In the last few years, many people have realized that Bitcoin is not anonymous, and some of them have realized it with dire consequences.
The Bitcoin blockchain while remarkable and revolutionary, is at it’s core an immutable public ledger.
This means that every single transaction is unchangeably recorded and verifiable by every other participant in the network as long as electricity and the internet exist.
This guide will show you the reality of using Bitcoin anonymously in 2019.
Step 1. Always use cash to get in and out of BTC
Never, ever use any service that requires AML/KYC. This is how law enforcement ties your real name to your Bitcoin address, exchanges are more than happy to cooperate.
AML/KYC or more precisely known as Anti-Money Laundering/Know Your Customer laws are completely absurd.
It does not prevent any money laundering or terrorist financing and creates an onerous regulatory burden on businesses who have to comply with extortionary so-called “regulatory agencies” in order to operate.
AML/KYC regulations are designed to create an unnecessary paper trail, instead of actually stopping crime from taking place.
It’s nothing but a slightly more polished presentation of common “mob-style” racketeering with suits, ties, and licenses.
Even if you believe money-laundering is a criminal act, banks are the biggest perpetrators of this crime.
If you buy or sell Bitcoin from an exchange which has all your AML/KYC information you must anonymize your coins.
The disruption and innovation that Bitcoin offers us, is to get rid of these middlemen interfering with the market, the money supply, and the economy overall. In other words:
We can now transact directly peer to peer with nobody taking a cut, or trying to interfere.
The actual end result of AML/KYC:
No personal freedom and total financial surveillance for everyone, while terrorists and criminals operate with impunity regardless.
In other words, AML/KYC is garbage.
This conclusion does not even consider the higher costs of these financial services for customers who manage to jump through all the hoops of providing an intrusive level of personal info in order to be approved.
It is a direct consequence of the regulatory compliance costs these businesses face.
Step 2. Never reuse Bitcoin addresses
Re-using a Bitcoin address is a massive privacy and security risk.
It makes it easier for blockchain analysis agencies to use heuristics to deanonymize you, as well as others who may have transacted with you.
Luckily many of the newer wallets are Hierarchical Deterministic, which means that you can generate an unlimited number of public addresses from a single seed, as well as recover the wallet completely, from the very same seed.
Most newer wallets are still SPV wallets, however, and are vulnerable to a wide variety of security vulnerabilities.
Step 3. Never use a wallet that uses Bloom Filters (BIP 37)
Ok, now that we have established that, why does it matter if you use an SPV wallet that utilizes Bloom Filters?
Bloom filters were introduced for security, right? Yes, however the implementation has lots of systemic flaws.
Without getting too technical we will refer to the Breaking Bitcoin SPV security PDF. In this document it states that an attacker could possibly:
- spoof SPV requests
- sniff out SPV requests
- block SPV answers.
- spoof full-nodes
- block SPV requests
These vulnerabilities come from the fact that SPV wallets do not verify the entire blockchain in all its immutable glory, they only verify headers, which leaves them open to these avenues of attack.
Electrum is a thin-client SPV wallet that uses Bloom Filters, which could be risky to your privacy.
If you use Electrum with your own Bitcoin full node, or an Electrum personal server, you can mitigate a lot of these risks, especially if your node is run as a Tor hidden service.
Step 4. Use an anonymity network or VPN
Contrary to popular belief Tor is not the only anonymity network. There are others like I2P, Bitmessage, Zeronet, and Freenet that are engineered towards privacy security and anonymity, although at varying degrees of accessibility to the non-technologically inclined.
Blockchain Forensic Analysis in a nutshell:
Blockchain forensic analysis has been marketed as a surefire way to stop crime and people trying to use Bitcoin for evil and nefarious reasons like buying marijuana from the Mujahadeen off of the dark web.
Blockchain analysis has become a billion dollar industry with blockchain forensic services charging top dollar for their analysis to law enforcement governments, banks, and major Bitcoin exchanges worldwide.
