Can Crypto Be Private? Bitcoin’s Public Ledger in an Age of Increased Surveillance
Data breach monitoring and prevention service Under the Breach recently reported on Twitter that a hacker was selling customer databases from Trezor and Ledger — two of the most popular cryptocurrency hardware wallet manufacturers. The data was allegedly obtained via a Shopify exploit.
While passwords or direct access to users’ cryptocurrencies were not being advertised, the hacker claimed to have personal identification information — including email addresses, names, phone numbers and residential addresses — for upwards of 80,000 users. This information could, in theory, be used to deanonymize crypto wallet addresses and trace user activity, among other things.
Though Ledger and Trezor have both claimed that the information for sale is a hoax, the issue of blockchain privacy has once again been raised. Just how private are your cryptographic transactions on Bitcoin and distributed public ledgers — and how concerned should you be in an increasingly-less private world?
Bitcoin (BTC) transactions are immutably recorded on a distributed public ledger — meaning all transactions are permanently stored on a decentralized network that is publicly viewable to anyone with an internet connection. Along with being permissionless — anyone can access the network— and uncensorable — no one can reverse or delete transactions — the transparent nature of the first and foremost cryptocurrency is, in a sense, its foundation.
However, some believe Bitcoin’s public ledger will actually be its downfall.
Famous United States National Security Agency (NSA) whistleblower Edward Snowden once stated that Bitcoin’s “much larger structural flaw, the long-lasting flaw, is its public ledger.” Speaking at a Blockstack event in March 2018, he claimed that “you cannot have a lifelong history of everyone’s purchases, all of the interactions be available to everyone and have that work out well at scale.”
While the widespread tracing and cataloging of transactions on the Bitcoin blockchain may seem like a monumental task in the present, future technological advances could make it increasingly realistic. A massive and immutable ledger of pseudo-anonymous transactions today could conceivably become a goldmine of deanonymized transactions tomorrow.
This idea is especially relevant when considering how one must interact with bitcoins — via third-party applications, like wallets and exchanges. Most users are required to provide proof of their personal identity in applications to buy and sell cryptocurrency for fiat money — primarily, exchanges.
Given that all the transactions made with any particular Bitcoin address are visibly connected, any cryptocurrency exchange abiding by know-your-customer (KYC) regulations (meaning it requires a personal ID to use its services) has access to both a user’s personal identity and their transaction history. The exchange can, with relative ease, provide the identified user’s transaction history to a government, upon request.
The immutable and public aspects of Bitcoin’s blockchain are particularly problematic when one considers the history of government surveillance and the role government regulators may play in the future. In fact, some documents from Snowden illustrate that the NSA was targeting Bitcoin users worldwide as early as March 2013.
In more recent years, providing blockchain analytics and tracking services to governments has proven to be a lucrative business. One firm, in particular, has received at least $10 million in U.S. taxpayer funds to help the government fight against crime that involves cryptocurrencies. Called Chainalysis, the company provides blockchain analysis tools to governments (as well as compliance tools to crypto firms) with the goal of, as its co-founder stated in a recent interview, “preventing bad actors from abusing cryptocurrencies.”
The firm has lucrative deals with the Internal Revenue Service (IRS), Transportation Security Administration (TSA), U.S. Immigration and Customs Enforcement (ICE) and the Federal Bureau of Investigation (FBI), among other departments and agencies. Another firm, called CipherTrace, has also received millions of dollars to provide services in the same vein as Chainalysis — though, with more of a research-and-development focus.
The financial incentive for blockchain analytics firms is, according to long-time financial tech journalist Jamie Redman, unlikely to decrease as we progress into the future. He explained to OKEx Insights in comments this week:
“Today, there are more than 20 different blockchain analysis firms that offer all types of on-chain analytics and surveillance. In 2013-2014, these companies just started to appear, and it wasn’t as large and as lucrative as it is today […] As long as governments exist they will continue to scale blockchain surveillance.”
Though governments had made efforts to track illegal activity involving Bitcoin previously, they first took earnest strides to track Bitcoin transactions after husband-and-wife academic team Philip and Diana Koshy published their findings in 2014 — mapping roughly 1000 BTC addresses to IP addresses. In fact, it was IP address tracking that helped the FBI catch darknet marketplace Silk Road’s creator and operator, Ross Ulbricht, the year before the study was published. Ulbricht is currently serving double life imprisonment.
Of course, it is not only law enforcement that has taken an interest in attaching identities to cryptocurrency addresses. Criminals also may use this information to exploit individuals and companies. One way they do this is via dust attacks.
