I had several opportunities to discuss bitcoin and cryptocurrencies generally with Len, with the most recent exchange on June 25th below. In posting this, it is my hope that anonymity considerations with bitcoin are well understood by the individual user and appropriate for the type of bitcoin transaction that is undertaken, as all security is relative. I had asked him "if his concerns about bitcoin traceability were more of a non-cryptographic nature? i.e., real-world identity?" Len's reply, in his own words:
"Well, it's hard to decouple cryptography from identity in a crypto-based currency, but, yes, my concerns are real-world identity issues. Bitcoin is less anonymous than physical cash. Compare to Digicash, which was 'more' anonymous. It's useful to speak about these things in more precise terms; using the Pfitzmann terminology, Bitcoin lacks unlinkability as a property. 'Throw Tor or Mixmaster at it' isn't a very satisfying answer, at least not to someone with an understanding of how those systems fail. My fear is people will associate 'bitcoin' and 'anonymous', get seriously burnt by the fact that it's 'not' anonymous, but rather a persistent ledger of all transactions ever, and then dismiss future e-cash that actually 'does' provide anonymity and unlinkability, etc., because they've 'heard that before.'For more Len, here's his presentation, "Anonymity for 2015: Why not just use Tor?" and another, "Towards a formal theory of computer insecurity: a language-theoretic approach".
It may be possible to use bitcoin as a building-block in constructing an anonymous payment system; I'm skeptical, but what 'is' clear is the people currently advertising such systems haven't ever worked on traffic-analysis defeating protocols before. Any state-level adversary can link bitcoin back to the user's real-world identity — or at least, real-world computer. You're probably marginally better off with pre-paid visa cards exchanged through some kind of swap system like the cypherpunks used to do for Safeway cards, though I don't know if that exists. This is all somewhat of a distraction, though, since it's unclear to me that Bitcoin will survive the speculators; that's not what it was designed for, and it's showing. Further, the competence differential between the designers of bitcoin itself & the exchanges is staggering. Sorry for that flood of messages. I've added you to Skype; when's a good time to chat?"