Bitcoin

Bitcoin Isn't Anonymous. Is That a Dealbreaker?

As the cryptocurrency continues use, issues of privacy and fungibility crop up.

|

Bitcoin is great. It allowed distributed online value transfer for the first time. No longer do people need to rely on a trusted third party—which can be pressured, corrupt, or incompetent—to move money on the internet. Better yet, that money is hard money, and it cannot be opportunistically inflated to the detriment of holders.

But impressive as it is, bitcoin isn't perfect, and it's not magic. It's a technology, and every technology needs to make engineering trade-offs.

One of the trade-offs that bitcoin needed to make was between decentralized consensus and anonymity.

Bitcoin's core innovation was to replace a trusted central payment processor—like a bank or credit card company—with a decentralized network of computers. This was not easy to do. The distributed computers needed some way to verify how much money people had and make a record of each transaction. This is called a consensus mechanism.

The bitcoin network attains consensus through what is called a proof of work function. Each transaction is time-stamped and linked together in the public ledger called the blockchain. The blockchain allows everyone to agree on who owns what coins, and where they should go.

This was a brilliant hack. It overcame two longstanding problems in computer science called the Byzantine General's problem and the double spending problem. And it has worked incredibly well, spawning a host of digital currency projects inspired by these breakthroughs.

But this breakthrough came with a trade-off. The blockchain ledger that allows for distributed consensus is radically transparent. Transactions made on the bitcoin blockchain are recorded and visible to everyone for all time. There are no do-overs. And it's possible to trace where and how bitcoin users acquire and spend their funds.

It is true that you can create as many wallets—kind of like an email address for sending and receiving bitcoins—as you want. If one address is linked to your identity, you can simply generate a new one and try to keep it anonymous.

And there are tools to conceal bitcoin transactions.

One of them is called a CoinJoin, and it's a way to combine a bunch of different transactions into a single output that conceals senders and recipients. CoinJoins have been around for a while, but they've found new popularity since the privacy-focused Wasabi Wallet integrated it for ease of use. Still, they are not standard on the bitcoin protocol. And CoinJoins still leave a trail, obfuscated though it may be, on the blockchain.

This might not seem like a huge deal. Most people mostly abide by the law, so they don't worry about their public transaction history. In fact, some people think blockchain surveillance is a socially good thing, since it helps authorities nab their targets. (They might sing a different tune if they were on the outs under a repressive state.)

But bitcoin's radical transparency could be a problem for even the goodiest of two-shoes.

The problem is that bitcoins can be tainted by a previous owner's activities. Let's say someone uses bitcoins to commit a crime—let's say it's something victimless, like gambling. The deed is done, and they shuttle their filthy lucre through an offline transaction to hide their tracks.

Eventually, those coins end up in the hands of a completely unrelated party. He receives them legitimately, and wants to send them to a third-party operated exchange. Imagine his shock when the exchange refuses his funds, telling him they have been blacklisted. The authorities have traced the blockchain and determined he has hot loot. He might even have to turn over his bitcoins.

This is an illustration of bitcoin's possible fungibility problems. A fungible currency can be exchanged one to one with no differentiating aspects. An ounce of gold is an ounce of gold, no matter where it came from. Because bitcoins can be traced, and possibly blacklisted, people worry that it may not be truly fungible. Tainted coins may be worth less than "clean" ones, because they are less saleable, which means that 1 BTC does not always equal 1 BTC.

Though there have been isolated cases, so far this does not seem to be a huge problem. But the growing blockchain analytics industry does not help matters. These companies sell services to governments and business for the explicit purpose of blockchain surveillance. For instance, Coinbase, the world's largest Bitcoin broker, recently acquired the blockchain analytics firm Neutrino, which was associated with the government malware vendor Hacking Team. This may help cryptocurrency businesses remain compliant. But it could hurt overall network fungibility.

Importantly, this could even affect users who do not interface with third party providers at all. They likely interact with people who do, so their coins could be less valuable in the overall bitcoin economy.

