Bitcoin privacy

[brainactive]

My understanding of hierarchical determinstic wallets is that every time a new transaction is made, a new public key is generated and when you make a transaction, you give the recipient the corresponding address (which is the essentially the hash of this public key).

Given that each new transaction will be associated with a different public key (all of which can't be linked to each other), doesn't this already solve the privacy problem?

For example if I bought a drink at Starbucks for $2 and then some socks at Walmart for $5 and then receive some btc from a friend for $3, no one would be able to tell it's me because each transaction would have a different public key, right?

[ABCbits]

Given that each new transaction will be associated with a different public key (all of which can't be linked to each other), doesn't this already solve the privacy problem?

You still need to be careful when spend your Bitcoin. You could harm your own privacy if you spend Bitcoin from multiple addresses in single transaction or sending Bitcoin to same receiver in multiple transaction.

There are other privacy concern such as using SPV wallet where the server know list of your address.

[Charles-Tim]

ETFbitcoin has explained it for you, simply making transactions without having in mind to have privacy might not make you to have complete privacy. I have used some wallets before I started to use Electrum, until I used Electrum, I did not even there is anything called coin control, coin control makes it possible for you to spend from a particular address and also you can decide on Electrum to let the change address UTXO go to the address that you want.

There are some people that just make use of ISP network to be connecting to there wallet, this does not still guarantee them total privacy because connecting through VPN, DPN and most especially Tor will guarantee more privacy. Some Bitcoin users can easy the tracked through ISP, and through some unrecommended VPN, but yet VPN is better than using ISP directly.

Also, some wallets are close source, and they are SPV wallet, if you are using a wallet that its source codes is not available to the public (close source), that does not guarantee privacy at all.

Some people have very high amount of bitcoin, they want to be completely private, they will have no option than to make use of Mixers, CoinJoin wallet like Wasabi, and also having understanding about how Ricochet can be done perfectly to make sure their coins is not seeing as illegal when shopping or using centralized services for genuine reasons.

Some still go far by runing full node just like Bitcoin Core that connects nodes to nodes, instead of depending on central server like SPV wallet, just like ETFbitcoin commented.

[brainactive]

Does this mean that Bitcoin's privacy problem is due to regulation (KYC) rather than the protocol itself? Because if one were to use a KYC exchange, then presumably that would be considered a SPV wallet and even if they immediatetly transfer to their own cold wallet or Electrum, and use that for their future transactions, all future transactions will be linked due to the KYC?

If this is the case, doesn't that mean privacy can never be completely solved if KYC is enforced? Unless we go 100% peer-to-peer? 

[mindrust]

My understanding of hierarchical determinstic wallets is that every time a new transaction is made, a new public key is generated and when you make a transaction, you give the recipient the corresponding address (which is the essentially the hash of this public key).

Given that each new transaction will be associated with a different public key (all of which can't be linked to each other), doesn't this already solve the privacy problem?

For example if I bought a drink at Starbucks for $2 and then some socks at Walmart for $5 and then receive some btc from a friend for $3, no one would be able to tell it's me because each transaction would have a different public key, right?

There is no complete privacy on the internet. Whatever you do online will leave traces and bitcoin leaves lots of them visible for everybody. If you want increased privacy, use monero but even that is not going to cover you fully if you act careless.

If you buy coffee from starbucks and socks from walmart and get some money from your friend, you already had 3 weak points.

First 2 are the security cameras if you bought the coffee and the stuff from walmart in store (if you got the stuff shipped, now they know your home address) and the third one is your friend, he already knows your address now.

[ABCbits]

Does this mean that Bitcoin's privacy problem is due to regulation (KYC) rather than the protocol itself?

Both. Bitcoin protocol isn't explicitly designed to protect your privacy, but KYC is bigger problem since most Bitcoiner use centralized exchange.

Because if one were to use a KYC exchange, then presumably that would be considered a SPV wallet and even if they immediatetly transfer to their own cold wallet or Electrum, and use that for their future transactions, all future transactions will be linked due to the KYC?

Generally yes, but we don't know much they'll try to track/link you.

If this is the case, doesn't that mean privacy can never be completely solved if KYC is enforced? Unless we go 100% peer-to-peer?

Mixer and CoinJoin could solve the problem, but usually your coin will be blacklisted and they might threaten to close your account.

[brainactive]

First 2 are the security cameras if you bought the coffee and the stuff from walmart in store (if you got the stuff shipped, now they know your home address) and the third one is your friend, he already knows your address now.

When you say "they know your home address" who are you referring to? Walmart? Does it really matter if Walmart knows your address? If you've ever purchased anything from Amazon or any other online store, you'll need to give them your address anyway?

[20kevin20]

I know we're on the BTC side of the forum, but here's my 2 cents: if you want to achieve max privacy and care so much about it, I'd rather move to XMR if I were you. With Bitcoin, achieving privacy costs a price not many afford to pay and requires a very high level of attention..

