Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Bitcoin The Almighty Buck

Bitcoin Perfectly Anonymous — Until You Spend It 147

jfruh writes "One of the great attractions of Bitcoin as a currency is that it's completely secure and anonymous. But according to researchers (PDF) from UC San Diego and George Mason University, that anonymity starts to vanish the minute you exchange bitcoin for real-world items or conventional currencies. The researchers tracked transactions across the Bitcoin ecosystem and found points where it would be easy for a government with subpeona power to find the identity of a Bitcoin user. They also concluded that the currency wasn't especially attractive for money-laundering purposes." Graph theory explains many things.
This discussion has been archived. No new comments can be posted.

Bitcoin Perfectly Anonymous — Until You Spend It

Comments Filter:
  • Of course. (Score:4, Insightful)

    by ls671 ( 1122017 ) on Wednesday August 28, 2013 @12:22PM (#44697961) Homepage

    Of course, nothing is really anonymous. It is just a cat and mouse game.

    • by wbr1 ( 2538558 )

      Of course, nothing is really anonymous. It is just a cat and mouse game.

      Nothing is really anonymous either. Just look at all the 'hacked' exchanges or a 51% attack.

      • Re: (Score:3, Funny)

        by Anonymous Coward

        Of course, nothing is really anonymous. It is just a cat and mouse game.

        Nothing is really anonymous either. Just look at all the 'hacked' exchanges or a 51% attack.

        And furthermore, nothing is really anonymous.

        • by wbr1 ( 2538558 )
          Meant to say secure but was rushing.
      • by Anonymous Coward

        I was under the impression that a 51% attack had more to do with cheating at mining blocks, not anything to do with anonymity.

    • I don't think I really care if it is anonymous or not. Anonymity is quite useless if you are buying real world goods. Even sending items to a 3rd Party P.O. box gives some hint as to identity.

      • Re:Of course. (Score:5, Interesting)

        by lgw ( 121541 ) on Wednesday August 28, 2013 @01:03PM (#44698359) Journal

        I'm unsure why people think Bitcoin is any kind of anonymous in the first place. Every transaction must be widely published for processing (in theory, ever miner can see every transaction). The entire money flow, every transaction worldwide, is known. Does anyone still think the NSA doesn't know every bitcoin transaction ever processed? Does anyone still think an IP address (with timestamp) is anonymous in any way?

        The only anonymous in Bitcoin transaction is one where you hand someone the "wallet". Transferring your secrets, especially by hand, is as anonymous as handing cash to someone, but that's not really the intended model, or a particularly useful one.

        • by geekoid ( 135745 )

          Just a heads up: The leaked NSA document showed us that the NSA is far more limited then we had thought.

          So no, the NSA doesn't.

        • by tnk1 ( 899206 )

          The hand to hand method *could* be useful to launderers or certain types of black marketeers. One of the ways in which governments are controlling the use of cash as a method of serious transaction is by making sure that only relatively small denomination bills exist. For those that are larger, there are fewer and they are more closely tracked.

          With a bitcoin "wallet" transferred manually, you do lose much of the convenience of having a computer generated currency like that, but you have the increased abil

          • double spend. (Score:2, Insightful)

            by Anonymous Coward

            The problem with passing someone a wallet (or single private key) is that the recipient has no guarantee that you did not save a copy somewhere. And if you did, then you can spend the funds at any time.

            So the only way it can really work is if the recipient immediately sends the funds to another address while both parties are present, or the recipient 100% trusts the other party.

            This is the double-spend problem that makes decentralized digital currencies a hard problem and that bitcoin mining solves.

            • by tnk1 ( 899206 )

              That is a good point. It could turn into one of those Hollywood movie scenes where they sit around for awhile lounging around in their meeting location waiting for the "funds to check out". And then the heroes show up and save the day. Or something.

