This article is the third in a four-part series by Matt B (@MattoshiN) and Wassim Alsindi (@parallelind) on the use of Bitcoin and the technology stack built atop it to assist those living under oppressive regimes or in conflict zones, and those seeking to flee them. Read the first and second installments.
Bitcoin is, above all, agnostic. It serves anything, and anyone, with no regard for who users are or what their intents might be, provided they play by the rules – rules, not rulers. What one may see in the network, protocol and currency is a context-dependent Rorschach test: one person’s rat poison is another’s meal ticket. While legacy financial institutions are fuelling a wave of social media deplatformings through the ever-expanding Operation Chokepoint, Bitcoin rises to prominence as a tool for the marginalised, ostracised, oppressed and forgotten. It enables any human to develop a parallel means to transact and store wealth and, as time goes on, the ways and means of using Bitcoin grow in variety and quality. There is no doubt that volatility in BTC-fiat crossrates make external measures of cryptocurrency value vary wildly, and obviously downside risk is not helpful especially when you are putting your life on the line. On the other hand, when national currencies undergo hyperinflationary events Bitcoin can be one of few accessible havens of relative stability. As of today, stablecoins are not the answer.
Freedom means everyone can use it, regardless of your opinion on their motivations, political leanings or priorities. Guerrilla and outsider organisations of all flavours and persuasions will be early adopters of decentralised technologies, and there’s nothing that can be done about that. The precautionary principle doesn’t work in permissionless environs and there is no ‘off switch’ – a feature, not a bug.
Bitcoin heralds a new age of ‘extreme ownership’ – or at least, provides the option for individuals to truly exercise sovereignty over their wealth. When used correctly, it is both unseizable and uncensorable. In the digital age, few things are more important than ensuring that wealth can be stored and transmitted without custodians or other third parties keeping personally identifiable information, blacklisting recipients or otherwise denying/reversing transactions. While physical cash offers individuals a degree of anonymity in their day-to-day exchanges, the push towards digital payments threatens this privacy by creating digital footprints that could be exploited for the purposes of surveillance.
How an individual ‘experiences’ Bitcoin is entirely up to them. On one end of the spectrum are those who have no need for true possession – consider speculators that rely on custodial exchanges or wallets. On the other are power users seeking granular control for maximising their privacy and financial self-sovereignty – functions like coin control, UTXO mixing or operating a fully validating node. Evidently, the further towards this end of the spectrum they tend, the more the value proposition of Bitcoin becomes apparent.
The appeal of Bitcoin today is undoubtedly rooted in the ease of its trust-minimised, rapid and global transfer, paired with the change-resistance and (algorithmically enforced) scarcity that precious metals have historically exhibited. Where faith in centrally-issued fiat currencies requires that participants entrust governments with maintaining monetary legitimacy and purchasing power, faith in a cryptocurrency network’s continued healthy function merely requires that participants act in their own self-interest – consensus is driven by active nodes. Indeed, you’ll have a hard time garnering support for an upgrade that would endanger the wealth of others such as inflating the money supply or sacrificing security for convenience. However, no system is infallible, and it’s foolhardy to overlook some potentially dangerous attack vectors executable in various manners. Everything from eclipse attacks – which geographically or otherwise target individual or grouped subsets of nodes so as to obscure and alter their view of the canonical blockchain – to state-sponsored 51% attacks and mass deanonymisation efforts which could vastly undermine the security and credibility of the network.
Fungibility and privacy are linked concepts – an asset’s fungibility preserves the privacy of the individual holding it. Assets such as gold and fiat cash are considered highly fungible, as it’s near impossible to distinguish between units of the same type. Conversely, something like a rare painting would be non-fungible, on account of its uniqueness. Functionally – for the most part – Bitcoin appears to be fungible: the vast majority of merchants will indiscriminately accept payments regardless of the provenance of coins.
Upon closer examination however, the situation is less rosy. As the protocol relies on a public ledger to keep track of the movement of funds, this provides a rich source of information for the intrepid data miner looking to perform analyses and potentially deanonymise users. “Blockchain analytics” companies (and their governmental clientele) have been known to track the propagation of UTXOs through the network that have passed through a given address or that have interacted with ‘blacklisted’ entities.
