As world governments, corporations and individuals create and employ new surveillance technologies there will always be situations where privacy and discretion are of the utmost importance, especially in financial matters. Bitcoin is commonly referred to as an anonymous currency, but that’s not inherently true and the technicalities of the issue have been the topic of much debate. The fact of the matter is, in order to maintain anonymity online, and in life, awareness and caution must always be practiced, every step of the way.
Last month, the U.S. House of Representatives voted in favor of CISPA, the latest aggressive cyber-security legislation that puts online privacy in a harsh spotlight. CISPA could create security vulnerabilities surrounding all Internet communications up to and including Bitcoin transactions. The most direct threat to personal privacy would be the acquisition of ISP and Web server activity in the form of logs or eavesdropping on specific channels. This would make all unencrypted communication available for analysis and interpretation. Strong encryption for popular communication technologies (email, instant messaging, etc) is easy-to-use and publicly available, as is full-disk encryption for local file storage, but this only begins to guard personal information and mostly protects the communication contents as opposed to protecting the user’s identity. To prevent network eavesdroppers from identifying who is actually connecting to whom or where, it’s best to use a trusted VPN, proxy, and/or TOR to obfuscate network traffic flow. Beyond network and data analysis, it’s a question of who can be trusted with personal information. Social engineering techniques have always favored human exploitation to acquire target information and that is not likely to change, regardless of technological advancements.
Not everyone needs to remain anonymous all of the time. In regards to Bitcoin, the identity of an address owner is only anonymous as long as the owner works to maintain their privacy. Bitcoin addresses and transactions are all kept in the clear, publicly available for anyone to see and trace. This is by design and is absolutely essential to the decentralization of the system. Publishing an address somewhere on the Web along with personal information, like a name, is the easiest way to draw an immediate connection between an address and it’s owner and see all related transactions, past and future. If an interested party deems a transaction or user worth investigation, it’s easy to determine where the coins in question have circulated, possibly linking to an account containing personal information. While CISPA could make all user data available from exchanges and law-abiding companies, some of the big players have already made it clear that they will bow to court demands for user information upon request, with or without new legislation.
As a user of Bitcoin, it’s vitally important to always be in control of your addresses. For maximum privacy: use strong encryption for local data, connect to the Internet through a secure channel and use an offline wallet or brain wallet. As of the current release, the standard Bitcoin client often sends coins from any and possibly all addresses that a user has connected to that wallet, however there is a third-party patch that gives users the option of which address to send coins from. Take extra steps to ensure no data is left behind on your local machine by using a linux live boot distro and/or virtual machine. In order to have a reasonable expectation of anonymity when using Bitcoin, the initial acquisition of the Bitcoins must be anonymous and great care must be taken with every subsequent transaction. Sometimes it’s best to stick to traditional means and meet traders in-person, with a laptop and accessible Wi-Fi. Depending on the individual’s need and purpose for using Bitcoin, there are various points of potential identification that could expose the address owner and possibly others as well.
It’s always a good rule, when trying to remain unnoticed, to not make large, rapid movements. Small transactions to various accounts, spread over any period of time, are much more likely to get ignored whereas a single, large transfer can immediately garner possibly unwanted attention. Therefore, it seems logical to actively keep several addresses with smaller balances and move funds to new addresses on a semi-regular basis. The general suggestion is to use an address only once per transaction. This strategy can be a hassle, especially in situations where repeat payments are being made on a regular basis but would make analysis and identification very difficult.
In especially sticky situations, where specific coins could lead to dangerous assumptions, there are Bitcoin laundry services (or “tumblers”). The concept is pretty straight-forward, coins sent through the tumbler are exchanged for different coins and sent on to another address of the sender’s choice, minus a small percentage as a fee. This is unlike money laundering in the fact that it doesn’t serve to aid in reintegration of illicit funds into a legitimate system but it does make the transaction almost impossible to track. Most eWallet services also offer this functionality to users who use them, exchanging deposited coins for entirely different coins upon transfer. According to the Bitcoin wiki, “Bitcoin anonymity techniques involving bitcoins worth large amounts of money … is illegal in most jurisdictions, being in violation of anti-structuring laws“.
Ultimately, privacy and security starts and ends between the ears. If funds need to be moved in a discrete and private manner or a transaction can potentially be used to incriminate the participants in some way, then there are steps that can be taken to protect the identities of the involved parties. This feature is not part of the original design of Bitcoin and it may not ever be bolstered more than at present, but, as with paper and metal currency, determining the owner of an address may require more than looking inside their wallet or purse. While complete and permanent anonymity is unattainable, given enough investigative resources, there will always be useful techniques that help protect netizens and bitcoiners from evil-doers and tyrannical governments who could do major damage with the right piece of information to spin.