Understanding Privacy: How Anonymous Can Bitcoin Payments Be?
Since its inception, Bitcoin as a payment medium has a cemented an impression of being anonymous and privacy-centric. So much so that the currency has been glorified by the masterminds behind the doomed Silk Road, and advocated by recognized influencers such as German politician Franz Schäffler, celebrity Ashton Kutcher, famed author & economist David Friedman, and finance guru Kevin O’Leary to name a few.
Kutcher in particular said that, “I think the fact that you can buy drugs and ammo with [bitcoin] is actually a validator of the currency itself.”
The downfall of Silk Road, however, speaks volumes about the imaginary shield that people think they are hiding behind when making bitcoin transactions.
An Untraceable Payment System, the Dream for Privacy Advocates
Pantera Capital’s Ronald A. Glantz describes Bitcoin as, “A consensus network that enables a new payment system and completely digital currency. It is the first decentralized peer-to-peer payment network that is powered by its users with no central authority or middlemen. From a user perspective, Bitcoin can be considered to be cash for the Internet.”
In his definition, Glantz explains how a network of people agree by mutual consent to exchange a digital currency without physical form. The currency, as the definition explains, is unregulated and no financial institution has control over its price, supply, risks, valuation methods and distribution. The remarkable aspect of Bitcoin is that it has no trust because of its decentralized nature, and yet that’s what makes it so trusted.
Sounds like the perfect candidate for a completely anonymous payment method, right? Not exactly.
Just How Private Are Your Bitcoin Transactions, Really?
Every single bitcoin payment is recorded in a digital public ledger known as the blockchain. This blockchain records the transfer of bitcoin from user to user and links them to transactions. Although bitcoin wallets have uniquely-coded identifiers, which usually don’t point towards the identity of parties involved, there have been incidents where peoples’ identities were accurately linked to their wallets.
The transparency of bitcoin transactions are the reason there is no privacy when using the system. Once a transaction is recorded, it is available for anyone to see and can be easily traced back to an IP address.
Malte Moser at the University of Münster argues in his paper, “Anonymity of Bitcoin Transactions”:
“But as all transactions in the network are stored publicly in the blockchain, allowing anyone to inspect and analyze them, the system does not provide real anonymity but pseudonymity.”
While Moser only looked at the concept theoretically, 3 researchers went a step ahead and tested the hypotheses. In their research paper, “Deanonymisation of Clients in Bitcoin P2P Network,” Alex Biryukov, Dmitry Khovratovic & Ivan Pustogarov (researchers at the University of Luxembourg) concluded that linking bitcoin transactions to personally identifiable information of users (IP address, name, financial details etc.) has a success rate between 11% and 60%, if done with great stealth.
Using a generic method, the 3 researchers managed to bypass NAT Firewall protection of Bitcoin users, identifying their transactions made over the network.
But they didn’t stop there, the researchers also demonstrated that “a natural countermeasure of using Tor or other anonymity services can be cut-off by abusing anti-DoS countermeasures of the Bitcoin network.”
This abuse of the Bitcoin network’s anti-DoS security that the researchers mention is usually accomplished by making a large number of small value transactions crowding the entire blockchain, hence, disabling other users from conducting transactions.
Similarly, a moderator on the Bitcointalk.org forum established the same, noting that:
“Bitcoin is often promoted as a tool for privacy but the only privacy that exists in Bitcoin comes from pseudonymous addresses which are fragile and easily compromised through reuse, “taint” analysis, tracking payments, IP address monitoring nodes, web-spidering, and many other mechanisms. Once broken this privacy is difficult and sometimes costly to recover.”
Even the staunchest advocates and experts of the cryptocurrency dismiss the idea of it being an anonymous method of transacting online. Adam Ludwin, Co-Founder of Chain.com, concluded in his 2015 article, “How Anonymous is Bitcoin,” that “Average users should be aware that [Bitcoin] is certainly less anonymous than cash.”
Ludwin’s conclusions can be verified by looking at the use of cash in daily life compared to Bitcoin. If I buy anti-depressants from a medic, there is no proof but the doctor’s prescription that I am mentally ill (information that should be highly confidential). In case I buy the same medicine with Bitcoin the transaction is available in the blockchain (ready for abuse) for the world to know that I am indeed crazy.
