I read this helpful Bitcoin privacy guide for beginners on Reddit and decided to share it on this territory.
._____________
The whole text:
Bitcoin privacy and anonimity explained for newcomers with quick guide on best practice
Whenever the Bitcoin privacy / anonymity topic comes up in other threads, I see a lot of confusion as well as a lot of interest, so I decided to write a long post, mainly for newcomers, that will cover:
How private is Bitcoin? (assuming you don’t take extra steps to increase privacy)
Ways to acquire Bitcoin without revealing your identity
Ways to delink Bitcoin from your identity
Why should you care about privacy and other considerations
I am by no means an expert, I would just consider myself an ‘advanced user’ so anybody feel free to jump and tell me if anything I’m saying is not correct and I will amend it. I just do this selflessly to help newcomers.
I know this content may be here spread in various threads already, but I just think sometimes people miss having it all explained from the basics.
Disclaimer: I don’t have any association with any of the services I may list below, it’s just the ones I’ve used and I’m most familiar with.
How private is Bitcoin? (assuming you don't take extra steps to increase privacy)
Bitcoin transactions are recorded in the blockchain, which is public, so everyone can see them. However, transactions are pseudonymous meaning they show addresses and not directly an identity.
While your identity is not directly showing in the blockchain, it is still possible that some addresses can be associated with it.
If a Bitcoin address has been linked to your identity, for example because it comes from an exchange where you have revealed it, all your future transactions can be traced. Not only that but chain analysis can be performed to deduce if this address belongs to a larger cluster of addresses owned by you, therefore exposing if you own more Bitcoin and also potentially revealing past transactions.
Example: you purchased 0.5 BTC in an exchange, and you have given them your identity because it is mandatory. You also have 1 BTC in a hardware wallet which you acquired by other methods and it is not linked to your identity. You want to store your BTC in the hardware wallet but you don’t want to reveal that you already own 1 BTC and you may feel smart by using a new address. While not reusing addresses is good practice, the problem is if you then go and spend 0.75 BTC, this transaction will probably contain 0.5 BTC linked to your identity and then 0.25 from the 1 BTC that was already there and was still anonymous. Well now it isn’t anonymous anymore, an external observer knows you owned this 1 BTC and can track where it came from. And now they can obviously track all your future movements too.
Also chain analysis companies collect all sorts of information like IP addresses to have even more pieces of the puzzle.
Conclusion: if you don’t take steps to protect your privacy, you should assume all your BTC transactions can be potentially associated to your identity, do not assume you are anonymous!
Ways to acquire Bitcoin without revealing your identity
A possible way to go is to just acquire Bitcoin in ways where you are not asked to reveal your identity, so that the addresses shown in the blockchain will not be associated to you and you will remain anonymous. These include:
-
Decentralised exchanges like Bisq (https://bisq.network/) which basically connect peers that want to exchange Bitcoin for fiat and have some clever mechanisms to ensure none of the parties can cheat. The BTC you receive is not associated to your identity and on the fiat side the bank just sees an outgoing transaction to another bank account and can’t tell it is to buy Bitcoin, so that’s one of the best ways to acquire Bitcoin anonymously. Liquidity may be a problem though, for instance you may only find offers to sell a certain quantity of BTC or at a bit of a premium compared to a centralised exchange. You can also try Robosats (https://learn.robosats.com/)
-
You can also meet in person with people that want to buy and sell Bitcoin for cash, there are some apps that allow people to connect for this purpose, but it carries the obvious risks
-
Bitcoin ATMs: there are some Bitcoin ATMs that don’t require any identity, where you can simply insert cash and get BTC in exchange. Some others may ask for credit cards or ID so they wouldn’t work for this purpose. Careful, some ATMs may have cameras so would still be wise to wear a cap or anything to hide your face. The problem with this method is that ATMs tend to charge high commissions
-
You can also earn Bitcoin in exchange for your work or services and if done properly or via Internet, for example, you don’t have to reveal your identity or even if you do only the person that has paid you knows it, which his much better privacy than an exchange (and so the Government) knowing
Ways to delink Bitcoin from your identity
Ok so even though there are certain ways to acquire Bitcoin without revealing your identity, centralized exchanges may be more convenient because they offer high liquidity, comfort and competitive prices, but all of them ask for some form of identity as far as I know. So what can we do if the BTC we own has already been linked to our identity?
