Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bitcoin Perfectly Anonymous — Until You Spend It

Posted by Unknown on from the cover-your-tracks dept.

jfruh writes "One of the great attractions of Bitcoin as a currency is that it's completely secure and anonymous. But according to researchers (PDF) from UC San Diego and George Mason University, that anonymity starts to vanish the minute you exchange bitcoin for real-world items or conventional currencies. The researchers tracked transactions across the Bitcoin ecosystem and found points where it would be easy for a government with subpeona power to find the identity of a Bitcoin user. They also concluded that the currency wasn't especially attractive for money-laundering purposes." Graph theory explains many things.

37 of 147 comments (clear)

  1. Of course. by ls671 · · Score: 3, Insightful

    Of course, nothing is really anonymous. It is just a cat and mouse game.

    --
    Everything I write is lies, read between the lines.
    1. Re:Of course. by Anonymous Coward · · Score: 3, Funny

      Of course, nothing is really anonymous. It is just a cat and mouse game.

      Nothing is really anonymous either. Just look at all the 'hacked' exchanges or a 51% attack.

      And furthermore, nothing is really anonymous.

    2. Re:Of course. by MickyTheIdiot · · Score: 2

      I don't think I really care if it is anonymous or not. Anonymity is quite useless if you are buying real world goods. Even sending items to a 3rd Party P.O. box gives some hint as to identity.

    3. Re:Of course. by lgw · · Score: 4, Interesting

      I'm unsure why people think Bitcoin is any kind of anonymous in the first place. Every transaction must be widely published for processing (in theory, ever miner can see every transaction). The entire money flow, every transaction worldwide, is known. Does anyone still think the NSA doesn't know every bitcoin transaction ever processed? Does anyone still think an IP address (with timestamp) is anonymous in any way?

      The only anonymous in Bitcoin transaction is one where you hand someone the "wallet". Transferring your secrets, especially by hand, is as anonymous as handing cash to someone, but that's not really the intended model, or a particularly useful one.

      --
      Socialism: a lie told by totalitarians and believed by fools.
    4. Re:Of course. by Anonymous Coward · · Score: 5, Funny

      Of course, nothing is really anonymous. It is just a cat and mouse game.

      Nothing is really anonymous either. Just look at all the 'hacked' exchanges or a 51% attack.

      And furthermore, nothing is really anonymous.

      I disagree. I think that nothing is really anonymous.

      Cowards are anonymous. And nothing. But other than that, nothing is anonymous.

    5. Re:Of course. by tnk1 · · Score: 2

      The hand to hand method *could* be useful to launderers or certain types of black marketeers. One of the ways in which governments are controlling the use of cash as a method of serious transaction is by making sure that only relatively small denomination bills exist. For those that are larger, there are fewer and they are more closely tracked.

      With a bitcoin "wallet" transferred manually, you do lose much of the convenience of having a computer generated currency like that, but you have the increased ability to use manual methods for untraceable exchanges of value. You could, in theory, transfer a billion dollars equivalent of bitcoin by handing someone a USB drive and it would go completely unmonitored.

      Of course, that assumes that there is a billion dollars in bitcoin out there, and that you can somehow exchange it for cash, or goods and services, on demand. It is doubtful that governments will ever make it easy to use bitcoin in the general economy, for the very reason that they want to maintain their carefully monitored monopoly on money intact.

    6. Re:Of course. by Teancum · · Score: 2

      The only anonymous in Bitcoin transaction is one where you hand someone the "wallet". Transferring your secrets, especially by hand, is as anonymous as handing cash to someone, but that's not really the intended model, or a particularly useful one.

      That is how the physical bitcoins themselves work. The authentication keys are printed on the note or physical coin which can be converted back to electronic currency at any time by the recipient. They can also be verified during each transaction for the paranoid, even though there is an element of trust involved.

