Privacy and Cryptocurrencies Part II: Bitcoin Wallets

If you are an activist or journalist concerned about the risk of your Bitcoin activity being trackedany corporation or authoritariangovernment, choosing the right wallet app can potentially mean the difference between life and death. In a previous article, we examined the privacy profile of Bitcoin as a whole. Do not forget to read it. In the same article, we will examine the practical side of Bitcoin and introduce users to applications that are used to interact with the protocol and to send / receive BTC. If it’s simple: it’s about Bitcoin wallets.

</p>

The discussion presented here is largelyThe degree focuses on achieving confidentiality in the face of spy corporations or governments. For users who are not bothered by surveillance and simply want to start using Bitcoin, this article may be redundant. The purpose of this investigation is to set ambitious goals for various applications and to study the feasibility of achieving them using the tools available today.

When approaching the topic of Bitcoin privacy, the first thing you need to consider is what applications you imagine. For example:

Do you plan to transfer part of your wealth into bitcoins in order to save or protect your money from illegal confiscation?
Perhaps you are a writer planning to receive donations in bitcoins via the Internet for subsequent conversion to local currency?
Do you plan to make online purchases of goods and services using bitcoins?
Do you plan to make purchases of goods and services using bitcoins in person?

These circumstances are important because theydetermine the type of operations that you need to perform. The immediate need for the confidentiality of a user who simply wants to store bitcoins can be reduced to the ability to generate a fresh address and ensure the safe receipt of coins. At the same time, a privacy-conscious user who wants to receive regular donations in bitcoins may need a mechanism to automatically generate new addresses for each donation. A user using bitcoins for online purchases may need to hide the source of his funds and his real IP address when making a transaction. Finally, a user who completes a transaction in person, may need a similar option, only on a mobile device.

With all the difficulty, draw a stable picturecryptocurrency protocol due to the ongoing process of improvements and changes, it is even more difficult to do this for various external applications that interact with the protocol. Thus, it is always necessary to ensure that you have the latest relevant information about the application that you plan to use. Software products need technical support to stay safe, and products with good support can improve significantly over time, while others can get worse. Open source projects often have repositories on GitHub, where you can familiarize yourself with the development and description of changes, but the average person is probably best to interact with other users of the product and ask questions. One of the main advantages of Bitcoin is its active community of enthusiasts with whom you can communicate on platforms such as Reddit and Twitter - use it!

Wallet selection

</p>

At the time of writing these lines on bitcoin.org there is, perhaps, the most current and verified list of Bitcoin wallets, sorted by category. The site receives information in a transparent manner from many different sources, so this is a good starting point for any user to find out the most necessary when using Bitcoin.

Keep in mind that although bitcoin.org strives to be a collective and transparent undertaking, all sites are inherently subject to centralized control and their contents can be compromised at any time. When installing Bitcoin software, you should always be careful - try to make sure that you are downloading the correct software. A compromised web page may look identical to a real one, except that the wallet you download can steal your money. Two methods are described below to avoid this. An “advanced” option provides a much better security guarantee, but a “simple” option is also better than not taking any additional steps at all.

Plain:When downloading a wallet from the site, alwaystry to make sure you are going to the correct domain. For example, if you Google “Bitcoin Knots” you will get results from well-known sites such as Bitcoin Wiki, Bitcointalk and GitHub, all of which link to the same site as bitcoin.org.
Advanced:Prepared software installation files are oftenare called "binary". These binaries are often signed with PGP keys from one or more of the project's developers. For example: instructions for downloading Bitcoin Core, instructions for downloading Electrum.

Privacy rating

Each wallet on bitcoin.org currently lists four different privacy levels:improved, basic, weak and variable.

</p>

Here's how bitcoin.org privacy rating criteria are defined:

"Confidentiality: Does the wallet protect user privacy? To get a good rating, the wallet should avoid reusing addresses and use a new address for each transaction, avoid disclosing information to peers or central servers, and be Tor compatible. To get a satisfactory rating, the wallet must avoid reusing addresses and use a new address for each transaction. ”

Although the qualities of wallets described heredefinitely improve your chances of maintaining confidentiality; they should not be interpreted as sufficient to protect confidentiality from a sophisticated adversary. For example, if you use a wallet to receive bitcoins and then decide to transfer your entire balance to a new wallet, the heuristic of common ownership of inputs will still allow the blockchain analysis tools to link all the addresses you used with each other.

