\ Bitcoin, Anonymity, and the Limits of Privacy | BitReview

Bitcoin and the Limits of Privacy

By: David Marc
Updated: May 18, 2018

When the question of anonymity in bitcoin arises, it is usually due to some negative aspect – black market purchases, ransom, theft.  Outliers aside, anonymity is essential for the security of every bitcoin user (not to mention the network itself). Imagine broadcasting to the world – thieves and tax collectors alike – that you have a million dollars stored under your floorboards, how comfortable would you feel?  So is bitcoin anonymous, or are we broadcasting a big old target on our backs?

Well, we know it is pseudonymous, which Wikipedia describes as “a state of disguised identity…[but] true anonymity requires unlinkability, such that an attackers examination of the pseudonym holder’s message provides no information about the holder’s true name.”  The public sees bitcoin addresses only as a string of numbers, though every transaction ever made between these strings of numbers are on display. So how could these random number strings connect to a holder’s true name?

Anonymizing addresses

If each bitcoin user were to have a single address from which all corresponding transactions were sent and received it would be simple to associate the transactions with one another.  This is sort of how things used to be. Blockchain.info, for instance, used to create reate one address per wallet by default which limits usage. While users were able to set up multiple addresses if desired, every time new addresses were created the wallet would need to be backed up again which is a pain in the arse – and theoretically relaying each separate backup event via email presents an additional security hole.  Additionally, change from transactions was and still is sent by default to the sending address. For blockchain watchers, this leaves a breadcrumb trail connecting the dots between the sending address, the recipient address, and the next address to which the change is sent.

We have discussed Hierarchical Deterministic (HD) wallets elsewhere as a very convenient back up method.   They are also extremely important from a privacy perspective.  Multiple addresses can be generated from a single private seed as and when required.  Most HD wallets automatically rotate addresses for single use, both on the sending and receiving end, including the address to which change is sent.  This greatly complicates efforts for watchers to create a connection between your different transactions – remember, it is impossible to connect one public address with another by looking at them.  Only the private key recognizes their relationship.

 

Most wallets now allow for the creation of multiple wallets within the same master wallet.  This allows for the creation of a wallet to associate with different purposes – one for personal and family expenses, one for business ventures, another to fund your hoboken squat cobbler addiction, etc.  This ensures that, even if one address is somehow tied back to the wallet, your different ventures will be unconnectable – at least from the address perspective.

Network observers

However, anonymizing addresses does not protect against network observers like ISPs, mobile carriers, bitcoin nodes or the wallets themselves.  The company Chainanalysis, for instance, has employed in the past “listening” nodes which would be able to identify user IP addresses, which might be tied back to a physical address through ISP or mobile carriers.

Privacy from snoops like Chainanalysis is partially a function of how exactly transaction verification is handled.  Some wallets run on a “trusted node” model, in which verification is managed by their own trusted node or nodes, which will then know which IP is requesting which transaction information – thus tying IP to wallet address, and addresses to one another.  While wallet providers claim that they don’t save or monitor such information, we can only take them at their word.

SPV wallets offer an improved method of validation over the trusted node model.  SPV wallets query any full node on the network to check transactions – but as they still search for particular transactions the wallet, or any other snooper, could still make a pretty good guess as to which IP is associated with which particular address.

A greater level of transactional anonymity is offered when running your own node.  Of course, this does not prevent your mobile carrier or ISP from capturing your information were they so inclined.  Nor does it protect against malware, which figures much more prominently in the discussion when desktop wallets are involved.  And finally, other network users will still be able to associate an IP address to a full node, and thus know of an association to bitcoin, despite not knowing the exact transactions.      

Routing your transactions through an encrypted VPN or, if you are experienced with this sort of thing via TOR, will stop ISPs or other network listeners from connecting bitcoin activities to your actual IP.

While we want terrorists and thieves arrested just as much as the next guy, you cannot tailor privacy only to those who have good intentions.  As Tim Cook wrote in his response to the FBI request to build a backdoor into the San Bernardino terrorist iphones: “In today’s digital world, the “key” to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it. Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge.” And not only the good guys want to defeat encryption.

Additionally, anonymity is necessary not only for the individual, but also for the health of the bitcoin network as a whole.  Consider again chainalysis, whose mission is “building the compliance layer for the future of value exchange”, in order to “spot connections between digital identities…allow[ing] financial institutions to develop trust lines between them.”  What happens if some bitcoin is valued as less than other bitcoin due to involvement in theft or other nefarious activity? While Chainalysis is assuredly doing this for noble reasons and not simply because they developed a product they do not know how to monetize, it has the potential of undermining the fungibility of bitcoin, which would have a very negative effect on the market.

Ready to choose? Have a look at our picks for the best bitcoin wallets.