Bitcoin: Anonymous or Pseudonymous?
✔ Johnny Ridden
Bitcoin: Anonymous or Pseudonymous - There’s going to be so much information about individuals floating around, that we want to protect privacy as much as we can…. But some of the bankers feel that an anonymous system is never going to make it, or even be something that they can get behind.
—Early cryptographer Ernie Brickell, December 1994, Wired
As I mentioned in my blog post before, the
tracks all transactions and balances on the network. Each wallet is identified by a long string of numbers that acts as the user’s Bitcoin identity or blockchain . As long as that identity is kept separate from your real-life identity, transactions can’t be traced back to you in the way a credit card statement can. pseudonym
The issue is that there are a lot of different ways to link a Bitcoin account to an online identity. And from there, it is usually only a small jump from “online identity” to “real-life identity.” Getting onto the Bitcoin network is the biggest hurdle to remaining anonymous on the Bitcoin network. If you don’t work for Bitcoin or can’t find someone who will sell you bitcoins for cash, you will eventually have to make a wire transfer, use a credit card or PayPal account, or do something else that will allow any enterprising third party to figure out who you are, how much Bitcoin you purchased, and what wallet you put it in.
Once someone does that, they can simply follow your transactions on the
. Although there blockchain actual pieces of data or any other “physical” thing moving through the network, the aren’t records every subtraction from your account and its corresponding deposit on the network. blockchain
If Bob gives Jack five bitcoins, the network will see that there were five bitcoins subtracted from Bob’s account and added to Jack’s account. Nothing actually “travels” through the Internet; there are just five fewer bitcoins in Bob’s wallet and five more in Jack’s. If Jack is a disreputable person, Bob might not want the whole world to see that he is giving Jack five bitcoins, but the transaction will be recorded on the
for anyone who cares to look. As mentioned, the Bitcoin network doesn’t track transactions by individuals’ names; it only tracks wallet addresses. blockchain
A typical Bitcoin transaction will look something like this: 18xAMYmeDHqmtPvM76VwECqzcEC7oCST15
That means nothing to you or me. All you might see is that wallet 18xAMYme… gave 0.02BTC to wallet 38ccq12…. However, if you knew that I controlled that first address and that the second address is controlled by the Bitcoin homeless outreach charity Sean’s Outpost, then you can easily figure out that I sent 0.02
to Sean’s Outpost on June 22, 2014. bitcoins
Now let’s say I want to hide my charitable transaction from the public. It isn’t enough to simply buy bitcoins with a credit card and then send that money to another user; there needs to be an intermediary, and that intermediary needs to behave in specific ways.
If wallet A sends five bitcoins to wallet B and then wallet B sends five bitcoins to wallet C, you can be reasonably confident that it was wallet A’s intention to send wallet C five bitcoins. This is especially true if wallet B didn’t have any bitcoins to begin with or had only received bitcoins from wallet A during its entire existence.
If an interested party knows that I own wallet A and wallet C is owned by Sean’s Outpost, then they can be reasonably confident that I was intending to send the bitcoins to Sean’s Outpost.
In a legal sense, there is some question when the level of reasonable doubt would exonerate someone in the case of a crime being committed. If I send bitcoins to another wallet that had no bitcoins previously and then that wallet sends that same amount of money to an account associated with a drug dealer, is that a reasonable level of evidence to convict me of buying drugs? What if the intermediate wallet, wallet B in this case, already had some
in it? What if that bitcoin came from a variety of sources? What if I send it three bitcoin and it sends two to wallet C? What if it then sends me back the remaining one? What if it doesn’t? These types of questions, I suspect, will be answered by the courts in the coming years. bitcoins
When it comes to personal privacy, however, legal questions aren’t always the issue at hand. The court of public opinion can often be harsher than the legal one, and how and when you spend your money could be
used by advertisers or worse—scammers, stalkers, and psychopaths. information
There has been a concerning trend in the media to portray any attempt to preserve personal privacy as a criminal act. Somehow, not wanting to broadcast everything
has become associated with the criminal element. There are plenty of logical reasons to want to keep your personal to everyone —reasons that have nothing to do with criminal activity. transactions private
I write for CoinJournal, which pays me in Bitcoin. I also ask for donations on my personal blog, so my Bitcoin address is public information. If a competing website wanted to try and poach me from CoinJournal, it could look at how much money is sent every week from CoinJournal and offer me more money.