        • by Teancum ( 67324 )

          The only anonymous in Bitcoin transaction is one where you hand someone the "wallet". Transferring your secrets, especially by hand, is as anonymous as handing cash to someone, but that's not really the intended model, or a particularly useful one.

          That is how the physical bitcoins themselves work. The authentication keys are printed on the note or physical coin which can be converted back to electronic currency at any time by the recipient. They can also be verified during each transaction for the paranoid, even though there is an element of trust involved.

          There is also the "sneaker net" version of bitcoin transactions which also could work as well, for at least exchanging bitcoins from one person to another if you want to perform "off-grid" transa

          • by pne ( 93383 )

            That is how the physical bitcoins themselves work. The authentication keys are printed on the note or physical coin which can be converted back to electronic currency at any time by the recipient.

            That's half of it; the other half is that the keys are only visible after removing a tamper-evident cover. That's the part that lends confidence to the fact that the coins cannot have been spent already and that only the person removing the cover knows the key. (Well, they and the person who minted the coins and "loaded" them -- but not the previous owner of the physical coin.)

    • The only way to be anonymous is to not have a name. Like the mouse.

    • Someone I knew said: "This is the Internet. No one is annoumus here."
    • In practical terms, buying things with cash is anonymous unless the transaction generates a paper trail or any recording isn't erased-over before someone looks at it or copies it.

      Sure, currency usually has serial numbers and coins are relatively easy to lift fingerprints from, but I'm talking the practical, everyday world of buying groceries, etc. Yes, if the grocery store is robbed 10 minutes after you shop there, the police will probably see you on the security-camera playback. But in most cases, those

  • by Anonymous Coward on Wednesday August 28, 2013 @12:25PM (#44697995)

    Check it out, https://bitcointalk.org/index.php?topic=279249.0

  • Just like IRL (Score:3, Insightful)

    by atom1c ( 2868995 ) on Wednesday August 28, 2013 @12:26PM (#44697997)

    You can live a cash-only life in hopes of improving your odds at general anonymity, but every time you stand in front of a CCTV camera you are exposing yourself to the world.

    • by gstoddart ( 321705 ) on Wednesday August 28, 2013 @12:34PM (#44698087) Homepage

      every time you stand in front of a CCTV camera you are exposing yourself to the world.

      No, the judge was very clear that I'm not allowed to do that any more.

      • by Anonymous Coward

        Just wear a mask... the current rev of penile recognition software isn't accurate (especially with small targets)

    • Re:Just like IRL (Score:4, Interesting)

      by invid ( 163714 ) on Wednesday August 28, 2013 @12:52PM (#44698235)
      Just wait until it is mandatory for vendors to scan currency serial numbers at every transaction.
      • by invid ( 163714 )
        And then swab for DNA.
      • Re:Just like IRL (Score:5, Informative)

        by lgw ( 121541 ) on Wednesday August 28, 2013 @01:07PM (#44698385) Journal

        Most people don't realize it's already mandatory (in the US) to scan currency serial numbers at every large transaction with a financial institution. The government is content with that, so I assume it gives them all the power they need, or they'd demand it of all merchants.

        • Most people also don't seem to realize that large scale merchants already scan currency serial numbers for the purpose of tracking your purchases.

          • by lgw ( 121541 )

            But at least they're not required to, and they only hand over that information to the government when the government asks them to!

          • [citation needed]

            I have NEVER seen any cash I've handed over scanned as it went into the till of the cash register. Once it is there, there is no way for them to track a specific bill from the drawer back to me, especially if it's given to the next person in line as change.

            I call BS.
            • I did a little bit of software work for a company that did that. They scan outbound from ATMs, and inbound from cash registers as money is turned in. They use data mining to locate likely(marketers don't care about being absolutely right) repeat buyers, whose identities they get from the banks.

            • When they empty the tills it's logged and categorized. If they don't resort the bills they know what time you were there.

              So the government know where you shopped, and can find out when.

