In one of our previous articles we’ve talked about how Bitcoin is not completely anonymous. Ever since we’ve been getting emails asking how to use Bitcoin anonymously around the web. So we now bring before you the complete guide to using Bitcoin anonymously.
Why stay anonymous?
Raising your privacy level will lower your risk of getting hacked, scammed or targeted by criminals. Once mastered, spreading the awareness of such techniques will incrementally harden the Bitcoin network against attackers of all kinds. Bitcoin’s blockchain is built on rock-solid cryptography which prevents counterfeiting and other types of fraud but the human element in Bitcoin transaction is always the “weakest link.”
Although it’ll never be necessary to verify your identify yourself in order to download and use a Bitcoin wallet, for the average user this is where the system’s anonymity ends. Once your Bitcoin address becomes linked to your real identity – a hard situation to avoid when doing business or receiving deliveries – your anonymity is compromised for that address.
Using an online pseudonym (Satoshi Nakomoto, for eg.) will improve your privacy but bear in mind that a capable investigator can identify you over a standard internet connection. Most Bitcoin wallets broadcast your real IP address, which can then be easily associated with your address(es).
Bitcoin, its default state, should never be considered an anonymous (or even reasonably private) monetary system. Bitcoin’s pseudonymity is tenuous at best; easily compromised by basic net surveillance. Default Bitcoin is still far more private than credit cards but certainly less so than cash. This reality raises a number of issues for business and personal privacy.
As all Bitcoin transactions are a matter of public record, any address which becomes associated with your identity and / or enterprise reveals 4 important pieces of information:
1) How many bitcoins you held or hold within that address,
2) Exactly when you received those bitcoins,
3) Who you received those bitcoins from (unless they employ effective privacy methods)
4) The next address to which you send those bitcoins (which, as with 3, may identify its owner).
To the privacy-conscious, the above points are bad enough. But the situation gets worse…
Now although Bitcoin wallets with coin control features allow you to make payments from select addresses (or more accurately; UTXOs), the way that Bitcoin wallets handles change often results in various addresses within the wallet becoming provably linked. As a result, one identity-associated address under your control can “leak” information about your other, “unknown” addresses.
Also, certain Bitcoin Core developers are working on improving privacy through the Confidential Transactions project, at this stage the fact is that using Bitcoin anonymously requires knowledge and a little extra work.
It’s never too late to become anonymous
Let’s assume as our starting point that all addresses within your Bitcoin wallet can be linked to your real identity in one way or another. If you’ve bought coins from an exchange with identity verification procedures or done business under your real name, this is quite possibly the case. The good news is your privacy can be partially or fully recovered from this state. Read on…
Online security is often characterised as a trade-off between effectiveness and convenience. It’s up to the users to choose on which end of this scale they wish to be one. This will then allow them to calibrate how much time, effort and money to expend on improving Bitcoin’s privacy.
This guide offers several methods to boost your Bitcoin financial privacy, starting with low-effort techniques and escalating to more effective but demanding methods.
One Simple Recommendation to Improve Bitcoin Privacy
Whenever possible, avoid re-using addresses. Generate a new address for each transaction you receive. There’s little point updating a static address associated with your identity, such as a Bitcoin tip address linked to a social media profile, but this is recommended practice in most other situations.
Warning: if using a non-HD wallet such as Bitcoin Core, remember that only 100 addresses are contained in the initial key pool generated from the wallet’s private key. Remember to backup such wallets regularly or follow the link to learn how to increase the maximum key pool size.
Improving Your Online Privacy
If you browse the internet from the same computer or device you use for Bitcoin, you’ll definitely want to upgrade your privacy and security features. The information site, Prism-Break, provides a variety of recommendations for different operating systems and devices.
When selecting privacy / security / encryption software, mature and open-source solutions are usually preferable.
Human-memorisable passwords tend to be weak. This problem and its solution are best demonstrated by the following XKCD webcomic:
Image credit: XKCD
Using your own variant on “correct horse battery staple” for multiple accounts is also dreadful from a security and privacy perspective; a single compromised account could leak all the passwords to your email, Bitcoin exchange and other sensitive accounts. Trying to memorize a different password for tens or even hundreds of accounts is similarly a recipe for disaster.
