How Private Is Bitcoin?

The general public assumes that bitcoin is private, but in some ways, it’s more public than many financial transactions. The blockchain is a public ledger, viewable by anyone, where all bitcoin transactions are recorded. If a bitcoin address can be associated with an individual, then their financial data becomes public record. In order to maintain your privacy when using bitcoin, it is important to keep your bitcoin addresses anonymous. Bitcoin privacy is not automatic. Anonymity depends on using the right tools and using them properly.

There are different degrees of anonymity. Generally, greater anonymity requires more effort and more care when operating. For many bitcoin users, simply using an anonymous HD bitcoin wallet that requires no personal information and rolls addresses will be sufficient. Others may need to take more intensive measures such as anonymizing their IP address and tumbling their bitcoins.

Why We All Need Financial Privacy

surveillance-camera-2-1311536-1279x852While many are aware of the need for personal privacy, others would assert that since they don’t have anything to hide they do not need to worry about who snoops around their data. When we examine the implications of being financially naked, it quickly becomes obvious that we all need financial privacy.

Individuals might not want their employers to know what they spend their money on. For example, with companies firing employees over the health insurance liability of smoking, it could be very important to keep one’s tobacco purchases private. Our purchase history reveals many things about our personal lives we might not care to be public.

Except for the most Donald Trump-like of us, most people would like to keep their personal wealth private. Beyond matters of taste, publicly displaying your finances can make you a target for robbery or scams.

Businesses have strategic reasons for keeping their finances private. Knowing how a competitor allocates their resources provides a strategic advantage. These days, corporate espionage is big business, as companies jockey for advantage and market dominance.

Companies also have internal reasons for keeping their finances private. If employees are able to discover how their coworkers and managers are compensated, it can can destabilize a harmonious working unit.

Finally, there are a number of sanctioned or controversial transactions that an individual might want to participate in that they would prefer weren’t public knowledge. An example of a sanctioned transaction would be contributing funds to support whistleblowers or political dissidents that the government has deemed off limits. For example, while many consider Edward Snowden to be a patriot who assumed great personal sacrifice to protect his country, the government has declared him an enemy and banned financial support.

Other sanctioned transactions are online gambling or illicit purchases. The sanctioned transactions don’t need to be illegal to have repercussions. The popular bitcoin exchange Circle is threatening to cancel accounts of users who purchase knives online with their bitcoin.

How Private?

fort-de-bertheaume-1232643-1280x960Privacy is not an absolute where some have total privacy and others have none. Much like security or health, privacy exists on a continuum and no one has total privacy. For most individuals, a moderate level of privacy is adequate. These people are neither a high value target for a privacy invasion and the consequences would not be severe if one were to occur. For the the average person, using best practices when transacting with bitcoin and using a private wallet should provide more than enough privacy.

Because there are diminishing returns with privacy, where increasing one’s investment of effort and money becomes inefficient after a certain level, more involved privacy techniques are generally only necessary for those that have a legitimate need. By employing more advanced techniques, it is possible to obfusticate transactional data to the point that it would require advanced invasive forensics only available to NSA operatives to connect a bitcoin address with a person.

Start With A Private Wallet

Airbitz Bitcoin WalletA bitcoin wallet is software that stores the digital credentials for your bitcoin holdings. Wallets are used both to secure bitcoins and to make bitcoin transactions. By simply choosing a wallet with good privacy features, a user can do a lot to protect their financial anonymity. Choosing a wallet that employs the following features is enough for most individuals to ensure their financial privacy.

A private wallet should (at a minimum) satisfy the following four criterion.

  • It requires no personal information – Personal information stored with a provider could be made public and associate you with your transactions. Coinbase is a popular example of a wallet provider that forces a user to associate their personal information with their wallet. For this reason, many privacy minded individuals don’t store or spend their bitcoins from a Coinbase wallet. Some take the additional step of blurring the transactional trail between their Coinbase wallet and their private wallet login. This username could be used to associate the wallet’s transactions with the user. Some wallets store usernames on a server, while others only store them locally on the device. In either scenario, it is important that the wallet encrypts the username on the device. That means that if the device is lost, stolen or compromised, or the wallet’s server is hacked, the usernames are still protected.
  • It encrypts public and private addresses locally – Bitcoin transactions require a public and private address. The public address is like a safe deposit box that the funds go into and the private address is the key required to release the funds. Private addresses should be encrypted for security reasons. This ensures that you are the only one who has the key to unlock your funds. Encrypting the public address means that hack on a wallet provider’s servers or on the phone itself won’t be able to associate it with the user’s IP. Private and public address encryption are particularly important for wallets that store the addresses on a server, as the server could be hacked. If your wallet offers you a service that texts you when you receive money, your transactions are not anonymous as your transactions are associated with your cellphone number.
  • It uses rolling addresses – Using rolling addresses or changing addresses means that every transaction creates a new address on the block chain. Each time that a single address receives additional transactions, there are new opportunities to associate that address with other transactional information that could reveal the address’s owner. Best practice is to use a new address for every transaction. Most people associate HD (Hierarchical Deterministic) wallets with rolling addresses. HD wallets create new addresses for the user based on a secret seed that only the user knows. To an outsider, these addresses appear random, but with the seed, the user’s wallet can easily associate them. While most HD wallets automatically create rolling addresses, some do not. Make sure that yours does.
  • Accesses the bitcoin network through decentralized servers – Many of the top bitcoin wallet providers use their own servers to send and receive transactions from the blockchain. This compromises privacy at an IP address level. Other providers use decentralized servers that each know only one subset of transactions associated with an IP address. With IP address transaction associations spread across multiple servers, often hosted by multiple third parties, it becomes difficult to gather data to create a consistent IP address fingerprint.