              Since they're usually interested in: large foreign monies (payoffs to dictators, emptied cayman bank accounts etc.), or local tracking which means you got the money out of another bank machine.

              They have a pretty good idea.

              Comparatively Bitcoin allows the retailer to create as many accounts as they want, anonymously to
    • by bmk67 ( 971394 )

      You can live a cash-only life in hopes of improving your odds at general anonymity, but every time you stand in front of a CCTV camera you are exposing yourself to the world.

      I expose myself in front of school yards, you insensitive clod.

  • Two Comments (Score:3, Interesting)

    by Anonymous Coward on Wednesday August 28, 2013 @12:29PM (#44698031)

    1. If you mine them with a pool, and connect your wallet client to the net via a proxy or VPN, they may as well be anonymous.
    2. There are bitcoin laundering / "tumbling" services available.

    • 2. There are bitcoin laundering / "tumbling" services available.

      Just because the services are available, that doesn't mean they're actually useful or effective.

  • No ... and No (Score:1, Interesting)

    by Anonymous Coward

    "One of the great attractions of Bitcoin as a currency is that it's completely secure and anonymous."

    No it isn't, and no it isn't.

    • by Anonymous Coward

      "One of the great attractions of Bitcoin as a currency is that it's completely secure and anonymous."

      No it isn't, and no it isn't.

      Unless your pseudonym is "Satoshi Nakamoto" [wikipedia.org]. In that case you're anonymous.

  • by gstoddart ( 321705 ) on Wednesday August 28, 2013 @12:30PM (#44698053) Homepage

    So, you mean if I have a transaction for $576.23 from Bob's Porn emporium, someone can sift through the transactions for $576.23 and figure out that was me?

    Well, color me completely un-surprised. I'm not sure I've ever believed it was anonymous -- aren't the signatures of everyone who ever spent it tacked onto it?

    • by Teancum ( 67324 ) <robert_horning@nOsPAM.netzero.net> on Wednesday August 28, 2013 @12:50PM (#44698225) Homepage Journal

      So, you mean if I have a transaction for $576.23 from Bob's Porn emporium, someone can sift through the transactions for $576.23 and figure out that was me?

      Well, color me completely un-surprised. I'm not sure I've ever believed it was anonymous -- aren't the signatures of everyone who ever spent it tacked onto it?

      It isn't quite that, but it is more. Most people use the same traceable money pool where you can trace multiple transactions and use that to track people down. It isn't just Bob's Porn Emplorium, but also noting that from the same pool of bitcoins a transaction took place to Steve's Marijuana Farm, Sally's Whorehouse, and Chuck's Supermarket in Podunk, Kansas. That same pool of Bitcoins might have also received money from several people who are also all blood relatives.

      The point is that each individual bitcoin can be traced from the first work unit where it was "mined" and be followed to every transaction where it was used. Anonymity happens if you change hash values (as individual users can use new public/private pairs to claim individual bitcoins), but it isn't perfect. It still can be traced to show how similar pools of coins are used for related transactions and can be eventually used to identify people.

      • Why couldn't there be a "washing bank", where coins are co-mingled and exchanged for equal amounts, minus transaction fee?

        What I imagine is that on a periodic or regular basis, you trade your serialized bit coins to a "wash bank" for a "bit coin count" and then withdraw the equal value of new coins (some of which may be yours returned), to spend. If you have enough people washing their coins in such a bank, the bank could then be an anonomizing service.

        I "deposit" 100BTC into the wash bank, get a notice of

        • They already exist. The fee is a fraction of a BTC.
        • Re: (Score:3, Insightful)

          If they can prove that your bitcoin came from the money laundering bank, they got you for money laundering. No link to the original crime necessary for that, since money laundering is a crime itself. They'll probably also find hints about the true origin when they study your confiscated computers.

