Topic: Bitcoin Anonymity (or the Lack Thereof) for Newbies (Read 3683 times)
Anonymity does not yet exist in Bitcoins. There is a project called Zerocoin that is designed to add anonymity to bitcoin: http://zerocoin.org/index.
The weird Mitt Romney extortion attempt, they found they guy from the USB thumbdrive he mailed with the ransom demands and recovered his old pictures.
LOL what an idiot! I'm no hacker and even I know how to wipe a drive properly. Or, uh, invest a few bucks in a brand new one...
Especially before I go committing a gigantic crime. Ooops, now the cat's out of the bag.
I don't think it's possible to completely wipe a flash drive or any wear leveling device. Also, never heard what became of this all I remember is they seized his personal fortune in coins and probably didn't give it back.
The weird Mitt Romney extortion attempt, they found they guy from the USB thumbdrive he mailed with the ransom demands and recovered his old pictures.
LOL what an idiot! I'm no hacker and even I know how to wipe a drive properly. Or, uh, invest a few bucks in a brand new one...
Especially before I go committing a gigantic crime. Ooops, now the cat's out of the bag.
I completely agree that there are some issues with anonymity, but I think overall this is about as close as a person can get to anonymously earning / trading / spending any sort of currency.
What we all have to keep in mind is that we're in the midst of a grand experiment and, for a thousand reasons, we have to accept the possibility (however remote) that it could fail. Heck, the wiki comes right out and says so numerous times.
Having said that, I'm not heavily invested in BTC because my mining capabilities and investment resources (aka evil American $) are quite limited. But I'm confident enough in the concept that, if I did have the option to invest more, I would. All the same, we must keep security, including anonymity, a top priority as Bitcoin grows.
What we all have to keep in mind is that we're in the midst of a grand experiment and, for a thousand reasons, we have to accept the possibility (however remote) that it could fail. Heck, the wiki comes right out and says so numerous times.
Having said that, I'm not heavily invested in BTC because my mining capabilities and investment resources (aka evil American $) are quite limited. But I'm confident enough in the concept that, if I did have the option to invest more, I would. All the same, we must keep security, including anonymity, a top priority as Bitcoin grows.
Withdraw coins to address
Send them to another address that was generated through Tor/i2p or offline
Repeat again
Cash out the coins on localbitcoins
There's no possible way any court can prove you own the middle addresses unless they find your private keys or you generated them using a clear connection. So if you use full disk encryption, and you aren't retarded, you can basically be as pseudo anonymous as you want using bitcoin. You can even split them up into hundreds of different addresses, run them through a laundry service and then destroy your encrypted disks that generated the wallet(s) if you were that paranoid.
I don't know of any court case where somebody was caught through Bitcoin. The weird Mitt Romney extortion attempt, they found they guy from the USB thumbdrive he mailed with the ransom demands and recovered his old pictures.
Send them to another address that was generated through Tor/i2p or offline
Repeat again
Cash out the coins on localbitcoins
There's no possible way any court can prove you own the middle addresses unless they find your private keys or you generated them using a clear connection. So if you use full disk encryption, and you aren't retarded, you can basically be as pseudo anonymous as you want using bitcoin. You can even split them up into hundreds of different addresses, run them through a laundry service and then destroy your encrypted disks that generated the wallet(s) if you were that paranoid.
I don't know of any court case where somebody was caught through Bitcoin. The weird Mitt Romney extortion attempt, they found they guy from the USB thumbdrive he mailed with the ransom demands and recovered his old pictures.
Or, anyone here tried to route the miners through TOR to the regular clearnet address of a pool?
You can use cgminer with a proxy, and thus also over Tor. Just pass "--socks-proxy 127.0.0.1:9050" to it. This works very well for me on deepbit. If you have Tor already installed, it couldn't really be any easier, I think.
(But I use the command-line regularly and am used to it. In fact, I love it for a lot of tasks.)With a "real operating system" like Debian in my case, installing Tor is just as easy as pulling the corresponding package through the packet manager. This will give you a completely configured (if you accept the default config) installation, and make sure Tor is automatically started on system boot. I don't know how this works on Windows, maybe the installation is harder there.
