Privacy Matters: Privacy in Bitcoin Transactions Demystified - #303
Privacy Matters: Privacy in Bitcoin Transactions Demystified - #303
TL;DR - Practical steps for enhancing privacy in Bitcoin transactions range from using noncustodial wallets to extreme anonymity techniques.
Reader,
Privacy. Bitcoin.
Together, it would appear that you are conducting some kind of illegal activity. That's the stigma held yesterday, today and most likely tomorrow. It couldn't be further from the truth.
What is privacy
Privacy, from the cypherpunk perspective, is about maintaining control of your personal data. It's a fundamental human right necessary for personal freedom in the Information Age.
What is financial privacy
Like your personal privacy, maintaining control of your financial data is important. Having control of your financial data gives security, freedom and protection from discrimination. Furthermore, it gives you personal safety, dignity and autonomy by keeping transactions confidential.
Open systems need privacy
The way Bitcoin's peer-to-peer system works is through a distributed public ledger. The public ledger is transparent and open for all to see. Nodes around the world verify these public transactions, allowing for transparency and security. It's how the network operates without intermediaries like banks or government.
Privacy in Bitcoin
A bitcoin transaction has a sender, receiver, the amount sent and the amounts left over. It's all recorded forever on the bitcoin ledger. Exposing this info can lead to theft, fraud, surveillance, discrimination and physical attacks.
Because of this transparent and open system, personal and financial privacy is necessary. In other words, bitcoin transactions are somewhat private.
Users should be aware of the risks and take proactive measures to protect their data.
Why privacy matters
Privacy is paramount to individual freedom and autonomy. It acts as a shield against encroachments by both corporate and government actors. Privacy safeguards individuals from unwarranted and unfair intrusions of their personal lives.
From the Austrian Economics and cypherpunk perspective, privacy and property rights are linked. Privacy allows individuals to exercise control over their data and possessions. Control over one's property is the basis for volunteer exchange in commerce.
When privacy breaks, individuals risk identity theft, fraud, unwarranted surveillance, and physical safety. 23andMe's privacy breach exposed 7 million people's names, addresses and genetic details. Gemini's breach exposed 5.7 million user's names, addresses and account balances. Ironic that KYC and AML measures do more harm than good.
Further, erosion of privacy threatens individual and financial sovereignty. With the Canadian Freedom Convoy, protestors became political targets for expressing lockdown grievances. The state flexed its surveillance muscle and forced banks to freeze protestors accounts. Not only were protestors targeted, but also close friends and family members. Bitcoin became a sovereignty preservation tool and helped protect individuals from state abuse.
Or more recently, our nonprofit had it's bank account frozen because it deals with bitcoin.
Privacy and Bitcoin, become essential tools for upholding individual and economic freedoms.
On Data Breaches
Popular belief would suggest data breaches happen because of some dark super coder. Reality says it's more human error than hacker.
Some of the most common data breaches occur due to:
Weak security practices like reusing the same login details for everything.
Mistakes or accidents, for example, sending info to the wrong recipient.
Insider threats, such as a disgruntled employee or contractor causing intentional harm.
Third-party vulnerabilities, such as a third-party app that has issues listed above.
Physical breaches, something as simple as device theft, which has poor security practices...
Privacy protects us from more than corporate or government overreach. Privacy protects our data from ourselves too.
The argument against privacy
Some argue that transparency of bitcoin creates more trust and accountability. But to protect individuals from attacks and discrimination, privacy is an essential tool. Privacy gives users control of their data while benefiting from a public ledger.
Other critics say that privacy facilities illegal activities like terrorism or money laundering. While possible, privacy protections gives the user's informational property. It's a human right with legitimate uses for protecting their property. Control over your property and forms the basis for voluntary exchange in commerce.
And then there are others who say that privacy is too complex and burdensome. Privacy does take effort, there are user-friendly tools and resources available. There's a learning curve, but everything is within reach.
Arguing that you don't care about privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say. — Edward Snowden
Exploring levels of privacy
Privacy is not a "one size fits all" concept. Some people need more privacy, others less. We'll categorize privacy into 5 distinct levels ranging from low to extreme.
Level 1 - Low
You have no privacy. Everything you do is on a KYC-compliant exchange, much like a traditional bank account. There is a lot of convenience, but the tradeoff is your personal and financial data.
Many people are here.
Level 2 - Basic
You have an account on a KYC exchange where you buy and sell, but you move your funds to your own wallet. The wallet might not be privacy-focused, but you have more control than the exchange.
Even though you are limiting data exposure, bitcoin from the KYC exchange have a history.
