Using Bitcoin Anonymously

shadowy figure smoking

All Bitcoin transactions are stored in a public ledger called the blockchain. The data stored in each of these transactions includes a bitcoin payment amount and the Bitcoin addresses of the sender and the recipient (among other things). Because every transaction uses the bitcoins from a prior transaction, and the blockchain is public data, every Bitcoin payment has a traceable history that can be viewed by anyone.

Bitcoin addresses are not themselves linked to a person or entity. That’s why Bitcoin is often called pseudonymous or pseudo-anonymous. However, a person’s identity can be associated with a Bitcoin address through other means. Once that occurs, it’s possible to determine that person’s transactions backward and forward through the blockchain history. A single anonymity breach can uncover an individual’s entire Bitcoin transaction history.

But how is an address linked with a person? Most commonly, the association occurs when people publish their name together with their Bitcoin address online. But there are plenty of other ways (take a look at the Top Seven Ways Your Identity Can Be Linked to Your Bitcoin Address). Once the association has been made, a party with enough determination, time, and resources could analyze the blockchain and determine how many bitcoins an individual has, how they receive them, and how they spend them.

To use Bitcoin anonymously, precautions need to be taken to prevent your true identity from being associated with your transactions and addresses.

tl;dr; Bitcoin is not anonymous — but it can be anonymous enough, if you’re careful.

Use a New Address for Every Incoming Transaction

The first and easiest step is to use a new, unused address for every incoming transaction. Simply generating a new address and using it to receive a payment helps hide the total balance of your Bitcoin wallet. If every payment you receive goes to a different address that you own, then those bitcoins are spread out amongst multiple addresses, instead of being stored in a big lump sum at a single address. This makes it much harder for someone to know how many bitcoins you own because most Bitcoin clients do not publicly reveal which addresses you own when you get a payment.

However, these addresses can be publicly associated with each other when you send a payment. If the total amount of the transaction you’re sending is larger than the amount you have at a single address, then the balances of a few of your addresses must be combined as the inputs to reach the total amount of the transaction. Once this transaction is stored in the blockchain, it can indicate, but not necessarily prove, that those individual input addresses were owned by a single entity. If your identity has not been associated with any of your addresses, your anonymity should still be mostly safe.

But if you already have a few transactions linked to your name, it may be best to start a completely new wallet that is dedicated to using Bitcoin anonymously, and transfer your bitcoins to the new wallet by running them through a mixer. Keep your anonymous wallet and regular wallet separate — don’t send coins between the two without using a mixer.

Also worth noting is that Bitcoin transactions always spend the complete amount stored in an address. That means if you are sending 1 bitcoin from an address that contains 2 bitcoins, the extra 1 bitcoin will be included in the transaction, but will be sent back to one of your own addresses. In the most simple form the change will go back to the original address, but this has the major drawback that it will be clearly visible which address belonged to the receiving party. For that reason most Bitcoin wallets automatically create new change addresses to receive the leftovers of your transactions. These change addresses can help mask who the intended recipient of the transaction truly was.

tl;dr; Generate a new address for every payment you want to receive — it helps hide your total Bitcoin balance.

Avoid Thin Clients and Hosted Wallets

Almost all thin clients leak which addresses you own to whatever Simple Payment Verification (SPV) server they connect to. Thin clients do not store the blockchain locally. Instead, they query a single SPV server for the transactions that involve the addresses in your wallet. While this functionality is far more efficient and fast than parsing the blockchain locally, the trade-off is that every Bitcoin address you own is submitted to the SPV server.

Some thin clients, such as Multibit, have the capability of using bloom filters to help conceal which addresses you own by requesting extra transactions that don’t involve your wallet. However, Multibit currently favors efficiency over privacy and does not utilize bloom filters for address anonymization. The Electrum thin client doesn’t use bloom filters at all, so just like Multibit, any server you connect to knows every address that you own.

