Topic: [FORBES] How Private Are Bitcoin Transactions? - page 2. (Read 3721 times)

Someone needs to fire up Tor/I2P/etc and make a "Coin Wash" site.

Someone sends in an arbitrary amount of BTC along with multiple new addresses. The BTC that go in are broken into randomly-sized portions and sent to the new addresses at random intervals, interleaved with other transactions (minus a fee of course). If multiple coin washers existed they could also send coins to each other with instructions to forward. If such nodes also ran their own private testnet of sorts (zero fee) and sent mountains of arbitrary transactions with the right format it could be quite difficult even for even the ISP to sort the real transactions from the fake (see: chaffing and winnowing).

I think the above should be sufficient to beat analysis-based attacks, using Tor or I2P beefs up protection against analysis a bit more and I trust that the security already bundled in the bitcoin client should cover the rest.

Have I missed anything?

Someone needs to fire up Tor/I2P/etc and make a "Coin Wash" site.

Someone sends in an arbitrary amount of BTC along with multiple new addresses. The BTC that go in are broken into randomly-sized portions and sent to the new addresses at random intervals, interleaved with other transactions (minus a fee of course). If multiple coin washers existed they could also send coins to each other with instructions to forward. If such nodes also ran their own private testnet of sorts (zero fee) and sent mountains of arbitrary transactions with the right format it could be quite difficult even for even the ISP to sort the real transactions from the fake (see: chaffing and winnowing).

I think the above should be sufficient to beat analysis-based attacks, using Tor or I2P beefs up protection against analysis a bit more and I trust that the security already bundled in the bitcoin client should cover the rest.

Have I missed anything?

Doesn't SSL protect you from that or it only provides false sense of security from ISPs?

So which one is it? Is it Bitcoin not anonymous enough or is it Bitcoin must be stopped because bad guys use it? Cannot be both, can it?

Doesn't SSL protect you from that or it only provides false sense of security from ISPs?

Its 100% private until someone like your ISP digs through your history.

So which one is it? Is it Bitcoin not anonymous enough or is it Bitcoin must be stopped because bad guys use it? Cannot be both, can it?

Are Bitcoin transactions really private? In an age of ubiquitous government surveillance and corporate information collection, the peer-to-peer currency‘s boosters tout privacy as a major benefit. I’m not convinced.

Bitcoin’s peer-to-peer method for clearing payments means that the currency’s “books” are inherently open. Every transaction ever made using the currency is available for inspection using a tool like Bitcoin’s Block Explorer.

The privacy benefits come from the fact that you can create an unlimited number of anonymous Bitcoin identities. Block explorer tells me that someone sent 36953.2525 Bitcoins to the address 148X4kTYZhjeKQcd1AVhcytXvh5gL6FNSe. I don’t know who owns that address and there’s no central database where I can look it up. Nor is there a Bitcoin Inc. that could be compelled to create such a database. And this, Bitcoin enthusiasts say, give their currency a privacy edge over the US dollar.

But the fact that the database doesn’t exist doesn’t mean it couldn’t be created. Remember, people want money so they can buy stuff. There are a few goods and services, like pornography or consulting work, that can be delivered entirely over the Internet. But people mostly buy products that need to be physically delivered. An American who wants to deal primarily in Bitcoins will, at some point, need to either buy food and shelter in Bitcoins or convert some of their Bitcoins to dollars. And that means making Bitcoin payments to people in the US.

But the US government could easily require any business accepting Bitcoin payments (or converting Bitcoins to dollars) to collect identification information from their customers in the same way that “know your customer” regulations require financial institutions to collect information about their customers. And once the government has de-anonymized a significant fraction of the addresses on the network, they’ll be able to infer many of the others using basic detective work. Remember, the full pattern of transactions is a matter of public record. Officials trying to identify a particular address will have a complete record of every address that’s ever sent money to, or received money from, that address. If any of them are within the United States, they can be compelled to disclose details (IP addresses, shipping addresses, contact email address, etc) that could help identify the address’s owner.

Now this isn’t to say that a determined individual couldn’t use Bitcoin in a way that preserves his privacy. But it would either require a high level of technical savvy or significant lifestyle changes. He could avoid working for traditional US employers and buying things from mainstream US businesses. But most users just don’t care about privacy enough to make those kinds of major lifestyle changes to get it.

Another approach would be to use technical means to obfuscate the flow of funds to and from his accounts. He could route all Bitcoin traffic through an anonymization service like Tor. He could create a large number of decoy accounts and have different people pay different accounts. There could even be Bitcoin “money laundering” services that accept money from you and pay you back in another account. But few people have the patience or technical know-how to do this effectively.

Moreover, people willing to go to that much trouble can obtain roughly the same degree of financial privacy using dollars. Most obviously, you can conduct transactions in cash, which is inherently resistant to government surveillance. For remote transactions, there are any number of offshore intermediaries in Switzerland, the Cayman Islands, and elsewhere that have been helping privacy-conscious Americans stay beyond the long arm of the law for decades. And all of these transactions have an important advantage over Bitcoin: they don’t produce public entries in a global distributed database.

In other words, Bitcoin’s alleged privacy benefits mostly reflect the fact that the government isn’t really trying to spy on Bitcoin users. It hasn’t built the kind of surveillance infrastructure the government has for tracking dollar-denominated transactions. And to be clear, I would rather that infrastructure not exist. But if Bitcoin becomes popular, the government will build precisely the same infrastructure for spying on the Bitcoin network. And when they do, it will become clear that for ordinary users, Bitcoin is, if anything, less surveillance-resistent than traditional cash.

Advanced Bitcoin Anonymity

Tom Lowenthal offers a solid critique of my last post:

If I have one Bitcoin account, and I use that for all incoming and outgoing payments, it’s very easy to keep track of my transactions. Anyone who has ever given me coins can now see exactly where I send how much money, forever. However, this is not the way that anyone really does or ever should use Bitcoin. It’s standard practice to use a new address for each incoming payment. This way, there’s no link between different inbound transactions. When making an outgoing payment, pick a selection of addresses whose balances add up to only slightly more than the sum you wish to pay. Pool those into a new address (with a little left-over in one of the original accounts), and send the whole payment from that new address.

I find this critique fairly persuasive. Though its validity depends somewhat on the type of privacy threats our hypothetical user is worried about. If you’re worried about the government easily capturing a comprehensive picture of your financial activities, the approach of using many different addresses could work quite well. If, on the other hand, you want to give money to a third party in a way that you can be sure the government will never be able to trace back to you, this technique might not work as well. For example, if the government wanted to track everyone who donated to a particular public Bitcoin address (say, one owned by Wikileaks), it can work its way backwards along the chain of transactions until it reaches someone (say, your employer) who it can force to disclose the donor’s identity.

Still, Tom makes a convincing case that I was understating Bitcoin’s privacy benefits.