Everybody has a right to privacy. There’s no reason why anybody should be able to peer into your bank account and observe your secretive alpaca sock fetish.
That’s partly why so many people believe that Bitcoin is the future of money. Whether or not that’s true, it’s already in use by millions around the world. Even Twitter CEO Jack Dorsey believes it will be the currency of the internet, and this week announced that he will pay developers to work on the Bitcoin code—in Bitcoin.
But there’s a problem at the crux of how Bitcoin works: all transactions can be seen publicly and the movement of every Bitcoin, back to when it was first mined, is available for all to see. This opens up some scary possibilities because, with a bit of know-how, your address, your name and every payment you’ve made could be put together in one lump sum data package—and used to control you, make money out of you or prosecute you.
The main business of blockchain analytics companies is to observe the blockchain landscape and to build up a database of bad actors and cryptocurrency that can be traced to hacks or to the dark web. Governments and companies can pay to use this data—then on their own behalf find out the name behind the address—and prosecute or sue based on it.
Additionally, it’s not hard to see how leveraging this kind of data could lead to a premium on “clean” Bitcoin—Bitcoin that hasn’t been stolen or used to buy drugs in the past. This week, Block.one CEO Brendan Blumer tweeted that, in the future, the value of a Bitcoin will be dependent on its history. He also believes there will be “light” and “dark” pools, with the latter containing anonymous users.
But if you have nothing to hide, should you be worried? Yes, because, if this data exists, governments are likely to use it (remember the NSA and Edward Snowden?) So, unbeknown to you, your financial data could be used for anything from double checking your tax bill to targeted advertising based on your spending habits. Even worse, it could prevent you spending money; governments can’t stop Bitcoin payments but they can put the brakes on services that accept Bitcoin. If you live in China, what you buy could even be used to determine your social credit rating—a key method of state control.
From enabling state snooping and surveillance to targeted adverts based on spending history, the data harvested by blockchain analytics companies can be used against our interests and, if we can put the brakes on a database of everyone’s spending habits and identities then, surely, we should?
So here’s our guide to keeping your finances private.
Step one: Don’t use custodial wallets or exchanges
Do you have a Coinbase account? If so, when you signed up, you will have gone through know-your-customer (KYC) protocols, which prove to Coinbase who you are. These are common across the industry, from custodial wallets to custodial exchanges. The problem is that by going through KYC, you’ve just identified your Bitcoin wallet, linking it with your name and identity. But Coinbase won’t give that away, right?
Wrong. Coinbase—and other custodial services—have, in the past, provided data for several blockchain analytics companies, including Elliptic. The data they’ve blithely given away is not just customer data but all transaction data for specific customers, including unique identifying ID. This enables a blockchain analytics company to track someone to identify whether they are a bad actor and, as we’ve mentioned, data can also be sold.
Coinbase recently purchased blockchain analytics company Neutrino, to bring data analytics services in-house. It’s now transitioning out Neutrino’s entire executive team, due the latter’s involvement in Hacking Team, a controversial company, to say the least.
This saga tells us that there are few limits to the potential breach of your privacy, if you allow a company to connect your identity with your Bitcoin address. Once you’ve done this, any of the accounts linked to that address may be compromised.
It’s not surprising that governments want this level of transparency everywhere. Even privacy-focused ShapeShift has added know-your-customer protocols “under duress”—according to a tweet by CEO and libertarian Erik Voorhees that has since been deleted. These protocols are designed to stop money laundering, but your privacy is caught in the crossfire.
So, the best way to keep your finances private is by not using custodial wallets or exchanges—or anything that requires know-your-customer data. It means using direct Bitcoin transactions, when you want to make a payment, and using either direct swaps to exchange coins, or decentralized exchanges. And never post your public address online—because then it can be easily linked to who you are.
Step two: Don’t reuse Bitcoin addresses
It’s very convenient to use one Bitcoin public address for all of your payments, but it has a security weakness. If someone can identify one transaction to you, they can link up all other transactions to your account and know they were also sent to you. That’s one of the main ways blockchain analytics companies link everything together.
