Whistleblowing in the surveillance age

This article appears in Bitcoin Magazine “The Inscription Question”. Click here to get your annual Bitcoin Magazine subscription.

Bitcoin enables the permanent recording of data in the public register. Yet whistleblowing on the blockchain remains a terrible idea.

Leaking information is a risky business. If you’ve acquired sensitive information (especially if you’re not supposed to have it), you can’t just send an email or post it to your Twitter feed. If you did, before you knew it, you would be tracked, identified, and thrown in jail, while the resulting data would be quickly deleted.

By registering information on the Bitcoin blockchain, the data you have obtained cannot be deleted. Just as a Bitcoin transaction is final, so is all information published on the blockchain. Forever there, visible to everyone in the world. But what sounds like a great information leak scheme – call it WikiLeaks 2.0 – is actually not a very smart idea.

Protecting whistleblowers is of paramount importance for any sophisticated publisher. And it’s certainly not easy. By self-publishing data directly to the Bitcoin blockchain, you may miss important data points that could identify you as the source. Readers would not be able to verify the chain of custody further, potentially discrediting your leak. Furthermore, neither Bitcoin nor the Internet are privacy technologies, which could potentially lead to your identity being leaked to the public through various mechanisms.

Watermarks and digital fingerprints

Many large companies use methods to identify sources of leaks, such as analyzing watermarks and digital fingerprints. Watermarking is the act of altering a piece of data to make it uniquely identifiable, while digital fingerprints are derived from information inherent in most forms of digital communication. Both are largely invisible to the human eye.

A popular method of watermarking is to adjust text spacing on documents accessible to employees. The use of text spacing to watermark documents was used by Elon Musk at Tesla to identify the person behind a 2008 email leak that revealed the company had only $9 million in cash on hand. Each email sent at Tesla has a slightly different text spacing, creating a binary signature to identify the source of a leak.

Another way to watermark documents is through printers. Again, most printers, especially laser printers, usually invisible to the naked eye, form unique dot patterns on printed documents to identify the printer on which the document is printed.

Click the image above to subscribe!

This was the case for Reality Winner, which leaked classified information about Russian interference in the 2016 US elections to the US newspaper The interception. The interception, funded by eBay founder and US intelligence friend Pierre Omidyar (called “one of the scariest tech billionaires out there” by journalist Yasha Levine), published Winner’s documents without removing the document’s watermarks, which is unfortunate. allegedly led to Winner’s arrest. While watermarking adds recognizable patterns Unpleasant Fingerprints are used to derive identifiable patterns by facts. For example, JPEG image headers usually contain unique metadata that provides indications of what device an image was taken on, as well as the time and location of the image. Fingerprints can also suggest which platform was used to communicate, as most platforms use differentiating compressor mechanisms to transmit data. Unless you are aware of all the ways a document can be watermarked and fingerprinted, leaking information yourself is not a good idea.

Chain of Custody

Establishing a chain of custody is important to protect the credibility of leaked information. Simply adding documents to the blockchain will not help journalists verify the integrity of the information you uploaded, likely discrediting your leak.

Chain of custody is important to maintain ethical reporting standards. Just as law enforcement is required to protect the chain of custody and ensure evidence has not been altered, journalists are expected to verify any information they receive. This is done by identifying where a specific document came from and how many (and whose) hands it passed through in the aftermath. Without documentation of how and by whom a document was handled, journalists can hardly determine whether a leak is genuine or whether it has been tampered with. In general, Chain of Custody attempts to answer the questions of who, when, why, where and how a document was discovered.

Discrediting has become somewhat of a profession. In general, there are two ways to discredit a leak: discredit the leaker and discredit the leak itself. Discrediting the leaker may involve exposing unwanted information about a target, such as sexual relationships or health issues, or outright framing a leaker to create the perception of bias, with an emphasis on WHO And Why.