OK, thanks guys.
So IP logging/sniffing is the main impediment to anonymous mining. I don't think I'm quite paranoid enough to try mining though TOR, but that's useful info. Solo mining unfortunately is out of the question for all but the very largest scale miners, and I'm not quite sure how well that would work under TOR as it needs good connectivity to the major nodes (ie pools) in order to avoid orphaned blocks.
Cheers
So IP logging/sniffing is the main impediment to anonymous mining. I don't think I'm quite paranoid enough to try mining though TOR, but that's useful info. Solo mining unfortunately is out of the question for all but the very largest scale miners, and I'm not quite sure how well that would work under TOR as it needs good connectivity to the major nodes (ie pools) in order to avoid orphaned blocks.
Cheers
Is bitcoin mining anonymous?
No real difference to all other aspects of Bitcoin:
the operator knows you. No matter if we are talking about an exchange, a pool or some other service. Even if you don't give him your real data and ID scans and the like, as soon as your real IP is known, consider your anonymity blown.
Of course there is TOR, which I consider safe/anonymous enough for this kind of things.
Make absolutely sure you use only .onion (= TOR-internal) sites and SSL-encrypted (aka https) regular sites! Consider everything you do over plain http over TOR public knowledge and in immediate knowledge and manipulation of evil crackers (malicious, sniffing exit-node).
The interesting question is: Is there a pool which operates a TOR .onion service?
Or, anyone here tried to route the miners through TOR to the regular clearnet address of a pool?
Pro-mode: Do solo-mining, this will definitely work over TOR, with no central/malicious instance at all! :-)
Also: I like this thread!
Ente
Thanks Ente. That's some really useful information. I've tinkered around with Tor, but have never really used it. I consider myself fairly technical. Where does that leave most "every day" users? I think we should steer clear of calling Bitcoin private or anonymous until people fully understand the implications of being anonymous/private on the Internet in the first place. I wonder if promoting Bitcoin will go right inline with promoting things like Tor for those interested in a way to completely separate from central banks and totalitarian government controls.
On a related note, you may all find these resources helpful: http://prism-break.org/
As Gavin said at the conference, privacy is not an easy problem to solve.
The only thing worse than no security is a false sense of security. At least with the first, you are aware enough to take proper precautions.
Is bitcoin mining anonymous?
No real difference to all other aspects of Bitcoin:
the operator knows you. No matter if we are talking about an exchange, a pool or some other service. Even if you don't give him your real data and ID scans and the like, as soon as your real IP is known, consider your anonymity blown.
Of course there is TOR, which I consider safe/anonymous enough for this kind of things.
Make absolutely sure you use only .onion (= TOR-internal) sites and SSL-encrypted (aka https) regular sites! Consider everything you do over plain http over TOR public knowledge and in immediate knowledge and manipulation of evil crackers (malicious, sniffing exit-node).
The interesting question is: Is there a pool which operates a TOR .onion service?
Or, anyone here tried to route the miners through TOR to the regular clearnet address of a pool?
Pro-mode: Do solo-mining, this will definitely work over TOR, with no central/malicious instance at all! :-)
Also: I like this thread!
Ente
its about anonymous as you get.
Articles like this are why I've been thinking about the importance of Anonymity for Bitcoin: http://business.time.com/2013/06/11/big-brother-is-watching-you-swipe-the-nsas-credit-card-data-grab/
People may see that article and think, "Oh, Bitcoin will solve all these problems!" without realizing it could make things potentially easier for them, since all the data is completely public. I'd still like to know what "insurmountable" means in the Bitcoin wiki page because I think that's important and should be understood by non-core developers.
I also kind of chuckled after reading that article and seeing "Prepaid is a giant mess"
Just wait until Bitcoin (used properly) really comes on the scene.
