In this three-part series, adapted from Resistance Money, BPI Fellows Andrew Bailey, Bradley Rettler, and Craig Warmke explain what privacy is, why financial privacy matters, and the challenges bitcoin faces in providing users with financial privacy.
You might now expect an ode to Bitcoin’s privacy features. But sadly, bitcoin does not automatically provide users with significant financial privacy. The ledger is public, and all amounts, destinations, and sources are available for inspection by all. While the ledger itself does not connect its pseudonymous addresses with real-world identities such as legal names, phone numbers, birth dates, and so on, states and corporations with enough resources regularly draw these connections. They can do so because regulated exchanges require customers to provide identifying information.
To get more precise about Bitcoin’s potential for financial privacy, let’s consider how cash and Bitcoin fare along four dimensions of privacy.
Can you acquire money without revealing important personal information? Cash makes this easy – sell goods or services for cash or use a debit card to get cashback at the local grocery store. In these cases, being physically present might reveal what you look like or even who you are. But a given cash transaction has few eyes on it. And unless you’re the focus of a sting operation, the cash itself doesn’t carry your personal information. $20 bills aren’t like checks; we don’t need our names on them. Nor does a database require a recipient’s personal information before the transaction occurs. Such a database would also be infeasible to implement; it would require compliance from too many entities who have no incentive to comply. Bitcoin fares less well on privacy in acquisition. The vehicle for spending bitcoin is the Unspent Transaction Output (UTXO). Each UTXO is like a single-use digital check that represents some quantity of Bitcoin. Spending a UTXO funds a new transaction whose outputs are fresh UTXOs. All these UTXOs appear in a public, globally accessible ledger.
Bitcoin’s public ledger limits its privacy assurances, especially given how most people acquire bitcoin. For many years now, most have acquired bitcoin from an online exchange. Exchanges allow users to trade their digital currencies – fiat or crypto – for bitcoin. But popular exchanges require users to cough up their personal information: your full name, a government-issued ID, bank information, address, and maybe even a personal photograph. So when you withdraw your bitcoin, the exchange can tie your unique UTXO to the personal information they’ve collected.
Some Bitcoin users tie personally identifying information to a Bitcoin address in full public view.
You might solicit donations for a protest under your legal name by posting a Bitcoin address to a website. Or you might sell your wares online for bitcoin, with a public Bitcoin address for payment. Any bitcoin you receive is then linkable to your legal identity.
Yet unlike cash, Bitcoin doesn’t require anyone’s physical presence to complete a payment. So you can send or receive bitcoin without showing a face. No masks required.
Can you receive money without later revealing where it goes?
Suppose you’d like to track the path of a dollar bill. You might install a nano-tracker, give it to a friend, and then sip a glass of wine as you watch its coordinates dance around on your phone. When the dot on the map goes inside the local Taco Bell and then stays, you guess with high probability that your friend fulfilled his desire to Live Más. This would be a failure of forward privacy. Forward privacy preserves personal information through later transactions. The less you enjoy forward privacy, the more easily someone can track your future transactions from one earlier on.
Cash lacks nano-trackers, thank goodness, and has excellent assurances for forward privacy. Seeing someone acquire cash provides little clue about how they later spend it, as long as the observer lacks a network of operatives who track serial numbers. Even if someone gives you cash and follows you around, physics can help. Closed doors, for instance, make it hard to spy on a cash transaction.
Bitcoin has much poorer forward privacy. Your nosy neighbor might love to know how you spend your money. So he hatches a plan for you to mow his lawn for bitcoin. Once he gets your Bitcoin address for the payment, he can track future transactions from that address. He can also google every address where you send bitcoin. It would sure be nice to throw him off your tracks. Although you could possibly throw him off your tracks, most users would have little clue how to do it. Forward privacy is tough.
Can you spend money without revealing important personal information? When you spend cash, the recipient will know what you look like and perhaps even who you are, unless you’ve taken more extreme measures like using a drop-off point, wearing a mask, or employing an intermediary. Cash is peer-to-peer, after all. But as long as the spy agencies don’t have you on a list, spending a $20 bill needn’t expose your personal information; you can even use gloves to avoid fingerprints.
You don’t have to be anywhere to spend bitcoin. You can pay anyone anywhere as long as you have internet access. So you needn’t leak anything about your looks or behavioral quirks. No masks are necessary. No gloves are necessary either. Since bitcoin is intangible, you needn’t worry about fingerprints.
However, spending bitcoin brings other risks. Suppose you have a basket of UTXOs, each unrelated to each other and to your identity. To buy a watch, say, your wallet combines some smaller quantity UTXOs into a single transaction, much like we might combine bills and coins to buy a coffee. Doing so connects previously unrelated UTXOs. Congratulations: now any observer has good reason to believe that a single entity controlled the smaller UTXOs. Every time a bitcoin user combines UTXOs, she telegraphs that the same entity likely controls them, even if the world doesn’t yet know who that entity is. This might seem insignificant. But if bitcoin also lacks backward privacy, then sleuths might piece together the transaction histories of different UTXOS and discover data you’d like to remain hidden.