          • What "original crime?" It's probably worth examining/repealing ML laws, though, if THAT is the original crime. I had no idea it was against any law to give someone 4 quarters for a dollar.
            • It isn't. But it is a crime to knowingly accept money gained through criminal activity, and to launder it for the purpose of obfuscating that fact. So anyone running "BitCoin laundry" is doing exactly that - providing a service where they deliberately blind themselves to possible criminal activities of people asking for the service.

              A big part of financial regulations is that once you hit a certain size and scope of operation, you have to demonstrate you take reasonable measures to identify that the money yo

          • by Teancum ( 67324 )

            If they can prove that your bitcoin came from the money laundering bank, they got you for money laundering. No link to the original crime necessary for that, since money laundering is a crime itself. They'll probably also find hints about the true origin when they study your confiscated computers.

            Which is why you would use a legitimate exchange or some other website that "holds" your bitcoins temporarily for some sort of speculation. Mt. Gox used to be a perfect site for something like that as it was commonly used for things far beyond just laundering the coins.

            I would envision that eventually there will be some legal requirements for anybody running such websites that will require some formal authentication even to just "day trade" on the exchange. Some of the exchanges formerly allowed you to jo

          • Money Laundering is about taking illicit funds and making them legit. My wash bank idea doesn't do that. It anonymitizes the bit coins, breaking the chain of ownership.

        • by lennier ( 44736 )

          Why couldn't there be a "washing bank", where coins are co-mingled and exchanged for equal amounts, minus transaction fee?

          Why, I'm sure there could.

          And I'm also sure that such a laundry service could easily log and trace your IP address, HTML cookies, and any other identifying information it can extract each time you send them bitcoins, and forward that information to the NSA/FBI/CIA, for another per-transaction fee.

          Of course, if the laundry service valued your privacy (worth zero bitcoins to them) over snitching on you (worth X bitcoins plus freedom from prosecution), they wouldn't do that. But you couldn't prove that it was,

      • The point is that each individual bitcoin can be traced from the first work unit where it was "mined" and be followed to every transaction where it was used

        This just isn't true. Person A sends me X bitcoins to a disposable receiving wallet. Person B sends me Y bitcoins to another disposable receiving wallet. When I spend (X+Y) * 0.7 bitcoins, the blockchain sees them "sent" from my main wallet, with no inherent connection to the disposable wallets. You can trace as far as main wallet->receiving walle
        • by Teancum ( 67324 )

          The disposable wallets are something you explicitly need to make though. Some of this can be done by default in the Bitcoin transaction software (aka the "client software" that generates transactions) but it must be explicitly done.

          There still is a chain of evidence though that says this particular bitcoin I received came from blocks A, B, C,.... ,X, Y, Z as a chain of custody going back to when they were originally mined. This is a part of the accounting that makes sure you can't double spend the same Bi

          • Also "somehow" is not that nebulous: the DEA simply tells Steve "if you cooperate we'll drop some of the charges". Steve gives up all his keys and thus customers.

        • by lennier ( 44736 )

          This just isn't true. Person A sends me X bitcoins to a disposable receiving wallet.

          How do you create or receive that wallet?

          How do you give the address of that wallet to a person you want to give you money?

          How do you spend coins from that wallet?

          How do you do any of the above without tying any personally identifying information (such as IP address) to that wallet address?

          • by Teancum ( 67324 )

            How do you do any of the above without tying any personally identifying information (such as IP address) to that wallet address?

            The IP address of transactions is not recorded in the block chain logs, and the only "person" that would "know" what IP address is associated with a particular wallet or transaction would be any node on the network (these are peer-to-peer nodes, not a central server) which receives the transaction information. Those transactions then get passed around from node to node gradually being accumulated to produce blocks made by the miners.

            Basically, the wallet information itself isn't the weak part of the concep

    • If you're paranoid, it's possible to just use disposeable wallets.

      • If you're paranoid, it's possible to just use disposeable wallets.

        *phbtbtbbt* Like I'm gonna trust disposeable wallets. ;-)

      • by lgw ( 121541 )

        Disposable wallets don't hide you from the NSA. There's still going to be an IP address and timestamp associated with the transaction, and that's all they need.