People may see that article and think, "Oh, Bitcoin will solve all these problems!" without realizing it could make things potentially easier for them, since all the data is completely public. I'd still like to know what "insurmountable" means in the Bitcoin wiki page because I think that's important and should be understood by non-core developers.
I also kind of chuckled after reading that article and seeing "Prepaid is a giant mess"
Just wait until Bitcoin (used properly) really comes on the scene.
I had questions about this in a similar thread.
I'm still a newb, and I'd like to know what I can do to make my transactions more private/anonymous.
I'm still a newb, and I'd like to know what I can do to make my transactions more private/anonymous.
Turning electricity into cash could be viewed as laundering, but you'd still be regulated by fincen when you went to sell your coins.
Not quite what I had in mind. More that these people are trying to avoid traceability when buying off SR (assuming you can get over the problem of physical delivery, and for some products that is easier than others).
Umm, should I point out this is curiosity on my part? I don't want to become liable under some obscure incitement laws here.
Turning electricity into cash could be viewed as laundering, but you'd still be regulated by fincen when you went to sell your coins.
Guys, please excuse me if I ask a question, but you seem to be very knowlegible on this.
Is bitcoin mining anonymous?
Let's suppose you're anonymous to the pool (just a random login, no contact details, just a bitcoin address for payout). Lets suppose the pool does not log your IP address. Then anything you mine is basically untraceable? This is my assertion.
Ignore any NSA sniffing of IP packets etc. Even if they do it, there is no way this could be admitted in public, eg in a court case (short of terrorism),
The reason I ask is because I'm trying to understand why people are mining with kit that will never give a ROI (ASICs the case in point). Not just random punters looking for a magic money tree, but experienced bitcoiners. Is this simply bitcoin laundering? But the opposite way to the normal use of the term. You want to turn legitimate, traceable funds eg USD into untraceable bitcoin.
(Sorry to sidetrack this discussion).
Is bitcoin mining anonymous?
Let's suppose you're anonymous to the pool (just a random login, no contact details, just a bitcoin address for payout). Lets suppose the pool does not log your IP address. Then anything you mine is basically untraceable? This is my assertion.
Ignore any NSA sniffing of IP packets etc. Even if they do it, there is no way this could be admitted in public, eg in a court case (short of terrorism),
The reason I ask is because I'm trying to understand why people are mining with kit that will never give a ROI (ASICs the case in point). Not just random punters looking for a magic money tree, but experienced bitcoiners. Is this simply bitcoin laundering? But the opposite way to the normal use of the term. You want to turn legitimate, traceable funds eg USD into untraceable bitcoin.
(Sorry to sidetrack this discussion).
Are there techniques that don't involve high risk and/or couldn't be seen as structuring or money laundering?
A prosecutor representing the government will "see" the situation however best suits the government's agenda, so the short answer is no. I'm going to avoid giving advice for a couple of reasons: 1) doing so could be interpreted as racketeering in one of our present-day fantasy courts, and 2) you or I might use these techniques to enhance personal privacy, but there are others out there who really would launder the proceeds of violent crime or theft, and I don't think the government makes much of a distinction.
I hope math is enough to win the day. Maybe we can figure out how to use math to fight drones.
Math might not be enough to shoot a drone out of the sky, but we can certainly develop warning networks. There are more of us than there are of them.
With this head cold, I should be resting, but instead I'm catching up on the Bitcoin conference videos. I was really encouraged to hear Gavin bring up the issue of privacy 4 minutes into his presentation: http://www.youtube.com/watch?feature=player_detailpage&v=JfF5mJDgZWc#t=239s
I hadn't even considered Cloudflare's involvement, but that makes sense. Since legal money transmitters are required to know who I am, I figured any exchange in the US is far from private already.
Can you share more about this? Are there techniques that don't involve high risk and/or couldn't be seen as structuring or money laundering?
You raise some really important points. I used to believe governments (at least the US one which is supposed to be about liberty), were about protecting the rights of their citizens. I know think they are more about protecting their own existence. The founders knew this would be a concern, but it seems we didn't listen well enough.
