How to hide our privacy with Bitcoin wallet?

Although in theory, bitcoin can be used to obtain relatively high privacy rights, if everyone needs to obtain such a high degree of privacy, there is still a long way to go in terms of user convenience. For most users who don't have the Linux command line, they are not interested or able to run the server, and their financial situation does not provide them with enough bitcoin to meet the minimum transaction requirements.

So the road to privacy is not simple, especially when it comes to spy companies or the government has sufficient resources, even for those who have the ability, it is currently impossible to access many of these features without accepting security trade-offs. And the security trade-offs themselves may eventually undermine the privacy they are trying to protect.

If you are concerned that your Bitcoin activity is at risk of being exposed by a company or a dictatorial government, choosing the right wallet application may mean the difference between life and death. The previous article in this series was designed to answer: “What traces do we leave when we use the Bitcoin blockchain?” In order to give readers a better understanding of the privacy characteristics of Bitcoin, this article aims to enter the real world, and Let the user become familiar with the application we use to interact with the protocol to send and receive bitcoin, which is the Bitcoin wallet .

The focus here is on achieving privacy in the face of spy companies or governments. For those who don't care about monitoring and want to use Bitcoin at first, this article may be overdone. The purpose of this survey is to set quite ambitious privacy goals for different use cases and to explore the practical feasibility of using these existing tools in the industry to achieve these goals.

When we talk about the subject of knowing the privacy of Bitcoin, the first thing to consider is the type of usage you envision.

example:

1. Are you planning to transfer some of your wealth to Bitcoin for savings, or to protect your money from being illegally confiscated?

2. You are a writer who intends to receive Bitcoin donations via the Internet and store them for later exchange into local currency?

3. Do you plan to use Bitcoin to buy other goods and services online?

4. Do you plan to use Bitcoin to purchase goods and services in person?

These situations are important because they affect the type of operation you need to do. If a user only wants to store Bitcoin, their immediate privacy needs may be limited to generating a new address and ensuring the security of the received coin. At the same time, users who wish to receive bitcoin donations on a regular basis may wish to have a mechanism to automatically generate a new address for each donation. In addition, when privacy-conscious users use Bitcoin for online purchases, it may be desirable to confuse their funding sources and source IP addresses during the transmission transaction. Finally, a privacy-conscious user personally trades and may wish to achieve similar success through mobile devices.

Keep in mind that since cryptocurrency protocols are constantly being improved and changed, it is a challenge to make cryptocurrency protocols persistently, but it is more challenging for the various external applications that interface with them. Therefore, it's a good idea to make sure you've updated the information about the wallet application you plan to use. Software products require maintenance to ensure safety, and well-maintained products may improve significantly over time, while other products may degrade.

Open source projects typically have a GitHub repository where you can check release notes and development activities, but for the average person, the best option might be to interact with other users of the product and ask questions. One of the biggest advantages of Bitcoin is its active fan community, where you can interact with them on platforms like Reddit and Twitter – be good at using it!

01 looking for a wallet

At the time of this writing, bitcoin.org has sorted by category to give a list of the latest and most reasonable bitcoin wallet apps.

Keep in mind that although bitcoin.org wants to be a collaborative and transparent job, all sites are inherently controlled and their content can be compromised at any time. Be extremely careful when installing Bitcoin software, and make sure that the software you downloaded is correct. A corrupted web page may look the same as the real one, with the only exception being the wallet you downloaded and cheating on your money. Here are two ways you can avoid this. The "Advanced" option gives you a better security guarantee, but the "Simple" option is better than taking no extra steps at all.

  1. Simple: When downloading a wallet app from a website, make sure you are directed to the correct domain. For example, Google Search "Bitcoin Node" will display results from well-known websites (such as Bitcoin wiki, Bitcoin Dialog and GitHub), each linked to the same website as bitcoin.org.
  2. Advanced: The installation files prepared for the software are often referred to as "binaries." These binaries usually need to be signed by the PGP key of one or more developers of the project. Example: Bitcoin Core Download Instructions, (Bitcoin Light Wallet) Electrum Download Instructions.

02 privacy rating

For each wallet on bitcoin.org, there are currently four different privacy ratings: improvement, basic, weak and variability.

Here's how to define the privacy bitcoin.org scoring criteria:

Privacy: Does the wallet protect the privacy of users? In order to get a good rating, each transaction must use a new address to avoid the wallet's address being reused, while also avoiding disclosure to peer servers or central servers and being compatible with ToR. In order to obtain a passing score, each transaction must use a new address to avoid the wallet's address being reused.