It could also affect people who undertake privacy-preserving measures like CoinJoins, since exchanges could blacklist such coins for "looking suspicious." Developers are working on a technique to make privacy-preserving transactions indistinguishable from normal transactions, called Schnorr signatures. But while it may muddy the waters a bit, it does not "break the trail of crumbs" that could taint a coin, nor would it erase established blockchain history.

It is clear that fungibility could be a problem for Bitcoin. It is unclear exactly how it will be handled.

Perhaps bitcoin developers and service providers can build in better privacy features, like CoinJoins and Schnorr signatures. Second layer technologies like the Lightning network can also help.

Improving what we already have is an attractive option. Bitcoin is a known quantity, and very secure. It has both the Lindy and network effects on its side. But the problem of how to deal with existing "taintable" coins is a tricky one.

Maybe explicitly privacy-preserving cryptocurrencies will gain in popularity. They borrow the techniques developed by bitcoin and enhance them with built-in privacy measures.

One example is Monero, which does not track transactions on a public blockchain by default like bitcoin does. It uses techniques called "ring signatures," "confidential transactions," and "stealth addresses" to conceal transaction data. Monero is distributed, just like bitcoin, but it validates transactions in a way that does not require radical transparency.

Importantly, there are ways to audit the network and verify that people have the coins they say they have without divulging any specific information about identity or amounts. But Monero auditing is less straightforward than on the bitcoin network, and could present its own downsides. Plus, it's fairly new, and could prove less robust than bitcoin.

There may be ways to enjoy Monero-style privacy techniques without needing to implement them on the underlying bitcoin protocol. This is the promise of a conceptual framework called "sidechains," which is a way to peg and transfer assets among different blockchains. This is an attractive idea, but sidechain deployments are still in the early days.

If Satoshi Nakamoto knew then what we know now, maybe he would have integrated Monero-like features into the bitcoin protocol from the start. (Or maybe not.) But these techniques were only developed after observing and learning from the bitcoin project. We can't redo history.

Bitcoin is not going away, and it has allowed remarkable arrangements that were not possible before. When it was created, it was the closest thing to a fully permissionless digital cash system we had. New privacy developments can make cryptocurrencies like bitcoin even more fungible. It's something that bitcoin users should think carefully about.

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

37 responses to “Bitcoin Isn't Anonymous. Is That a Dealbreaker?

  1. The primary purpose of all of these currencies has always been speculative investment. Few people are using any of these currencies to buy real stuff, and the real things people are using Monero to buy aren’t necessarily mainstream.

    Etherium looked promising as a way to facilitate the use of all sorts of blockchain technology, but those still haven’t really emerged, and when you superimpose Etherium’s market value chart against Bitcoin’s, they’re practically identical–which means Etherium is still trading as a speculative investment and driven by the same market forces that are driving speculative investment in Bitcoin.

    The most mainstream use of cryptocurrency is likely to be the one Facebook announced a couple of days ago, but anyone who thinks of privacy when they think of Facebook should have their head examined. Meanwhile, Facebook’s implementation is seeking investors to provide a peg against Facebook’s currency–meaning they don’t trust the value of the currency to be stable if based only on its utility. They’re just trying to find new ways to keep you glued to Facebook.

    The privacy aspect of cryptocurrency is mostly a liability to mainstream adoption anyway. Cash in the form of the U.S. dollar is easy to steal because it’s anonymous. The “privacy” of cash is one of the reasons why people might want to move away from it and into cryptocurrency. “Privacy” is preferred in the underground economy, but with the legalization of cannabis, that probably isn’t a growing economy. Half the country can buy cannabis with a debit card.

    If there were another currency crisis like the “Asian Flu” of the 1990s, that might make people want to start using cryptocurrency and keep it private, but apart from that . . . we’d probably need to see out of control inflation, the government criminalize guns, ammunition, and pr0n, etc.

