -- same principle.

https://www.apple.com/icloud/docs/iCloud_Private_Relay_Overv...

This attack is academically interesting and novel but it's not "deanonymization".

show 5 replies
meowface01/21/2025

Satoshi's possible home IP address actually did leak shortly after Bitcoin's release, though it wasn't realized until years later.

(It definitely may not be him and might instead be a random early user. But I think there's a moderate chance it's him.)

Details: https://news.ycombinator.com/item?id=29728339

(I don't advocate attempting to find and publish his name and address, since it'd make his life difficult, but it's still very interesting in the abstract as a curious unsolved mystery for all these years despite the number of eyes on it.)

cenamus01/21/2025

How many people live in a 250 mile circle around New York?

show 2 replies
kachapopopow01/21/2025

You can already do the same with advertisement ID in (almost) every single one of these applications.

byearthithatius01/21/2025

Still quite anon. He almost certainly used a VPN, and if he didn't he likely lived in a major city which included thousands if not hundreds of thousands of capable engineers. If it said he was in SF during some messages that would tell us literally nothing.

kandesbunzler01/22/2025

... very anonymous because he was most likely using a VPN lmao