The best way to anonymise your BTC is to use privacy focused software wallets like Wasabi (https://wasabiwallet.io/) or Samourai (https://samouraiwallet.com/). Those wallets offer you the possibility of mixing your coins in a Coinjoin. A Coinjoin is basically a transaction to yourself where your BTC gets mixed with BTC from other parties in the process, normally from 50 to 100 other parties. So an external observer cannot tell who is who after the transaction is done and thus cannot associate your identity to any of the output addresses because they don’t know which one is it. Also, you can then subsequently participate in multiple Coinjoins, increasing even more your anonymity.
Bear in mind that an external observer can tell that you sent your BTC to a Coinjoin and can distinguish this from a normal transaction. So they would see for example your transaction from an exchange to Wasabi wallet, but then they would see a Coinjoin transaction with 50 to 100 outputs and would lose trace here, they wouldn’t be able to tell which one of those is you so your subsequent transactions would be more private.
Example: how to perform a Coinjoin using Wasabi Wallet, step by step:
-
Download Wasabi Wallet
-
Create a wallet, write down the 12 seed words, just like with other wallets nothing special
-
Go to Receive (at the top), generate a receive address and then send your BTC to this address, wait for your coins to arrive to Wasabi Wallet and have enough confirmations (until here it is just like any other regular wallet)
-
At the bottom you will see a Play button to initiate Coinjoin. Click on it and let the wallet do its thing, in the most recent version (make sure to download that one) it has been automatized so that you don't need to do anything else.
-
The wallet will indicate at the top the % of funds that are anonymized through Coinjoin, ideally you want this to be 100% so don't stop the process until then.
-
You can then use those Bitcoin but remember that as you introduce new Bitcoin to your wallet you should Coinjoin them again, always make sure the wallet indicates the BTC are 100% anonymous before doing anything.
You should also know that Wasabi and Samourai earn a fee for the Coinjoin, but tends to be very low, like 0.003% per anonymity set.
Wasabi and Samourai run through Tor which means you won’t reveal your IP address in the process. And I would advise to use wallets that hide your address by default. Or you can also use a VPN to hide your IP address.
There are other ways to delink your identity from BTC, and a simple but effective one is to exchange them for a privacy coin (a cryptocurrency that has a more private protocol) and back, using a service such as Morphtoken. The problem with this method is that you have to trust a third party (while the Coinjoin with Wasabi or Samourai is trustless and you always own the BTC during the process) and also the site charges you a premium in the exchange rates so it tends to be more costly than a Coinjoin.
Also something to take into account is that the BTC you receive when exchanging to the privacy coin and back may have a history associated, so they could be tainted or have been used in criminal activities. So it would be advisable to perform a Coinjoin after you have exchanged back BTC for the privacy coin anyway, so why not go for the Coinjoin directly?
If we talk privacy we should also mention the Lightning Network, which is a technology that can be already used but is in continuous development in order to be improved. It is a second layer on top of BTC’s basic blockchain that allows you to ‘lock’ some BTC you have in the base layer opening a payment channel and then exchange it or spend it using the Lightning network, performing multiple transactions instantly and with negligible fees, and at some point in the future just settle the final value of the payment channel in the main layer.
Not the purpose of this post to describe how the Lightning network works, but essentially routes the payments through various nodes using ‘onion encryption’ similar to TOR so that each node knows only enough “1 hop” information: that the payment comes from the previous node and which node to send it to next, but not the origin or final destination of the transaction.
