Author

Topic: Privacy-o-meter, a free tool to assess the privacy level of your BTC transaction (Read 371 times)

newbie
Activity: 23
Merit: 853

You have just looked up that transaction on two block explorers, which could both link your IP to it. Further, your VPN provider could potentially see you broadcast the transaction, and could see you look up the transaction just now. If you aren't currently connecting via VPN, then your ISP could see you look up those transactions.

VPNs do not provide anonymity. You need to use Tor for that.


Tor is really good  if you use it wisely. In my routine (especially when dealing with cryptos)  I   use parallel VPN consisting of two channels and one of them starts at dedicated server run by me. And then,  what you said has nothing to do with those "privacy meters". My point was they are mostly useless.
legendary
Activity: 2968
Merit: 3684
Join the world-leading crypto sportsbook NOW!
I totally forget number of Bitcoin transaction, but you still could :
1. Check it with Tor Browser to reduce privacy risks
2. Make request for your address and some random address (e.g. another output address of CoinJoin transaction)

I know it won't do not much, but it's better than nothing.

I create a watch list with a longish list of addresses, only 1 is the one I really want to watch. And then randomly flit between 2 other watch lists with completely random addresses picked up all over, so yeah, it's not hiding it but obcuring the view of it. It's not perfect, and there will be no perfect way but I agree, any kind of misleading or obfuscation is better than nothing.
legendary
Activity: 2268
Merit: 18748
I totally forget number of Bitcoin transaction, but you still could :
1. Check it with Tor Browser to reduce privacy risks
2. Make request for your address and some random address (e.g. another output address of CoinJoin transaction)
I've never quite understood why people use a random website to check if their own transaction has confirmed. Once you've broadcast your transaction you can just monitor its progress through your wallet. Opening up a block explorer and continually refreshing a specific transaction is pretty much a guarantee to the block explorer that you made that transaction, and they can link your transactions and addresses to your IP, your browser fingerprint, and other information about you. The same is true of third parties like Cloudflare or Captcha services.

For what it's worth, Blockchair probably have the best Privacy Policy of any block explorer, which you can read here: https://blockchair.com/privacy.

I still wouldn't advocate for trusting any third party with your privacy, though. If you are going to look up transactions on a block explorer, use Tor.



In fact I had cash out  bitcoins using  VPN to   broadcast trx. There’s nothing one can know about me from that trx.
You have just looked up that transaction on two block explorers, which could both link your IP to it. Further, your VPN provider could potentially see you broadcast the transaction, and could see you look up the transaction just now. If you aren't currently connecting via VPN, then your ISP could see you look up those transactions.

VPNs do not provide anonymity. You need to use Tor for that.
sr. member
Activity: 307
Merit: 250
Wow, really helpful instument, i need to check my transactions
legendary
Activity: 3472
Merit: 10611
~
Not if you make request to all bitcoin transaction on bitcoin blockchain.

that would be impossible due to the gigantic number of transactions. and usually people check their own addresses or transactions only on a block explorer not other random transaction/address. so we can say that in majority of cases the block explorer can know with a high certainty that the request is made by the owner.
legendary
Activity: 2128
Merit: 1293
There is trouble abrewing
90% of altcoin users use wallet with one address and 80% of them use mult coin wallets and not single wallet.

are these percentages your own computation or are there any studies behind them?
i am curious because last time i checked majority of altcoin users were actually storing their altcoins on exchanges and don't have any wallets. it is also visible from their blockchain and lack of daily on chain transaction traffic.
newbie
Activity: 7
Merit: 0
The results of this analysis are wrong people are interested in Bitcoin, you will find numerous transaction tracing tools like Chainalysis, Elliptic, CipherTrace, and Crystal for bitcoin and a few altcoin.
Some altcoin are not widely used and most trading volumes come from exchange that do not move these currencies real.
90% of altcoin users use wallet with one address and 80% of them use mult coin wallets and not single wallet.
hero member
Activity: 1722
Merit: 801
Blockchair explorer is my favorite explorer because its convenient feature but I recently know about the Blockchair explorer's account on the forum.

Your explorer is a big one and I have a question that why do the Blockchair team don't create an announcement thread for your explorer? You can do it at Service Announcement

I found your ANN thread that was created 4 months ago. Blockchair's Bitcoin explorer is now available on the Tor network!. The thread is surprising simple. You can edit it with more details, graphics, and post your updates on the thread.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
The issue with all services like this and information like this is that the explorers live in a "bubble" and have no idea where any of the addresses may be posted for all the world to see.

I sell stuff on the forum a lot. The addresses for payment are posted. Anyone can see them. If I take all the BTC that I have received from selling stuff and then send it to you for something then no matter what you think it's not that private.

The technical information about it being private / more difficult to trace is one thing. The public info can destroy the best OPSEC.

Always remember that.

-Dave
legendary
Activity: 3472
Merit: 10611
and it is good to keep in mind that whenever you search your own address or transactions on any centralized database aka a blockexplorer you are willingly giving them a lot of information about yourself that is leaked from your browser and that blockexplorer could potentially store it and use in their hidden chainanalysis services they offer to other parties...