Hosted clients are even worse in terms of anonymity. All of your private and public keys reside on 3rd party servers, so it is trivial for the operator to know which Bitcoin addresses you own. Additionally, any other information you’ve submitted to the service is associated with your Bitcoin addresses and can be easily accessed by the service’s operators.

These types of wallets make it easy for a SPV server operator or service administrator to not only know which Bitcoin addresses you own, but also associate them with your IP address. The operator could potentially publish the information, they could be hacked and the info stolen, or they could be subpoenaed or NSL’d to provide logs to law enforcement or government agencies.

One of the fundamentals of Bitcoin is not having to trust any single party. In terms of anonymity, it’s best to use a full Bitcoin client like Bitcoin-Qt or Armory, and store the entire blockchain locally.

tl;dr; Thin clients and hosted wallets leak which addresses you own — use a full client like Bitcoin-Qt or Armory instead.

Bitcoin and Your IP Address

When you are initiating a transaction on your computer, the Bitcoin client sends the necessary data to other clients, effectively broadcasting the Bitcoin transfer to the network. Bitcoin doesn’t encrypt its traffic, which means your internet service provider, the owner of the public WIFI hotspot your are using, or the NSA can look into your transactions and determine your Bitcoin balances with little effort. For a sophisticated third party it’s entirely possible gather a lot of data about performed transactions to reveal the identity of Bitcoin users at large.

If your need for anonymity warrants counteracting IP traceability, you need to connect to the Bitcoin network through an anonymizing layer like Tor or a virtual private network (VPN).

Tor

Get Tor from the official website, install the Tor client and make sure it is running. Then go to your Bitcoin client’s network settings and set the connection to SOCKS proxy, address 127.0.0.1 (also known as localhost) via port 9050 (the standard Tor port) or port 9150 (if you installed the Tor browser bundle). Tor is naturally slower than your direct internet connection, so if you want to setup a full client for use via Tor, it’d be a good idea to first download the blockchain without Tor, and then use Tor whenever sending a transaction.

VPN

Besides Tor it’s also possible to use a VPN to hide your IP address. But this comes with the stipulation that you must trust the VPN provider not to log or reveal your transactions. Most VPN providers provide configurations or applications that automatically route all of your internet traffic through their service, so it’s not necessary to perform additional configurations on your Bitcoin client.

Use a Public (WIFI) Network for an extra layer of anonymity

When public WIFI is used in addition to Tor or a VPN, another layer of security is added to your anonymity. Home internet service providers collect customer’s names, addresses, and other personal details when the customer signs up for the service. Your identity is directly tied to your IP address and whatever internet traffic you generate using their internet connection.

Public WIFI does not require you to provide your personal details to make an internet connection, making it more difficult for your activity to be traced back to you. However, there are still other things to consider. Your MAC address will most likely be logged by the public WIFI operator, which can be used to identify your computer. Most operating systems allow you to spoof the true MAC address of your network card by generating and using a random MAC address instead. This should be done every time prior to connecting to the public WIFI network. Also, consider other ways in which your identity could be linked to your connection such as:

  • security cameras in the area

  • using the same WIFI location on a recurring basis and being recognized by employees

  • using a credit card to purchase goods at the location

  • browsing unencrypted sites that have you’ve submitted your personal details to

Remember, it is recommended to keep all your public WIFI traffic encrypted with Tor or a VPN.

tl;dr; Hide your Bitcoin internet traffic using Tor and/or a VPN. Use public WIFI as an additional measure.

How to get Bitcoins Anonymously

While it’s possible to anonymize Bitcoins later by breaking the identity chain that links you to the coins, the best way to stay anonymous is not to have your credentials linked to a Bitcoin transaction in the first place.

