Bitcoin Just Isn’t Anonymous Enough

Uploaded on 2016-11-18 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

 

The anonymity of bitcoin gained it myriad adherents among anarchists and drug dealers around the world. Now, though, it's looking like the digital currency isn’t quite anonymous enough.

Consider the sudden popularity of Zcash and Monero, two new cryptocurrencies that offer confidential transactions. When Zcash first became available late October, demand was so strong that its founders temporarily became paper billionaires.

Monero rose to fame after a popular marketplace in the dark web, the portion of the Internet where people sell everything from guns to hacking tools, added it as a payment option.

The newcomers sense opportunity in one of bitcoin's flaws: Analytics companies, fueled by government research grants, have gotten really good at exposing users' identities, which were supposed to be hidden by public keys that reduced them to a mere string of numbers and letters.

This is possible because all transactions are recorded in a permanent public ledger, allowing anyone to see the entire history of each bitcoin and all the activity of each account. A single payment to an online retailer can be enough to reveal a user’s identity, which in turn reveals everything that person has done with that account.

In other words, the same transparency that guarantees the validity of bitcoin transactions also allows people to find out whether a user’s bitcoin previously passed through dirty hands. Such information is both an asset and a liability.

It’s useful for helping service providers make informed decisions about whether they want someone as a customer, but it can come with the responsibility of having to screen those customers to stay on the right side of the law.

The US government, for example, has outsourced some of its crime-fighting job by requiring financial institutions, including digital currency exchanges, to enforce anti-money-laundering regulations. Drug-dealing and tax evasion can be tough to stop at the source, but the perpetrators typically have to move money, so banks and exchanges are in a good position to identify and report illicit activity.

On the surface, privacy-preserving cryptocurrencies seem designed precisely to undermine such controls. Monero mixes multiple transactions together so that a source cannot be directly linked to a destination. Zcash creates shielded transactions where everything is hidden except for a string of data that proves the transaction is valid. Bitcoin also plans to add some of these features in the near future.

As bad as it looks, though, developers aren’t creating anonymous payment systems because they want to help criminals evade the law. They're doing it because that’s the only way a decentralised currency can work. If, say, users have to evaluate the acceptability of each bitcoin based on its transaction history, then one coin can be worth more than another and the currency loses its reason for existence.

The dollar is successful because it's pretty much always worth a dollar, backed by the full faith and credit of the US government. That's true whether it's freshly printed or old and torn, whether it has a pristine history or has passed through the hands of Al Capone. A publicly controlled digital currency doesn’t have that legal tender status and probably never will, so it must find some other way to achieve the same fundability.

Anonymity achieves this by preventing merchants or service providers from seeing any blemishes that might prevent them from honoring a unit of currency. Reducing the opportunity for external judgment is pretty much the goal of privacy protection in general. Ideally, so little information is revealed that everyone, and every valid transaction, is treated equally.

Decentralised currencies arose because people wanted to transact in a digital world without having to ask permission. The extent to which this facilitates criminal activity depends entirely on the prevalence of criminal activity in the real world. Maybe that's a problem that needs to be addressed outside the monetary system.

Bloomberg:               After A $65m Hack, Is Bitcoin Really Safe & Secure?:     

 

« US launches Code.gov Software Code-sharing Website
Cybercrime in Canada »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

GovCERT.CZ

GovCERT.CZ

GovCERT.CZ is the Government Computer Emergency Response Team of the Czech Republic.

National Centre of Incident Readiness & Strategy for Cybersecurity (NISC) - Japan

National Centre of Incident Readiness & Strategy for Cybersecurity (NISC) - Japan

NISC was established as a secretariat of the Cybersecurity Strategy Headquarters in collaboration with the public and private sectors to create a "free, fair and secure cyberspace" in Japan.

K&D Insurance Brokers

K&D Insurance Brokers

K&D provide insurance for all sectors of industry and commerce including cyber risk cover.

IoT Now

IoT Now

IoT Now explores the evolving opportunities and challenges facing CSPs, and we pass on some lessons learned from those who have taken the first steps in next gen IoT services.

Blackwall

Blackwall

Blackwall (formerly BotGuard) is a security infrastructure company focused on protecting web ecosystems from automated threats, while optimizing performance for hosting environments.

CyVolve

CyVolve

Cyvolve is the next great leap forward in data security, ensuring constant encryption and pervasive control over all your data.

SecondWrite

SecondWrite

SecondWrite’s next-generation malware detection engine delivers a combination of automatic deep code inspection and accurate scoring of zero-day malware.

US Fleet Cyber Command (FLTCYBER)

US Fleet Cyber Command (FLTCYBER)

US Fleet Cyber Command is responsible for Navy information network operations, offensive and defensive cyberspace operations, space operations and signals intelligence.

VISTA InfoSec

VISTA InfoSec

VISTA InfoSec is a global Information Security Consulting firm with offices based in US, UK, Singapore and India.

FourthRev

FourthRev

FourthRev is an education-technology start-up with a mission to solve the skills crisis of the Fourth Industrial Revolution.

SeeMetrics

SeeMetrics

SeeMetrics is an automated cybersecurity performance management platform that integrates security data and business objectives into a simple interface.

SecureWeb3

SecureWeb3

SecureWeb3 helps businesses and brands to secure their Web3 presence by offering a full suite of security services including training, consultancy & brand protection solutions.

Panoplia Digital Protection

Panoplia Digital Protection

Panoplia Digital Protection is a cutting-edge cybersecurity company that leverages the power of AI and ML to help businesses and consumers protect themselves against cyber threats.

Amnet Technology Solutions (Amnet Systems)

Amnet Technology Solutions (Amnet Systems)

Amnet Systems is a technology services organization that provides Managed IT, Cloud Computing, Cyber Security, Data Center and Audio Visual services since 1995.

Sublime Security

Sublime Security

Sublime is an adaptive email security platform that combines best-in-class effectiveness with unprecedented visibility and control.

Dark Entry

Dark Entry

Dark Entry provide solutions to safeguard businesses, leveraging advanced technologies and intelligence-driven approaches to detect and mitigate risks associated with compromised data.