Interacting with bitcoin privately
One of the first things most people hear about Bitcoin is that it’s “Private internet money” or “Untraceable Cash for criminals.” But spend more than 5 minutes to understand how the network functions and you’ll quickly see that these assertions are incorrect and can often lead newcomers into a false sense of security when interacting with Bitcoin.
We spoke in our recent coinjoin article about how Bitcoin has a completely transparent record of all transactions ever made, known as the blockchain. This transparent nature makes it trivial to verify the total circulating supply of Bitcoin at any moment, an incredibly important feature. However, Bitcoin’s transparent nature also makes it easier for chain surveillance firms, or indeed anyone using a block explorer, to attempt to track the flow of funds across the network. Not great for privacy!
At a transactional level, Bitcoin offers less than perfect default privacy guarantees, which can be combated with tools like coinjoin, but transacting is just one of the many ways in which we interact and expose ourselves to Bitcoin and the ecosystem surrounding it. A holistic approach is a great way to attack most things in life; Bitcoin privacy is no different.
So what steps can average Bitcoiners take to preserve their privacy whilst leveraging the power of the world’s hardest money? What follows are some tools and techniques anyone can deploy when looking to improve or protect their Bitcoin privacy. You might be surprised at how simple some of them are!
#1 – SHhh
This might seem blatantly obvious, but the fewer people you talk to about owning Bitcoin, the fewer people know you own Bitcoin. Aside from the obvious privacy benefits, this one also improves your Bitcoin security too. Attackers cannot attempt to steal something they have zero knowledge about.
Of course you’ll want to try and ‘orange pill’ your friends and family and you’ll also need to ensure you have the necessary things in place for inheritance planning should anything happen to you, both of which involve you exposing a certain level of information about your Bitcoin. Just be selective with the info you share and who you share it with – it’s a fine balance to strike.
#2 – Use a Pseudonym
This one goes hand in hand with #1, but is geared more towards getting involved in the vibrant online Bitcoin community. A pseudonym is a great way to make new Bitcoin friends from all over the world without the need to share any of your personal information with a group of strangers on the internet.
Signing up to Twitter or Telegram with a username like @JohnDoe makes it easy for anyone to search your name and find out significant amounts of information about you in just a few clicks. Now that they know you’re a Bitcoiner, they may choose to use this information against you at any point in the future.
Ultimately you have no idea who the real people are behind the usernames you interact with online, so it makes perfect sense to guard yourself with a pseudonym whilst building those relationships. From there you can choose to selectively reveal as little or as much information about yourself as you’d like over time.
#3 Use Tor or a vpn
Any time you connect to the internet you leak information about yourself. The two usual suspects are your IP address, which shares your approximate location with every website you connect to, and your browsing activity with your Internet Service Provider (ISP).
Visiting a Bitcoin related website? That website knows roughly where you live, and your ISP sees every page you view. Querying your Bitcoin balance using the default node back-end in a wallet like BlueWallet or Blockstream Green? That company knows roughly where you live and how much Bitcoin you have, and the ISP also see’s you connecting to them.
By carrying out those activities over the Tor network or whilst using a VPN service, you gain differing levels of protection against these sorts of privacy leaks. These tools work by hiding your browsing activity from your ISP and masking your IP address from the websites or nodes you connect to.
Where possible, try to use Bitcoin wallets like Envoy or Samourai Wallet that default to Tor connections. When using tools like public blockchain explorers or any Bitcoin related websites, use the Tor network or have a VPN service like Mullvad active to mask your true IP address. It’s worth noting here that whilst a VPN will hide your browsing activity from your ISP and your IP address from the services you connect to, the VPN provider can still see this information.
#4 Obtain via no-KYC methods
When purchasing Bitcoin from a regulated exchange like Cash App or River, you’ll need to provide personal information to satisfy the ‘Know your Customer’ (KYC) regulations imposed upon them. Usually this information will be your name, address, drivers license, or passport and in some cases, might even be a selfie or video asking you to turn your head and say some specific words. Any Bitcoin you then purchase from that entity is tied to your personal identity.
Your public information is stored by these companies (sometimes poorly) and likely shared with the government upon request. Unfortunately, this information is often leaked onto the internet by hackers, resulting in anyone with eyes on the leaked list learning your name, where you live, what you look like and potentially how much Bitcoin you own.
This information could make you a target to a local thief who might take the opportunity to pay you a visit and try to persuade you to hand over your hard earned sats. Although the more likely outcome is that you’ll become the target of phishing attacks where an attacker will send a bogus email asking you to login to a malicious website in an attempt to steal your Bitcoin.
Fortunately you can combat this by obtaining Bitcoin via methods that do not require you to share such excessive amounts of personally identifying information. These methods take many forms, below is a list of just a few of them. You can learn more at kycnot.me and nokyconly.com.
