Who’s Snooping on Your Blockchain Transactions?
Blockchain, and their associated cryptocurrencies, are often promoted as being privacy preserving methods of peer-to-peer, borderless transactions.
But your crypto transactions could be visible to multiple prying eyes, from government tax auditors, to sinister criminals. So, what steps can users take to further preserve their privacy, and what are the implications of doing so?
Who Can See Your Crypto Transactions?
Firstly, let’s start by saying it’s unlikely that ‘big brother’ is tracking your every blockchain transaction. If you’re a casual user, who either invests in cryptocurrency, or uses Bitcoin to buy items online for example, your blockchain transactions probably aren’t all that interesting.
But that’s not to say you should neglect your privacy online — as nefarious individuals may still be looking to learn about you, piece together your personal details and steal your funds.
So, how do they achieve this?
How do snoopers track my transactions?
One of the main misconceptions about Bitcoin, or other non-privacy coins, is that they’re entirely anonymous. In fact, they are better described as ‘pseudonymous’. They may sound somewhat comparable, but in practice, it’s an apples and oranges comparison.
The fundamental issue with making anonymous transactions on the Bitcoin network, was that it was never designed to be truly anonymous. Instead, Bitcoin transaction logs show each transaction made from Alice to Bob, and with it, the public keys which serve as a pseudonym for each transacting party.
As a result, anyone who can discern the ‘identity’ of a user from a transaction, for example from a postal address used for the delivery of goods purchased with Bitcoin, or in a more extreme example, the bank account used to purchase crypto, could if they were so inclined track that user’s other transactions made using the same pseudonym — i.e. their wallet address.
For would-be hackers, this allows them to connect the dots with your personal information, and make informed guesses about what your email or exchange passwords could be, for example.
What about the G-Men?
In most Western countries, we take our civil liberties for granted. Most people in Europe and the USA are freely allowed to own and transact cryptocurrencies, but in many other countries, citizens are banned from owning or using crypto altogether.
For example, Bitcoin is virtually banned in China, and individuals, financial institutions dealing in crypto assets, and cryptocurrency exchanges are similarly prohibited. Likewise, the Chinese government has tried to prevent crypto mining operations from being established, as they claim they are ‘wasteful’ — though the true reasons are more likely to be those of surveillance.
Regardless of whether China’s crackdown on cryptocurrencies has been successful or not, the risk of government cryptocurrency surveillance for Chinese citizens is high. If users are in a jurisdiction where cryptocurrency is illegal, there’s every chance that investigators could peer into their crypto transactions, and in these situations there’s some significant trade-offs to be made between usability and privacy.
Let’s examine some steps privacy conscious users can take to better protect their cryptocurrency transactions.
Protecting Your Crypto Privacy
So what measures can users take to protect their privacy, and their identities, when they’re using and transacting with cryptocurrencies?
Transacting through a VPN
To further protect your IP address, data, geographical location, privacy and blockchain transactions, you might opt to use a virtual private network (VPN). VPN’s are encrypted connections over the Internet from a users device to an external network. Data sent over the network is encrypted, event whilst it’s being sent.
Why would you want to use a VPN for transacting cryptocurrency? Well, VPN’s prevent unauthorized people, such as potential thieves or oppressive government regimes, from eavesdropping on users traffic. Likewise, VPN’s can mask a users true location, allowing them to access cryptocurrency services from jurisdictions which would otherwise be prohibited.
If you’re a resident of a country where cryptocurrency is banned, but you’re still compelled to transact in or buy cryptocurrency, then you should think seriously about using a VPN service. There’s a comprehensive guide of the best VPN’s to use for multiple different use cases here.
Of course, if you’re buying items online in crypto, you still don’t want to provide your real address in this scenario, but if you’re trying to buy crypto as a store of wealth from a peer-to-peer exchange, VPN’s can add an extra layer of privacy to your transactions.
Even users who are free and able to legally transact using cryptocurrencies should seriously consider using a VPN service, to protect against cyber-criminals.
To prevent bad actors, or other snoopers, from tracking crypto addresses and working out personal details, ‘mixers’ allow crypto users to pool sets of transactions in unpredictable and varied combinations.
One group of researchers gave this example to describe the role of mixers:
“Suppose Alice wants to pay Bob one bitcoin, and Charles wants to pay Daisy one bitcoin. To mislead an observer who tracks these payments, Alice and Charles could both pay a mixer “Minnie” and provide additional confidential instructions for Minnie to pay Bob and Daisy one bitcoin each. An observer would see flows from Alice and Charles to Minnie, and from Minnie to Bob and Daisy, but would not be able to tell whether it was Alice or Charlie who sent money to Bob.”
In turn, mixers ensure that timing doesn’t give any snoopers clues about money flows. Unfortunately, mixers can mix honest transactions in with transactions or wallet addresses which may belong to bad actors, a potentially incriminating process.
Privacy coins, such as Monero or ZCash, implement several techniques to preserve user privacy.
Monero, for instance, uses ring signatures, RingCT, and stealth addresses to mask transactions. For example, ring signatures protect user privacy by merging multiple transaction signatories to produce a single digital signature which authorizes a transaction; essentially making it impossible for third parties to identify the true individual who made the transaction.
Monero’s RingCT technology hides the value of crypto transactions, using cryptographic proofs which show equal transaction inputs and outputs, without revealing the value of funds transacted. Likewise, stealth addresses generate a one-time address, so each transaction can never be traced back to a single user’s pseudonym address.
ZCash implements different proprietary technology, called zk-SNARKS, which stands for “Zero-Knowledge Succinct Non-Interactive Argument of Knowledge”. Users of zk-SNARKS can prove ownership of information through ‘Zero-Knowledge Proofs’, for example a secret key, without revealing any information to the other party.
However, privacy coins, more so than any other privacy preserving method we’ve discussed here, have attracted significant scrutiny from regulatory bodies.
International crime monitoring agencies, such as the ‘Financial Crimes Enforcement Network (FinCEN)’ believe that criminals transacting via privacy coins could be a real and immediate threat to security.
Principal among these concerns is hostile or sanctioned countries circumventing imposed economic sanctions, or likewise, terrorist organizations transacting using privacy coins with little chance of being caught.
Unfortunately, there’s definitely some major trade-offs between cryptocurrency usability, and privacy. At the very least, every user of crypto, regardless of whether they are within their legal rights to transact using crypto or not, should explore VPN solutions.
Not only do VPN’s mask your location, they also make it incredibly difficult for cyber-criminals to discern any meaningful information from your transactions, and make informed guesses about user’s security or personal information. Users can also get VPN’s on their mobile devices.
Mixers are good for those users looking to cover their transaction tracks, as they essentially scramble cryptocurrency addresses, but for the average user, the time it takes to use transaction mixers is likely over and above their requirements.
Additionally, whilst the majority of users transacting cryptocurrencies from banned jurisdictions are most likely honest actors, there’s always the chance that criminals seeking to bypass international regulations could also utilize the same privacy protecting techniques, especially privacy coins.
The most powerful way cryptocurrency users can stay protected online is to never save their private keys or mnemonic phrases online, or share their details with any other parties. Likewise, if you’re buying online with cryptocurrencies, try and establish that the merchant is reputable and honest.
Remember, keep it secret, keep it safe!