Moreover, Mixers & CoinJoin are nice if you want to obscure your real coin tracks but at the end of the day they do still appear in the transaction history and based on my own experience, it's more likely that you get your CoinJoined or Mixed coins blocked than it is that you get your Monero blocked. That's simply because they care about blocking those intentionally hiding their tracks than blocking those who may only be using a coin like Monero instead. Weird, but it is what it is.

If you want privacy on the long term, XMR is the way. If you want to just hide your tracks every now and then, mix them or coinjoin them but remember this costs and any little mistake you make might compromise your privacy.

For example, I had an Electrum wallet with CoinJoined and mixed funds. It had non-mixed/CJ'ed funds as well though, but I labelled them. My system somehow messed up and thankfully I had a seed backup, but when I recovered the seed I found out I had no idea which were the anonymous coins and which were the non-anonymous ones.. so I had to pay again for a CoinJoin and I probably also mixed non-anonymous with anonymous coins which is just a mess. If you coinjoin your funds now and then mix them with a non-CoinJoined UTXO, it's like you never CoinJoined your funds. So as I said, unless you are going to be very careful with how you're using your coins, XMR is the way to go..

When you say "they know your home address" who are you referring to? Walmart? Does it really matter if Walmart knows your address? If you've ever purchased anything from Amazon or any other online store, you'll need to give them your address anyway?

mindrust probably was referring to shipping products. Yeah, Amazon requires them knowing your personal details as well, it's the same thing as Walmart delivering to your house.

Truth is, it's quite hard to preserve your anonymity close to 100% at all times. It'd mean you would have to meet up with someone in a non-supervised location (which is now basically trading safety for privacy) and exchange your coins to your local fiat currency, and whenever you want Bitcoin again you'd have to do the opposite.

We're living in a world where the "Big Brother" network is everywhere, I'd imagine in UK you'd have to meet up somewhere next to a forest if you wanted max privacy since UK is clogged up with surveillance cams.

At the end of the day, this all depends only on what you want to achieve. If you're looking to increase your privacy to a level where nobody is ever able to find out that you're using crypto, it'd become more of a burden than you imagine. But even then, how do you meet up with the dude online? Using a burner phone? How do you buy the burner phone? What about the SIM card? How do you keep it away from surveillance? How do you drive to the location without cameras knowing that someone with your vehicle's license plates drove to the same area or so?

[brainactive]

Appreciate the reply 20kevin20 - interesting thoughts and agree with what you've said.

Truth is, it's quite hard to preserve your anonymity close to 100% at all times. It'd mean you would have to meet up with someone in a non-supervised location (which is now basically trading safety for privacy) and exchange your coins to your local fiat currency, and whenever you want Bitcoin again you'd have to do the opposite.

Can I ask why would one be concerned about privacy to the extent that they need something like XMR? Other than illegal purchases and tax evasion... are there any other rational reasons? Seems like a lot of effort for unknown purpose.

[BlackHatCoiner]

To put simply; you use pseudonyms.

Once you'll use a 100,000 sats output to pay Starbacks 3,000 sats, the remaining 97,000 sats will be sent to a change address. If you then use that 97,000 sats buy your socks from Walmart, you'll also send the remaining to a change address.

Once Starbucks receive the transaction, they'll know for sure that you own 97,000 sats along with the 3,000 you sent them. So, Starbucks can start analyzing what other pseudonyms you're linking your payments. They know the flow of your transactions and can track you down whether you use careful methods or not.

Walmart and Starbucks could come into an agreement to share the addresses they receive to maximize their earnings from knowing what their customers want. All these ruin your privacy from one way or another. The main drawback is the transparency of the amounts, IMO. The last thing one would want is to leave a footprint of his 100 BTC due to his cup of coffee purchase.

[brainactive]

The main drawback is the transparency of the amounts, IMO. The last thing one would want is to leave a footprint of his 100 BTC due to his cup of coffee purchase.

Is leaving the amount in transaction data a deliberate decision for Bitcoin? Why not just hash the amount as well to hide it and require the hash(amount) + digital signature +hash(pubkey) when unlocking an output?

[20kevin20]

Can I ask why would one be concerned about privacy to the extent that they need something like XMR? Other than illegal purchases and tax evasion... are there any other rational reasons? Seems like a lot of effort for unknown purpose.

Because I don't like strangers fiddling with my personal finance and I hate how they brainwashed us to think looking for privacy makes you automatically a criminal. It's the same reason I only operate with cash unless card is necessary. I don't see why someone needs to know what kind of toilet paper and condoms I like to buy, lol.

