You’re confusing perfect anonymity with perfect anonymizability (if that’s a word). As I said above, no matter what financial network you use, if you leak information that relates your identity to one of the endpoints, you’re boned. Bitcoin is just a transfer system, it doesn’t purport to solve identity privacy, because it does not even store identity (beyond a wallet ID). The reason Bitcoin is anonymizable is that the user has complete control over that linkage. If they choose not to exercise that control, that’s a catastrophic user error, not a weakness of the tech.
Bottom line, Bitcoin is as anonymous as a diligent user wants it to be. If someone starts transacting without educating themselves about how to stay anonymous, then they won’t be. User error.
Kayamori said the attackers may have been able to obtain data such as users’ emails, names, addresses and encrypted passwords.
Liquid is currently investigating whether the attacker also accessed identity documents and photos submitted for know-your-customer verification.
Bitcoin marketplace KeepChange says it has managed to limit the ramifications of a security breach on Sunday. … The attackers did, though, manage to steal some customer data including email addresses, names, trade counts, total traded amount and hashed passwords.
Absolutely 100% sure, and your articles don’t contradict me even in principle. Bitcoin stores zero personally identifying information, and thus cannot leak it.
Your articles were about an exchange. Exchanges are business entities that decide to be a Bitcoin endpoint for your convenience. They don’t promise anonymity, they don’t provide anonymity, they shouldn’t be relied upon for anonymity. At best they provide privacy, but that isn’t enforced by any technology.
Nobody needs an exchange to transact Bitcoin. In fact, if you’re concerned about anonymity, you should not use exchanges. All you need is your own computer.
Taken to an extreme, I’d agree with this, but I’d also argue it’s a rather useless definition of user error.
Bitcoin would not be usable if every user had to take things to that extreme. For the vast majority of users, the use of an exchange or online wallet will be practically necessary and those aren’t going to have perfect security. Nor prevent the ability to deduce information on end users (even if not their identities directly) via transaction history.
It’s true that those aren’t strictly part of the Bitcoin protocol but all the same, putting all that into a bucket called “user error” is pointless. That is tantamount to blaming users for flaws in the design of the algorithm itself.
It’s also very stereotypical engineering/software developer behavior - “well, the user is dumb, it’s not our fault”.
It’s neither extreme nor an overbroad interpretation. Bitcoin is a tool that does exactly what it purports to do. If someone uses it in an off-label manner and expects on-label results, that’s absolutely user error.
Zero users have to use an exchange. Now, if someone just wants to own a bitcoin, and they don’t want to invest any effort in anonymizing or securing it, yes, they’ll need an exchange. But then you’re outside the use case of what Bitcoin purports to solve. If you want it anonymous, you can make it anonymous. If you want brain-dead anonymity that requires nothing of you… Bitcoin isn’t your product. I don’t know of any product that offers that, to be honest.
Delete “strictly”. Exchanges aren’t a part of the protocol at all. They’re ancillary tech. They’re not necessary.
No it’s not, because you haven’t identified a flaw in the algorithm.
It’s stereotypical dumb user behavior to say “I used this product in an off-brand way and it failed. It must be broken.” No, you just used the wrong product for your needs, or failed to read the instructions.
None of those things involve actual control of any cryptocurrency. What you’ve done is give some money to a business that claims to hold cryptocurrency on your behalf, but didn’t actually have to do any transactions on the blockchain. The fees are lower, but you are exposed to the risk that the exchange will lose or steal the coins, or that they were basically a fraud in the first place. Cryptocurrency exchanges as a whole don’t have the best track record on these sorts of issues.
Whatever the credit card that pays in bitcoin is doing, it’s basically offering you some kind of credit bundled with an option on bitcoin that’s settled monthly. No need for any of that to hit the blockchain.
On the topic: I’m looking forward to my MtGox bankruptcy claims being paid out, but I’ve been waiting a while.
Yeah, that was my point - I mean people can send each other Bitcoins and remain anonymous, but as a practical matter there has to be an interface to the outside (non-Bitcoin) world, right? And isn’t a Bitcoin exchange the way you’d convert other currency to/from the Bitcoin world? My question was whether the US government could subpoena a Bitcoin exchange to find out where the dollars/euros went when user xyzzy cashed out his Bitcoins.
I mistyped in my haste. I meant the Bitcoin network, or Bitcoin transactions. Not Bitcoin exchanges that serve as account custodians. Those aren’t part of the spec, or the protocol, or the technology. My fault for misspeaking there, but correcting for that one word, the rest of the posts stand.
It’s a true statement, but it’s not a valid point. Few users are tech-savvy enough to use it. Okay, then maybe it’s not for every user.
If you need to get dollars out of a system, you’re going to identify yourself to a bank, because that’s the law. But, having done so, there’s nothing preventing anyone from creating a one-time personal and private wallet on their secure computer, moving all your exchange money there, and using it as anonymously as you like. The central exchange only knows that user XYZ moved funds to some anonymous wallet that’s unassociated with any user and was never touched again.