I don’t want to pick on Chainalysis (or Bitfury) but they are hands down, the most famous such firms, although many others exist. Chainalysis will give you a good idea of the services these types of firms offer: activity monitoring reports, cyber-threat intel, and enhanced due-diligence tools.
These kinds of forensic blockchain analysts use a method of guessing what is actually taking place on the blockchain, in the sense of monitoring movement of funds. They do this with a technique called heuristics.
So what are heuristics?
Heuristics are basically imprecise assumptions that are precise enough for the job at hand.
In Bitcoin, this means using software and algorithms to monitor the blockchain and movement of UTXOs to try and deanonymize users.
According to Jonas Nick, there are various heuristics utilized by blockchain forensic analysis companies such as Chainalysis.
Bitcoin Blockchain Analysis Heuristics Types:
Multi input Heuristic, assumes all inputs are from the same wallet
Shadow change Heuristic, analyzes change addresses that have never before been on the blockchain, lets blockchain analysis experts know who is the sender and who is receiving the funds
Consumer change Heuristic, transaction from consumer wallets have two or less outputs, identifies people using services like exchanges, webstores, etc.
Optimal Change Heuristic, uses the assumption that wallets don’t send unnecessary outputs, if there is a unique output with a smaller value than any of the inputs then this is the change
These different techniques are used by themselves or in varying combinations in an analysis technique called “clustering“.
Clustering allows analysts to follow the movement of funds from wallet to wallet, identify senders and receivers, and deanonymize and identify users themselves by linking addresses to a real-world identity.
Clustering is used on individual wallets (or pubkeys), as well as to track complete transaction chains.
Since heuristics are just assumptions about what’s actually happening, they can be attacked by making those assumptions fundamentally unreliable.
Privacy-conscious wallets like Wasabi & Samourai have incorporated such features into the wallets themselves as countermeasures to blockchain analysis.
Wasabi has so many privacy-protecting features, that I will cover them in its own section.
What can we do to minimize risk?
- Run and use a Bitcoin full-node, so you can broadcast and verify your own transactions.
- Run your Bitcoin full-node as a Tor hidden service.
- Practice good general computer security habits.
- Use Coinjoin or a mixing service to breaking heuristic links to ownership of UTXOs, and maintaining a sufficient anonymity set.
- There are various types of Coinjoin implementations that can’t deanonymize you or steal your funds.
- Zerolink, Joinmarket, Tumblebit, and Coinshuffle are all different types of Coinjoins which can’t steal your funds or deanonymize you.
- Practice Coin Control like a champ.
- Use Wasabi as your desktop wallet and Samourai on your mobile. Then earn to use the privacy features.
- Use a Cold Card as your cold storage hardware wallet.
- Never use any exchange or service that has your AML/KYC info. Buy and Sell Bitcoin with cash.
- Don’t tell people you own Bitcoin and never talk about our Bitcoin on social media profiles with your real identity or information.
Why you should stay away from centralized online mixing services.
There are various Bitcoin mixers or tumblers that are in use by denizens of the dark web.
Some are complete scams, others are legit and charge a fee, and still, others selectively scam their customers.
You cannot trust these services:
Even if they don’t rip you off, you have no idea how they are actually mixing your coins, if they are providing sufficient anonymity, and you have no guarantees they are not deanonymizing everyone themselves. Using a mixing service is extremely risky.
There are now safer, more secure options called Coinjoins.
What are Coinjoins?
Coinjoins are a method of obscuring ownership of UTXOs by joining the inputs and outputs of many people into a single transaction. If the inputs are all the same size, it makes it impossibe for blockchain analysis to tell whos coins are whos. It was first proposed by Bitcoin core dev Greg Maxwell in 2013.
There have been various styles of Coinjoins which have been developed. They all follow the basic framework laid out by Maxwell, each with their unique approach and techniques.
I will take a look at a couple different implementations and give you a quick overview of each, so you can decide which one is the best for your privacy needs.