It's my money, it's my business. Am I a criminal? Okay, track me down and find what I'm up to! No problem. But putting everyone under surveillance is plain wrong and a big privacy mess. Just look up "EU #ChatControl" and Apple's new algorithm for photo scanning. That is over the top, not what we're doing. ChatControl is like everyone's letters were read by authorities/the postman back in the '80s. Who would've agreed with that?! Today, it seems like everyone silently agrees with it..

And then, just imagine a rough authoritarian government takes over and they develop a blockchain analysis tool to know who precisely was/is using crypto and what for. They have all the information available in an open, immutable ledger nobody can prove wrong. You could be interrogated for stuff you've done simply because your finance is all right there, waiting to be analyzed. Why would I give them this opportunity?

I'm thinking over the long term. They're looking for draconic crypto legislation anyway, so it wouldn't be surprising if they went even farther away with it. Some of us may be over-paranoid - I prefer to be like that and feel so much safer that way.

Back to the topic, I think having two coins, one pseudonymous and one anonymous, is just the perfect blend. You can't expect to have lots of privacy with Bitcoin however, simply because it was built to be transparent. We could have updates and improve its privacy, but ultimately we might start losing users due to the same reason you think Monero isn't something average Joes would go for. Once Atomic Swaps between XMR and BTC get real though, you can simply change the coin without leaving any trace whenever you feel like going back to privacy/transparency.

So the only standing methods you currently have to obscure your tracks are CoinJoin, ChipMixer or Monero. Also, practice Coin Control and be careful with the change.

In fact, it might be great for you to read Wasabi's docs: https://docs.wasabiwallet.io/. They explain lots of stuff about how little mistakes make for big costs privacy-wise.

[BlackHatCoiner]

Is leaving the amount in transaction data a deliberate decision for Bitcoin? Why not just hash the amount as well to hide it and require the hash(amount) + digital signature +hash(pubkey) when unlocking an output?

Because you can find the pre-image of the hashed amount within a second by brute forcing it.

And then, just imagine a rough authoritarian government takes over and they develop a blockchain analysis tool to know who precisely was/is using crypto and what for. They have all the information available in an open, immutable ledger nobody can prove wrong.

If a strictly authoritarian entity governed you, you wouldn't be able to connect through the internet with zero censorship. For example, in North Korea you can't connect to certain websites; I'd say that you can only connect to certain websites that are approved from the government.

There are far worse things than your privacy ruination that can happen to you if an authoritarian government prevailed you such as violation of other, more important human rights.

[brainactive]

Because I don't like strangers fiddling with my personal finance and I hate how they brainwashed us to think looking for privacy makes you automatically a criminal. It's the same reason I only operate with cash unless card is necessary. I don't see why someone needs to know what kind of toilet paper and condoms I like to buy, lol.

It's my money, it's my business. Am I a criminal? Okay, track me down and find what I'm up to! No problem. But putting everyone under surveillance is plain wrong and a big privacy mess. Just look up "EU #ChatControl" and Apple's new algorithm for photo scanning. That is over the top, not what we're doing. ChatControl is like everyone's letters were read by authorities/the postman back in the '80s. Who would've agreed with that?! Today, it seems like everyone silently agrees with it..

And then, just imagine a rough authoritarian government takes over and they develop a blockchain analysis tool to know who precisely was/is using crypto and what for. They have all the information available in an open, immutable ledger nobody can prove wrong. You could be interrogated for stuff you've done simply because your finance is all right there, waiting to be analyzed. Why would I give them this opportunity?

I'm thinking over the long term. They're looking for draconic crypto legislation anyway, so it wouldn't be surprising if they went even farther away with it. Some of us may be over-paranoid - I prefer to be like that and feel so much safer that way.

Back to the topic, I think having two coins, one pseudonymous and one anonymous, is just the perfect blend. You can't expect to have lots of privacy with Bitcoin however, simply because it was built to be transparent. We could have updates and improve its privacy, but ultimately we might start losing users due to the same reason you think Monero isn't something you think average Joes would go for. Once Atomic Swaps between XMR and BTC happen, you can simply change the coin without leaving any trace whenever you feel like going back to privacy/transparency.

So the only standing methods you currently have to obscure your tracks are CoinJoin, ChipMixer or Monero. Also, practice Coin Control and be careful with the change.

In fact, it might be great for you to read Wasabi's docs:

That sounds like a pretty grim future for bitcoin. How far away are Atomic Swaps?

[brainactive]

Is leaving the amount in transaction data a deliberate decision for Bitcoin? Why not just hash the amount as well to hide it and require the hash(amount) + digital signature +hash(pubkey) when unlocking an output?

Because you can find the pre-image of the hashed amount within a second by brute forcing it.

How? Is it because there are only a small number of possible amounts to try and brute force? What about concatenating hash(amount) and hash(pubkey)? I'm not sure what would be the best way, but is there no solution to hide the amount currently? Or is it something that developers don't care about?

