Bitcoin: Anonymous or Pseudonymous?

Buy Bitcoins With Paypal

Bitcoin: Anonymous or Pseudonymous - There’s going to be so much information about individuals floating around, that we want to protect privacy as much as we can…. But some of the bankers feel that an anonymous system is never going to make it, or even be something that they can get behind.
—Early cryptographer Ernie Brickell, December 1994, Wired

Bitcoin is often referred to as an anonymous digital currency, which isn’t the worst way to describe it. However, every wallet is given a public key or identity. Therefore, it would be more accurate to call the network “pseudonymous” rather than anonymous. This is an important distinction and I will get into why and what it could mean in a legal sense in this chapter.

As I mentioned in my blog post before, the blockchain tracks all transactions and balances on the network. Each wallet is identified by a long string of numbers that acts as the user’s Bitcoin identity or pseudonym. As long as that identity is kept separate from your real-life identity, transactions can’t be traced back to you in the way a credit card statement can.

The issue is that there are a lot of different ways to link a Bitcoin account to an online identity. And from there, it is usually only a small jump from “online identity” to “real-life identity.” Getting onto the Bitcoin network is the biggest hurdle to remaining anonymous on the Bitcoin network. If you don’t work for Bitcoin or can’t find someone who will sell you bitcoins for cash, you will eventually have to make a wire transfer, use a credit card or PayPal account, or do something else that will allow any enterprising third party to figure out who you are, how much Bitcoin you purchased, and what wallet you put it in.

Once someone does that, they can simply follow your transactions on the blockchain. Although there aren’t actual pieces of data or any other “physical” thing moving through the network, the blockchain records every subtraction from your account and its corresponding deposit on the network.

If Bob gives Jack five bitcoins, the network will see that there were five bitcoins subtracted from Bob’s account and added to Jack’s account. Nothing actually “travels” through the Internet; there are just five fewer bitcoins in Bob’s wallet and five more in Jack’s. If Jack is a disreputable person, Bob might not want the whole world to see that he is giving Jack five bitcoins, but the transaction will be recorded on the blockchain for anyone who cares to look. As mentioned, the Bitcoin network doesn’t track transactions by individuals’ names; it only tracks wallet addresses.

A typical Bitcoin transaction will look something like this: 18xAMYmeDHqmtPvM76VwECqzcEC7oCST15
0.02BTC---> 38ccq12hPFoiSksxUdr6SQ5VosyjY7s9AU

That means nothing to you or me. All you might see is that wallet 18xAMYme… gave 0.02BTC to wallet 38ccq12…. However, if you knew that I controlled that first address and that the second address is controlled by the Bitcoin homeless outreach charity Sean’s Outpost, then you can easily figure out that I sent 0.02 bitcoins to Sean’s Outpost on June 22, 2014.

Now let’s say I want to hide my charitable transaction from the public. It isn’t enough to simply buy bitcoins with a credit card and then send that money to another user; there needs to be an intermediary, and that intermediary needs to behave in specific ways.

If wallet A sends five bitcoins to wallet B and then wallet B sends five bitcoins to wallet C, you can be reasonably confident that it was wallet A’s intention to send wallet C five bitcoins. This is especially true if wallet B didn’t have any bitcoins to begin with or had only received bitcoins from wallet A during its entire existence.

If an interested party knows that I own wallet A and wallet C is owned by Sean’s Outpost, then they can be reasonably confident that I was intending to send the bitcoins to Sean’s Outpost.

In a legal sense, there is some question when the level of reasonable doubt would exonerate someone in the case of a crime being committed. If I send bitcoins to another wallet that had no bitcoins previously and then that wallet sends that same amount of money to an account associated with a drug dealer, is that a reasonable level of evidence to convict me of buying drugs? What if the intermediate wallet, wallet B in this case, already had some bitcoin in it? What if that bitcoin came from a variety of sources? What if I send it three bitcoins and it sends two to wallet C? What if it then sends me back the remaining one? What if it doesn’t? These types of questions, I suspect, will be answered by the courts in the coming years.