Competitive employee poaching is a serious concern for a lot of businesses and having employee salaries publicly available might not be an ideal situation.
There is also the concern of becoming a target. If people can publicly see that you have just come into a large amount of money, this presents its own set of problems.
Beyond that, privacy is just a human-rights issue. In an article about Digicash, the pre-Bitcoin attempt at a digital currency I talked about in an earlier chapter, Wired’s Steven Levy quotes the cryptographer and then-Digicash employee Niels Ferguson:
Oh, the number of times I’ve had to argue with people that they need privacy! They’ll say, “I don’t care if you know where I spend my money.” I usually tell them, “What if I hire a private investigator to follow you around all day? Would you get mad?” And the answer always is, “Yes, of course I would get mad.” And then my argument is, “If we have no privacy in our transaction systems, I can see every payment—every cup of coffee you drink, every Mars bar you get, every glass of Coke you drink, every door you open, every telephone call—you make. If I can see those, I don’t need a private investigator. I can just sit behind my terminal and follow you around all day.” And then people start to realize that, yes, privacy is in fact something important. Any one part of the information is probably unimportant. But the collection of the information, that is important.
The point is that there are few things more private than your finances, so how do you deal with the fact that Bitcoin uses a public ledger? How do you keep your pseudonymous transactions on the Bitcoin network truly separate from your real-life identity?
It is important to remember that bitcoins don’t actually exist other than in the code that makes up the Bitcoin network. It is impossible to track bitcoins because there is nothing differentiating one
from another. They are just variable balances in individual wallets. When a transaction is sent from wallet A to wallet B, nothing actually moves; wallet A just has fewer bitcoins while wallet B gains the corresponding amount. bitcoin
It is the transactions themselves that are tracked. If you simply vary your transaction amounts and split them up among many addresses, you can make these transactions much harder to follow than if you were simply sending money from point A to point B directly. Still, this technique only adds one more layer of complexity. Anyone willing to do the work should be able to connect the dots.
There are services that
Bitcoin transactions virtually impossible to track by today’s technology. They accomplish this by mixing transactions together. If you take a bunch of different people’s transactions, send them to a single wallet and then redistribute them to make the original contributors addresses control but to, it is virtually impossible to prove who owned what using the aren’t linked alone. blockchain
There are several ways to achieve this. The most obvious way, one that appeared as soon as Bitcoin started drawing mainstream attention, is a coin “laundry” service. These are groups of people who will take transactions from various users, mix them together, and then send them out to whatever addresses the customers ask for. In order to increase anonymity, the coins are typically held for a minimum of several hours, and the fee involved is variable and random in order to make it harder for interested parties to match up transactions.
This method has some disadvantages, however. You have to trust someone who by the nature of their business has to stay anonymous and is able to close up shop at any time.
This approach is effective in that it can’t be tracked on a
connecting with exchanges often requires some sort of personal identification and a possible log of IP addresses. This same method, however, can be applied to gambling sites, which rarely ask for identification and have also been blockchain but an unintentional mixing service for years. offering
Recently, this service has become codified
software, eliminating the need to depend on sometimes untrustworthy third parties. The concept came to life in a technology called CoinJoin, which is now used by many services. into , when used properly, mixes coins to increase anonymity automatically. However, depending on the parameters set by the user, CoinJoin doesn’t necessarily make transactions anonymous because successful mixing depends on following the process described above. Users will often, either knowingly or through ignorance, choose convenience over privacy and opt to not mix their coins thoroughly enough to provide true anonymity. CoinJoin
Think back to the example above. If wallet A sends wallet B five
and then wallet B sends five bitcoins to wallet C, it is easy enough to assume wallet A was sending wallet C five bitcoins using wallet B as an intermediary. bitcoins
Combining several Bitcoin users’ transactions makes it more difficult to track but not impossible. If wallet A, wallet B, and wallet C send bitcoins to a mixing service (wallet D) and then pass that money
wallets E and F but don’t want outside onto who sent what to whom, simply sending their sources knowing to wallet D is not enough. bitcoin
If wallet A puts two bitcoins, wallet B puts six bitcoins, and wallet C puts nine bitcoins into the CoinJoin wallet—and then two bitcoins are sent to wallet E in one transaction, another six are sent to wallet E in a second transaction, and nine bitcoins are sent to wallet F—then we can safely assume that wallet A sent two bitcoins to wallet E, wallet B sent six to wallet E and wallet C sent nine to wallet F.
