FYI.

This story is over 5 years old.

Tech

If You're Not Careful, Bitcoins Aren't As Anonymous As You Think

Some bitcoin services are more likely to comply with authority than your wish for privacy.
Image created by the article's author

Have you bought drugs on The Silk Road with bitcoin, or made other illicit transactions on the dark web using the crypto-currency? Have you simply been trying to buy upvotes on a Reddit link? It turns out that the untraceable, unregulated digital currency might not be as anonymous as many have celebrated thus far.

That is, if you leave a trail of breadcrumbs to your account. A tweet from Asher Wolf led me into a Reddit discussion  which revolved around a person who said their bitcoin wallet, which is held with free service Coinbase, had been phished after someone connected his transactions to his real name.

Advertisement

A rage of Coinbase patrons vented their frustration, calling the wallet and transfer service incompetent for publishing information about users. But as it turns out, the user's information had been public because the user himself posted a "pay with bitcoin" option on his site (it's unclear what he sells).

The Coinbase CEO, who uses the Reddit handle bdarmstrong, responded to the thread, stating (emphasis mine), "Your information is not going to be shown on one of these pages unless you created a "buy now"/donate button or checkout page and posted a public link to it somewhere. Order pages are designed to be public so customers can reach them, although we should have taken more care to not make them easily indexible by Google."

While the original user, /u/utuxia, said he or she wasn't aware that his information was public, another user explained that having a "pay with bitcoin" button is open to indexing from Google et al., which makes total sense. And while hacking a wallet or the bitcoin chain itself is a difficult (or impossible) task, someone scouring the names of people with bitcoin accounts and then attempting phishing attacks is much more feasible.

Also, it's important to know that by toying around with Bitcoin Block Explorer, you can search the history of bitcoin blocks, addresses, and transactions that have been generated by bitcoin (it's an autonomous captain's log, if you will). In fact, to be truly invisible within the world of bitcoin is no easy deal.

Advertisement

Of course, if you're worried about giving up some link between your drug habits and your bitcoin address, it's worth pointing out that thought leaders in the bitcoin movement warned us early on that using bitcoin for massive purchases isn't the smartest idea, even if the chain is anonymous. As Jeff Garzik said, "Attempting major illicit transactions with bitcoin, given existing statistical analysis techniques deployed in the field by law enforcement, is pretty damned dumb." But who needs advanced analysis techniques when you have fully compliant disclosure?

On Coinbase's site, a heading on the legal page that reads, How we collect information about you, explains thus:

If you create an account or use Coinbase services, we may collect the following types of information:

  • Contact information - your name, address, phone, email, Skype ID and other similar information.
  • Financial information - the full bank account numbers and/or credit card numbers that you link to your Coinbase account or give us when you use paid Coinbase services.

Beneath another heading that says, How we share personal information with other parties, a bullet list contains the following:

We may share your personal information with:

Law enforcement, government officials, or other third parties when:

  • We are compelled to do so by a subpoena, court order or similar legal procedure; or
  • We believe in good faith that the disclosure of personal information is necessary to prevent physical harm or financial loss, to report suspected illegal activity or to investigate violations of our User Agreement.

Advertisement

In the wake of recent DDoS attacks, Coinbase is alerting its users to beware of e-mail phishing. Situations like this one are debunking the myth that there is nothing anyone will ever know about their deposits and transactions via bitcoin, which was never totally true. One user exclaimed that he's cancelling his Coinbase account, another stated he's sending everything to his Blockchain.info account. But hey, Blockchain.info isn't the safest place to store bitcoins either, is it?

As the FBI talks of monitoring our internet activity and bitcoin prices continue to escalate, the idea that bitcoin is totally untraceable and anonymous is facing heavier scrutiny. How and where should I store my untraceable bitcoins? Is there really a fool-proof way to buy illegal drugs on the dark web? What kind of statistical analysis is out there to reveal my identity and account information, and who has access to it? I still have no idea.

@DanStuckey

For more on bitcoin:

Bitcoin: How Does It Work, What's It Do, and Is It a Drug-Fueled Money Laundering Scam Bubble?

Jeff Berwick, the Founder of Bitcoin ATM, Says His Machine Is the Real Deal

Does the New Bitcoin Bank Defeat the Purpose of Bitcoin?

Engineering the Bitcoin Gold Rush: An Interview with Yifu Guo, Creator of the First ASIC-Based Miner