The Complete Guide to Buying Bitcoin Anonymously
Last updated: 11/12/18
Looking to buy Bitcoin anonymously? Hate providing your photo ID to different Bitcoin exchanges? In this guide we will try to answer all your questions on how to buy Bitcoins and remain completely anonymous.
Buying Bitcoin Anonymously Guide Summary
Despite its reputation, Bitcoin is not completely anonymous; With every transaction publicly disclosed on the ledger and KYC steps required by exchanges, it’s easy to see how your Bitcoins can be traced back to you.
There are methods to buy Bitcoin anonymously with cash such as LocalBitcoins or Bitcoin ATMs. Furthermore, there are places that require minimal identification and not necessarily your true identity, like BitQuick. Lastly, to really get ‘off the grid’ and become completely anonymous you will require solutions such as Tor and TAILS, coin mixers, a VPN provider and more.
The price for anonymity is usually inconvenience, and vice versa. It is up to any user to decide how much he or she is willing to sacrifice one for the other.
In this guide we will review all of the methods mentioned above in detail, here’s what we’ll cover:
- Is Bitcoin Anonymous?
- 3 Easy Methods to Buy Bitcoin Anonymously
- Buy Bitcoin without a photo ID
- Why stay anonymous?
- Basic Anonymity & Security tips
- How to become anonymous – Advanced guide
- Anonymizing Your Bitcoins
Bitcoin is still far more private than credit cards, but much less than cash.
The way Bitcoin works, all Bitcoin transactions are stored in a public ledger called the blockchain. The data stored in each of these transactions includes a bitcoin payment amount and the Bitcoin addresses of the sender and the recipient.
Because every transaction uses the bitcoins from a prior transaction, and the blockchain is public data, every Bitcoin payment has a traceable history that can be viewed by anyone.Bitcoin addresses are not themselves linked to a person or entity. That’s why Bitcoin is often called pseudonymous or pseudo-anonymous.
However, a person’s identity can be associated with a Bitcoin address through other means. Once that occurs, it’s possible to determine that person’s transactions backward and forward through the blockchain history. A single anonymity breach can uncover an individual’s entire Bitcoin transaction history.
But how is an address linked with a person? Most commonly, the association occurs when people publish their name together with their Bitcoin address online. But there are plenty of other ways (take a look at the Top Seven Ways Your Identity Can Be Linked to Your Bitcoin Address). Once the association has been made, a party with enough determination, time, and resources could analyze the blockchain and determine how many bitcoins an individual has, how they receive them, and how they spend them.
To use Bitcoin anonymously, precautions need to be taken to prevent your true identity from being associated with your transactions and addresses.
If you’re looking to buy Bitcoins anonymously then the easiest way would be to buy Bitcoins in cash and in person. Use LocalBitcoins to find someone who is willing to sell Bitcoins for cash next to your physical location.
You can use an alias email address to sign up to LocalBitcoins and the verification id process they have is optional. When you use cash it’s easy to remain untraceable as there is no documentation for the transaction.
Keep in mind that most sellers on LocalBitcoins don’t like to do business with anonymous buyers, however since you’re paying in cash it should be less of an issue.
Another way to buy Bitcoins anonymously with cash is to go to your nearest Bitcoin ATM and buy Bitcoins from the ATM using cash. Buying Bitcoins via an ATM is probably the best way to go about buying Bitcoins anonymously however not everyone has an ATM next to them.
When asked to enter your Bitcoin address at the ATM just specify that you don’t have one – in most cases this will just generate a new paper address for you and you’re good to go. Later on you can import the private key from that paper wallet and send those Bitcoins wherever you like.
One way to stay anonymous is to use a prepaid credit card you can get at any supermarket or convenience store. You can then use this card to buy Bitcoins without the need to supply any form of identification at places like Coinmama (up to $150) or Virwox.
BitQuick acts as an escrow for Bitcoin transactions via cash deposits at thousands of banks across the US. The idea is simple – buyer and seller agree on an amount. The seller deposits the Bitcoins at BitQuick. Once the buyer deposits the cash into the seller’s account the coins are released.
A mobile phone number is needed for this process but no id verification is required. Unlike an photo ID a mobile phone number can be easily purchased with an anonymous email via Skype for example.
Update: Following user comments it seems that Wall of Coins changed their policy and it is now mandatory to provide a photo ID in order to use their service.
Wall of Coins is available in the United States, Canada, Germany, Argentina, Latvia, Poland, and the Philippines. It is a peer to peer Bitcoin exchange that allows you to buy Bitcoins without the need to verify your ID. You will however require a phone number to use the exchange.
