Topic: My N00b plan to make an anonymous purchase--will it work? I bet not exactly. (Read 3042 times)

You may also want to check out maidsafe, who are working on a decentralized system. In theory, a user would be potentially able to set up a decentralized website or app that is distributed among many nodes on the SAFE network instead of a centralized server. Of course there is still much work to be done, and the project is still in the testing phase.

Well to be fair, as I reread the Zerocoin proposal summary of the audio, it's not just about mixing but also not recording transactions in the proposed blockchain, but just verifying that a transaction was made and no double spending of zerocoin happened.  But for the purposes of this thread it's clear that "washing works" for bitcoin as the best way to preserve anonymity.

TonyT

Thanks Mr. Big.  And to the other posters.  I know very little about Bitcoin but I am learning day to day.  One thing that I learned just now:  bigger brains than I have thought long and hard about the anonymity problem, and have come to the same conclusion as some of the other posters in this thread and that is:  (1) you cannot trust (or rather you have to trust, which is the problem) a central banker or central depository, and, (2) "washing works".  

Re (1) a central banker:  the thinking is that you have to trust a person to try to preserve your identity if you go to an exchange like LBC or Coinbase, or use an escrow middleman, like the guys who offer to accept cash and give you bitcoin (some of the escrow middlemen claim they don't keep logs of transactions for very long, but you have to take their word for it).  In fact, you have to trust somebody for any transaction short of mining bitcoin yourself or finding a stranger who happens to want to trade their bitcoins for cash, and manually transferring your bitcoin (all the while using Tor while you email the stranger, and wearing dark sunglasses and fake wig at the cafe), you have to disclose your real identity in most places.  Even if you don't disclose your identity, your internet address can be found and correlated to your purchase of bitcoin, that can be used to track you down (unless you are using a public internet access point, or Tor, or your friend's ISP) unless you break the link (wash coins).  Hence, re (2), "washing works", as in the Zerocoin proposal, excerpt below, and many of the anonymity schemes for new cryptocoin take this approach.

So to take my original example that started this thread:  suppose I set up an account with Coinbase, who insists on knowing my real identity.  I buy bitcoin.  I then go to some web host provider that accepts bitcoin, let's say it's GoDaddy just for argument's sake, and I buy a Wordpress-ready website in bitcoin using a fake name.  The very next day after I set up my website, PapuaNew_GuineaCorruption.com, I get sued for defamation by a plaintiff from PNG.  The plaintiff would find out from GoDaddy I paid in bitcoin, and, if the transaction is logged, which it surely is by GoDaddy, they would find out it came from Coinbase, and then Coinbase would tell the plaintiff my identity when served with either a court order, or, if they're really lame, a threatening letter from the plaintiff's lawyer.  But to prevent this, if I can wash the coins from Coinbase, I am immune from a lawsuit.  So I have to find a mixer, call it Blockchain.info, that I will park my bitcoins into between Coinbase and GoDaddy.  But even the mixer could in theory be forced to disclose my identity, since I bet most mixers have a "Know Your Customer" policy like Coinbase does.  So what prevents a lawsuit?  Simply the passage of time it seems to me, given the nature of bitcoin and the 'permanent block chain recording of public transactions'.  

More on this:  if enough time passes at the mixing service Blockchain.info, then when they get a subpoena from the plaintiff, they can truthfully say that they don't know what my Coinbase bitcoin got turned into (that is, what bitcoin I got back for the bitcoin I turned into at Blockchain.info, that I later used to set up the website at GoDaddy), so the link between GoDaddy and Coinbase is broken.  Put another way:  if there's no log at Blockchain.info, the bitcoin used to set up the GoDaddy website in fact came from not me but some random person that also subscribes to Blockchain.info, and if the plaintiff tries to pursue them, they will be chasing a red herring and a dead end. 

So what's the necessary passage of time needed for anonymity at Blockchain.info?  Googling this, it turns out to be eight hours (but you have to trust Blockchain.info follows their stated business practices, and deletes their logs every eight hours on a rotating basis, which seems reasonable but just saying).  Further of interest, note the Forbes article passage below that quotes a lawyer saying that technically joining LocalBitCoins is a money laundering offense, though it also seems like FUD by the lawyer.  