One way of keeping everything separate and making it much harder for all your transactions to be linked together, is by using a new Bitcoin address for each one. This is recommended for maximum anonymity. However, it is not very convenient, and may be impractical for everyday use, unless it is automatically built into the Bitcoin services that you use. Some wallets, like Exodus, make it easy to create new addresses.
While this may not seem practical, if you really want to keep your finances private, make sure not to reuse Bitcoin addresses.
Step three: Run a full Bitcoin node
This is not essential for keeping your Bitcoin data private but it is a good step, and also helps to keep the network running. It’s important to run your own Bitcoin node because it stops other companies from collating your data. For example, if you use a non-custodial crypto wallet, that doesn’t have know-your-customer protocols, it could still be linking together all the transactions you make by virtue of a single sign in account.
And, if you use browser extensions or similar services that make Bitcoin payments on your behalf, it may be possible for your IP address to be linked to your Bitcoin address. A well-known problem with browser extensions is that were providing your public address to every website you visited—this has recently been remedied thanks to an initiative spearheaded by MetaMask.
Step four: Use Tor browser
IP addresses can give away your approximate location. This means that, if someone can connect your IP address to your Bitcoin address, they can probably find out roughly where you live. On its own this may not be enough to identify you, but it could be used with other data to narrow down a search—a process called jigsaw identification.
Tor browser makes sure your IP address is anonymized and very difficult to track. This means you can make Bitcoin payments straight from your Bitcoin node, and it will be very hard for someone to find out who you are or where you are.
Step five: Use Bitcoin mixers
Bitcoin "mixers" are services that swap one person’s Bitcoin for another’s. It makes the money trail exceptionally difficult to follow because any snoopers would need to identify who now has—or who had—the Bitcoin you are trying to track.
Mixers are not perfect solutions because there are several ways blockchain analytics companies can get past them—if they can identify the matching transaction that the Bitcoin was swapped for. But mixers do a pretty good job of making it hard for blockchain analytics companies to do this.
But there is a compromise that needs to be made. Just as you could be giving away shady Bitcoin, you might well be receiving some; the Bitcoin you have could now be tainted—and blockchain analytics companies may think you’re the criminal. But, in terms of obfuscating the money trail, Bitcoin mixers are very effective.
Step six: Use privacy coins
There are several cryptocurrencies with a strong focus on keeping users fully anonymous. Monero does this by using fake addresses and transactions to make blockchains difficult to watch over, and Zcash uses complicated cryptography to stop the data from being broadcast publicly. There are other experimental privacy coins, like Grin.
Swapping your Bitcoin for a privacy coin—on a decentralized exchange—and then making a few private transactions, makes it very difficult for anybody to follow the money trail. You could choose to only use privacy coins to transact, but it might be tough—exchange services like Changelly require you to use know-your-customer protocols if you are using privacy coins.
Privacy coins are still at the experimental phase. There’s been much debate over how hard it really is to track Monero transactions and Zcash has been questioned about whether its sticking to its own rules (the oblique nature of their system makes this hard to determine). And Zcash transactions are not anonymous by default. However, they’re still a very effective way of giving blockchain analytics companies a strong headache.
Step seven: Make transactions in cash
Unlike cash, Bitcoin isn’t anonymous, despite all the press to the contrary. Cash is much harder to track and there is no record of every cash payment ever made. So, if you want to break the money trail—receive the occasional cash payment and use it to buy more Bitcoin.
It’s also a good idea to buy Bitcoin with cash, because most sites where you can buy Bitcoin, also require you to perform know-your-customer checks. There are several sites, including localbitcoins, that let you arrange a face-to-face meet up. But they are coming under increasing pressure to introduce know-your-customer protocols too, so this option may not be as available in the future.
Follow these steps and you’ll be well on the way to keeping your Bitcoin transactions anonymous, and ensuring that nobody is able to peek into your electronic cash bank account—as many companies are trying to do. While these steps take a lot of work, they’re key to protecting everyone’s financial future.
Or you could do a Jameson Lopp, and just disappear.