Should websites refuse to send coins to an already used address?

[1000000]

I think most of us know that address reuse is a bad idea and it's better to use a unique one for every transactions to avoid security and privacy issues. If a website owner accepts bitcoin deposits and a user wants to withdraw coins to an address which was already used in the past, should there be a warning or even an error message or would that be too annoying for the user?

I'm curious about your opinions!

[achow101]

I don't think so. There are many legitimate uses for reusing an address. For example, many people on this forum have tip jar addresses. A lot of people also use web wallets. If those services began blocking used addresses, then those with tip jars may not be able to get tips.

[c-cex-finch]

Doesn't make much sense blocking used addresses, all recurring payments or repeat payments to an address just wont work. For one-off transactions it might make sense but I think the onus should lie on the user (my personal opinion).

[gmaxwell]

Warning about it, at least, would be productive-- as there has been a fair amount of loss from people accidentally using the wrong address (in addition to the other ways reuse causes systemic harm).  If you mean "already used" ever, then prohibiting it requires a forever growing database, which isn't all that scalable.

A middle ground would be warning (or refusing) any that the site itself had previously sent to; and I think there was general agreement to do that kind of warn on (wallet local) reuse in bitcoin core in the past.

[RocketSingh]

I don't think so. There are many legitimate uses for reusing an address. For example, many people on this forum have tip jar addresses. A lot of people also use web wallets. If those services began blocking used addresses, then those with tip jars may not be able to get tips.

I think, the Address re-use problem refers to spending. One may receive as many times as they want without any issue.

[SFR10]

It's better to use a unique one for every transactions to avoid security and privacy issues.
- Honestly I have to disagree with you as this makes the whole process a lengthy one due to the fact that each address should be created each time for every single transaction


If a website owner accepts bitcoin deposits and a user wants to withdraw coins to an address which was already used in the past, should there be a warning or even an error message or would that be too annoying for the user?
- If the address was used in the past by a different IP address then yes, there should be some sort of warning of "This address was used before with the following IP" and on top of that for the user to be able to use the same address, there should be some verification system implemented upon getting the said error

[Envrin]

I don't believe it's something the core dev team should worry about / implement, no.  I think it's something best left up to the market, and individual merchants / online operations.

Everything I develop has generates a new address for every transaction by default, but sometimes clients will want things like change sent back to the originating address.  I explain to them why the practice is discouraged and so on, but at the end of the day, it is their business and they can do what they like.

[belcher]

You realize "leaving it up to the market" could ruin bitcoin's privacy. That's what "systemic" harm means. The damage doesn't just go to the individual but to the entire system.

[jacee]

I think most of us know that address reuse is a bad idea and it's better to use a unique one for every transactions to avoid security and privacy issues. If a website owner accepts bitcoin deposits and a user wants to withdraw coins to an address which was already used in the past, should there be a warning or even an error message or would that be too annoying for the user?

I'm curious about your opinions!

Well I don't it's a bad practice. Bitcoin is anonymous and so does the bitcoin address we use( for some). I think reusing the same address all over again makes it more secure for both party, let's say as a proof of ownership. Just like how it works in a staked address here in the forum, same thing as in a website, it also proves ownership or in a transaction to someone else. It proves that you are still the same person that uses the same address. Someone can claim to be that person yet can't use the old address so ye, I think the address is like a signature that proves who really is doing the transaction.

[Wintermute]

I think most of us know that address reuse is a bad idea and it's better to use a unique one for every transactions to avoid security and privacy issues. If a website owner accepts bitcoin deposits and a user wants to withdraw coins to an address which was already used in the past, should there be a warning or even an error message or would that be too annoying for the user?

I'm curious about your opinions!

Well I don't it's a bad practice. Bitcoin is anonymous and so does the bitcoin address we use( for some). I think reusing the same address all over again makes it more secure for both party, let's say as a proof of ownership. Just like how it works in a staked address here in the forum, same thing as in a website, it also proves ownership or in a transaction to someone else. It proves that you are still the same person that uses the same address. Someone can claim to be that person yet can't use the old address so ye, I think the address is like a signature that proves who really is doing the transaction.

Bitcoin is not anonymous. The transaction history reveals a lot about addresses and connections between addresses.

Re-using addresses is bad from a security and anonymity point of view:
1) it reveals more about the owner of the address
2) when doing a transaction the public key of the address is revealed - this means that the additional protection layer by the hashing algorithm is gone

But forcing anything up on the user, is not the right way to do things. Wire transfers are less anonymous than cash, but still there are a lot of use cases why people prefer wires.

[Envrin]

You realize "leaving it up to the market" could ruin bitcoin's privacy. That's what "systemic" harm means. The damage doesn't just go to the individual but to the entire system.