- P2P exchanges such as Bisq or HodlHodl
- Bitcoin ATMs (take care, as some still require KYC info)
- Earning Bitcoin
- Mining Bitcoin
#5 Run your own node
In #3 we spoke about the risks of network level privacy leaks when querying public block explorers or when using the default node option of some wallets. Another way you can combat these privacy leaks is to run your own Bitcoin node. A node is the way in which all Bitcoin wallets communicate with the Bitcoin network to send transactions and query balances. If you are not using your own node, you are trusting someone else’s node with your privacy and to serve you the correct information.
Thankfully today we have a wealth of different node options available to suit all requirements and skill levels. Some are as simple as downloading Bitcoin Core onto an old laptop to connect your hardware wallet to, and some come packed with more advanced features like personal block explorers, coinjoin implementations, Electrum servers, and Lightning Network features.
Which one you choose will depend entirely on your budget, requirements, available hardware, and skill levels. Just remember, to leverage the power of your own personal node, you must use it as the back end for your Bitcoin wallets! “Don’t trust, verify.”
#6 Address reuse
We have the legacy financial system to thank for this one! We are used to having a single account number which we re-use for years on end to receive money. That single number is the ‘place’ where we store our fiat wealth. Bitcoin is slightly different. In Bitcoin we have our wallet, which is typically backed up by a 12 or 24 word seed, and from that seed we can derive an unlimited amount of individual addresses.
Typically a Bitcoin address will look something like this bc1qrkgefmxzn6v3kuhkgxlf6lkul9y50ahf4ckrq8, although some older address standards can start with ‘1‘ or ‘3‘. Re-using the same address for multiple transactions tells anyone looking at the blockchain that all funds within those transactions belong to the same entity.
When receiving Bitcoin it’s good practice to use a new address with every transaction. This might sound like a logistical nightmare, but almost all modern wallets will automatically serve you a new one every time you receive, the only thing you need to do is not share the same one with different people. The wallet will automatically watch all of those addresses and show you your wallet’s total balance.
#7 coin control and labeling
The Bitcoin balance you see in your wallet is the sum of all of the smaller pieces of Bitcoin contained within. These pieces of Bitcoin are known as Unspent Transaction Outputs (UTXOs) and each will have a history, some of which belongs to you, some of which does not. If you use a wallet that automatically selects which UTXOs are used when making each transaction, you may be sharing unwanted transactional information with the recipient of the transaction or anyone surveilling the blockchain.
Additionally, if your wallet enables you to view and select UTXOs to transact with, but you do not know the source of each, how will you know which ones are best to use for the different transactional situations you find yourself in? By using a wallet that allows UTXO labeling and the selection of which UTXOs are used to construct each transaction (known as Coin Control), you are able to share the minimal amount of information when transacting.
A good practical example of this would be a wallet that contains both KYC and no-KYC Bitcoin. Ideally, you should not combine these two sources in a single transaction, because it will tie the no-KYC Bitcoin to the KYC Bitcoin that is linked your true identity provided when you purchased from the regulated exchange. If your coins are clearly labelled ‘KYC‘ and ‘no-KYC‘ then you can make an educated decision when spending those sats in the future.
#8 Use coinjoin
Those of you that read our coinjoin article will already have a flavor of what coinjoin is and why it’s important. Here is a snippet from the opening paragraph. ‘Coinjoin is a form of collaborative Bitcoin transaction where two or more users create a transaction that provides ambiguity about the ownership of the transaction outputs. This takes place without a user needing to trust any other user participating in the transaction.’
Coinjoin aims to combat the transparent nature of the Bitcoin blockchain by making it difficult for anyone surveilling the chain to track the flow of funds. There are many times of coinjoins a user can take part in to improve their ‘on-chain’ privacy. There are centrally coordinated solutions such as Whirlpool and peer-to-peer solutions like JoinMarket, Stonewall X2 and Stowaway.
A combination of some or all of these tools can be used to improve on-chain privacy, and with the exception of JoinMarket, all of the aforementioned tools can be accessed via Samourai or Sparrow wallets.
Bitcoin privacy is an constantly evolving phenomenon. For every new wallet feature or protocol upgrade, there is a shift in regulation or surveillance technology to attempt to combat it. The steps outlined above may seem daunting or lengthy, but in our opinion, are a small price to pay to achieve true financial sovereignty. Privacy in Bitcoin is not easy, but is attainable for those that seek it.
If you’d like to learn more about the practical application of some of these tools and techniques, check out bitcoiner.guide/privacy from our very own Bitcoin QnA and Jameson Lopp’s privacy resource page.
Passport restocks soon. (Pre-order now)