bitmover (OP)
Legendary
Offline
Activity: 2478
Merit: 6286
bitcoindata.science
|
|
September 20, 2019, 12:44:28 PM |
|
Few time ago I discovered this website, which allows anyone to discover all your used wallet's addresses with just a few clicks. https://www.walletexplorer.comJust paste some any used address there. The website will show you all addresses that its inputs were used together in a single transaction. Paste some of your used addresses there and get surprised. Probably many of them are going to be linked together. How to avoid linking your addresses?Unless you are very careful and you try not to mix many inputs from different addresses in the same transaction, all your addresses from the same wallet can be linked back to you, by anyone. So, you have 2 options: 1 - Download a good wallet (like Electrum) which let you control each input, and be careful not to use those addresses in the same transaction. Or 2 - Use a bitcoin mixer, which allows you to always have fresh coins with no blockchain connection to your old addresses. Be careful, even using a mixer you need to be careful in your future transactions. After you send your mixed coins back to your wallet, you need to be careful not to link those coins to your old addresses (which may still have balance).
|
|
|
|
Lucius
Legendary
Offline
Activity: 3416
Merit: 6137
Crypto Swap Exchange🈺
|
It just shows that your address A is connected with some address B or C and so on, but it is just coin address history without any user data. I see a problem in this only if the user is buying some goods and paying with crypto, then his coin address can be linked with his personal data and privacy can be compromised. Coin address can be also linked with any social media accounts, many users post such info when applying for bounty campaigns, and they make an even easier job for anyone who digs for such information.
The idea that Bitcoin is anonymous crypto is still prevalent, and in fact it is, until the moment you link it to your private data (name, home address, photo...).
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18726
|
|
September 20, 2019, 02:57:19 PM |
|
Be careful, even using a mixer you need to be careful in your future transactions. After you send your mixed coins back to your wallet, you need to be careful not to link those coins to your old addresses (which may still have balance). If using a mixer, then you should ideally be sending all coins to a brand new wallet, as opposed to back to a new address from the same wallet. There is always a chance that at some point in the future you mess up and accidentally link that new address to an old one or a change address from the same wallet, especially after months or years where you could easily forget which UTXOs were mixed and which weren't. There's also the possibility that someone gains access to your master public key, and then can derive all your address from that wallet and see that they are linked together. The idea that Bitcoin is anonymous crypto is still prevalent, and in fact it is, until the moment you link it to your private data (name, home address, photo...). It's not just about people sharing their private data willingly (which far too many people do), but it is also about your browsing habits. Some browsers, notable Chrome, monitor everything you do online. Many ISPs and governments also monitor their users and every webpage you visit. If you repeatedly visit the same address on a block explorer, it becomes pretty obvious to anyone watching you that you own that address, even if your wallet is offline/airgapped/paper/etc.
|
|
|
|
BrewMaster
Legendary
Offline
Activity: 2114
Merit: 1293
There is trouble abrewing
|
|
September 20, 2019, 04:20:13 PM |
|
If you repeatedly visit the same address on a block explorer, it becomes pretty obvious to anyone watching you that you own that address, even if your wallet is offline/airgapped/paper/etc.
you forgot about the block explorers themselves keeping a record of which addresses the users keep checking. it could be done with using cookies and recording IP addresses and building a database to link different addresses to same person.
|
There is a FOMO brewing...
|
|
|
bitmover (OP)
Legendary
Offline
Activity: 2478
Merit: 6286
bitcoindata.science
|
|
September 20, 2019, 04:21:00 PM |
|
I see a problem in this only if the user is buying some goods and paying with crypto, then his coin address can be linked with his personal data and privacy can be compromised. Coin address can be also linked with any social media accounts, many users post such info when applying for bounty campaigns, and they make an even easier job for anyone who digs for such information.