From the first article in this series, we know that while the quality of the wallet described here will increase your chances of retaining privacy, they should never be interpreted as sufficient to protect personal privacy, as opposed to being interpreted as a complex opponent. For example, if you use a wallet to receive bitcoin and then one day decide to send your entire balance to a new wallet, co-input ownership heuristics will still allow the blockchain analysis tool to connect all the addresses you have used to each other. .

If we look at the two wallets in the "Improve Privacy" category, Bitcoin Core and Wasabi Wallet, they all ensure that the above link does not happen.

With Bitcoin Core, you can carefully use the cryptocurrency control feature to manually send an output in a single transaction and continue to ensure that your addresses are not mixed together in any subsequent step.

In Wasabi, you can access the same functionality, but in addition, it allows you to run your cryptocurrency via the Chaumian CoinJoin hybrid transaction, where the blockchain clustering technique mentioned may become inapplicable or inaccurate. . Essentially, people should consider the "improve privacy" score as a rough baseline for a wallet, with many variables.

Below is a complete list of wallets in the "Improve Privacy" category:

1. Armory (Desktop: Linux, Mac, Windows)

2. Wasabi wallet (desktop: Linux, Mac, Windows)

3. mSIGNA (desktop: Linux, Mac, Windows)

4. Bitcoin Core (Desktop, Linux, Mac, Windows)

5. Bitcoin Knots (Desktop: Linux, Mac, Windows)

03 Security and privacy

In an ideal world, we can completely focus on the privacy of the wallet and exclude all security issues from the scope of this series. However, in reality, the challenges of security and privacy are inextricably linked. If there is no security, we are equivalent to no privacy – although most of the software vulnerabilities in today's wallets are designed to extract private keys to steal people's funds, they can also be designed to extract relevant users. Sensitive information. In this increasingly data-centric world, almost every piece of user information can be monetized, and this incentive for adversaries is gradually rising.

For external observers, software security seems to be a terrible challenge. For those who bear this important task, the reality is often not obvious. Software rarely uses stand-alone packages; instead, many packages rely on other packages. This means that vulnerabilities and attacks do not always go through the wallet application through the code base of these specific software projects, but indirectly through their dependencies. Example: Copay (npm package vulnerability).

The next question is, how do users who care about privacy consider these challenges when deciding which wallet to use? How do we know which projects have good security practices and which ones need to be avoided? In the world of open source software, we can rely on a rule of thumb: the more capable and honest, the safer we review a piece of code. The following is the theme of Bruce Schnell (1999):

First, just publishing the code doesn't mean people will check if it has a security hole. Security researchers are capricious and busy people. They don't have time to check every piece of source code that is released. Therefore, although opening the source code is a good thing, it does not guarantee security. I can cite a dozen open source security libraries that no one has ever heard of and no one has ever evaluated. On the other hand, security code in Linux has been studied by many excellent security engineers. Second, you need to make sure that you resolve it when you find a security issue. People find security holes in open source security code, which is a good thing. When writing open source code, there is no reason to believe that it is more secure than proprietary code. The key to making it open source is that many people quickly find and fix these vulnerabilities while looking at security vulnerabilities in the code. Therefore, an open source that has been in the past two years may have fewer security holes than proprietary code, simply because many of these vulnerabilities were discovered and fixed during this time. Security vulnerabilities are also found in proprietary code, but at a much slower rate. Bruce Schnell on Open Source Software Security, September 15, 1999 (Source).

Since these lessons are as real as they were twenty years ago, it puts us in a dilemma: if privacy and security are inextricably linked, does this mean choosing a wallet like Wasabi – it has more advanced privacy features, but Examine a code base that is smaller than the Bitcoin core – bringing extraordinary privacy risks and their benefits?

Tools designed specifically to disrupt surveillance organizations have traditionally been highly valued by surveillance organizations. For example, the National Security Agency (NSA) has been working on the development of a "honeypot" privacy tool designed to attract Bitcoin users. We reached a consensus with Bitcoin expert Peter Todd on this matter:

In general, I can say that the Bitcoin core has been thoroughly and thoroughly reviewed, so it may be more trustworthy than most people, but this is just one of many factors. As an end user – I am also one! I am more concerned with what I think the development process and standards might be, and what incentives they have. Therefore, I don't care much about things like Wasabi, because the goal of the project seems to be good, and the overall privacy protection function may be better.

But this is not a simple decision – for pure cold storage, I tend to use the Bitcoin core directly on a separate computer, minimize dependencies, and make sure my wallet is backed up.

