[tor-dev] Finding location metadata in large "dark market" datasets
Griffin Boyce
griffin at cryptolab.net
Sat Jul 18 01:23:34 UTC 2015
Hello all,
I came across a blog post that might interest you all. @techdad did a
quick analysis of public images from online black markets (such as Silk
Road et al)[2] from 2011-2015, and came to the following conclusion:
"After parsing hundreds of thousands of images, I came across about 37
unique images that were not properly sanitized."[1]
That's surprisingly low -- 0.00037% if one assumes 100k images
analyzed. Given the number of high-profile cases [4] where this
location information led to arrests, it's not very surprising that some
people likely took the time to remove the EXIF data, but I'm curious
whether a given website may have stripped the metadata for uploaded
images. The images that tested positive are shown on the blog post, and
8/37 were clearly from the same individual.
When mapped out, the location data is primarily in the US (5
locations), along with 1 location in France and Australia.
Incidentally, the full 1.6TB dataset from 2011-2015 is available on
the Internet Archive [3], just in case the Hacking Team disclosures
haven't used up all your hard drive space. ;-) This data on its own is
a rather interesting look into the workings of black markets -- many of
which no longer exist. Curious to see what you all think and what
analyses you'd like to see from this kind of data.
best,
Griffin
[1] http://atechdad.com/Deanonymizing-Darknet-Data/
[2] http://www.gwern.net/Black-market%20archives
[3] https://archive.org/details/dnmarchives
[4]
https://www.eff.org/deeplinks/2012/04/picture-worth-thousand-words-including-your-location
More information about the tor-dev
mailing list