Illegal Content and the Blockchain

Security researchers have recently discovered a botnet with a novel defense against takedowns. Normally, authorities can disable a botnet by taking over its command-and-control server. With nowhere to go for instructions, the botnet is rendered useless. But over the years, botnet designers have come up with ways to make this counterattack harder. Now the content-delivery network Akamai has reported on a new method: a botnet that uses the Bitcoin blockchain ledger. Since the blockchain is globally accessible and hard to take down, the botnet’s operators appear to be safe.

It’s best to avoid explaining the mathematics of Bitcoin’s blockchain, but to understand the colossal implications here, you need to understand one concept. Blockchains are a type of “distributed ledger”: a record of all transactions since the beginning, and everyone using the blockchain needs to have access to—and reference—a copy of it. What if someone puts illegal material in the blockchain? Either everyone has a copy of it, or the blockchain’s security fails.

To be fair, not absolutely everyone who uses a blockchain holds a copy of the entire ledger. Many who buy cryptocurrencies like Bitcoin and Ethereum don’t bother using the ledger to verify their purchase. Many don’t actually hold the currency outright, and instead trust an exchange to do the transactions and hold the coins. But people need to continually verify the blockchain’s history on the ledger for the system to be secure. If they stopped, then it would be trivial to forge coins. That’s how the system works.

Some years ago, people started noticing all sorts of things embedded in the Bitcoin blockchain. There are digital images, including one of Nelson Mandela. There’s the Bitcoin logo, and the original paper describing Bitcoin by its alleged founder, the pseudonymous Satoshi Nakamoto. There are advertisements, and several prayers. There’s even illegal pornography and leaked classified documents. All of these were put in by anonymous Bitcoin users. But none of this, so far, appears to seriously threaten those in power in governments and corporations. Once someone adds something to the Bitcoin ledger, it becomes sacrosanct. Removing something requires a fork of the blockchain, in which Bitcoin fragments into multiple parallel cryptocurrencies (and associated blockchains). Forks happen, rarely, but never yet because of legal coercion. And repeated forking would destroy Bitcoin’s stature as a stable(ish) currency.

The botnet’s designers are using this idea to create an unblockable means of coordination, but the implications are much greater. Imagine someone using this idea to evade government censorship. Most Bitcoin mining happens in China. What if someone added a bunch of Chinese-censored Falun Gong texts to the blockchain?<

What if someone added a type of political speech that Singapore routinely censors? Or cartoons that Disney holds the copyright to?

In Bitcoin’s and most other public blockchains there are no central, trusted authorities. Anyone in the world can perform transactions or become a miner. Everyone is equal to the extent that they have the hardware and electricity to perform cryptographic computations.

This openness is also a vulnerability, one that opens the door to asymmetric threats and small-time malicious actors. Anyone can put information in the one and only Bitcoin blockchain. Again, that’s how the system works.

Over the last three decades, the world has witnessed the power of open networks: blockchains, social media, the very web itself. What makes them so powerful is that their value is related not just to the number of users, but the number of potential links between users. This is Metcalfe’s law—value in a network is quadratic, not linear, in the number of users—and every open network since has followed its prophecy.

As Bitcoin has grown, its monetary value has skyrocketed, even if its uses remain unclear. With no barrier to entry, the blockchain space has been a Wild West of innovation and lawlessness. But today, many prominent advocates suggest Bitcoin should become a global, universal currency. In this context, asymmetric threats like embedded illegal data become a major challenge.

The philosophy behind Bitcoin traces to the earliest days of the open internet. Articulated in John Perry Barlow’s 1996 Declaration of the Independence of Cyberspace, it was and is the ethos of tech startups: Code is more trustworthy than institutions. Information is meant to be free, and nobody has the right—and should not have the ability—to control it.

But information must reside somewhere. Code is written by and for people, stored on computers located within countries, and embedded within the institutions and societies we have created. To trust information is to trust its chain of custody and the social context it comes from. Neither code nor information is value-neutral, nor ever free of human context.

Today, Barlow’s vision is a mere shadow; every society controls the information its people can access. Some of this control is through overt censorship, as China controls information about Taiwan, Tiananmen Square, and the Uyghurs. Some of this is through civil laws designed by the powerful for their benefit, as with Disney and US copyright law, or UK libel law.

Bitcoin and blockchains like it are on a collision course with these laws. What happens when the interests of the powerful, with the law on their side, are pitted against an open blockchain? Let’s imagine how our various scenarios might play out.

China first: In response to Falun Gong texts in the blockchain, the People’s Republic decrees that any miners processing blocks with banned content will be taken offline—their IPs will be blacklisted. This causes a hard fork of the blockchain at the point just before the banned content. China might do this under the guise of a “patriotic” messaging campaign, publicly stating that it’s merely maintaining financial sovereignty from Western banks. Then it uses paid influencers and moderators on social media to pump the China Bitcoin fork, through both partisan comments and transactions. Two distinct forks would soon emerge, one behind China’s Great Firewall and one outside. Other countries with similar governmental and media ecosystems—Russia, Singapore, Myanmar—might consider following suit, creating multiple national Bitcoin forks. These would operate independently, under mandates to censor unacceptable transactions from then on.