If we consider two wallets from the category"enhanced" privacy, Bitcoin Core and Wasabi Wallet, they are able to ensure that such linking does not occur. In Bitcoin Core, you can use the coin control option to manually send individual transactions, each containing a single output, constantly making sure that your addresses will not be linked in subsequent steps. The same option is available in Wasabi, but in addition there is also the option to run coins through a shuffling CoinJoin transaction, where the above-mentioned blockchain analysis method becomes inapplicable or inaccurate. Essentially, “privacy-enhanced” wallets can be thought of as a broad category with many variations.

Here is the complete list of wallets from the Advanced Privacy category:

Armory (PC: Linux, Mac, Windows);
Wasabi Wallet (PC: Linux, Mac, Windows);
mSIGNA (PC: Linux, Mac, Windows);
Bitcoin Core (PC: Linux, Mac, Windows);
Bitcoin Knots (PC: Linux, Mac, Windows).

Security and privacy

In an ideal world, we should be able tofocus solely on the privacy of wallets and leave all aspects of security beyond consideration. In reality, however, security and privacy issues are inextricably intertwined. Without security, there will be no confidentiality - although most of today's wallet software exploits are designed to extract private keys to steal other people's funds, they can just as well be aimed at stealing personal information about users. And in our increasingly data-centric world, where almost any information about users can be monetized, such motivation for attackers is growing.

External observer software securitymay seem incredibly complex. And for those who actually bear this burden, reality is often no less unpleasant. Software is rarely served in independent packages - instead, many software packages depend on other software packages. This means that vulnerabilities and exploits do not always get into the application through the code base of their software projects, but they can also get indirectly, through related packages. Example: Copay (npm package vulnerability).

How worried about privacythe user should consider these challenges when deciding which wallets to use? Who knows which projects are most likely to have good security practices, and which ones are best avoided? In the world of open source software, you can rely on an unspoken rule: the more competent, honest eyes the code has studied, the more secure it is likely to be. Here's what Bruce Schneier said on this subject in 1999:

“First, just publish the code yetmeans that people will study it for safety. Security researchers are moody and busy people. They do not have time to study each published code. So while open source is good, it is not a security guarantee. I could name a dozen open security libraries that are unknown to anyone and that no one has analyzed. On the other hand, many very good security engineers have learned Linux security code.

Secondly, you need to make sure that the problemssecurity in case of detection are quickly fixed. Someone may find open source security issues. This is normal. There is no reason to believe that open source code will necessarily be more secure than closed source code. It is made open so that it can be studied for security reasons by many people. This must be done quickly. And then the problems need to be fixed. So a two-year open source will most likely have fewer security issues than closed source, simply because a lot of problems have already been found and fixed during this time. In closed source, security issues will also be detected, but much more slowly. "

Since these lessons are just as fair today,like two decades ago, this brings us to a dilemma: if privacy and security are inextricably intertwined, does this mean that choosing a wallet like Wasabi Wallet - which has more advanced privacy options, but a much less studied code base than Bitcoin Core - in addition to its advantages, it has non-trivial privacy risks.

Tools designed forcountering spy organizations are attracting increased attention from such organizations. For example, it is known that the US National Security Agency was developing privacy tools that were used as bait for Bitcoin users.

Documents reveal NSA runs an “Internetanonymization ”(VPN?) service as a honeypot for terrorists and Bitcoin users so they can spy on everything they do, download and install malware to their computers. https://t.co/nkoxoqdtI8 pic.twitter.com/w3qDrjMqoG

— SwiftOnSecurity (@SwiftOnSecurity) March 24, 2018

The Human Rights Foundation asked Peter Todd, an expert on Bitcoin, for an opinion on this matter:

“Overall, I can say that Bitcoin Corereceived an unusually thorough degree of audit and for this reason it is probably safer than most other wallets. But this is only one factor out of many. As an end user - and I am also him - I focus more on development processes and standards, as well as on the alleged motives. Therefore, I would not be very worried about Wasabi, as the goals of the project seem good and its privacy options in general, perhaps better. But this is a difficult decision - for clean cold storage, I would be inclined to use Bitcoin Core on a separate computer to minimize external dependencies and make sure that my wallet has a backup copy. ”

So wallets like Wasabi Wallet have morethe risk of security problems with associated privacy risks than Bitcoin Core, but ultimately, the risks should be weighed against practicality. For example, using Wasabi Wallet through Tor does not require any configuration, while in the case of Bitcoin Core, the user must manually edit the configuration files and be able to work with the Linux command line.