Before we go deep into the ‘how’, we need to understand why is it important to become anonymous in the first place. One obvious reason is that you don’t want to get hacked. Raising your privacy level will lower your risk of getting hacked, scammed or targeted by criminals. More than that, once mastered, spreading the awareness of such techniques will incrementally harden the Bitcoin network against attackers of all kinds.
Bitcoin’s blockchain is built on rock-solid cryptography which prevents counterfeiting and other types of fraud, but the human element in Bitcoin transactions is always the “weakest link.”
Using an online pseudonym (e.g. Satoshi Nakomoto) will improve your privacy but bear in mind that a capable investigator can identify you over a standard internet connection. Most Bitcoin wallets broadcast your real IP address, which can then be easily associated with your address(es).
As all Bitcoin transactions are a matter of public record, any address which becomes associated with your identity and / or enterprise reveals 4 important pieces of information:
- How many Bitcoins you held or hold within that address
- Exactly when you received those bitcoins
- Who you received those bitcoins from (unless they employ effective privacy methods)
- The address to which you send those bitcoins (which, as with 3, may identify its owner).
Although Bitcoin wallets with coin control features allow you to make payments from select addresses (or more accurately; UTXOs), the way that Bitcoin wallets handle change often results in various addresses within the wallet becoming linked. As a result, one identity-associated address under your control can “leak” information about your other, “unknown” addresses.
As we already suggested, you can assume as a starting point that all addresses within your Bitcoin wallet can be linked to your real identity in one way or another. If you’ve bought coins from an exchange with identity verification procedures or done business under your real name, this is quite possibly the case. The good news is your privacy can be partially or fully recovered from this state.
Improve Bitcoin Privacy
Whenever possible, avoid re-using addresses. Generate a new address for each transaction you receive. There’s little point updating a static address associated with your identity, such as a Bitcoin tip address linked to a social media profile, but this is recommended practice in most other situations.
If using a non-HD wallet such as Bitcoin Core, remember that only 100 addresses are contained in the initial key pool generated from the wallet’s private key. Remember to backup such wallets regularly or follow the link to learn how to increase the maximum key pool size.
Improving Your Online Privacy
If you browse the internet from the same computer or device you use for Bitcoin, you’ll definitely want to upgrade your privacy and security features. The information site, Prism-Break, provides a variety of recommendations for different operating systems and devices.
When selecting privacy / security / encryption software, mature and open-source solutions are usually preferable.
Avoid SPV and Hosted Wallets
Almost all SPV wallets (also known as thin clients) leak which addresses you own to whatever SPV server they connect to. SPV wallets do not store the blockchain locally. Instead, they query a single SPV server for the transactions that involve the addresses in your wallet. While this functionality is far more efficient and fast than parsing the blockchain locally, the trade-off is that every Bitcoin address you own is submitted to the SPV server.
Some SPV wallets have the capability of using bloom filters to help conceal which addresses you own by requesting extra transactions that don’t involve your wallet. Electrum, for example, doesn’t use bloom filters at all, so any server you connect to knows every address that you own.
Hosted clients (wallets managed by a 3rd party) are even worse in terms of anonymity. All of your private and public keys reside on 3rd party servers, so it is trivial for the operator to know which Bitcoin addresses you own. Additionally, any other information you’ve submitted to the service is associated with your Bitcoin addresses and can be easily accessed by the service’s operators.
These types of wallets make it easy for an SPV server operator or service administrator to not only know which Bitcoin addresses you own, but also associate them with your IP address. The operator could potentially publish the information, they could be hacked and the info stolen, or they could be subpoenaed or NSL’d to provide logs to law enforcement or government agencies.
One of the fundamentals of Bitcoin is not having to trust any single party. In terms of anonymity, it’s best to use a full Bitcoin client like Bitcoin-Qt or Armory, and store the entire blockchain locally.
Human-memorizable passwords tend to be weak. This problem and its solution are best demonstrated by the following XKCD webcomic:
Image credit: XKCD
Using your own variant on “correct horse battery staple” for multiple accounts is also a bad idea, from a security and privacy perspective; a single compromised account could leak all the passwords to your email, Bitcoin exchange and other sensitive accounts. Trying to memorize a different password for tens or even hundreds of accounts is similarly a recipe for disaster.
The solution is to use a good, random-word password along with a password manager, such as KeePassX or Password Safe. Password managers generate strong, lengthy and random passwords which you don’t need to memorize; the program stores them in encrypted format. Your passwords become accessible only when you enter your single master password into the manager (which should be memorized and never written down).