Level 3 - Moderate
Even with a KYC account, you also source bitcoin in a private manner. It can be over-the-counter, peer-to-peer or an exchange of goods and services, it is non-KYC. You do use KYC platforms, but it’s limited.
Your wallet is privacy-focused, like Samourai or Sparrow, connected to a node you run. You use privacy-enhancing techniques, like coinjoin, to obfuscate transaction history.
You're also applying basic privacy-enhancing techniques such as:
Privacy-focused emails and chat apps
Unique passwords and a password manager
VPNs and privacy-focused browsers
Level 4 - High
You have a strong emphasis on privacy preservation. You're not using KYC services. You're transacting with bitcoin following proper post-mixing procedures. Your privacy practices also include...
unique login details for every service and platform
using segregated devices for daily use and another for bitcoin activities only
using pseudonyms online
offline, you're not telegraphing your ownership of bitcoin
Level 5 - Extreme
You have a very comprehensive approach to privacy. You are combining layers of security and anonymity in your online and offline activity. You've gone taken steps to secure your data from any and all sources. You are transacting with bitcoin, Monero, ZCash, or using the Lighting Network in a private way.
It's the polar opposite of Level 1.
Practical steps for improving privacy
For all intents and purposes, bitcoin transactions are not private. Remember, the Bitcoin network is a public ledger.
In my own privacy journey, these are 7 steps which I used to improve it:
1. Use privacy-focused tools
Start with the basics: use privacy-focused email, chat apps, browsers and VPNs.
ProtonMail and Tutanota for email. Signal and SimpleX for chat. Brave, LibreWolf or Tor for browsing. Mullvad for VPN service.
Don't use the same email for login details or connect accounts with it.
Get off Google and opt for privacy-focused and/or open source tools.
2. Lower exposure to centralized exchanges
Minimize centralized exchange use or close accounts all together. Opt for decentralized exchanges such as Swapspace over Coinbase, buy in cash from a peer. Exchange your labor or sell goods in exchange for bitcoin.
Use centralized exchanges like public restrooms. Get in, do your business, wash your hands and exit. Make sure to always take your coins off the exchanges.
3. Use noncustodial wallets
Custodial wallets, such as Coinbase, offer many convenient services but with limitations. Users outsource the responsibility of their funds to the exchange, much like a bank. And like a bank, you are subject to their rules and regulations on how to use funds in their custodianship.
Noncustodial wallets, such as Samourai Wallet, give the user total control and privacy. It allows the user to manage coins, fees and connects to their own node. The responsibility is on the user, but that is the trade off for being sovereign.
4. Make your own cold storage
Buying hardware wallets, while convenient, pose risks. A better option is to create your own.
Something as simple as using a secondary phone, disconnected from the internet, works. It's simple, discrete and inexpensive. Here's an example of how…
5. Use privacy-enhancing tools and coins
Verify your own transactions privately, by running a node. Or connect to a friend or family member's node ("Uncle Jim"). Use coinjoin or swap in and out of privacy coins to obfuscate transaction history.
6. Spend using bitcoin
Instead of selling bitcoin for fiat on exchanges, try to use it in commerce. Look for companies or merchants who accept bitcoin. Use marketplaces such as Bitrefill or The Bitcoin Company to buy gift cards for goods. Try negotiating to pay your rent or doctor's bill with bitcoin.
After coinjoining, learn to spend post-mixed bitcoin. Sparrow Wallet has an excellent deep dive on the practice.
Bottom line, practice makes perfect.
7. Practice good Operational Security (OpSec)
Lay down a strong privacy-focused foundation and its easier to build and maintain.
Segregate devices for daily-use and one for bitcoin activities only
Use unique login details and a password manager
Lower attack surfaces by minimizing how many apps you have and use
Use pseudonyms online
Consider using a mail forwarding service for physical correspondents
When it comes to offline, better to be the gray man than to stand out with your favorite crypto shirt.
Additional tips
a. Set calendar reminders to audit your systems
Set calendar reminders to audit your systems regularly. Remove what's not working. Enhance what is.
b. Create guidelines for device/tool usage
Suppose you have two mobile phones. One is your daily driver, the other is for bitcoin. Set clear and simple rules for segregating their use.
c. Be patient
Privacy threat models are dynamic. They change with time. Building a good privacy system takes time.
Conclusion
Privacy and bitcoin are cornerstones of individual and economic freedoms. Understanding the nuances of bitcoin privacy and implementing strategies enhance security. Privacy is an evolving landscape, and your need for privacy changes over time. Start small, slow, and steady when it comes to building your privacy system.
Stay sovereign.
Rare Passenger / Block height 831 018