Bitcoin is quasi-anonymous or how to deanonymize Bitcoin users

in bitcoin •  7 years ago 

Is Bitcoin obsolete already?

With this article I'd like to highlight a major issue - Bitcoin's pseudo-anonymity.

Since the appearance of the first cryptocurrency, many people have developed the opinion that using Bitcoin will ensure full anonymity of payments and will not let anyone know the true sender of the coins. But is it? Yes and no.
Just using Bitcoin "on the forehead", without understanding the essence of the network and the mechanics of spreading the transaction, can lead to complete deanonymization of the user.


IP issue


Probably the easiest way to identify the sender of a transaction is to match the bitcoin address or transaction ID from IP. The task of hiding it may seem simple, but everything depends on what degree of anonymity you want to achieve. For example, according to some sources, more than half of the TOR users can be deanonymized easily only on the basis of information intercepted from the output node. In addition, it is possible to bind the identified IP and MAC address of the computer from which transactions were made. That is, even if you send coins from different wallet addresses, you are still reliably identified.

The output is the use of a virtual machine with Electrum wallet installed on it, and not an official bitcoin-core. Plus, interaction with the outside world only through a competently tuned TOR.


Bitcoin mixers headache


Since all transactions in the Bitcoin network are transparent and anyone can track which address the payment was made to, it is necessary to terminate this chain, which connects the addresses of the sender and the recipient. Probably, the first thing a user thinks about who wants to make an anonymous transaction is to drive his coins through a so-called mixer. In short, it is the bitcoin mixer that allows you to "bleach" the media and cut off the connection between the two addresses, mixing your bitcoins with a lot of others. The output is a coin, which was sent from a random address, which is not related to the original address. Everything would be nice if not for one "but" - information about your true face is stored on the server of a mixer, and with a strong desire it can fall into the wrong hands.

No logs...huh?


It would seem, what logs? Mixer sites claim - "No logs at all". But we all understand that this phrase about the absence of logs does not mean anything, to hope for their absence is to deceive oneself.

In fact, the only way to make sure of the absence of logs is to get full access to the servers and databases of the mixer, and personally view everything. But, you know, this option for the average user from the category of fiction. But just the special services or other authorized organizations / persons can fully carry out this, for example, by pressing the bitcoin of the mixer on the owner. Already, he will not want to substitute his ass for the sake of your pair of bitcoins, and with a great deal of probability, the logs will be merged with a few clicks of the mouse, which will lead to the complete deanon of your transactions.


Transaction correlation


The second point, which can deanonimize the bitcoin user of the mixer, is the mapping of all transactions on the network that meet certain parameters.

For example, Comrade X sent to the address 1 BTC Bitcoin mixer, after some time to the specified address by Comrade X arrives about 1 BTC, which has nothing to do with the address of comrade H. But if we open the same blockchain.info, we can View information about all recent transactions that meet the specified filters. That is, no one interferes with finding all the addresses from which about 1 BTC was sent, and very narrow the circle of suspects. And if you know the commission bitcoin mixer, then at all you can calculate the exact number of bitcoins that should be output. All that remains is to find all the addresses from which this amount was sent (excluding addresses of bitcoin mixer, of course). But modern mixers allow setting the time delay and the commission itself, as well as the possibility to specify several addresses for receiving "clean" bitcoins, which can greatly complicate the process of de-anonymization.

Conclusion - the mixer does not give absolute guarantees of anonymity, but is good when used in conjunction with other methods, which we consider below.


Is it possible to buy BTC anonymously?


Since Bitcoin has not yet captured the world, it takes quite a lot of money to buy coins. In most cases, people buy bitcoins through the exchange or various exchangers, paying with a credit card or using electronic money, which in itself can nullify all attempts to keep incognito. Of course, a credit card can be issued for a drop, and an electronic wallet can be taken to a non-existent person, but if special services have started chasing you, it is unlikely that this will be a strong barrier for them.

Naturally, ordinary users do not know whether the stock exchange logs or the exchanger, but with a high degree of probability, the answer will be positive. And if there is an official request from the secret services to provide logs, then these data will be mercilessly merged.


Online wallets stranger things


The problem of online wallets, just like the problem of mixers, is the trust of their data and funds specifically to one person or company, which is completely contrary to the idea of ​​decentralization. When using the online wallet, the owners of this service can, if necessary, provide an IP call in the wallet, and as a maximum, generally withdraw your funds.

To avoid "flashing" your IP (even if hidden behind the VPN), it is worth using TOR. In this case, the online wallet itself must be inside the TOR network, in the onion zone. This will allow you to lose yourself in a crowd of other Tor users, and also eliminate the possibility of theft of your funds on Tor's output node. For example, the same blockchain has an onion mirror.


Epilogue is about TOR


Especially I want to draw your attention to the danger of using Tor'a with untested output nodes. It's no secret that anyone can raise this node, and then just sit and sniff traffic. But it's only half the trouble - it's much more dangerous than the nodes, the owners of which conduct a Man-in-the-Middle attack, and not just log, but also modify the traffic passing through it. In this way, you can protect an inattentive user, or even steal data bitcoin purse (if it is in the "external" Internet). To say that by picking up malicious software, you instantly lose all your anonymity - it's nothing to say. And who knows who you are in that case - a curious "hacker" or an agent of special services.

You can be protected from this by raising your own output relay, or using Tor exclusively as a means of accessing the darknet and hidden services inside the Tor network.

In conclusion, I would like to say that although bitcoin and flagship, but at the moment it is technologically hopelessly obsolete. As a means to store your savings in the form of "digital gold" it is suitable, and for making frequent and anonymous payments - not quite. Now there are much more convenient in use crypto-currencies (Monero, Zcash, Verge), giving incomparably higher degree of anonymity of payments and security of transactions.

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

A few comments about pseudonymity on Bitcoin, and about Tor protocol and how it works.

  1. Hiding your IP address is NOT going to hide your transactions, they're recorded on the blockchain for all to see. It's unlikely you would be actively monitored and someone would be watching and waiting to catch you moving coins - basic forensics is far easier.

  2. Tor exit nodes cannot de-anonymize a user by themselves. They see the destination only, not the originating IP address. The guard relay (first hop of the 3 in a circuit) knows the IP where the request originated, so a user can be de-anonymized via collusion between the guard relay and the exit node. People can choose their entry point to the network for this reason, and it's common to hide your IP address from the guard relay just in case.

  3. Keeping a wallet "inside the Tor network" (wallet service running on onion server) not sure what to say except you're completely trusting an unknown and un-findable anonymous entity with your money. Good luck. Unless you possess the private key, you've got nothing but an IOU.

  4. Biggest dangers with coin mixers is not that server can log the activity, but that they often just steal the money outright. They're highly susceptible to Sybil attacks and they just really don't work well.

Bonus tip: you can get anonymous Bitcoins by mining them :)

Thank you for a very nice feedback and very quality thesises!

download (3).jpeg

You got a 3.01% upvote from @buildawhale courtesy of @equites!
If you believe this post is spam or abuse, please report it to our Discord #abuse channel.

If you want to support our Curation Digest or our Spam & Abuse prevention efforts, please vote @themarkymark as witness.

You got a 2.97% upvote from @postpromoter courtesy of @equites!

Want to promote your posts too? Check out the Steem Bot Tracker website for more info. If you would like to support the development of @postpromoter and the bot tracker please vote for @yabapmatt for witness!