On April 4, 1933, probably only a handful of Americans were prudent enough to hold gold coins in their homes. There seemed to be nothing wrong with keeping the gold safe in the banks, after all. All of this changed a day later when President Roosevelt announced Executive Order 6102, "forbidding the hoarding of gold within the continental United States." Whoever trusted third party providers for their security and privacy suddenly found themselves rug-pulled. Only those with a healthy mistrust of the government and custodians had the power of choice. They could comply with the confiscatory order or they could hold on to their property.
That’s what privacy is all about, after all: maintaining the option to decide for yourself, not having others decide for you.
Privacy Is An Insurance Policy Against A Desperate State
Privacy is one of those things that you don’t really value until you lose it.
The present-day lack of concern for financial privacy is mostly a result of long-term conditioning. When it comes to financial matters, privacy has been demonized for a better part of a century now.
The coordinated attack on financial privacy began in the 1930s, during the U.S. alcohol prohibition. This nonsensical prohibition created a new type of risk-prone entrepreneur: the gangster. At the time, it was a struggle to prosecute gangsters in any conventional way, so the government pushed banks to inquire about their clients’ source of income. Those who couldn’t explain their earnings were charged with tax evasion. That’s how Al Capone ended up in jail.
Prohibition ended in 1933 but the foundation for the regime of financial surveillance remained. In the following decades, it was expanded in the name of wars on drugs and terror (both very questionable in their results and brutal in terms of collateral damage). Though the arguments for financial surveillance change over the years, there is one underlying motive for eliminating financial privacy: ensuring there is no escape from the tax regime. The tax Leviathan is an ever-hungrier beast that consumes everything in its wake. And it doesn’t recognize fair play.
The state sets the rules and the rules can change overnight. You can reassure yourself with, “it doesn’t happen here” — until it does. Who in 1933 expected that a civilized state like the U.S. would simply steal from its citizens via an executive order? In times of turmoil, national laws can change quickly and usually to citizens’ disadvantage. What is perfectly legal, such as holding your own gold coins or Bitcoin private keys, can be declared against the law in the future.
And we are living in times of turmoil right now. This is the end of the line for the 50-year-old experiment of pure fiat. The interest rates are staying at zero. The quantitative easing, the Fed repo operations, the stimulus checks — all here to stay. Without these programs the debt-addicted economy falls apart like a house of cards. The next move to keep it standing will involve the Orwellian construct that is central bank digital currencies.
And your bitcoin will be both a dangerous subversion of such an attempt and a lucrative target for taxation or confiscation (as if there really was a difference).
Privacy is an insurance policy against desperation, both of the private and public kind. But while you can legally protect yourself against the private thieves, it’s impossible to do so against the public ones. Your only mode of protection is ex ante, before the event. In other words, your only mode of protection is keeping yourself under the radar.
There Is No Privacy Silver Bullet
Privacy with Bitcoin is possible, but not by default. Bitcoin privacy works in the same way as Bitcoin security, in the sense that it’s ultimately up to you. There are tools, education resources, and people ready to answer questions; but you have to dedicate your time and take the necessary steps yourself.
The first thing to realize is that there is no silver bullet for privacy. No single app, wallet, setting or process will ensure your privacy in one easy step and for eternity. Privacy is a mental state. You have to want it and act accordingly on an ongoing basis.
Privacy is also a spectrum. There are many steps between transparency and anonymity. It’s desirable to make at least a small move away from complete transparency, even if you can’t achieve full anonymity. Don’t be the lowest hanging fruit.
Open Your Mind And Hold Your Tongue
The most powerful privacy tool is your mind and your mouth.
Most of us have made some mistakes when it comes to Bitcoin privacy: we bought from a shady exchange that now holds our personal data, we reused addresses, we merged coins that should have been kept separate and so on. Realizing these mistakes and searching for ways to mitigate them is the first step. Being aware of how to avoid any future mistakes is the next one.
But it’s crucial to remember that you can do everything right from a technical perspective and later undo the privacy gains simply by talking too much. You may have the best Shamir scheme set up, but how safe will it be if you blabber about it on a pub crawl?
Does that mean you shouldn’t evangelize Bitcoin to your friends and family? Not at all. Just remember that there’s a huge difference between talking about Bitcoin in general and talking about your bitcoin.
Make a strict mental line: questions about Bitcoin’s features and best practices are relevant, while questions about your personal stash, seed location or stacking strategy are not.
That being said, let’s dive into some practical tips for improving your Bitcoin privacy.
Avoid KYC Taint
Keeping bitcoin “clean” is a bit like taking care of your fancy clothes; while it’s good to know proper laundry techniques, it’s better not to get it stained in the first place. In the case of bitcoin, KYC is the stain. KYC stands for “know your customer,” a mandatory identification procedure that service providers (e.g. exchanges) have to perform on their clients.
There are two risks to your privacy when it comes to KYC.
This first risk arises from the transparent nature of Bitcoin’s blockchain. When you buy bitcoin on a KYC exchange and withdraw, the exchange operators are aware of your withdrawal address and can easily track your subsequent transactions. This also goes for any third parties with whom they share this information, such as government bodies. This particular risk can be mitigated by utilizing CoinJoin and coin control, where you mix coins with other users and keep track of where you got particular coins from and where you’re spending them next. Tools like Wasabi Wallet help a great deal with that. However, be aware that if you choose to improve your privacy through CoinJoin, some exchanges may view that as suspicious and refuse to accept your coins.
