There’s been a lot of discussion in the past few weeks about how anonymous Bitcoin actually is. If you’re new to Bitcoin, you can check my short introduction to the cryptocurrency over at Ars Technica.
Bitcoin is often incorrectly touted as a completely anonymous currency, which is not quite correct. Bitcoin uses a distributed transaction register, which is completely public. In fact, it depends on this open ledger to allow coins to be signed over from one owner to another. This sounds like it might completely defy any measure of anonymity. After all, if every coin can be tracked from transaction to transaction, it should be no trouble to keep tabs on the whole network. This is the point that a lot of insightful commentators have been making in the past weeks. Tim Lee‘s post over on Forbes distills this criticism concisely, and expresses the mechanism by which Bitcoin de-anonymization might happen. Tim’s article is well worth a read, but I think that he misses some of the ways that Bitcoin-users can — and do — remain effectively anonymous with the currency. In particular, I think that he misses just how much of an advantage it is that operations with Bitcoin can be automated, and abstracted away from the user.
If I have one Bitcoin account, and I use that for all incoming and outgoing payments, it’s very easy to keep track of my transactions. Anyone who has ever given me coins can now see exactly where I send how much money, forever. However, this is not the way that anyone really does or ever should use Bitcoin. It’s standard practice to use a new address for each incoming payment. This way, there’s no link between different inbound transactions. When making an outgoing payment, pick a selection of addresses whose balances add up to only slightly more than the sum you wish to pay. Pool those into a new address (with a little left-over in one of the original accounts), and send the whole payment from that new address. Over time, you accumulate little remainders, which can help fill in the gaps with other payments. This approach keeps transactions largely separate, and makes it very tough to associate more than a couple of transactions. With this approach, it’s mind-bogglingly tough to track a particular person, because there isn’t any particular identifier for “them”. They don’t make and receive payments from any distinct account or unique login: they just keep a wallet full of private keys that own some coins.
Right now, the Bitcoin client is fairly simple. It has all the low-level technical details set up, and it’s meant to be used by savvy users who understand the underlying technology, and know the implications of their behavior. Currently this sort of account-balancing is done manually, by users who know what they’re doing. However, it’s a very simple practice to automate, and we should expect future Bitcoin clients to implement this sort of obfuscations natively, without exposing the user to the technical details. The interface is for this can be simple, and uncluttered: a user just sees their balance, summing over all the addresses they own. Whenever you need to receive a payment, the program generates a new incoming address, and perhaps shows it as a QRcode; whenever you need to pay out, tell it the address and the amount and it’ll take care of the details. As long as the user’s connection to the Bitcoin network is relatively anonymous, minimal information is spilled. Even using heavy-duty anonymity software like Tor has minimal inconvenience because the Bitcoin network already has a fair bit of lag time before confirming transactions.
Tim also plays down the importance of money-laundering services, suggesting that they’re too much trouble for most users. Again: while current interfaces are simplistic, these sort of services can be highly automated, and present very simple interfaces for users. We could imagine a simple Bitcoin-laundering service as follows. Users (through a client) ask the laundry service for an address to pay into, and they specify an address to pay out to, as well as how quickly they want the payout. The service specifies an address and the users pays some money in. At a regular rate, perhaps every minute, or ten minutes depending on the number of users, the service makes a whole load of transactions, paying all the users who requested payouts at about that time. It randomly picks which addresses to make transactions from, so there’s no easy way to link an incoming payment with an outgoing payment. Because the outgoing transactions all happen at the same time, the laundry service acts like a medium-latency mix network, making it very difficult to use timing to associate a user’s inbound and outbound address. Of course, the laundry service takes a small cut from all these transactions. This sort of laundry doesn’t have to be interactive: in fact, it’s the sort of activity which would be well suited to occurring silently and slowly in the background of a Bitcoin client. Users pick certain parameters, like how fast they want all their coins to turn over, or how much to spend, and the client negotiates all the details with a selection of laundry services approved by the user. Other tweaks could include prioritizing certain transactions for laundry, or using a number of laundry services chained together to reduce the amount of information that any one of them has.
There may not be many dedicated laundry services right now, but if people start using Bitcoin for more personal activities, and big brother starts paying closer attention, demand for these sorts of services may well increase. Conveniently, users don’t have to place much trust in a laundry service. If I want to clean a large quantity of money, instead of depositing it all at once, I can deposit it one chunk at a time, and wait for the payback to be confirmed before putting in my next piece. Depending on the size and reputation of a service, it might use chunks ranging from pennies to a few dollars in size, and a user would be free to pay multiple chunks at once if they trust the service and require some speed. This sort of thing should be more and more expected if Bitcoin extends to wider use.
These are just some examples of the techniques that can be used to retain privacy when using Bitcoin. Many of them are complex in structure, but can be automated and represented to even un-savvy users with a very simple interface. All of these strategies could probably be used with traditional currencies too, however it would actually require the user to manually perform all the steps involved. With Bitcoin — like web browsing, instant messaging, or any other complex and protocol-driven activity — users don’t have to understand every detail of the interactions to use the system effectively. The strength of Bitcoin isn’t that it’s anonymous per se — it isn’t — it’s that it makes automation easy and keeps transactions secure. The underlying protocol is already in place, now we can innovate on the techniques and processes that make it convenient and anonymous, or give the system any other properties which we can design for.