“Criminals love it.”
That’s something you’ll hear a lot about bitcoin. Cryptocurrencies are often associated with illicit activities. It is the preferred method of payment for ransomware viruses. It is the sought-after currency of SIM-swappers, and since its advent, bitcoin has been a key component of online black markets.
As the general thinking goes, bitcoin provides anonymity to its holders and enables them to make and receive payments without leaving traces of themselves, which is why criminals like it. But the truth is, unless you know how it works and how to use it, bitcoin can reveal more information about you than traditional payment methods.
Many people think that only criminals have reason to keep their transactions hidden. However, there are many good reasons you’ll want to hide your payments, such as making donations to a cause, or providing remittance to a friend in a country where there aren’t proper banking and financial services. Or you might be receiving your work’s pay in bitcoins. You shouldn’t accidentally compromise your identity by simply using bitcoin.
Here’s everything you need to know about bitcoin privacy and anonymity.
Bitcoin transactions are pseudonymous
Traditional payments services rely on trusted intermediaries such as banks and other financial institutions. We trust our banks and financial services to record every payment we make or receive and keep track of our account’s balance. We also trust our bank to keep our information secure and protect it from unauthorized access.
Bitcoin uses a fundamentally different approach to registering payments. At the heart of bitcoin is blockchain, the distributed ledger technology that stores the history of transactions between different bitcoin holders. Every few minutes, a new batch of bitcoin transactions is created and distributed across thousands of independent computers that store a copy of the blockchain. Every batch of transactions, called a block, is mathematically tied to others to make it impossible to tamper with the information.
Bitcoin is very resilient to data tampering. If a cybercriminal would want to forge their account, they would have to hack or control a large number of the computers containing the blockchain. Blockchain effectively obviates the need for banks and other intermediaries by making its information public knowledge.
The trade-off of blockchain’s security model is that anyone can access its data and see the list of bitcoin payments. This means that your bitcoin payments are not private and are available for everyone to see. In fact, there are several block explorers, websites that let you monitor payments on the bitcoin blockchain.
However, bitcoin transactions don’t contain any personal information such as names, email addresses, and phone numbers. They only include the amount of the payment plus a sender and receiver address. Bitcoin addresses are large sequences of bytes that are the digital equivalent of a wallet. Every bitcoin holder can have one or many addresses and use them to send and receive payments.
So as long as you can keep your bitcoin addresses secret, no one will be able to track your payments. But as soon as your bitcoin addresses are revealed, anyone can view your payments history. That’s why bitcoin is not considered private or anonymous. It’s public and pseudonymous. In this case, your pseudonym is your bitcoin addresses. If your pseudonym is linked to your true identity, then all your information will be revealed.
How online wallets and exchanges reveal your identity
In its early days, bitcoin was not easy to use. Anyone who wanted to send or receive bitcoins had to install a client software on their computer and to download an entire copy of the blockchain. While not very user-friendly, earlier client software provided full control and privacy to the users.
But as bitcoin became more popular, new services and applications emerged that made it easier to send and receive bitcoin payments and opened its use to a much wider audience. Most of these services make it possible to handle bitcoin payments without downloading a copy of the blockchain, which is very convenient for mobile devices that don’t have hundreds of gigabytes of free space to store a copy of the ledger. Many other applications store private keys, sparing users the headache of handling and securing keys.
However, the benefits of these applications come at a cost to privacy. Services like Coinbase, which stores the bitcoin wallets of millions of users, have full visibility into the bitcoin addresses of every user. Online wallets and exchanges can also obtain information such as your IP address, geographical location, device type, and more.
Furthermore, if you link your wallet to a bank account, you’ll have to provide further personal information about yourself, further revealing your identity to the bitcoin wallet service. When you’re using an online wallet or exchange, you’re effectively giving them full visibility into your payments history and identity.
Other online services such as MyEtherWallet enable you to make cryptocurrency payments without creating an account. While these services won’t store private keys and information about you, they are still processing your transactions, which means they can still tie your bitcoin addresses to your IP address and device information.
Even when using block explorer websites such as blockchain.info and BlockCypher, you risk revealing information about yourself. When using a block explorer, you enter a bitcoin address and the service returns the transaction history and balance associated with that address. But by doing so, you’ll be telling the site that someone with your device and at your IP address and geographical location has an interest in that bitcoin address. While this is not as invasive as the amount of information you reveal to a bitcoin exchange, you should know that you are still giving away a little bit of your privacy when you use a block explorer
How can you ensure the privacy of your bitcoin payments?
As a rule of thumb, if you’re using an online service to process your bitcoin payments or look at your account balance, you’re giving away pertinent information that can link your identity to your bitcoin account.
The ultimate private way to keep your bitcoin transactions private is still to use a full client application and download the hundreds of gigabytes of blockchain data on your computer. However, if you want to use web and mobile clients you can still improve your privacy by using a virtual private network (VPN) or the Tor browser.
A VPN improves your privacy by encrypting and channeling your internet traffic through an intermediary server. When using a VPN, your IP address and geographical location will remain hidden to cryptocurrency exchanges, online wallets or block explorers. Those services will only be able to see the IP address of your VPN service. Your VPN provider, will always know your real IP address, though it won’t know about your bitcoin addresses.
The Tor browser uses the dark web to redirect your internet traffic across several independent computers before reaching its destination. Basically, Tor provides the same IP hiding functionality of VPNs, but unlike VPN, there’s no specific provider that will know your original IP address. But the use of Tor can come with a significant hit to your internet speed.
However, cryptocurrency holders can only maintain the privacy of their identities only as long as they don’t interact with the fiat world. As soon as you decide to trade your bitcoins for dollars at an online exchange, you’re required to provide identification documents and reveal your identity.
Further tips to maintain the privacy of your bitcoins
Even if you manage to hide your identity from exchanges and block explorer websites, you still face a problem. Whenever you want to receive bitcoin payments, you must reveal your address to the sender. The original bitcoin whitepaper suggests using a separate address for each new payment you receive. This will make it impossible for the sender to see the history of your payments. Most wallets support multiple addresses and enable you to generate a new address for each new payment.
Also, whenever you want to make bitcoin payments, you’ll reveal your bitcoin address to the receiving party. Even if you have multiple bitcoin addresses in your wallet, you often must make multi-input payments, where you consolidate bitcoins from multiple addresses to make a single payment to a recipient. In that case, the receiver will be able to discover and link your addresses together and reveal your payments history.
One of the ways to hide your bitcoin payment history is to use a mixing service. As the name suggests, mixing services enable you to trade your bitcoins for others that have a different history. When you send a mixing service your bitcoins, it mixes it with bitcoins from other users and sends you back a new bitcoin payment from a new address. So when you send the new bitcoins to someone else, they won’t be able to track your payments history. However, the mixing service will know your incoming and outgoing addresses.
Use mixing services with extreme caution. Criminals often use them to launder their ill-gotten bitcoins, and you don’t want to find yourself receiving bitcoins that have a criminal record. Law enforcement agencies track and declare bitcoin addresses that are associated with criminal activity such as ransomware. Bitcoin exchanges refuse payments from any address that is linked to crime.
Another method to anonymize bitcoin addresses is to use CoinJoin transactions. CoinJoin services enable senders and receivers to mix their transactions to obfuscate their history. CoinJoin is not very popular and is difficult to use, but the level of anonymity it provides is superior to that of a mixing service.
At the end of the day, bitcoin is not an anonymous payment service. There are many ways you can compromise your identity and reveal too much information about yourself.