[FORBES] How Private Are Bitcoin Transactions?

[BitcoinPorn]

http://blogs.forbes.com/timothylee/2011/07/14/how-private-are-bitcoin-transactions/

Are Bitcoin transactions really private? In an age of ubiquitous government surveillance and corporate information collection, the peer-to-peer currency‘s boosters tout privacy as a major benefit. I’m not convinced.

Bitcoin’s peer-to-peer method for clearing payments means that the currency’s “books” are inherently open. Every transaction ever made using the currency is available for inspection using a tool like Bitcoin’s Block Explorer.

The privacy benefits come from the fact that you can create an unlimited number of anonymous Bitcoin identities. Block explorer tells me that someone sent 36953.2525 Bitcoins to the address 148X4kTYZhjeKQcd1AVhcytXvh5gL6FNSe. I don’t know who owns that address and there’s no central database where I can look it up. Nor is there a Bitcoin Inc. that could be compelled to create such a database. And this, Bitcoin enthusiasts say, give their currency a privacy edge over the US dollar.

But the fact that the database doesn’t exist doesn’t mean it couldn’t be created. Remember, people want money so they can buy stuff. There are a few goods and services, like pornography or consulting work, that can be delivered entirely over the Internet. But people mostly buy products that need to be physically delivered. An American who wants to deal primarily in Bitcoins will, at some point, need to either buy food and shelter in Bitcoins or convert some of their Bitcoins to dollars. And that means making Bitcoin payments to people in the US.

But the US government could easily require any business accepting Bitcoin payments (or converting Bitcoins to dollars) to collect identification information from their customers in the same way that “know your customer” regulations require financial institutions to collect information about their customers. And once the government has de-anonymized a significant fraction of the addresses on the network, they’ll be able to infer many of the others using basic detective work. Remember, the full pattern of transactions is a matter of public record. Officials trying to identify a particular address will have a complete record of every address that’s ever sent money to, or received money from, that address. If any of them are within the United States, they can be compelled to disclose details (IP addresses, shipping addresses, contact email address, etc) that could help identify the address’s owner.

Now this isn’t to say that a determined individual couldn’t use Bitcoin in a way that preserves his privacy. But it would either require a high level of technical savvy or significant lifestyle changes. He could avoid working for traditional US employers and buying things from mainstream US businesses. But most users just don’t care about privacy enough to make those kinds of major lifestyle changes to get it.

Another approach would be to use technical means to obfuscate the flow of funds to and from his accounts. He could route all Bitcoin traffic through an anonymization service like Tor. He could create a large number of decoy accounts and have different people pay different accounts. There could even be Bitcoin “money laundering” services that accept money from you and pay you back in another account. But few people have the patience or technical know-how to do this effectively.

Moreover, people willing to go to that much trouble can obtain roughly the same degree of financial privacy using dollars. Most obviously, you can conduct transactions in cash, which is inherently resistant to government surveillance. For remote transactions, there are any number of offshore intermediaries in Switzerland, the Cayman Islands, and elsewhere that have been helping privacy-conscious Americans stay beyond the long arm of the law for decades. And all of these transactions have an important advantage over Bitcoin: they don’t produce public entries in a global distributed database.

In other words, Bitcoin’s alleged privacy benefits mostly reflect the fact that the government isn’t really trying to spy on Bitcoin users. It hasn’t built the kind of surveillance infrastructure the government has for tracking dollar-denominated transactions. And to be clear, I would rather that infrastructure not exist. But if Bitcoin becomes popular, the government will build precisely the same infrastructure for spying on the Bitcoin network. And when they do, it will become clear that for ordinary users, Bitcoin is, if anything, less surveillance-resistent than traditional cash.

http://blogs.forbes.com/timothylee/2011/07/14/how-private-are-bitcoin-transactions/

Another thread of interest Patching The Bitcoin Client To Make It More Anonymous http://forum.bitcoin.org/index.php?topic=23354.0



----

Thanks BusmasterDMA for noting the update just today

Advanced Bitcoin Anonymity

Tom Lowenthal offers a solid critique of my last post:

If I have one Bitcoin account, and I use that for all incoming and outgoing payments, it’s very easy to keep track of my transactions. Anyone who has ever given me coins can now see exactly where I send how much money, forever. However, this is not the way that anyone really does or ever should use Bitcoin. It’s standard practice to use a new address for each incoming payment. This way, there’s no link between different inbound transactions. When making an outgoing payment, pick a selection of addresses whose balances add up to only slightly more than the sum you wish to pay. Pool those into a new address (with a little left-over in one of the original accounts), and send the whole payment from that new address.