TonyT

(http://www.forbes.com/sites/jonmatonis/2013/06/05/the-politics-of-bitcoin-mixing-services/  ("The largest such service operating today is the Blockchain.info mixing service which has a maximum transaction size of 250 bitcoins and a 0.5% transaction fee. Transaction logs are removed after eight hours and customers can use the taint analysis tool to verify that coins were properly mixed. .. .Also, in-person exchange LocalBitcoins.com could act as a pure person-to-person mixing service for bitcoin users that meet in designated places like cafés. Personal mixing has the additional benefit of introducing plausible deniability into the entire bitcoin ecosystem because the coins cease becoming provably yours at that point. After seeing the LocalBitcoins selling-for-cash section in the U.S., Carol Van Cleef, a partner in Patton Boggs’ banking practice and adviser on anti-money laundering policies, ominously warned, “You better get yourself registered, or you better get your name off the list real fast.")

 
from a bitcointalk thread...
(text below copied from http://pastebin.com/Dd60ZaT7 )

1.Summary transcript of Matthew Green's talk about Zerocoin/Zerocash at the Real World Crypto 2014 from Soundcloud: https://soundcloud.com/rdlmitedu/140113_0001-wav

3.* Bitcoin may not be particularly anonymous
4.* Zero-coin / Zero-cash to anonymize the bitcoin currency
5.* transactions recorded in public ledger; nothing sophisticated done with the ledger; people can identify and map your identity; if you're very paranoid you can prevent (maybe), but in general case hard to use bitcoin for privacy;
6.* this should matter to all of us; the technology behind bitcoin may be with us for a very long time; countermeasures are weak even in the face of unsophisticated attacks
7.* if we make bitcoin private, can possibly find applications beyond currency
9.* two approaches for anonymous version of bitcoin
10.* zerocoin - technique to implement electronic cash in bitcoin protocol
11.* zerocash - way to make zerocoin practical and deployable and usable as ecash currency
13.* zerocoin - join work with students and colleagues at John Hopkins (JH)
14.* bitcoin doesn't give us much privacy despite academic thinking from 1980s (esp. David Chong [David Chaum]) to build untraceable ecash
15.* ecash tried to tackle one problem without thinking of all other practical concerns; nobody in the history of academic ecash managed to setup a working, centralized bank; chong's bank attempt failed
16.* bitcoin solved this problem of a currency take-off and early adoption; but we need a different technique to get rid of a centralized bank
17.* zerocoin new approach for ecash to get rid of centralized bank; basic idea is public ledger (constructed by bitcoin) blockchain; use this to wash bitcoins that does not require us to trust a centralized party; key ingredient (blockchain) is given by free by the bulletin board;
18.* zerocoin high-level intuition of original protocol: layer on top of bitcoin; i have some bitcoin; i want to break the link between my current address and a future address; take my bitcoin and turn into zerocoin; they get mixed up; all people making zerocoins will shuffle them together so no linkage with creation and redemption; at some future point, can redeem zerocoins into bitcoins ideally unrelated; breaks graph analysis; when disappearing into the zerocoin network minimizes/removes leakage;
19.* zerocoins are numbers; digital commitments to a large serial number; viewing the commitment, you should not be able to tell the serial number; once these commitments are minted (easy to create), you put them on the bitcoin blockchain; new instruction in the bitcoin system to produce a transaction that spends a bitcoin for a zerocoin; anybody that sees this transaction sees that this valid zerocoin is worth some money;
20.* at some point in the future, you redeem; you first reveal the secret serial number to make the first zerocoin and put into transaction; prove that the serial number corresponds to a zerocoin; then prove that the zerocoin is one of the set placed on the blockchain (which somebody paid money);
21.* zero-knowledge proof; prove statements without using any other information other than that the fact that the statement is true; "there exists some zerocoin in the set of zerocoins placed on the blockchain & the serial number we're revealing is the actual serial number in the coin";
22.* if the proof is valid, then double-spend is impossible since serial number would have to be revealed again;
23.* efficiency is important here! the approach used is the accumulator; collect all the zerocoins into the accumulator, then prove that the zerocoin you're trying to spend is contained in the accumulator; proof of knowledge is 4KB; the entire thing is 25KB after optimization; for crypto this is awesome!; but developers hated adding this much to the blockchain; so unlikely to happen in real world
24.* summary: zerocoin good first approach, libzerocoin; but the problem is that the proofs are just too big; and coins have all the same value; but this means that if you want to spend fractional amounts of bitcoin, then it won't work (have to translate back to bitcoin)
25.* new solution: zerocash
26.* presented in May and Bitcoin conference in San Jose; in both conferences with teams working on small zero knowledge proofs aka SNARKS; other cryptographers already had them ready;
27.* SNARK - Succinct Non-interactive Arguments of Knowledge; Bryan Harno (MS Research); basic idea is that you can prove arbitrarily complex statements in 288 bytes; in addition to having these efficient proofs, there are compilers that have proofs that the program executed correctly; we should simply take existing libzerocoin code and run through the compiler to produce these proofs; but these compilers produce large circuits; the time to make a small proof takes hours or days;
28.* co-authors have spent a lot of time optimizing these proofs; the right way is NOT to take existing libzerocoin, but throw away RSA and other cryptographic techniques and replace with components that are easier to prove such as hash functions like SHA256 and Merkle trees; easy to prove hash with small circuits e.g. sha256 in 30K gates
29.* each coin is really the hash of some randomness and the serial number = commitment. once we have these coins we put in the hash tree; 64-depth key (2^64); when want to redeem; reveal the serial number, and can reveal 64-hashes before in the tree;
30.* if these proofs are powerful and efficient; why need bitcoin? why not put entire system into zerocoin and make everything anonymous through generation, use, redemption of coins? the only information that makes it into the blockchain is the fact that a transaction occurred. just show that two new coins where the value totals the bitcoin that you're splitting; when we merge we spend two coins we prove that the two = same value of the new coin; transfers can be done completely anonymously without knowing who and how much.
31.* can encrypt transactions and hash the values
32.* transaction fees have to be public, but everything else can be anonymous
33.* name for this process; generic transaction is called "pouring coins"
34.* is this efficient? one detail - the problem with zerocoin 1.0 was that the proofs were huge and took 0.33s; these results mixed; to merge/make takes 87s-108s on a single core; but on bright-side bitcoin takes up to an hour for each transaction; verification time is in ms; comparable to bitcoin; verification is in the network; the catch is that to verify the proofs you need a large set of public parameters; 1.2GB in size
35.* best part of this is that you already need 16GB to store the blockchain, so to add this is around 7% increase in storage
36.* somebody needs to generate these parameters; trusted party; possible to find a dozen people that people trust to set up the parameters;
37.* system that is efficient; will be separate system released in May; real-world crypto; want to get people to use;
38.* release an altchain; client that implements all these things; put it out there; hope that nobody puts a lot of money in this because these are new techniques and might break down; idea is to test this in an environment separate from bitcoin so we don't break anything else while trying to make this work
39.* should we even be doing this research? lots of people criticizing us. this is important research not just because people want to commit crimes, but because when you spend money your transactions are hidden from neighbours, but with bitcoin people can see your transactions; important to get it out there.
41.Thanks.
.  