Summary: Yes, compared to the Bitcoin core, Wallas and other wallets have greater security vulnerabilities and privacy risks, but ultimately we must weigh the risks and practicalities. For example, running a Wasabi wallet on Tor does not require any configuration for immediate use, and users who wish to use the Bitcoin core will need to manually edit the configuration file and manipulate the Linux command line interface.

In such important things as privacy and financial sovereignty, no one would suggest anyone to choose software that is less secure but theoretically usable. However, we still need to know exactly the complex operability of the software that users are willing to accept and adopt.

04 different suggestions for different situations

 

We now return to the bitcoin usage example introduced at the beginning of this article. We will use the lessons learned from the first article in this series as a hypothetical spy company or what type of tracking foundation the government can use to capture information about our transactions.

Using this knowledge, we will build the suggested approach to avoid leaving such traces. These goals can be described as:

1. We want to reasonably hide any connection between our true identity and IP address and third-party Bitcoin addresses.

2. We want to avoid linking our addresses to each other in the eyes of third parties and blockchain analysis companies.

3. We prefer a safer approach and the integrity of our approach does not depend on a centralized entity.

* By using tools such as Tor to avoid centralized wallet services and websites, we can make it difficult for third parties to collect our data and link our IP address to our bitcoin address. This does not include protecting opponents who have the ability to monitor the Internet on a large scale.

The method described below is not a technical guide but an assessment of the current state of privacy technology in Bitcoin.

I. Store private wealth in Bitcoin

To store your wealth in a Bitcoin wallet, you need to receive Bitcoin from somewhere, possibly a cryptocurrency exchange or other Bitcoin user. In the final part of this series, we will explore the platform and method of privately acquiring Bitcoin – this is a subtle task in itself – but for the purposes of this example, we will assume that a method has been chosen. In this user example, we only need to pay attention to the receipt of bitcoin, because the counterparty that transmits the bitcoin will be transferred to the bitcoin blockchain. Your responsibility is to provide an address and make sure your coin has arrived safely. In this discussion, we assume that security is the most important and intends to store a meaningful personal wealth.

There are many ways to do this, and choosing the right method depends on the level of security and privacy you want. You can generate an address on bitaddress.org and wait for the transaction to be confirmed using the block explorer, but you need to believe that bitaddress.org is not compromised (destroying your security or privacy, or both). Unless you use tools such as Tor to anonymously address IP addresses, you will still expose your IP address to that particular bitcoin address when you search for an address in the Block Explorer. Then you also need to trust the resource manager to provide you with the right information.

Ideally, if you have the ability to run a complete node (description) of the Bitcoin core on a desktop computer, this will allow you to generate an address and verify that Bitcoin arrives safely without having to search for yours in the Block Explorer. The address is up. Depending on the capabilities of your computer and the bandwidth, the software can be synchronized within 24 hours, but it may take longer. Currently, data storage requirements are approximately 200 GB, but can be "cut down" to no more than 4 GB. We recommend this should be done on a newly installed Ubuntu.

In addition to this, in order to avoid the risks involved in using the private key on an online computer, we can generate an address on the hardware device and monitor the address balance on the complete node of the Bitcoin core. The compatibility of hardware devices with the Bitcoin core has emerged with the latest version 0.18.0 and is currently accessible through the command line interface, although the current simpler approach might be to monitor the wallet balance using a monitoring address (see "importaddress" (Import address) "command". In the hardware category, bitcoin security engineer Jameson Lop made two recommendations: Trezor or Ledger Nano S, because the two devices have been under the highest scrutiny in their category.

If you can't run a full node, another method might be to use the Tor browser to find your address in a few different block explorers. Once you have confirmed that the coin has been safely received, you will need to back up your wallet so that you can resume using your bitcoin anywhere in the world. The advantage of hardware devices is that they are usually compatible with BIP39, and you can restore access to Bitcoin by simply remembering 12 English words.

After receiving Bitcoin, you still have a potential problem: the sender still knows that you have received the coins and can monitor your address on the blockchain. Ideally, we hope that no one but us will know the status of these coins. A potential remedy is to perform self-sending. The idea is simple – by sending the coin to another address that you control, due to the pseudonym nature of Bitcoin, the original sender cannot be sure that you or someone else controls the funds. In other words, you will have denial.

When you run a full node, you download the entire blockchain and your software will not reveal to the world the addresses you are interested in monitoring. However, the transmission transaction is different. To ensure that you don't reveal your IP address to people who may be monitoring the network in an attempt to determine the source of your transactions with others, configure your Bitcoin core node to connect via Tor.

