Jonas Nick, a testing engineer at Blockstream, recently presented research on Bitcoin privacy at Zurich's Blockchain Meetup, laying out seven steps for protecting transactions from surveillance. Star
Jonas Nick, a testing engineer at Blockstream, recently presented research on Bitcoin privacy at Zurich's Blockchain Meetup, laying out seven steps for protecting transactions from surveillance.
Start by keeping wallet software current. Nick explained the gap between old and new versions: "Many of the wallets [in use] are really, really old, and they have worse privacy properties." Users can only benefit from privacy improvements by downloading fresh releases as they become available.
Nick devoted significant research time to bloom filtering, a method that SPV wallets use to reduce bandwidth demands. These wallets download only the transactions relevant to each user's holdings, adjusting the precision as needed. Nick and his team discovered they could extract addresses from these filters. His findings made his position clear: "If you're privacy conscious, unfortunately, you should not use wallets with bloom filtering."
The attack remains possible because fixing the bandwidth and privacy problems involved would require major changes. This research formed the basis of Nick's master's thesis. He told MiningPool just how thorough the problem is: "The simplest strategy that uses the blockchain to link transactions works quite well already. If you have five addresses and I know one of them, I can find, on average, one additional address that you own. If you have ten addresses, two additional addresses can be uncovered by analyzing the transaction graph."
Address reuse represents one of the most glaring privacy mistakes Bitcoin users make. Anyone who discovers your address can monitor all future transactions tied to it. Send each payment to a different address.
Your counterparty's behavior shapes your privacy as much as your own does. "If the other party reuses addresses, then it is easily distinguished, with the shadow heuristic, which one is the change address and which one is the destination address," Nick explained. The shadow heuristic identifies change addresses by recognizing a pattern: when you send a partial amount of an output, the remaining value goes to a new change address. If the recipient already holds an active address on the network, the new change address becomes obvious.
Nick also backs keeping separate accounts within a single wallet for different purposes. Dark Wallet refers to these compartments as "pockets." The strategy prevents histories from unrelated transactions from getting tangled together.
The Open Bitcoin Privacy Project compiles criteria for evaluating wallets and serves as a reference point. Nick offered qualified support: "I don't agree, mostly, with their conclusions, but they list a lot of criteria on how to evaluate wallets, so I still think it is valuable." The OBPP identified Ledger as the most private wallet available. Nick leans toward Bitcoin Core. "Bitcoin Core with Tor, maybe. But you still have to generate a new address every time you use it," he noted.
Some users turn to altcoins in search of superior privacy. Nick acknowledged the appeal: "Some [altcoins] implement very nice privacy features." But combining Bitcoin and privacy-focused alternative coins doesn't work. "This is actually not that good because you can easily see [what is happening] on the blockchain — using just some values (there was an outflow of bitcoin and then you see the same inflow again with a similar value). I don't think that this strategy really helps." These privacy coins would prove more useful if they developed their own self-contained economies. Monero and Zcash made Nick's list for their privacy mechanisms.
Staying private on Bitcoin today requires sustained effort. Confidential Transactions and other privacy features might eventually make it simpler.