    Private property is a good thing in the mainstream when both the government and the public knows who owns what. Don’t expect that to change. Techno optimists were always way too optimistic. Technology is a tool, like knives and cryptocurrency, and just like knives can be used by the government to torture political prisoners, cryptocurrency may prove to be the worst thing that ever happened to our privacy. If and when cryptocurrency goes mainstream, it may be when the government decides to convert the U.S. dollar to cryptocurrency–so they can easily track our every transaction.

    1. When bitcoin was the only blockchain cryptocurrency, it was simultaneously a store of value and a medium of exchange. It only became a speculative investment vehicle when the price crossed $1000 in 2014 or so.

      Ironically, it’s value as a medium of exchange suffered as a result of becoming a speculative vehicle and transfer prices becoming non-negligible for the first time. Medium of exchange encompasses a few different scenarios:
      1) face-to-face transactions like buying a pizza
      2) Micro transactions and automated contracts
      3) Payroll
      4) Online payments
      When BTC encountered competing cryptos, they focused on #1 and #2. BTC is still very good at big and medium secure transfers between parties with partial to low trust.

      Store of value: BTC is still very good at this. There is tons of development to allow non-coders to buy and keep BTC and track crypto news, so that BTC hodlers can watch crypto fads come and go, and so that value-storers can avoid buying BTC in its unavoidable asset bubbles. Asset bubbles are a perfectly natural thing, and not a problem for BTC hodlers. Like any investment or information system, you should have a diverse backup or diversification. Consider gold or ETFs as an alternate store of value during a bubble.

    2. The most mainstream use of cryptocurrency is likely to be the one Facebook announced a couple of days ago,

      ZuckerBucks? Ye Gods, I knew this day would come.

  2. There’s also the small problem that it takes hours to validate a bitcoin transaction, a time period over which the value of coins being traded could fluctuate wildly. Unless you pay a fee to prioritize your transaction, then you might only have to wait 20 minutes!

  3. great stuff. the fungibility issue was not obvious. if you buy a used car that is later determined to be connected to a crime, the most likely negative impact to you is a period of lack of use. outright confiscation is unlikely, even with rampant civil asset forfeiture. if you come into possession, through ordinary legal transactions, of cryptocurrency that is connected to a crime, isn’t outright confiscation much more likely?? second order effects and the law of unintended consequences could be a big deal here.

  4. Blockchain technology is the future trend. I invest in Bitcoin, but I insist on the opportunity for Bitcoin to grow.

  5. […] Bitcoin Isn’t Anonymous. Is That a Dealbreaker?  Reason […]

  6. Imagine his shock when the exchange refuses his funds, telling him they have been blacklisted.

    So using bitcoin is a bit like driving a Tesla.

  7. Blockchain as a cryptocurrency will end up being near useless. The first honest govt that sets up a cryptocurrency will obliterate that usage for all others. Course honest and govt go together like garlic and gummi bears but still. It will happen eventually.

    Bitcoin itself has an astonishingly crappy, inefficient, and unnecessary crypto protocol – a single transaction uses as much energy as 14 households do in a day; the network uses as much as Colombia – and that ain’t really gonna change. So no matter what network or Lindy effect it has now as the first in the space will erode since that is a frictional cost that can’t be overcome. The first adopters desire to ‘make bitcoin work’ is actually delaying better implementations of public blockchains – akin to every early car designer deciding that steam is the future and poohpoohing all alternatives cuz sunk costs.

    1. “The first honest govt that sets up a cryptocurrency will obliterate that usage for all others.”

      Premise fault. There are no honest governments (I’d call them States). Ergo, you are arguing about which unicorn could fly the farthest.

      “It will happen eventually.”

      If a State makes a currency that cannot be inflated, it cedes most of its true power. State don’t do that, it violates their Iron Law to increase or protect their own power.

      1. A currency doesn’t need to be eternally inflation-proof until humans live forever and never need to transact. Currencies only need to be a store of value between TRANSACTIONS. If you want some eternal store of value (assuming such a thing exists), then you use a currency to INVEST in something. Anyone who simply hoards the currency is a moron.

