why bother tumbling?

this question has been nagging at me for ages. one purchases BTC from, say, localbitcoins, then send to one's market btc address. No-one knows who owns that target address - or even that it is associated with a DNM. In the event the site gets siezed THEN the cops could see addresses and associate them with a useraccount and the origin address - but only if the site is compromised. If one changes one's market address after every transaction then there is no record of who controlled that target address. So why bother tumbling?


Comments


[12 Points] AgoraMarket:

Allow me to re-post a small rant on why "not tumbling" is not a big deal:


"There is so much paranoia surrounding tumbling. I'll preface this by saying that I do tumble my coins, but is it necessary? For buyers, not really. As a buyer, if you don't tumble your coins, nothing will happen. Blockchain analysis has been talked up on dark market sites as a nearly omniscient technique that can identify anyone easily. Reality: using blockchain analysis to identify unknown people is simply impossible. Far more important is encrypting your address.

Picture yourself as LE trying to identify an unknown suspect using nothing but the flow of coins through random bitcoin wallet addresses. You can't tell if any given address is a private wallet, belongs to a dark market, to Coinbase, to LBC, or anything else. You can't subpoena the dark market. You can't subpoena all known bitcoin exchanges on the mere hunch that a wallet might belong to one of them. Even if a DNM user buys coins in their own name through Coinbase, sends them directly to a DNM, buys something, then sends any remaining coins directly back to Coinbase to cash them out, the coins still aren't fully traceable because all DNMs have internal tumblers. The entire concept is absurdly far-fetched. If blockchain analysis were truly as powerful as some like to think, tons of vendors would be dropping like flies and rounded up within weeks. Reality: likely fewer than 1% of darknet vendors have ever been caught.

You will never see blockchain analysis mentioned in a vendor indictment as hard proof that DNM Vendor X was cashing out coins using Service Y. Not going to happen. One of the Ulbricht indictment documents explicitly mentioned that the SR1 internal tumbler rendered blockchain analysis pointless.

Why bother tumbling coins, then? For vendors anyway, blockchain analysis could theoretically be used after-the-fact as circumstantial evidence. First identify a suspect behind a vendor/buyer account, then subpoena CoinBase and see if they have an account there, and what wallets are tied to it. But remember, all vendors to date -- without exception -- have been caught through normal police work, package profiling, and vendor slip-ups. Not blockchain analysis.

The way some folks here talk up tumbling promotes an extreme sense of paranoia among newbies who don't know any better. You didn't tumble your coins? Guess what, nothing is going to happen."


Rant off.


[9 Points] None:

Because not all of us buy from localbitcoins.


[8 Points] Trance_Forming:

For pennies on the dollar, why not? Don't assume that your market will never be seized. Buyers were prosecuted after Sr1 went down,and it's best to just assume every worst possibility, cuz in the event that you get fucked over something as insignificant as tumbling your coins, you're gonna be kicking yourself in the ass for a long while in prison.


[2 Points] iLoveDNM:

Okay, so say you don't tumble, all your coins go directly from LBTC vendor's wallet to your market wallet. Those wallets are watched, and police follow the little strings of association to wherever they can. Now while there may be little to tie you to these coins, but the trail leads straight to the local bitcoin guy, who (as he's operating more or less legally) probably has his wallet tied to an account with his real life information attached to it. His wallet is likely much fatter than yours, and likely has much more activity. This lively wallet now looks like it's at least partially involved in the darknet market scene. They may not be able to follow this trail to you, but it's bad ju-ju to bring that sort of heat down on to somebody for no reason.


[2 Points] None:

Other than all the reasons why you should tumble for any given purchase ... there is the far, far greater fear of one instance becoming two. Two becoming "oh I'll only do it for huge orders." That to not doing it. Other people see you not do it, not get caught, and the habit spreads. Now our dicks flailing about in the open.


[2 Points] sapiophile:

My opinion is that if your coins are decently secure in their anonymity from the get-go, there's not really much reason to tumble before using them on a market, if your threat model isn't unusual.

The largest component of the threat comes from the seller's knowledge linking your physical appearance to that particular BTC address, and from any cameras that may have recorded your physical person in the area. However, these data are not that easy to link with much that will actually identify you, assuming you are not under close, targeted surveillance to begin with.

LBC sellers (at least in the U.S.) do come under some heat, at times - a lot of what they do is in fact illegal (unlicensed money transmitter/money services business), even if most of them don't know it. It's not unreasonable to think that they might succumb to some pressure from LE to identify buyers - but this isn't very likely without a clear and targeted investigation.

You can always disguise yourself a bit when using LBC. And you can also tumble your coins.

It all just depends on what your security model is.

edit: spelling

edit2: I should also add that metadata information about, say, your cellphone's location and the LBC seller's location are fairly easy to corroborate, and this may actually be the greatest threat of all. This metadata, at least in the U.S., may not be protected by need of a warrant. Again, if your threat model includes potential active investigation, it may be wise to leave any wireless devices at home when making an LBC purchase.


[1 Points] samwhiskey:

Because opsec!!!!!


[1 Points] jdjdjdjdkjie93djjffu:

No one has been traced through the blockchain yet, even people trying to fund the sheep admin theif lost track of him and he could not have mixed that amount.

That being said the blockchain is a permanent record and sites like coinbase can already trace 'their coins' to some extent, enough to flag your account if you are moving coins out to a mixer. This would probably set off flags too if you moved directly into a market. Its actually quite trivial to do since these services operate well known addresses your coins eventually will cross into. Some people have reported coinbase flagging thier account and hijacking their coins because they moved them straight from a gambling site into coinbase to sell.

Also LBC has your info if you gave it to them, such as ip and any payment info you posted through the site. Use LBC with tor and cash deposits and you dont need to mix your coins, otherwise mix every time.


[1 Points] greenletz:

The point of tumbling is that the blockchain is FOREVER. LBC probably keeps records FOREVER. Your bank keeps records for years. CCTV is kept for years. Who knows what records your LBC vendor keeps. etc. The point of tumbling is that there's lots of data being kept by lots of people, and making the trail hard to follow is good insurance.


[1 Points] xiferz:

Thanks all for your thoughts. Apologies if the question was similar to previously asked but the responses were useful for me.

TIL (realised)

a) that tumbling is risky as the admin may at any time abscond with all funds flowing through the service.

b) that OPSEC would best be served by making cash deposits.


[1 Points] MyDogGetsHemroids:

I've been reading all replies that say LBC as Lite Bitcoins... I should never go on the internet high...


[1 Points] sshootanthraxx:

because you have to work under teh assumption that the site will at some point be seized...

if your lbc is clean i.e. opened via tor never accessed on clearnet and no real nformation to identify your self there is no point to tumble.


[0 Points] IGetDankShit:

I feel like this has been asked 3 times today alone, and at least a hundred times on this subreddit before. Here's a reply I just wrote up a few hours ago on this same issue:

http://www.reddit.com/r/DarkNetMarkets/comments/2goz8w/any_free_btc_tumbling_services/ckl6xmf


[0 Points] europe120:

If you wanna be super paranoid you can do that there's two extreams to it, Getting caught vs Being "uknown".

I could bore you with the play throughs of all posible scenarios in that spectrum but don't worry niether of us have the time for it.