The Daily Attack
Thursday, June 16, 2011
http://thedailyattack.com/2011/06/16/maintaining-anonymity-while-using-bitcoins/
The crypto-currency of the future is here: Bitcoin. As can be expected, the government has been making a huge stink about this decentralized, difficult to stop, nearly impossible to control, pseudonymous digital cash. It's an inevitability that when you give people a powerful tool for freedom, they will use it for exactly that. Silkroad, only accessible via the TOR network, using Bitcoin as its currency, has created a near bullet proof service for buying and selling illegal drugs. The site is run in the world of .onion, the unregulated shadow internet run through the TOR network, where users can browse the internet anonymously, or set up their own untraceable servers and websites. At Silkroad, a built in reputation and feedback system reminiscent of eBay ensures that most transactions go smoothly with as little fraud as possible. Mail delivery of concealed drugs appear to have a high rate of making it through the US Postal system undetected. And Bitcoin remains reasonably untraceable. Reasonably untraceable.
Bitcoin is not a truly anonymous digital currency. An example of an anonymous digital currency would be eCache. From the anonymity article at the bitcoin Wiki:
"The main problem is that every transaction is publicly logged. Anyone can see the flow of Bitcoins from address to address (see first image). Alone, this information can’t identify anyone because the addresses are just random numbers. However, if any of the addresses in a transaction’s past or future can be tied to an actual identity, it might be possible to work from that point and figure out who owns all of the other addresses. This identity information might come from network analysis, surveillance, or just Googling the address."
Network analysis can reveal which exchange service you bought your bitcoins from. Those bitcoins carry the traces of your original transaction even after you have made your purchase at the Silkroad. For the average user, the problem is moving fiat currency into bitcoin using an unidentifiable method of payment, thereby breaking the link between you and whatever it is you’re using your bitcoins for. Bank wires obviously won’t work. Dwolla, Paypal, Western Union, and any other payment system that requires you to deal with a public, registered corporations will leave a paper trail. Do you think Western Union is going to stand tall and not rat you out if push came to shove? Not likely. Neither is it likely that buying an occasional 1/8th oz. of pot at Silkroad will trigger a full scale investigation into your drug consumption habits. But for those of us who are paranoid, or have some serious money to hide from the IRS, or who are just plain cautious, here are your options to move your US Dollars into bitcoins while maintaining some degree of anonymity. One quick note, unless you’re mining your own coins (hey, not a bad idea!) you will have to deal with and trust someone, somewhere, to get your bitcoins.
Get TOR
If you even want to access a service like Silkroad you need to be running TOR. Even if you’re not buying drugs, TOR is the tool that will anonymize all of your online activity, including setting up accounts and communicating with bitcoin exchangers. The easiest way to do this is the all in one Browser Bundle. It works right out of the box, running its own instance of Firefox. No installation necessary. While your at it, store the Browser Bundle in a Truecrypt encrypted file. TOR+Truecrypt will open you to a whole new world. Trust me.
Now that TOR is running, use it and only it while accessing any Bitcoin related service or internet site. Also open an email account. A few of the services below don’t require email communication, but at some step of the way you’ll likely need to message someone. Remember to open and access this email account only through TOR! I suggest Safe Mail. They’ll wonder why you logged in from India 15 minutes ago and now appear to be in Australia, but they won’t pry.
Get a place to store your bitcoins
You’ll need a place where you can receive, store, access and spend your bitcoins. The easiest way would be to set up an account with a service like My Bitcoin. They act as a sort of online wallet. It’s the least technical way to get going with bitcoin, but it does require that you trust a third party with your money. If you are only sending through a small amount of money at a time for occasional transactions (like for retail volumes of drugs?) then your risk exposure is pretty low.
Mixing
You could just follow the advice at the Bitcoin Wiki and use a mixing service such as Bitcoin Laundry. This requires that you already have bitcoins, acquired through some of the more anonymous methods mentioned later in this article, or by using a bank transfer or other payment method at Bitcoin Exchange, MtGox, or another such service. This is ok, since the mixing service breaks the connection between you and your bitcoins after you purchase your bitcoins.
Right now Bitcoin Laundry is in beta, and its reliability to obscure your funds is limited by how many other people are using the service. Basically, a mixing services acts like a big pot that everyone throws their cash into. The mixing service then gives the pot a good shake, pulls the cash out, and distributes it back to everyone who put their money in, minus a small commission. If you were using US Dollars, imagine throwing a twenty dollar bill in, and receiving back someone else’s random twenty dollar bill, or a ten and 2 fives.