I find this critique fairly persuasive. Though its validity depends somewhat on the type of privacy threats our hypothetical user is worried about. If you’re worried about the government easily capturing a comprehensive picture of your financial activities, the approach of using many different addresses could work quite well. If, on the other hand, you want to give money to a third party in a way that you can be sure the government will never be able to trace back to you, this technique might not work as well. For example, if the government wanted to track everyone who donated to a particular public Bitcoin address (say, one owned by Wikileaks), it can work its way backwards along the chain of transactions until it reaches someone (say, your employer) who it can force to disclose the donor’s identity.

Still, Tom makes a convincing case that I was understating Bitcoin’s privacy benefits.

[Vladimir]

So which one is it? Is it Bitcoin not anonymous enough or is it Bitcoin must be stopped because bad guys use it? Cannot be both, can it?

[BitcoinPorn]

So which one is it? Is it Bitcoin not anonymous enough or is it Bitcoin must be stopped because bad guys use it? Cannot be both, can it?

For how this article reads, yes, yes it can lol.  I think the guy is pointing out the bad currently going on and how it is, versus how easily that can change.  I wonder if the guy wrote the article to warn his favorite Silk Road dealer to step up his anonymous game.

[ampkZjWDQcqT]

It all reduces to: Those who care enough for their privacy will keep it. Those who don't don't deserve it and will loose it (The later is just my opinion).

[Leon]

Its 100% private until someone like your ISP digs through your history.

[Serge]

Its 100% private until someone like your ISP digs through your history.

Doesn't SSL protect you from that or it only provides false sense of security from ISPs?

[phillipsjk]

Doesn't SSL protect you from that or it only provides false sense of security from ISPs?

SSL/TLS Vulnerability Widely Unpatched.

Add to that that most browsers treat Clear-text HTTP as more secure than self-signed certificates. That means most websites either use no authentication, or rely on a Certificate authority that may be malicious.

In an ideal world, organizations would post the "fingerprint" of their self-signed certificate on their premises. If you are using e-billing, the billing company would send you a copy of the certificate or fingerprint by mail.

In any case, your ISP knows which server you are connecting to when you use HTTPS, but not necessarily which pages you visit.

[Trader Steve]

That's why the following project is so important:

Open Transactions + Bitcoin = Untraceable and Instant Transactions

This is a project worth supporting. Listen to the radio shows for more info:

Part 1:
http://agoristradio.com/?p=234

Part 2:
http://agoristradio.com/?p=246

Technical Links:

FellowTraveler / Open-Transactions Github and Info Site

https://github.com/FellowTraveler/Open-Transactions/

https://github.com/FellowTraveler/Moneychanger

Support this project! Donate here:

1NtTPVVjDsUfDWybS4BwvHpG2pdS9RnYyQ

[Mageant]

So which one is it? Is it Bitcoin not anonymous enough or is it Bitcoin must be stopped because bad guys use it? Cannot be both, can it?

In the realm of politics, it can.   

[Leon]

Its 100% private until someone like your ISP digs through your history.

Doesn't SSL protect you from that or it only provides false sense of security from ISPs?

phillipsjk said it best, but using proxies would help I suppose

[enmaku]

Someone needs to fire up Tor/I2P/etc and make a "Coin Wash" site.

Someone sends in an arbitrary amount of BTC along with multiple new addresses. The BTC that go in are broken into randomly-sized portions and sent to the new addresses at random intervals, interleaved with other transactions (minus a fee of course). If multiple coin washers existed they could also send coins to each other with instructions to forward. If such nodes also ran their own private testnet of sorts (zero fee) and sent mountains of arbitrary transactions with the right format it could be quite difficult even for even the ISP to sort the real transactions from the fake (see: chaffing and winnowing).