I hope math is enough to win the day. Maybe we can figure out how to use math to fight drones.
SSL terminates at the cloudflare proxy.. virtually all bitcoin exchanges are behind cloudflare..
I hadn't even considered Cloudflare's involvement, but that makes sense. Since legal money transmitters are required to know who I am, I figured any exchange in the US is far from private already.
I have used various techniques to remove taint in the past, but my methods have had to evolve as the Bitcoin ecosystem changed. It's not an easy proposition.
Can you share more about this? Are there techniques that don't involve high risk and/or couldn't be seen as structuring or money laundering?
You raise some really important points. I used to believe governments (at least the US one which is supposed to be about liberty), were about protecting the rights of their citizens. I know think they are more about protecting their own existence. The founders knew this would be a concern, but it seems we didn't listen well enough.
I hope math is enough to win the day. Maybe we can figure out how to use math to fight drones.
This is a very important topic. Untraceability is the one key feature missing in Bitcoin. I have used various techniques to remove taint in the past, but my methods have had to evolve as the Bitcoin ecosystem changed. It's not an easy proposition.
You've touched upon an important point which illustrates why privacy is essential for everyone. The truth is that there are so many laws on the books at the federal, state and local levels that nobody really knows whether or not they are a criminal. It's not a simple case of asking yourself “Did I hurt or steal from anyone?” Who knows what law you may have violated—maybe you installed a flush toilet with too large of a tank, or maybe you sold someone an incandescent light bulb. It's ridiculous how many things are illegal, and your life could be turned upside down if the government decided to make an example of you. The current IRS scandal is a perfect example of how the government can selectively choose to enforce laws against groups they don't like.
Governments are supposed to protect the rights of their citizens. Consider the 4th Amendment to the U.S. Constitution: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated... It seems to me your financial records and personal correspondence are your “papers,” but this is not how the government sees it. They tell us that case law asserts that if you place your money in the care of others (banks) or send your email through a common carrier, then you give up your right to privacy. Really? So if Chase Bank decided to publish in a newspaper the names, addresses, transactions and account balances of everyone who had an account with them, then this would be OK and they would face no civil or criminal liability? No, not hardly.
So, if we can no longer depend on government to protect our basic rights, then we must take matters into our own hands. Bitcoin is a good start. I advise everyone to take stock of all the open-source projects out there that decrease the power of centralized authorities and pick a few to put your support behind. Some of those projects include Tor, I2P, Bitmessage, Open Transactions, Ripple (once it becomes open source), OpenWRT, Linux, various 3D printing projects, etc. It's going to be a long fight but one which we will ultimately win. We have mathematics on our side.
Money laundering involves "illicit" sources of money. Since the government defines at any given moment what is considered illicit, and many are losing confidence in the government on a daily basis, where does that leave us?
...
This isn't about "If you're doing nothing wrong, privacy doesn't matter." I used to use that argument also. I think recent political realities (and my own education on these topics) have changed my point of view today. The US Government, from my perspective, is increasingly less safe.
...
This isn't about "If you're doing nothing wrong, privacy doesn't matter." I used to use that argument also. I think recent political realities (and my own education on these topics) have changed my point of view today. The US Government, from my perspective, is increasingly less safe.
You've touched upon an important point which illustrates why privacy is essential for everyone. The truth is that there are so many laws on the books at the federal, state and local levels that nobody really knows whether or not they are a criminal. It's not a simple case of asking yourself “Did I hurt or steal from anyone?” Who knows what law you may have violated—maybe you installed a flush toilet with too large of a tank, or maybe you sold someone an incandescent light bulb. It's ridiculous how many things are illegal, and your life could be turned upside down if the government decided to make an example of you. The current IRS scandal is a perfect example of how the government can selectively choose to enforce laws against groups they don't like.