When it comes to personal privacy, however, legal questions aren’t always the issue at hand. The court of public opinion can often be harsher than the legal one, and how and when you spend your money could be information used by advertisers or worse—scammers, stalkers, and psychopaths.

There has been a concerning trend in the media to portray any attempt to preserve personal privacy as a criminal act. Somehow, not wanting to broadcast everything to everyone has become associated with the criminal element. There are plenty of logical reasons to want to keep your personal transactions private—reasons that have nothing to do with criminal activity.

I write for CoinJournal, which pays me in Bitcoin. I also ask for donations on my personal blog, so my Bitcoin address is public information. If a competing website wanted to try and poach me from CoinJournal, it could look at how much money is sent every week from CoinJournal and offer me more money.

Competitive employee poaching is a serious concern for a lot of businesses and having employee salaries publicly available might not be an ideal situation.

There is also the concern of becoming a target. If people can publicly see that you have just come into a large amount of money, this presents its own set of problems.

Beyond that, privacy is just a human-rights issue. In an article about Digicash, the pre-Bitcoin attempt at a digital currency I talked about in an earlier chapter, Wired’s Steven Levy quotes the cryptographer and then-Digicash employee Niels Ferguson:

Oh, the number of times I’ve had to argue with people that they need privacy! They’ll say, “I don’t care if you know where I spend my money.” I usually tell them, “What if I hire a private investigator to follow you around all day? Would you get mad?” And the answer always is, “Yes, of course I would get mad.” And then my argument is, “If we have no privacy in our transaction systems, I can see every payment—every cup of coffee you drink, every Mars bar you get, every glass of Coke you drink, every door you open, every telephone call—you make. If I can see those, I don’t need a private investigator. I can just sit behind my terminal and follow you around all day.” And then people start to realize that, yes, privacy is in fact something important. Any one part of the information is probably unimportant. But the collection of the information, that is important.

The point is that there are few things more private than your finances, so how do you deal with the fact that Bitcoin uses a public ledger? How do you keep your pseudonymous transactions on the Bitcoin network truly separate from your real-life identity?

It is important to remember that bitcoins don’t actually exist other than in the code that makes up the Bitcoin network. It is impossible to track bitcoins because there is nothing differentiating one bitcoin from another. They are just variable balances in individual wallets. When a transaction is sent from wallet A to wallet B, nothing actually moves; wallet A just has fewer bitcoins while wallet B gains the corresponding amount.

It is the transactions themselves that are tracked. If you simply vary your transaction amounts and split them up among many addresses, you can make these transactions much harder to follow than if you were simply sending money from point A to point B directly. Still, this technique only adds one more layer of complexity. Anyone willing to do the work should be able to connect the dots.

There are services that make Bitcoin transactions virtually impossible to track by today’s technology. They accomplish this by mixing transactions together. If you take a bunch of different people’s transactions, send them to a single wallet and then redistribute them to addresses the original contributors control but aren’t linked to, it is virtually impossible to prove who owned what using the blockchain alone.

There are several ways to achieve this. The most obvious way, one that appeared as soon as Bitcoin started drawing mainstream attention, is a coin “laundry” service. These are groups of people who will take transactions from various users, mix them together, and then send them out to whatever addresses the customers ask for. In order to increase anonymity, the coins are typically held for a minimum of several hours, and the fee involved is variable and random in order to make it harder for interested parties to match up transactions.

This method has some disadvantages, however. You have to trust someone who by the nature of their business has to stay anonymous and is able to close up shop at any time.

