
Bitcoin Users Reveal More Private Information Than They Realize - moeadham
https://medium.com/bitaccess-inc/bitcoin-users-reveal-more-private-information-than-they-realize-d783f0cd57f3
======
feral
This is a nice write-up.

That said, I hope this is less of a surprise to people now: I coauthored one
of the first pieces of working pointing out basically these same issues back
in 2011 - almost 5 years ago:

[http://anonymity-in-bitcoin.blogspot.ie/2011/07/bitcoin-
is-n...](http://anonymity-in-bitcoin.blogspot.ie/2011/07/bitcoin-is-not-
anonymous.html)

It's interesting to see what perceptions have changed. That there's still
confusion shows how hard it is to disseminate information about encryption and
privacy; maybe this the same reason e2e email encryption seems so difficult to
get adopted, even decades after PGP: it's just hard to communicate about the
bounds of privacy.

One point: the 'clusterisation' mentioned in the linked article isn't 'magic':
most of the techniques people are using are actually very simple heuristics,
based on properties of the Bitcoin protocol (transaction input linking, which
we demonstrated), or assumptions about transaction 'change' (prone to false
positives).

It's worth noting that there are more sophisticated tools that could be
applied: machine learning or stats methods - but I've not seen them yet.
Possibly because its hard to come up with good training datasets (unless you
are a retainer or wallet?) and not worth investing in when simple methods show
so much. But its worth bearing in mind that more complex analysis is possible.

The overall conclusion being, IMO, that if you want privacy, it's probably
usually easier to design it in from the start, rather than retrofit by
progressively patching holes in a leaky system, against progressively better
attacks: the latter is so hard to get to the point where it works solidly: for
human reasons as much as technical ones; I think Bitcoin privacy seems
destined to be an example of this.

~~~
roel_v
"It's worth noting that there are more sophisticated tools that could be
applied: machine learning or stats methods - but I've not seen them yet.
Possibly because its hard to come up with good training datasets"

I think it has more to do with those methods not being 'deterministic' for a
broad interpretation of that word. By that I mean, if you're doing de-
anonymizing for regulatory purposes, it's a hard sell to convince people
'these transactions are correlated because my neural net, which is a complete
black box, says so'.

------
natrius
Money is a claim on value, and fungibility forces everyone to honor all claims
on value. An incorruptible record of the flow of trade through an economy
allows you to eliminate fungibility. You can withdraw your consent for people
to trade claims on your production. This ability requires no one's permission
and makes you more powerful as an individual.

ISIS, for instance, can only hold territory because everyone accepts the
claims on value that they give their foot soldiers. I want to stop honoring
those claims to reduce their power. Manufacturers shift their carbon emissions
to friendly jurisdictions instead of, you know, not risking our only home for
cheap consumer goods. They do this to acquire more claims on value, and I
don't want to honor those claims because I like Earth.

Fungibility is literally killing people and destroying our planet. I think
we'll be better off without it, though as with all significant social shifts,
it probably needs more study to avoid unforeseen consequences like genocides
and stuff. Blockchains are not anonymous—their incorruptible histories give us
the tools to reshape our society. Use them.

~~~
josu
>Fungibility is literally killing people and destroying our planet. (...)
Blockchains are not anonymous—their incorruptible histories give us the tools
to reshape our society. Use them.

That's a slippery slope and you probably don't want to go down that road.
Think of the power that would confer to a totalitarian state.

~~~
natrius
Totalitarian states do just fine as it is. They use money to maintain their
power. This might make totalitarian states impossible.

------
NobleSir
Shameless plug for Monero
[https://eprint.iacr.org/2015/1098.pdf](https://eprint.iacr.org/2015/1098.pdf)
(ring ct author here)

edit: See also
[https://github.com/shennoether/ringct](https://github.com/shennoether/ringct)
and [https://github.com/monero-project/bitmonero](https://github.com/monero-
project/bitmonero)

~~~
hybridsole
Thank you for your contributions, NobleSir. I think out of all the
cryptocurrencies, if there's one that will take real market share away from
Bitcoin, it'll be Monero.

~~~
NobleSir
no problem - these things are quite interesting to me.

------
kristofferR
I'm weirdly ambivalent about Bitcoin privacy/anonymity. On the one hand I
deeply value my privacy, and would personally love it if Bitcoin were fully
anonymous.

Yet - I also deeply felt intuitively that the Panama Papers exposed bad
behavior. The bad behavior it exposed were people aiming to archive financial
privacy.

I can't really reconcile the two beliefs.