If you buy bitcoins on an exchange site, they’re inevitably linked to your name. Most exchanges require that you verify your identity by providing a scan of your government ID. You may also need to provide scans of utility bills or bank statements to prove your physical address. Also, many exchanges only accept national currency transfers via bank account or credit card, further proving your identity and leaving a paper trail that’s easy to trace. Once you provide the exchange with a withdrawal Bitcoin address to send your newly purchased bitcoins to, that address is linked to your name in the exchanges records. Those records could be leaked, published, or requested by law enforcement officials.

tl;dr; Bitcoin exchanges require documents and bank accounts that prove who you are. Avoid them.

Buy Bitcoins in Person

Your best bet to buy bitcoins in an anonymous fashion is to meet face-to-face with someone willing to sell bitcoins for physical cash. There are a number of websites where you can find people to trade with, but the most popular site is LocalBitcoins. To stay anonymous, the following precautions should be taken:

  • Don’t provide any information that could be used to identify you. Don’t provide your real name, personal email address, phone number, or physical address.

  • If you must provide your phone number or use a phone to coordinate a trade meetup, get a burner phone. They’re cheap and can be purchased with cash.

  • Depending on your anonymity needs, you might want to use an anonymous internet connection, like Tor, to access LocalBitcoins and your throw-away email account.

  • Find a seller who is willing to trade Bitcoins for cash.

  • Review the seller’s history and the feedback they have received from other buyers, don’t trade with new sellers.

  • Meet in a well populated, public place. It may be useful to walk or bike to the location to avoid having your vehicle or its license plate identified. If you must drive to the location, park a considerable distance away, or have a friend drop you off and pick you up.

tl;dr; Bitcoins purchased in person from a stranger with physical cash are highly anonymous.

Buy Bitcoins with Cash in the Mail

Anonymous money transfers can also be made by sending physical cash in the mail or with certain payment providers like MoneyPak. In this case the seller will provide a mailing address and you’ll be expected to pack and ship the payment to them. Depending on the terms of the arrangement, the seller may require you to send payment first, or they may agree to place to bitcoins in escrow. For additional security, you may also choose to send the package as registered mail, insure it, or require a signature upon delivery. If you’re insuring the package, you may consider taking video or photographs of package’s contents to prove its value in the event of the postal service losing or stealing the package.

If you choose not to provide a return address on the package, it will most likely be flagged by the postal service for further inspection (perhaps by X-ray or drug dogs). It’s also best not to use a return address that doesn’t exist, because the package will also be flagged. Also, if the shipment fails to be delivered, and can’t be sent back to you, the physical cash will obviously be lost.

Additionally, many sellers prefer to use PGP/GPG encrypted communications so that their mailing address is revealed only to you and never stored on the service’s servers in plain text. It may payoff to setup PGP/GPG on your computer, advertise that you support it, and provide your public key.

tl;dr; Bitcoins purchased via cash sent through the mail are somewhat anonymous, though your return address (if provided) will be known to the seller.

Buy Bitcoins from an ATM

More and more Bitcoin ATMs are appearing. In some jurisdictions they ask for a lot of identifying information before you can buy any coins, but others are completely anonymous and simply generate a paper wallet or transfer bitcoins to an address of your choice after feeding them some cash. If you can find such a Bitcoin ATM, they’d be a good choice to get you bitcoins anonymously and without much hassle, even if you have to pay above the current market price — but they are rare.

Online Work

Another way to get Bitcoins anonymously is to earn them with online work. There are a lot of rather shady job offers though, always exercise due diligence when accepting a job and to stay anonymous it’s of course necessary never to reveal your real identity to your employers.

Reddit’s Jobs4Bitcoins subreddit is a good place to look for jobs that pay Bitcoins. Job offers should be marked with [HIRING] and it’s up to you to make the contact when you find something you like. You can of course also advertise your marketable skills with a post, be sure to mark it with [FORHIRE].

Coinality is a good Bitcoin job site has a lot of work offers that can be filtered by type of employment, category, payment and location. Most job offers on Coinality are technology and internet related and many can be done online from anywhere in the world. You can also post your resume to attract potential employers.