Disney’s approach would play out differently. Imagine the company announces it will sue any ISP that hosts copyrighted content, starting with networks hosting the biggest miners. (Disney has sued to enforce its intellectual property rights in China before.) After some legal pressure, the networks cut the miners off. The miners reestablish themselves on another network, but Disney keeps the pressure on. Eventually miners get pushed further and further off of mainstream network providers, and resort to tunneling their traffic through an anonymity service like Tor. That causes a major slowdown in the already slow (because of the mathematics) Bitcoin network. Disney might issue takedown requests for Tor exit nodes, causing the network to slow to a crawl. It could persist like this for a long time without a fork. Or the slowdown could cause people to jump ship, either by forking Bitcoin or switching to another cryptocurrency without the copyrighted content.

And then there’s illegal pornographic content and leaked classified data. These have been on the Bitcoin blockchain for over five years, and nothing has been done about it. Just like the botnet example, it may be that these do not threaten existing power structures enough to warrant takedowns. This could easily change if Bitcoin becomes a popular way to share child sexual abuse material. Simply having these illegal images on your hard drive is a felony, which could have significant repercussions for anyone involved in Bitcoin.

Whichever scenario plays out, this may be the Achilles heel of Bitcoin as a global currency.

If an open network such as a blockchain were threatened by a powerful organization—China’s censors, Disney’s lawyers, or the FBI trying to take down a more dangerous botnet—it could fragment into multiple networks. That’s not just a nuisance, but an existential risk to Bitcoin.

Suppose Bitcoin were fragmented into 10 smaller blockchains, perhaps by geography: one in China, another in the US, and so on. These fragments might retain their original users, and by ordinary logic, nothing would have changed. But Metcalfe’s law implies that the overall value of these blockchain fragments combined would be a mere tenth of the original. That is because the value of an open network relates to how many others you can communicate with—and, in a blockchain, transact with. Since the security of bitcoin currency is achieved through expensive computations, fragmented blockchains are also easier to attack in a conventional manner—through a 51 percent attack—by an organized attacker. This is especially the case if the smaller blockchains all use the same hash function, as they would here.

Traditional currencies are generally not vulnerable to these sorts of asymmetric threats. There are no viable small-scale attacks against the US dollar, or almost any other fiat currency. The institutions and beliefs that give money its value are deep-seated, despite instances of currency hyperinflation.

The only notable attacks against fiat currencies are in the form of counterfeiting. Even in the past, when counterfeit bills were common, attacks could be thwarted. Counterfeiters require specialized equipment and are vulnerable to law enforcement discovery and arrest. Furthermore, most money today—even if it’s nominally in a fiat currency—doesn’t exist in paper form.

Bitcoin attracted a following for its openness and immunity from government control. Its goal is to create a world that replaces cultural power with cryptographic power: verification in code, not trust in people. But there is no such world. And today, that feature is a vulnerability. We really don’t know what will happen when the human systems of trust come into conflict with the trustless verification that make blockchain currencies unique. Just last week we saw this exact attack on smaller blockchains—not Bitcoin yet. We are watching a public socio-technical experiment in the making, and we will witness its success or failure in the not-too-distant future.

This essay was written with Barath Raghavan, and previously appeared on

EDITED TO ADD (4/14): A research paper on erasing data from Bitcoin blockchain.

Posted on March 17, 2021 at 6:10 AM47 Comments


Winter March 17, 2021 7:53 AM

There are two avenues for states to thwart the introduction of illegal content on the ledger:

1: Bitcoin owners are not really anonymous, just pseudonymous, as many criminals have discovered. And work is underway to separate really anonymous bitcoin users from those who have supplied Know-Your-Customer data. The upshot is, that any bitcoin not declared with KYC info will not be usable with any Western (or Chinese) customer. There are already blacklists of bitcoins.

2: The bitcoin miners are much more centralized than the users. States could go after the miners who validated the contaminated blocks. If miners and mining pools get hefty fines (or worse) when they validate transactions with illegal content, this would quickly stop.

Conrad Leonard March 17, 2021 8:33 AM

I found this fascinating. The blockchain is accumulating non-functional and even detrimental elements organisms’ genomes do – fossil viruses if you like. And if you want to stretch the analogy further, forking = speciation events.

Intriguing March 17, 2021 8:47 AM

The inclusion of illegal pornography or potentially classified information seems like it might be a malicious attack to discredit and destroy the blockchain.

We do know many governments (OECD and non-OECD) are none too thrilled with the existence of currency outside of their control.

Seth March 17, 2021 8:58 AM

Sounds like the bug here is supporting metadata in the ledger. Just support, you know, ledger data. I think people would complain but then get along just fine. Third party metadata services might pop up, allowing this “content” to be removed without forking.

tim March 17, 2021 9:22 AM

We do know many governments (OECD and non-OECD) are none too thrilled with the existence of currency outside of their control.