Dust attacks transpire when a wrongdoer sends “dust” — very small amounts of BTC or another cryptocurrency — to a user’s personal wallet. The amount of cryptocurrency sent is often so small that the receiving user may not even notice it. Next, if the unsuspecting user then spends that tiny amount of crypto, this allows the attackers to attempt a combined analysis in an effort to identify the person or entity behind each associated wallet address.
If the attackers are successful at associating a personal identity with a crypto address, they may use that deanonymized information to trace the affected user’s behavior and perform cyber-extortion, among other malicious acts.
If you have recently received a very small amount of BTC in your wallet unexpectedly, you may be the target of a “dusting attack” designed to deanonymise you by linking your inputs together – Samourai users can mark this utxo as “Do Not Spend” to nip the attack in the bud. pic.twitter.com/23MLFj4eXQ
Awareness around the fact that someone’s Bitcoin address can theoretically be connected to their personal identity and/or IP address is arguably growing, despite persistent representations of Bitcoin in media as the currency of choice for criminals. Even Bitcoin’s creator, Satoshi Nakamoto, was aware of this weak link in the network’s pseudo-anonymous nature.
In 2010, Bitcoin’s anonymous creator advocated for the use of Tor, free and open-source software that enables anonymous communication while defending against web tracking, surveillance and fingerprinting by using multi-layer encryption. Nakamoto wrote at the time:
“If you send by IP, the recipient sees you because you connect to their IP. You could use TOR to mask that. You could use TOR if you don’t want anyone to know you’re even using Bitcoin. Bitcoin is still very new and has not been independently analysed. If you’re serious about privacy, TOR is an advisable precaution.”
Bitcoin.org, an open-source project originally registered by Nakamoto, also warns against the possibility of having users’ IP addresses logged and recommends using Tor. The website’s “Protect your privacy” section explains:
“Because the Bitcoin network is a peer-to-peer network, it is possible to listen for transactions’ relays and log their IP addresses. Full node clients relay all users’ transactions just like their own. This means that finding the source of any particular transaction can be difficult and any Bitcoin node can be mistaken as the source of a transaction when they are not. You might want to consider hiding your computer’s IP address with a tool like Tor so that it cannot be logged.”
Though Tor comes recommended from both Bitcoin’s creator and bitcoin.org, it is not the only means to increase one’s privacy while using BTC or other cryptocurrencies.
Perhaps the easiest way to increase one’s level of privacy when interacting with Bitcoin is to always use a new address when receiving BTC. Additionally, it is useful to personally associate different wallets (or, at least, different addresses within those wallets) with different purposes — i.e. spending, long-term savings, etc.
By using fresh addresses for every transaction, senders are unable to associate a user’s receiving address with all of the addresses — and thus Bitcoin — owned by that user. This keeps all transactions associated with the separate addresses outside of their purview.
Bitcoin mixing services, such as CoinJoin, effectively combine multiple Bitcoin payments from multiple users into one single batched transaction. By doing this, those outside of the transaction have a significantly more difficult time identifying which spenders sent BTC to which recipients.
Perhaps the most famous usage of CoinJoin comes from Wasabi — an open-source, non-custodial Bitcoin wallet with an intense focus on privacy. Using “Chaumian CoinJoin,” Wasabi shuffles bitcoins and provides anonymous transfers.
CoinJoin transactions have only increased in number as time has gone on. According to CoinJoin developers, May 2020, alone, has seen more than 70,000 bitcoins obfuscated — worth more than $600 million, according to prices at the time of this writing.
Free software entrepreneur and Wasabi contributor Max Hillebrand confirmed in a conversation with OKEx Insights this week that these numbers are “pretty accurate,” though there are likely some false positives, and that Wasabi sees roughly 10,000 fresh bitcoins (previously not CoinJoined) every month. “It’s very promising to see that these numbers are growing so steadily,” he said.
Though anonymizing ones bitcoins has apparently grown in popularity, cryptocurrency exchanges are not terribly keen on the practice due to compliance concerns with government’s anti-money laundering (AML) regulations. Binance, for example, has been known to freeze bitcoins that have been mixed in the past — something Hillebrand told OKEx Insights is a cowardly practice and constitutes user harassment. “In these cases,” he explained, “the company is harassing users who value and protect their privacy.”
An additional risk of mixing services, in general, is that the user must trust the individuals running them. In theory, it could be possible for those operating some mixing services to steal users’ funds or keep a log of their requests. Wasabi, however, can neither spy or steal from users, according to Hillebrand.
While Bitcoin remains only pseudo-anonymous, at best, there exist other cryptocurrencies that make tracking user behavior virtually impossible through various techniques.