There’s an entire class of coins which offer varying degrees of privacy within their protocols and address a niche that Bitcoin inherently lacks. In life-and-death situations, linking a BTC transaction or an address to a real world identity can have grave consequences in locations where authorities are hostile. On the other hand, if Bitcoin was as private as Monero or Zcash, then its monetary soundness would be dependent on cryptographic assumptions holding true. An example of such a situation is the recently disclosed vulnerability in Zcash which arose from cryptographic errors which – although complex to exploit – would have allowed an adversary to surreptitiously inflate the supply in the secret “shielded pool”.
Despite the transparent nature of Bitcoin’s ledger, it can be used privately. Whilst the protocol doesn’t incorporate strong guarantees itself at present, this is set to change with the implementation of improvements such as Confidential Transactions, MAST, Taproot and Schnorr signatures. Externally coordinated obfuscation techniques are in use today, most commonly CoinJoin implementations such as JoinMarket and ZeroLink. These allow users to pool and jointly transact multiple inputs so that a degree of plausible deniability is assured, as observers cannot map outputs to specific inputs.
Recent development of more sophisticated CoinJoin transaction types such as Pay-to-Endpoint (also known as PayJoin/Stowaway) and Ricochet, have proven the shortcomings of chain analytics capabilities as they are understood today. One cautionary note is that although we have many separate techniques for improving Bitcoin transaction privacy, interactions between these elements are not necessarily widely understood. As a result, there are non-zero probabilities of critical information leakage or failure of certain processes and users should not assume that all tools have been tested thoroughly in combination. For example sending mixed UTXOs from a CoinJoin wallet into a Lightning node may lead to deanonymisation given that Lightning node IDs are public.
Since the Bitcoin protocol has displayed such admirable resilience and uptime in the past 10 years, authorities at the local, regional, national or global scales can only try to apply pressure to the “soft” interfaces between the network and the wider world such as exchanges, merchants, miners, hardware and software vendors. Inconsistent laws arising from governments’ knee-jerk reactions towards Bitcoin are an ongoing reality.
Ensuring regulators are in possession of independent tools and information sources will minimise misunderstandings leading to arbitrary bans, restrictions, licenses, fines, jail or seizure. Even upstream infrastructure such as ISPs, domain registrars and payment intermediaries are coming under increasing pressure. One aspect of particular concern is the conflation of Bitcoin with tokens, ICOs or other blockchain projects raising funds via regulatory arbitrage. China now apparently requires the registration of cryptocurrency nodes with authorities. Where persons or businesses operating cryptocurrency enterprises are kept under close watch by corrupt officials, they are at risk of extortion or kidnap.
Another front on which there is work to be done is on the fungibility of bitcoin UTXOs themselves. As mentioned above, there is a growing industrial niche providing analytical services to governments and businesses submitting to state compliance procedures. Though they may oversell their capabilities to clients, it is known that exchanges supply information to them. One attempt to deanonymise identifiers on a network such as Bitcoin has involved attempting to use metadata such as browser fingerprinting, language preferences, node and web client IP addresses for location and to link these to particular addresses or UTXOs. Even a small part of the user graph being deanonymised has wider potential implications, due to the public nature of the ledger as discussed above. Know-Your-Customer and Anti-Money Laundering laws (KYC/AML) collectively constitute the greatest privacy risk to individuals using Bitcoin today.
Dusting is also a potential chain analysis technique which takes advantage of poor coin selection in wallets by sending tainted UTXOs to target addresses and tracking their propagation. This vector primarily targets merchants (exchanges and other economic nodes) as individual users can easily circumvent such attacks by marking dust UXTOs as unspendable. The mechanism of transaction itself is also important to recognise in light of the recent OFAC sanction of addresses linked to Iranian nationals. How is any entity going to stop people interacting with sanctioned addresses in a push system?
For the most part, many of the existing issues will become less of an issue over time as the Bitcoin network and the ecosystems built around it mature. The reduction of hashpower aggregation in certain regions such as the West of China makes it increasingly difficult for a malicious (private or state-sanctioned) actor to commandeer dangerous amounts, more skin in the game from cryptocurrency businesses contributing to a state’s GDP and tax coffers makes the budgetary penalty for nations greater should they consider outright bans on cryptocurrencies or adversarial mining and advances in cryptography hardens Bitcoin’s privacy preserving potential.
In the final part of this series the myriad tools, techniques and strategies to transact using Bitcoin in contexts where personal privacy and freedom are under threat will be explored.
Thanks to Yuval Kogman, Alex Gladstein, Richard Myers, Elaine Ou and Adam Gibson for helpful feedback.