So we know now that there are three ways to kill the Bitcoin Network’s anonymity:
- Since Bitcoin is a peer to peer network (vulnerable to hackers), if hackers can connect to the Bitcoin network using several nodes or computers there is a high chance that they can extract enough information to decipher where transactions originated.
- In case a Bitcoin Wallet has been registered against real personal details, the job becomes all that much easier for hackers and cybercriminals looking to breach Bitcoin data.
- The transparency of the blockchain allows transactions to be analyzed and possibly linked to the initiator of a certain transaction.
Securing Bitcoin Network Transactions
TBiryukov & Co. may have done everyone a favor and convinced us with evidence that bitcoin transactions are not private or anonymous, but the confusion still remains: how do we get anonymity while on the Bitcoin network?
The solution that most researchers, advocates, and Bitcoin users’ suggest is to change your bitcoin address or pseudonym for every transaction. There are Windows, Mac and mobile based apps such as Mycelium, Bitcoin Wallet, CoPay, Bitcoin Core and Armory that allow managing multiple pseudos on their interfaces. Alternatively, you can choose to do so manually.
A crucial aspect that none of the research papers discussed was using a VPN together with Bitcoin network. A Virtual Private Network — or VPN — is an anonymity and privacy tool designed to ensure that not even the ISP would know about my online activities.
VPN tunneling ensures that I will be invisible to all parties listening in on my network connection while encryption will secure all online data passing between me and the VPN server. DoS will not work since the hacker(s) will be unable to get a fix on my location & network.
The way it works is that a VPN also changes your location virtually to the server region you have connected to. So if I connect to a VPN server in London, my IP address appearing to anyone online will be one located in the UK.
Let’s assume that I am connected to a UK based VPN server (a country I most definitely don’t live in), create a fake (even temporary) email address, then open up a TOR browser and create a Bitcoin Wallet (encrypted digital currency with Pseudonyms). After all this, I add funds to said Bitcoin Wallet using a prepaid credit card that I purchased with hard cash.
What does anyone have on me now?
Considering the strategy above my personal data & network is now secure behind the VPN (I’m anonymous), the fake email is registered to Victor Von Lichtenstein of Llanbradach, Caerphilly, South Wales, UK and I used TOR to buy stolen credit card information from hackers and scammers. Now, technically I can empty these credit cards to purchase the entire game library from a site like GoG.com, download the games and be on my merry way without a care for chargebacks or traceability.
You may hate him for that but you will never be able to catch Mr. Lichtenstein doing naughty business online, at least in theory.
The same although cannot be said when buying tangible goods with Bitcoin, since the delivery address cancels out all the hullabaloo of the cryptocurrency being anonymous. Even with TOR, a VPN and Bitcoin’s encryption the wrong purchase can get you some legal worries.
Verdict: Anonymous Or Not?
It’s certainly possible to jump through hoops and avoid entities from tracking your Bitcoin transactions and somehow lose them on your trail, still bitcoin can not technically be considered anonymous.
Yes, Bitcoin is pseudonymous and allows vast freedom to conduct transactions quickly and without revealing too much personal information. But, eventually the digital world or the “felons” of the digital world eventually catch up to you.
Bitcoin is a great way to purchase digital commodities like software, books, white papers, reports, databases and even illegal intangibles like credit card information, but the second you give it a physical mailing address it’s probably time for you to move.
Did I leave anything out? Anything you disagree with? Do share your comments or tweet to me at @Ameerrizonline
Ameer Abbas is a senior editor and a most viewed writer on Quora in Internet Privacy, Cyber Security, VPN and Torrents. He has continued work as a privacy advocate with Best VPN Provider and is working towards becoming an established privacy & security author online. Ameer takes a keen interest in technology, geo-political affairs and international cyber laws. Ameer loves outdoor sports including cricket, swimming, athletics, and football.
Images courtesy of WordStream, Wikimedia Commons, Collaborative Institutional Training Initiative.