Is putting public bitcoin address for donation dangerous for your privacy?

[ripper234]

Scenario:

1. I publish address X in my signature, for donations or just pure fun.
2. I buy bitcoins in Mt. Gox, move them to my wallet at address Y1.
3. I move 99% of my bitcoins from my main wallet to a new encrypted wallet at address Z1
4. Someone donates to me at my public address X.
5. I buy some more bitcoins at Mt. Gox, move them to my wallet at address Y2, then move 99% to my encrypted wallet at address Z2.
...
6. I move some money from my encrypted wallet back to my private wallet at address Y3.

Note that Y1, Y2, Y3 were all generated by the same wallet, and Z1 and Z2 were both generated from another wallet.

Now ... suppose one my Z (encrypted) address is under scrutiny, because they hold a large amount of coins.
Someone backtraces every transaction in them, guesses that the Z address and Y address belong to the same person, because of many back-and-forth transactions between them.
X can be linked to Y as well by block explorer.
X can be linked to my identity, because I put it on my sig.

End result - someone knows (or has a pretty good guess) exactly how much bitcoin I have, just because I put up a public donation address.


Is this analysis correct? Can anything be easily done to prevent it?
I understand that one could try to cloak the connection between Y and Z address, and make it harder to guess they belong to the same person.
But - I don't think it's trivial to cloak.

Also, this attack seems to be possible not just on public address, but also by anyone that ever sent you money.

Please refute.

[1715422622]

1715422622

[1715422622]

1715422622

[1715422622]

1715422622

[Gavin Andresen]

Yep. Every transaction you make potentially leaks a little information about other transactions to/from your bitcoin wallet.

That's why I always say "bitcoin anonymity is complicated" and "bitcoin transactions are more private than credit card or bank transactions, but less private than cash transactions" or "staying completely anonymous while using bitcoins is hard."

And that's why you won't find (or, at least, shouldn't find) any claims that bitcoin is anonymous on the bitcoin.org home page or in the bitcoin source code.

What can you do? Use separate wallets. Make your donation address an instawallet or mybitcoin address that you don't use for anything else.

[bcearl]

Yeah, I think the claim that bitcoin is anonymous is a huge overstatement that shouldn't be made.


You can - if you are aware how bitcoin works - have a lot of privacy. And even when you just use bitcoin without thinking about it, you have more privacy than with paypal. But it's not true that it is anonymous, which is in my opinion an absolute thing. Nothing is "a little anonymous". Something is anonymous or not. Bitcoin is not.


EDIT: long posting short:
What I want to say: Bitcoin does not force you to release your identity. But it does not protect it automatically either.

[ripper234]

bitcoin ... are more private than credit card

Dare I say "false"? If I give a 3rd party my credit card, there's no chance he will know how much money I have in my bank account.
I'm just digesting how serious this is. How do you envision this resolved eventually?

One possible sollution is to have a smart wallet management software that manages 10,000 different wallets, all belonging to you, and  makes sure not to link them. To the end user, the user experience should be "I have a single bank account, a way to generate incoming address, a way to pay", and the smart wallet should do the rest.

Without a solution to this problem, I dare say bitcoin loses a significant portion of its appeal.
A payment method that leaks that much information won't reach mass adoption.

[grue]

bitcoin ... are more private than credit card

Dare I say "false"? If I give a 3rd party my credit card, there's no chance he will know how much money I have in my bank account.

but does he know your name? you address? your phone number?

[FlipPro]

I think MTGOX is going to have to come up with a system where they can have private accounts. And where they can gurantee up to a certain amount (simular to how banks operate today). But thats not even enough, there needs to be a (dare i say) Paypal type website, that secures funds, and prevents frauds with the use of bitcoins. Not everyone wants to live in a reckless society. I personally would feel much saver leaving my coins to a multi-milliondollar entity that can get results done, compared to a bunch of nerds (no pun intended.I'm prob the biggest one in here). There are alot of things people can do to secure their wallets, but the general population (dare I say again) is simply to slow to understand the simple concept of enrypted thumb drives. Imagine explaining that to an 80 year old grandma whos looking to diversify her porfolio with a bit of digital gold. Lets hope the market can correct this.

[ripper234]

bitcoin ... are more private than credit card

Dare I say "false"? If I give a 3rd party my credit card, there's no chance he will know how much money I have in my bank account.

but does he know your name? you address? your phone number?

When I order anything on Amazon, I give them my name, address and credit card.
Do you know an online store that doesn't require your address?

[grue]

When I order anything on Amazon, I give them my name, address and credit card.
Do you know an online store that doesn't require your address?

>name
fake
>address
real, or a PO box

edit:
aww shit, my post count is 666.

[ripper234]

When I order anything on Amazon, I give them my name, address and credit card.
Do you know an online store that doesn't require your address?

>name
fake
>address
real, or a PO box

edit:
aww shit, my post count is 666.

Let's get serious here. For ordering drugs, sure, what you suggest works, but if we want bitcoin to replace all the world's currencies (and I sure do), we can't seriously ask all the people to use fake names and PO boxes everywhere.
And a real address is already enough to connect to you to a name. Many people's address are public.

[grue]

Let's get serious here. For ordering drugs, sure, what you suggest works, but if we want bitcoin to replace all the world's currencies (and I sure do), we can't seriously ask all the people to use fake names and PO boxes everywhere.
And a real address is already enough to connect to you to a name. Many people's address are public.

revealing how much money you (may) have is much better than giving out your REAL name.

[ripper234]

Let's get serious here. For ordering drugs, sure, what you suggest works, but if we want bitcoin to replace all the world's currencies (and I sure do), we can't seriously ask all the people to use fake names and PO boxes everywhere.
And a real address is already enough to connect to you to a name. Many people's address are public.

revealing how much money you (may) have is much better than giving out your REAL name.