Altcoins also offer an unintentional “washing” service. Someone wishing to disassociate their public identity from a certain transaction could always “jump blockchains.” Altcoins, which will be discussed in a later chapter, are digital currencies that are separate from Bitcoin and have their own public ledger. A user could buy some altcoins on an exchange, move them out of the exchange into their own wallet not controlled by the exchange, then move them back onto a different exchange, sell them for bitcoins, and then move them to a new, separate wallet.

This approach is effective in that it can’t be tracked on a blockchain but connecting with exchanges often requires some sort of personal identification and a possible log of IP addresses. This same method, however, can be applied to gambling sites, which rarely ask for identification and have also been offering an unintentional mixing service for years.

Recently, this service has become codified into software, eliminating the need to depend on sometimes untrustworthy third parties. The concept came to life in a technology called CoinJoin, which is now used by many services. CoinJoin, when used properly, mixes coins to increase anonymity automatically. However, depending on the parameters set by the user, CoinJoin doesn’t necessarily make transactions anonymous because successful mixing depends on following the process described above. Users will often, either knowingly or through ignorance, choose convenience over privacy and opt to not mix their coins thoroughly enough to provide true anonymity.

Think back to the example above. If wallet A sends wallet B five bitcoins and then wallet B sends five bitcoins to wallet C, it is easy enough to assume wallet A was sending wallet C five bitcoins using wallet B as an intermediary.

Combining several Bitcoin users’ transactions makes it more difficult to track but not impossible. If wallet A, wallet B, and wallet C send bitcoins to a mixing service (wallet D) and then pass that money onto wallets E and F but don’t want outside sources knowing who sent what to whom, simply sending their bitcoin to wallet D is not enough.

If wallet A puts two bitcoins, wallet B puts six bitcoins, and wallet C puts nine bitcoins into the CoinJoin wallet—and then two bitcoins are sent to wallet E in one transaction, another six are sent to wallet E in a second transaction, and nine bitcoins are sent to wallet F—then we can safely assume that wallet A sent two bitcoins to wallet E, wallet B sent six to wallet E and wallet C sent nine to wallet F.

Bitcoin Websites

This is what was happening to users who tried to harness the CoinJoin feature on Blockchain.info’s popular Bitcoin web wallet. Blockchain.info is not a privacy-focused company; it simply provides information on the Bitcoin wallet and Bitcoin addresses that are easy to obtain and discard. It added CoinJoin as a feature but gave its users free rein on how they use it. Many of them did not understand that the process of mixing transactions with similar transactions was not automatic and were upset when they noticed how easy it was for a third party to track their transactions.

Most Bitcoin transactions are based on the fiat price at the time. With a constantly changing exchange rate that varies depending on which Bitcoin payment processor is used, transactions tend to look like this: 0.04534051BTC, an amount that is not easily matched. In order to properly mix coins, there need to be identical amounts going in and out.

Convert Bitcoin

The diagram above shows a basic successful mixing. Although a law enforcement agency or other interested party might strongly suspect that wallet C sent five bitcoins to wallet F, it can’t prove that wallet C didn’t send those bitcoins to wallet E instead. The problem is that this method requires wallets A, B, and C to work together in order to send the same amount. This generally requires centralization in some way. There are popular services that will launder bitcoins and the more popular they are, the more powerful their mixing service is. The best services will establish rules for users to follow in order to maximize the effectiveness of their mixing services.

The above diagram shows the basic principles of mixing coins but most services take the process a step further by staggering transactions and randomizing the fee taken. Most mixing services take a small fee of between 0.1 and 0.25 percent but in order to illustrate this process simply, we will use round numbers. So let’s assume that the mixing services take 0, 1, 2, or 3 bitcoins per mixing and this amount is chosen randomly.

Let’s say the three wallets (A, B, C) want to send three different amounts to three other wallets (E, F, G) using a mixing service (wallet D). In this graph, I’m going to separate the transactions to illustrate that they were sent at staggered times.