Online security is often characterized as a trade-off between effectiveness and convenience. It’s up to you to choose on which end of this scale you wish to be. In this chapter we review methods that require more effort, but make your steps much less traceable.
Disguising Your IP Address with Tor
The first step in become anonymous is using Tor, a powerful anonymity tool. Visit TorProject.org to download and install Tor (short for The Onion Router ). Once activated, Tor opens as a separate, Firefox-based internet browser which disguises your IP address.
Tor works by routing your connection through several other participating computers. The ultimate effect is that whichever website you access will see your request as coming from an entirely separate machine, usually in a different state or country.
Although it masks the IP address and certain potentially identifying browser characteristics, Tor is by no means a complete privacy solution. Using your real name, accessing your regular email or signing into social media via Tor will have exactly the same de-anonymizing effect as doing so through a regular browser. For a more private email address, create a dedicated darknet email account for Tor usage, such as a Mail2Tor account.
Once you’re browsing through Tor, you may also access the darknet to research internet anonymity further without undue concern over prying eyes.To help you get up and running with Tor and the darknet, check out our guide to Accessing the Darknet in Under 2 Minutes.
Warning: Don’t access LocalBitcoins via Tor. There’s a known attack by which malicious exit nodes in the Tor network serve a fake version of LocalBitcoins which phishes log-in details.
Running Bitcoin through Tor
Once you feel familiar enough with Tor, it’s time to make your Bitcoin addresses anonymous. To do that you need your wallet to connect through Tor. One solution can be using Bitcoin core, which as of release 0.12 automatically connects through Tor if it detects its presence.
To force this behavior, follow these instructions on Bitcoin’s GitHub. Here are some further tips on Reddit. Most other wallets are also able to connect through Tor, consult their documentation to discover how.
Whichever wallet you choose, consider installing a new wallet which only ever connects through Tor. To do that, disable your internet connection and configure the new wallet to run exclusively via Tor before launching it.
You may then re-enable your internet connection and allow the wallet to sync. If using a full wallet, copying an existing blocks folder (ensure that you don’t also copy your wallet.dat folder) to the “Tor wallet’s” data directory will greatly speed the syncing process.
Directly transferring bitcoins from your old wallet to this new one will somewhat obscure the ownership of those coins. However, there are far more sophisticated methods of transferal (covered later) which will be more effective at disguising this flow of funds.
Consider Joining a Virtual Private Network (VPN)
As mentioned, Tor does not guarantee 100% privacy; an adversary who owns both the first and last machines you connect through will see your IP as well as the sites you access. If you’re willing to pay for a little extra peace of mind, consider a VPN service.
Instead of accessing the Internet – or Tor – directly, your connection will be routed through the VPN’s servers. You can check our beginner’s guide to VPNs if you want to learn more about this subject.
A VPN has somewhat similar benefits to Tor; it obscures your IP address. In fact, most VPNs allow you to spoof the nationality of your IP address (which can be helpful for accessing location-specific data). VPNs also provide security benefits; they act to screen your device from malware via firewalls and proxies.
Unlike certain sites which block access from known Tor routes, VPNs usually afford unlimited access and much higher bandwidth than the Tor network. It’s entirely possible to access Tor through a VPN for another layer of obfuscation.
Leaving traces of your activity on your hard drive or removable media represents another way in which anonymity may be compromised. Disk encryption software allows you to encrypt a file, folder or entire drive such that it can no longer be accessed without a password.
Encrypting your Bitcoin wallet file and any sensitive information stored on your computer is good practice. With decent disk encryption software, you can create multiple, secure backups of your most important files and data and disperse them on USB memory sticks and the like.
Wikipedia offers a good comparison of the available disk encryption software options. Do not rely on the Windows BitLocker program; unlike open source alternatives it is not provably secure.
Warning: if you lose or forget your password, you’ll lose access to any encrypted files.
The Amnesic Incognito Live System (TAILS)
Finally, if you’re serious about your privacy, you’ll want to bring all the above methods together in a secure operating environment. Unfortunately, standard operating systems do not prioritize privacy. Windows, for example, is known in its efforts to monitor users. It therefore makes sense to boot into a secure, privacy-respecting operating system before attempting to send Bitcoin anonymously.
The best possible option here is TAILS, a variant of the Debian-based Linux operating system, which by design leaves no trails. Don’t worry if you’ve never used Linux before, TAILS features an interface which will be familiar to any Windows or Mac user. TAILS can even mimic the appearance of Windows so that casual onlookers won’t notice anything unusual about your computer usage.