No one is going to recommend you to chooseweaker security, if theoretically something better is available when it comes to something as important as confidentiality and financial independence, but you also need a realistic approach to how complex software operations users should be able to perform or are ready to master.

Recommendations for different situations

Now we will return to the examples of using Bitcoin described at the beginning of the article. Objectives can be described as follows:

We want to reliably * hide any connection between our real person and the IP address on the one hand and our Bitcoin addresses on the other from third parties.
We want to avoid linking our addresses to each other by third parties or blockchain analysis firms.
We prefer methods with a reasonable degree of security and without dependence on centralized structures.

* Using tools like Tor, and avoidingcentralized services and sites, we can significantly complicate the collection of data about us by third parties that can associate our IP address with our Bitcoin addresses. This does not include protection from ubiquitous adversaries capable of massively tracking the Internet.

The approaches described below are not technical manuals, but rather an assessment of the current state of privacy technologies in Bitcoin.

1. Private wealth storage in bitcoins

To keep wealth in a Bitcoin wallet,you need to get bitcoins from somewhere - probably from a cryptocurrency exchange or another Bitcoin user. For the purposes of our example, it is enough for us to focus on obtaining bitcoins, since the transfer of a transaction that should be recorded on the Bitcoin blockchain is the responsibility of your counterparty. Your task is to provide an address and make sure that the coins have arrived in safety. For the purposes of our discussion, we will consider that security plays a crucial role and that the funds that are supposed to be stored form an essential part of your wealth.

There are countless waysimplement this, and choosing the right one depends on the desired degree of security and privacy. You can generate an address on bitaddress.org and wait for the transaction to be confirmed in the block explorer, but then you need to trust that the bitaddress.org site is not compromised(which may violate your security, privacy, or both). If you do not anonymize your IP address withusing a tool like Tor, you can also reveal the interest of your IP address in a specific Bitcoin address when searching for it in the block explorer, and you also need to trust that this explorer will give you the correct information.

Ideally, if you can, you should usefull Bitcoin Core node on PC (instructions). This will allow you to generate an address and make sure that Bitcoins arrive safely without having to look for your address in the block explorer. Depending on the capabilities of your computer and your bandwidth, the software can synchronize in less than 24 hours, but much more may be required. Currently, the required amount of stored data is ~ 238 GB, but they can be “truncated” to less than 4 GB. We recommend doing this on a freshly installed Ubuntu.

A possible addition to this to avoidThe risks associated with storing private keys on a network-connected computer are generating the address on the hardware device and keeping track of the address balance on your Bitcoin Core full node. Hardware device compatibility with Bitcoin Core arrived with the latest 0.18.0 release and is currently available via the command line, although a simpler approach now might be to simply track wallet balances using view-only addresses (see importaddress command). In the hardware device category, Bitcoin security engineer Jameson Lopp has two recommendations: Trezor or Ledger Nano S, as both devices have undergone comparatively the highest degree of analysis in their category.

If you cannot use the full node,an alternative approach would be to search for your address in several different explorer blocks using the Tor browser. Once you have made sure that your coins are safely received, you should make a backup copy of your wallet so that later you can regain access to your bitcoins anywhere in the world. The advantage of hardware devices is that they are often compatible with BIP39, which allows you to restore access to your bitcoins by simply remembering 12 English words.

After receiving bitcoins there is still oneA potential cause for concern: the sender knows you received these bitcoins and can track your address on the blockchain. Ideally, we don't want anyone other than ourselves to know the status of these coins. One potential remedy is sending to yourself.The idea is simple: if you send coins to another address you control, due to the pseudonym character of Bitcoin, the original sender can no longer be sure if you still control these funds. In other words, you can deny your involvement.

When you use the full node, you downloadthe whole blockchain and your software does not reveal anything to the world about the tracking of which addresses you are interested in. However, transaction transfer is a different story. To make sure that you do not disclose your IP address to someone who can monitor the network in an attempt to determine the origin of your or someone else's transactions, configure your Bitcoin Core node to connect via Tor.

2. Private receipt of donations in bitcoins and their conversion into local currency

For the purposes of this discussion, we will introduce two importantchanges to the above situation. Firstly, we need to receive transactions constantly, so ideally we need some way to mask everything that we receive. Secondly, we are going to regularly convert these bitcoins into local currency, sending them to someone. We will also assume that we are talking about smaller amounts, so that the security requirements may be slightly less stringent.