Tumblebit was first proposed in 2016, by a team of Bitcoin privacy researchers led by Ethan Heilman. Tumblebit is another trustless implementation of coinjoinand provides users with anonymity by obscuring the ownership of UTXOs.
It is more than just a coinjoin, it is also an anonymous payment hub which would help increase Bitcoin’s overall scalability as well as privacy and even fungibility.
Tumblebit has a classic tumbler mode which is the coinjoin part of the protocol. It has another mode for payment hub which allows users to make anonymous payments through the trustless tumbler that can’t steal your funds.
Tumblebit’s payment channels are different than the payment channels employed by the Lightning Network, so it is unclear if the two protocols would be integrated at this time.
Tumblebit’s anonymous payment hub would require users to open a payment channel with the payment hub, similar to how channels must be opened to use the Lightning Network.
Tumblebit’s payment hub would also be second layer scaling solution that could make payments in seconds, similar to the lightning network but it would exist as its own layer two solution.
Additionally, payment hubs would pool Bitcoin, creating upward price pressure while ensuring anonymity, fungibility, privacy, and scaling.
Tumblebit is a pretty new project, so It only has one working proof-of-concept implementation which is not ready for production yet.
It is called NTumblebit and was written by Nicolas Dorier, Bitcoin core dev and creator of the BTCPay server.
Joinmarket is a trustless Coinjoin implementation that uses a Maker/Taker model to incentivize users and provide liquidity.
Coinjoin matches users who want to anonymize their coins, (Takers) with users who wish to provide liquidity for Coinjoins (Makers) while earning a fee.
With Joinmarket, it is impossible for your coins to be stolen (your keys are never broadcast outside your pc) and the right amount is always sent to the correct wallet.
As a maker providing liquidity, you can help Bitcoin privacy and fungibility while earning a passive income in fees for doing so. The income in fees is low, but it is also low risk.
A single Joinmarket coinjoin will not give you strong anonymity, however, there is a tumbler script which allows you to run many coinjoins chained together to give a much higher anonymity set.
The Joinmarket Yield Generator is a bot that performs the market maker duties in Joinmarket. It links to the Joinmarket trading pit IRC channel and offers the coinjoin to takers for a fee.
Joinmarket is one of the most popular coinjoin implementations. It has been in use for a few years already, although since it is written in Python it does have a substantial learning curve.
Joinmarket is open source and contributions are welcome.
Coinshuffle++ is another trustless implementation of coinjoin, and this one also takes a unique approach to how your coins are mixed/tumbled.
Coinshuffle was first propsed by a team of Bitcoin security researchers from Saarland University in Germany.
Coinshuffle is more decentralized than other coinjoin implementations. (It doesn’t rely on a centralized coordinator.) It may be possible to build Coinshuffle in a fully trustless and decentralized way. This would give it more censorship resistance and resilience to attackers.
Coinshuffle++ is the successor of the original Coinshuffle project. Coinshuffle has had a couple of implementations like Shufflepuff, and CashShuffle, but a fully decentralized implementation of Coinshuffle++ has not yet been implemented.
This is for two reasons, the first being that Coinshuffle++ utilizes its own mixing network called DiceMix (DM). DiceMix would need to be integrated with TOR/I2P which would require a lot of development work.
The second is that building a decentralized/distributed network is very challenging. It is hard to fix bugs, everything must be done nearly perfect the first time. It is akin to working on the engines of an airplane while it is still in flight.
Decentralized systems are much more complex to create than a standard implementation.
Coinshuffle is also open source, so feel free to contribute.
Zerolink has been called the Bitcoin fungibility framework.
It is another unique and interesting implementation of coinjoin.
Zerolink utilizes a new technique called Chaumian Coinjoin which is a faster and less expensive method of conducting coinjoins.