This is what was happening to users who tried to harness the CoinJoin feature on Blockchain.info’s popular Bitcoin web wallet. Blockchain.info is not a privacy-focused company; it simply provides information on the Bitcoin wallet and Bitcoin addresses that are easy to obtain and discard. It added CoinJoin as a
gave its users free rein on how they use it. Many of them did not understand that the process of mixing transactions with similar transactions was not automatic and were upset when they noticed how easy it was for a third party to track their transactions. feature but
Most Bitcoin transactions
on the fiat price at the time. With a constantly changing exchange rate that varies depending on which Bitcoin payment processor is used, transactions tend to look like this: 0.04534051BTC, an amount that is not easily matched. In order to properly mix coins, there need to be identical amounts going in and out. are based
The diagram above shows a basic successful mixing. Although a law enforcement agency or other interested party might strongly suspect that wallet C sent five bitcoins to wallet F, it can’t prove that wallet C didn’t send those bitcoins to wallet E instead. The problem is that this method requires wallets A, B, and C to work together in order to send the same amount. This generally requires centralization in some way. There are popular services that will launder
and the more popular they are, the more powerful their mixing service is. The best services will establish rules for users to follow in order to maximize the effectiveness of their mixing services. bitcoins
The above diagram shows the basic principles of mixing
most services take the process a step further by staggering transactions and randomizing the fee taken. Most mixing services take a small fee of between 0.1 and 0.25 coins but in order to illustrate this process percent but , we will use round numbers. So let’s assume that the mixing services take 0, 1, 2, or 3 simply per mixing and this amount is chosen randomly. bitcoins
Let’s say the three wallets (A, B, C) want to send three different amounts to three other wallets (E, F, G) using a mixing service (wallet D). In this graph, I’m going to separate the transactions to illustrate that they were sent at staggered times.
Users are instructed to send Bitcoin in either 4BTC or 2BTC amounts and are told they will receive their mixed bitcoins in 1BTC or 3BTC increments. Users are also told to send three extra BTC for each mixing to account for the randomized 0BTC, 1BTC, 2BTC, or 3BTC fee. If they receive either a 1BTC or 2BTC fee, the extra bitcoins will be sent to the destination address—generally, the idea is to mix the coins into another account you own, not to send the bitcoins to their final destination through the mixing service.
Things become more difficult for
snoopers at this point. The only thing that could be determined from the above is that wallet B probably didn’t send money to wallet F, because wallet blockchain total sent amount is lower than wallet F’s received amount. However, it could be argued that perhaps wallet C wanted to send money to any of the three wallets E, G, or F, which would complicate things further. B’s
But even discounting the possibility of wallets having multiple and shared destinations—because individuals acting independently of each other would be unlikely to send the same amounts at the same time—it becomes pretty tough to prove anything definitively using the
. Wallets A and C might have been trying to send 7BTC to any of the three receiving accounts. Wallet B could have been trying to send 5BTC to either wallet G or wallet E and either paid a 1BTC fee or got lucky with no BTC fee. blockchain
With enough narrowing down and logical deduction, it might be possible to nail down one or more of the actors in this scenario. Wallet B is at the most risk, because its total transaction amount didn’t match that of wallets C and A. However, as things become more complex, it becomes even tougher to track down who did what. Mixing services become more effective as the number of users increases. Imagine the scenario
with hundreds of input wallets and an equal number of output wallets. Wallet B would have hundreds of wallets with which to match up, not just three. Dozens of wallets could send in 8BTC over the same course of time that wallet B does. above but
As you can see, when people say Bitcoin is anonymous, they aren’t exactly correct. It can be
it is more accurate to call it pseudonymous. Every wallet is given an identity and what that identity says about you can vary. Even if the wallet address itself is completely separate from its owner’s real-life identity, a dedicated party could make a connection by watching a user’s browsing habits, eventually matching up an IP address with a transaction. This is a vulnerability that comes from the way the majority of us browse the web—using the default settings that Microsoft or Apple or Google give us. anonymous but
