Privacy Opportunities and Dangers of Bitcoin
You may listen to the podcast version of this essay here.
Dear privacy seekers,
I probably should have done this episode before my others delving into the intricacies of Bitcoin and cryptocurrencies. You’ll have to excuse me for that. I know that some of you have only dealt with the idea of digital currencies theoretically and I may have thrown you into the deep end. Regardless, the truth is that any person interested in privacy should be interested in cryptocurrencies. More than that: they should practice with them. No, I’m not talking about watching the price of Bitcoin go up and down in dollars or euros on the backdrop of some legacy financial news network. Nor am I talking about throwing your life’s savings into crypto ETFs in hopes that you’re catching it on the way up. I’m talking about practicing actually owning and using Bitcoin as a means for private purchases and possibly the accumulation of wealth in a discreet way.
Bitcoin is private in the sense that you can retain sovereign ownership of it. The concept of privacy encompasses more than just hiding. Think of the term “private property.” It is that jurisdiction that is mine and mine alone. Yes, it also tends to be absent the gaze of anyone else, but the fact that it is mine—even if others can see it—is desirable in itself. This is certainly the case with Bitcoin. If you hold it in a non-custodial wallet—a wallet where you yourself are the owner of the private keys—then you remain its owner. You will then have to protect it. The tyrants of the world have gone after private property at every turn throughout history, recognizing that without one’s own space, independent thought and action is hardly possible. Thankfully, Western culture has relished and developed the concept of private property, from the Magna Carta to Sir Edward Coke’s famous line “one’s home is one’s castle” to the respect for private property in the nineteenth century that created the modern world. And while the West has compromised on that vision of late, it has an opportunity to redeem itself. Bitcoin is one part of that puzzle.
Bitcoin can also be private in the sense in which we tend to think of private. To be honest, I started writing this episode focusing on the privacy dangers of Bitcoin, and of course there are many. But then I realized that wasn’t entirely fair. You see, Bitcoin—we’ll get into other crypto briefly in a moment—is a huge step up in terms of privacy when we compare it to the current banking system. Simply to own a bank account in places like the US requires you furnish various proofs of your identity, and that is no guarantee you will even end up with a checking account. Assuming you get one, you will have limits on how much you can take out, where you can send it, and your account may be frozen any time along the way according to the whims of the bank or the governmental regulatory burdens that are placed on it. Just the other day the director of the popular Marvel film Black Panther was arrested for asking the Bank of America branch teller if he would give him his money discreetly. That is a microcosm of legacy finance.
Financial companies are also starting to play politics. MasterCard, Patreon, and PayPal have in recent years banned right-leaning people from their service because it was the politically-expedient thing to do. GoFundMe determines what constitutes a viable project to fund. The examples are endless, and the recent application of this corporate politicking is seen in Russia, where apparently Russian citizens don’t deserve McDonald's or online video game purchases because they have a government that does what governments do. Imagine these kinds of scenarios turned back on you and your country for its own sins.
Bitcoin, if approached correctly, gets around the need to give out any personal information, so that people cannot judge you based on your politics or your country of origin. Equally important, it removes the need for permission in financial transactions. With your bitcoin in your non-custodial wallet you can send it to anyone anywhere in the world and the only visible result is a string of characters that by no means automatically connects back to you. And this privacy can be tightened significantly. Let’s say you wanted to buy a VPN service without identifying yourself through a credit card transaction. You could go to a Bitcoin ATM using a burner phone number from a website, get BTC for cash, and send that BTC to Mullvad to get your VPN service. Who is going to know that this was you?
Crypto and especially Bitcoin work similar to cash for the Internet. The problem of transacting online has always been that the person receiving your payment cannot trust you unless, well, they trust someone across the country they’ve never seen before—or they trust a well-respected intermediary such as VISA to tell them that everything looks okay. The sheer genius of the Bitcoin blockchain is that this verification happens without the need for a central authority. Verification happens across tens of thousands of Bitcoin nodes that are running and verifying the blockchain from around the world. When you receive Bitcoin and you see that a confirmation has gone through, you know that this is good. Another confirmation or two and this is airtight. The odds of shenanigans with this process are slim and growing slimmer every day as more Bitcoin nodes go online. The system is ingenious: there’s no way of putting it otherwise, and is a fantastic contribution by the anarcho-libertarian cypherpunk movement. Thanks very much Mr Satoshi.