There are other possible leaks. For example, if you ever bought bitcoin from an exchange using Fiat you made KYC. If you send those coins from the exchange to your wallet it could even possible to link that to your bitcointalk account using a simple tool like that, if you are not careful. This post was just to show people how easy it is to link all your addresses from the same wallet together.
|
|
|
|
hatshepsut93
Legendary
Offline
Activity: 3038
Merit: 2161
|
|
September 20, 2019, 08:50:27 PM |
|
If using a mixer, then you should ideally be sending all coins to a brand new wallet, as opposed to back to a new address from the same wallet. There is always a chance that at some point in the future you mess up and accidentally link that new address to an old one or a change address from the same wallet, especially after months or years where you could easily forget which UTXOs were mixed and which weren't. There's also the possibility that someone gains access to your master public key, and then can derive all your address from that wallet and see that they are linked together.
Your transactions from different wallets can still be linked, but in a different way - if you have a static deposit address on an exchange, and use with different wallets, it can be easy to spot this and link those wallets, because exchange wallets are so well known, that even the walletexplorer site shows their names instead of just raw id. So, you not only have to worry what inputs you are using, but also to what inputs are you sending, because someone who reuses addresses can weaken your privacy.
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18726
|
|
September 21, 2019, 07:18:33 AM |
|
For example, if you ever bought bitcoin from an exchange using Fiat you made KYC. I think this goes without saying. Even the newest newbie should realize that if they are handing over their KYC documents to an exchange, then all their activity can be linked to their real name. Perhaps what they don't realize is that many exchanges track where coins come from and go to before and after being on the exchange. They will ban users who deposit from/to casinos and even mixers. Since exchanges report user activity to their relevant governments, I wouldn't be surprised at all if they are also reporting which addresses are linked to which user, allowing the government to then trace your activity as well. Your transactions from different wallets can still be linked, but in a different way - if you have a static deposit address on an exchange, and use with different wallets, it can be easy to spot this and link those wallets I don't really use exchanges, but I thought most would let you generate a new deposit address for each transaction, if you wanted? Do they really just give you one deposit address and that's it? What another great reason to stop using these exchanges. In this case, you will need to pass all your coins through a mixer prior to depositing them, and then again through a mixer after withdrawing them, but there are cases of some exchanges blocking transfers to/from mixers as I said above.
|
|
|
|
hatshepsut93
Legendary
Offline
Activity: 3038
Merit: 2161
|
|
September 21, 2019, 08:39:51 AM |
|
I don't really use exchanges, but I thought most would let you generate a new deposit address for each transaction, if you wanted? Do they really just give you one deposit address and that's it? What another great reason to stop using these exchanges. In this case, you will need to pass all your coins through a mixer prior to depositing them, and then again through a mixer after withdrawing them, but there are cases of some exchanges blocking transfers to/from mixers as I said above.
From my experience of using exchanges and other services, the ability to generate new addresses is very rare, so it's indeed quite bad. You'd need to mix only the amount you want to deposit and send it all to an exchange, because any change output can later link your wallet(s) together. And it's not only about exchanges, casinos and other services that have deposits suffer from it too.
|
|
|
|
dkbit98
Legendary
Offline
Activity: 2408
Merit: 7548
|
|
September 21, 2019, 09:34:31 AM |
|
From my experience of using exchanges and other services, the ability to generate new addresses is very rare, so it's indeed quite bad. You'd need to mix only the amount you want to deposit and send it all to an exchange, because any change output can later link your wallet(s) together. And it's not only about exchanges, casinos and other services that have deposits suffer from it too.
I think CryptoBridge exchange is still offering that option to generate new address every 15 minutes. Would be nice if we can have a list of exchanges that have this option of generating new addresses.
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18726
|
|
September 21, 2019, 10:45:15 AM |
|
From my experience of using exchanges and other services, the ability to generate new addresses is very rare That's pretty poor customer service really. Considering all these services are set up to automatically generate a new deposit address for each new customer who signs up, it is trivial for them to offer the ability to customers to generate a new deposit address for themselves. I suppose if you are willing to share your KYC documents freely across the internet then you aren't the most privacy conscious person, but not reusing addresses is a pretty basic bitcoin practice. Would be nice if we can have a list of exchanges that have this option of generating new addresses. Agreed. I have never and will never complete KYC at an exchange, but I'd be much more likely to use an exchange for trading bitcoin to the few alts I'm interested in if they gave me the option of generating new addresses. Still, obviously none of this matters if someone at the exchange themselves wants to track your addresses, since they will still be able to see all your different deposit addresses. High quality and high volume DEXs can't come soon enough.
