Bitcoin Just Isn’t Anonymous Enough

Uploaded on 2016-11-18 in NEWS-News Analysis, FREE TO VIEW, BUSINESS-Services-Financial

 

The anonymity of bitcoin gained it myriad adherents among anarchists and drug dealers around the world. Now, though, it's looking like the digital currency isn’t quite anonymous enough.

Consider the sudden popularity of Zcash and Monero, two new cryptocurrencies that offer confidential transactions. When Zcash first became available late October, demand was so strong that its founders temporarily became paper billionaires.

Monero rose to fame after a popular marketplace in the dark web, the portion of the Internet where people sell everything from guns to hacking tools, added it as a payment option.

The newcomers sense opportunity in one of bitcoin's flaws: Analytics companies, fueled by government research grants, have gotten really good at exposing users' identities, which were supposed to be hidden by public keys that reduced them to a mere string of numbers and letters.

This is possible because all transactions are recorded in a permanent public ledger, allowing anyone to see the entire history of each bitcoin and all the activity of each account. A single payment to an online retailer can be enough to reveal a user’s identity, which in turn reveals everything that person has done with that account.

In other words, the same transparency that guarantees the validity of bitcoin transactions also allows people to find out whether a user’s bitcoin previously passed through dirty hands. Such information is both an asset and a liability.

It’s useful for helping service providers make informed decisions about whether they want someone as a customer, but it can come with the responsibility of having to screen those customers to stay on the right side of the law.

The US government, for example, has outsourced some of its crime-fighting job by requiring financial institutions, including digital currency exchanges, to enforce anti-money-laundering regulations. Drug-dealing and tax evasion can be tough to stop at the source, but the perpetrators typically have to move money, so banks and exchanges are in a good position to identify and report illicit activity.

On the surface, privacy-preserving cryptocurrencies seem designed precisely to undermine such controls. Monero mixes multiple transactions together so that a source cannot be directly linked to a destination. Zcash creates shielded transactions where everything is hidden except for a string of data that proves the transaction is valid. Bitcoin also plans to add some of these features in the near future.

As bad as it looks, though, developers aren’t creating anonymous payment systems because they want to help criminals evade the law. They're doing it because that’s the only way a decentralised currency can work. If, say, users have to evaluate the acceptability of each bitcoin based on its transaction history, then one coin can be worth more than another and the currency loses its reason for existence.

The dollar is successful because it's pretty much always worth a dollar, backed by the full faith and credit of the US government. That's true whether it's freshly printed or old and torn, whether it has a pristine history or has passed through the hands of Al Capone. A publicly controlled digital currency doesn’t have that legal tender status and probably never will, so it must find some other way to achieve the same fundability.

Anonymity achieves this by preventing merchants or service providers from seeing any blemishes that might prevent them from honoring a unit of currency. Reducing the opportunity for external judgment is pretty much the goal of privacy protection in general. Ideally, so little information is revealed that everyone, and every valid transaction, is treated equally.

Decentralised currencies arose because people wanted to transact in a digital world without having to ask permission. The extent to which this facilitates criminal activity depends entirely on the prevalence of criminal activity in the real world. Maybe that's a problem that needs to be addressed outside the monetary system.

Bloomberg:               After A $65m Hack, Is Bitcoin Really Safe & Secure?:     

 

« US launches Code.gov Software Code-sharing Website
Cybercrime in Canada »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Radware

Radware

Radware is a global leader of application delivery and cyber security solutions for virtual, cloud and software defined data centers.

Israel National Cyber Directorate (INCD)

Israel National Cyber Directorate (INCD)

The Israel National Cyber Directorate is the national security and technological agency responsible for defending Israel’s national cyberspace and for establishing and advancing Israel’s cyber power.

Global Station for Big Data & Cybersecurity (GSB)

Global Station for Big Data & Cybersecurity (GSB)

GSB is an interdisciplinary research hub to cover big data, information networks, and cybersecurity.

Be Cyber Aware At Sea

Be Cyber Aware At Sea

Be Cyber Aware At Sea is a global maritime and offshore industry initiative to raise awareness and educate crew members and the offshore workforce.

Center for Identity - University of Texas at Austin

Center for Identity - University of Texas at Austin

The mission of the Center is to deliver the highest-quality discoveries, applications, education, and outreach for excellence in identity management, privacy, and security.

Intelligent Business Solutions Cyprus (IBSCY)

Intelligent Business Solutions Cyprus (IBSCY)

IBSCY Ltd is a leading provider of total IT solutions and services in Cyprus specializing in the areas of cloud services and applications, systems integration, IT infrastructure and security.

XLAB

XLAB

XLAB is an R&D company with a strong research background in the fields of distributed systems, cloud computing, security and dependability of systems.

Level Effect

Level Effect

Level Effect is developing new capabilities to bring a unique perspective on proactive network defense and advanced security analytics.

MyCyberSecurity Clinic (MyCSC)

MyCyberSecurity Clinic (MyCSC)

MyCyberSecurity Clinic's main goal is toward establishing an international reference centre for excellence in the field of digital forensics and data recovery services.

Google for Startups

Google for Startups

Google for Startups is Google’s initiative to help startups thrive across every corner of the world.

Exire Technologies

Exire Technologies

Exire Technologies is comprised of a team of professionals who are specialised in cybersecurity and a value added reseller and integrator of ICT security systems.

Orbus Software

Orbus Software

Orbus develops, markets and sells enterprise software which helps large, blue chip and government organisations across the globe to achieve digital transformation outcomes.

Island

Island

Island puts the enterprise in complete control of the browser, delivering a level of governance, visibility, and productivity that simply weren’t possible before.

Federal Bureau of Investigation (FBI)

Federal Bureau of Investigation (FBI)

The mission of the FBI is to protect and defend against intelligence threats, uphold and enforce criminal laws, and provide criminal justice services.

Oligo Security

Oligo Security

Oligo aims to streamline the usage of open source by making it secure and easy to protect. Through focusing developers on the relevant vulnerabilities we make the fixing process significantly shorter.

X-Analytics

X-Analytics

X-Analytics is a cyber risk analytics application to create a better way for organizations to understand and manage cyber risk.