Bitcoin is often praised for its confidentiality, and lauded as an anonymous payment network. But the foundation of its “trustless” system, all bitcoin transactions are public to prevent user fraud.
In its early days, Bitcoin had a reputation for being unstable and did not represent a solid store of value.
Additionally, because of the anonymity factor, it had become infamous for being used by criminals, hackers and scammers. More notoriously, it was used for transactions on sites such as Silk Road (a peer-to-peer market known for offering goods and services illegal in many jurisdictions).
Yet, at its core, Bitcoin is one of the most transparent payment networks in the world, and actually provides very little transactional privacy.
Bitcoin does not make payments anonymous—just really hard to trace.
And privacy is not impossible, provided that you take some precautions.
A lot of people still think that digital currencies, or Bitcoin, is a good use for illicit activities. In actuality, it’s probably the worst mechanism that you could use for illicit activity.
Michael Sonnenschein, CEO of Grayscale Investments
Privacy of Bitcoin transactions
Whenever you want to receive bitcoin, you will always need to provide someone else with your public address—that’s the long string of numbers and case-sensitive letters that begin with 1 or 3 or bc1.
A public address is too long for a normal person to memorize—usually, about 35 characters.
Of course, your public address is not inherently connected to your name, your home address, or your computer’s physical location (like an IP address). Plus, bitcoin wallets aren’t linked to other identifiable information, like your social security number, your email, or your bank account information.
But, because you are giving your public address to someone to receive some bitcoin, there is some possibility that some information might allow another person to connect your public address to your real-world identity.
Now, the only information that could link you to your wallet’s public address is if the other party in the transaction knows who you are—that is to say, if the person sending you bitcoin knows enough information about you and your identity “in real life” then that person (or company) now has the knowledge that you own that public address—for example, if the other party asks for your name during your transaction then your name can be linked to your anonymous public address.
Think about it this way: if your email address is johnsmith@gmail.com, it doesn’t mean your name is John Smith—rather, your name could be Bob Simpson.
The important thing to remember is that, if another person knows Bob Simpson, and if Bob provides his public email address, then the other person who knows Bob’s email address will be able to connect his real-world identity (Bob Simpson) to his public address email (johnsmith@gmail.com).
In bitcoin, your public address is what you give someone else to receive bitcoin, just like your email address is the public information that you provide to receive an email.
And, as mentioned, a bitcoin public address is not easy to remember, like an email address (which is supposed to be easy to remember, and widely used more than once).
Regardless, the intuitive idea is that, with bitcoin, the more you use the same public address over and over, the more your identity becomes connected to your financial activity and holdings.
Bitcoin is a public ledger
One other important distinction is that, with bitcoin, every single bitcoin transaction is visible for anyone to view on a public ledger, called the Blockchain.
So, while Bitcoin appears to be anonymous on the surface, it is far more traceable than many other types of currencies that are being used by legitimate and illegitimate purposes.
In fact, despite being perceived as anonymous, Bitcoin is actually more transparent than other means of payment, such as cash—this is not some error in programming: bitcoin was designed this way; therefore, transparency is at the foundational core of bitcoin’s trustless blockchain system: a distributed ledger with theoretically limitless copies on computers and smartphones all over the world.
So, rather than entrusting third-party institutions (like credit card companies, banks and retailers) to keep track of global finances (like transaction records, account balances, and amounts due), bitcoin users can trust the blockchain to secure their bitcoin, which can only be sent and received using virtually unidentifiable case-sensitive alphanumeric addresses, or public addresses.
So, if the public addresses are public, then, anyone can see them; but, if they are not linked to personal information, and they are virtually unidentifiable, then are transactions really traceable?
Reusing bitcoin addresses
Because every bitcoin transaction is distributed on a global ledger with endless copies that are time-synced over the internet, and because the ledger is publicly available to everyone, and searchable, each bitcoin user needs to take any measures available to keep their identity more secure.
Remember, the blockchain is public, and it only takes one slip-up for you to be unmasked publicly, forever.
What this means is that a bitcoin address that is used more than once is slightly easier to trace.
This is why you should always generate a new address every time you receive bitcoin.
And, this only makes your identity less easy to trace.
Currently, even, if you didn’t take those precautions, and, even if your public address and identity are a bit easier to trace, it would still take millions of years with the current computers we have to be able to hack your wallet and steal your bitcoin.
However, if there was a weakness found with the current algorithm used to secure Bitcoin addresses—then the address would be significantly easier to break into if you continually used the same public key over and over.
Let’s be clear: for most people, receiving, holding and sending bitcoin is accomplished using a bitcoin wallet app on a smartphone, like an iPhone or Android device—most apps have a button labeled, “receive,” which allows the user to generate a new address each time they want to receive bitcoin from someone else—and this means that a new wallet address is probably generated for you, automatically, every time you use bitcoin.