[DaveF]

That sounds like a pretty grim future for bitcoin. How far away are Atomic Swaps?

Why do you think it's grim? There has been no privacy since the beginning and it does not really seem to bother most people.
There are multiple threads around about using Coinbase / Bitpay and other debit cards. Both of which are just about as non private as you can get.

Heck more then 1/2 the people who replied to this post are wearing paid signatures with their payment address being posted in a public spreadsheet.

If any of us was to just go out and buy something with the BTC earned without moving it a few times it would be a trivial matter for the company getting it to figure out who they are.

Using your initial Starbucks example, if you used your Starbucks loyalty card they know who you are or at least what name and address you gave when you signed up.

There are more then enough simple ways to give yourself more privacy if you want. You don't need atomic swaps, just an email address and some time to put funds through a non KYC exchange.

-Dave

[BlackHatCoiner]

What about concatenating hash(amount) and hash(pubkey)?

You have to provide your public key, in order for your signature to be verified. Thus, if you concatenate those hashes, it is publicly known what's your public key and anyone can simply hash it and start brute forcing for the amount. So, it doesn't matter if its hash(amount) + hash(pubkey) nor hash(amount + pubkey).

Furthermore, the receiver has to verify the amount you've sent him. How is he supposed to do that if you've hashed a message?

I'm not sure what would be the best way, but is there no solution to hide the amount currently?

Sure there is. One thing that I've learnt is that everything can be made with a bunch of ones and zeroes. Monero uses Ring CT to hide the amounts.

Or is it something that developers don't care about?

I'd really like to answer this, but I can't. It'd be wiser to get an answer by asking directly the developers.

[o_e_l_e_o]

Can I ask why would one be concerned about privacy to the extent that they need something like XMR? Other than illegal purchases and tax evasion... are there any other rational reasons? Seems like a lot of effort for unknown purpose.

Just because I have nothing to hide, doesn't mean I have anything I want to share. You probably aren't doing anything illegal inside your house, yet you still have curtains on your windows, right? Why is it any different with bitcoin? Why would I want to allow any stranger to either peer in to my house and peer in to my financial history?

If we decide that only criminals needs privacy, then only criminals will have privacy.

Heck more then 1/2 the people who replied to this post are wearing paid signatures with their payment address being posted in a public spreadsheet.

That's kind of why I wish ChipMixer would pay me in chips rather than bitcoin, since the bitcoin they do pay me gets immediately sent back to a ChipMixer deposit address. It would save two unnecessary transactions, as well as obfuscate the amounts being paid.

You don't need atomic swaps, just an email address and some time to put funds through a non KYC exchange.

I know we've disagreed on this before, but I'm going to disagree with you again. Using a non-KYC exchange is still bad for your privacy. This is becoming more true over time as more and more regulations are being passed, non-KYC exchanges and non-KYC accounts are being clamped down on, exchanges are more extensively cooperating with blockchain analysis, and so on. When there are services like ChipMixer which can be used with even smaller fees than non-KYC exchanges, then there is really no good reason to go down this route.

[dkbit98]

Given that each new transaction will be associated with a different public key (all of which can't be linked to each other), doesn't this already solve the privacy problem?

Not exactly, because there can be a connection between those addresses with change address, if you are not using manual or multiple change addresses.
You could also use coinjoins to mix and split your coins, or even better you can use something like ChipMixer.

For example if I bought a drink at Starbucks for $2 and then some socks at Walmart for $5 and then receive some btc from a friend for $3, no one would be able to tell it's me because each transaction would have a different public key, right?

You can have account in some exchange without kyc verification and use it for small payments that would increase your privacy.
Keep only smaller amount of coins (for coffee like things) on exchange like FTX and you would not pay any withdrawal fees for BTC that is nice and unique feature.

How far away are Atomic Swaps?

Atomic Swaps are active and available even now for many coins.

[20kevin20]

That sounds like a pretty grim future for bitcoin. How far away are Atomic Swaps?

Not necessarily. Could be a grim future for those who currently don't care about their privacy however. Bitcoin might in fact be the coin that will survive the easiest the more authorities will want to analyze. Since it's transparent, they love it. But for those who don't care about protecting their identity, authorities may have questions about their history at any time.

Atomic swaps exist, but they aren't that reliable. What I'm waiting for is a product that is easy to use and is used by lots of people so that it works as flawless as a CoinJoin does.

Now that I kept wondering about your posts all day, I think the first step you should make before continuing to CJs, Mixers or Monero is moving from wallets like Electrum to Wasabi. Wasabi tries its best to hide your identity and to even block you away from making privacy mistakes. Coin Control is enforced and Tor is being used for more privacy.

As I recommended previously, use Wasabi and read their docs. Meanwhile, read more about protecting your identity online and especially with crypto. It's achievable, but takes a lot of time and attention.