I think the above should be sufficient to beat analysis-based attacks, using Tor or I2P beefs up protection against analysis a bit more and I trust that the security already bundled in the bitcoin client should cover the rest.

Have I missed anything?

[Trader Steve]

Someone needs to fire up Tor/I2P/etc and make a "Coin Wash" site.

Someone sends in an arbitrary amount of BTC along with multiple new addresses. The BTC that go in are broken into randomly-sized portions and sent to the new addresses at random intervals, interleaved with other transactions (minus a fee of course). If multiple coin washers existed they could also send coins to each other with instructions to forward. If such nodes also ran their own private testnet of sorts (zero fee) and sent mountains of arbitrary transactions with the right format it could be quite difficult even for even the ISP to sort the real transactions from the fake (see: chaffing and winnowing).

I think the above should be sufficient to beat analysis-based attacks, using Tor or I2P beefs up protection against analysis a bit more and I trust that the security already bundled in the bitcoin client should cover the rest.

Have I missed anything?

Sounds like a great idea although I'm not a techie.

[hugolp]

Someone needs to fire up Tor/I2P/etc and make a "Coin Wash" site.

Someone sends in an arbitrary amount of BTC along with multiple new addresses. The BTC that go in are broken into randomly-sized portions and sent to the new addresses at random intervals, interleaved with other transactions (minus a fee of course). If multiple coin washers existed they could also send coins to each other with instructions to forward. If such nodes also ran their own private testnet of sorts (zero fee) and sent mountains of arbitrary transactions with the right format it could be quite difficult even for even the ISP to sort the real transactions from the fake (see: chaffing and winnowing).

I think the above should be sufficient to beat analysis-based attacks, using Tor or I2P beefs up protection against analysis a bit more and I trust that the security already bundled in the bitcoin client should cover the rest.

Have I missed anything?

I had though on doing this and host it in the freenet network (freenet is similar to TOR but with wepage hosting included). Also, make a plugin for the client so the anonimization would be extremely easy.

[k]

Someone needs to fire up Tor/I2P/etc and make a "Coin Wash" site.

Someone sends in an arbitrary amount of BTC along with multiple new addresses. The BTC that go in are broken into randomly-sized portions and sent to the new addresses at random intervals, interleaved with other transactions (minus a fee of course). If multiple coin washers existed they could also send coins to each other with instructions to forward. If such nodes also ran their own private testnet of sorts (zero fee) and sent mountains of arbitrary transactions with the right format it could be quite difficult even for even the ISP to sort the real transactions from the fake (see: chaffing and winnowing).

I think the above should be sufficient to beat analysis-based attacks, using Tor or I2P beefs up protection against analysis a bit more and I trust that the security already bundled in the bitcoin client should cover the rest.

Have I missed anything?

never used it but think this is something like that http://bitcoinlaundry.com/

can listen to more about it here http://agoristradio.com/?p=407

[Trader Steve]

Yes, bitcoinlaundry.com sounds interesting. When you wish to conduct a transaction that you'd prefer to be more private simply pay the bill through this account. From what I've read elsewhere the more people that use this service the less likely you are to receive the same coins back. Maybe we should start sending more payments through here - even if it's just to help others mix up their coins. Would that work or would it be too easy to match the amounts paid in and the amounts paid out?

[enmaku]

Someone needs to fire up Tor/I2P/etc and make a "Coin Wash" site.

Someone sends in an arbitrary amount of BTC along with multiple new addresses. The BTC that go in are broken into randomly-sized portions and sent to the new addresses at random intervals, interleaved with other transactions (minus a fee of course). If multiple coin washers existed they could also send coins to each other with instructions to forward. If such nodes also ran their own private testnet of sorts (zero fee) and sent mountains of arbitrary transactions with the right format it could be quite difficult even for even the ISP to sort the real transactions from the fake (see: chaffing and winnowing).

