Top Seven Ways Your Identity Can Be Linked to Your Bitcoin Address
The key to keeping your Bitcoin transactions from being traced back to you is preventing others from knowing which addresses are yours. If you’re attempting to remain anonymous (or more precisely, pseudonymous) with Bitcoin, read on for the most common ways people’s true identities are forever associated with their Bitcoin addresses. And attempt to avoid them.
It might also be worth checking out Using Bitcoin Anonymously for other best practices and pro tips.
1. Publishing Your Name and Bitcoin Address Online
Who Knows Your Address: anyone on the internet
This is a no-brainer and it’s the most common way ownership of a Bitcoin address is exposed. Lots of folks on the internet publicly display a Bitcoin address with their name affixed to it in hopes that others will send them bitcoins. A few examples:
Writing a individual blog with your real name on it and posting a Bitcoin address for donations.
Using your real identity on a forum and putting your Bitcoin address in the post signature.
Launching a website with your Bitcoin address anywhere on it and registering the website’s domain name with your real name.
Unluckily, once published, this skill becomes available to anyone with an internet connection. Specific Bitcoin addresses are effortless to lookup with a search engine. And thanks to things like Google Cache and The Way Back Machine, it will very likely be like that forever.
Two. Trading Bitcoins for National Currency on an Exchange
Who Knows Your Address: the exchange
Almost every exchange that treats national (fiat) currency is subject to money laundering regulations, making it necessary for customers to prove their identities by providing scans of their government IDs, bank statements, and utility bills. Unless you can fake these types of documents, the exchange will know exactly who you are and will retain these records indefinitely. You’ll be associated with all incoming and outgoing Bitcoin transactions on your exchange account, which can indicate your ownership of any addresses related to those transactions.
Trio. Buying Stuff With Bitcoin
Who Knows Your Address: the merchant and/or payment processor
Exposing who you are when you make purchase with Bitcoin can’t lightly be avoided. The recipient of your Bitcoin payment can identify your sending address, plus any switch address that your client sends extra bitcoins to. Unless you’re purchasing downloadable digital goods, you’ll usually need to provide a name and shipping address.
If the merchant uses a payment processor like Coinbase or Bitpay, your sending address may not be exposed to the merchant, but the payment processor will certainly keep a log of the transaction’s details and your private details.
Four. Using a Lean Client or Hosted Wallet
Who Knows Your Address: server administrators
Skinny clients don’t have a local copy of the block chain, so they query a single SPV server that does. These queries expose all the Bitcoin addresses that belong to your lean client, plus your IP address, to whomever operates the SPV server. While lean clients have the capability to mask which addresses are yours using bloom filters, most skinny clients do not reasonably utilize them.
Hosted wallets have very first arm skill of your Bitcoin addresses because your wallet resides on their servers. Any extra information you provide to them (such as phone number, location, or email address) can also suggest clues to your true identity.
Both of these types of wallets leak both your IP address and your addresses to third parties. Your IP address may not instantly expose your true identity, but it can be used to help detect it.
Five. Using Bitcoin Without a VPN/Tor
Who Knows Your Address: your internet service provider (ISP)
Bitcoin does not have any built-in encryption when it comes to broadcasting transactions across it’s P2P network. When your client relays transactions over the network, they pass through your ISP’s gateway servers in plain text. Your ISP can intercept and analyze this traffic, and then determine which of these transactions belong to your IP address (versus those transactions which you are only relaying). The transactions that belong to you will very first emerge on the network via your IP address, differentiating them from transactions that have already been propagated by other knots. And then your IP address can be used by your ISP to lookup your private identity — they have it on file from when you subscribed to their service.
Using Bitcoin with an encrypted VPN or Tor can effectively mask your real IP address, helping to disassociate your Bitcoin traffic from you.
6. Using Blockchain.info and Pissing Off Roger Ver
Who Knows Your Address: anyone on the internet
Roger Ver, a “Bitcoin Angel Investor & Evangelist”, once released the name and address of a BitcoinStore.com customer on a public forum, and then used his administrative privileges on Blockchain.info to lookup this person’s IP address, phone number, and other individual information using the customer’s Bitcoin address — all of which ended up being posted on the forum as well. Why? Because the BitcoinStore accidentally refunded an extra $50 worth of bitcoins to the customer, and the customer didn’t come back the extra coins. Roger wields BitcoinStore.com. Presumably, he felt posting the customer’s details would help identify the customer to other merchants… or maybe it was to just lodge a score.
The take-away here is that people with access to both your private info and Bitcoin address can choose to publish them any time they please.
7. Getting a Visible Tattoo of Your Bitcoin Address
Who Knows Your Address: anyone who takes your picture or cuts off your arm
In early 2014, a man from Washington state had his public address tattooed onto his forearm in the form of a QR code. It’s not clear if he was ever able to get the QR code to scan (I couldn’t). But if it works, he’ll have a convenient way of getting paid in person with bitcoins. And it will be just as convenient for anyone who sees him in a brief sleeve T-shirt to know exactly how much he has at that Bitcoin address.
So… Who Else Might Know?
Even if the link inbetween you and a Bitcoin address was only logged by a single merchant, server admin, or exchange possessor, it might not always stay that way. Server records can be hacked and leaked onto the internet. Law enforcement officials can use subpoenas, court orders, and NSL’s to secretly force those services to arm over their records. Or some adversary could use good old fashioned blackmail to get their arms on some sweet server logs.
Additionally, it’s now known that powerful government agencies (*cough* hi there NSA *cough*) are intercepting and cross-referencing mass amounts of internet traffic. So unless you’ve been encrypting your internet traffic with Tor or a VPN connection, they most likely already know you use Bitcoin, how many coins you have, and that you like to spend them on alpaca socks. Weirdo.
Do you know other ways that Bitcoin usage can be traced to someone’s identity? Contact me. We’ll see if we can throw them up on this here list.