Topic: Sending change to a different address, does it help much? (Read 596 times)

Well, asking the paying person to split the payment might not be practical as that would force him to pay higher transaction fees.
Splitting it up yourself, I agree that would work, at the expense of blockchain bloat and UTXO bloat though.

If you split the 8.51 output in two and afterwards you give the same treatment to both, then it's obvious that those two are yours, and one could reasonably expect that the final 4 outputs are yours as well. Adding a little bit of randomization to some of the paths wouldn't hurt here. Or just use a mixer.

Whenever you look at one single transaction, I believe you can make a general guess which is the change address but you can never be sure.

If you analyse a group of these addresses in terms of the roundness of numbers, the size of each output, the previous transactions of the output addresses, join-spending of some these addresses, and so on... you can be more certain about which are change addresses.

I don't believe we should worry about "loss" of privacy via change addresses, because there wasn't much "privacy" anyway.

In many cases you can ask the person paying you to split up the payment.  In other cases, you can split it up yourself.

In your example, you could have requested 10 separate withdrawals from the exchange at approximately 1 BTC each.

As for a salary, you can either request the the salary be paid in separate smaller payments or you can split it up yourself.

Lets say you receive a monthly salary of $2000 worth of BTC.  At an exchange rate of $235/BTC that would be about 8.51 BTC per month.

If you can get the employer to pay you weekly, you've already split it down to 1.96385 BTC per week (and per output).

Even if you can't get them to do that, you can create 2 new addresses and send 4.155 BTC to one address and 4.355 BTC to the other.  The employer (and everyone else) won't be able to tell if you made a payment for a bit less than 4.4 BTC or if you are just splitting up your bitcoins.  Additionally, if they think that you made a payment, they won't be able to tell which number is your "change".

Next you can split the 4.155 into two new addresses with 2.275 and 1.88, making it even more difficult for anyone to determine what (if anything) is change.
Next you can split the 4.355 into two new addresses with 2.47 and 1. 885 making it again more difficult for anyone to determine what (if anything) is change

After that you can use those outputs however your software would like.

To make it clear, I am referring to a single 10 BTC UTXO.
This could be the case if you received it from an exchange.
This could be the case in the hypothetical world where bitcoin replaces fiat money: you would receive your pay in big chunks every week or two, then spend it for coffee, utility bills, etc.
This is not the case if you are a retail merchant: you would receive multiple small payments, then join them to pay to your wholesaler.


The new address part is easy. The problem is, when you receive a payment you rarely control how it is composed of smaller outputs.

In most cases, people receive bitcoins through multiple, small transactions. In that case, the way most wallets pick coins (to prevent destroying accumulated priority), the change is usually the smaller output.

Anyone that argues the underlined passage above is either intentionally misleading you or misunderstands what they've read.

It does however make it significantly more difficult.


Not exactly.  Bitcoin transactions don't work with a wallet "balance" or even an address "balance", they work with individual unspent outputs.  This is an important concept to understand well if you are going to try to discuss "change" at the transaction level.


And what if you have 10 BTC (say you received it from an exchange) and you want to pay 6 BTC?  Then how much will your change be?  Will it still be the largest output?

What if you received your 10 BTC in 3 separate transactions to 3 different addresses, first a transaction for 1.1 BTC, then a second transaction for 3.5 BTC, and finally a transaction for 5.4 BTC?


No it really isn't.  Especially if you are using a new address for every transaction you receive (as you should be).  Then that 10 BTC "balance" could be made up of a dozen or more smaller individual outputs.  The total of any combination of those outputs might be less than 2 BTC, meaning any output will be LESS THAN half of the transaction value (the actual payment will be the BIGGER output).


It is only possible if you are receiving your bitcoins in single large transactions and are then spending less than half of what you received every time you spend it.  Even then, the amount will eventually dwindle to the point where you can no longer assume that the larger output is the change.

To significantly improve your privacy, receive your transactions as smaller amounts and use a new address for every transaction.

If people aren't prepared to go to any efforts to get privacy then they are simply not going to get it (they'll probably just use something that "says it is anonymous" but in fact isn't).

I know about CoinJoin but not sure people will widely use it unless it is integrated in most wallets and on by default. The majority always tends to take the easiest path no matter what it means for security and privacy.

The outputs always come from inputs if that is what you mean but whether any of the new UTXOs belong to the original party isn't something you can be certain of.

You might be interested in looking into things like CoinJoin in order to improve anonymity (another perhaps easier but generally not without fee approach is to move funds via crypto to crypto exchanges).

Also a CoinJoin type idea that would work across blockchains via AT is described here: https://bitcointalksearch.org/topic/m.9844660

Then the 8 BTC change from the 1st transaction is still tracked to the payer.


Of course, it is high probability rather than certainty.

You should also note that you can switch on "coin control" to decide exactly which UTXOs to use for a transaction.

If you were worried about this, you could always split up the BTC before sending into equal amounts. If you wanted to make a payment of 1 BTC, you could always send 2 BTC to a new address, then send 1 BTC to another person, with 1 BTC going to a new change address.

Additionally, it would be difficult for someone to tell for sure that you made a 1 BTC payment vs a 9 BTC payment. They could assume but won't always be correct.

Actually the opposite can be easily true with Bitcoin because if you were paid say 10 BTC at some time then you effectively have one 10 BTC "note" (the UTXO) rather than the same set of perhaps smaller notes the sender had used (the inputs).

Assuming you buy something for 1 BTC then your change is 9 BTC but I do guess that typical spending habits might be able to make analysis easier.

To protect your privacy, it is commonly recommended to send change to a new freshly generated address. It is argued that this makes it impossible to distinguish the payment from the change which makes it harder to group the transactions that belong to you.

Correct me if I'm wrong, I'm afraid it doesn't help in many cases. The reason is simple: payment value is usually smaller than the change.

When I spend money from my debit card, the payment amount is usually much smaller than the remaining balance. That's because I don't want to refill my card as often as I spend. The same spending habits applied to Bitcoin make transactions traceable.

If you have 10 BTC (say, you received it from an exchange) and want to pay 1 BTC, your transaction will have two outputs:
1 BTC - the payment,
9 BTC - the change to another your address.
Without any other knowledge, just by looking at the output values, it is usually safe to say that 1 BTC is the payment and 9 BTC is the change, and the address where the 9 BTC landed is again your address. Any other coins received to this address will be tracked to you. The subsequent transaction that spends the 9 BTC will be tracked to you.

Any thoughts how this situation is really often and how to protect one's privacy?