|
|
|
|
Lucius
Legendary
Offline
Activity: 3416
Merit: 6137
Crypto Swap Exchange🈺
|
|
September 21, 2019, 02:42:04 PM |
|
It's not just about people sharing their private data willingly (which far too many people do), but it is also about your browsing habits. Some browsers, notable Chrome, monitor everything you do online. Many ISPs and governments also monitor their users and every webpage you visit. If you repeatedly visit the same address on a block explorer, it becomes pretty obvious to anyone watching you that you own that address, even if your wallet is offline/airgapped/paper/etc.
We can conclude that privacy is a very challenging task today, and that most internet users including ones that use cryptocurrency do not have the knowledge and skills to remain anonymous. Even if we try to use VPN, Tor, mixers, coin control or any other way to ensure privacy, three-letter agencies are very likely a step or two ahead of us. Snowden shows that NSA is working on tracking Bitcoin users at least from 2013 by using different spy tools (Xkeyscore. MAC addresses. OAKSTAR. MONKEYROCKET), and it is not difficult to imagine what they have accomplished to this day. At Bitcoin conference Snowden is say : “The lack of privacy is an existential threat to bitcoin. Is the only protection users have from political change,”, but also: “If you know how the system works, you can still have privacy,”
|
|
|
|
bitmover (OP)
Legendary
Offline
Activity: 2478
Merit: 6286
bitcoindata.science
|
At Bitcoin conference Snowden is say : “The lack of privacy is an existential threat to bitcoin. Is the only protection users have from political change,”, but also: “If you know how the system works, you can still have privacy,”One more great quote from Snowden: Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say.https://en.wikiquote.org/wiki/Edward_Snowden
|
|
|
|
LeGaulois
Copper Member
Legendary
Offline
Activity: 2940
Merit: 4101
Top Crypto Casino
|
|
September 21, 2019, 04:42:51 PM |
|
...
Wallet addresses are not generated automatically upon joining, most of the time the users need to click a "generate address" button. Kraken is the only exchange I've been using that lets you generate a new address, I've never see another one. If most exchanges don't provide it, I suppose it's a matter of infrastructure convenience (or security) We can conclude that privacy is a very challenging task today, and that most internet users including ones that use cryptocurrency do not have the knowledge and skills to remain anonymous. Even if we try to use VPN, Tor, mixers, coin control or any other way to ensure privacy, three-letter agencies are very likely a step or two ahead of us.
it has always been.
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18726
|
|
September 21, 2019, 06:46:58 PM |
|
Even if we try to use VPN, Tor, mixers, coin control or any other way to ensure privacy, three-letter agencies are very likely a step or two ahead of us. There's a difference between the NSA and general ISP or government mass surveillance, being "doxxed", being targeted by scammers, and so forth. If the NSA wanted to track you down, there is probably very little you could do to stop them. That doesn't mean you should just give up all your privacy and let anyone who wants to spy on you and your activities. Wallet addresses are not generated automatically upon joining, most of the time the users need to click a "generate address" button. Sure. I meant simply that it's not like that for every new user that joins there is a person sitting at the other end generating a new deposit address and manually entering it in to the exchange's database. Every new user can just hit the button that says "Generate a deposit address", and the system will create one for them automatically. There is no good reason to not allow existing users to generate a fresh deposit address.
|
|
|
|
hatshepsut93
Legendary
Offline
Activity: 3038
Merit: 2161
|
|
September 21, 2019, 07:40:01 PM |
|
Kraken is the only exchange I've been using that lets you generate a new address, I've never see another one. If most exchanges don't provide it, I suppose it's a matter of infrastructure convenience (or security)
It's not about security, it's just that generating new addresses requires some extra coding and maybe extra work for support when people send coins to old addresses, so they don't see reasons to do it, because so far it worked well for them - users almost never complain about it, because they don't care about their privacy. I think it just shows that an average exchange users doesn't care much about Bitcoin's ideals, they just want to make money (and that's okay).
|
|
|
|
hatshepsut93
Legendary
Offline
Activity: 3038
Merit: 2161
|
|
September 21, 2019, 07:58:47 PM |
|
Or the users don't even think about it since the exchange would know all address used for deposit activity.
The problem here is not that exchange knows it, but that third parties can easily use it to break someone's privacy. If a user has wallet A and wallet B, and uses them both to deposit to a service with static deposit address, then it's not hard to link wallets A and B. I've browsed wallet explorer and it's really easy to spot wallets of services - if a wallet has huge amount of addresses and transactions, big volumes and holds/used to hold a lot of BTC's - then it's a service. And if different addresses send coins to the same address of a service, chances are they belong to the same person. Although if someone uses their exchange as a wallet, then other entities will by falsely linked with this analysis.
|
|
|
|
Harlot
|
|
September 21, 2019, 08:46:50 PM |
|
Walletexplorers won't help other people identify your personal identity but it will only help you connect all the addresses being used in one wallet, that is why this has been a big tool for alt account hunters linking bounty abusers in the forum. It may link members here and their alt accounts but it can't show you anything about the identity of the owner of that wallet. As long as you don't use your address publicly or is not tied up to you in anyway on any KYC process then the addresses you are using will remain anonymous and can't be linked to you.
|
|
|
|
hatshepsut93
Legendary
Offline
Activity: 3038
Merit: 2161
|
|
September 22, 2019, 03:07:31 PM |
|
Walletexplorers won't help other people identify your personal identity but it will only help you connect all the addresses being used in one wallet, that is why this has been a big tool for alt account hunters linking bounty abusers in the forum. It may link members here and their alt accounts but it can't show you anything about the identity of the owner of that wallet. As long as you don't use your address publicly or is not tied up to you in anyway on any KYC process then the addresses you are using will remain anonymous and can't be linked to you.
That's not true, linking someone's addresses is a step on the path of finding someone's identity, as each address has a chance of being tied to identity. Even in your example people link their social media accounts when they do bounties, and often this information is public on spreadsheet, so you can quite simply find someone's real name just by looking at their wallet in this case. And if we are talking about governments, they can easily do this to with exchanges, as exchanges know about your bank card, and bank card has your name on it.
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18726
|
|
September 22, 2019, 06:58:00 PM |
|
It could be avoided altogether if they use mixer/coinjoin at risks exchange freeze their coins and ask lots of information about deposited Bitcoin. As far as I am concerned, if you care about your privacy, then avoid KYC demanding exchanges altogether. If you complete KYC, you have no idea how many people at that exchange have access to the information linking your real name to your deposit and withdrawal addresses. You also have no idea which third parties or governments the exchange is either selling or passing on your details to, and how many people at each of those have access to this information. If you mix coins before depositing or after withdrawing, some exchanges may freeze your account due to unspecified "suspicious activity" until you complete even more invasive KYC. With the ongoing growth of exchanges like LocalBitcoin, Paxful, and BISQ, as well as a large peer-to-peer marketplace on this forum and others, there isn't really an absolute need to use a centralized exchange. Sure, it might be easier and quicker, but it's very rare that using one is your only option.
|
|
|
|
nakamura12
|
|
September 22, 2019, 07:13:51 PM |
|
As far as I am concerned, if you care about your privacy, then avoid KYC demanding exchanges altogether.
If you complete KYC, you have no idea how many people at that exchange have access to the information linking your real name to your deposit and withdrawal addresses. You also have no idea which third parties or governments the exchange is either selling or passing on your details to, and how many people at each of those have access to this information. If you mix coins before depositing or after withdrawing, some exchanges may freeze your account due to unspecified "suspicious activity" until you complete even more invasive KYC.
With the ongoing growth of exchanges like LocalBitcoin, Paxful, and BISQ, as well as a large peer-to-peer marketplace on this forum and others, there isn't really an absolute need to use a centralized exchange. Sure, it might be easier and quicker, but it's very rare that using one is your only option.
I totally that we should avoid an exchange site or whatever site that is if it needs you to complete a KYC, since it needs us to submit our personal information and the wallet address will be linked to our information. Right?. It's what I can think of making yourself use centralized exchange which needs KYC for us to complete.
|
|
|
|
|