Zerolink is billed as being the first coinjoin implementation to:
“offer protections against all the different ways a user’s privacy can be breached. The scope of ZeroLink is not limited to a single transaction, it extends to transaction chains and it addresses various network layer deanonymizations”
Zerolink at its core is a three part system. It consists of a pre-mix wallet, a post-mix wallet, and a method of mixing coins which is known as Chaumian Coinjoin. Chaumian coinjoin is based up David Chaum’s Chaumian Blind Signatures.
Chaumian coinjoin can be immediately implemented by existing wallets, and has already been implemented into Wasabi wallet, and work is underway on a Samourai implementation as well.
Chaumian coinjoin utilizes a simple round-based mixing technique. Its tumbler cannot deanonymize users or steal funds, and its simplicity makes it much faster than other coinjoin implementations with much lower fees.
Zerolink provides mathematically provable anonymity to users.
It is also open source and contributions are encouraged.
My experience using Wasabi Wallet:
Wasabi wallet was created by Adam Ficsor, aka Nopara73. Adam worked on Tumblebit before beginning to work on Zerolink, he also worked on Stratis’ Breeze wallet, and then Hiddenwallet before it morphed into Wasabi.
Wasabi wallet is now redesigned (from the floor up) version of Adam’s earlier project Hiddenwallet. It has several privacy/security improvements and utilizes Chaumian Coinjoin as it’s mixing technique.
Wasabi is the first-ever Zerolink compliant wallet and it’s now live on Bitcoin’s main net.
Let’s take a look at Wasabi’s features to protect your privacy and anonymity:
- It’s open source, you can audit its code.
- Cross-platform (Linux, Windows, OSX).
- Zerolink Compliant.
- BIP 84 Wallet (only Bech32 Native Segwit Addresses).
- Only light wallet which does not fail against Blockchain Forensic Analysis.
- Extremely minimal fees of only 0.03%
- Wasabi has made over 2417 BTC fungible since August 1, 2018.
- Built-in high volume mixer/tumbler based on Chaumian Coinjoin.
- Built-in Blockchain analysis tool to help you keep your anonymity intact.
- Built-in advanced coin control feature to help you manage your UTXOs with precision.
- Tumbler cannot deanonymize you or steal your coins.
Wasabi is super easy to use and makes coin control simple and easy to understand and use effectively.
It is commonly said that an anonymity set of fifty is sufficient to evade blockchain forensics analysis. With Wasabi this can be achieved in a matter of hours (or minutes if there are lots of other users).
Coin Control is essential to maintain this level of anonymity, which means using the tools in Wasabi to never mix UTXOs which could deanonymize you.
Wasabi utilizes the Zerolink framework of a pre-mix wallet, post-mix wallet andcoinjoin. It also allows you more control of your UTXOs by having multiple wallets in the Wasabi application itself.
This means after you mix your coins, you can send them to a completely new Wasabi wallet with no heuristic links to your other wallets.
It also allows you to have a wallet for each sub-sector of your spending.
This allows you to practice coin control across all your wallets and to control your UTXOs with precision.
You can also send anonymized UTXOs to another wallet or a hardware wallet (send the UTXOs one by one so you don’t deanonymize yourself) for offline cold storage.
All in all, Wasabi has changed the dynamics of Blockchain forensic analysis by making their heuristic assumptions unreliable and gives power back to the Bitcoin user by giving them mathematically provable privacy and anonymity sets.
Samourai Wallet will be the second wallet to be Zerolink compliant and will share many of the same groundbreaking features as Wasabi, but for mobile wallets and spending Bitcoin anonymously on the go.
Privacy is more important than scaling for the mass adoption of Bitcoin.
It is also the main reason that the mainstream finance and business worlds have not fully embraced Bitcoin as of yet. They need to protect their business’ financial confidentiality from competitors, and Bitcoin’s public ledger is not conducive to this need, yet.
This post is an overview of existing privacy techniques and how you can utilize them for yourself.
To actually use these techniques, this blog post should be viewed as a starting point for further research. Make sure you understand all these concepts before attempting to use them.