Zero-knowledge proofs are mathematical methods that assist in the brokering of sensitive transactions that demand increased privacy and security. They have long existed in the world of cryptography, making them interesting for privacy-focused cryptocurrency enthusiasts.
Zcash (ZEC) is undoubtedly the most famous cryptocurrency to use zero-knowledge proofs in an implementation called zk-SNARKs. The technology permits fully-encrypted native transactions that are still verifiable.
Monero (XMR) is one of the most well-known privacy-centric altcoins in the cryptocurrency space.
The privacy coin uses a triangular distribution method to form a ring of signatures, instead of one signature. This renders transactions virtually anonymous since a third-party cannot identify which signature from a group of signatures belongs to which specific individual.
Additionally, the network cannot differentiate between spent or unspent outputs. This ensures that every transaction output has plausible deniability.
Mimblewimble is a type of blockchain design that allows for increased privacy and scalability while using the proof of work (PoW) consensus mechanism. In essence, it allows for confidential transactions — only in a way that is separate from zero-knowledge proofs or ring signatures.
What makes Mimblewimble unique is that it does not provide any identifiable or reusable addresses to users. As such, someone outside of a transaction’s participants cannot make sense of any visible data. Because blocks on a Mimblewimble blockchain appear as one large transaction, as opposed to a collection of multiple transactions, it is virtually impossible to link individual inputs and outputs.
Most believe that implementing Mimblewimble into Bitcoin would be too difficult a task to accomplish — though it is theoretically and technically possible. Instead, most development pertaining to the privacy-centric blockchain type has taken place on altcoins like Grin and Beam. Litecoin (LTC) creator Charlie Lee has also expressed interest in implementing Mimblewimble to LTC.
Though the privacy flaws inherent to Bitcoin are continually becoming more apparent, it stands to reason that privacy may not be the dominant cryptocurrency’s end goal, at least for some. While critics like Snowden argue that its immutable public ledger is problematic, some, like Redman, believe that may be overstated. “There are good aspects to a transparent ledger, just as there are bad aspects,” he explained to OKEx Insights. “It’s all about your perspective.”
Hillebrand, meanwhile, believes the distributed public ledger is Bitcoin’s biggest strength. He told OKEx Insights:
“For me, privacy is not the end goal. Defense of my property rights is my end goal. Privacy is a strategy that makes defense more effective. So, the public ledger of Bitcoin is its biggest strength because it allows me to verify the total money supply and, thus, this is a defense against unwanted inflation.
If we would have a perfectly anonymous monetary system, where some entities can increase the money supply anonymously — like early eCash — then my end goal of property rights defense is broken. Then I no longer care about privacy, as I have already lost the battle.”
Referencing technologies and practices that can make Bitcoin transactions more private — such as those discussed above — Hillebrand continued:
“So, having a verifiable public ledger of pseudonymous identities, and then utilizing tools to ensure that the pseudonyms are not linked, is, in my opinion, ‘good enough.’”
As governments around the world continue to encroach further and further into individuals’ lives and more and more privacy is willingly given up, crypto anarchists like Hillebrand believe that Bitcoin’s importance will not diminish. Rather, for those who value personal freedom and responsibility, according to the entrepreneur, it is the best tool for holding and transacting money. He told OKEx Insights: “Don’t beg for permission. Claim your sovereignty.”
OKEx Insights presents market analyses, in-depth features and curated news from crypto professionals.
Follow OKEx Insights on Twitter and Telegram.
Cryptocurrencies make a solid comeback in India despite a hostile environment
Indian investors are back in the cryptocurrency game and how.
There has been a sharp increase in trading volumes on cryptocurrency exchanges in India since March 5, when India’s supreme court quashed a Reserve Bank of India’s (RBI) circular that barred banks and other financial entities from providing services to virtual currency dealings.
Trading volume on Mumbai-based WazirX, one of India’s leading crypto exchanges, rose 400% and 270% month-on-month in March and April, respectively. Now, the exchange is facilitating around 60 million trades per day as compared to 20 million before March.
WazirX, which was acquired by global exchange Binance in November last year, is also seeing an uptick in new sign-ups and active users, said founder and CEO Nischal Shetty.
For Bengaluru-based global exchange aggregator CoinSwitch, April was the best month since inception in 2017. “Our Indian user base went up by 158% in April,” said Ashish Singhal, CEO of CoinSwitch. “Trading volumes in Indian rupees have shot up to 12-15 million each day from around 5-7 million prior to the supreme court order.” The company, which currently gets around 10% of its users from India, expects this number to rise in the coming months.
The past two years were a nightmare for crypto exchanges in India. After the RBI’s decision in April 2018, the virtual currency ecosystem in the country nearly choked, leading to several exchanges, including prominent ones like Koinex and Zebpay, shutting shop. A few others shifted outside the country to survive the onslaught.