I don't understand your point.

Today: When I (and A LOT of other people) purchase something from company X, they give X their real name, address, and credit card.
Tomorrow, the same people will also give them a complete record of their shopping history, and bank balance.

Yes, some ultra small proportion of the population will not give real names or addresses on online shopping websites. So, you want Bitcoin to be Hax0r money? I want it to be Galatic Credits, and would like to see how we can overcome the attack I pointed out.

For bitcoin to be universal, it needs to be accessible, secure and reasonable private to soccer moms, not hackers.

[grue]

For bitcoin to be universal, it needs to be accessible, secure and reasonable private to soccer moms, not hackers.

is knowing how much money you have really an issue? If people are really paranoid, they can always use a mixer service, or a e-wallet.

[ripper234]

For bitcoin to be universal, it needs to be accessible, secure and reasonable private to soccer moms, not hackers.

is knowing how much money you have really an issue? If people are really paranoid, they can always use a mixer service, or a e-wallet.

No it isn't an issue. Please tell me, nay, show me, how much money you have.
e-wallets are not immune.

[Rob P.]

End result - someone knows (or has a pretty good guess) exactly how much bitcoin I have, just because I put up a public donation address.

A public address can be tied to you.
A private address (one that was never published or listed anywhere) cannot be tied to you irrefutably.

If someone sees coins going from a public address to a private address, that private address will be listed in the block chain as receiving the coins.

However, there's no way to tied that private address to you.  You could easily state that you were conducting a private transaction with a 3rd party who shared the address with you in private.

You can further obfuscate your private address by sending between your private addresses multiple times to multiple private addresses.

Sure, these show up in the block chain, but they cannot be tied to a single individual indisputably.  You have to rely on guess work.

Forensically, unless I can get a hold of your wallet.dat, I cannot prove that the addresses in question are yours.  

I'd be more worried about someone writing a virus for Windows that just emails the attacker your wallet.dat file, deleting it from the local hard drive as it goes.  Then the attacker has your coins, you don't.

[Rob P.]

Tomorrow, the same people will also give them a complete record of their shopping history, and bank balance.

You're supposed to give every entity you do business with a different address.  As such, the only transaction history they have is the history of that address, which today they have anyhow.

Can they see that you also sent coins from that address to another one?  Sure.  Does that tell them anything?  No.

[ripper234]

End result - someone knows (or has a pretty good guess) exactly how much bitcoin I have, just because I put up a public donation address.

A public address can be tied to you.
A private address (one that was never published or listed anywhere) cannot be tied to you irrefutably.

If someone sees coins going from a public address to a private address, that private address will be listed in the block chain as receiving the coins.

However, there's no way to tied that private address to you.  You could easily state that you were conducting a private transaction with a 3rd party who shared the address with you in private.

You can further obfuscate your private address by sending between your private addresses multiple times to multiple private addresses.

Sure, these show up in the block chain, but they cannot be tied to a single individual indisputably.  You have to rely on guess work.

Forensically, unless I can get a hold of your wallet.dat, I cannot prove that the addresses in question are yours.  

I'd be more worried about someone writing a virus for Windows that just emails the attacker your wallet.dat file, deleting it from the local hard drive as it goes.  Then the attacker has your coins, you don't.

The virus angle is easy to solve. Put all your money in a large, trusted, insured bank that maintains a bitcoin wallet for you.
You can have this bank set limit on how much money you can withdraw from it in a time period, and have them call you for large transfer. You still should keep the password secure, just like you do today with you online bank account.

The attack works on private address. If you give Amazon one of your addresses (a one time generated address), and then they refund you for anything via this address, odds are you will eventually move this money to your saving account. Then, odds are, you'll move it back to your regular wallet someday. You'll have transactions back and forth between these wallets.

It will be very hard to deny both wallets are yours if you keep moving money between them.

[lonestranger]

I'd be more worried about someone writing a virus for Windows that just emails the attacker your wallet.dat file, deleting it from the local hard drive as it goes.  Then the attacker has your coins, you don't.

That one has me paranoid.

[ripper234]

I'd be more worried about someone writing a virus for Windows that just emails the attacker your wallet.dat file, deleting it from the local hard drive as it goes.  Then the attacker has your coins, you don't.

That one has me paranoid.

Rightfully so - but you can protect yourself easily by using a dedicated computer with a brand new OS (preferbally linux), that is only used for Bitcoin.
Store copies of your wallet elsewhere, even on the web, but encrypted with a key that will only ever be entered on your dedicated bitcoin computer.

This should protect you from any reasonable attack. The only ways I can think of to attack you would be:
1. A virus embedded in the OS image you're installing.
2. A government or other super computer brute-forces or otherwise decrypts your wallet.

Both are rather unlikely.

[Rob P.]

Store copies of your wallet elsewhere, even on the web, but encrypted with a key that will only ever be entered on your dedicated bitcoin computer.

This really won't work.  Once I steal your wallet, having backups elsewhere won't help.  First thing I'll do is spend the coins, the network will confirm the transactions before you know it's gone, and you can't reverse the transactions.  So I pwned your coins.

If I get a hold of your wallet.dat file, you're toast.  Backups are no good.

People running Bitcoin under Windows are insane.  No way I'd run a forked version of the client either, without inspecting the source (which I've done to the official client).

Actually forking the client is WAY easier to shave some type of transaction fee addition and just mail it to yourself.  Most users won't explore the block chain themselves and see that transaction A actually resulted in two transactions, one to intended recipient and one to the author of said client.

[bcearl]

Backups are good for reliability reason. When your hard disk crashes, it is good to have backups!



I think he didn't mean that backups protect against theft. He said that the wallet should be unencrypted on a dedicated machine only - that's the protection.