But, if you are not using a smartphone device or app wallet that generates a new address each time, or, for any reason, if you use the same address over and over, your ownership of that one public address would further cement your identity as the owner; and once one user has been identified, researchers can use common digital forensic methods to trace all the contacts in the network.
Privacy by your wallet
Your wallet app allows you to receive and hold your bitcoin securely in your wallet, which should display a total balance, like a bank account.
Most wallets help you protect your identity on the blockchain by allowing you to generate a new public address for each transaction when you are receiving incoming bitcoin. And most wallets help you prevent user fraud by providing you with a 12-word seed phrase for backup purposes.
The problem with overall security and third-party apps is that most wallets are not doing enough to incorporate user privacy into the code of the transaction when sending bitcoin.
There are some alt-coins that are attempting this, such as Monero, ZCash, and Dash, which are prominent examples that were mentioned by Bitcoin developer Gregory Maxwell in an announcement thread on the Bitcoin Forum, bitcointalk.org, in August 2013, in which he announced the idea of CoinJoin to the world.
These alt-coins are an important part of the conversation, because the truth is that you can accomplish anything with bitcoin that you might want to achieve with these other alt-coins.
Which leads to the question: in a world where Bitcoin exists and has value, why would you want to create other coins to achieve the same result that can be accomplished with Bitcoin?
Introducing CoinJoin.
What is CoinJoin?
CoinJoin is an anonymization strategy that protects the privacy of Bitcoin users when they conduct transactions with each other, obscuring the sources and destinations of BTC used in transactions.
CoinJoin requires multiple parties to jointly sign a digital smart contract to mix their coins in a new Bitcoin transaction, where the output of the transaction leaves the participants with the same number of coins, but the addresses have been mixed to make external tracking difficult.
The process is also known as coin mixing.
It could be generalized that CoinJoin is a process used to anonymize Bitcoin transactions online; it involves a multi-party Bitcoin transaction where all parties to the transaction put in and get out the same amount of Bitcoin, but the addresses are mixed in the transaction making the origin of the coins difficult to trace.
CoinJoin is typically performed automatically by dedicated services that carry it out.
Performing a CoinJoin without such a tool is difficult and requires advanced coding skills.
In reality, criminals don’t need to use something like CoinJoin to hide their identity because they already have money laundering techniques that they use, or they will have other more technical and better means for moving their bitcoin through illicit channels to hide their money.
Instead, the idea behind CoinJoin was intended for average users, John & Jane Doe, to have more privacy because they won’t normally have the means or knowledge to hide their privacy.
Regular users need efficient and inexpensive privacy if it is to help them at all.
How does CoinJoin work?
CoinJoin involves a multi-party Bitcoin transaction where all parties to the transaction put in and get out the same amount of Bitcoin, but the addresses are mixed in the transaction making the origin of the coins difficult to trace.
By masking the deals made by all parties, an observer cannot with full certainty determine who sent bitcoin to whom.
Though the process seems clear in theory, in practice joining transactions is hard for several reasons.
In order for the participants in the joining to remain anonymous, they have to connect over a Tor network, they have to know quite a bit about coding, and they have to trust each other.
To conquer these obstacles, bitcoin developers used CoinJoin concepts to create apps with features that would make the process automatic for most common users, and the first attempts at implementing CoinJoin were incorporated into a few different wallets for widespread use.
Some of the earliest examples were Dark Wallet, JoinMarket, and SharedCoins. These platforms attempted to provide an extra level of data masking for users transacting in Bitcoin.
Later efforts include Wasabi Wallet.
What is Wasabi Wallet?
Wasabi is a user-friendly app to help bitcoin users enjoy CoinJoin technology, to protect their identity without needing computer programming skills, and that allows more people to feel comfortable when using bitcoin, which helps bitcoin to grow.
Wasabi is an open-source wallet that gives you full control over your bitcoin and makes it harder for third parties to spy on your balance and payments.
It does this by rotating addresses using CoinJoin technology.
You should still take care to use a new Bitcoin address each time you request payment, even though Wasabi does not disclose information to peers on the network when receiving or sending a payment.
But, you don’t need to trust Wasabi.
Wasabi’s system is trustless by design, and aligns with the true nature of Bitcoin’s core programming, which was always intended to be improved upon for the benefit of the community of users and miners.
With Wasabi, the participants do not need to trust each other or any third party, because the sending address and the receiving user addresses are controlled by your private keys.
Wasabi may coordinate the process of combining the inputs of the participants into one single transaction; however, the Wasabi wallet protocol can never steal your coins or determine which outputs belong to which inputs.
You don’t really need to be a programmer or find other bitcoin users, and that’s the point, because CoinJoin Technology requires some extra work, and seems a little complicated to the average user.
(You don’t even need to set-up Tor, because every Wasabi transaction runs through Tor by default.)
If you are interested in learning more, Wasabi has a great list of FAQs on their website.