What else governments aren’t too thrilled about? That I can take a live chicken down to the farmers market and trade it for vegetables and wool socks. Making live chickens more of a currency than bitcoin will ever be.

David March 17, 2021 9:46 AM

So all manner of bloat and cruft gets permanently added to the blockchain, making update distribution bandwidth grow out of control?

Winter March 17, 2021 9:48 AM

I do not really understand the problem. As I tried to find the amount of data that can be stored on the Bitcoin ledger, the maximum I could find was 83 byte per transaction:

As Bitcoin transactions are not free of charge nowadays, it becomes rather expensive to store lots of data there.

So, the question becomes, how much data can actually be stored in a Bitcoin transaction? 83 bytes or more?

Chelloveck March 17, 2021 9:51 AM

Illegal content aside, does the blockchain have any defense against a flooding attack? Could someone dump enough random crap in there to render the blockchain useless for its intended purpose? It seems like any sort of ledger which must be world-writable and does not tolerate deletion would be wide open to this sort of attack.

tfb March 17, 2021 9:54 AM

@Seth: the trouble is that ‘ledger data’ is just, well, bits. And bits are famously capable of encoding anything. I could encode a series of transactions for 65, 32, 83, 69, 67, 82, 69 & 84 units of whatever currency I’m interested in. That’s a perfectly fine sequence of transactions … but it’s also something else.

Winter March 17, 2021 10:09 AM

I found the way the data is stored in the ledger, it abuses the bitcoin addresses.

The bits are cut up in bitcoin address size chunks and these are then entered as the outgoing addresses for a transaction. The limit is 100,000 bytes per transaction, which is considerable. A miner can use a complete block of 1 MB.

You collect all the (fake) addresses and can reconstruct the original file from the bits.

As the addresses are fake, the ingoing bitcoins become unspendable.

skippan March 17, 2021 10:27 AM

Techniques that ban “contaminated” blocks won’t work because data can be split up, so the “illegality” of each piece can’t be determined separately, and distributed arbitrarily deeply in the chain.

Second, the network always has the option of reaching consensus to remove arbitrary data by forking to make a new chain whose initial state is all the non-objectionable data and transactions. So the problem reduces to “what if the gov’t tries to make bitcoin illegal for reasons that the network doesn’t agree with”, which is not a new problem.

bruno March 17, 2021 10:29 AM

Question: Is there actually illegal pornography inside the blockchain, or are there just links? From what I found on the web (including some published papers) it sounded more like links.
Does anyone have a reliable source on this, not just a ‘news report’? Thanks!

David Rudling March 17, 2021 10:49 AM


You ask “What happens when the interests of the powerful, with the law on their side, are pitted against an open blockchain?”

You know the answer to that. All else is extraneous detail.

Vesselin Bontchev March 17, 2021 12:47 PM

This is nothing new. There is a log of shit stored just in the Bitcoin blockchain – probably some is stored in the others, too.

Here are some amusing examples of what’s there, including Wikileaks leaked cables:

And then, there is the not-so-amusing stuff…

Child pornography is stored there – yes, both links and images.

Researchers from the RWTH Aachen University, Germany found that around 1,600 files were currently stored in bitcoin’s blockchain. Of the files least eight were of sexual content, including one thought to be an image of child abuse and two that contain 274 links to child abuse content, 142 of which link to dark web services.

There are viruses stored in it, also the EICAR Test String (which isn’t malicious but it’s a standard string that scanners detect as malware to demonstrate safely how they react when detecting malware).

The use of blockchain for command-and-control purposes of malware has been considered for quite some time, here’s an article from a year ago:

Steven March 17, 2021 1:30 PM

Suppose Bitcoin were fragmented into 10 smaller blockchains, perhaps by geography: one in China, another in the US, and so on. [..] Metcalfe’s law implies that the overall value of these blockchain fragments combined would be a mere tenth of the original.

It’s worse than that.
One major use of bitcoin is to move money across national boundaries outside of government purview, e.g. CNY -> bitcoin -> CAD. National silos prevent that.

Arclight March 17, 2021 7:15 PM

Isn’t this just a logical extension of using the personals ads in the LA Times to distribute a covert message to a spy ring or similar? There is a persistent aspect that is different, but the command and control idea has been around a long time.

Clive Robinson March 17, 2021 9:29 PM

@ Arclight,

There is a persistent aspect that is different

Not realy, history shows that graffiti was sometimes done with a chisel. At over a millennium or four[1] that’s most definitely more permanent than the block chain 😉

Which realy emphasizes your first point, that people will put their message out any which way they can.

