Bitcoin Core’s Excellent Privacy
What if every time you spent or received cash, all the transaction details were published to your Twitter or Facebook feed for all your friends to see? You probably wouldn’t want to use cash any more.
Every confirmed Bitcoin transaction is published to the block chain where anyone can see it. So why do people still use Bitcoin? And why do many of them believe that Bitcoin is a private way of sending money?
One reason is that Bitcoin Core and some other Bitcoin software tries to avoid associating your real-world identity with the transactions you make. The difference looks like this:
The second type of transaction (a pseudonymous transaction) only provides practical privacy if nobody can figure out that “5a35b” is really Alice. It’s up to your wallet to prevent anyone from making that connection. See below for how Bitcoin Core’s privacy compares to other wallets.
No Sign-Up Required
Third-party Bitcoin services can both increase and decrease your privacy. They can increase it by mixing your transactions with those of other users; they can decrease it by tracking your activity and directly associating it with your real name or other identifying information.
|Who knows your information? Just you or also a service provider?|
|Your real name|
|Your bitcoin balance|
|Who you pay, and/or who pays you (in some cases)|
|How much you spend and/or receive|
|The IP address your connection came from|
|Who can guess your information? Just you or also people you trade with?|
|Other transactions you made or received|
Perfect Privacy for Received Transactions
There are 100 million transactions on the Bitcoin block chain. How do you find which ones pay you? Here are some common options:
They’ll monitor your every transaction
|Ask random nodes
Some of which sell your data
|Ask a free service
(Actually, some do care about privacy)
|Get all 100 million transactions
For perfect receiving privacy
Bitcoin Core downloads all 100 million transactions on the Bitcoin block chain and processes them to find which transactions pay you.
This currently takes about 4 hours the first time you start Bitcoin Core and about 5 minutes a day to keep updated, but it gives you what scientists call against eavesdroppers for received transactions.
Strong Privacy for Sent Transactions
To put a transaction on the block chain, you must send it publicly—but how you send it can make a big difference.
Can you guess who made which transactions? Nearly all peer-to-peer lightweight clients today make no attempt to obscure their sent transactions. They simply send them to some or all of their peers.
Bitcoin Core does much better. By default, it relays transactions for all of its peers—thousands of separate transactions a day under common conditions—which allows it both support the peer-to-peer network and confuse anti-privacy organizations that try to track your transactions.
The Tor anonymity network helps disassociate your online activity from your IP address (which is often closely associated with your real name). This significantly increases your ability to confound anti-privacy organizations.
Once you setup Tor, using it with Bitcoin Core is easy. If you also setup a Tor hidden service, you will be able to connect mobile clients to your Bitcoin Core full node for increased security and privacy wherever you go.
Decentralized Peer Discovery
The first time any Bitcoin program connects to the peer-to-peer network, it has to ask a centralized authority for a list of recommended peers.
Once the program gets on the network, it can ask its peers for more recommendations in a fully decentralized way—but lightweight wallets don’t bother.
|P2P Lightweight Wallets||Bitcoin Core|
|Asks the same centralized services every time program is restarted. This can be faster.||Uses the peer-to-peer network to independently discover new peers. Uses found peers on restart.|
This allows the centralized authority to connect lightweight wallets to dishonest peers that can completely destroy lightweight transaction privacy. Those dishonest peers can work with dishonest miners to weaken lightweight security too.
Bitcoin Core prefers decentralized peer discovery, so after the first time it starts, it no longer has to trust the centralized authority. Isn’t that worth occasionally starting up a few seconds slower?
When you receive bitcoins to a Bitcoin bank, the money is sent to one of the bank’s addresses—not your own—which can give you excellent privacy against random strangers.
However, the bank knows you received the transaction and they can likely also see any information you associate with the transaction, such as the sender’s name or another note you attach to the transaction.
The bank may also be required by law to disclose information about your account. They can also sell your information or have a hacker steal your information.
By only asking for payments related to your wallet, plus maybe a few others as bloom filter camouflage, lightweight wallets may reveal who you paid, who paid you, and what your current bitcoin balance is.
A 2014 study of lightweight clients said, “Our results show that bloom filters incur serious privacy leakage in existing SPV client implementations […] such an information leakage might severely harm the privacy of users” Nearly all lightweight clients are still vulnerable today.
Learn more: “Lying consistently is hard”
Some lightweight wallets don’t connect to the Bitcoin peer-to-peer (P2P) network. Instead, they make a (usually secure) connection to a single server that provides block chain data.
The wallet tells the server all of its addresses, and the server replies with all of the transactions that belong to the wallet. This explicitly reveals all of your addresses, which is bad for your privacy—but it only gives that information to one server, as long as you don’t change servers later.
The server can, of course, give away your information and further reduce your privacy. However, as of December 2016, most of these types of servers are run by volunteers who likely want to help protect your privacy, so this model can be more private than bank wallets or P2P lightweight wallets.
The following P2P lightweight wallets use decentralized peer discovery by default.
If you know of another compliant lightweight wallet, please tell us about it.
Information-theoretic privacy means that the privacy can’t be broken even if an attacker has unlimited computing resources.
Learn more: Information theoretic security (Wikipedia)