No I actually only stuck around until it showed up in blockchain.info and said no double spend detected. Maybe 2 minutes after the transaction and 5 minutes total. You could stay for 1 confirm if you want to be more cautious, which should take around 10 minutes or a little longer sometimes. Just make sure the seller includes a fee so the coins aren't limbo for a while. Also, the coins in the seller's wallet should already have some confirms before they send it out to you, because that could delay the transaction as well, if there was no fee.

I don't really worry about double-spends, as I'm not trading huge amounts and I'm watching the seller as they send me the coins. Plus, I don't think people are going to bother trying that with smaller amounts.

In the typical LocalBitcoins transaction, the seller transfers the BTC to your LBC account. That is instant. You can transfer the bitcoins to your wallet at your convenience.

This sounds interesting.  So after generating a Bitcoin address on your client, and forking over cash at the agreed price per Bitcoin, you stick around drinking coffee for an hour until the Bitcoin is received and verified as good (I think it takes an hour or so)?

TonyT

If you send BTC to an exchange and then send it somewhere else, the chain of transactions is broken.

Just use localbitcoins. You don't have to provide any sort of ID. When I bought some btc using the site I contacted some people through PM on localbitcoins. They told me where to meet them in a coffee shop, so I went there and we made the exchange in a few minutes. I didn't even give them my phone number or tell them my name.

