When we create transactions on the Bitcoin network, it might be tempting to assume that since we’re using a cryptocurrency, we are totally secure in transferring money to another party.
In the world of cybersecurity, there is a token acronym to express security – CIA. No, this isn’t referring to the federal agency in the USA – instead CIA refers to confidentiality, integrity, and availability.
- Confidentiality expresses the “typical” definition of security – what you send to another party or store on your computer can only be revealed to those whom you choose and no one else.
- Integrity expresses the idea that any message you send should end up exactly same wherever it goes – it shouldn’t be altered en route.
- Availability expresses a definition of security meaning that a system/user should be able to access or contact another system/user when desired (i.e., a distributed denial of service (DDoS) attack would threaten availability).
So, from a cryptocurrency perspective, we are secure using Bitcoin, right? Our transactions are encrypted and protected against modification, and the network can’t possibly go down since it’s so decentralized – we must be completely secure!
Using only the three factors above, it’s pretty clear that our use of the Bitcoin network is pretty secure. But let’s expand our meaning of confidentiality by taking a look from a tangential perspective – are you confidential using Bitcoin?
Let’s rephrase it – are you as a person, not the data you’re sending, confidential? Can someone find out more information about you, such as where you live, how much bitcoin you’ve sent, how often you use the network, who you’ve paid in the past… The answer might seem counter intuitive, but these are definitely not outside the realm of discovery. (Quick aside: from a legal standpoint, privacy and confidentiality are technically different; however, they cover very similar notions in “common speak”, so we will use the terms interchangeably here and provide a link below if you want to know how lawyers use the terms).
Time to dive into the details. First, when you use a computer on a network (i.e., the Internet in this case), your computer has an IP address. It’s either a 32-bit or 128-bit identifier that tells the receive to whom they should respond. For example, let’s say your computer is located at 17.xx.yy.zz and you’re trying to talk to 20.xx.yy.zz (fake addresses used for privacy). Did you know that from this simple information above you can find out that a corporate device owned by Apple is attempting to make a call to a device at Microsoft? (Check this out for a reason why).
IP Address Gives You Away
Why this matters – your computer has an IP address, and when you “talk” to someone on the Bitcoin network, it is possible to find out your IP and even log every time your IP address has attempted a connection. Your telco (Verizon, Cox, Charter, CenturyLink…) is assigned specific addresses and divvies those out to its customers. Given a date and an address, the telco could discover who (at least which router in a household or business) attempted a specific connection. Can you possibly get around this? Sure, there are potential ways (VPNs, proxies, and Tor among others), but there is no way to not have an IP address associated with your connection. Short answer: it can increase anonymity but is not bulletproof.
What about your wallet address? Let’s say you try to send someone BTC this week, and in a few weeks from now, you send both them and someone else BTC again. These transactions will be forever placed on the blockchain and can be searched. Someone looking for your address can tell how much you sent, when you sent it, and to whom you sent it. Another potential for disclosing your address – asking for donations or payments on your website. Lots of small websites run on donations – if you post your wallet address to ask for help running the site, your identity (or at least the site owner’s) can be forever traced back to you through the address. All of this is encoded and forever encapsulated – but can this be mitigated? In order to reach a higher level of anonymity, you could attempt to use a new wallet address with every transaction. This is, in fact, the recommendation of Bitcoin.org.
Break The Identity Tie
Can’t Bitcoin mixers aid in breaking the tie to your identity? They can help – it does make an investigation into your identity more difficult to trace – but as amounts get larger and larger even these services are limited in their usefulness. You also have to inherently trust the operator of the mixer – they can easily lose, steal, or mismanage your input BTC. There are other options, such as CoinJoin, to anonymize payments. CoinJoin takes multiple transactions from multiple spenders and combines these into a single transaction, effectively hiding raw details about who spent how much bitcoin. This doesn’t require any modification to the Bitcoin network protocols and can be used now but is vague and can be difficult to employ – and again, still not bulletproof.
Is there any hope? Of course, this isn’t a doomsday approach to cryptocurrency but rather a reminder to be careful while on the Internet. If you choose to deal with trustworthy vendors and other users, you have very little to worry about in your online activities. This just serves to reinforce that pseudonymity (using a name or identity other than your own) is possible but anonymity (completely unknown identity) is pretty much not. It’s hard to say that there’s a 0% chance of someone finding out who you are given a specific transaction or other interaction on the Bitcoin network.
Learn More About How Anonymous Bitcoin Really Is
Even though we looked at a good bit of detail above, there’s so much more you can read about if you desire to understand the more technical facets of pseudonymity in the online world. Take a look at a few of these resources for more:
- Here’s the official Bitcoin.org recommendations for protecting your privacy online.
- It’s in the name: How Anonymous is Bitcoin?
- An extremely insightful look into the privacy of cryptocurrency networks.
- Six ways to achieve a higher level of anonymity when using Bitcoin.
- A much more detailed look into CoinJoin.
- Legal definitions of privacy vs. confidentiality.
- And finally, a take on the privacy of Bitcoin usage and how it is affecting other cryptocurrency ecosystems.
We hope this was insightful for you and look forward to seeing you next time!