The solution is to use a good, random-word password along with a password manager, such as KeePassX or Password Safe. Password managers generate strong, lengthy and random passwords which you need never memorise; the program stores them in encrypted format. Your passwords become accessible only when you enter your single master password into the manager.
Disguising Your IP Address with Tor
Visit TorProject.org to download and install The Onion Router (Tor). Tor opens as a separate, Firefox-based internet browser which disguises your IP address. Tor works by routing your connection through several other participating computers. The ultimate effect is that whichever website you access will see your request as coming from an entirely separate machine, usually in a different state or country.
Although it obfuscates the IP address and certain potentially identifying browser characteristics, Tor is by no means a complete privacy solution. Using your real name, accessing your regular email or signing into social media via Tor will have exactly the same de-anonymizing effect as doing so through a regular browser. One solution is to create a dedicated darknet email account for Tor usage, such as a Mail2Tor account.
Tor allows you to access the so-called “darknet,” a separate layer of the regular internet (often referred to as the “clearnet” by darknet users) which is only accessible via .onion links. Onion links contain some seemingly random characters which are not easily memorised; it’s best practice to note down official links to sites to avoid phishing sites.
To help you get up and running with Tor and the darknet, check out our guide to Accessing the Darknet in Under 2 Minutes. Once you’re browsing through Tor, you may research internet anonymity further without undue concern over prying eyes.
You may also access The Hub forum which hosts many excellent guides to clearnet, darknet and Bitcoin anonymity. There is a wealth of relevant information in the stickied threads to be found in the “Beginners” and “Security” sections. Jolly Roger’s “Security Guide for Beginners” thread is particularly worthwhile. The Hub’s .onion link is:
Warning: don’t access LocalBitcoins via Tor. There’s a known attack by which malicious exit nodes in the Tor network serve a fake version of LocalBitcoins which phishes log-in details.
Running Bitcoin through Tor
As of release 0.12, Bitcoin Core will automatically connect through Tor if it detects its presence. To force this behaviour, follow these instructions on Bitcoin’s GitHub. Here are some further tips on Reddit. Most other wallets are also able to connect through Tor, consult their documentation to discover how.
As addresses in your existing wallet may be linked to your IP and/or identity, consider installing a new wallet which only ever connects through Tor. Disable your internet connection and configure the new wallet to run exclusively via Tor before launching it. You may then re-enable your internet connection and allow the wallet to sync. If using a full wallet, copying an existing blocks folder (ensure that you don’t also copy your wallet.dat folder) to the “Tor wallet’s” data directory will greatly speed the syncing process.
Directly transferring bitcoins from your old wallet to this new one will somewhat obscure the ownership of those coins. However, there are far more sophisticated methods of transferral (covered later) which will be more effective at disguising this flow of funds.
(Optional) Join a Virtual Private Network (VPN)
As mentioned, Tor is no privacy panacea; an adversary who owns both the first and last machines you connect through will see your IP as well as the sites you access. If you’re willing to pay for a little extra peace of mind, consider a VPN service. Instead of accessing the Internet – or Tor – directly, your connection will be routed through the VPN’s servers. We’ve recently set up a beginner’s guide to VPNs if you want to learn more about this subject.
A VPN has somewhat similar benefits to Tor; it obscures your IP address. In fact, most VPNs allow you to spoof the nationality of your IP address (which can be helpful for accessing location-specific data). VPNs also provide security benefits; they act to screen your device from malware via firewalls and proxies.
Unlike certain sites which block access from known Tor routes, VPNs usually afford unlimited access and much higher bandwidth than the Tor network. It’s entirely possible to access Tor through a VPN for another layer of obfuscation.
Leaving traces of your activity on your hard drive or removable media represents another way in which anonymity may be compromised. Disk encryption software allows you to encrypt a file, folder or entire drive such that it can no longer be access without a password. Encrypting your Bitcoin wallet file and any sensitive information stored on your computer is good practice. With decent disk encryption software, you can create multiple, secure backups of your most important files and data and disperse them on USB memory sticks and the like.
Wikipedia offers a good comparison of the available disk encryption software options. Do not rely on the Windows BitLocker program; unlike open source alternatives it is not provably secure.
Warning: if you lose or forget your password, you’ll lose access to any encrypted files.