      There is also the "sneaker net" version of bitcoin transactions which also could work as well, for at least exchanging bitcoins from one person to another if you want to perform "off-grid" transactions. With that version of transaction (assuming the network itself is down) is that you build up the transaction history that gets posted globally once you get back to a computer which is connected to the internet. As long as you have a Raspberry Pi computer (or equivalent) and some sort of power source, including a solar panel, you could certainly conduct Bitcoin transactions with comparable security. There is a slim potential of double spending in such a situation, but even that could be verified or at least caught. Double spending would definitely be caught by the global network and such transactions would be invalidated.

  2. Bitcoin users are working on a fix: CoinJoin by Anonymous Coward · · Score: 5, Interesting

    Check it out, https://bitcointalk.org/index.php?topic=279249.0

    1. Re:Bitcoin users are working on a fix: CoinJoin by Anonymous Coward · · Score: 2, Informative

      No, zerocoin is not further along. Zero coin has made only imaginary progress. It requires rewriting the bitcoin protocol, and involves transactions which are very slow to validate. People are already using that coinjoin stuff.

    2. Re:Bitcoin users are working on a fix: CoinJoin by maxwell+demon · · Score: 2

      I have a system which is ready to use, and completely anonymous: Trustcoin.

      The trick is that the coins only exist in your head, so no trail at all is left, except if someone listens directly to a transaction (and even that part can be made anonymous with known techniques).

      It works as follows: You simply remember how many trustcoins you have. If you need to pay someone, you just say e.g. "I pay you five trustcoins" and subtract the five trustcoins in your head, while the other person adds the trust coins to the trustcoins they have in their head.

      You probably already can guess why I called them "trustcoin": You have to trust the other party if you accept them.

      --
      The Tao of math: The numbers you can count are not the real numbers.
    3. Re:Bitcoin users are working on a fix: CoinJoin by Anonymous Coward · · Score: 2, Insightful

      Meh, sounds a lot like a Hawala network.

  3. Just like IRL by atom1c · · Score: 3, Insightful

    You can live a cash-only life in hopes of improving your odds at general anonymity, but every time you stand in front of a CCTV camera you are exposing yourself to the world.

    1. Re:Just like IRL by gstoddart · · Score: 5, Funny

      every time you stand in front of a CCTV camera you are exposing yourself to the world.

      No, the judge was very clear that I'm not allowed to do that any more.

      --
      Lost at C:>. Found at C.
    2. Re:Just like IRL by invid · · Score: 3, Interesting

      Just wait until it is mandatory for vendors to scan currency serial numbers at every transaction.

      --
      The Moore-Murphy Law: The number of things that will go wrong will double every 2 years.
    3. Re:Just like IRL by lgw · · Score: 4, Informative

      Most people don't realize it's already mandatory (in the US) to scan currency serial numbers at every large transaction with a financial institution. The government is content with that, so I assume it gives them all the power they need, or they'd demand it of all merchants.

      --
      Socialism: a lie told by totalitarians and believed by fools.
    4. Re:Just like IRL by CreatureComfort · · Score: 2

      [citation needed]

      I have NEVER seen any cash I've handed over scanned as it went into the till of the cash register. Once it is there, there is no way for them to track a specific bill from the drawer back to me, especially if it's given to the next person in line as change.

      I call BS.

      --
      "Unheard of means only it's undreamed of yet,
      Impossible means not yet done." ~~ Julia Ecklar
    5. Re:Just like IRL by i+kan+reed · · Score: 2

      I did a little bit of software work for a company that did that. They scan outbound from ATMs, and inbound from cash registers as money is turned in. They use data mining to locate likely(marketers don't care about being absolutely right) repeat buyers, whose identities they get from the banks.

  4. Two Comments by Anonymous Coward · · Score: 3, Interesting

    1. If you mine them with a pool, and connect your wallet client to the net via a proxy or VPN, they may as well be anonymous.
    2. There are bitcoin laundering / "tumbling" services available.