II. Privately accept bitcoin donations and convert them into local currency

In this discussion, we will make two important changes to the above situation. First, we need to receive transactions continuously, so in an ideal situation, we will somehow mask the total amount of transactions we receive. Second, we will periodically convert these bitcoins into local currency and send them to an entity. We also assume that the amount involved in the exchange is low, so that we can relax a little on some security goals.

We analyzed three different approaches to achieve the desired goals:

1. Use software that generates a new donation address for each visitor (example: BTCPay server)

2. Use the BIP47 reusable payment code to have the sender generate a new donation address on one side (eg PayNym.is)

3. Use a static donation address

Each of these methods has advantages and disadvantages.

New address through the BTCPay server: Although the BTCPay server has good documentation, not every writer wants to run a server just to receive donations. However, if you choose this method and write a blog on a "media" page, then you don't need to change the platform at least. – You only need to attach a link to your BTCPay server page at the bottom of the post.

One problem is that when you redeem these donations into local currency, if you reveal that all the donations can be included in a big deal in the future, it is not helpful for everyone to use the new donation address (common input) Ownership heuristics). This way, you can choose to sell one or several donations at a time, or mix them together.

You can configure your BTCPay server to generate addresses using a custom key derivation scheme (zpub) – this allows you to receive donations directly into the Wasabi wallet and use the coins before selling them in exchange for local currency. However, it is currently only available to users who mix at least 0.10 bitcoin to access the coin ($613 at the time of this writing). In addition, Wasabi charges for the service. A more affordable option might be JoinMarket, but it's also much more difficult to use. Traditional mixers (custodian and non-reserved) are generally not recommended because the privacy they provide requires trusting third parties and putting your coins at risk of being stolen.

Another problem with this approach is that if you choose Cloud to deploy the BTCPay server for convenience, the hosting provider will be able to understand your Bitcoin address and identity. If you choose to host yourself for this reason, although the Tor support for the BTCPay server is under development, it is still difficult to guarantee that you can hide the server IP address from the visitor.

BIP47 Reusable Payment Code: Although this may be the best method in theory, the user experience is hindered by the fact that it requires an open transaction before sending a donation, but currently it only supports very Small wallet. In addition, each wallet currently supporting BIP47 is a mobile wallet that leaks your address to its backend server. Samourai is developing support to use the wallet with a solution for your own complete node (a type of Dojo), but it has not yet been released as open source software.

Static Donation Address: Even if you use a Wasabi wallet, mix coins received in CoinJoins and transfer your trade through Tor, anyone who sees the address you provide will know how many coins you received to that address, no matter what you are after How will they be disposed of.

There is no solution, only trade-offs. – Thomas Sowell

In this case, we must consider that there may not be any perfect choice. However, many choices at least give us the opportunity to "choose our poison." Maybe your identity is well known, but you don't want everyone to recognize the donations you receive, then the BTCPay server is an acceptable solution.

However, if your work is controversial and unacceptable, you may expose your identity risk through an IP address, and you cannot trust the cloud provider to keep your details secure. It is best to receive a donation from a static donation address. . Yes, in this case, you will disclose all the donations you receive to the public, but if no one knows who you are, maybe this is not the end of the world. You can try to limit this risk exposure by manually changing the deposit address, but this will only give you some level of confusion.

III, private purchase of bitcoin

Being able to conduct transactions on the Internet is one of the reasons for creating Bitcoin without a credit card company or payment processor collecting our personal data. However, third-party tracking on the website is a very real thing, even if you visit the website for the first time, you can get your identity from your IP address, browser fingerprint or cookies. The first precaution is to use the Tor browser to make online purchases that you want to keep confidential.

In addition, you may want to confuse the source of funding for the payment. For example, if you take Bitcoin from your Binance account to your wallet. Then during your trip to Thailand, you purchased a copy of "The King Never Smiles". Since you are paying with Bitcoin, you think you bought it anonymously. Then you will face Binance to provide the authorities with conclusive evidence about you, linking you to the purchase.

This leaves us with the option of mixing and self-sending, as mentioned in the previous example. The Wasabi wallet is designed to give you an idea of ​​the UTSO you use to trade, and it also allows you to see if this is a previously mixed output, which helps you achieve your privacy goals.

One problem with self-sending options when you're dealing with multiple UTXOs in your wallet is that you have to weigh the advantages of the denial that you've gained and the disadvantages of the combined output, and lose privacy because of the common input ownership heuristic. Also, keep in mind that although the denial of self-delivery may provide you with "out" in an effective legal system, as long as there is no other evidence linking you to the transaction, the suspicious person may still think that you are The sender of the subsequent payment and take the appropriate action.