[1] Oh and do not forget “cave art” grinding red/orange ochre –haematite, iron(III) oxide, Fe2 O3 being the main pigment– into water that was then spat around a spread hand on a cave wall atlrast fifty millennia or more ago,

And could be sixty or more millennium ago (Man arived in Australia ~65,000 years ago and would have first migrated slowly through Indonesia, Papua New Guinea and the legandary Torres Strait[2] and into North Australia.

[2] The Torres Strait at just under a hundred miles wide at it’s narrowest, is legandary as being a hazardous place not just to shipping but as a place of islands and reefs fighting against nature and more recently climate change effects and now COVID. It’s also one of the few places in the world where an international trade route has “required pilotage”. The straits being relatively shallow and having a very large volume of water flow through it needs carefull timing not just daily but monthly and seasonally. Where exotically named lunar phases, such as super blue blood moon’s[3] create surging King tides that can surge upto 20ft above normal and annually inundate many of the Torres islands. At the best of times there are realy only three ways through the straits for ships that are designed for ocean going and only one of those for moderate to large size shipping transiting the region. The ferocity of the straits was known to Jules Vern who put it in his most famous book as a place where the all powerfull submarine of Capt Nemo floundered. For all it’s well deserved legendary ferocity it is actually one of the worlds major shipping routes.

[3] Super blue blood moon’s are actually very rare and may never happen in many peoples lives. It’s a combination of three events a “Super moon” where the moon is closest to the earth, a “Blood moon” that is when we have a total lunar eclipse and the moon is lit only by light reflected from the earth thus makes the moon look red or orange in colour, and the oddly named “Blue moon”. A “Blue moon” is an additional full moon in a season of the normal calander. It happens aproximately every 2.7 years or seven every 19years. It’s the third full moon in a season that has four new moons. It is possible for January and March to each have two full moons and Feburary none, but only the first in March would be the blue moon. It’s of mainly historical interest these days but less than a life time ago it was important to farmers due to growing cycles and days with longer light. It is however still of interest to those whos activities involve tidal waters and the migratory habits of some creatures like eels that are currently a subject of scientific research, that has been interupted by COVID.

mx9000 March 17, 2021 9:30 PM

Interesting, If I were rich, I could upload ( encrypted with a symmetric key ) all my data and music files.
My own personal Cloud backup system.

Then I could access it from any device I can run the specified JavaScript.

Or, to others, I get their public key, and send them encrypted data,
and it costs me just 10 cents?

Good for Spys.

And this may be cheaper than Azure!

Clive Robinson March 17, 2021 11:32 PM

@ Bruce,

— value in a network is quadratic, not linear, in the number of users — and every open network since has followed its prophecy.

Err no, what we call “Metcalfe’s Law” applies to the number of the maximum potential “links” in a network of n nodes, not value derived from the network. It’s Based on the simple “m = 0.5(n^2 – n)” or the “nth triangular number”.

Even Metcalfe himself, has indicated this use for “value” is wrong and has proposed modified models. The one most hold with is Bob Briscoe’s Law, where the value of the network grows as “n log n” rather than “n^2″[1].

The reason for the popularity of the nth triangular number of n(n-1)/2 that Metcalfe had in his original 35mm slide, is it is asymptotically proportional to n^2. Thus to the “flim-flam investmant man” of the Internet Bubble etc, a growth on n^2 looks way better than n log n. If you mistakenly believe this “projected growth” and invest, then the chances are good that you will wind up as the old saying has it “A poorer, but wiser man”. For popcorn munchers and other observers without skin in the game we are about to see another Internet related implosion. That is we’ve already crossed the point where it costs more for new entrants to collect and collate PII than they can make from it… Which as it’s the financial model underlying the bottom feeders in the IoT business, is going to make a lot of peoples no-name devices stop working as the remote servers get turned off.

As you would expect early adopters of a technology see most value in it and usually get the best value from it (what looks initially like a variation of Zipf’s Law). However this value decreases with each later joiner untill you get to the point which is now happening with the Internet… Where new users see negative value in it and have to be coerced by legislation, regulation, or other force majeure / monopolistic practice. Usually involving Government entities such as Revenue and or Financial organisations who see the value in cuting their own internal costs by inflicting them on their users as a “externalized cost” hence the negative value view (I created a “growth” formular for this back in the mid 90’s, I had put it in a thesis I was writing, on “micro and pico charging on the Internet”, and the “Reader” objected to it, however history is tending to my view point).

Oh it looks like COVID is about to force “negative value” onto people via mobile phone usage. Many do not see value in mobile phones, even more see no value in smart devices. Governments want “Digital Vaccination Certificates”, in theory there is space in “Digital Passports” but many Governments are insisting Smart Phones are the way to go… Something tells me they realy have not thought it out yet, the same as they did not with digital passports.

[1] You might have met Bob Briscoe, and you can read an over view write up of his argument that was done for the IEEE,

Weather March 18, 2021 2:39 AM

Isn’t it like using google search results, what happened to the good old techniques that three botnet computers would try and find three more, is ISP NAT stopping most of that function.

tfb March 18, 2021 9:26 AM

@Clive Robinson

The graffiti example isn’t quite right. It’s more like a situation where, in order to remove some graffiti, you had to demolish the entire city on the foundations of which it was written.