When you initiate the payment in Lightning, a node can’t tell if you are the sender or just relying it from a third party and can’t tell if the next hop is the receiver of the payment or just another middle node. Transactions in Lightning are not recorded in the blockchain (just the remaining value of the channel once closed, but the party you open the channel with is not necessarily who you have transacted with) so it offers great privacy. You can try Lighting with Phoenix wallet (https://phoenix.acinq.co/) for Android for example. It sounds complicated but I use Phoenix wallet and really it just feels like a normal Bitcoin wallet, you fund it and it does the channel control in the background.
Lightning is not 100% private, you should always perform a Coinjoin to be on the safe side. But it has a great advantage because the transactions you perform in Lightning are not recorded in the blockchain, only the final settlement, so they are much more difficult to trace. If you Coinjoin your Bitcoin as described above and then send it to a Lightning wallet and use it through Lightning, you would be achieving very decent levels of privacy. Always look for wallets where you control the funds (they will ask you for the 12 word seed) and that are privacy oriented, for example I like Phoenix wallet because it runs through Tor, that shows you the developers care about your privacy.
Why should you care about privacy and other considerations
This part is more subjective, it is my personal opinion.
Some people will tell you that “you don’t need privacy if you don’t have anything to hide” but I disagree. Think about your email account, you probably don’t have anything incriminating in there, but I assume you wouldn’t want it to be public for everyone to know who you send emails to and what are your preferences, right? It is just your right to mind your own business and nobody should know anything about it if you don’t want to reveal it or if there isn’t any reasonable proof of illegal activities.
Well then think about that through for a second: monetary transactions are much more important than emails, reveal a lot more like of how much wealth you have and what you spend it on and who do you transact with. Are you sure you want this information to be public and linked to your identity?
We are very used to using a peer to peer transfer of money which is absolutely anonymous, which is cash. Don’t you think we should be able to transact in the same way but electronically? Do we really have to put up with a Big Brother system that is controlling every single transaction we do? (like it’s the case with the current banking system?).
Maybe you come from a country where there are less liberties, where you may be prosecuted if you give money to certain causes. Guess what happened to some bank accounts that were accepting donations to support protests in Hong Kong (were closed and owners identified). HK protesters were also accepting Bitcoin but what if you live in China or HK and donated in Bitcoin thinking you are anonymous but you did with an address linked to your identity? Well suddenly you made yourself a target. This is why I’m writing this post, so people stop assuming they are anonymous when using Bitcoin. You can have a decent degree of anonymity but it requires a bit of work and being careful and you should be aware of it. Assuming you are anonymous when you are not is dangerous!
There are some instances where it may not be worth for you to increase your privacy. If the purpose is to buy some Bitcoin in an exchange, have it maybe in a hardware wallet for cold storage and back to the exchange to sell at a future point, maybe it is not necessary for you to anonymise your BTC.
A common question is whether an exchange can consider any Bitcoin coming from a Coinjoin tainted. Personally, I have sent Bitcoin to exchanges after a Coinjoin multiple times and there wasn’t any problem. However, it is a possibility in the future. But I still think it’s ok for a reason: exchanges can just go a number of hops behind when analysing where a transaction comes from. Meaning when accepting incoming transactions they may say “has this been in any tainted activity in the last 5 hops?” so if it is the case you can avoid this blacklisting by just sending to yourself between addresses multiple times, at least more than 5 or whatever is the criteria of the exchange.
An exchange cannot analyse say the previous 20 hops because then they would go out of business, virtually all BTC has been in a Coinjoin or questionable address if you go that far back. And it wouldn’t be an issue to add 50 or 100 hops if you wanted to. Therefore I think if it is the case in the future and exchanges are a bit tighter in this regard, it will just be a game of cat and mouse and will be completely pointless.
Also by transacting in your Bitcoin anonymously you are also helping strengthen it. Fungibility (the fact that each coin is the same regardless of its history) is a great quality of money and is a weak point of Bitcoin in particular. So every time you are performing a Coinjoin or transacting anonymously in other ways you are also making Bitcoin a better form of money and store of value.
Anyway, it is up to you to decide how much do you value your privacy, but at least I hope you have a better understanding of the tools and ways to improve it.