We will analyze three different ways to achieve the desired goal:

Using software generating a new donation address for each visitor (example: BTCPay Server).
Use of BIP47 reusable payment codes, which allow generating a new address on the sender's side (example: PayNym.is).
Use a static address for donations.

Each of these methods has both advantages and disadvantages.

Fresh addresses through BTCPay Server:Although BTCPay Server is quite gooddocumented, not everyone will want to start a server specifically to receive donations. But if you do choose this method and you have a blog on Medium, for example, then at least you won't need to change platforms - you can simply link to your BTCPay Server page at the bottom of your posts. The problem is that if you're converting donations to local currency, it's no use providing a new address for each donation if you then reveal that you can transfer all the donations by including them in one big transaction (shared input ownership heuristic). The remaining option is to sell donations one at a time or in small groups, or use shuffle.

You can configure your BTCPay Server forgenerating addresses using an adaptable key collection scheme (zpub) - this allows you to receive donations directly to the Wasabi Wallet for CoinJoin-mixing before you exchange coins for local currency. However, now CoinJoin is only available for mixing at least 0.1 bitcoin. In addition, Wasabi charges a fee for this service. A more affordable alternative may be JoinMarket, but it is much more difficult to use. Traditional mixers (custodial and not working for Chom) usually do not recommend it because the privacy they provide requires trust from a third party and exposes your coins to the risk of theft.

Another problem with this approach is that iffor your convenience, you will prefer the cloud-based implementation of your BTCPay server, the hosting provider will have the opportunity to find out your Bitcoin addresses and your identity. And if for this reason you decide to use your own server, although work on BTCPay Server support in Tor is ongoing, it is still difficult to guarantee that you can hide the IP address of your server from the visitor.

Reusable BIP47 payment codes:Although theoretically this is perhaps the most sophisticatedapproach, the user experience is spoiled by the need to make an opening transaction before sending a donation, and so far only some wallets support it. In addition, at the moment, BIP47 is only supported by mobile wallets that leak your addresses to their back-end servers. Samourai is developing the ability to use the wallet on its own full node(a solution called Dojo), but the open source code has not yet been published.

Static Donation Address:Even if you use Wasabi Wallet,shuffle the received coins using CoinJoin and transmit transactions via Tor, anyone who saw the address you provided would be able to see how many coins you received at that address, no matter what you then did with them.

“There are no solutions, only concessions” - Thomas Sowell

In such a situation, you should considerthat the ideal option may not exist. However, many options, at least, make it possible to choose what suits you best. Perhaps your identity is already well known, but you do not want everyone to see how many donations you received - then BTCPay Server would be an acceptable solution. However, if your work is inconsistent, the risk of revealing your identity through your IP address is unacceptable and you do not trust that the cloud provider will keep your data safe, then it may be better to receive donations to a static address. Yes, in this case you will reveal to the public all the transactions that you receive, but if no one knows who you are, then perhaps this is not the end of the world. You can try to limit this disclosure by regularly manually changing the addresses, but this only gives a weak degree of concealment.

3. Private online purchases using bitcoins

The ability to make transactions on the Internet withoutThe collection of our personal data by credit card issuers or payment processors was one of the reasons for the creation of Bitcoin. However, third-party tracking of sites is quite realistic, and even the site that you are visiting for the first time can recognize your identity by your IP address, tracks in your browser, or your cookies. The first precaution is to use the Tor browser for online purchases that you want to make confidential.

You may also want to hide the source.funds that you use in the payment. For example, if you withdraw bitcoins from your Binance account to your wallet and then buy the book “The King Never Smiles” from this wallet while in Thailand and think that you are anonymous because you pay with bitcoins, you are at risk of Binance will provide Thai authorities with evidence against you linking you to the purchase.

Remaining options for mixing and sending yourselfthe ones mentioned in the previous examples. Wasabi Wallet is designed to show which UTXO you are using in a transaction, and also allows you to see if a given output was previously mixed, which can help you achieve your desired privacy.

The problem of sending to yourself whenwe are talking about the many UTXOs in your wallet, in that you need to weigh the advantage of the opportunity to deny your involvement against the lack of merging of outputs and loss of confidentiality due to the heuristic of common ownership of the inputs. Also, keep in mind that while being able to deny the involvement of sending yourself can help you in a working legal system, if no other evidence connects you with the transaction, a suspicious person may still make it highly likely that you were the sender of the subsequent payment, and act accordingly.