Users are instructed to send Bitcoin in either 4BTC or 2BTC amounts and are told they will receive their mixed bitcoins in 1BTC or 3BTC increments. Users are also told to send three extra BTC for each mixing to account for the randomized 0BTC, 1BTC, 2BTC, or 3BTC fee. If they receive either a 1BTC or 2BTC fee, the extra bitcoins will be sent to the destination address—generally, the idea is to mix the coins into another account you own, not to send the bitcoins to their final destination through the mixing service.

Credit Card To Btc

Things become more difficult for blockchain snoopers at this point. The only thing that could be determined from the above is that wallet B probably didn’t send money to wallet F, because wallet B’s total sent amount is lower than wallet F’s received amount. However, it could be argued that perhaps wallet C wanted to send money to any of the three wallets E, G, or F, which would complicate things further.

But even discounting the possibility of wallets having multiple and shared destinations—because individuals acting independently of each other would be unlikely to send the same amounts at the same time—it becomes pretty tough to prove anything definitively using the blockchain. Wallets A and C might have been trying to send 7BTC to any of the three receiving accounts. Wallet B could have been trying to send 5BTC to either wallet G or wallet E and either paid a 1BTC fee or got lucky with no BTC fee.

With enough narrowing down and logical deduction, it might be possible to nail down one or more of the actors in this scenario. Wallet B is at the most risk, because its total transaction amount didn’t match that of wallets C and A. However, as things become more complex, it becomes even tougher to track down who did what. Mixing services become more effective as the number of users increases. Imagine the scenario above but with hundreds of input wallets and an equal number of output wallets. Wallet B would have hundreds of wallets with which to match up, not just three. Dozens of wallets could send in 8BTC over the same course of time that wallet B does.

As you can see, when people say Bitcoin is anonymous, they aren’t exactly correct. It can be anonymous but it is more accurate to call it pseudonymous. Every wallet is given an identity and what that identity says about you can vary. Even if the wallet address itself is completely separate from its owner’s real-life identity, a dedicated party could make a connection by watching a user’s browsing habits, eventually matching up an IP address with a transaction. This is a vulnerability that comes from the way the majority of us browse the web—using the default settings that Microsoft or Apple or Google give us.

Careful Bitcoin users who are determined to hide their identity and transactions can use an anonymous web browser such as Tor. Tor, which was once short for “The Onion Router,” is one of the few technologies out there that has a more nefarious reputation than Bitcoin.

When you connect to the Tor network, you go through an entry point called a node. There your request for information is mixed with the requests of every other user attempting to go through that node at that moment. This information is then encrypted together and then passed onto several other nodes before coming to what is called an exit node. The exit node decrypts the information and passes it along to the “regular” Internet. Tor then receives the requested information from the Internet, encrypts it, and sends it to an internal node, which then passes it to another internal node until it reaches another exit node, which decrypts the information and gives it back to the user.
This way, if the entry node becomes compromised, it will “know” who is requesting information but not what they requested. The exit node can figure out what everyone requested but not who it belongs to.

A Bitcoin address created and accessed by a computer using the Tor browser is virtually untraceable from the outside. If your computer is compromised by malware or viruses, no amount of precautions will prevent tracking. Popular operating systems, Windows in particular, are susceptible to snooping and attacks. Linux operating systems are generally more secure, but nothing is 100 percent.

Recent revelations have shown that the US National Security Agency and the UK’s Government Communication Headquarters have built backdoors into consumer electronics. If that is the case with your equipment, there is unlikely to be anything you can do to prevent tracking.

Whether you consider Bitcoin to be pseudonymous or anonymous, the fact is that it is possible to hide who you are giving bitcoins to on the network. Whether this is a good or a bad thing is open to some debate.

Bitcoin is essentially the cash of the Internet world. If I hand someone cash and then I am unhappy with the product or service they give me in return, I am at their mercy when asking for a refund; there is no third party I can appeal to. There is also no way to prove a transaction took place.