Anonymity is harder with exchanges in the mix, but it’s achievable. Yet again, the point is that this degree of anonymity is above and beyond what most people are ever going to ask of a currency, so they should understand that you don’t get that without additional investment of effort.
Only if you want to convert other currencies, for countries that require you to identify yourself.
If the US government got hold of a wallet ID associated with some shady stuff, or they suspected me of some shady stuff, they could subpoena Coinbase (an exchange, specifically my exchange that I use) to ask the question “what person owns this Bitcoin address” or “what is this person’s Bitcoin address at Coinbase.” Note that this isn’t a registry of all wallets… just the ones that Coinbase holds for its customers.
Having gotten that information, now they can look at every single transaction, date, and amount associated with that wallet.
The trouble with that? Nothing requires me to do all my business through that wallet. I send a million bucks to Coinbase to deposit in my Coinbase wallet, then create a one-time anonymous wallet on my own computer, transfer straight to my personal machine, then send the funds to ShadyShit.com, then destroy the one-time wallet. Coinbase now doesn’t know shit about me except that I deposited a million bucks and sent it somewhere that they have no idea what it is.
The authorities can talk to me, they can talk to Coinbase, all they see is that a million bucks went to an address that nobody knows who owns it. If they ask me what I spent a million bucks on, it was an online gambling site in the Maldives that also destroyed the wallet I deposited in (which entities often do, for security purposes). They have no way of proving anything… or even to guess what they want to prove, so all they get to know is what I choose to tell them.
You may be interested in this story from 2 days ago:
Most remarkable, however, is the IRS’s account of tracking down Sterlingov using the very same sort of blockchain analysis that his own service was meant to defeat.
The case shows yet another example of how Bitcoin, once widely believed to be a powerful tool for making anonymous, untraceable transactions, has turned out to be in many cases the very opposite. The blockchain’s ledger of all Bitcoin transactions since the cryptocurrency’s creation has often instead served as a means for law enforcement to trace even years-old transactions.
I keep trying to say that there’s nothing interesting in stories like these. The Bitcoin network is secure; ancillary exchanges aren’t. Want to use an ancillary service to anonymize your coin? Better trust them with your life, because it may very well come to that. But the point is, that isn’t necessary. You are absolutely liberated from that kind of exposure if you want. Nobody had to use Bitcoin Fog. I’m honestly baffled why anyone with a critical security need would outsource it like that.
I feel like the struggle in talking about this is people just can’t get out of the authoritarian money mindset. Folks are accustomed to the social contract of Big Bank managing your security and privacy concerns (well, kind of managing it, except when they lose it), in exchange for the convenience of never having to think about it. Then you look at the crypto-coin world and say “Aha, one of the gatekeepers failed, this system isn’t secure.”
But the point is you don’t need the gatekeepers because the system itself is secure. You’re given absolute reign to secure your own stuff, and your only responsibility is to secure your own stuff. It seems like people’s brains can’t process either side of that contract, which is unfortunate (though understandable). It’s totally different from the forms of banking that people are accustomed to thinking about.
But that first million can be traced as being from you, going to someone’s wallet (Coinbase’s), then to someone else’s (your new wallet), and if ShadyShit.com has been compromised, it’s not that hard to trace it to you. Especially if a pattern was set. Am I understanding that right?
The story is not about Bitcoin Fog users. It’s about the guy running the service himself.
His only business was to ensure the security of bitcoin transactions, yet he didn’t manage to keep his own personal transactions secure.
Perhaps, in some idealized perfect world, bitcoin transactions are 100% mathematically secure. But fortunately or unfortunately, we live in the real world.
Criminals aren’t the brightest tools in the shed. International money-laundering operations add complexity and points of failure that 99% of the world will never need to manage.
Bitcoin transactions are 100% mathematically secure in the real world. You can dig up articles all day about failures of ancillary exchanges outside of bitcoin, or of a person who misused it and came to some sort of misfortune. It doesn’t change the fact that the it always does what it’s supposed to do, every time, if used as directed.
And by the way, not that it really matters, but the coin that exposed him wasn’t bitcoin, it was some defunct thing called Liberty Reserve. He knew he tied his identity to it and he connected it to his crime ring anyway. shrug. No way to be sure what really happened, but it sounds like user error.
1 million USD goes from my Wells-Fargo account to my Coinbase USD account
1 million USD is debited from my Coinbase USD account and deposited as 18.85 BTC to my Coinbase BTC wallet.
I sent 18.85 BTC from my Coinbase wallet to a mystery wallet. It’s actually a one-time wallet I created on my PC, stored on a USB drive. But if you don’t tell anybody, then nobody will know. I’ll tell investigators it was a fly-by-night gambling site, and it flew, and I lost everything.
The mystery wallet sends 18.85 BTC to a wallet on ShadyShit.com. Or an orphanage for blind puppies. You pick.
Psych! I’m not that stupid, I won’t send exactly 18.85 BTC. Maybe the feds are onto me, maybe they’re actually runningShadyShit.com. Unlikely, but possible. I’ll break this transaction into amounts that don’t match what I drew from Coinbase.