Understood, but again, I believe that's up to the individual users / merchants / market.  Everyone has a different usage for bitcoin, and some people don't mind their privacy being compromised in exchange for a more user-friendly system.  If your primary aim is privacy, then you should know how to do it, as it's not difficult to setup intermediate addresses for incoming funds, then split-up and bounce those funds around the blockchain enough times to skew where they went, before they hit your actual wallet.

[medUSA]

I understand there are advantages of having one-time addresses. There are also good reasons to reuse addresses if the owner do not need the extra privacy. Reusing an address should be a choice made by the recipient, not forced upon by any website or the network.

[Delek]

I may sound paranoid, but the creation of a new address shouldn't never be done online and automatically. Creating a new private key every time you spend gives me chills.

[Hugroll]

i would say no, but im probably biased. personally i like to use 1address so that i can see easily the transactions that came in and out. if i had to replace my address everytime i used it thats just not organized enough for me 

[cellard]

I think that the wallets should have a way to automatically generate a new address each time so the average Joe doesn't get an headache and can still enjoy the increased privacy of not reusing addresses, but still have to option to reuse an address if you want to. Overall we need to simplify the functionality of stuff like this thinking on the average consumer which will not understand (and will not bother) with anything deeper that isn't clicking send, receive and whatnot.

[NeuroticFish]

I think most of us know that address reuse is a bad idea and it's better to use a unique one for every transactions to avoid security and privacy issues. If a website owner accepts bitcoin deposits and a user wants to withdraw coins to an address which was already used in the past, should there be a warning or even an error message or would that be too annoying for the user?

I'm curious about your opinions!

Reuse of an address is the sole business of its owner. It's a matter of choice, for most people simplicity is the most important.
So imho, while talking about a coin that's about freedom.. asking about banning / blocking the freedom of choice is absurd.
Hence my answer is clearly NO! No blocking!

A warning can be done, because it helps the users learn and get more aware of what their choices mean. But that's all.

[letsplayagame]

I think most of us know that address reuse is a bad idea and it's better to use a unique one for every transactions to avoid security and privacy issues. If a website owner accepts bitcoin deposits and a user wants to withdraw coins to an address which was already used in the past, should there be a warning or even an error message or would that be too annoying for the user?

I'm curious about your opinions!

Reuse of an address is the sole business of its owner. It's a matter of choice, for most people simplicity is the most important.
So imho, while talking about a coin that's about freedom.. asking about banning / blocking the freedom of choice is absurd.
Hence my answer is clearly NO! No blocking!

A warning can be done, because it helps the users learn and get more aware of what their choices mean. But that's all.

Privacy matters a lot to me but so does free will. This answer seems appropriate.

[unamis76]

The website obviously should not refuse it, in my opinion. That's basically refusing a withdrawal... And that could raise suspicion and it's just not the right thing to do. That would also be discriminating Bitcoin addresses...

I'm definitely thumbs up for a warning tho

[gmaxwell]

Reuse of an address is the sole business of its owner. It's a matter of choice, for most people simplicity is the most important.

Pedantically, the reuse of address harms third parties... and the decision to send coins is the sole business of the sender. I don't think you can answer this questions with simplistic reductions to arguments about free choice: there are multiple people involved in the question, and their free choices may conflict.

I may sound paranoid, but the creation of a new address shouldn't never be done online and automatically. Creating a new private key every time you spend gives me chills.

New addresses can be generated without generating new private keys.

Monero, for example, has no address reuse at all in the blockchain-- it's required for the prevention of double spending there. It seems to do okay with it.  The original bitcoin software never addresses w/ pay-to-ip; and even with addresses in use it the practice of reusing is somewhat inexplicable from a technology standpoint: it _really_ screws up your privacy along with that of people you transact with, and you can't reliably tell which of the payments you had outstanding were confirmed.... I think if it had been realized that people would behave the way they do, it likely would have been prohibited in the Bitcoin system from the start.

[I make these points as points of correctness, not to further argue it-- I think warning is more prudent, and will also have the effect of educating on this matter).

[Delek]

New addresses can be generated without generating new private keys.

Monero, for example, has no address reuse at all in the blockchain-- it's required for the prevention of double spending there. It seems to do okay with it.  The original bitcoin software never addresses w/ pay-to-ip; and even with addresses in use it the practice of reusing is somewhat inexplicable from a technology standpoint: it _really_ screws up your privacy along with that of people you transact with, and you can't reliably tell which of the payments you had outstanding were confirmed.... I think if it had been realized that people would behave the way they do, it likely would have been prohibited in the Bitcoin system from the start.

Two more.questions regarding to that:
1) It was known how to generate a new address without a ptivate key back in 2009? If I'm right, this comes from a modern BIP (deterministic wallets)
2) I don't care about privacy, I prefer to have a working Donation address all the time rather than being 100% a ghost. :p