Bitcoin lock and privacy

SHARE
← Back to articles
SHARE

Bitcoin Is Not as Private as You Might Think

May 25, 2017 5:39 pm Published by

Bitcoin has often been portrayed as an anonymous payment network. However, in reality, Bitcoin is perhaps the most transparent payment network in the world and is therefore not as private as most might think it is.

Anonymity vs. Privacy

Before we delve into the heart of the matter, let us first understand the distinction between anonymity and privacy, as there is a tendency to conflate the two.

Anonymity refers to “the quality or state of being anonymous” — i.e., “of unknown authorship or origin”. In other words, a bitcoin transaction is anonymous if no third party knows who made the transaction.

Privacy, on the other hand, in this context refers to “a private matter” — i.e., “not known or intended to be known publicly”. In other words, a bitcoin transaction is private if no third party knows what was purchased using those bitcoins, and for what amount.

This distinction is important to keep in mind, as bitcoin transactions are generally anonymous but not private — i.e., identities are not recorded in the Bitcoin blockchain itself, but every confirmed bitcoin transaction is permanently recorded and visible in the Bitcoin blockchain (Nakamoto, 2008).

Bitcoin Traceability

This level of transparency in the Bitcoin network consequently allows for bitcoin transactions to be tracked and traced.

While identities are not recorded in the Bitcoin blockchain, Bitcoin addresses are. These addresses are the only information used by the network to define where bitcoins are allocated and where they are sent. And since all transactions are publicly broadcast in the Bitcoin blockchain, the public is able to see the flow of bitcoins from one address to another, albeit without any information that explicitly links those addresses to anyone in particular.

However, given that many users access bitcoin through services that require the disclosure of their personal identities, these users’ bitcoin holdings and activity become linked to their identities. These services can then track and trace these users’ bitcoin activity, and even disclose them to other third parties — including law enforcement — according to their privacy policies. Bitcoin, for these users, becomes no more anonymous than a conventional bank account.

Furthermore, there has lately been a rapid development of various techniques specifically designed to track bitcoin transactions. The two most common techniques so far are transaction graph analysis and IP address analysis.

Transaction Graph Analysis

Transaction graph analysis attempts to uncover the identities behind bitcoin transactions by identifying certain trends in bitcoin transactions using a variety of techniques. These trends are used to make educated guesses at linking certain transactions to certain bitcoin holders.

One common technique used in transaction graph analysis is identifying transactions with more than one input address. A bitcoin transaction input refers a Bitcoin address or a set of Bitcoin addresses used to send bitcoins from. And since these bitcoins can only be spent using the private keys associated with those addresses, it can be safely assumed that a transaction with multiple inputs was made by the same person. Subsequent transactions made from those addresses further augment the link between those addresses and the person who controls them.

A second technique employed by transaction graph analysis exploits a Bitcoin feature called change. In Bitcoin, when the output of a transaction is used as the input for another transaction, that output must be spent in its entirety. In other words, Bitcoin does not allow the partial spending of the total amount of bitcoins in a given Bitcoin address. For example, if Alice sends 0.5 BTC out of a total of 1 BTC that she has in a given Bitcoin address to Bob, the Bitcoin network does not allow 0.5 BTC to be subtracted from that address to be sent to Bob. Instead, what Alice’s bitcoin wallet has to do is to spend all of the 1 BTC — i.e., 0.5 BTC to Bob and the remaining 0.5 BTC to herself. The remaining 0.5 BTC that is sent back to Alice is sent to one of the wallet’s change addresses.

The second technique employed by transaction graph analysis exploits this by looking for these change addresses. If exactly one of the output addresses in a given transaction has never appeared in the blockchain before, it can be safely assumed that the new address is the change address.

A third technique employed by transaction graph analysis also exploits Bitcoin’s change feature. This third technique is essentially an extension of the second technique in that it looks at the amounts in a transaction’s outputs. For example, if a given transaction has an output to two new Bitcoin addresses where one of the outputs contains 1 BTC while the other contains 1.61803, then it can be safely assumed that the second output is the change. This allows the input addresses to be linked to the change address.

IP Address Analysis

IP address analysis attempts to uncover the origin of transactions by looking for the IP address of the Bitcoin full node that first broadcast the transaction.

This technique is considered to be a lot less refined and reliable than transaction graph analysis, in that it is very difficult to pinpoint exactly where the transaction was first broadcast from — IP address analysis would have to sift through all the transactions relayed by approximately 7,180 Bitcoin full nodes (according to 21’s Bitnodes service at the time of writing) to pinpoint the origin of the targeted transaction. This is made more difficult by the small random delay that is coded into the Bitcoin protocol that attempts to obfuscate the origin of a transaction. False positives are therefore very likely when using this technique.

Conclusion

Bitcoin is not as anonymous nor as private as popular belief may suggest. The fact that all transactions are permanently recorded and announced on a public distributed ledger — while certainly a boon for transparency and decentralisation — should be a constant reminder to average users that Bitcoin is certainly less anonymous than cash.

Nevertheless, there are many improvements in the works that aim to improve privacy and anonymity on the Bitcoin network. One such example is a proposal called TumbleBit — an untrusted, off-blockchain intermediary payment channel that mixes incoming bitcoins from different parties before sending them off to their intended recipients. TumbleBit’s technology allows for increased anonymity on the Bitcoin network by reducing the level of traceability that is currently inherent in conventional Bitcoin transactions. TumbleBit is currently in the final stages of testing, with mainstream implementations expected to be released in the coming months.

The Benefits of Transparency: How Bitcoin & Blockchains Could Change The World

Like most people, you probably have a lot of unanswered (or unanswerable) questions about the financial system. How do we set the price of gold if we don’t know how big the supply is? What’s the point of saving money for the future when inflation will devalue it with each passing year? Why are we… View Article

Why Do Banks Exist? Do We Still Need Them?

Banks are one of the most polarising topics around. Like any business, banks exist to make money- and they’re good at it. The fact they do this using our hard earned money is a sore point. Most people view traditional banks as faintly villainous and we’re quick to blame them for economic issues. Despite this… View Article

Bitcoin Vs The Dotcom Bubble

There has been a lot of debate lately about how Bitcoin compares to the dotcom bubble. Both involve new technology and rapidly increasing prices, so it’s no surprise comparisons are being drawn. Let’s take a look at exactly what bubbles are, and the similarities and differences between Bitcoin and the dotcom bubble. What is a… View Article

Verification
Why Customer Verification Is Super Important

There’s a common misconception that Bitcoin is fully anonymous, so many people are surprised when they sign up for a Wirex account or crypto exchange and are asked to provide proof of their identity. There’s a good reason for that – it’s part of KYC. What is KYC? KYC (‘know your customer‘) verification is how businesses find… View Article

Hi! New to Bitcoin? Get The Wirex Bitcoin Confidence eBook