Governments are supposed to protect the rights of their citizens. Consider the 4th Amendment to the U.S. Constitution: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated... It seems to me your financial records and personal correspondence are your “papers,” but this is not how the government sees it. They tell us that case law asserts that if you place your money in the care of others (banks) or send your email through a common carrier, then you give up your right to privacy. Really? So if Chase Bank decided to publish in a newspaper the names, addresses, transactions and account balances of everyone who had an account with them, then this would be OK and they would face no civil or criminal liability? No, not hardly.
So, if we can no longer depend on government to protect our basic rights, then we must take matters into our own hands. Bitcoin is a good start. I advise everyone to take stock of all the open-source projects out there that decrease the power of centralized authorities and pick a few to put your support behind. Some of those projects include Tor, I2P, Bitmessage, Open Transactions, Ripple (once it becomes open source), OpenWRT, Linux, various 3D printing projects, etc. It's going to be a long fight but one which we will ultimately win. We have mathematics on our side.
SSL terminates at the cloudflare proxy.. virtually all bitcoin exchanges are behind cloudflare.. that means whenever you withdraw to a bitcoin address from any bitcoin exchange, that transaction is potentially being logged at cloudflare. I'd guess that this may have been the primary reason for DDOSing the exchanges in the first place (to make them go behind cloudflare).
Your IP, Name, Email and bank account details (and ID scans, if you uploaded them to get verified) are all potentially associated with your bitcoin addresses because of this. Whenever you log into any bitcoin service behind cloudflare, they can potentially see and log everything you do.
Blockchain.info is also behind cloudflare so the 'send-shared' mixer should also be considered pwnd.
Cloudflare would never do that right? Imo, they probably already have.
Your IP, Name, Email and bank account details (and ID scans, if you uploaded them to get verified) are all potentially associated with your bitcoin addresses because of this. Whenever you log into any bitcoin service behind cloudflare, they can potentially see and log everything you do.
Blockchain.info is also behind cloudflare so the 'send-shared' mixer should also be considered pwnd.
Cloudflare would never do that right? Imo, they probably already have.
Given the recent news of NSA's involvement in, well, everything, it got me thinking about Bitcoin and Anonymity.
When I recently got into Bitcoin, I read things like Max Keiser's post claiming Bitcoin's intrinsic value is privacy. The veterans around here will quickly say that's not true, it's only pseudonymous, but most people (myself included) probably won't fully comprehend the difference.
So I started reading here:
https://en.bitcoin.it/wiki/Anonymity
Concerns I have include:
"...is designed to make this attack more difficult." -- But not impossible. I seem to be learning new things daily about the resources of the NSA.
"Each transfer needs to be painstakingly investigated and many transfers will present insurmountable difficulty." -- Can someone help me out with this? What exactly does "insurmountable" mean here, and what factors (or how much computing power) would make it surmountable again?
That wiki post ends with discussing coin mixers but then basically says, good luck with that, you'll probably get scammed or blamed for a version of structuring or money laundering anyway. Money laundering involves "illicit" sources of money. Since the government defines at any given moment what is considered illicit, and many are losing confidence in the government on a daily basis, where does that leave us?
I'm not the first to post about this. A quick search shows many others including:
What happened to Bitcoin being Anonymous? - June 11, 2012
Note: I like the argument for using the word "private" instead of "anonymous." Anyone who thinks Bitcoin is private should read that thread and see some of the examples of address ownership discovery.
Anonymity - July 7, 2010
One post summed it up for me with "super-strong privacy isn't worth the performance cost." If early adopting techies feel this way, every day non-technical users will feel it doubly so. They aren't going to set up a VPS or use Tor, etc.
There are probably other great posts out there as well, but most people (myself included) don't have time to read them all.
I've scanned through a 24 page "Analysis of Anonymity in the Bitcoin System" document, but most people probably won't read that either. The only reason I'm looking into this stuff now is that I'm lying in bed trying to get over a headcold.
So what's the point of this post?
To raise awareness.
I've been part of this community for a few months now, and it doesn't seem to be brought up enough, IMO. New people getting involved probably don't realize the implications, especially if Bitcoin is made illegal in their country someday. I've read the FinCEN ruling in the US, and I'm optimistic, but many of my friends don't share that optimism.