When Basic Privacy Is Not Enough

Anytime that your personal information is associated with a bitcoin transaction, your privacy is in jeopardy for every transactions you make with that bitcoin. Remember, all transaction are on a public ledger.

The most common way that people acquire bitcoin is through a public exchange like Circle or Coinbase, or by purchasing them directly from an individual using LocalBitcoins. While online exchanges make it extremely easy to buy bitcoin, they are also regulated by the federal government and track how their customers spend their coins.

Bitcoin exchanges have been shutting down user accounts for spending their bitcoins on controversial goods and services. While the legality of gambling online with bitcoin is somewhat unclear, scores of people have had their Coinbase accounts shut down for using their bitcoins for online gaming.

Perhaps instead of online gaming, you want to support the legal defense of whistleblower Edward Snowden. A recent executive order makes it illegal to support him and threatens property seizure. The bitcoin donations made to the defense fund are public and anyone who did not anonymize their transactions could face legal repercussions and have all of their personal property seized.

Forbes did a popular article where they showed how bitcoins they deposited on the Silk Road online illicit marketplace were easily traceable back to them. For the sake of the article, they made an illegal transaction by buying a gram of marijuana. While bitcoin researcher Sarah Meiklejohn was able to trace the transaction back to Forbes, her forensic techniques would have failed if writer Andy Greenberg had hidden his IP address and mixed his coins.

Basic Bitcoin Anonymity Best Practices

tasksThe first rule of thumb is to create different wallets for different use cases. As long as you are using an HD wallet that encrypts your data on your device, it is difficult to associate these wallets with each other.

Let’s say that you want to use bitcoins to buy some merchandize from overstock.com. That transaction will be associated with your name and physical address because Overstock needs that information for shipping. If you were to spend from the same wallet for gaming at an online casino, it would then be possible for an investigator to assume that both expenditures were made by the same individual. If Overstock were legally compelled to release your customer data, then it would be know that you are the one who was patronizing the casino.

In order to minimize these types of associations, there are four general categories of transactions that should each have their own wallet. Further subdivisions may be necessary as you want to avoid spending out of the same wallet both for services that require your personal information and for those that don’t.

 

  • Income – More and more people are receiving their paycheck in bitcoin. Often freelancers will offer bitcoin as a way to pay invoices as it has virtually no transactional fees. As this money is surely attached to your personal information, it should be segregated from the rest.
  • Online Spending – Most online spending requires disclosing personal information. Disclosing a name and shipping address is necessary to make most purchases. You may want to further split online spending by creating a wallet for sites that require personal information and those that don’t.
  • Brick and Mortar Spending – With the rise of bitcoin directories, it has become easy to find brick and mortar business that accept bitcoins in most major cities. These purchases are generally anonymous.
  • Local Bitcoins – Local Bitcoins provides a way to buy and sell bitcoins in person or online around the world. Some Coinbase users have had their accounts shut down for trading in Local Bitcoins. While arbitraging with bitcoin to earn money on market fluctuations is not illegal, it’s best to keep this activity separate from all other transactions.
  • Sanctioned Activities – This section includes all activities that are either in a grey area or considered illegal. These would clearly be the most important transactions to keep segregated from your personal identity. For personal safety, they also require additional levels of anonymity that are beyond the scope of this guide. If you choose to operate here, educate yourself before transacting.

Higher Level Anonymity

Coloured-Avatars-37There is never total anonymity. Every action we take online is associate with the IP address we used to connect to the service. An IP address could then be associated with a residence or business. Typically, IP addresses are stored in server logs, where they could be accessed by a hacker or subpoena. Server logs could be used to associate an IP address with transactions on the blockchain. Knowing the IP address used to access bitcoin addresses makes it possible to group many addresses together that are controlled by the same person.

Another form of blockchain forensics involves following the transactional trail of bitcoins to find the entire history of the coins in any address. By using network algorithms, it is possible to show when someone is simply moving coins from one address to another to try to hide their ownership. In order to anonymize bitcoin transactions, it is necessary to obscure both one’s IP address and the flow of bitcoin from one address to the other on the blockchain.

Masking Your IP

Client side public address encryption by a bitcoin wallet helps to hide the association between IP address and bitcoin address, but there is still a possibility for a rogue network node to sniff traffic. If the same IP address is used to query multiple bitcoin addresses, it can be assumed that those addresses are controlled by the same person or entity.

There are several ways to mask your IP address. They offer differing levels of security and ease of use.

  • Use Free Public WiFi – Connecting at a coffee shop or public library means that the IP address is being shared by dozens if not hundreds of people. It is also not connected to an internet service provider that has your home address on file. A university library WiFi is a good choice as students are more likely to be using bitcoin, providing more traffic and transactions to blend in with. In this scenario, you would most likely be using free WiFi near your home, so there is still the concern that the IP address could be geolocated to your general vicinity.
  • Anonymous VPN – VPNs or Virtual Private Networks are services that allow you to connect to the internet from a remote server, using its IP address. VPNs are popular for providing security by allowing you to encrypt traffic sent over an unsecured network like a coffee shop. While The IP from the VPN would not be associated with your identity, using the same IP to do all your bitcoin transactions would make it easier to see that all of your bitcoin addresses are related. Different VPN providers allow varying levels of anonymity and some let you pay for their services using bitcoin. Keep in mind that when using a VPN, you are trusting the VPN company to not keep logs of your activity or disclose any of your private information. Torrent Freak has a useful anonymous VPN review.
  • Use TOR – TOR is a free internet service that routes encrypted traffic through a varying number relays. Each relay has its own IP address. Eventually the traffic exits the network via an exit node. While the exit node’s IP address will be known, the intermediary relays hide the original IP. To use TOR for bitcoin, you can can setup a TOR router, so that all WiFi traffic is routed through the TOR network. If you have an Android phone and use a wallet app, Android supports TOR. The highest level of security is achieved by running TAILS operating system from a USB stick on your computer. Remember, as security gets more complex it’s easier to make mistakes.

Mixing Coins

Coin MixingCoin mixing or tumbling is a process whereby bitcoins from many users and bitcoin addresses are pooled together by a mixing service and then randomly redistributed back to new addresses to break their traceable connections on the blockchain. Assuming that the new address is held anonymously and that the mixing was completely successful, the bitcoins have now become anonymous.

Bitcoin mixing provides the greatest level of anonymity, but it also provides an opportunity for unscrupulous mixing service owners to steal your coins. While there is a lot of hope for trustless distributed coin mixing in the future, currently services are centralized. For the sake of anonymity, no personally identifiable information is given to a mixing service. If your bitcoins were to go missing in the tumbling process, you’d have no recourse.

Currently popular tumbling services include Bitcoin Fog, Grams Helix, and Shared Coin. Shared Coin is very low risk, but provides lower levels of anonymity. Blockhain’s taint analysis tool is a free way to see if your tumbling efforts have successfully anonymized your bitcoin.

For more on specific protocols to effectively mix and anonymize bitcoins, I recommend Kristov Atlas’ book, Anonymous Bitcoin. Atlas details both how and why to anonymize your bitcoins, with an extensive section on coin mixing. While the book is rigorous in its approach, the protocols outlined are so involved that the likelihood of user error increases. If privacy is too difficult many people will give up due to frustration and reveal their identity. DarkNetMarkets.org has published a simple user friendly guide to mixing bitcoins.

The more people that use privacy features, coin mixing and TOR, the better for everyone as it is easier to blend in. When privacy practices are common, no one looks suspicious for taking steps to be anonymous. By normalizing this behavior, we make the world safer for all of us.

Obfuscating With Altcoins

Users on online forums like Reddit often suggest that by exchanging bitcoins for altcoins like Litecoin one can anonymize their currency.  This can be done via online exchanges or using a service like shapeshift.io. Perhaps the best argument against this technique comes from shapeshift’s investors. They are also promoting the service SABR.io that claims to provide blockchain analysis across multiple cryptocurrencies. They have also announced their desire to work with law enforcement agencies.

One viable altcoin option for breaking the identity trail is monero. Monero was designed to be anonymous from its inception. Exchanges like poloniex.com allow users to buy monero with bitcoin. The monero can then be transferred to a private wallet and back to the exchange to repurchase bitcoin. This bitcoin can then be transferred to new bitcoin wallet, essentially anonymizing it.

Anonymity Is A Skill

ninjaAnonymity is like health or fiscal fitness, it is based on actions that are learned and practiced. Examining anonymity in bitcoin brings awareness to other aspects of life where we may be exposing our personal information needlessly.

Bitcoin enthusiast Trace Mayer and attorney Bill Rounds run HowToVanish.com, a site dedicated to teaching skills for anonymity. The site is a great place to start if you are looking to build your anonymity skills.

Contribute to this Article

  • Add a Privacy Tip

    We intend for this to be a living document to collectively empower bitcoin users. If you are already a ninja and have additional tips please contribute. We will compile your tips and suggestions and add them to this post.