Bitcoin is perfect for Internet money. While some suggest that there is not much to be bought with Bitcoin, I have come to discover that this is not exactly true. What is true is that you cannot expect to go anywhere and find someone who will accept bitcoin. But there are numerous shops online, and services, that will accept a bitcoin transaction in exchange for their wares. Bitrefill.com gives you gift cards for bitcoin and thus opens up most of the shops that you probably use. There are also many online services—from VPNs to web hosting—that will readily take your bitcoin right now in exchange for their service. You can contribute to this by allowing your good or service to be paid in bitcoin. Frankly, all you need to do is to create a wallet such as Electrum or Sparrow wallet, and send an address for someone to pay you. Or, if you want to run a business with bitcoin, you could use a service like Strike, or something more sovereign and private like BTCPay, though the later option requires running or renting your own node and a bit of set up. But BTCPay puts you as the sovereign owner of your shop, uncensorable, and able to use fresh addresses for each customer, thus ensuring their privacy. You can literally participate in the fashioning and popularization of a new currency, which simply needs enough people using it to be successful.
What I’ve said in some respects doubles for privacy coins such as Monero, though they reach a much smaller audience and thus their effectiveness is in question. When I discuss bitcoin at the expense of anything else, it is in part in recognition of its dominance, of its sheer market share. When I go to buy a VPN like Mullvad, they are not accepting Monero or Pirate Chain [Note: Mullvad started accepting Monero a week after I released my episode]. They are accepting Bitcoin. So while I would love to see more places accepting and using Monero—and I encouraging us in the privacy community to use it alongside bitcoin—we have to be honest and recognize that at this point in time it is rare to find someone who will accept bitcoin, much less Monero.
The privacy of bitcoin depends on how you acquire it and treat it afterward. If it isn’t clear so far, I’m not advocating Coinbase or Binance for your bitcoining life. If you read most articles on buying bitcoin they will tell you to use the Cash App or PayPal or some public exchange to buy bitcoin. These are essentially bitcoin brokers who own the bitcoin for you. One article from Forbes magazine about “11 different ways to buy bitcoin” offers only options to buy through an intermediary. If I told you that you could buy gold from someone, but that they would hold it in their vault and as long as you had the correct politics and that no laws forbid it, they might give you some of that gold if you asked for it with all the right identification. Could you really say that you own that gold?
If you want to use bitcoin in a private way, you have to take ownership of it. That means possessing your own private keys through a software wallet where you are in control at any point in time. A so-called hardware wallet is another version of keeping your private keys and adds the benefit of having created those keys on a device disconnected from the Internet. One of the best options for desktop is the Sparrow wallet. Within it you can also make use of one of the best Bitcoin privacy tools: the Samourai CoinJoin. You store your bitcoin on the Sparrow wallet, mix them around a bit, and send them to cold storage when you accumulate a large amount. You can also send a small amount to your mobile wallet for walking around with: hopefully the Samourai wallet, which is available only on Android. Make no mistake, this is the only true way to own bitcoin.
Dangers
That is not to say that Bitcoin is without its dangers. Let me quote a paragraph from Saifedean Ammous’s The Bitcoin Standard:
The reality is that Bitcoin’s ledger is globally accessible and immutable. It will carry the record of every transaction for as long as Bitcoin is still operational. It is inaccurate to really say Bitcoin is anonymous, as it is rather pseudonymous. It is possible, though not guaranteed, to establish links between real-life identities and Bitcoin addresses, thus allowing the full tracking of all transactions by an address once its identity is established. When it comes to anonymity, it is useful to think of Bitcoin as being as anonymous as the Internet: it depends on how well you hide, and how well the others look. Yet Bitcoin’s blockchain makes hiding that much more difficult on the Web. It is easy to dispose of a device, email address, or IP address and never use it again, but it is harder to completely erase the trail of funds to one bitcoin address. By its very nature, Bitcoin's blockchain structure is not ideal for privacy.
When Ammous wrote those words technologies such as Samourai Wallet’s Whirpool Coinjoin, Stonewall, and its other ingenious bitcoin privacy methods had not yet reached us. Which goes to show that technology is always changing, and while it can be used to uncloak us, it can also be used to cloak us further. Andreas Antonopolous has said that "Bitcoin is 75% trackable. VISA is 100% trackable." And that’s a statement that recognizes some of the privacy concerns of Bitcoin while also appreciating that being outside of legacy finance is itself a huge step forward for privacy.
The blockchain is indeed revealing, and that is by design. It is part of its verification process, which is arguably what makes Bitcoin trusted by as many as trust it. There are ways to obscure this chain and certainly ways for making sure it does not lead back to you. But some of the critiques of Bitcoin as a “surveillance coin” are correct. If you buy your Bitcoin from a place that collects your information—IP address included—and/or you use your Bitcoin with a wallet that does not have privacy features, you are at risk of leaking data to powerful chain analysis firms who could, given time, backtrack the blockchain and supply this information to the exchange you were dealing with. Now all privacy bets would be off. This is why any bitcoiner should take the time to learn how to acquire non-KYC Bitcoin, how to use privacy tools found in the Sparrow and Samourai wallets, and how to use “coin control” to consider what they are revealing in the next blocks of the chain.