  5. Is anybody surprised? by gstoddart · · Score: 2

    So, you mean if I have a transaction for $576.23 from Bob's Porn emporium, someone can sift through the transactions for $576.23 and figure out that was me?

    Well, color me completely un-surprised. I'm not sure I've ever believed it was anonymous -- aren't the signatures of everyone who ever spent it tacked onto it?

    --
    Lost at C:>. Found at C.
    1. Re:Is anybody surprised? by Teancum · · Score: 3, Informative

      So, you mean if I have a transaction for $576.23 from Bob's Porn emporium, someone can sift through the transactions for $576.23 and figure out that was me?

      Well, color me completely un-surprised. I'm not sure I've ever believed it was anonymous -- aren't the signatures of everyone who ever spent it tacked onto it?

      It isn't quite that, but it is more. Most people use the same traceable money pool where you can trace multiple transactions and use that to track people down. It isn't just Bob's Porn Emplorium, but also noting that from the same pool of bitcoins a transaction took place to Steve's Marijuana Farm, Sally's Whorehouse, and Chuck's Supermarket in Podunk, Kansas. That same pool of Bitcoins might have also received money from several people who are also all blood relatives.

      The point is that each individual bitcoin can be traced from the first work unit where it was "mined" and be followed to every transaction where it was used. Anonymity happens if you change hash values (as individual users can use new public/private pairs to claim individual bitcoins), but it isn't perfect. It still can be traced to show how similar pools of coins are used for related transactions and can be eventually used to identify people.

    2. Re:Is anybody surprised? by SuricouRaven · · Score: 2

      If you're paranoid, it's possible to just use disposeable wallets.

    3. Re:Is anybody surprised? by Teancum · · Score: 2

      Perhaps someone can invent a bitcoin anonymity hub..

      Some of the early exchanges worked just like that and it was even encouraged. You could transfer in a pile of your bitcoins to the exchange and haul them out a day or two later. Since so many bitcoins were going in and out of the exchanges themselves, tracing even large blocks of bitcoins was quite problematic. Basically you had to start and end at those exchanges.

      The problem with exchanges now is the personally identifying information that is linked to accounts. Earlier, the exchanges didn't require anything other than an e-mail address (a throwaway yahoo address worked fine) to set up an account. Certainly an anoymizing hub like you are suggesting could easily be done and trivial to create.

    4. Re:Is anybody surprised? by Archangel+Michael · · Score: 2

      Why couldn't there be a "washing bank", where coins are co-mingled and exchanged for equal amounts, minus transaction fee?

      What I imagine is that on a periodic or regular basis, you trade your serialized bit coins to a "wash bank" for a "bit coin count" and then withdraw the equal value of new coins (some of which may be yours returned), to spend. If you have enough people washing their coins in such a bank, the bank could then be an anonomizing service.

      I "deposit" 100BTC into the wash bank, get a notice of a 99 BTC deposit. When I need it, I go to the bank, trade in my 99 BTC deposit slip, receive a new set of 99 BTC. Especially useful if I have one time wallets.

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    5. Re:Is anybody surprised? by TheRealMindChild · · Score: 2

      The point is that each individual bitcoin can be traced from the first work unit where it was "mined" and be followed to every transaction where it was used

      This just isn't true. Person A sends me X bitcoins to a disposable receiving wallet. Person B sends me Y bitcoins to another disposable receiving wallet. When I spend (X+Y) * 0.7 bitcoins, the blockchain sees them "sent" from my main wallet, with no inherent connection to the disposable wallets. You can trace as far as main wallet->receiving wallet they were sent to, but no further. You had it correct in your first paragraph, but lost in in the second.

      https://blockchain.info/wallet/bitcoin-faq

      --

      "When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
    6. Re:Is anybody surprised? by Teancum · · Score: 2

      The disposable wallets are something you explicitly need to make though. Some of this can be done by default in the Bitcoin transaction software (aka the "client software" that generates transactions) but it must be explicitly done.

      There still is a chain of evidence though that says this particular bitcoin I received came from blocks A, B, C,.... ,X, Y, Z as a chain of custody going back to when they were originally mined. This is a part of the accounting that makes sure you can't double spend the same Bitcoin.

      When you spend Bitcoins, you need to provide evidence that you have those Bitcoins, hence the wallet. You can have multiple public keys that can be unlocked from the same private key (which is what you are talking about in terms of the "disposable wallet), and those are much harder to trace, but in theory you still can trace even those transactions.... once the Bitcoins are spent again.

      Lets say the DEA somehow obtains the wallet of Steve's Marijuana Farm that I mentioned. Since they have the actual wallet information (aka all of the private keys, even if it is multiple keys), they can do this step by step analysis for everybody that sent money to Steve and every transaction in between when the Bitcoins were mined to when they arrived in Steve's wallet. In other words, the anonymity of the purchaser is lost here, even though the privacy of the seller can still be maintained until the coins get spent again.

      You are simply flat out wrong here then. There is definitely an inherent connection between the disposable wallets and your main wallet, assuming you want to spend the Bitcoins. That is sort of the point of the paper in the main post is that your anonymity is preserved until you spend them. Once that happens, the connection between the disposable wallet and the main wallet is established again. All you are talking about here are those additional public keys that can each be unlocked from one or more private keys you might hold to confirm that you are authorized to spend those Bitcoins.... thus the previous transactions are all linked together. You can't find out who Steve is from all of the Bitcoins that are being sent to an address, but Steve can find a whole lot of information about you.

      This is where a DEA (or other law enforcement agency) honeypot could really be a nasty wakeup call for some people.

    7. Re:Is anybody surprised? by maxwell+demon · · Score: 3, Insightful

      If they can prove that your bitcoin came from the money laundering bank, they got you for money laundering. No link to the original crime necessary for that, since money laundering is a crime itself. They'll probably also find hints about the true origin when they study your confiscated computers.

      --
      The Tao of math: The numbers you can count are not the real numbers.
    8. Re:Is anybody surprised? by Teancum · · Score: 2

      If they can prove that your bitcoin came from the money laundering bank, they got you for money laundering. No link to the original crime necessary for that, since money laundering is a crime itself. They'll probably also find hints about the true origin when they study your confiscated computers.

      Which is why you would use a legitimate exchange or some other website that "holds" your bitcoins temporarily for some sort of speculation. Mt. Gox used to be a perfect site for something like that as it was commonly used for things far beyond just laundering the coins.

      I would envision that eventually there will be some legal requirements for anybody running such websites that will require some formal authentication even to just "day trade" on the exchange. Some of the exchanges formerly allowed you to join in the speculation without authentication as long as you didn't request the actual monetary units (Euros, Dollars, Rubles, and other currencies were used with some exchanges I have interacted with). In that way you could speculate with Bitcoins, buy up the government-backed currencies, then sell them back at hopefully a profit. This was even seen as a positive feature of the exchange at the time.

      Because there are legitimate uses for such transactions, it would be incredibly difficult to prove that the purpose of the exchange was just laundering. If you are dumping money into exchanges that openly brag they are being used just for laundering, yeah that could be much more problematic.

  6. Very Old News and Acknowledged by Bitcoin Devs by Teancum · · Score: 5, Informative

    One of the ways that you can increase anonymity with Bitcoin purchases is by issuing a different hash key for each different kind of transaction. There are other techniques for moving around large numbers of Bitcoins as well including swapping the coins between wallets.

    I'll agree that the exchange of Bitcoins for government-backed currencies is particularly problematic as current exchange laws require all sorts of identification for such transactions. On the other hand, you can live "off the grid" and just exchange Bitcoins for stuff like food, shelter, clothing, and other stuff and not bother with pesky details of exchanging into a government currency.