Can you spend an amount of money without revealing where it’s been? Spending cash typically reveals very little about how you acquired it. Suppose you received a $100 bill from stripping on Friday night and a $10 bill from your mother on Saturday morning, then placed both bills in the church offering on Sunday. Ordinarily, the bills themselves wouldn’t reveal to the church treasurer that they came from the same person, much less that they came from a single person connected to both Mrs. Smith, respected church lady, and the Polekatz off Highway 20 near Depot Hot Dogs. That’s a good thing if you’d like to keep your lifestyle hidden from the church treasurer.
You can fairly easily leak your past transaction history with bitcoin.
Spend bitcoin to an address, and anyone can tell exactly where the bitcoin came from. This makes your own transaction history vulnerable to blockchain sleuths. As we’ll explain, the sleuths can then decipher, with some probability, the sources of your UTXOs, the sources of those sources, and so on.
It gets worse. Unlike glitter, security footage, DNA, a fingerprint, or the scent of cologne, the Bitcoin ledger doesn’t fade with time. So even if you meticulously acquired and disposed of bitcoin, a single mistake years later could expose your financial history to the world. Maintaining backward privacy using bitcoin requires consistent future vigilance – and not just by you, but also by those with whom you transact.
Cash enables a remarkable degree of financial privacy with very low effort. Although each bill has a unique and traceable serial number, there’s no infrastructure in place to track each bill through the economy or against the identities of the people who use it. (Yet.) Cash also provides enhanced privacy because many people use it. Your banknotes and coins will, quickly enough, get lost in the crowd. With normal use, cash enables you to achieve some level of privacy along all four of the dimensions discussed earlier. Cash is the legacy financial world’s main privacy tool. It is low-tech, easy to understand, and easy to use.
Cash has limits and drawbacks, though. By virtue of being physical, cash is ill-suited for transactions with larger amounts and over longer distances. Long distance transactions require travel time and, unless you carry the cash yourself, intermediaries. Bigger amounts are bulky, heavy. Not everyone wants to receive cash, especially for high-value transactions. It’s too risky. Bearer assets like cash need to be stored somewhere, and they’re much easier to steal. Receiving a big wad of cash can feel like holding a hot potato. Supernotes such as $1,000 bills would help alleviate the burden. But larger bills were discontinued decades ago for fear that they facilitate money laundering.
In small amounts, cash can feel like a burden, too, especially if you don’t want to worry about exact change or about jiggling all the way to the restroom at work. Cash also draws no interest rate – a distressing deficiency in an inflationary environment. Put cash in a safe if you like. But its value will slowly melt over time. A dollar’s purchasing power in 2023 is 1/7th of what it was in 1971. Billions globally have currencies whose value drops even more steeply.
Cash’s physicality means that CCTV monitors can track your movements in the convenience store. Interested observers could match scanned images of your spent bills with your image in the video feed. Serial numbers, while not tracked exhaustively, are tracked more often than we might guess – in automated checkout devices, for example. Overall, cash provides significant but incomplete control over what financial information leaks to counterparties or observers. So while cash is a popular and effective tool for financial privacy, it is imperfect in both its privacy guarantees and its usefulness.
Cash shines brightest in small-to-medium amounts. For anyone hoping to achieve modest financial privacy for modest and in-person transactions, cash is king. In addition to being easy to use and understand, cash is also forgiving. It has no permanent public ledger for all transactions. A single slip doesn’t blow your cover forever.
Bitcoin, for now, is none of these things. Despite its cypherpunk roots, Bitcoin could become a tool for mass financial surveillance, in the same league as credit cards and digital dollars. This is a problem and not merely in theory.
In 2016, someone stole almost 120,000 bitcoin from Bitfinex, a Bitcoin exchange. Five years later, the Department of Justice charged Ilya Lichtenstein and his wife, Heather Morgan – also known as the absurdist rapper, Razzlekahn, the self-described “crocodile of Wall Street,” with the crime. The DOJ confiscated the stolen bitcoin. The story of how they connected the stolen bitcoin with the rapping crocodile and her husband is an object lesson not only to would-be criminals, but also to anyone who values financial privacy. Because Bitcoin’s ledger is transparent, public, and permanent, someone who doesn’t track you today might track you several years from now, whether you’re a criminal wrongdoer or a saintly whistleblower.
We end this three part series, then, on an uneasy note. Privacy, especially financial privacy, is vital yet increasingly under fire. Digital cash would, in theory, provide all the financial privacy of its physical counterpart, with all the convenience of digital money. Bitcoin’s open ledger creates significant challenges in achieving that dream. We do not claim that bitcoin can never be used privately — and indeed, in Chapter 6 of Resistance Money, we explain how privacy tools on bitcoin can be used to some effect. But the challenges remain, and bitcoin users, developers, and advocates would do well to attend to them carefully.
Policymakers would also do well to ensure that they do not impede the development and use of such privacy tools. Financial repression is a reality under which millions suffer, and privacy tools enable bitcoin to be a tool of resistance. Jailing the developers who create those tools — as has happened in recent memory — is bad for freedom, bad for Bitcoin, and bad for the world. Luckily, the Bitcoin Policy Institute is on the job, and the Peer-to-Peer Rights Fund is actively pursuing legal defense of self-custody and financial privacy on bitcoin.
