|
|
There’s a famous New Yorker cartoon from 1993 of two dogs going online, with one saying to the other, “On the internet, no one knows you’re a dog.”
Over the years, the phrase has come to sum up online anonymity: You can be whoever you want to be, say whatever you want to say, safe in the knowledge that no one knows who @Doggy69 actually is.

In crypto, pseudonymity has been cherished ever since Satoshi Nakamoto released the Bitcoin white paper under a pen name to avoid the inevitable blowback from inventing money outside the control of the state.
In the first 15 years of Bitcoin’s existence, many of the best-known Bitcoiners remained anonymous, from Bitcoin.org co-owner Cobra to Stock-to-Flow creator PlanB.
Some are just jealously guarding their privacy, but it’s also a sensible security precaution, given that the best defense against an attacker plotting to steal your $5 million in Bitcoin is if the attacker doesn’t actually know you have $5 million in Bitcoin in the first place.
But the era of widespread, effective online anonymity appears to be drawing to a close. While it’s already possible to dox an online account by compiling clues accidentally left on the timeline, it takes many hours of diligent effort and often isn’t worth the time.
The legal team hired by Jeffrey Huang (also known as Machi Big Brother) managed to identify the real identity of on-chain sleuth ZachXBT using legal discovery and detective work in a 2023 defamation action.
While many people argue that online anonymity was a mistake that led only to division and hatred by shielding posters from accountability, it plays an essential role for political dissidents, whistleblowers, white hat hackers and sleuths like ZachXBT.
AI can identify users from their writing style
But AI changes the game by using stylometric analysis to identify common misspellings, unique turns of phrase, stylistic tics and poor punctuation habits.
Depending on how much you’ve published under your real name, your personal writing style can be as identifiable as your fingerprint to a large language model.
Tech journalist Kelsey Piper gave Claude Opus 4.7 1,000 words from an unpublished novel and it immediately identified her as the author.
Washington Post columnist Megan McArdle did something similar with a 20-year-old chapter of a romance novel she’d abandoned. It worked out who she was and could do so from as few as 124 words.
Anyone with burner accounts and writing published under their real name, whether online or on the company intranet, should think seriously about scrubbing their accounts or posts from the internet.
But it still may not help, as AIs will also tirelessly follow the breadcrumbs and personal information social media users have left online to identify pseudonymous users.

Bitcoin privacy advocate Jameson Lopp maintains a database of Bitcoin wrench attacks in meatspace, so he’s keenly aware of the dangers.
He says there’s no perfect way to remain anonymous online.
“The safest way to use the Internet remains to be turning your computer off,” he says.
“Ultimately, nearly every interaction we have with others ends up leaking some amount of data. I haven’t thought about this particular problem much because I chose to harden my privacy and security while retaining use of my real identity, but I suppose you could probably enact defenses against stylometric analysis by running all of your public posts through an LLM first!”
Security researcher Darkbit needs anonymity
Web3 security researcher Darkbit tells Magazine that online anonymity is crucial to his work and helps separate his day job from his nocturnal activities.
“For me, I stay anon to go after threat actors. Some can be extremely dangerous. I prefer to avoid any of these people to know who I am or give them any reason to go after me personally,” he says.
Darkbit says he already audits his accounts to look for anything that might tie them to his real-world identity.
“I go through the practice of reviewing my own X account from time to time to see if there’s anything there that ‘could’ theoretically tie my name to it.”
“Again, you have to ask who is willing to go through the work to find breadcrumbs on someone. Typically it’s someone who has committed a crime and the investigator is trying to find out who did it.”
While that was true in the past, AI has collapsed the amount of time, effort and expense this process requires.
Unmasking users from their Reddit posts
Researchers from ETH Zurich (which bizarrely has no relation to Ethereum) gathered thousands of anonymous posts from Reddit and Hacker News and asked Gemini and ChatGPT to work out their real identities.
The models identified 68% of anonymous users with 90% precision “compared to near 0% for the best non-LLM method.”
“Our results show that the practical obscurity protecting pseudonymous users online no longer holds and that threat models for online privacy need to be reconsidered,” the researchers wrote.
The models used four sequential steps called ESRC: Extract, Search, Reason, Calibrate.
Extract involves reading thousands of posts to pull out relevant information. Search involves matching that information across different data sources.
Reason involves determining who the most likely candidate is, and Calibrate is a quality-control check to determine how accurate the guess is.

AI is just souped-up Sherlock Holmes
Researcher Joshua Swanson tells Magazine the AI is using good old-fashioned detective work at scale.
“AI isn’t pulling signal out of thin air. It’s processing the same signal, just much faster.”
“We’re not demonstrating that AI has any superhuman deanonymization capabilities. The signals our models exploit are the same ones a skilled human investigator would use,” he says.
What’s changed is that LLMs can synthesize massive amounts of information rapidly and at scale, so attacks that previously required hours of expert effort now take only minutes and a few dollars.”
Swanson says the flip side is that if a skilled human investigator couldn’t identify you from the information you’ve shared, an LLM can’t either.
Darkbit says for users worried about being connected to their holdings, it’s not that easy to tie anonymous accounts to blockchain wallets, and still requires human skill and judgment.
“Most blockchain analytics tools have some form of AI. For example, Arkham will use AI to infer a wallet likely belongs to John Smith based on a number of [transactions]. However, it’s wrong most of the time. You’d need a human to review the AI analysis before definitively saying that wallet belongs to John Smith,” he explains.
“I think AI won’t ever get to the point of doxing everyone. AI needs trusted data sources to operate. In Web3, it can be incredibly difficult to trust the data you see.”
It’s difficult for private investigators and corporate LLMs to gain access to crypto exchange data, for example, but it’s a lot easier for the government.
The Trump administration’s plans to use AI for deanonymization were one reason Anthropic cited for not handing Claude over to the Department of Defense without some guardrails.
“Under current law, the government can purchase detailed records of Americans’ movements, web browsing, and associations from public sources without obtaining a warrant, a practice the Intelligence Community has acknowledged raises privacy concerns and that has generated bipartisan opposition in Congress,” Anthropic noted.
“Powerful AI makes it possible to assemble this scattered, individually innocuous data into a comprehensive picture of any person’s life—automatically and at massive scale,” the company said.
Anonymity will be harder, but still possible
The good news is that both Darkbit and Swanson agree it will remain possible for some users to stay anonymous online in the future, but it’ll require a lot more discipline.

“It’s a gradient that depends on how much someone posts, the specific information they share, how well they compartmentalize and how motivated the adversary is. For a casual user with a low-volume alt, anonymity is still very achievable.”
“For someone maintaining a years-old persistent pseudonym with thousands of posts across multiple platforms, it was already fragile before LLMs, and it’s more so now.”
When it comes to remaining anonymous, Darkbit says many people forget the basics, like ensuring every account has a unique username, since that is the easiest way to link different accounts.
“Most that want to be anonymous can stay anon. Keep your online identity separate from your personal identity by using different usernames that can’t be traced back to you,” he says.
In the future, LLMs may even be sufficiently advanced to tell us whether Hal Finney was Satoshi or whether it was Adam Back or Jack Dorsey.
Another member of the ETH Zurich research team, Daniel Paleka, told El País that the tech is not good enough to solve the great mysteries… yet.
“I don’t believe that today, the models can reliably de-anonymize someone who is truly difficult to identify,” says the researcher. “Satoshi Nakamoto is safe. In the future, they could become better than people at this type of research, and then, the balance could shift.”