The second risk arises from the process of identification itself. If you buy on a KYC exchange, you will simply be known as a person that has acquired bitcoin in the past. This could be misused by criminals who may target you based on leaked user data. This information could also be used by the government in the future if the laws concerning personal bitcoin holdings change, a new tax on bitcoin holdings is enacted and so on. The only way to truly mitigate this risk is by selling the same amount of bitcoin you’ve previously bought and rebuying in a more private manner (peer-to-peer or bitcoin ATM, preferably for cash). This way you’ll have a record of not holding any bitcoin anymore. Note that selling may carry tax consequences. The other option is the “boating accident” excuse where you claim that you’ve lost the keys, your dog ate the recovery seed, etc., though this may carry unknown risks.
Exercise UTXO Hygiene
At the fundamental level, bitcoin exists in the form of discrete unspent transaction outputs (UTXOs). A UTXO is an amount of bitcoin that lies on your address as a result of a previous transaction. The UTXO is what the observer — an exchange, a chain analysis company — tracks and analyzes to build a graph of who owns which coins and where they have moved over time.
UTXO management can get tricky because you have to keep in mind that there is a difference between a UTXO, an address and a wallet.
Addresses are where the UTXOs are kept. You should only have one UTXO per address, meaning you should never reuse an address to receive multiple transactions. Address reuse helps the observer to link various coins to one entity. Avoiding address reuse is easy: your wallet knows which addresses already have UTXOs and which don’t; when you click “receive,” it will always give you an unused address.
A wallet holds your unique private key and its corresponding public keys which, in turn, determine the addresses controlled by that wallet. Be aware that even if you never reuse addresses and thus keep the UTXOs separated, you can still inadvertently link your UTXOs. If you attempt to send a 0.1 BTC payment but no single UTXO has that much value, your wallet will automatically combine multiple UTXOs in order to assemble the total target amount. Once this multi-input transaction is sent, the observer can see that the previously unconnected UTXOs were in fact owned by one entity.
You can set up multiple accounts in your wallet as long as it supports BIP32. This is especially useful if you have both KYC’d and non-KYC’d coins. By keeping them separated in different accounts, they will never be mixed in a multi-input transaction.
The more advanced solution is to label your individual UTXOs and select specific UTXOs for each transaction. This is known as coin control. This is currently possible with wallets like Electrum, Samourai, Specter Desktop or Wasabi. Hardware wallet vendors maintain their own wallet software and support for coin control varies: it’s available as an advanced option in Ledger Live and Trezor Suite is planning to include this feature in November 2021. You don’t have to use your wallet vendor’s software; all of the major software wallets support all of the major devices. However, using the vendor software has its advantages in the form of high quality UX, professional customer support, security updates and gradual rollout of duly tested features like masking your IP address via Tor or bumping transaction speed through replace-by-fee (RBF).
Don’t Leak Your IP Address
Even if you never buy through a KYC exchange and keep your UTXOs neat and shiny, you and your coins can still be linked together via your IP address. You can use a VPN service to obfuscate your location, but such services are still based on a trust assumption (you trust the service providers to not keep activity logs).
Using Tor is a better practice. Think of it as a kind of trustless VPN where there’s no one on the other end who can track your activity. Advanced wallets usually come with the option of routing all the traffic through Tor. For example, Trezor users simply have to turn the Tor Switch on in the Trezor Suite.
Concealing your IP address is especially important when you run your own Bitcoin node because that node advertises your IP address to the world.
Run Your Own Node And Block Explorer
When you connect to somebody else’s node, they can see all of the transactions you submit through them. When you look up your address balances or transaction details on a public block explorer, the operator can see that as well. When combined with an unobfuscated IP address, this can have serious privacy consequences.
The solution is to run your own node and, ideally, also a block explorer on top of it. You can either set up everything yourself with Bitcoin Core software, or you can go for one of the all-in-one products that set up a node for you and allow you to easily set up BTCPay Server or manage your Lightning Node (LN) and LN channels.
Privacy On The Lightning Network
The Lightning Network deserves at least some mention in an article on Bitcoin privacy. The common misconception is that Lightning payments are anonymous because they leave no blockchain trail. First of all, that’s only partially true. The prerequisite for a Lightning payment is an open payment channel, which first requires an on-chain transaction to take place. So if an observer has the UTXO and the identity already linked, they also know who owns the channel.
Channel openings aside, there are privacy concerns on the Lightning Network itself. While senders are quite private, recipients reveal quite a lot through their node IDs and invoices.
If you’re more interested about privacy on the Lightning Network, I highly recommend reading through Anthony Ronnings’s Current State of Lightning Network Privacy.
Conclusion
There are many aspects to privacy when using Bitcoin. This article barely scratches the surface of the various pitfalls and possible mitigations. There is no single solution that will protect your privacy, but rather each of us must routinely question if the actions we are taking will negatively impact our privacy. It is dangerous to be complacent about privacy — any information you share can be used to attack you or otherwise make you powerless, regardless of how safe you feel now. The key takeaway is this: be aware of the need for your financial privacy, make it a habit to learn about privacy and use the tools that are available to you to protect it.
This is a guest post by Josef Tětek. Opinions expressed are entirely their own and do not necessarily reflect those of BTC, Inc. or Bitcoin Magazine.