But those who weathered the storm are now back in full swing. The high demand over the past couple of months has proved that Indians have an appetite for cryptocurrencies, and exchanges are planning to tap the market more efficiently.
For instance, CoinSwitch is creating a tailor-made mobile app called “CoinSwitch Kuber,” which will be exclusive for Indian users. “People can buy and sell over 100 cryptocurrencies easily using Indian rupees. Earlier, users could trade only by using base currencies like Bitcoin,” said Singhal.
Reflecting its commitment to the country, Malta-based global exchange Binance, in tie-up with WazirX, announced on March 17 a $50 million fund to promote the adoption of blockchain technologies in India.
Increased activity in the Indian crypto market has also drawn the attention of global venture capitalists (VCs) who are trying to understand how they can participate in the boom, Shetty of WazirX said. “They have realised that a lot of startups are mushrooming and they want to be the early movers,” he said. “In the US, there are huge investments taking place (in crypto startups) since 2010, which will also happen in India.”
All this attention is great, but experts warn that there are still obstacles for cryptocurrencies in India.
Despite the supreme court’s order, some Indian banks continue to be reluctant to support virtual currencies. “Some banks are co-operating with us, while some are still hesitant,” Singhal of Coinswitch said.
The reason for this resistance could be due to a lack of clear norms from the RBI as well as the anonymous and speculative nature of cryptocurrencies. “Banks are concerned about the relative anonymity of cryptocurrencies and how they could be a safe harbour for illicit activities,” Anirudh Rastogi, founder of Ikigai Law, a technology-focused law firm. “By providing services to crypto exchanges and traders, banks think they are opening themselves to a risk of regulatory scrutiny.”
The records of virtual currencies are kept on an open-ledger but the anonymity of owners can create problems. This means cryptocurrencies could be misused to transfer illegal money or evade taxes.
The RBI must intervene to reassure banks and clarify that they can support crypto businesses and trade, he added.
Another hurdle for crypto exchanges to operate smoothly in India is the central government’s hesitancy, including the draft “Banning of Cryptocurrency & Regulation of Official Digital Currency Bill” (2019), which was floated in July 22, 2019 and suggests a ban on all virtual currencies in India.
Until the RBI and the government have a change of heart, the path for the cryptocurrency ecosystem in India will remain difficult.
Author: Prathamesh Mulye
US crypto exchange Gemini and Samsung integrate to allow millions access cryptocurrency
Samsung and Gemini’s partnership will make it easier for over 4 million users to buy Bitcoin throughout North America.
Gemini, founded by Cameron and Tyler Winklevoss, has announced a partnership with South Korea’s electronics giant, Samsung.
This marks a first for any US-based cryptocurrency exchange to form such an alliance. According to the announcement, the deal between Gemini and Samsung means that more than 4 million users in the US and Canada can now buy and sell crypto using the Samsung Blockchain Wallet.
Samsung’s crypto wallet is non-custodial, available for use on the Samsung Galaxy S10 and S20 models. Users of the wallet will have access to Bitcoin and a selection of other digital assets for trading via the Gemini exchange.
Users will now have the ability to view their account balances on Gemini as well as move their holdings into more secure cold storage devices.
“We are proud to be working with Samsung to bring crypto’s promise of greater choice, independence, and opportunity to more individuals around the world,” Gemini CEO Tyler Winklevoss said in a statement.
Tyler also noted that “crypto is not just a technology, it is a movement.”
Crypto has seen its march towards mass adoption curtailed by several factors, chief among which, is how difficult it has been for some people to buy, sell, and store their Bitcoin.
Over the past few years, Samsung has made inroads in the sector. Last year’s Blockchain Keystore was just one of the developments that could make mass adoption a reality. The technology gives control over data to consumers via a platform that simplifies management and the securing of digital keys and personal data.
The integration of Gemini and the Samsung Blockchain Wallet also lowers the entry barrier.
Gemini’s managing director of operations, Jeanine Hightower-Sellitto told Forbes that “being able to store crypto directly on their phones lowers another barrier to entry,” for millions of people across North America.
The partnership between the US-regulated exchange and the Korean giant comes at a time when more and more people have looked to buy Bitcoin.
Although cryptocurrency exchanges have seen their Bitcoin reserves reduce as users move their funds, most likely into cold storage, there has been an increase of wallet addresses.
Wall Street has also seen an uptick in interest, with Grayscale Investments buying more and more for its institutional investors. Yesterday, US exchange Coinbase announced it had acquired prime brokerage platform Tagomi as it looks to attract more institutional investors.
Author: Benson Toti