CarpetCat March 18, 2021 10:23 AM

Bitcoin, blockchain, et al, have now become mainstream. Mainstream means money. Which means manipulation. Big money only flows when stability is achieved. And stability translates into control.

Now we see the big money taking control, manipulating and rigging profits. Everything you see from this point forward is just the illusion of individual actors and independent groups that are actually all working in tandem, following a script, taking orders and using their positions as either media or as respectable sages to move the price lower and higher.

Shame on Bruce. I don’t come here to listen to a parrot.

Watch now as more and more massive banks and hedge funds buy evermore crypto products, and watch how their controlled order taking minions disparage and cast doubt, lowering the price so their greedy masters can buy in. Talk of bubbles, price swings, etc. It’s all the same playbook from the beginning of time.

When you look around the room/world and try to educate yourself, try to compare and contrast, try to gather information, who would ever think that every source of knowledge has been carefully prepared and presented ahead of time? It reminds me of the Sherlock movies with Moriarty. When the lady believes she is safe in public, with a waiter she knows- Yet with a tap of the glass all the people stand and leave her alone.

More fear, more uncertainty, more doubt. Let the heavies take care of it all! Selling piece of mind with nominal fees!

Who tells you what to write/say/do, Bruce? Shatter the illusion, damn the consequences. Surely you have enough money by now. Let the chips fall where they may. This stagnant world we all live in now is corrupt to the very core. Anarcho Capitalism I think it’s been called. I don’t mean to insult you personally. But you are in a position of power, you have the means. I’m looking for leadership and in my blind desperation I lash out.

Prediction: Bitcoin is going to the moon, this is just the big players getting in cheaper then normal. In a few years, no one will care what’s in the blockchain or not. Just wait and see.

TomS March 18, 2021 12:10 PM

One has to wonder the havoc that would be created if someone embedded a cartoon of the prophet Muhammad in the Bitcoin ledger…

Greg March 18, 2021 1:27 PM

under mandates to censor unacceptable transactions from then on.

That is fundamentally almost impossible with any true (i.e. trustless distributed) blockchain.

Simply disguise the “unacceptable” transactions with a little stenography and reveal their presence many blocks later. By this time undoing the blockchain to remove them has become prohibitively inconvenient or expensive.

Jesse Thompson March 18, 2021 2:03 PM

It sounds as though some folk are getting far too paranoid about the sheer availability of short snippets of absolutely arbitrary canned data and about how strongly large and powerful organizations of people (Governments, Disneys) are liable to react to said data.

Let’s review your “Disney v Bitcoin” Movie Plot scenario first. How large would a file need to be in order for Disney to feel the need to wipe the data completely out of the blockchain? Are we talking about an asciiart image of Mickey Mouse’s face, or a 1080p copy of Avengers Endgame, here?

Because the latter is both far to large to ever get successfully encoded into the blockchain (at least not without incurring txn fees on at least a par with the actual production cost of the film), and already equally surreptitiously coded into FAR far less secure networks such as Usenet and Bittorrent without nearly as much fuss as you’re predicting.

I can download any one of a pantheon of freeware programs that will read an NZB index (that functions a lot like a fat URL) and use the data stored within that to download all of the many thousands of Usenet messages pointed to by that link, and then reconstruct the data hidden into those messages into the full 1-100 gigabyte file.. sometimes even at speeds sufficiently cozy to just sit and stream the damn thing on demand.

And Usenet is hardly a system replicated across hundreds of thousands of verifying bitcoin nodes across every continent. It’s literally just a mass of indexed messages that perhaps a hundred WELL known commercial providers simply agree to mirror between one another. But Disney can’t even succeed at keeping data out of that string and bailing wire mess!

Bitcoin mining is presently a bit more heavily centralized in China than many people are completely comfortable with, so it is at least plausible that China could wind up forcing a fork by throwing their weight around and threatening miners they have jurisdiction over. But another thing bitcoin mining is is potentially far more anonymous than anything Usenet has ever had.

Pulling the txn pool to build blocks and then publishing said blocks within reasonable time frames can quite easily be done via tor and even stacked with other proxies and time relay tricks if so desired. Hiding a ton of computing power may be a bit tougher, but less so when it’s crowdsourced via pooled mining.. which is a service that is not only easily hosted via anonymous networks like Tor/freenet/I2P, but would be easy to run as one identity while publishing blocks through a different, largely uncorrelated identity or set of throwaway handles. Then people who notice that you’ve pushed toxic block A wouldn’t even be able to easily tell that a specific anonymous mining pool is where that block came from!

And since the content of the blocks you’re crowdsourcing the signatures for doesn’t need to be held by the parties doing the pooled signing, said signers lose the opportunity to veto working on a block based upon what data they may or may not be able to detect within its transactions.