Again, the effectiveness of this is limited, you may get some of your own bitcoins back, or there may not be enough people using the service to adequately obscure who put in what and took out how much. BitLaunder (only accessible through TOR) takes a different approach. They take your bitcoins, sell them for another currency, then use that currency to buy different bitcoins and then send them to you. I imagine the bitcoins they sent back to you would still have their trace on them, but most important, they wouldn’t be directly traced back to your original purchase of bitcoins using Dwolla or wire transfer. So you still may have an issue with acquiring the original bitcoins that you throw into the mixer. Would you rather no money transaction service or financial institution know that you are moving money into Bitcoin?
The Cash is in the Mail!
The US dollars in your wallet have served the black market well over the years. Cash is pretty darn untraceable. Estimates of the US black market put its total value at 8-10% of GDP, all traded in crisp US bills. Hey! Maybe the Feds should be trying to shut down the US dollar instead of Bitcoin! Anyway…. in an ideal world, you’d be able to anonymously mail an envelope of cash to a trusted, reputable bitcoin exchanger and instruct him where to send your bitcoins. Two examples of such a service are:
and
They have different methods of operation, which can make a big difference. Bitcoin 4 Cash does in and out exchanges, meaning they buy bitcoins (in exchange for pre-loaded virtual credit cards, pretty cool) and sell bitcoins for cash. The exchange rate you pay is either locked in (a 10% deposit is required) or you take whatever the going rate is for bitcoin at the time Bitcoin 4 Cash receives your payment. In the first scenario, with a locked in rate, Bitcoin 4 Cash bears the risk that Bitcoin could sky rocket in value between the time you lock in your rate and the time your cash arrives in their mail box. This exact scenario has played out recently, leading to some drama (search the bitcoin.org forum.) In the second scenario, you bear the risk that your dollars will be worth fewer bitcoins by the time they reach Bitcoin 4 Cash.
Bitcoin 2 Cash (don’t get them confused, now,) operates an exchange market that matches buyers and sellers. When you send them your cash, you aren’t actually buying bitcoins from them. Instead, you’re funding an account that you then use to buy from another account holder who is selling. The theory here is that there are enough people doing out exchanges or trading to fill demand for bitcoins. The advantage is that you can decide exactly when you want to execute your exchange, leaving out some of the guess work that comes with trying to price out your dime bag in bitcoins a week into the future given market fluctuations.
Both of these services rely on a lot of trust in the operators. I highly suggest you research the reputation of these dealers and any other such service you consider using. If you take the proper precautions in mailing your cash, the only trace back to you will be the originating zip code the envelope was mailed from, which is not a whole lot to go on. And remember to direct them to send your bitcoins to your online wallet (like at My Bitcoin) that you opened and access only through TOR!
In Person Exchanges
You might just fire up your TOR web browser and go to the bitcoin forums and try to find someone nearby who is willing to sell you bitcoins in person. If you want to go really cloak and dagger, you could arrange a drop site for your cash, but you’d be relying on the seller of bitcoins to actually transfer bitcoins after you’ve paid him. Treating it like a Craigslist transaction is probably best. Meet at a coffee shop, bring a laptop, and engage in mutually beneficial trade. Ubitex, BTC Near Me, and Bitcoin.Local all take this concept a step further by matching buyers and sellers according to geographic location. Last I checked, no one was selling in my area, though. Your mileage here may vary.
Conclusion
Bitcoin is not inherently as anonymous as cold, hard cash. But following the steps above can make you reasonably safe. Some would even say that taking these steps to, say, buy drugs on the Silkroad is being a little too paranoid. The rationale being that the DEA will be most interested in busting the Silkroad operators and sellers on the site, and not worry too much about the buyers. But if you’ve read this far, you want to make it as difficult as possible for the man to get his hands on your bitcoin, and you’d rather he not know about how you spend your recreational time.
Remember this formula if nothing else: TOR + TRUECRYPT + BITCOIN = REASONABLE ANONYMITY!
UPDATE – 6/17/11
Bitcoin exchanger to comply with any court sanctioned investigations
Mt. Gox has announced that they will comply with any court sanctioned investigation. Due to the fact that they are an above ground company and under the legal jurisdiction of multiple nation states, this is not surprising. Indeed they could be forced to comply and cooperate or find their bank accounts frozen and their management held in contempt of court. Protect yourself! Protect your identity! Anonymize your bitcoin transactions!
Reprinted with permission. Vince can be reached at vince@thedailyattack.com.
For further reading:"An Analysis of Anonymity in the Bitcoin System", Fergal Reid and Martin Harrigan, July 22, 2011
"Bitcoin: More Covert than it Looks", Thomas Lowenthal, July 14, 2011
"Patching The Bitcoin Client To Make It More Anonymous", coderrr, June 30, 2011
"Chaumian Blinding Service Using Bitcoins", Bitcoin Money, June 18, 2011
Of course, I can't stress enough the importance of doing your homework! You'll be relying on a variety of service providers to handle your money, and maybe even help maintain your anonymity. So this means putting a lot of trust in them. Glad the word is spreading.
ReplyDelete