Taking the 'pseudo' out of 'anonymous'

[nelisky]

So the block explorer served one purpose above all others, showing what information is actually being stored.

What if I want to make it harder to trace transactions back to me, by design? Mind you, I have nothing to hide. But that doesn't mean I don't *want* to stay stealthy, and it should be our option to do so, if only for the heck of it

Ok, enough politics, not for the technical side of things; Transactions can be traced to addresses, sort of. It's hard to know which part in a transaction is a transfer, which part is change, and new addresses are always being created, but consider this:
- A sends 100 coins to B
- B sends 10 coins to C
- C sends 1 coin to A

looking at the block explorer, and assuming the wallet address that receives each transfer is the same that sends to the next hop (possible, as values are lower at each hop, thus unless there's a better match at the user's wallet, that one will be used, right?), A can see that the address used to send to B is the same C used to send to A, thus establishing a connection between B and C. That and a little googling may disclose the identities of the people involved, not to mention inbound address for C that B is using, thus (assuming C doesn't provide a different address to B each time) recurrent payments from B to C are now traceable.
And if you know that C gave you that address to pay for something morally opposable, like lawyer's fees, you will then be able to know how many coins C is receiving for such a service.

I know this scenario is kinda lame, sorry about that, but how can one avoid that without needing to do anything hard or complex?

Someone had a service for hiding transfers by proxying, delaying them and shuffling values. I think this is the answer, if we take it to the next level. A stealth proxy for bitcoin that would work close to this:

- A uses the proxy API to say "I want to send X to B".
- A receives an address Y
- A sends some value to Y, could be more, could be less multiple times
- Once enough is transfered, proxy sends to one or two new addresses internally, breaking the value in pieces with a little randomization along the way
- proxy sends X to B
- proxy sends change to A
--- and the tricky part
- after enough confirmations on both to A and to B transfers are received, proxy deletes the addresses from the wallet

If you add a 48h log rotation to /dev/null (the 48h are there to debug any real issue) and this should be completely untraceable. Another option to prevent tweaking the bitcoin client in to deleting addresses is to use a new wallet for each transaction and killing it afterwards. The hard part here is keeping a block db available to 100 bitcoin clients, but I'm sure we can think of something.

Am I forgetting anything?

[1713487063]

1713487063

[1713487063]

1713487063

[1713487063]

1713487063

[1713487063]

1713487063

[Bitquux]

This has been on my mind too. I like your solution. You could even have the proxy send to multiple receive addresses in the same wallet to mix it up some more. The only real problem I see is a compromise / shakedown of the proxy server.

[theymos]

- A uses the proxy API to say "I want to send X to B".
- A receives an address Y
- A sends some value to Y, could be more, could be less multiple times
- Once enough is transfered, proxy sends to one or two new addresses internally, breaking the value in pieces with a little randomization along the way
- proxy sends X to B
- proxy sends change to A
--- and the tricky part
- after enough confirmations on both to A and to B transfers are received, proxy deletes the addresses from the wallet

This prevents casual spying, but there would still be a connection between A and B. If an attacker was really serious about seeing where A was spending his coins, they would follow the transactions down to the the first known identity. If this is B, then they can force him to reveal who he received coins from at that address. They then either find A or find a closer person who they can question.

This simple mixing can be done without a third-party by creating some new addresses on your machine and doing the mixing yourself.

If the proxy has many customers and is careful not to give coins back to the customer who sent them, then you have a true "Bitcoin proxy" that can't be bypassed without compromising the proxy.

Relevant:
http://bitcointalk.org/index.php?topic=241.0
http://www.bitcoin.org/wiki/doku.php?id=anonymity

[nelisky]

This prevents casual spying, but there would still be a connection between A and B. If an attacker was really serious about seeing where A was spending his coins, they would follow the transactions down to the the first known identity. If this is B, then they can force him to reveal who he received coins from at that address. They then either find A or find a closer person who they can question.

This simple mixing can be done without a third-party by creating some new addresses on your machine and doing the mixing yourself.

- Once enough is transfered, proxy sends to one or two new addresses internally, breaking the value in pieces with a little randomization along the way

This step actually does the disconnection. I am assuming the send address, as values differ the addresses used for sending should be different from the ones used for receiving. Did I understand this wrong?

And yes, a user can carefully do this without a proxy, but we know how many will do that...

[theymos]

This step actually does the disconnection. I am assuming the send address, as values differ the addresses used for sending should be different from the ones used for receiving. Did I understand this wrong?

And yes, a user can carefully do this without a proxy, but we know how many will do that...

You can see him send the BTC to internal addresses. Someone looking at the block chain will see A send to Y, Y send to a few addresses, and all of those addresses send to the destination. You can only completely remove identities from transaction histories if you use someone else's coins: A sends to Y, and some other address sends to the destination using coins not gotten from A.

[ShadowOfHarbringer]

This step actually does the disconnection. I am assuming the send address, as values differ the addresses used for sending should be different from the ones used for receiving. Did I understand this wrong?

And yes, a user can carefully do this without a proxy, but we know how many will do that...