KYC is a big problem for Bitcoin privacy. KYC stands for “know your customer” and is expected of you if you deal with a large financial institution such as Coinbase. If you own your Bitcoin in a public exchange, you have indelibly connected those bitcoin with your personal information. Scrub them as much as you want, but the fact that you are interested in bitcoin and purchased it at some point will never be erased. And if regulatory agencies see that the coins disappeared into a privacy wallet or somewhere else, you might get more attention than you would have otherwise, and your tax agency might have a few additional questions for you about how much that bitcoin has appreciated since you got it. Keep in mind that agencies such as the IRS can revoke your passport if they allege—note allege—that you have been evading taxes of around $50,000 or more. What is that (at the time of writing this), one Bitcoin?
Making matters worse is the fact that public exchanges have famously lax security and breaches have affected many of the biggest exchanges out there. The Mt. Gox incident around 2014 led to the theft of nearly 1 million BTC—keep in mind that only 21 million Bitcoin will ever exist—and given the fact that Blockchain transactions are irreversible—unlike your friendly neighborhood bank transfer—you’re talking about serious loss of privacy and ownership. Exchanges pose other risks as well. As the BTC privacy advocate Q + A likes to say, imagine that bad guys decided to look at one of these breaches and see that you, Ken Smith, own five Bitcoin and live at 458 Henderson Lane in Troy, Michigan. What are the odds that you get a not-so-friendly visit one of these days? Keep in mind that breeches are often reported months and sometimes years after the fact. You either already have your name, address, and details of your crypto wealth floating around on the dark web, or you soon will.
Exchanges currently act as dangerous on and off ramps for those confused about how two get involved with Bitcoin, or allured by the admittedly easy access that these institutions bring. If, of course, one considers surrendering personal data to be “easy,” as I don’t. We’ve seen with the Canadian trucker protests the blacklisting of certain crypto wallets; in other words, those people who got donations in crypto could not put their crypto back onto an exchange so they could get into fiat currency. During these events Kraken CEO Jesse Powell put it rather honestly. He tweeted: "If you're worried about it, don't keep your funds with any centralized/regulated custodian. We cannot protect you. Get your coins/cash out and only trade p2p." Mind you, this is the CEO of one of the biggest exchanges out there. And it’s devastatingly true. If you want to really be using Bitcoin you need to learn how to use it—acquire and expend it—outside of all of these exchanges. That involves making use of ATMs, mining BTC yourself, using P2P options like BISQ and LocalCryptos.com, and otherwise finding ways to receive Bitcoin for a service or in exchange for goods. It also involves creating a circular economy in bitcoin such that you are not trading in and out of fiat but using it within your community of Bitcoin supporters.
The other dangers of Bitcoin privacy are the new industry of chain analysis companies. One of the big names in the field, Chainalysis, prides itself on supposedly bringing back trust to Bitcoin. Right... What Chainalysis does is develop ways to connect private addresses on the blockchain to fill out a map of who is doing what. Keep in mind that these transactions are just sitting there for anyone to analyze. They will be: forever. The data scraped up by Chainalysis and co. is gathered for exchanges doing KYC procedures and in many cases for law enforcement. The spineless CEO of Chainalysis has said that he does not collect any personal information. Of course. And IBM when it gave the German government the ability to catalog the Jews being carted off all across Europe did not actually release any Zyklon B poison gas. Sure. I don’t know about you but I sleep a lot better at night knowing that Chainalysis is out their battling the forces of evil on our behalf.
And make no mistake: government agencies are very eager to collect information on the blockchain and to fill out their own dossiers. In the US the Biden administration has made it a priority to crack down on crypto endeavors, which will begin in the easiest place: in the form of new regulations on the on and off ramps of crypto exchanges, where most people are still holding their crypto. Of course, governments don’t want to stop there. The IRS has a bounty ready for anyone who can help to trace the private transactions of the Monero blockchain. As I make this episode European Union politicians are discussing regulating non-custodial wallets: in other words, actual wallets where you own crypto and it is not owned for you by a regulated exchange. Governments are happy to let crypto exist as long as it functions identically to how traditional banking works: KYC, regulation, and all. Meanwhile it’s easy to imagine how bitcoin mining rigs—one of the great ways to get non-KYC bitcoin assuming you can get your hands on one—will come to be seen as financial instruments that demand their own regulations.
Fortunately Bitcoin is a lot more robust than this. It effectively cannot be truly shut out, though governments can put immense pressure on it that would be a formidable challenge to the network. Anyone who values privacy will have to make sure they start treating Bitcoin with the proper technique that it deserves to make it a real permissionless, decentralized, and private—in every sense of the word—asset as is possible.
Yours in peace and privacy,
Gabriel Custodiet
https://watchmanprivacy.com