~~~
kbart
Yes. Fully anonymous digital currency and and widespread, legal usage is hard
to imagine together. There's simply no way governments would allow that, so
regulations of digital currencies is only a matter of time. Yes, I know that
argument that "physical money is anonymous too", but that's not the same,
_physical_ money has _physical_ constraint and you can't transfer huge amount
of them around the world in a matter of seconds. Furthermore, a crackdown on
real money has already started(1, 2 etc)..

1\. [http://www.euronews.com/2015/12/16/cash-losing-its-
currency-...](http://www.euronews.com/2015/12/16/cash-losing-its-currency-
sweden-prepares-to-bid-farewell-to-physical-money/)

2\. [http://www.theguardian.com/world/2016/feb/08/german-plan-
pro...](http://www.theguardian.com/world/2016/feb/08/german-plan-prohibit-
large-5000-cash-transactions-fierce-resistance)

~~~
abishekk92
I think Monero fits in nicely in such a scenario with its view key. They call
it private, but optionally transparent. The regulators can ask to "view" a
transaction.

------
ultramancool
What's next?

Well, true anonymity via zero knowledge proofs of course.

[https://z.cash/](https://z.cash/)

~~~
bduerst
Isn't 10% of mined zcash coins being skimmed by the founder?

~~~
aminorex
Yes. z.cash centralizes control under a corporation, which makes it vulnerable
to legal process and political risk, and it is what is known in the crypto
world as a "pre-mine scam".

~~~
repomies69
How is it a scam if the founders are honest about it? Everyone knows the name
of the game.

~~~
ultramancool
It's a scam in the sense that it's basically a pump and dump game for the
founders. Sure, many people will know it, but those who do will probably avoid
it, it's those who don't who will buy it on markets and lose out when the
founders dump.

~~~
zooko-zcash
Pump-and-dump is a major threat. Almost every cryptocurrency or related asset,
including Bitcoin and Ethereum, has been vulnerable to pump-and-dump, and it
is impossible to prevent.

One way to try to deter pump-and-dump is to make it so that the founders don't
have any sort of privileged position, but then how could you afford to do all
of the work to create a solid, usable protocol? The Zcash team
([https://z.cash/team.html](https://z.cash/team.html)) is a world-class team
of experts, and we all have mouths to feed during the years of our lives that
we're devoting to this project.

Our solution is to trickle the Founders Reward out to the founders
incrementally over the first four years, integrated with the rhythm of mining.

This militates against pump-and-dump in two ways:

1\. Neither the Founders nor anybody else has a giant stash of Zcash at the
beginning with which they can manipulate the market price.

2\. The Founders are locked into receiving more and more Zcash over the first
four years, so their incentive is for the price of Zcash to go up during that
time.

In my opinion, this hack is awesome.

It affords us the opportunity to focus several years our lives on solving this
important problem, which otherwise would probably go unsolved, and it offers a
transparent and simple financial setup that users can evaluate for themselves
if they think it is a good deal.

So I categorically reject the word "scam". There is no reasonable
interpretation of the word "scam" which applies to the Zcash Founders Reward.

[https://z.cash/blog/funding.html](https://z.cash/blog/funding.html)

~~~
jneves
There's no incentive not to sell (by the contrary), meaning there's no long
term ownership, which means that the system just temporarily avoids the
financial incentives to pump-and-dump, doesn't remove them.

~~~
zooko-zcash
If the Founders who get the 10% Founders Reward sell their Zcash (or some of
it) before the four years of the Founders Reward has run its course, then that
is _not_ pump-and-dump. In fact, that is the opposite of pump-and-dump. That
means that the market price of Zcash will be set by a multitude of buyers and
sellers, none of whom have a privileged position, and it means that the
Founders will have an incentive for the price to go up after they sell. That's
the opposite of pump-and-dump.

------
raykyri
Google Cache, if anyone else is having trouble accessing Medium right now:
[https://webcache.googleusercontent.com/search?q=cache:rU5Ohf...](https://webcache.googleusercontent.com/search?q=cache:rU5Ohf8AKUUJ:https://medium.com/bitaccess-
inc/bitcoin-users-reveal-more-private-information-than-they-
realize-d783f0cd57f3+&cd=1&hl=en&ct=clnk&gl=us)

------
martindale
True privacy is (probably) coming to Bitcoin in the form of Confidential
Transactions [1], a new construction of Pedersen Commitments and Range Proofs,
as combined with some number of other mechanisms (such as CoinJoin).