I think the above should be sufficient to beat analysis-based attacks, using Tor or I2P beefs up protection against analysis a bit more and I trust that the security already bundled in the bitcoin client should cover the rest.

Have I missed anything?

never used it but think this is something like that http://bitcoinlaundry.com/

can listen to more about it here http://agoristradio.com/?p=407

The problem with something as simple as bitcoinlaundry is that simple network analysis undoes your anonymity. If Alice wants to send Bob 3.14 BTC without it being traceable, bitcoinlaundry says "hand it to Charlie and have Charlie hand it to Bob" which, in the context of bitcoin, is a good start because at least it keeps your address off the books and all someone could conceivably discover is that you sent coins to Charlie, right?

Problem #1: if Dave has the ability to watch what Charlie sends and receives, he can pretty easily see that Alice sent in 3.14 BTC and soon after Charlie sent that exact amount to Bob - unless your transaction is an amount that a huge volume of others will be sending (1 BTC even perhaps) it is easily identified. Charlie could also be scrutinized by watching the timing of several known transactions and then observing the money in/out timing of unknown transactions.

Problem #2: Since Charlie operates on the open internet under his real name his equipment (and wallet) could be seized by the authorities quite easily. It's very difficult to do this sort of thing properly without keeping at least temporary records of where money came from and where it is destined.

Problem #3: Even if you solve problem 1 and 2, chances are that Charlie isn't performing enough transactions each day to properly disguise who sent what to whom. Even if he is, such data is not made available and neither Alice nor Bob have any way of knowing whether their transaction will be securely hidden among the transactions of others. Charlie could easily generate many fake transactions to hide the valid ones, but I don't know how similar testnet (or namecoin or any blockchain branch really) traffic looks to valid BTC traffic when sniffed offhand, I may be barking up the wrong tree on this one.

Much like running an exchange the security and thought process that must go into a coin washer are NOT trivial. Unlike an exchange, the first time one of these gets hacked it'll probably be by the government and people will probably go to jail as a result, so if anyone takes this and runs with it - DO IT RIGHT.

[ampkZjWDQcqT]

Someone needs to fire up Tor/I2P/etc and make a "Coin Wash" site.

There is a BitLaunder Tor hidden service (http://xuie7qspblyer5ms.onion/). It's listed on the wiki.

[Trader Steve]

That's why the following project is so important:

Open Transactions + Bitcoin = Untraceable and Instant Transactions

This is a project worth supporting. Listen to the radio shows for more info:

Part 1:
http://agoristradio.com/?p=234

Part 2:
http://agoristradio.com/?p=246

Technical Links:

FellowTraveler / Open-Transactions Github and Info Site

https://github.com/FellowTraveler/Open-Transactions/

https://github.com/FellowTraveler/Moneychanger

Support this project! Donate here:

1NtTPVVjDsUfDWybS4BwvHpG2pdS9RnYyQ

See the latest update on Open Transactions developments:

http://forum.bitcoin.org/index.php?topic=28565.msg363945#msg363945

[BusmasterDMA]

The Forbes blogger posted a follow-up to the original:

http://blogs.forbes.com/timothylee/2011/07/14/advanced-bitcoin-anonymity/

[Serge]

Doesn't SSL protect you from that or it only provides false sense of security from ISPs?

SSL/TLS Vulnerability Widely Unpatched.

Add to that that most browsers treat Clear-text HTTP as more secure than self-signed certificates. That means most websites either use no authentication, or rely on a Certificate authority that may be malicious.

In an ideal world, organizations would post the "fingerprint" of their self-signed certificate on their premises. If you are using e-billing, the billing company would send you a copy of the certificate or fingerprint by mail.

In any case, your ISP knows which server you are connecting to when you use HTTPS, but not necessarily which pages you visit.

I always thought that self-signed certs were as secure just could not be verified by trusted CAs which would trigger unsigned cert message in browsers other than that they should be functioning same as signed ones or am I misunderstanding?

I've heard that there was some sort of venerability with OpenSSL certs, but other than that are signed certs by well known organizations safe? I mean could a middle man such as an ISP intercept handshake and public keys and eavesdrop inside secure channel passing packets or is it impossible?