But ultimately all canned data remains meaningless without both an outer message and a relevant context. Here, the outer message is the indexing (like an NZB file) telling a soul where in the mess of a blockchain to find the data, and how to decode it. The context includes “why said data is important”. Both of those ingredients to the importance of any data will prove far easier for powerful forces to nullify for any given instance of canned data than trying to challenge the ledger on it’s own turf would be.

For example, relating to anti-civil canned data it’s easier to erase the indexing and decoding knowledge than to worry about the payload. How do end-users even know where/how to get the data? Somebody has bitcoin-NZB’s hosted on a site? Go shut down that site.

An example of attacking the context would be: say somebody publishes my bank details.. so, I have the bank change my account numbers or card numbers and then carry on with my day. Now the old data is no longer useful to anyone because I’ve shifted the context out from underneath of it.

Botnets are an interesting confluence where both of those avenues might also be difficult to attack.. but that is not a property that it shares in common with copyrighted garbage or with Falun Gong chick tracts.

So no, I am not sold on this among a hundred other more valid potential concerns being The End Of Bitcoin™. This ledger already encodes monetary value directly as data, and people are buying and selling the results of shifting said data around the ledger to the tune of many millions of dollars per day. I think one is honestly quite hard-pressed to find a motivation stronger than control over cold, hard cash to assail these particular globally distributed digital walls.

xcv March 18, 2021 7:05 PM

the original paper describing Bitcoin by its alleged founder, the pseudonymous Satoshi Nakamoto. There are advertisements, and several prayers. There’s even illegal pornography and leaked classified documents. All of these were put in by anonymous Bitcoin users. But none of this, so far, appears to seriously threaten those in power in governments and corporations.

Satoshi Nakamoto allegedly still owns a rather large fraction of all Bitcoins in existence, circa 1.1 million according to the dsitributed ledger. Supposedly only 21,000,000 Bitcoins can ever exist, with 18,657,737.5 of them already mined, each Bitcoin allegedly worth $57,909.50 USD.

Which is a total of just over $1,000,000,000,000, or a billion dollars by proper international systems of numeration, based on true powers of one million, or a “trillion” in the parochial inflated American system of numeration, which based on powers of a thousand, off by one.

That is too much silver platter and too much price on John the Baptist’s head to be contemplated by honest men.

Not only pornography and classified documents, of course, but all manner of life-ruining slander, libel, privacy violations, copyright violations, murder-for-hire contracts, and blackmail are included in the blockchain ledger.

The iterated computations of SHA-256 hashes are wasteful and inefficient, for all the gold or oil that could be mined for the performance of useful work.

I don’t believe that the hash functions on which digital currencies are based are irreversible or even all that hard to crack. All that requires is a Viterbi algorithm, or even a classical or quantum annealing algorithm, with a probit, or better yet, a logit model of each bit in the internal state of the hash function. Hash function collisions are regularly reported by scientists and researchers using various methods, unless there’s money offered under the table to hush them up, while selling an illusion of unbreakable privacy and integrity to the general public.

David Leppik March 18, 2021 9:16 PM

With the exception of sending messages to botnets, none of these examples are particularly dangerous. This is the equivalent to the hidden message in Perseverance’s parachute: a cute trick, but not an efficient way to transmit information. It’s not like a JPEG hidden in the blockchain will automatically appear on your screen when you open your wallet. Neither the Chinese government nor Disney can suppress information completely, so they work to minimize the value of using that information. Both can have people arrested for using it—to a point. Both can flood social media with information which dilutes the value of the stolen information.

Hello? Prune? March 20, 2021 9:42 AM

I’m very surprised no one has commented that full nodes (nodes that validate and mine blocks) can prune confirmed blocks (except I think maybe the last two days?). This removes all the content that is stored in the OP_RETURN abuse and related ways to ‘stuff data’. The only thing nodes keep in prune mode is the hash to verify transactions for the merkle-tree.

The whole history does not have to be stored, nor should it.

Leonard Bailey March 20, 2021 2:00 PM

The only thing nodes keep in prune mode is the hash to verify transactions for the merkle-tree

This is false. It (partially) describes Satoshi’s original pruning proposal, which was never implemented
Block pruning is a convenience for nodes with insufficent disk space. A pruned node initially downloads the entire history from one or more unpruned nodes, and deletes blocks as it goes

The Bitcoin Blockchain is never pruned

Leonard Bailey March 20, 2021 2:26 PM


Is there actually illegal pornography inside the blockchain, or are there just links?

Nobody really knows, because anybody who views or shares the location of child abuse material would be guilty of a crime

The last time the USA authorities started spreading this FUD, exactly 3 years ago, all the same examples and all the same words were published over and over, with no proof. Yes, there are URLs which linked to child abuse material, and it’s safe to admit that because those links are long dead

The thrust of the debate reveals how much mass opinion diverges from the principles of liberty, always knee-jerking in favor of authoritarian control

Ultimately, it doesn’t matter. There is a cost to permanent storage of arbitrary data, and the Bitcoin system only levies a cost at the time the data is stored. Eventually, the clever people who drive the direction of the Bitcoin system will have to tweak it for sustainability or watch it slowly die from abuse of the commons. This is a general issue, not specific to the storage of arbitrary data. Bitcoin as a crazy speculation price bubble is much more interesting than a photo of Nelson Mandela and some obsolete photo links

Hello? Prune? March 20, 2021 11:29 PM

Leonard Bailey, you may have a misunderstanding.

