Blockchain is Forever

Avoiding Crypto Pitfalls Series

Published in

MetaMesh

5 min readNov 5, 2019

Over 150 national constitutions mention the right to privacy, and the right to privacy is explicitly stated in the Universal Declaration of Human Rights. Many of us, including myself, believe we should have the right to privacy in our homes, and regarding our private affairs, our health and well-being, and our finances and what we spend our money on.

There is a growing battle between privacy and the surveillance economy. Our ability to maintain privacy when conducting financial transactions is becoming harder as governments enact policies to limit terrorism financing, money laundering, and tax evasion. If you’d like to dive more into why privacy is important, I recommend you read a recent Coin Center Report that builds an excellent case for why Private Peer-to-Peer Payments are Essential to an Open Society. Along the same vein, China’s full-steam push into blockchain is raising considerable concerns that it could increase the government’s surveillance powers over its economy — you can read more here.

Privacy and crypto

In the context of crypto, there are important reasons why you should maintain a privacy mindset. Being vigilant about your privacy will allow you to:

keep your financial information, transactions, or wealth private;
limit the ability of hackers, fraudsters or kidnappers to target you;
keep your business dealings private from competitors (e.g., payments to vendors or transaction volumes); and,
minimize your risk of financial censorship.

Maintaining privacy in the context of crypto can be challenging because blockchain is forever — all your transactions are public and permanent. The general public often operates under the misconception that crypto is anonymous. It’s not; it’s pseudonymous. If you send or receive Bitcoin, you transact using a pseudonym — your Bitcoin address.

Many people do not realize that their identity could be revealed. For example, if you buy something with Bitcoin and ship it to your home or if you trade on an exchange requiring Know Your Customer information, these companies may retain user records that can be used to link your identity to your Bitcoin wallet. If you are ever de-anonymized (through a hack, a blockchain forensics company, or by someone targeting you, etc.), your entire transaction history is forever available on the publicly available ledger — all your purchases, wallet balances, and people you transact with.

For these reasons, privacy has been recognized as critical issue for Canadian crypto holders. In fact, user privacy protection was raised as one was one of the top issues affecting victims of the $200+ million QuadrigaCX exchange failure (after asset recovery). Multiple law firms seeking to represent over 100,000 affected users in the Quadriga Supreme Court proceedings argued for protecting the privacy of affected users (due to some of the reasons listed above).

Don’t boast — be privacy savvy

Don’t make yourself a target — don’t advertise your wealth or flaunt that you own Bitcoin for hackers or thieves. Many people have been hacked or kidnapped because bad actors exploited open source information to identify individuals with access to crypto wealth.

Similarly, fraudsters have targeted individuals known in the crypto space to steal crypto using a SIM swap attack and these attacks are on the rise. A SIM swap is when a scammer ports your telephone number to SIM card and account under their control. This will not only disrupt your life by locking you out of the social media or financial services accounts linked to your phone number, but you could have your funds drained if fraudsters gain access to your phone, email and financial services accounts!

Don’t be the next victim — endeavor to minimize the amount of publicly information available on the internet, such as your phone number or home address, and limit talking about your crypto wealth in public. I’ll cover more tips on avoiding scams and SIM hacks and how to protect your crypto-assets in future articles — you can also watch the webinar linked at the bottom.

Privacy centered wallets and services

There are a number of wallets and services available that can help you maintain privacy:

Privacy techniques like CoinJoin*. CoinJoin is a coin scrambler that allows users to combine a series of Bitcoin payments with the payments of other users, making it appear as though a single transaction occurred with multiple inputs and outputs. In this way, CoinJoin can obfuscate the data trail that could be used to determine your identity.
Privacy centric wallets — for example, Wasabi* provides trustless (i.e., no counter-party risk) coin shuffling through CoinJoin.
Payment processors that keep privacy in mind — for example, Bull Bitcoin in Canada recently integrated CoinJoin into their standard business practices.

*Note: Blockchain tracing companies may flag your Coinjoin or Wasabi wallet transaction as suspicious or risky. Some exchanges and Over the Counter dealers use blockchain tracing services as tool to better complying with anti-money laundering or anti-terrorism financing regulations; they may refuse to accept your crypto if their risk threshold is exceeded.

Privacy when conducting transactions

Generally, you need to be aware that sharing your address, transaction ID or transaction information provides others with data points and information about yourself. Remember, data is valuable — some block explorers sell your data to blockchain tracing companies — and the once the genie is out of the bottle, you cannot put it back (nor can you regain your privacy if you’re de-anonymized).

Here are several ways you can preserve your privacy when conducting transactions:

Address reuse —Forget everything you ever learned about recycling and reuse! When you reuse an address, others can more easily determine who owns it based on your transaction history or follow the blockchain breadcrumb trail to identify your crypto balance or even your spending habits. Aim to limit the re-use of Bitcoin addresses — make it a personal best practice to use a new address for every person that pays you and ask exchanges to generate new addresses. (P.S., if you use CoinJoin, do not send clean coins back to a used address — this defeats its purpose… here’s a technical example of this done badly.)
How big is your balance!? You may also want to consider splitting larger amounts into smaller ones in a parallel transaction and keep smaller balances in your wallet to bring less attention to yourself.
The power of lightning! Consider using Bitcoin’s 2nd layer for payments so that your transactions are not broadcast on the public blockchain.
Use TOR & run your own node to limit the ability of a full node that is spying on you and linking your transaction to your IP address.
Use privacy coins like Monero which are designed for privacy and use different methods to obfuscate transactions, receivers or senders.

Blockchain is forever — but don’t worry, in addition to the above, there’s a number of additional privacy enhancing tech being explored like Schnorr Signatures, Dandelion and Liquid and Confidential Transactions. You can read more about these upcoming solutions here.

Webinar: Avoiding Crypto Pitfalls

This information was based on a Webinar delivered by Pam Draper, CEO of Bitvo Cryptocurrency exchange and myself. You can re-watch our full webinar, covering exchange failures and other types of crypto pitfalls to avoid, here: https://metamesh.com/webinars

Additional resources

If you’re interested in protecting your privacy more broadly, beyond crypto, check out Jameson Lopp’s in-depth blog on how to reclaim your privacy in the surveillance age and links to additional resources here.

That One Privacy Site is also a great resource, with useful tips and thorough VPN and email provider comparisons.