Assuming the accounts involved aren’t linked to any real-world identities, Bitcoin is the same way. The blockchain does make it possible to prove a transaction happened but without a link to real-world identities, there is no way to prove who sent what using only the data provided on the blockchain.

Ultimately, mixing services are only bringing the status quo of how cash transactions have worked in the physical world, to the digital realm. All sorts of escrow services exist to help provide trust. Ultimately, however, once the bitcoins leave your account, they belong to whomever you handed them to, just like cash—and there is very little that can be done to track cash transactions. Although regulators and fearmongers have attempted to paint Bitcoin as a tool that destroys the status quo, the truth is that it is only reestablishing the status quo that has existed for thousands of years before electronic transactions ever took place.

One of the most promising technologies in this specific niche of the Bitcoin ecosystem was Darkwallet, but it seems development has halted on the project as the developers ran out of money, despite having raised a lot of it. It is not currently in a usable state.

Co-invented by Cody Wilson, the creator of the 3D-printed gun, and Amir Taaki, the creator of Darkmarket, Darkwallet is a decentralized mixing service. Both of its inventors have anti-authoritarian, pro-individual freedom histories and politics. Nevertheless, their projects shouldn’t be considered as radical as they are often painted by the mainstream media. Darkwallet has been portrayed as something designed to fund terrorism, buy drugs, and launder money.

The truth is, Darkwallet is simply a tool, albeit one that can be used by criminals and innocent people alike. It can be used to obscure personal finances or purchases you’d rather keep private. Buying porn is a perfect example of a purchase someone might want to obscure for perfectly legal reasons. Porn isn’t illegal—at least, most of it, in most territories, isn’t—but a lot of people have plenty of reasons to want to keep that information private.

Bitcoin’s blockchain is open for everyone to see. Mitigating the personal-privacy issues that brings is not necessarily a bad thing. Should I have to let Visa or MasterCard know what kind of images turn me on sexually? Is that anyone’s business but mine? And does wanting to keep that information private make me a criminal? With the blockchain, the question isn’t just about letting Visa and MasterCard see these things, but potentially, allowing the entire world to see them. That is one example why privacy-minded Bitcoin apps should not get the “criminal tools” reputation they often receive in the mainstream media.

Of course, Darkwallet can be used for all sorts of illegal purposes, including many of the things mentioned by the mainstream media. The developer’s response would likely be that it is not as if those things didn’t exist before. The fiat system served criminals perfectly fine. Drug dealers have always found a way to sell their wares and hide their profits. Terrorist organizations have always been able to find funding through traditional means, often from friendly governments.

As for laundering money, that depends on who is doing the laundering and how much of it they are doing. Getting money onto the Bitcoin network is really difficult to do without revealing your identity; making your identity disappear, as I covered, is relatively easy but it is also obvious when you do it.

If a CEO of a public company wants to embezzle funds using Bitcoin, he or she has to get the money onto the Bitcoin network; short of handing someone a stack of cash in exchange for Bitcoin, this would eventually require connecting a personal or company account to a company that sells Bitcoin. Since public company financial records are public and the Bitcoin blockchain is public, Bitcoin would be an incredibly poor tool for embezzling a large amount of funds. The money would disappear once sent to a mixer but red flags would instantly be raised once that happened. Mixing services are easy to spot because, by necessity, they have to have a lot of Bitcoin transfer in and out of them.

A traditional company putting a lot of money onto the blockchain and then making it disappear would make good reporters and investors ask why. Even if no one noticed, there would be a paper trail in plain view, never a good thing when it comes to crime.

This is a key point when it comes to using Bitcoin for criminal transactions: the record is there for everyone to see, forever. Current mixing techniques might be able to mask transactions on the blockchain, to the point where it’s impossible to definitively tie transactions to a certain account. But this doesn’t account for every other tracking technique outside of the Bitcoin blockchain nor does it account for techniques that will be developed in the future.