        Unless you mean "hand the wallet (with the keys) to someone on a USB drive", but you can do that with cash.

        • by Anonymous Coward

          So what if the NSA knows that someone got on tor from a starbucks? If you just take a few precautions the only real risk is when sooner or later you attempt to obtain physical goods. Even then it's just old-fashioned police work (stake-out), and nothing technologically impressive that will catch you. Just make sure to use a fake MAC and don't pay for anything on a credit card when you go to the coffee shop. Also all the normal stuff like no installed junk on your computer that will phone home. I don't think

  • Can't you just create a new account to pay from every time you spend bitcoins?

  • I don't see why anybody would call bit coin anonymous, miners and everybody with the main client hold the full transaction history - 100% complete history of ALL transactions if I understand correctly. So how is it in the slightest bit anonymous?

    • by JesseMcDonald ( 536341 ) on Wednesday August 28, 2013 @01:18PM (#44698485) Homepage

      Bitcoin is pseudonymous. Sure, the transaction history is public, but in regard to personally identifying information it only contains public keys, hashes of public keys, and signatures made using the corresponding private keys. Keys can be generated at will—one person can have a thousand different keys, or several people can share one (provided they trust each other).

      Naturally, it's up to the user to avoid linking their keys to each other or to their real-world identity. You can avoid linking your IP address easily enough by connecting to the network via Tor or I2P. Avoiding a link to your real-world name and address is much harder when you're ordering physical goods or services.

    • by gox ( 1595435 )

      Bitcoin is perfectly pseudonymous and traceable. Which means, if you don't mix transactions between your different identities, you can preserve your anonymity.

      Say, you made some coins by selling your coding skills (or naked pictures) online, without revealing any personal information (IP and personal e-mail addresses included). Then you went and spent those coins to pay someone to build your anonymous identity a website. This is perfectly doable.

      However, if you then go and order some pizza to your home addr

  • One of the ways that you can increase anonymity with Bitcoin purchases is by issuing a different hash key for each different kind of transaction. There are other techniques for moving around large numbers of Bitcoins as well including swapping the coins between wallets.

    I'll agree that the exchange of Bitcoins for government-backed currencies is particularly problematic as current exchange laws require all sorts of identification for such transactions. On the other hand, you can live "off the grid" and just exchange Bitcoins for stuff like food, shelter, clothing, and other stuff and not bother with pesky details of exchanging into a government currency.

    Almost everything mentioned in the article as some sort of deep revelation was acknowledged by the developers and "fans" of Bitcoins on forums within weeks of the original software published by Satoshi was released.... and happened years ago. Talk about stale news. The only real news is that somebody with "credentials" in a "scholarly paper" has made the same claims.... thus it can be included on Wikipedia or some other similar website.

    • One of the ways that you can increase anonymity with Bitcoin purchases is by issuing a different hash key for each different kind of transaction

      Unless you are part of the mining pool that mined the coin you spent yourself you still can be "tracked" by getting the information from whomever you got your initial coins from (be it thru subpena or coercion).

  • It's just a bit easier, simpler, convenient and cool.

    But the postal service is cutting deliveries to bi-weekly. And it really didn't take very long.
    • by ediron2 ( 246908 )

      A partially flawed analogy since the postal service seems to be under partisan siege.

      I suspect that you're right that postal services are imploding due to more convenience via internet.

      Going a bit further, their only chance in the face of email convenience would be to adapt as they used to (post offices have served numerous other civic purposes in the past). Services like exchanges for Bitcoin are interestingly an example of the sort of space where I'd trust a public trust agency like the post office. Cer

  • Sell Beer for Cash
  • Don't buy for you. Buy for others. Break the link between the one that actually paid and the one that received the product or service. If it becomes widespread enough will add enough noise to make tracking unreliable. You can do it i.e. sending your bitcoins to the person that will use their own bitcoin/wallet/etc to do the actual purchase for you.
  • by PPH ( 736903 ) on Wednesday August 28, 2013 @12:57PM (#44698275)

    ... for purchases. The gov't will see my garage full of Porsches and Ferraris and the yacht at the dock. What I need to do is to disconnect my means of income from expenditures.