Careful Bitcoin users who are determined to hide their identity and transactions can use an anonymous web browser such as Tor. Tor, which was once short for “The Onion Router,” is one of the few technologies out there that
a more nefarious reputation than Bitcoin. has
When you connect to the Tor network, you go through an entry point called a node. There your request for information is mixed with the requests of every other user attempting to go through that node at that moment. This information is then encrypted together and then passed
several other nodes before coming to what is called an exit node. The exit node decrypts the information and passes it along to the “regular” Internet. Tor then receives the requested information from the Internet, encrypts it, and sends it to an internal node, which then passes it to another internal node until it reaches another exit node, which decrypts the information and gives it back to the user. onto
This way, if the entry node becomes compromised, it will “know” who is requesting information but not what they requested. The exit node can figure out what everyone
not who it belongs to. requested but
A Bitcoin address created and accessed by a computer using the Tor browser is virtually untraceable from the outside. If your computer is compromised by malware or viruses, no amount of precautions will prevent tracking. Popular operating systems, Windows in particular, are susceptible to snooping and attacks. Linux operating systems are generally more secure, but nothing is 100 percent.
Recent revelations have shown that the US National Security Agency and the UK’s Government Communication Headquarters have built
into consumer electronics. If that is the case with your equipment, there is unlikely to be anything you can do to prevent tracking. backdoors
Whether you consider Bitcoin to be pseudonymous or anonymous, the fact is that it is possible to hide who you are giving bitcoins to on the network. Whether this is a good or a bad thing is open to some debate.
Assuming the accounts involved aren’t linked to any real-world identities, Bitcoin is the same way. The
does make it possible to prove a transaction blockchain without a link to real-world identities, there is no way to prove who sent what using only the data provided on the happened but . blockchain
Ultimately, mixing services are only bringing the status quo of how cash transactions have worked in the physical world,
the digital realm. All sorts of escrow services exist to help provide to . Ultimately, however, once the bitcoins leave your account, they belong to whomever you handed them to, just like cash—and there is very little that can be done to track cash transactions. Although regulators and trust have attempted to paint Bitcoin as a tool that destroys the status quo, the truth is that it is only reestablishing the status quo that has existed for thousands of years before electronic transactions ever took place. fearmongers
One of the most promising technologies in this specific niche of the Bitcoin ecosystem was Darkwallet, but it seems development has halted on the project as the developers ran out of money, despite having raised a lot of it. It is not currently in a usable state.
Co-invented by Cody Wilson, the creator of the 3D-printed gun, and Amir Taaki, the creator of Darkmarket, Darkwallet is a decentralized mixing service. Both of its inventors have anti-authoritarian, pro-individual freedom histories and politics. Nevertheless, their projects shouldn’t be considered as radical as they are often painted by the mainstream media.
has been portrayed as something designed to fund terrorism, buy drugs, and launder money. Darkwallet
The truth is, Darkwallet is simply a tool, albeit one that can be used by criminals and innocent people alike. It can be used to obscure personal finances or purchases you’d rather keep private. Buying
is a perfect example of a purchase someone might want to obscure for perfectly legal reasons. Porn isn’t illegal—at least, most of it, in most territories, isn’t—but a lot of people have plenty of reasons to want to keep that information private. porn
Of course, Darkwallet can be used for all sorts of illegal purposes, including many of the things mentioned by the mainstream media. The developer’s response would likely be that it is not as if those things didn’t exist before. The fiat system served criminals perfectly fine. Drug dealers have always found a way to sell their wares and hide their profits. Terrorist organizations have always been able to find funding through traditional means, often from friendly governments.