There are also dozens of sites that pay minuscule amounts for visiting sites and watching ads, but they are generally not worth the time and effort.

tl;dr; You can get anonymous bitcoins by working for them. But avoid jobs that pay you to watch videos or click links — they won’t pay much.

Mining

Mining mints fresh bitcoins that haven’t existed before and is therefore an anonymous way to obtain coins. The major downside is that mining has evolved from something that anybody could do with commodity hardware to a highly competitive market where only specialized mining hardware (so called ASICs) can hope to generate a profit.

Such Bitcoin miners are not easy to come by though, especially if you are looking for one that will yield you more than its asking price. The difficulty to mine Bitcoins is constantly rising, due to the network’s self-regulation mechanism, and quite often Bitcoin miners can only be bought on pre-order, which has more often than not turned out to be a disappointment for mining enthusiasts. Generally, the chances to get more Bitcoins with mining than from simply buying are slim to none, unless you are investing in a big mining operation.

If you are still considering going down this route for anonymity’s sake, do your homework and research Bitcoin’s difficulty rise and related ROI (Return on Investment) calculations for available mining hardware. Also pay special attention to the reputation of hardware manufacturers and vendors.

tl;dr; Mining is a great way to get bitcoins anonymously, but it requires a big upfront investment and there’s no guarantee you’ll make your money back.

Cleaning Your Tainted Bitcoins

If you have bitcoins that have already be in some way tainted with a link that could identify you, it’s possible to break that link and effectively anonymize the coins again. If done correctly, future transactions from that point forward won’t be connected to you anymore.

For that purpose there are mixers (also known as tumblers). The basic concept is that you send the coins you want to have anonymized to the mixer, which in turn sends back the same amount minus a fee to a new address you provide. The coins you receive back are from a big pool maintained by the mixing service and should ideally not have any connection to your original coins.

The major flaw of this concept is its centralized nature. You have to trust the mixing service to give back your coins and additionally you have to trust that they do not keep any records of the performed mixing transactions. Especially the latter point is tricky, since you can never know for certain what they are doing with the data. If the mixer really doesn’t keep any transaction records, they have no way to prove it. On the other hand, if they don’t or are even forced to hand over their data, you have no way to know.

A major improvement over centralized mixers are so called CoinJoin transactions. CoinJoin pools a number of transactions from multiple users together in a way that makes it impossible to tell with absolute certainty who send how many coins to which address. The best part is that CoinJoin requires no trust in a third party, because it can be performed entirely between the participants and at no point are your coins in danger to be stolen.

Bitmixer is a centralized mixing service. It allows you to specify one or more forward addresses, where you will receive your mixed coins. You can also specify the delay and the percentage distribution among the addresses to further customize the process. When you are done with the setup, you will be given the input address and a special code. The code will prevent you from getting your own coins from previous mixes when you use Bitmixer more than once. Bitmixer’s fees are 0.5% plus an additional 0.0005 BTC for every forward address used.

Bitcoin Fog is a centralized mixer that exists in the form of a Tor hidden service. To access the real site you need a Tor enabled browser. You must create an account first to which you send the coins you want to mix. Then you can request withdrawals and the site will automatically randomize a series of payouts with varying amounts and delays. The fee is randomized too, between 1% and 3% per deposit.

tl;dr; Bitcoin mixers can help unlink your identity from certain bitcoins by swapping your coins with others’ coins many times over.

DarkWallet

Bitcoin is still a rather new technology and attempts to make anonymous usage possible with good usability are even younger. A promising project in this regard is DarkWallet, which aims to be a Bitcoin wallet for the masses that makes anonymity and privacy as effortless as possible. DarkWallet was recently released as alpha software, and is not yet recommended for use with real bitcoins until more testing and development has been completed. The final goal is to create a wallet that is based on CoinJoin transactions, stealth addresses (which help to hide the receiver even if the stealth address has been made public) and access via proxy networks like Tor. DarkWallet will be available as an add-on for Chrome and Firefox.