There is a possibility that in the coming years, everythingmore stores will start accepting Lightning payments. Lightning has many privacy benefits over Bitcoin on-chain transactions. From desktop applications, you can use the Lightning App. This application is built on the Lightning Network Daemon (lnd), which allows you to configure it to work through Tor.

Although Lightning payments are not broadcast publiclyand the recipient of the Lightning payment cannot find out which original channel the multistep payment received from, it is always considered a good hygiene of confidentiality to first confuse their tracks on the blockchain by mixing or sending to oneself before replenishing the Lightning channels.

Sidechain technology is also noteworthy,making possible semi-trusted ways of spending bitcoins with a higher degree of confidentiality than on-chain transactions (examples). Liquid, for example, already supports confidential transactions that hide the transferred amounts.

4. Private purchases using bitcoins in person

For face-to-face payments, regular cashstill remain a good confidential option. But, for many reasons, not everyone can comfortably keep money in physical currency. Perhaps a person living in a hyperinflationary economy wants to afford to buy food next month, or a violent person wants to hide his money from a partner.

If for practical purposes we assume that inIn this case, we are limited to using a smartphone, then we are faced with a small problem. As you can see on bitcoin.org, there are currently no mobile wallets in the “enhanced privacy” category. The fact is that smartphones usually rely on third-party services that can find out the user's IP address and his Bitcoin address.

There are several potential ways around this,and in the coming years, more solutions are likely to appear. At the moment, the best solution is to use a smartphone wallet that allows you to connect to your own full site. We found several of these:

Bitcoin Wallet for Android (also known as “Schildbach wallet”);
BRD for iOS;
Blockstream Green for iOS and Android.

In the mobile wallet category Jameson Lopprecommends Blockstream Green for iOS and Samourai Wallet for Android. Currently, Blockstream Green is not listed on bitcoin.org because this wallet does not provide the user with full access to their coins. Instead, a 2-of-2 multi-signature solution is used, where Blockstream holds one of the keys and signs transactions if the user provides a secondary form of authentication (two-factor authentication). The implementation of a mode where the user can fully manage their own funds is currently in development.

Samourai is currently not possible to use with your own full node(despite the option "Set Trusted Host", which is accused of misleading [1] [2] [3]), although the developers claim that the amountThe information that they can collect about users is limited, because it is the only mobile wallet with Tor support built-in now. Samourai is also the only mobile wallet using CoinJoin to mix coins (see Whirlpool), which is currently at the experimental testing stage by advanced users. A potential problem with mixing CoinJoin in Samourai is that many users are likely to use Samourai without a full node anyway, which can reduce the mixing efficiency, but it’s better than not mixing at all.

Mobile wallets are useful in the same wayas we did above when discussing Lightning channels. It will always be prudent to try to hide the origin of the coins (shuffling, sending to yourself) before replenishing a new mobile wallet.

Android users can use Orbit,to allow their smartphones to communicate through the Tor network. This allows applications, such as Bitcoin Wallet, to connect to personal full nodes running through Tor. For Lightning, an example of a wallet that can work through Tor is Spark.

Conclusion

Although theoretically when using Bitcoinit is possible to achieve a relatively high degree of confidentiality, there is still something to work on in terms of user convenience, so that this degree is accessible to everyone. For most users who cannot master the Linux command line and are not interested in supporting their own server or cannot afford it and who, due to the economic situation, cannot get enough bitcoins for the minimum requirements of mixing transactions, the path to privacy is not easy, especially in the face of spyware corporations or governments with a huge amount of resources. And even for users who have the necessary skills and capabilities, at the moment it is impossible to access many of these options without security concessions, which could ultimately undermine the very confidentiality that they wanted to maintain.

Among the pluses is that Bitcoin's privacyclearly actively developing. Some of the projects mentioned in this article, right at the time of writing, released new versions of the software that gradually raise the bar of what is achievable in practice regarding Bitcoin privacy. The latest proposal to improve the Bitcoin protocol, recently announced on the Bitcoin mailing list, includes a number of long-awaited improvements aimed specifically at the fundamental characteristics of Bitcoin's privacy.

Also, if you forget about it for a momentThe ambitious privacy goals of this article, the fact that a third party, for example, is sometimes able to map Bitcoin addresses to IP addresses when a user uses a Bitcoin wallet, does not necessarily mean that someone will spend time and money to associate this information with specific person. Bitcoin can be considered a significant improvement over traditional electronic payment systems, even if used in a naive way.