Can you elaborate on the "rare_fingerprint" category? What specifically is your algorithm looking for? As far as I can tell, any transaction with a lock_time other than 0 is flagged up as having a "rare_fingerprint". Given that Bitcoin Core sets lock_time to the current block by default, that means any transaction from Bitcoin Core is being flagged up as having poor privacy. Is this intended?

actually Core and some others like Electrum are setting the locktime to a random height below the current head.
their doc doesn't explain what that field means though, there is only a generic description "This transaction has quite unique technical characteristics"

P.S. some logic used there seems to be broken to me hence the score is not that reliable in my opinion. for example:
"If all inputs are m of n multisig P2SH, and all outputs are multisig P2SH, but exactly one of the outputs has another m of n structure — this output can be considered as the recipient"
there are a lot of services that use different setups for their different actions, eg. a m of n multisig P2SH for their cold storage, a simple P2P(W)KH for their payments and another P2SH for their consolidation,... sending from P2SH to P2X doesn't make the P2X the recipient, it is still their own address.
legendary
Activity: 2268
Merit: 18748
Blockstream.info have provided a similar service for a while. Here are a few recent transaction which breach some of their privacy heuristics:

"Round payment amount", "Mixed script types", and "Unnecessary input heuristic" - https://blockstream.info/tx/3ad7e8b8a0240b19703a2681e09079aecaba7ac4e5520d4a4ff42b1c86586ff6
"Address reuse" and "Mixed script types" - https://blockstream.info/tx/2ce5ce8040cc91172919eb81a581be4cc9c78d2e316a4f503a83c597d5e86a63
"Possibly self-transfer" - https://blockstream.info/tx/6b5e6d51370ee9844f61d427a4d0c7826028fc77299dfcad5bd1e403fa56cd74

And an example of a "good" transaction - https://blockstream.info/tx/acf8cf5a2b3e3c60b81cf5c3f76682d12e26cf053f5f0e27ff099b1fc1860dee



Can you elaborate on the "rare_fingerprint" category? What specifically is your algorithm looking for? As far as I can tell, any transaction with a lock_time other than 0 is flagged up as having a "rare_fingerprint". Given that Bitcoin Core sets lock_time to the current block by default, that means any transaction from Bitcoin Core is being flagged up as having poor privacy. Is this intended?
legendary
Activity: 1134
Merit: 1598
In a later stage, wallets and exchanges will be able to use the feature to notify users about how much information will be leaked before sending out a transaction.

It currently uses indicators that reveal user information such as:

- Is an address reused or not?
- Is one of the outputs a rounded number, thus the recipient?
- How many input addresses have been used?

But also more technical heuristics such as:

- Which script or multi-sig type has been used to sign a transaction?
- How are output scripts compared to input scripts?
- How are inputs or outputs ordered?

Blockchair provides the privacy-o-meter for free as it hopes it will help Bitcoin users take some of their privacy back.
This sounds amazing and I cannot thank you enough for implementing a privacy-focused thing. I only hope all the "leaked information" will not be accumulated and centralized somewhere, because that'd highly defeat the purpose of this "Privacy-o-Meter".

I always try to say we need to take a step back and look at what fingerprints we leave behind. It's never too late to do a checkup on your privacy, be it what apps you use on your phone, if you pay cash/with card or whether it is about the way you use cryptocurrencies. So if this is as good as is sounds, I praise you for it. Smiley
newbie
Activity: 4
Merit: 8
Blockchair has released Privacy-o-meter in its public block explorer and API to measure the privacy level of Bitcoin transactions. The free feature makes use of 50 heuristics and allows visitors to look up how much information about their identity has been leaked. In a later stage, wallets and exchanges will be able to use the feature to notify users about how much information will be leaked before sending out a transaction.

While Bitcoin is considered to be a privacy-oriented system, the blockchain is open to be analyzed by anyone, and there are numerous transaction tracing tools like Chainalysis, Elliptic, CipherTrace, and Crystal. These are paid tools and often only available to a handful of individuals and companies. Bitcoin users thus rarely have the opportunity to see how deep the rabbit hole goes regarding their privacy loss.

Blockchair launched a simple transaction scoring tool and will expand this further in the upcoming months. It currently uses indicators that reveal user information such as:

- Is an address reused or not?
- Is one of the outputs a rounded number, thus the recipient?
- How many input addresses have been used?

But also more technical heuristics such as:

- Which script or multi-sig type has been used to sign a transaction?
- How are output scripts compared to input scripts?
- How are inputs or outputs ordered?

As mentioned by Blockchair, transaction tracing is relatively simple as most users aren’t concerned enough about their privacy and often make ‘mistakes’ like sending round BTC amounts. Wallet providers are often also not highly concerned about user privacy. Taking the previous example in context, there are no warnings if a user tries to send a rounded amount.

In comparison with protocols such as Zcash, Monero and Dash, in the Bitcoin network there are no transaction obfuscating implementations, and due to the lack of scalability so-called Mixers are expensive and cumbersome to use.

Blockchair provides the privacy-o-meter for free as it hopes it will help Bitcoin users take some of their privacy back.
Jump to: