Bitcoin wallet crypto transaction privacy

Translation of an article by Eric Wall, Chief Investment Officer at Arcane Assets.

Previous article directedto give the user a generalunderstanding of the level of anonymity in the bitcoin network. This article is more practical and introduces the applications that we use to send and receive coins - bitcoin wallets.

At the time of writing, the site is Bitcoin.org contains perhaps the most up-to-date and objective list of Bitcoin wallets. Overall, this website is a good starting point for any Bitcoin user.

Keep in mind that, despite the fact that bitcoin.org strives to provide as objective information as possible, all websites are essentially subject to centralized control, and their content can be compromised at any time. Always be especially careful when installing Bitcoin software - try to make sure that you are downloading the “correct” software.

Below are two methods you canuse to avoid this. The “advanced” option provides you with much better security guarantees; The “simple” option is still better than the absence of any additional actions.

• Just an option:When downloading a crypto wallet from a website, always try to make sure that you are redirected to the correct domain.
• Extended option:prepared installation files for software are oftenare called “binaries” (binary files). These binaries are often signed with PGP keys from one or more of the project's developers. Examples: Bitcoin Core download instructions, Electrum download instructions.

Privacy rating

For each wallet on bitcoin.org, there are currently four different levels of privacy: increased, basic, weak, and variable.

To get elevatedconfidentiality, the wallet must use a new address for each transaction, when receiving or sending payments, avoid disclosing user information and be compatible with the Tor browser.

From the first article we know that although the describedhere the quality of the wallet definitely increases the chances of maintaining anonymity, they should not be considered as absolute protection. For example, if you use a wallet to receive bitcoins, and then one day decide to send your full balance to a new wallet, the heuristic of entries with a common owner will allow the blockchain analytics to associate all the addresses that you used.

Two wallets in the “increased privacy” category - Bitcoin Core and Wasabi Wallet - are able to guarantee that the above-mentioned linking of bitcoin transactions does not occur.

With Bitcoin Core you can use the functioncoin management to manually send one output at a time in separate transactions and constantly ensure that your addresses are never mixed in subsequent steps. Wasabi also offers this feature, but this wallet also gives you the option to send your coins through a CoinJoin transaction, where the clustering technique mentioned in the previous article becomes inapplicable or inaccurate.

In fact, you should consider the “increased privacy” feature as the basis for any Bitcoin wallet. Here is the complete list of wallets in the high privacy category:

• Armory (Linux, Mac, Windows);
• Wasabi Wallet (Linux, Mac, Windows);
• mSIGNA (Linux, Mac, Windows);
• Bitcoin Core (Linux, Mac, Windows);
• Bitcoin Knots (Linux, Mac, Windows).

In an ideal world, we could focussolely on the privacy features of cryptocurrency wallets and leave all aspects of security outside the scope of this article. In reality, however, security and privacy issues are inextricably linked. Without security, there is no confidentiality - although most exploits for crypto-wallets today are aimed at stealing coins, they can also be used to obtain confidential user information.

Then the question arises: how should a user interested in privacy look at the security issue when deciding which wallet to use? How can we know which projects will have good security practices and which should be avoided?

In the open source world, we can rely on one rule of thumb: the more competent eyes that have looked at the code, the more secure it can be. Here are Bruce Schneier's words on this topic (1999):

«Firstly, simply publishing code does notnecessarily indicates that people will check it for vulnerabilities. Security researchers are fickle and busy people. They don't have time to study every piece of source code that is published. So while open source is a good thing, it is not a guarantee of security. I could name a dozen open source libraries that no one has ever heard of or evaluated. On the other hand, Linux code has been reviewed by many very good security people.

There is no reason to believe that open sourceat the time of writing more secure than closed. The point is to get as many people as possible evaluating open source code for vulnerabilities. Fast. Then they must be corrected. Thus, a two-year-old piece of open source code will likely have far fewer security vulnerabilities than proprietary code, simply because so many of them have been found and fixed in that time. Security flaws will also be discovered in proprietary code, but this will take longer.

Because these words are as relevant today asand two decades ago, we face a dilemma: if privacy and security are inextricably linked, does this mean that a wallet like Wasabi (which has more advanced features to increase anonymity, but a much less tested code base than Bitcoin Core ) may have non-trivial risks to user privacy?

Bitcoin developer Peter Todd spoke this way:

“Overall, I can say that Bitcoin Core has passeda very thorough audit, and for this reason it is probably more reliable than most. But this is only one of many factors. I pay more attention to the development process, standards and what incentives they have. Therefore, I’m less concerned with such things in Wasabi, because the project’s goals seem good, and the privacy features can be generally improved. For cold storage, I use Bitcoin Core on a separate computer to minimize dependencies. ”

Tools specially designed for maintenancefrom surveillance, certain organizations pay special attention. For example, the NSA is known to have developed "honeypot" in the past as privacy tools for Bitcoin users.

As a result: yes, wallets like Wasabi Wallet are at a higher risk of security breaches and the associated privacy risks than Bitcoin Core, but ultimately, these risks need to be compared with practicality. For example, launching Wasabi Wallet on top of Tor works without any configuration, while a user who wants to do the same in Bitcoin Core needs to perform additional configuration.

Different recommendations for different situations

Nobody wants to recommend to anyone.agree to weaker security (relative to the one that is theoretically available) when it comes to something as important as confidentiality and financial independence, but we must also be realistic about how complex software operations a user can or wants to perform .

Bitcoin Savings Storage

To keep money on a bitcoin wallet, youyou need to take BTC somewhere - buy on a cryptoexchange or get bitcoin from another user. In the last part of this series, we will look at platforms and methods for confidentially buying bitcoin (which in itself is a difficult task), but in this scenario we will assume that the method has already been selected.

In this case, you only need to take care ofreceiving bitcoins, since it is your counterparty who transfers the bitcoin transaction to the blockchain. Your responsibility will be to provide an address and ensure that the coins have been delivered securely. In this case, safety is of utmost importance.

There are many ways to do this andThe right choice depends on the desired degree of security and privacy. You can generate an address at bitaddress.org and wait for the transaction to be confirmed using a browser, but then you need to trust that bitaddress.org has not been compromised. If you don't anonymize the origin of your IP address with Tor, you will associate your IP address with that specific Bitcoin address when searching in a block explorer, and you will also need to trust that browser (to give you the correct information) .

Ideally you should be running a full Bitcoin nodeCore on your computer if you have the option (instructions). This will allow you to generate an address and securely verify that the bitcoins have been received (without searching for your address in the block explorer). Memory requirements are currently ~200 GB, but this can be “reduced” and the blockchain data will not exceed 4 GB. We recommend doing this on a freshly installed Ubuntu.

A possible complement to this (to avoidrisks associated with storing your private keys on a computer connected to the Internet) may be creating an address on a hardware device. Bitcoin Core hardware device compatibility appeared in version 0.18.0.

In the hardware category, Bitcoin developer Jameson Lopp has two recommendations:

• Trezor
• Ledger Nano S.

If you cannot run a full node,an alternative approach would be to look up your address in several different block browsers via the Tor browser. After making sure that the coins are received, you need to create a backup copy of your wallet so that later you can regain access to your bitcoins, wherever you are. The advantage of hardware devices is that they are compatible with BIP39 and allow you to regain access to bitcoins by simply memorizing 12 English words.

After you got bitcoins, you have everythingthere is still one potential problem: the sender still knows that you received these coins, and can track the address on the blockchain. Ideally, we would like no one but ourselves to know the status of these coins. One method may be to simply send coins to yourself. The idea is simple - if you send the coins to another address that you control, the original sender will no longer be sure that you are still in control of these funds.

Confidentially receive donations in bitcoin and convert them into local currency

For this scenario, we are going to contribute twoimportant changes to the situation above. First, we need to receive transactions regularly, so ideally we should have some way to hide the aggregate amounts of what we get. Secondly, we will regularly convert these bitcoins into local currency, sending them to some organization.

We analyze three different ways to achieve this:

• Using software that generates a new donation address for each visitor (BTCPay Server);
• Reusable BIP47 payment codes so that the sender can create a new donation address on his side (PayNym.is);
• One address for donations.

Each of these methods has its advantages and disadvantages.

You can set up custom generationaddresses on BTCPay (zpub) - this will allow you to receive donations directly to your Wasabi wallet for further mixing in a CoinJoin transaction. However, CoinJoin is currently available to users mixing at least 0.10 bitcoins. In addition, Wasabi charges a fee for this service.

A more affordable alternative might beJoinMarket, but its much harder to use. Traditional mixers are not recommended because the privacy they provide requires third-party trust and puts your coins at risk of theft.

BIP47 reusable payment codes are perhapsthe most elegant method, but currently only a few wallets support this feature. Additionally, these are mobile wallets, which means your addresses are visible to servers (The Samourai mobile wallet developers suggest using the app with their full node implementation called Dojo).

Even if you use a Wasabi wallet andmix the coins that you receive at one address, everyone can still tell how many coins you received at this address (no matter what you do with them after).

«In the world of economics there are no “solutions”, there are only compromises».― Thomas Sowell

There is no ideal option. However, many options, at least, will give us the opportunity to choose the best compromise. Perhaps your identity is already known, but you do not want everyone to be able to view the donations you received - then BTCPay Server is an acceptable solution.

However, if your work is inconsistent and youyou risk revealing your identity through an IP address, this is unacceptable. In this case, it is better to receive donations to a static address. Yes, you will disclose all transactions with donations to the general public, but if no one knows who you are, then perhaps this is not the end of the world. You can try to regularly change the addresses of deposits and thus limit the disclosure of this information.

Bitcoin Online Shopping

The ability to conduct transactions on the InternetWithout a payment company that collects our personal data, this is one of the reasons Bitcoin was created. However, collecting analytic data from websites can help to reveal you through an IP address, browser fingerprint or cookies. You can prevent this by using the Tor browser for online purchases that you want to keep secret.

In the coming years, more and more storeswill begin accepting payments via the Lightning Network. As discussed in the first article, Lightning has many privacy advantages over regular Bitcoin transactions. For such transactions, you can use the desktop application Lightning App - it is developed on the Lightning Network Daemon (lnd), which you can configure to work through Tor.

Although Lightning payments are notare broadcast publicly, and the payee cannot know which channel the payment was originally received from, it is considered a good habit (in terms of confidentiality) to hide traces on the blockchain using mixing, or send the transaction to yourself before financing the Lightning channel.

Another technology worth checking outPlease note, these are sidechains that allow you to make Bitcoin transactions with a higher level of confidentiality compared to transactions on the main network. For example, the Liquid sidechain already supports confidential transactions.

Offline purchases using bitcoin

For offline purchases, cash is stilla good option in terms of anonymity. But for many reasons, it may not be convenient for everyone to store their money in physical currency (for example, people who suffer from hyperinflation in their country).

When making such purchases, we usuallylimited to your smartphone. There are currently no mobile wallets in the “increased privacy” category on bitcoin.org. This is due to the fact that mobile wallets broadcast transactions to external servers that know the IP and bitcoin addresses of users.

There are several ways around this.years, probably more solutions will appear. The best current solution is to use a mobile wallet that can be connected to your node. The following wallets support this feature:

• Bitcoin Wallet for Android (also known as “Schildbach wallet”);
• BRD for iOS;
• Green for iOS and Android.

In the category of mobile wallets Jameson Lopprecommends Green for iOS from Blockstream and Samourai for Android. Green is currently not listed on bitcoin.org as it does not provide the user with full access to their coins. Instead, it uses a 2-of-2 multi-signature, in which Blockstream stores one of the keys and signs transactions together if the user confirms it through 2FA.

Samourai cannot be used with your ownfull node (despite the presence of a “set trusted node” option; the developers have been accused of this option being misleading to users (1, 2, 3)), although they claim that the amount of information they can collect about users is very limited because this wallet has built-in support for Tor.

Samourai is the only mobilewallet implemented by CoinJoin (called Whirlpool). A potential problem with Samourai's CoinJoin is that many users will likely still be using Samourai without a full node, which could reduce mixing efficiency.

You can also run the Spark Lightning wallet via Tor.

findings

Although it is theoretically possible to achieve relativelya high level of confidentiality in the Bitcoin network, from the point of view of convenience for the user, much work remains to be done to make this confidentiality accessible to everyone.

For most users who do not wantmaster commands in the Linux terminal, start servers for donations, or whose economic situation does not allow getting enough Bitcoins for safe mixing through a CoinJoin transaction, achieving confidentiality in the Bitcoin network remains a difficult task. And even those users who have the necessary skills must still make certain compromises in the field of security.

However, today privacy inBitcoin is under active development. Moreover, do not forget that it is far from always that someone will spend time and money on comparing bitcoin addresses with IP addresses of users. Bitcoin can still be seen as a significant improvement over traditional payment systems, even if it is used without regard to confidentiality.

In the next part of the series, we will consider the so-called “anonymous cryptocurrencies” and compare them with bitcoin in terms of ensuring financial confidentiality and economic freedom.

</p>

Rate this publication