Bitcoin is not the only emergent technology currently being developed. Big data is another huge one and it is bound to incorporate the blockchain in some way. If one uses data from massive Internet tracking operations, it may become much easier to link someone’s real-life identity to their Bitcoin wallet.

As Nathan Wosnack, the cofounder of Blockchain Factory (a B2B service that is primarily focused on extending the useful data found in the blockchain), has pointed out:

I feel as though the statements about anonymity on an open and immutable public ledger that can be audited by anyone [like the blockchain] to be a completely ridiculous assertion and [a] modern myth. […] Using mixers helps, but I’m still not convinced even those can save one from sophisticated forensic accounting tools likely being used and in development by law enforcement to analyze targeted [individuals] or even big data and figure out roughly who the parties are, where, and what they’re buying or selling.

It is impossible to predict the future with 100 percent accuracy. We don’t know what kind of tools will be combing through the blockchain in the future. For that reason, any serious crimes are probably better off being conducted in the fiat world with untraceable cash. It might seem advantageous to use Bitcoin rather than credit cards or wire transfers, and in many cases it could be, but the records of the latter form of transaction might eventually be deleted or buried. Banks are only required to keep records for five years.

They might hold on to them longer than that but might not. With Bitcoin, those transactions are never going away. They are a part of Bitcoin’s history forever, regardless of whether the people who participated in the transaction want them to be or not. It is not unreasonable to expect that in a cryptocurrency-powered future, political candidates will have their Bitcoin history pored over by their opponents and media sleuths.

The blockchain is not the only place they will look for hints. Interacting with the blockchain generally means interacting with the Internet. Every interaction holds the potential to reveal the user’s identity through a leaky browser, an unmasked IP address, or via a dozen other ways. The Internet is not anonymous, so it is difficult to do anything—including interactions with the Bitcoin ecosystem—without compromising your identity.

Even Tor nodes have been compromised in the past. Currently, the safest thing one can do is use TailsOS, an operating system that exists solely on a USB stick or other storage device and is reflashed (i.e., erased of data outside the operating system itself) every time it is used. It is like having a brand new Internet identity every time you use it. When used in combination with other privacy techniques, TailsOS can even help circumvent government or other spying significantly. TailsOS was credited by Edward Snowden as being instrumental in helping him maintain his privacy while he leaked what are now known as the Snowden Documents.

The people who can take advantage of Bitcoin in order to move money overseas without government approval are people who already fly under the radar. Preventing someone from moving their life savings out of a country before they emigrate elsewhere without paying taxes is not likely the kind of financial crime most of us worry about stopping. Yet those kinds of medium-sized transactions, as well as smaller ones, are likely to be the kind most enabled by the Bitcoin network.

Bitcoin would be less effective than cash for the kind of multimillion-dollar transactions that regular people think of when they hear the term “money laundering.” Certainly, once the money is laundered, it would be easier to transport than, say, a briefcase full of cash. But the question becomes how to get that money onto the network without it being linked to a real-life or corporate identity.

It’s not as if there are plenty of people looking to sell hundreds of thousands of dollars’ worth of Bitcoin for cash. To find a whale like that you would need to go online and going online creates records.

Potentially, a Bitcoin-run world would be more difficult for big-time money launderers. If a currency such as Bitcoin ever replaces or significantly supplements traditional fiat currencies, it would only make sense that public companies would keep their public spending on the blockchain public. Given the choice, would you invest in a company that keeps all of its finances public or one that puts its money through a mixing service and hides its transactions from the public and its stockholders?

The same could be applied to charities. Would more people give to a charity that was upfront and open about how it spent its money or one that attempted to obscure the blockchain record?

Bitcoin ultimately is both pseudonymous and completely traceable. How easy a user is to trace depends on how hard that user works to obscure him or herself. Despite this seemingly contradictory nature, both Bitcoin’s traceability and its increased privacy have roles to play in the technological future.

You might also like

Previous
Next Post »