[1]: [https://www.elementsproject.org/elements/confidential-
transa...](https://www.elementsproject.org/elements/confidential-transactions)

------
jacquesm
I have no illusions about my privacy when using bitcoin, and privacy is not
the reason why I would use it in the first place.

From what I gather the key to bitcoin always was that it was decentralized,
not that it was private. And over time even the decentralized has been
hollowed out quite a bit.

------
aminorex
Bitcoin is a panopticon tool. That is why I use Monero instead.

------
jimlunard
Bitcoin has full anonymity only when you know what you're doing. And it is
hard for an average joe to maintain that. There are many other coins to choose
from - Ethereum, Dash, Monero
[https://www.coingecko.com/en](https://www.coingecko.com/en)

------
LAMike
When SegWit is released in a few months, confidential transactions will be
right around the corner

~~~
ikeboy
That only keeps the amount transferred private, not the addresses. Also, it
has nothing to do with segwit, it was proposed well before segwit was a thing.

~~~
LAMike
Doesn't segwit allow for softforks?

~~~
ikeboy
Segwit is a softfork, but it's far from the first. See
[https://www.reddit.com/r/Bitcoin/comments/2y4mq2/list_of_sof...](https://www.reddit.com/r/Bitcoin/comments/2y4mq2/list_of_soft_and_hard_forks/)

------
loourr
"This also means whenever a transaction has multiple input addresses, we can
safely assume those addresses belong to the same wallet."

This is not true.

You can sign partial parts of a transaction and have M of N signatures. This
is what mixing services are designed to do.

~~~
throwaway2016a
Not to mention a great many transactions come from cloud wallets / exchanges
with shared pools of addresses.

However, if you are using a QT wallet it is probably generally true.

------
matt_wulfeck
For privacy, this is one of those pesky places where having judicial law and
oversight is useful. With laws you can control who can and can not use
personal data.

With fiat currency you get the good and the bad. With digital currency you get
the good and the bad.

------
Sinergy
I hope everybody here knows about BitcoinFog, Shared Send, and other mixers.
And uses them for random transactions now and then to give the rest of us
plausible deniability.

~~~
gnaritas
> Mixers

A PC name for money launderers. If you need a money launderer, you should
rethink what you're doing.

~~~
miscellaneous
Noun, 1. money laundering: Concealing the source of illegally gotten money.

Do you have any evidence that suggests that all users of mixers obtained their
Bitcoin illegally?

This HN post is a criticism of the privacy of Bitcoin transactions. Mixers can
improve the privacy of Bitcoin transactions. I don't see how your comment adds
to this discussion, unless you think financial privacy is a crime - in which
case your statement applies equally to cash transactions.

~~~
gnaritas
> Do you have any evidence that suggests that all users of mixers obtained
> their Bitcoin illegally?

And why would I require that? I haven't accused all bitcoin users of anything.

> This HN post is a criticism of the privacy of Bitcoin transactions. Mixers
> can improve the privacy of Bitcoin transactions. I don't see how your
> comment adds to this discussion, unless you think financial privacy is a
> crime - in which case your statement applies equally to cash transactions.

The law thinks financial privacy is a crime, thus KYC laws, and as such it's
on topic for any discussion of bitcoin privacy since said discussion should
include the issue that you fix social problems with engineering. You can't
break the law "because the protocol just works that way".

~~~
Karunamon
You accused them of money laundering, which is a crime by itself most first
world nations. Except that phrase doesn't apply unless another crime has been
committed, because it only applies to funds gotten illegally.

Make more sense?

~~~
gnaritas
Anonymous financial transactions are themselves crimes, they violate KYC laws.

~~~
j15t
KYC = Know Your Customer

As the name implies, this law only applies to (financial) businesses and their
customers. Most Bitcoin transactions are P2P and hence there is no
business/customer relationship and hence there is no KYC law applicable.

~~~
gnaritas
> Most Bitcoin transactions are P2P and hence there is no business/customer
> relationship and hence there is no KYC law applicable.

That's a bit of a nonsense statement. It's a P2P payment network so you have
no way of knowing if most of the transactions going across it are between
businesses and customers or person to person. Quite simply that's a claim you
can't back up.