You can see him send the BTC to internal addresses. Someone looking at the block chain will see A send to Y, Y send to a few addresses, and all of those addresses send to the destination. You can only completely remove identities from transaction histories if you use someone else's coins: A sends to Y, and some other address sends to the destination using coins not gotten from A.

I like this solution better: Just toss all the bitcoins into one bag, randomize the receivers, and send random coins to random people (but with correct amounts) while making sure the coins of A (sender) don't go to B - use coins of somebody else.

However the problem with that is that there have to be some extra coins always avaiable in the "proxy bag". So perhaps some temporary period should be applied, like 1 hours, giving the proxy time to collect right amount of coins. Or the proxy can have some extra deposited coins for this occasion.

[nelisky]

This step actually does the disconnection. I am assuming the send address, as values differ the addresses used for sending should be different from the ones used for receiving. Did I understand this wrong?

And yes, a user can carefully do this without a proxy, but we know how many will do that...

You can see him send the BTC to internal addresses. Someone looking at the block chain will see A send to Y, Y send to a few addresses, and all of those addresses send to the destination. You can only completely remove identities from transaction histories if you use someone else's coins: A sends to Y, and some other address sends to the destination using coins not gotten from A.

Is this not the default behaviour? I mean, the multiple coin pockets (addresses) will not have the correct amount for the final transfer, and yes I am assuming multiple users so multiple coin owners will all get randomized. A waiting period will always exist as the internal transfers will also need at least one block to get confirmed.

But I see now that this prevents the "one wallet per transfer"... maybe one wallet per day? Just span a new bitcoin every 24h with a brand new wallet, transfer any coins still in the old one there, rinse and repeat?

[Anonymous]

Can we all send our coins to a giant bucket which then mixes them and spits them out?

Onioncoin routing lol

[nelisky]

So I guess the easiest way about this is to have multiple people sending transfers through a simpler proxy that makes sure txouts are always from a different compared to txin? A simple one address black list would do, which I assume is simple enough to implement... Then, if other addresses don't have enough the txout will just wait until there is.

The only downside I see is if volume is low, transfers may take a long time to be forwarded... the proxy could probably run on a fee based structure (1 coin for 100 transfers?) and the accumulated fees are there to mitigate this?

[ribuck]

...Just toss all the bitcoins into one bag, randomize the receivers, and send random coins to random people (but with correct amounts) while making sure the coins of A (sender) don't go to B - use coins of somebody else.

Surely if random coins are sent to random people, it doesn't matter if the coins of A might occasionally go to B. In fact it's more random that way.

[nelisky]

...Just toss all the bitcoins into one bag, randomize the receivers, and send random coins to random people (but with correct amounts) while making sure the coins of A (sender) don't go to B - use coins of somebody else.

Surely if random coins are sent to random people, it doesn't matter if the coins of A might occasionally go to B. In fact it's more random that way.

Given the huge address space involved, I don't think the fact that 'address may or may not be used' helps in confirming or negating anything. I do see an up point to NOT having the address used, though, it will simply not appear on a search for the history of the transactions, even if it appearing is always subject to plausible deniability.

[FreeMoney]

So I guess the easiest way about this is to have multiple people sending transfers through a simpler proxy that makes sure txouts are always from a different compared to txin? A simple one address black list would do, which I assume is simple enough to implement... Then, if other addresses don't have enough the txout will just wait until there is.

The only downside I see is if volume is low, transfers may take a long time to be forwarded... the proxy could probably run on a fee based structure (1 coin for 100 transfers?) and the accumulated fees are there to mitigate this?

Average cycle time is posted on site, you get your place in the queue by bidding, people who get in under the average time pay a little, people who get it back over the average time get paid a little for facilitating others. Operator takes a tiny cut since it's mostly automated.

[ribuck]

Operator takes a tiny cut since it's mostly automated.

Operator takes a sizeable cut and saves it in his legal defense fund.

[FreeMoney]

Operator takes a tiny cut since it's mostly automated.

Operator takes a sizeable cut and saves it in his legal defense fund.

It's so simple to run you should be safe even without finding a free country. There isn't even anything particularly unique about this service, its just coins in and coins out.

No one is going to pay a big cut anyway because you can do it yourself if you are careful. A small price might be paid for speed and convenience though.

[SmokeTooMuch]

This thread could become relevant: https://www.bitcoin.org/smf/index.php?topic=3927.0

[markm]

Quote: "Operator takes a sizeable cut and saves it in his legal defense fund." [ sic. s/fense/fence/ ]

And the defence is what?

"I am deliberately running a bitcoin laundry, but not at all for the purpose of laundering money! My gosh are you mad, bitcoin is in no way shape or form money! ..."

Hmmm...

-MarkM-

[marcus_of_augustus]

Why wouldn't you have just called the service some suitably obtuse technical euphemism like

"Bitcoin transaction randomisation"?

Actually calling yourself a (bit)money laundry is asking for attention.

Hide in the geek speak and you'll be fine, the gubmint drones are clueless. The SEC was watching porn while Wall St. raped America.