To be clear: other than a speeding ticket over a decade ago, I've never willfully broken the law (well, maybe in college I had some MP3s...). I have no interest in Silk Road. This isn't about "If you're doing nothing wrong, privacy doesn't matter." I used to use that argument also. I think recent political realities (and my own education on these topics) have changed my point of view today. The US Government, from my perspective, is increasingly less safe. Using Bitcoin doesn't easily solve that problem, though early on I let myself believe it could.
I love Bitcoin, and I've put my company out there to support it. I want to see it succeed, no matter what governments do. I spent some time today learning about Open Transactions which seems like a really cool project. Are there other similar projects going on? Should we be worried about Bitcoin being mis-represented as private? Am I just being paranoid?
Most of my identities online use my real name because I don't want to falsely think something I do online is private. I don't want newbie Bitcoin users to have that same sense of false confidence.
Thanks for your attention and comments.
(edit to fix broken links)
When I recently got into Bitcoin, I read things like Max Keiser's post claiming Bitcoin's intrinsic value is privacy. The veterans around here will quickly say that's not true, it's only pseudonymous, but most people (myself included) probably won't fully comprehend the difference.
So I started reading here:
https://en.bitcoin.it/wiki/Anonymity
Concerns I have include:
"...is designed to make this attack more difficult." -- But not impossible. I seem to be learning new things daily about the resources of the NSA.
"Each transfer needs to be painstakingly investigated and many transfers will present insurmountable difficulty." -- Can someone help me out with this? What exactly does "insurmountable" mean here, and what factors (or how much computing power) would make it surmountable again?
That wiki post ends with discussing coin mixers but then basically says, good luck with that, you'll probably get scammed or blamed for a version of structuring or money laundering anyway. Money laundering involves "illicit" sources of money. Since the government defines at any given moment what is considered illicit, and many are losing confidence in the government on a daily basis, where does that leave us?
I'm not the first to post about this. A quick search shows many others including:
What happened to Bitcoin being Anonymous? - June 11, 2012
Note: I like the argument for using the word "private" instead of "anonymous." Anyone who thinks Bitcoin is private should read that thread and see some of the examples of address ownership discovery.
Anonymity - July 7, 2010
One post summed it up for me with "super-strong privacy isn't worth the performance cost." If early adopting techies feel this way, every day non-technical users will feel it doubly so. They aren't going to set up a VPS or use Tor, etc.
There are probably other great posts out there as well, but most people (myself included) don't have time to read them all.
I've scanned through a 24 page "Analysis of Anonymity in the Bitcoin System" document, but most people probably won't read that either. The only reason I'm looking into this stuff now is that I'm lying in bed trying to get over a headcold.
So what's the point of this post?
To raise awareness.
I've been part of this community for a few months now, and it doesn't seem to be brought up enough, IMO. New people getting involved probably don't realize the implications, especially if Bitcoin is made illegal in their country someday. I've read the FinCEN ruling in the US, and I'm optimistic, but many of my friends don't share that optimism.
To be clear: other than a speeding ticket over a decade ago, I've never willfully broken the law (well, maybe in college I had some MP3s...). I have no interest in Silk Road. This isn't about "If you're doing nothing wrong, privacy doesn't matter." I used to use that argument also. I think recent political realities (and my own education on these topics) have changed my point of view today. The US Government, from my perspective, is increasingly less safe. Using Bitcoin doesn't easily solve that problem, though early on I let myself believe it could.
I love Bitcoin, and I've put my company out there to support it. I want to see it succeed, no matter what governments do. I spent some time today learning about Open Transactions which seems like a really cool project. Are there other similar projects going on? Should we be worried about Bitcoin being mis-represented as private? Am I just being paranoid?
Most of my identities online use my real name because I don't want to falsely think something I do online is private. I don't want newbie Bitcoin users to have that same sense of false confidence.
Thanks for your attention and comments.
(edit to fix broken links)
Jump to: