Bitcoin is needed in the modern age of digital transactions as an alternative to the heavily surveilled centralized banking system. In a cashless society where all transactions are monitored and there is no option for anonymity, a true free market with individual liberty cannot thrive. Bitcoin can enable anonymous digital transactions, but it is good to understand where anonymity on Bitcoin can degrade. By understanding how anonymity can be eroded on bitcoin, one can then understand how anonymity can also be preserved.

There are different pillars that make up security; consisting of confidentiality, integrity and availability. This is known as the Security Triangle.  The focus of this article is on confidentiality, specifically anonymity.

How Bitcoin Anonymity Degrades

Historical and future activity of transactions and KYC

Every past and future transaction on the bitcoin base layer, the blockchain, is permanently recorded and viewable by anyone anywhere at any time. This can be problematic when bitcoin is obtained in a way that is linked to your identity. Such as when bitcoin is obtained from a KYC ("know your customer") source which requires logs, and presumably, shares your information. As a result, that bitcoin no longer has real anonymity when used in future transactions. Even if bitcoin was obtained anonymously without disclosing any identity, that anonymity can be undone in a future transaction if you expose your information to the recipient. One example of this would be if you order something online, pay in bitcoin and then give the recipient your name and address for shipping purposes. Another way your information could be leaked is if who you are sending bitcoin to is using a KYC payment processing service for receiving bitcoin in lieu of taking bitcoin directly.

Another way in which anonymity on bitcoin can be impacted is if you combine anonymous coins with non-anonymous coins in the same transaction. Anonymity of bitcoin can be degraded if your identity gets tied to it in past or future transactions. In either case, you have to trust that the source of your bitcoin and the recipient of your bitcoin do not share or leak your information whether intentionally (voluntarily, or through coercion) or unintentionally.

Network level threats to anonymity

You could do everything right with maintaining both backwards and forwards anonymity, yet fail to protect your information at the network level. Everything you do online, every website you visit, every data packet that enters the internet is scooped up by state surveillance agencies, logged and analyzed. If you send a bitcoin transaction or even look up a transaction or bitcoin address on a block explorer, that activity is bound to your IP address by either the state adversaries logging your internet traffic (if you are not using https encryption) or by the block explorer itself. Or when your computer broadcasts a transaction to the rest of the bitcoin network, these are usually unencrypted and the origin of that transaction can be seen by adversaries monitoring the internet. Your IP address is exposed and your data can get exposed the moment it hits the internet. IP addresses are associated with your identity if you are using a network connection associated with you. Even if such network connection is not registered to your identity, it can potentially be correlated to you from your other activities.

Address leakage

Another way that bitcoin anonymity can be harmed is if your addresses or extended public key of your wallet gets leaked. This would leak all your addresses together, undoing coin control and coinjoins. If the extended public key of your wallet gets leaked, all your bitcoin addresses, from both the past and future can be derived from it.

Compromised software

If you are using backdoored wallet software, it could spy on and leak your confidential financial activities and other information.

Blockchain heuristics

There are various blockchain heuristics which can also degrade the anonymity of bitcoin transactions. Blockchain heuristics is a large topic in its own right. What follows are just touching on some heuristics used in chain analysis.

Common Input Ownership Heuristic:

By default, it is commonly assumed that all inputs of a transaction belong to the same owner.

Change Address Heuristics:

There are ways to detect which output was the change address, thus deducing which of the outputs was the payment and which output is still under the sender’s control. One such way is if the payment is using a rounded number as payment. Or if it is known that the payment is the smaller amount.

Or if the recipient is known or identified in its on-chain behavior as being a business, then this is another way that the change output and the recipient output of a transaction can be identified.

Address Type Heuristics:

There are different types of bitcoin addresses. The different address types as of this time are bech32 addresses, P2SH (Pay to Script Hash) addresses, P2PKH (Pay to Public Key Hash) addresses, and now taproot addresses. Bech32 addresses begin with "bc1", P2SH addresses begin with "3", and P2PKH addresses begin with "1". Different wallets and services may use different types of addresses, this is another way that the recipient and change output can be identified. If a wallet that uses bech32 sends a payment to something using a P2PKH or P2SH address, this becomes very obvious.

Custodial Wallets

Custodial bitcoin services, including custodial wallets, are also detrimental to privacy. The custodian has all the information of your bitcoin activities and addresses under your control.

In summary, there are many ways that your bitcoin anonymity can be undone or degraded. Even if you get one or most things right, you can fail to maintain your anonymity by getting one thing wrong. But hope is not lost, there are ways that these pitfalls can be avoided. Well designed software has safeguards in place to help protect users. Much like how a properly designed web browser should use TLS encryption by default on an otherwise cleartext internet, a properly designed bitcoin wallet should also have security and privacy functionalities as the default.

How Bitcoin Anonymity Can Be Preserved

Wasabi Wallet is one of the well-designed software that promotes user privacy and safeguards users from many of these ways that anonymity can be undone. Aside from this, these aforementioned pitfalls of anonymity can be mitigated in many ways.

Historical and Future Activity of Transactions and KYC

A great way to retain anonymity is to acquire non-KYC bitcoin anonymously and to lower your risk of information leaks by doing business with entities that take bitcoin directly instead of indirectly such as through a 3rd party payment processing service. If you have bitcoin that is linked to your identity or if you want extra privacy, you can coinjoin your bitcoin to break the link of the bitcoin's past transactions from its future transactions. On the issue of combining anonymous with non-anonymous coins, this can be handled with proper compartmentalization. By labeling your bitcoins based on their associated activities, you can prevent mixing coins together that you would not want to be associated with each other. Wasabi Wallet supports both coinjoins and coin control.

Network Level Threats to Anonymity

To protect your anonymity at the network level, you can use tools such as Tor or I2P. Both of these are networks of computers that enable you to build encrypted layered tunnels across multiple hops to conceal your activities at the network level while also concealing your IP address from the destination server or computer you are communicating with. Tor gives you the benefit of locational and network level anonymity. Wasabi Wallet has Tor bundled in, and makes use of this for receiving block data and transactions from the bitcoin network, and also for broadcasting transactions. The Tor process included with Wasabi Wallet also has support for Tor hidden services as an option for connecting to your own node with end to end encryption. Many bitcoin nodes use Tor hidden services, along with some which are now also using I2P hidden services. For websites and check-out services, you’d want to use something like the Tor Browser.

Address Leakage

You should use a bitcoin wallet that does not leak your extended public key or addresses to others. Wasabi Wallet is one such wallet that does not leak this information. Wasabi Wallet allows you to run a local bitcoin node using built-in functionality, or to connect to your own remote node you may already have. Even if you do not use your own local or remote node, Wasabi Wallet uses what is known as BIP-158 Block Filters to download transaction data without divulging your addresses to anyone.

Compromised Software

To protect yourself from using malicious software which may be spying on you, you should use open-source software. Open-source software means the source code is transparent and can be vetted by anyone to verify that the software is not doing anything malicious. Open-source software is essential for privacy. Wasabi Wallet software is open source with the added benefit of being deterministically built. When software is deterministically built, also known as reproducible, you can confirm that the software was built unmodified (nothing added or removed) from the open-source code it claims to be from, without needing to compile it yourself. Deterministic builds offer both the convenience of pre-compiled software along with the trust of open source.

Blockchain Heuristics

Defeating Common Input Ownership & Change Address Heuristics:

Wasabi Wallet supports not only coinjoins, but also has support for payjoin transactions. A payjoin transaction is like a collaborative coinjoin between a sender and receiver in which both contribute inputs into a transaction. A payjoin transaction can obfuscate the direction of the payment, amount paid, and also confuse and discredit the assumption of the Common Input Ownership heuristic. Payjoin transactions require support by both the sender and recipient in a bitcoin transaction to make use of this functionality.

Address Type Heuristics:

Wallets should strive to use the same address types. Right now bech32 is the standard, which is what Wasabi Wallet uses. Once taproot addresses become widespread in use, bitcoin will have further anonymity as most bitcoin transactions making use of taproot will appear similar to each other.

Custodial Wallets

Self custody of bitcoin is essential for not just security but also privacy as well. Wasabi Wallet is a self custody wallet and has support for many hardware wallets, further promoting secure self custody.

Lightning Network Transactions

Bitcoin has a new functionality called the lightning network, which enables bitcoin transactions to take place off of the blockchain, yet enforced by the blockchain at the same time. Because lightning transactions do not touch the blockchain and use what is known as onion routing (similar to Tor), payments sent over the lightning network have a high degree of anonymity for senders.