TAILS packs a host of privacy, security and encryption features into a package small enough to fit on a portable USB drive. It even includes KeePassX and the Electrum light Bitcoin wallet as standard!
To boot to Tails on start-up, the USB drive must be formatted as bootable via a program like Universal USB Installer or Rufus. TAILS must then be downloaded and installed on the drive, which is a somewhat involved process. Note that installing and keeping Tails updated will require 2 such USB devices.
If you want to get started with TAILS you can use this simple online tutorial.
Altering your Bios setup to booting from TAILS rather than the hard drive allows you to use untrusted computers and networks securely. Thus you may anonymously send Bitcoin from even a public, monitored computer, such as those in a library or internet café, without leaving any traces of your identity or activity.
While TAILS does easily defeat any software-based data logging, keep in mind that Tails can’t protect against hardware keyloggers or hardware screen capture. Fortunately, TAILS contains a virtual keyboard and other mouse-driven text entry applications. For password entry on untrusted devices, employing a combination of onscreen text-entry and spam-text logging countermeasures is recommended.
TAILS stores no information regarding software you use, sites you visit (via its built-in Tor browser) or anything else. However, TAILS does allow you to create an encrypted, persistent volume within your USB stick (provided it has enough storage space; 8 gig sticks are recommended).
Any data placed in the persistent volume will be maintained between sessions. It’s advised to store your password manager data file within this volume.
If you have bitcoins that have already be in some way tainted with a link that could identify you, it’s possible to break that link and effectively anonymize the coins again. If done correctly, future transactions from that point forward won’t be connected to you anymore.
Tumbling Coins through Mixers
For that purpose there are mixers (also known as tumblers). The basic concept is that you send the coins you want to have anonymized to the mixer, which in turn sends back the same amount minus a fee to a new address you provide. The coins you receive back are from a big pool maintained by the mixing service and should ideally not have any connection to your original coins.
The major flaw of this concept is its centralized nature. You have to trust the mixing service to give back your coins and additionally you have to trust that they do not keep any records of the performed mixing transactions. Especially the latter point is tricky, since you can never know for certain what they are doing with the data. If the mixer really doesn’t keep any transaction records, they have no way to prove it. On the other hand, if they don’t or are even forced to hand over their data, you have no way to know.
For privacy purposes, only use darknet mixers such as BitMixer.io: bitmixer2whesjgj.onion or Grams’ Helix: grams7enufi7jmdl.onion/helix/. BitMixer works pretty fast, mixing through Helix can take a few hours.
A trust less, decentralized method of mixing can be found in JoinMarket; an implementation of a privacy-improving technique first proposed by core developer, Greg Maxwell. This infographic provides a gentle introduction to the workings of JoinMarket. Although a fairly simple concept, at the present state of development, JoinMarket represents a more complicated undertaking than sending coins through a mixing site:
If you have a good understanding of Bitcoin and you’re prepared for a more hands-on method, JoinMarket is highly recommended. Apart from giving you back control over the mixing process, it also lowers your risk and transaction fee. JoinMarket even lets you earn a little money by helping others mix their transactions.
Another way to implement coin shuffling is to use Wasabi wallet. An open source wallet, it implements trustless coin shuffling with mathematically provable anonymity.
Obscuring the Trail through Altcoin Shifting
Why stop at mixing between Bitcoin addresses? Mixing between Bitcoins and privacy-centric altcoins provides another layer of obscurity. This method requires perhaps a little less trust than using a centralized mixing service. The best altcoin to use for this purpose is probably Monero (XMR).
This short guide covers buying Monero with Bitcoin; to anonymize your bitcoins, simply convert them to XMR, forward them to a new Monero address under your control and then convert them back to new, anonymous BTC.
One example for a site for converting between Bitcoin and Monero is XMR.to. Remember to access it via Tor and don’t worry about sign-up.
To sum things up, it’s up to you to decide how much anonymity you actually need online. The more anonymous you’ll want to be, the more effort you’ll need in order to navigate around the web. This guide brought you the main tools and techniques at your disposal so you can mix and match whichever work best for you.
If you’re just looking to buy a few coins without being traced, just use cash – it will solve most of the issues. If you are just concerned with providing your ID, well, there are ways to bypass that too. However, if you want to get real serious about using Bitcoin anonymously around the web, then there’s no other way than going through the trouble of becoming truly and fully anonymous…
If you’ve had any experience with buying Bitcoins anonymously I would love to hear it in the comment section below – don’t worry, you can use an alias :)