        This all comes from the notion that gold has been a good currency. It actually sucks as a currency. If it were a good currency, gold coins would actually have circulated back in the day. They didn’t. They were deposited into banks cuz they were useless in most transactions – which meant the ‘gold-standard’ actually became a ‘gold-note-iou-from-a-bank’ standard. And bitcoin is nothing but an attempt to ‘fix’ the problems of that ‘gold-note-from-a-bank’ standard. It’s a fool’s errand.

        1. “Currencies only need to be a store of value between TRANSACTIONS.”

          That might mean hundreds of years…

          “If you want some eternal store of value… then you use a currency to INVEST in something”

          Why must you do that?

          “This all comes from the notion that gold has been a good currency. It actually sucks as a currency. If it were a good currency, gold coins would actually have circulated back in the day.”

          They did, until they didn’t.

          And no, that’s not where my notion comes from. It comes from “Human Action” (shoutout to Mises).

        2. And here’s a question for you:

          If you had the choice between a currency that experiences (price or monetary) inflation and one that doesn’t, which one would you use and why*?

          *There is an answer here that makes the inflation currency look good in one circumstance.

          1. I would use the currency that is accepted by the merchant I want to do business with. If he only accepts some currency that is impossible to acquire at a reasonable price because it is the object of HODLers who never transact and only hoard because in 300 years they think it will be worth something to someone, then guess what – the price that merchant is charging is gonna be completely unreasonable compared to a merchant who recognizes that a currency must also be a MEDIUM OF EXCHANGE.

            Let me repeat – store of value ONLY applies between transactions. The entire function of money is to facilitate trade. You wanna hoard that’s fine. But that is more often the sign of a psychological disorder than it is of something called ‘money’ or ‘currency’.

            1. I see you ignored ceteris paribus. I also see you “begged the question”.

              “store of value ONLY applies between transactions”

              Ergo, any retirement savings I may have could have halved in purchasing power by the time I transact with it.

              “You wanna hoard that’s fine.”

              Strawman.

              “But that is more often the sign of a psychological disorder than it is of something called ‘money’ or ‘currency’.”

              Appeal to ridicule. Did you know that gold-backed currency was mildly (price) deflationary until the Federal Reserve showed up? So saving for the future meant literally just holding dollars.

              (I’ve notice by doing this for 20 years or so that when people are proven wrong, they make more and more logical fallacies to try to “win”.)

              Ceteris paribus, would you use the inflationary currency or the non-inflationary currency?

              Remember: “Good money drives out bad”.

      2. BTW – that friction cost of bitcoin (14 household-days worth of electricity for every single transaction) is effectively a de facto form of inflation – a destruction of the value it held immediately preceding the transaction.

        1. How is that a form of inflation? It’s more like a transaction cost, or maybe a sort of “ledger warehousing” cost. Mining new coins is definitely inflation, but nobody disputes that.

          1. Maybe seigniorage (or coin-clipping) is a better word. Except in the case of bitcoin unlike regular metal coins the seigniorage is extracted with every single transaction forever unlike a mere one-time cost when the thing is first produced. The end result is the same. ‘Mining new coins’ is pragmatically not much different than ‘the bitcoins will ultimately end up controlled by miners’.

            The entire first generation algorithms of public cryptocurrencies are structured as a get-rich scheme for miners and early adopters. The first-users and production-controllers extract value at the expense of later users merely for possession of the thing. That paradigm also destroys the use case for those first blockchains. Why should later users be the sucker?

            More recent algorithms are far better. But that means developers have to actually develop uses that are valuable – and that’s harder than hyping what they already possess.

            1. ‘Mining new coins’ is pragmatically not much different than ‘the bitcoins will ultimately end up controlled by miners’.

