Bitcoin developer and privacy veteran Dan Gould has released a new privacy tool that aims to make it harder for Bitcoin analytics companies to track who owns which Bitcoin.
Bitcoin transactions aren't very private; seeing every Bitcoin transaction ever made is as easy as pulling up any Bitcoin block explorer. Bitcoin analytics companies like Chainalysis (which some call "surveillance" companies) use patterns that they see among transactions to inform governments and companies about where Bitcoins are sent and who's sending them.
Gould released a Software Development Kit (SDK) in late March that aims to make it easier to add support for "PayJoin"—a privacy technique invented back in 2018—to any Bitcoin wallet or service, providing an easy way to adopt private Bitcoin payments. In addition, the website he created, payjoin.org, aims to educate about PayJoin so website or exchange builders can be more informed about it as a possibility.
PayJoin isn't yet widely supported, despite not being very hard to implement, Gould explained to Decrypt. The developer said he wants to educate and make the privacy method better-known. Since the release of the SDK, the Bitcoin wallet and browser extension BitMask has used it to adopt PayJoins. Foundation and BDK are looking into adopting it as well.
Gould is focused on Bitcoin privacy because he believes it goes hand in hand with Bitcoin's core goal: censorship resistance. “I don't think you can have [censorship resistance] without privacy. If someone can predict how you're going to behave, they can censor you. If they can control how you're going to behave in any way, they can censor you," Gould told Decrypt.
Breaking an assumption
One of the most popular privacy techniques used today in Bitcoin is known as a CoinJoin, where a variety of Bitcoin users pool their funds together into a transaction, scrambling them so it's hard to discern which Bitcoin came from where. Wallets like Wasabi and Samurai help organize CoinJoins between a group of users.
But there are a couple of key disadvantages. For one, this coordination takes some time. Second, it’s obvious by scanning the Bitcoin blockchain when a CoinJoin takes place, because it has far more inputs than the typical transaction has, and they're all conspicuously the same size.
PayJoins are different. They're a CoinJoin between just two users—the buyer and the merchant—at the time of sale. As such, PayJoins can be baked into the process of buying anything with Bitcoin.
This upends one of the main patterns that chain analyst companies look at: If a payment has two inputs, those inputs must both be from the same owner. "Surveillance companies use the assumption to creep on Bitcoin users," as the payjoin.org website puts it.
PayJoins potentially destroy this assumption, thus "confusing" blockchain-tracking services, because each input in a PayJoin comes from a different user—the buyer and the merchant.
If PayJoins become more widely used, blockchain analyst companies won't be able to safely make this assumption anymore.
Gould also argues that PayJoins are easier than CoinJoins. "The biggest reason [to use PayJoin over CoinJoin] is it's a lot less complicated," Gould said, "Since PayJoin is only two parties, it's a lot easier to set up the interaction."
Also, unlike CoinJoins, Gould argues there's also a financial incentive for companies to use PayJoin. "Because a PayJoin combines a consolidation for fee savings with privacy benefits, I think people are more inclined to incorporate it," Gould said. Plus businesses "don't need to be nervous about doing a mixing step. Really they're just doing their consolidation at the same time that they're doing a transfer and it doesn't change their view into the ledger or their view into what their users are doing," he said.
Future goals
That's not to say PayJoins are all unicorns and rainbows. It's easier to set up a PayJoin interaction because it only requires two parties. But here’s the rub: The PayJoin receiver needs to set up a server endpoint, which isn't something your typical merchant has time to deal with.
In January, Gould proposed a "serverless" implementation on the Bitcoin developer email list, where users can pass this requirement off to a third party, without revealing anything about their Bitcoin. This is still a work in progress, though Gould has coded up a proof-of-concept.
Another point to keep in mind is the PayJoin SDK is written in the programming language Rust, which not every developer knows how to use. But he sees it potentially as a core tool that people can connect other programming languages to in the future. Gould said that other developers are exploring writing "bindings" in other programming languages to expand its scope.
But whether or not this specific SDK is used, Gould says he hopes to encourage more people to consider privatizing their Bitcoin transactions.