The data that is stored in a transaction for extra data is packed via OP_RETURN which is pruned from UTXO’s.

OP_RETURN fails, so it’s pruned. Data is stuffed into a NO_OP basically.

The hash can still be used to verify the transaction via a merkle tree comparison, however data absolutely can be pruned. This is the strength of a merkle tree.

c1ue March 22, 2021 9:37 AM

Awesome and brilliant. It was only a matter of time before the ubiquity and preservation capabilities of the BTC blockchain would be used for truly useful – in a cybercriminal sense – purposes.

Mark J. March 23, 2021 2:50 PM

How is this not simply a restatement of The Four Horsemen of the Infopocalypse?

sed ‘s/internet/blockchain/g’

Werenr March 27, 2021 2:45 PM

I agree with Leonard Bailey that this sound like a Movie Plot scenario. Blockchains are a fairly obscure and also inefficient place to store data, and any overly visible censorship efforts in that direction could easily produce a Streisand effect.

However, pruning or not, you have some liberty in what data you include in a transaction. Let’s look at how that data travels in your typical proof-of-work (PoW) blockchain:
– first someone has to generate a transaction containing the offending data, or part of it, and then send that transaction to an intermediary who will “broadcast” it. That intermediary can filter what transactions it accepts.
– the intermediary will do the broadcasting via a “node” or “client”, which participates in a peer-to-peer protocol with other nodes/clients. Each node can filter what transactions it passes on.
– nodes that are also capable of mining new blocks, verify the transactions they receive, discard the ones they don’t like, incorporate the ones they do like into new tentative blocks, and keep any they couldn’t fit for later.
– they then try to solve the PoW problem for that tentative block. If they succeed (before anyone else submits the next block), they add that solution to the tentative block, then share the resulting complete block with their peers.
– the peers verify a) that the transaction – and related metadata – in the block are valid, b) that the PoW solution is correct. If the block is found to be valid, they – tentatively – add it to their copy of the blockchain.
– if a block has been long enough in the chain and the chain hasn’t “flipped” (there can be flips between competing chains, since all this is a distributed process, without global synchronization), one can consider a block to be truly part of the permanent chain.

All the validation and filtering I mentioned above are points where one could apply censorship. And nodes already “censor” things like transactions of inexistent funds, transactions with a bad signature, and so on. Space in blocks can also be auctioned to the transactions that pay the highest “fee”, “tip”, etc., which is a reward that goes to the node that include the respective transaction into a block.

Nodes normally outsource the actual PoW search to miners. The miners themselves generally don’t know the content of the block they’re mining – all they have is a hash. Miners can be organized into large compute farms, and may or may not run their own node. The so-called pools are services that run node(s), coordinate the PoW work among miners/workers that connect to the pool, and split the resulting block revenue among their miners.

Now, how would people see your transaction containing toxic data ? There are a few options: a) they could run nodes and monitor the peer-to-peer exchange of transactions that have not yet been incorporated into blocks. b) they could run nodes and monitor the tentative blocks being passed around. c) they could connect to nodes and ask them for all/a range of/a few specifics blocks they have. d) they could go to an intermediary service – that runs a node – and gives access to the data from the blockchain. E.g., a so-called blockchain explorer.

For a) or b) you’d just use the blockchain as a transport, without your toxic data necessarily becoming a permanent part of the chain. On the other end, going through an explorer is easily done, but you’d still have to locate and decode the toxic data.

Now let’s see what happens if you apply censorship. If you prevent the transaction from reaching other nodes, or if you can get all nodes to reject the transaction, you have nipped the transgression in the bud.

If you get only part of the nodes to reject it, or any blocks containing it, then the outcome depends on which side is stronger. There is an asymmetry: censoring nodes will never accept a “toxic” transaction or block, but non-censoring nodes will not insist on the “toxic” transaction to be included.

If there are any non-censorship nodes at all, you will eventually get a “toxic” block. Censors will then only accept new blocks that are not based on that toxic block, and they create a fork before the toxic block. If they have the majority, that fork will grow faster than the chain with the toxic block, and also the non-censoring nodes will switch over to the longer/heavier chain.

However, if the non-censoring nodes are in the majority, the contaminated chain will grow faster and the censoring nodes will neither be able to “win” nor will they be able to join the chain again, unless and until they are willing to accept the contaminated block. The work they spent on maintaining the censored chain is lost then.

You could also censor historical blocks this way, but then you also need to replace the whole part of the chain that has been mined since then. And at some point you’ll set off alarms at participants monitoring large chain reorganizations.