As for laundering money, that depends on who is doing the laundering and how much of it they are doing. Getting money
the Bitcoin network is really difficult to do without revealing your identity; making your identity disappear, as I covered, is relatively easy but it is also obvious when you do it. onto
If a CEO of a public company wants to embezzle funds using Bitcoin, he or she has to get the money
the Bitcoin network; short of handing someone a stack of cash in exchange for Bitcoin, this would eventually require connecting a personal or company account to a company that sells Bitcoin. Since public company financial records are public and the Bitcoin onto is public, Bitcoin would be an incredibly poor tool for embezzling a large amount of funds. The money would disappear once sent to a blockchain red flags would instantly be raised once that happened. Mixing services are easy to spot because, by necessity, they have to have a lot of Bitcoin transfer in and out of them. mixer but
A traditional company putting a lot of money onto the
and then making it disappear would make good reporters and investors ask why. Even if no one noticed, there would be a paper trail in plain view, never a good thing when it comes to crime. blockchain
This is a key point when it comes to using Bitcoin for criminal transactions: the record is there for everyone to see, forever. Current mixing techniques might be able to mask transactions on the
, to the point where it’s impossible to definitively tie transactions to a certain account. But this doesn’t account for every other tracking technique outside of the Bitcoin blockchain nor does it account for techniques that will be developed in the future. blockchain
As Nathan Wosnack, the cofounder of
Factory (a B2B service that is primarily focused on extending the useful data found in the Blockchain ), has pointed out: blockchain
I feel as though the statements about anonymity on an open and
that can be audited by anyone [like the immutable public ledger ] to be a completely ridiculous assertion and [a] modern myth. […] Using mixers helps, but I’m still not convinced even those can save one from sophisticated forensic accounting tools likely being used and in development by law enforcement to analyze targeted [individuals] or even big data and figure out roughly who the parties are, where, and what they’re buying or selling. blockchain
It is impossible to predict the future with 100 percent accuracy. We don’t know what kind of tools will be combing through the
blockchain in the future. For that reason, any serious crimes are probably better off being conducted in the fiat world with untraceable cash. It might seem advantageous to use Bitcoin rather than credit cards or wire transfers, and in many cases it could be, but the records of the latter form of transaction might eventually be deleted or buried. Banks are only required to keep records for five years.
They might hold on to them longer than
that but might not. With Bitcoin, those transactions are never going away. They are a part of Bitcoin’s history forever, regardless of whether the people who participated in the transaction want them to be or not. It is not unreasonable to expect that in a cryptocurrency-powered future, political candidates will have their Bitcoin history pored over by their opponents and media sleuths.
blockchain is not the only place they will look for hints. Interacting with the blockchain generally means interacting with the Internet. Every interaction holds the potential to reveal the user’s identity through a leaky browser, an unmasked IP address, or via a dozen other ways. The Internet is not anonymous, so it is difficult to do anything—including interactions with the Bitcoin ecosystem—without compromising your identity.
Even Tor nodes have been compromised in the past. Currently, the safest thing one can do is use TailsOS, an operating system that exists solely on a USB stick or other storage device and is
reflashed (i.e., erased of data outside the operating system itself) every time it is used. It is like having a brand new Internet identity every time you use it. When used in combination with other privacy techniques, TailsOS can even help circumvent government or other spying significantly. TailsOS was credited by Edward Snowden as being instrumental in helping him maintain his privacy while he leaked what are now known as the Snowden Documents.
The people who can take advantage of Bitcoin in order to move money overseas without government approval are people who
already fly under the radar. Preventing someone from moving their life savings out of a country before they emigrate elsewhere without paying taxes is not likely the kind of financial crime most of us worry about stopping. Yet those kinds of medium-sized transactions, as well as smaller ones, are likely to be the kind most enabled by the Bitcoin network.
It’s not as if there are plenty of people looking to sell hundreds of thousands of dollars’ worth of Bitcoin for cash. To find a whale like that you would need to go online and going online creates records.
Potentially, a Bitcoin-run world would be more difficult for big-time money launderers. If a currency such as Bitcoin ever replaces or significantly supplements traditional fiat currencies, it would only make sense that public companies would keep their public spending on the
blockchain public. Given the choice, would you invest in a company that keeps all of its finances public or one that puts its money through a mixing service and hides its transactions from the public and its stockholders?
The same could be applied to charities. Would more people give to a charity that was upfront and open about how it spent its money or one that attempted to obscure the
You might also like
SUBSCRIBE TO OUR NEWSLETTER