Discrediting documents is largely accomplished by sowing further uncertainty around the chain of custody of a leak. Chain of Custody creates a dilemma here, because removing metadata to protect us from identification makes determining who, when, why, where and how much more difficult. In digital forensics, the focus is therefore often on whether documents appear authentic, accurate and complete, and whether documents are credible and explainable. Without an established chain of control, establishing authenticity, accuracy, completeness, credibility and explainability becomes much more difficult to establish, making discredit much easier.

While we can ensure that a leaked document has not been tampered with after it has been added to the blockchain, we cannot answer the questions of who, when, why, where, and how, regarding the often misunderstood dilemma that a blockchain can only can verify data it has produced itself – perfectly illustrated by Todd Eden in 2018, who added a photo of the Mona Lisa to the blockchain-based art platform VerisArt, turning himself into the verified Leonardo da Vinci. This makes leaking information about the Bitcoin blockchain pointless unless journalistic due diligence is applied.

Private information on the Internet

Contrary to public opinion, Bitcoin is not a privacy technology. Even if you have not recorded fingerprints on documents and followed chain-of-custody procedures, publishing information on the public blockchain can still lead to your identification.

The easiest way to determine where a leak originates is via so-called supernodes. A supernode is a node in Bitcoin’s peer-to-peer network that establishes connections to as many nodes as possible, allowing it to determine which node a transaction originated from.

We may now be thinking that using the Tor network may be enough to prevent our private data from being obtained. But because blockchain surveillance works closely with government information — Chainalysis has received more than $3 million from CIA’s venture capital fund In-Q-Tel in the past two years, while competitor Elliptic was founded out of a GCHQ accelerator — we have to assume that blockchain surveillance companies have access to the resources of global passive adversaries.

A global passive adversary is an entity with the capabilities to view the entire traffic on a given network. By doing this, it can determine the timing of when a packet was sent and when it was received, associating the sender and receiver. For example, if you used the Tor network from the United States to access a website in the United States, the United States knows which websites you visited by correlating the timing of network requests sent and received. Because the United States is a global passive adversary, it has the ability to link the timing of network requests globally.

Therefore, to leak information safely, it is recommended to do so via the Tor network from an Internet cafe and not to perform any other web request. If you leak a document from an Internet cafe and recently logged into your email from the same computer, your identity could be assumed even if you use Tor. Therefore, you should never use your own computers to leak information, as computers also leave fingerprints all over the world wide web, from the browser window size used to the applications installed. Moreover, it is advised to visit locations where information may be leaked while leaving your phone at home as intelligence may obtain your location data. The Nation States herein have the ability to track your location even if your GPS is turned off, by monitoring the network requests your phone sends to WiFi networks you pass by.

Unfortunately, you are unlikely to find an internet cafe where you can install a Bitcoin node. The only other way to leak information securely is to purchase a disposable, single-use computer, as using someone else’s node further leaks identifiable information to untrusted third parties. But once your personal devices and secret computer come into contact with the same networks, you can be identified again.


Information leakage is extremely important, especially when it comes to abuse of power. But it is also incredibly dangerous. Using Bitcoin as a platform for whistleblowing, as has been proposed several times across the ecosystem, is a terrible idea given the risks involved.

The Tor network is insufficient to protect one’s privacy in the face of global passive adversaries, making direct publication on the Blockchain incredibly difficult while ensuring the protection of one’s identity as the Bitcoin network is insufficient to protect one’s personally identifiable information to protect in general. Documents can contain invisible fingerprints that lead to someone’s identification, and a lack of chain of custody will likely result in your leak being discredited.

It is dangerous to believe that you are safe from both government and corporate surveillance because this results in less caution and more reckless actions. It’s always better to be safe than sorry. Unfortunately, this mantra doesn’t seem to resonate with many Bitcoiners these days.

This article appears in Bitcoin Magazine “The Inscription Question”. Click here to get your annual Bitcoin Magazine subscription.

Leave a Comment