    Almost everything mentioned in the article as some sort of deep revelation was acknowledged by the developers and "fans" of Bitcoins on forums within weeks of the original software published by Satoshi was released.... and happened years ago. Talk about stale news. The only real news is that somebody with "credentials" in a "scholarly paper" has made the same claims.... thus it can be included on Wikipedia or some other similar website.

  7. Bitcoin is to money as email is to mail by Deliveranc3 · · Score: 2

    It's just a bit easier, simpler, convenient and cool.

    But the postal service is cutting deliveries to bi-weekly. And it really didn't take very long.

  8. Don't need anonymity ... by PPH · · Score: 4, Interesting

    ... for purchases. The gov't will see my garage full of Porsches and Ferraris and the yacht at the dock. What I need to do is to disconnect my means of income from expenditures.

    No problem with taxes. I'll pay them. But I don't need the IRS snooping on my investments and calling their buddies with stock tips so they can front run me.

    I used to work for an outfit that bid (but lost) a major IT contract to support IRS operations. The story was that they bid way below their cost. But they figured that getting their hands on taxpayer data and using it for their own purposes would more then make up for their loss. To this day I wonder what the contract winner is doing.

    I wonder how contractors like Booz Alan Hamilton bid NSA contracts.

    --
    Have gnu, will travel.
    1. Re:Don't need anonymity ... by lgw · · Score: 2

      If your "means of income" are legal, and you're paying your taxes, what benefit is there in decoupling that from your expenditures?

      The only point I see in "decoupling " is if you're laundering money for some reason (illegal income, or tax avoidance), and it seems Btc really isn't good for that.

      --
      Socialism: a lie told by totalitarians and believed by fools.
    2. Re:Don't need anonymity ... by CommanderK · · Score: 2

      Or others such as buying an engagement ring, tampons, laxatives and many others. Do you really want others to know about everything you spend money on?

  9. Re:not at all anonymous by JesseMcDonald · · Score: 3, Interesting

    Bitcoin is pseudonymous. Sure, the transaction history is public, but in regard to personally identifying information it only contains public keys, hashes of public keys, and signatures made using the corresponding private keys. Keys can be generated at will—one person can have a thousand different keys, or several people can share one (provided they trust each other).

    Naturally, it's up to the user to avoid linking their keys to each other or to their real-world identity. You can avoid linking your IP address easily enough by connecting to the network via Tor or I2P. Avoiding a link to your real-world name and address is much harder when you're ordering physical goods or services.

    --
    "The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
  10. Re:The answer is more maple syrup by Zontar+The+Mindless · · Score: 3, Insightful

    So in other words, it's a lot like cash, but less likely to bear trace amounts of cocaine?

    --
    Il n'y a pas de Planet B.
  11. Not true by davidwr · · Score: 2

    In practical terms, buying things with cash is anonymous unless the transaction generates a paper trail or any recording isn't erased-over before someone looks at it or copies it.

    Sure, currency usually has serial numbers and coins are relatively easy to lift fingerprints from, but I'm talking the practical, everyday world of buying groceries, etc. Yes, if the grocery store is robbed 10 minutes after you shop there, the police will probably see you on the security-camera playback. But in most cases, those recordings are erased without ever having been copied or seen after a few weeks or months.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  12. Re:Cash (bitcoin) 'n carry... Stop and frisk by fustakrakich · · Score: 2

    There's a saying:

    *The graveyard is full of people who had the right of way*

    Lead passes through paper fairly easily. There are no rules, except for the laws of physics.

    --
    “He’s not deformed, he’s just drunk!”
  13. double spend. by Anonymous Coward · · Score: 2, Insightful

    The problem with passing someone a wallet (or single private key) is that the recipient has no guarantee that you did not save a copy somewhere. And if you did, then you can spend the funds at any time.

    So the only way it can really work is if the recipient immediately sends the funds to another address while both parties are present, or the recipient 100% trusts the other party.

    This is the double-spend problem that makes decentralized digital currencies a hard problem and that bitcoin mining solves.