So if you want to censor in this way, you need the be able to control the majority of the global mining power of that coin.

To be continued.

Werner March 27, 2021 3:37 PM

Now, if you’re a state actor, or can enlist the help of one, you could just force others to do your bidding. So you could look for participants in the blockchain building process, and punish them if you don’t like what they did with the toxic data. Or you could censor their communication.

This could be in the early stages. If the transaction is submitted via a node in your censorship bubble, you could intercept it there. Or you could coerce the node to detect and discard it, instead of sharing it with its peers. Or you could filter the peer-to-peer traffic.

This would be effective but one problem would be that you’d have to be able to identify toxic transactions in real time. Another would be that you couldn’t do much if the transgressor sends them through some other service.

Likewise, you could force miners to censor such transactions at the time they compose new blocks. If you can control more than half the world’s mining power, then this would work, but you still have to decide quickly what to censor and what not. If you don’t have the majority, or you require reverting large stretches of the chain, the nodes under your control would effectively be banned from participating in the chain. So it may be easier if you just outlaw cryptocurrencies.

A different approach would be censoring blocks after they have become part of the chain. If you do that at the peer-to-peer level, new nodes and nodes that wish to rebuild their local copy of the chain would not be able to obtain the toxic blocks from censoring nodes. If your censorship network is dense enough, that may permanently prevent these blocks from spreading.

However, these blocks will still exist at nodes that have obtained them before censorship started (but you may be able to oblige some to destroy their copies), and any nodes not affected by the censorship will still publish them.

A node that is denied access to censored blocks has a few options: a) it could skip these blocks, assume the ones following them are valid, and continue from there. The dangers with this approach should be obvious. b) similarly, it could accept a substitute from a trusted source, e.g., “dummy link”, a block with redacted content, or just a checkpoint. This would still maintain the integrity of the chain if the substitutes can be trusted.

This may be a viable alternative for operators that are subject to effective censorship at the level of the block exchange. How the rest of the world would react to this is another question, though, since this would also enable the source of substitutes to delete/insert/modify/etc. arbitrary transactions.

c) they could consider the last valid block they’re able to obtain as the tip of the chain. If they are mining, this would again put them at a major disadvantage compared to unrestricted miners. If they have other used for the chain, they would be operating on possibly very old data.

But getting blocks this way is a lot of work. For most people, it would be far easier to go to a blockchain explorer or some equivalent service that does all the node operation for them. That’s then a case of one of a relatively small number of points where already well-established censorship mechanisms could be applied.

All this of course doesn’t mean that someone interested in gaining direct control of blockchains wouldn’t try to use a supposed need for censorship at one of the more technical levels as an excuse. What happens with the “toxic” content would then be largely irrelevant.

Martin March 30, 2021 4:12 AM

I hope this isn’t considered a shameless plug but we wrote a research paper on the problem outlined in this post, arguing (also with a PoC) that it is solvable for Bitcoin, without modifications to the Bitcoin protocol: (also somewhere on IEEE Xplore)

In a nutshell, we question the assumption that if something is stored on the Bitcoin blockchain, every full node or miner must store it in recoverable form. We propose approaches for erasing problematic data pieces on a node-local level, while still allowing modified nodes to validate normally nearly all of the time (more details in the paper). We also argue that the “illegality” of content is a subjective matter, so having node operators decide by themselves what they want to store and what not is a big feature.

Chris Zach March 30, 2021 5:40 PM


Bruce: You and I have been on the internet since pretty much the beginning of the thing. And to be honest I remember similar arguments being made in favor of AT&T’s “Connect” network. The one that was based on X.500 directory services (Novell NDS), IPX/SPX protocols (so we would never run out of addresses), x.400 email and of course a properly centralized governing authority through AT&T and their 128kbps ISDN networks (more than anyone could ever need!). The perfect network was the only reasonable choice…

Because how could anyone build a decentralized global network based on TCP/IP, an open set of standards, and protocol stacks developed by people at “FTP software”? Who would ever want to use a basket case like that over a good safe trusted centralized system backed by the biggest telcom vendor around?

And here we are.

Bitcoin is at a similar junction: Governments and businesses desire control, people desire freedom and transparency. And while governments are free to restrict the internet as they wish and restrict cryptocurrencies as they wish, they do so at their own expense both in terms of restriction cost and lost opportunity.

Regimes can build their own internets and their own digital currencies. They can attempt to outlaw systems like bitcoin and the normal internet however they will wind up cutting themselves off from the opportunities such solutions present.

This is why AT&T connect ultimately failed. I remember it well, I was working with Westinghouse on the implementation concepts. People wanted something different.

And here we are.

Christopher Zach
CISSP, CISM, and I still have my counterpane tag. I miss those days….

Dome April 15, 2021 8:04 AM

The ISP argument wouldn’t really work. Many miners and nodes are running on top of TOR, and now i2p is also supported in the latest build.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.