Disguising Bitcoin Transaction
Tumbling Coins through Mixers
As the name implies, a mixer is a service which mingles unrelated bitcoins such that it becomes unclear which addresses sent bitcoins to other addresses. This is a good way to move coins from an old, de-anonymized address or wallet to a new, more private one.
For privacy purposes, only use darknet mixers such as BitMixer.io: bitmixer2whesjgj.onion or Grams’ Helix: grams7enufi7jmdl.onion/helix/. BitMixer works pretty fast, mixing through Helix can take a few hours. The downside to mixers is that they take control of your bitcoins until the mixing is complete, which introduces custodial risk.
A trustless, decentralized method of mixing can be found in JoinMarket; an implementation of a privacy-improving technique first proposed by core developer, Greg Maxwell. This infographic provides a gentle introduction to the workings of JoinMarket. Although a fairly simple concept, at the present state of development, JoinMarket represents a more complicated undertaking than sending coins through a mixing site.
If you have a good understanding of Bitcoin and you’re prepared for a more hands-on method, JoinMarket is highly recommended. Apart from giving you back control over the mixing process, it also lowers your risk and transaction fee. JoinMarket even lets you earn a little money by helping others mix their transactions.
Obscuring the Trail through Altcoin Shifting
Why stop at mixing between Bitcoin addresses? Mixing between Bitcoins and privacy-centric altcoins provides another layer of obscurity. This method requires perhaps a little less trust than using a centralized mixing service. The best altcoin to use for this purpose is probably Monero (XMR).
This short guide covers buying Monero with Bitcoin; to anonymize your bitcoins, simply convert them to XMR, forward them to a new Monero address under your control and then convert them back to new, anonymous BTC.
And Finally: The Amnesic Incognito Live System (TAILS)
If you’re serious about your privacy, you’ll want to bring all the above methods together in a secure operating environment. Unfortunately, standard operating systems do not prioritize privacy. Windows 10, for example, is relentless in its efforts to monitor users. It therefore makes sense to boot into a secure, privacy-respecting operating system before attempting to send Bitcoin anonymously.
The best possible option here is TAILS, a variant of the Debian-based Linux operating system, which by design leaves no trails. Don’t worry if you’ve never used Linux before, TAILS features an interface which will be familiar to any Windows or Mac user. TAILS can even mimic the appearance of Windows so that casual onlookers won’t notice anything unusual about your computer usage!
TAILS packs a host of privacy, security and encryption features into a package small enough to fit on a portable USB drive – Tails even includes KeePassX and the Electrum light Bitcoin wallet as standard!
To boot to Tails on start-up, the USB drive must be formatted as bootable via a program like Universal USB Installer or Rufus. TAILS must then be downloaded and installed on the drive, which is a somewhat involved process. Note that installing and keeping Tails updated will require 2 such USB devices.
If you want to get started with TAILS you can use this simple online tutorial.
Altering your Bios setup to booting from TAILS rather than the hard drive allows you to use untrusted computers and networks securely. Thus you may anonymously send Bitcoin from even a public, monitored computer, such as those in a library or internet café, without leaving any traces of your identity or activity.
While TAILS does easily defeat any software-based data logging, keep in mind that Tails can’t protect against hardware key loggers or hardware screen capture. Fortunately, TAILS contains a virtual keyboard and other mouse-driven text entry applications. For password entry on untrusted devices, employing a combination of onscreen text-entry and spam-text logging countermeasures is recommended.
TAILS stores no information regarding software you use, sites you visit (via its built-in Tor browser) or anything else. However, TAILS does allow you to create an encrypted, persistent volume within your USB stick (provided it has enough storage space; 8 gig sticks are recommended).
Any data placed in the persistent volume will be maintained between sessions. It’s advised to store your password manager data file within this volume and your Electrum seed in the password manager (unless you’re absolutely certain you can remember it). Entering this seed will allow you to rebuild your Electrum wallet and access any stored bitcoins.
Warning: if you fail to store or remember your Electrum seed, any bitcoins stored in your Electrum wallet will be lost forever once you end the TAILS session.
Anonymity comes with a price
To sum things up, it’s up to you to decide how much anonymity you actually need online. The more anonymous you’ll want to be the more effort you’ll need in order to achieve it. This guide brought you the main tools and techniques at your disposal so you can mix and match whichever work best for you.