Having made the transfer, I now remove my temporary private wallet (on a USB) from my computer, smash it with a hammer, put it in a jar of pickle juice, and microwave it on high for 6 weeks. The wallet was already anonymous and untraceable, and now it is simply gone.
If someone’s monitoring the outflow of ShadyShit.com and notices 18.85 going out? Doesn’t matter. Bitcoins don’t have ID or serial numbers. Now, as I said, no way I’m transacting the exact amount I did on Coinbase, simply out of paranoia, but in reality it’s not important.
From what investigators can see, there’s nothing suspicious about any of this. But let’s say I’m not of squeaky clean character, they’ve had their eye on me. Maybe a million bucks tripped a red flag. “We’re curious about that mystery wallet and the 18.85 BTC. Who was the payee and what was that money for?” I answer “I have a serious gambling addiction, I moved it to a sketchy gambling site in the Caymans and they stole it all, please sir won’t you help me catch the bad men who stole my bitcoins?”
They won’t believe me, and they won’t like it, but unless they have side-channel evidence like email (not happening), or my counterparty knows my identity (also not happening), they’ll have to take my word for it.
Clear enough? This was longer than it needed to be, because I tried to make it entertaining and approachable.
You know, the more I think about this, if a person like me can do what I’ve described above, bitcoin probably is a net negative to society.
Since Bitcoins [I am only familiar with the 2008 paper] are not designed for any kind of anonymity, I do not see what the mathematical problem is. The only thing supposed to be “mathematically secure” is the cryptography ensuring people can’t steal your coins unless they know the secret key.
I do not think the existence of anonymous fungible cash (like banknotes) is a problem in and of itself, but the fact that you might go through such shenanigans as described above is a negative point specifically for bitcoin. If you want to be able to be able to send some sort of e-coins to unpopularpoliticalparty.org anonymously, clearly bitcoin is not facilitating that, while a system designed from the ground up to support untraceable payments could.
It need not have to be easy to launder large amounts of dollars into e-money. Whomever you paid a bar to buy bitcoins had to fill out a bunch of paperwork, same as if you got a backpack full of $100 bills from your bank branch or went to a jewelry store and bought diamonds. But it does seem like a net negative if bitcoins are appealing to money launderers and tax evaders but not to the person who might like an alternative to whatever network their debit card is currently on (maybe they don’t want their bank to know how much they spend on what groceries and sell that information to Google).
Sorry if I’m repeating anyone, but there was too much to read. I just read a few of the earliest and latest posts.
The value of bitcoin really is in what it represents and what it popularized. It showed that cryptocurrency could (basically) work. And it popularized the concept of the blockchain, which has many potential applications.
And right now, it’s still the biggest cryptocurrency, so it’s still playing a role in representing that form of investment (though of course, if it were to disappear tomorrow, one of the others would likely dominate, and would probably be better. But you have to give credit to bitcoin for adequately doing that job for now)
I would have no issue with governments or international bodies from deciding that the energy waste is unacceptable and bitcoins could no longer be mined or whatever. I have no idea of the technical or legal issues with pursuing that goal, just saying logically and ethically ISTM just like energy or pollution regulation on lots of industries and consumer appliances.
I think the issue here is Bitcoin feature creep. Most of the “old” users wanted privacy, and had technical skills. They weren’t supposed to trust third parties like banks or exchanges and used cold wallets or “paper” wallets. Most “current” users just want to treat Bitcoin like an investment, and so they use exchanges as if they were banks, and if the exchange requires KYC they comply. Any ordinary investment bank has to know who its customers are, after all. These newer users are not so tech-literate either.
So while Bitcoin transactions can be private, I think the majority are not, since now most users aren’t that interested in privacy or are not as capable of following privacy tech rules.
This is correct, the designed security is intended to protect theft of coins between the wallets (implying that it’s on the user to secure their wallet, as must be done with any financial secret with any bank).
You’ve described the situation accurately, but it’s not accurate to call it feature creep. Bitcoin hasn’t much changed, and certainly not with regard to user friendliness. If anything, it’s hype creep, with people getting so blinded by greed that they skim misleading headlines like “bitcoin absolutely untraceable” and dive in without doing due diligence.
Any investment banker, or any banker, will tell you this. Every financial risk requires due diligence of all parties involved. Tulip bulbs are tulip bulbs, everyone knows what they are, but it’s on you to determine if the hype seems worth the risk. If it collapses and loses money, you can’t really blame the tulips for just being tulips.
With regards to anonymity, it’s better to say that Bitcoin wasn’t designed to be anonymous, it was designed to be democratic. That is, the participants of the network aren’t banks or gatekeepers who can snoop or regulate. The participants are you and me. We need no third parties, we don’t even need websites, just your wallet and mine. If we want to be anonymous, nobody can stop us.
That democratic nature makes it anonymizable, like email or any other neutral communications protocol. If you want to anonymize it you can. If you don’t, then you don’t get anonymity.
