The key to keeping your Bitcoin transactions from being traced back to you is preventing others from knowing which addresses are yours. If you’re trying to remain anonymous (or more precisely, pseudonymous) with Bitcoin, read on for the most common ways people’s true identities are forever associated with their Bitcoin addresses. And try to avoid them.
It might also be worth checking out Using Bitcoin Anonymously for other best practices and pro tips.
1. Publishing Your Name and Bitcoin Address Online
Who Knows Your Address: anyone on the internet
This is a no-brainer and it’s the most common way ownership of a Bitcoin address is revealed. Lots of folks on the internet publicly display a Bitcoin address with their name attached to it in hopes that others will send them bitcoins. A few examples:
Writing a personal blog with your real name on it and posting a Bitcoin address for donations.
Using your real identity on a forum and putting your Bitcoin address in the post signature.
Launching a website with your Bitcoin address anywhere on it and registering the website’s domain name with your real name.
Unfortunately, once published, this knowledge becomes available to anyone with an internet connection. Specific Bitcoin addresses are easy to lookup with a search engine. And thanks to things like Google Cache and The Way Back Machine, it will probably be like that forever.
2. Trading Bitcoins for National Currency on an Exchange
Who Knows Your Address: the exchange
Nearly every exchange that handles national (fiat) currency is subject to money laundering regulations, making it necessary for customers to prove their identities by providing scans of their government IDs, bank statements, and utility bills. Unless you can fake these types of documents, the exchange will know exactly who you are and will retain these records indefinitely. You’ll be associated with all incoming and outgoing Bitcoin transactions on your exchange account, which can indicate your ownership of any addresses related to those transactions.
3. Buying Stuff With Bitcoin
Who Knows Your Address: the merchant and/or payment processor
Revealing who you are when you make purchase with Bitcoin can’t easily be avoided. The recipient of your Bitcoin payment can identify your sending address, plus any change address that your client sends extra bitcoins to. Unless you’re purchasing downloadable digital goods, you’ll usually need to provide a name and shipping address.
If the merchant uses a payment processor like Coinbase or Bitpay, your sending address may not be revealed to the merchant, but the payment processor will certainly keep a log of the transaction’s details and your personal details.
4. Using a Thin Client or Hosted Wallet
Who Knows Your Address: server administrators
Thin clients don’t have a local copy of the block chain, so they query a single SPV server that does. These queries reveal all the Bitcoin addresses that belong to your thin client, plus your IP address, to whomever operates the SPV server. While thin clients have the capability to mask which addresses are yours using bloom filters, most thin clients do not sufficiently utilize them.
Hosted wallets have first hand knowledge of your Bitcoin addresses because your wallet resides on their servers. Any additional information you provide to them (such as phone number, location, or email address) can also offer clues to your true identity.
Both of these types of wallets leak both your IP address and your addresses to third parties. Your IP address may not immediately reveal your true identity, but it can be used to help discover it.
5. Using Bitcoin Without a VPN/Tor
Who Knows Your Address: your internet service provider (ISP)
Bitcoin does not have any built-in encryption when it comes to broadcasting transactions across it’s P2P network. When your client relays transactions over the network, they pass through your ISP’s gateway servers in plain text. Your ISP can intercept and analyze this traffic, and then determine which of these transactions belong to your IP address (versus those transactions which you are only relaying). The transactions that belong to you will first appear on the network via your IP address, differentiating them from transactions that have already been propagated by other nodes. And then your IP address can be used by your ISP to lookup your personal identity — they have it on file from when you subscribed to their service.
Using Bitcoin with an encrypted VPN or Tor can effectively mask your real IP address, helping to disassociate your Bitcoin traffic from you.
6. Using Blockchain.info and Pissing Off Roger Ver
Who Knows Your Address: anyone on the internet
Roger Ver, a “Bitcoin Angel Investor & Evangelist”, once released the name and address of a BitcoinStore.com customer on a public forum, and then used his administrative privileges on Blockchain.info to lookup this person’s IP address, phone number, and other personal information using the customer’s Bitcoin address — all of which ended up being posted on the forum as well. Why? Because the BitcoinStore accidentally refunded an extra $50 worth of bitcoins to the customer, and the customer didn’t return the extra coins. Roger owns BitcoinStore.com. Presumably, he felt posting the customer’s details would help identify the customer to other merchants… or maybe it was to just settle a score.
The take-away here is that people with access to both your personal info and Bitcoin address can choose to publish them any time they please.
7. Getting a Visible Tattoo of Your Bitcoin Address
Who Knows Your Address: anyone who takes your picture or cuts off your arm
In early 2014, a man from Washington state had his public address tattooed onto his forearm in the form of a QR code. It’s not clear if he was ever able to get the QR code to scan (I couldn’t). But if it works, he’ll have a convenient way of getting paid in person with bitcoins. And it will be just as convenient for anyone who sees him in a short sleeve shirt to know exactly how much he has at that Bitcoin address.
So… Who Else Might Know?
Even if the link between you and a Bitcoin address was only logged by a single merchant, server admin, or exchange owner, it might not always stay that way. Server records can be hacked and leaked onto the internet. Law enforcement officials can use subpoenas, court orders, and NSL’s to secretly force those services to hand over their records. Or some adversary could use good old fashioned blackmail to get their hands on some juicy server logs.
Additionally, it’s now known that powerful government agencies (*cough* hi there NSA *cough*) are intercepting and cross-referencing mass amounts of internet traffic. So unless you’ve been encrypting your internet traffic with Tor or a VPN connection, they probably already know you use Bitcoin, how many coins you have, and that you like to spend them on alpaca socks. Weirdo.
Do you know other ways that Bitcoin usage can be traced to someone’s identity? Contact me. We’ll see if we can throw them up on this here list.