              Maybe, but I’m not sure what that has to do with the original post. Profit from mining new coins is seignorage, I agree. But that isn’t the same thing as a transaction fee. Eventually, there will be no new bitcoins to mine (other currencies have made other choices). At that point, inclusion of transactions in blocks is literally a transaction fee. It is neither seignorage nor inflation. As ace_m82 points out below, it’s also a transaction fee that is much smaller than the alternative, especially for medium-large and cross-border transactions.

              The entire first generation algorithms of public cryptocurrencies are structured as a get-rich scheme for miners and early adopters.

              I certainly don’t think it was intended this way. The first generation of algorithms were designed to achieve Byzantine fault tolerance and avoid double spends. They definitely aren’t perfect, but I don’t think it’s fair to automatically characterize them as a get-rich-quick scheme (otherwise, mining rewards wouldn’t periodically halve and eventually cease). To the extent that later users are harmed by the mining activities (which are diminishing, especially as a fraction of total BTC circulation), they are also harmed by fiat printing activity, which is not even remotely transparent.

              More recent algorithms are far better. But that means developers have to actually develop uses that are valuable – and that’s harder than hyping what they already possess.

              Absolutely, ensuring a good user experience and an actual advantage over other technologies is an important part of this whole scene. I think those who overhype it do it a disservice, but there are a lot of people working on making cryptocurrencies real-world useful things.

        2. To add on to what Metazoan said, it’s a transaction cost that is a paltry sum compared to the current transaction cost of having the State exist.

  8. Distributed verification requires transparency. This is axiomatic.

    Either:
    1. Trust an organization (i.e., a government) to guarantee your anonymity by leaving verification to them. [These bills are valid because the government guarantees they are. Where they’ve been is nobody’s business and doesn’t need to be.]
    2. Trust an extra-organizational source (i.e., blockchain) to guarantee verification by guaranteeing complete transparency. [These coins are valid because I checked the public record all the way to the source, just as anyone else can.]

    You can never have complete trust in the value of the currency, and complete anonymity, at the same time.

    Personally I think the transparency problem dooms bitcoin in the long run.

    1. You can never have complete trust in the value of the currency, and complete anonymity, at the same time.

      I don’t think this is quite true. Cryptocurrencies like ZCash can encrypt both the source and destination addresses, as well as the amount transferred. Verification is achieved using a zero-knowledge proof that reveals only that the transaction was valid and created no new money, so it doesn’t require transparency to have verification.

  9. The biggest problem is that you need to use a legal currency to pay the taxes that the government demands. For your property taxes, for your VAT, for your car registration, for your old age pension taxes, etc, etc, etc.

    And the US govt, at least has declared that it will not accept any bitcoin or other New Currency as payment. And it has declared that if you do own such things, then they are considered collectibles, and you must track all of the events where you transition them from the New Currency into the “local legal currency”, at the current rate of exchange, and you must account for every one of those taxable events in your income tax return.

    This is not a trivial event, unless you only do it a few times/year. You don’t want to have to do it for every credit card transaction, or every time you buy groceries or gas, or pay your electric bill or cell phone bill.

    This is just a fad. The only real currency that seems to have become accepted, and inflation-proof, is the $US. The Federal Reserve Bank seems to be able to just print more money every year, and the Congress just spends it, and it doesn’t seem to affect inflation. No other government has been able to pull this off without triggering massive inflation, but the Fed has done it. No one can explain why.

  10. As a practical matter, Wasabi will anonymize your bitcoin. Problem solved.

  11. I still maintain that I trust crypto even less than central banks from moderately stable countries… They have NADA backing them. At least the USD has nukes, natural resources, land owned by the feds, etc etc etc.

    IMO, crypto COULD be a really useful low cost transaction system… But as far as it being REAL money in and of itself… Not so much. Bitcoin itself was very poorly thought out in terms of use as a currency. It needed to scale to having a higher number of coins being created, based on how many transactions were being done, which would keep it’s nominal value more stable. But some properly thought out crypto could be used as a great transaction system, with some pseudo monetary aspects to it.

    Of all the ones I’ve looked into, they’ve all been poorly constructed. I don’t care enough to look into it all again, as who cares?

Please to post comments