    No problem with taxes. I'll pay them. But I don't need the IRS snooping on my investments and calling their buddies with stock tips so they can front run me.

    I used to work for an outfit that bid (but lost) a major IT contract to support IRS operations. The story was that they bid way below their cost. But they figured that getting their hands on taxpayer data and using it for their own purposes would more then make up for their loss. To this day I wonder what the contract winner is doing.

    I wonder how contractors like Booz Alan Hamilton bid NSA contracts.

    • by lgw ( 121541 )

      If your "means of income" are legal, and you're paying your taxes, what benefit is there in decoupling that from your expenditures?

      The only point I see in "decoupling " is if you're laundering money for some reason (illegal income, or tax avoidance), and it seems Btc really isn't good for that.

      • "what benefit is there in decoupling that from your expenditures?"

        There are reasons why people don't want others to know where they spend their money:
        - Buying illegal drugs
        - Donate $ to political candidates above the statutory maximum
        - Donate $ to finance terrorisism and other illegal activities
        - Bribery

        • Or others such as buying an engagement ring, tampons, laxatives and many others. Do you really want others to know about everything you spend money on?
          • If your plan is to keep an engagement a secret then I think you've misunderstood the purpose of marriage entirely.

            And for that matter, who the hell would want to keep buying tampons a secret? This is in the same vein of thought as wanting to make sure no one knows you buy toilet paper.

        • by PPH ( 736903 )

          I' more concerned with them knowing where I earn it. Aside from having the government officials front running my investment decisions based on their inside information*, they tend to like to extract additional political donations from profitable businesses.

          *It wasn't until Obama's administration that there was some small move to stop our legislators from legally trading stocks based upon inside information. There are still lots of loopholes.

      • by Anonymous Coward

        Privacy? Not everybody wants the IRS to know what they do for a living. You don't have to be a criminal either. I might dig shit for a living out of sewers as an example (I actually have a customer who does just that). While I might not have a problem paying my taxes or fair share (even if it is a cash-only business) I may have an issue with the IRS coming in and demanding that I tell them what I do. It's an embarrassment, humiliating, etc.

        It's none of there business. The only thing that matters is one pays

      • by Anonymous Coward

        Do you just respond to posts without even reading them? His first concern is government contractors mining his tax data to play against him in the market. His second concern is he doesn't know who else is doing what else with that data. These sound like reasonable concerns to me.

  • Until you get one...

    i.e. What a ridiculous summary opening. I mean it's good to try to inform people but don't spread misinfo like that!

  • by Anonymous Coward

    It is not a Bitcoin weakness. As usual the weakness is in the fact that people want convenience more than security and therefor use an easy, centralized "exchange", thus creating a single point of failure/attack/compromise.

  • "Where'd ya get the money?"

    Of course if you don't have any, you're busted for vagrancy...

    Probable cause, works every time, makes everything legal.

    The game, is over.

  • Bit-coin boils down to a set of digitally signed documents getting passed around. To pay somebody, you sign the coin over to them and this gets recorded using your key and attached to the coin. It is simply NOT untraceable, by design it is not untraceable because the whole history of a coin is encoded in its history blocks. All you need is a copy of a coin and you can easily trace the wallets it has passed though since the coin was created.

    The ONLY advantage Bit-Coin has is that it doesn't have to pass t

  • I am surprised there is no bitcoin exchange in offshore juridiction that are usually money laundering friendly
  • Savage and Voelker are both awesome professors. Nice to see them in the news again on Slashdot.

A person with one watch knows what time it is; a person with two watches is never sure. Proverb

Working...