If you're really paranoid you can wear a hat and sunglasses, although you might look suspicious then 

thats where steps 2-3 come in because then they have to chase down a 2nd exchange or if you didnt use the exchange and sold them private then that makes it incredibly complex because they then have to find who you exchanged them with and get the details of the exchange off them.

thinking about how complex all this is getting might be easier just to use a washer service or buy some mining gear and mine them XD

I agree it would add a very hard degree for normal user to find out btc address.  But if the country/state goes to the exchange chances are they will comply and turn over everything. 

id beg to differ due to the way most exchanges work it would increase the anonymity as trading digital currency to digital currency is handled different from fiat to digital. in other words they would have to track 2 different crypto coins which makes it much harder as it would increase the possible paths back to the original owner, its hard to explain without going into how exchanges manage there systems but using 2 exchanges to trade 2 types of crypto currency makes in very very hard to track. as from the looks of it it would lead you down a fake trail until you realized that there where exchanges involved then the exchanges or individuals would have to cooperate and places like BTC-e dont keep info on crypto hashes so would make it even harder to trace back

Exchanging BTC for LTC and back doesn't increase anonymity more than just sending to the exchange and then sending from the exchange.

1. buy bitcoins dosnt matter where
2. exchange or sell bitcoins for litecoin
3. exchange or sell litecoins to bitcoin (use a 2nd exchange or sell them private)
4. your now pretty damn anonymous.

The reason would be price.  You pay a premium at localbitcoins and have to trust a seller.

If you are not worried about being anonymous you can use places such as Coinbase.   It will be a smaller fee then localbitcoins.

Using any exchange to buy Bitcoins seems to be the weakest link here.

Why use an exchange when you can find a local seller on localbitcoins.com and buy Bitcoins with cash?

I use bitcoinfog purely because it's the first one I tried and I've never had coins go missing.

They do take a random cut of your deposit, between 1% and 3%, to help pay for their overheads and to obfuscate the amount being transferred. I'm prepared to pay that for what seems like a reliable source. I don't leave my coins in there too long (less than 24 hours) just in case they get hacked.

How much you need to purchase?

1. Buy a new computer and anonymous connection or anon wifi, Use this pc only for your forum and bitcoin generation.
2. Use tor or free vpn
3. Create Bitcointalk accounts join signature campaign ,giveways or sell services. Play in the primedice using the faucets.
4. Send yor bitcoin to mixer.
5. Buy forum domain and hosting.

Off-topic: a thought just occurred to me if my understanding of bitcoin above is correct:  it would make sense for the US FBI to try and get records of who the real persons using particular bitcoins are, and put this information in a database, so that they can trace the blockchain at some later point when these bitcoins are used at illegal places of business like the former Silk Road.  I bet they may be populating a database now, since bitcoin transactions are more or less public information, not to mention not covered by privacy laws (which in the USA are weak anyway).

Also if my theory in the quoted block is correct, a bitcoin mixing service only makes the trail harder to follow, but it does not eliminate the trail.  It obfuscates but does not eliminate the trail in the bitcoin blockchain.

TonyT

Wow, a hero poster, thanks for posting! :-)  I think the idea of addresses is the key, as you imply.  If possible, and this is a bit off-topic, can anybody make sense of the Forbes article (http://www.forbes.com/sites/andygreenberg/2013/09/05/follow-the-bitcoins-how-we-got-busted-buying-drugs-on-silk-roads-black-market/)?  How was anonymity compromised?  From what I can tell (I'm hardly an expert, just speculating based on a few hours worth of knowledge of how bitcoin works):  merchants on Silk Road (btw I'm not going to buy drugs or do anything nominally criminal in the USA using bitcoins) sometimes improperly 'reuse' the same address as the 'payment address' (Bitcoin address) when selling drugs.  These 'reused' addresses are known to law enforcement investigators.  These investigators who are investigating buyers of Silk Road, then use the bitcoin blockchain (it's not clear to me how they get the bitcoin blockchain--can I get the transaction history of any bitcoin, even if I don't own it?  That's a good question in my mind), together with a database they have of these reused or 'dirty' addresses, to tell if bitcoins they have were sent by you to these 'reused' Silk Road addresses to buy drugs at Silk Road.  From what I can speculate, that's what is going on.  So perhaps a bitcoin mixer would put a stop to this.

TonyT

Nice!  But your activity is low on this forum.  Do you have a thread like this one:  https://bitcointalk.org/index.php?topic=237164.360   ?   

If so, I might use you as your rates of 1% + Bitstamp is better than theirs.

TonyT