In the next few years, more and more stores may start accepting lightning payments. As mentioned in the first article, lightning-based bitcoin transactions have many advantages in privacy. In the desktop app, you can use the Lightning app. It is built on the lightning network daemon (lnd) and you can configure it to run on Tor.

Although the lightning payment is not publicly available, the lightning payment recipient cannot know which of the initial channels of the multi-hop route the payment is from. Before funding any lightning channel, blur your traces on the blockchain by mixing or self-sending, which is considered a good privacy guard on the blockchain.

Another technology worthy of attention is the sidechain technology, which allows the use of semi-trusted bitcoin consumption channels (examples) that are more private than chain transactions. For example, Liquid currently supports confidential transactions, which hides the amount paid in the transaction.

IV. Privately conduct face-to-face purchases using Bitcoin

For personal payments, regular cash is still a good personal choice. But for a variety of reasons, not everyone can hold their own currency in the form of physical objects. A person in a hyperinflationary economy may want to be able to afford groceries for the next month, or a person in an abusive relationship may need to secretly conceal money from a partner.

If for practical reasons we assume that we are limited to using a smartphone in this user example, we will have a small problem. As we saw at bitcoin.org, there is currently no mobile wallet app in the "Improve Privacy" category. This is because smartphones typically rely on services provided by third parties who can know the user's IP address and bitcoin address.

There are some potential ways to solve this problem, and there may be more solutions in the next few years. The best solution at the moment is to use the Smartphone Wallet app, which connects to your own full node. We have identified several companies with this capability:

1. Android Bitcoin Wallet (also known as "Schildbach's Wallet")

2. BRD for iOS

3. Blockstream Green for iOS and Android

In the category of the Mobile Wallet app, Jameson Lop recommends Blockstream Green for iOS and Samourai Wallet for Android. Currently, Blockstream Green is not listed on bitcoin.org because it does not provide users with full access to their own coins. Instead, it uses a 2-to-2 multi-signature solution where Blockstream holds one of the keys and if the user provides a secondary authentication (2FA), the transaction is signed. A mode is currently being enabled where users are fully hosting their own funds.

Samourai is currently unable to work with your own full node (although the "Set Trusted Nodes" option, which is accused of being misleading [1] 2 = 3 *), although they argue that the user information they can collect is Limited because it is currently the only mobile wallet that has native Tor support. Samourai is also the only mobile wallet for hybrid purposes (see Whirlpool) for streaming, and is currently being tested for advanced users. A potential problem with Samourai coins is that many users may still be using Samourai without a full node, which may inhibit the effectiveness of the mix, but may be better than not mixing at all.

It's a good thing to think of a mobile wallet as what we did in the Lightning Channel discussion above; always try to cover up the source of our coins (mixed, self-send) before we invest in a new mobile wallet.

Android users can use Orbit to let smartphones communicate over the Tor network. This allows applications such as Bitcoin wallets to connect to individual full nodes running through ToR. For Lightning Wallet, Spark is an example of a wallet that can be run on Tor.

 

05 conclusion

 

Although in theory, bitcoin can be used to obtain relatively high privacy rights, if everyone needs to obtain such a high degree of privacy, there is still a long way to go in terms of user convenience. For most users who don't have the Linux command line, they are not interested or able to run the server, and their financial situation does not provide them with enough bitcoin to meet the minimum transaction requirements.

So the road to privacy is not simple, especially when it comes to spy companies or the government has sufficient resources, even for those who have the ability, it is currently impossible to access many of these features without accepting security trade-offs. And the security trade-offs themselves may eventually undermine the privacy they are trying to protect.

On the positive side, Bitcoin privacy is actively evolving, and several of the projects mentioned in this article have already released software versions. During the writing of this article, these software versions gradually advance the goal that Bitcoin privacy can actually achieve. The latest Bitcoin protocol improvements announced on the Bitcoin mailing list a few days ago, specifically targeting the basic privacy features of Bitcoin.

In addition, for the time being, I forgot the privacy goal of this article. For example, when a user operates a bitcoin wallet, the fact that a third party can sometimes map a bitcoin address to an IP address does not necessarily mean that someone will The time and money required to pin a message to a specific individual. Bitcoin can still be seen as a major improvement over traditional electronic payment systems, even if it is naive.

Author: Eric Wall

Translation: Zhang Anni

Review: Tang Wei

Produced: Carbon chain value (cc-value)