Bitcoin Just Isn’t Anonymous Enough

Uploaded on 2016-11-18 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

 

The anonymity of bitcoin gained it myriad adherents among anarchists and drug dealers around the world. Now, though, it's looking like the digital currency isn’t quite anonymous enough.

Consider the sudden popularity of Zcash and Monero, two new cryptocurrencies that offer confidential transactions. When Zcash first became available late October, demand was so strong that its founders temporarily became paper billionaires.

Monero rose to fame after a popular marketplace in the dark web, the portion of the Internet where people sell everything from guns to hacking tools, added it as a payment option.

The newcomers sense opportunity in one of bitcoin's flaws: Analytics companies, fueled by government research grants, have gotten really good at exposing users' identities, which were supposed to be hidden by public keys that reduced them to a mere string of numbers and letters.

This is possible because all transactions are recorded in a permanent public ledger, allowing anyone to see the entire history of each bitcoin and all the activity of each account. A single payment to an online retailer can be enough to reveal a user’s identity, which in turn reveals everything that person has done with that account.

In other words, the same transparency that guarantees the validity of bitcoin transactions also allows people to find out whether a user’s bitcoin previously passed through dirty hands. Such information is both an asset and a liability.

It’s useful for helping service providers make informed decisions about whether they want someone as a customer, but it can come with the responsibility of having to screen those customers to stay on the right side of the law.

The US government, for example, has outsourced some of its crime-fighting job by requiring financial institutions, including digital currency exchanges, to enforce anti-money-laundering regulations. Drug-dealing and tax evasion can be tough to stop at the source, but the perpetrators typically have to move money, so banks and exchanges are in a good position to identify and report illicit activity.

On the surface, privacy-preserving cryptocurrencies seem designed precisely to undermine such controls. Monero mixes multiple transactions together so that a source cannot be directly linked to a destination. Zcash creates shielded transactions where everything is hidden except for a string of data that proves the transaction is valid. Bitcoin also plans to add some of these features in the near future.

As bad as it looks, though, developers aren’t creating anonymous payment systems because they want to help criminals evade the law. They're doing it because that’s the only way a decentralised currency can work. If, say, users have to evaluate the acceptability of each bitcoin based on its transaction history, then one coin can be worth more than another and the currency loses its reason for existence.

The dollar is successful because it's pretty much always worth a dollar, backed by the full faith and credit of the US government. That's true whether it's freshly printed or old and torn, whether it has a pristine history or has passed through the hands of Al Capone. A publicly controlled digital currency doesn’t have that legal tender status and probably never will, so it must find some other way to achieve the same fundability.

Anonymity achieves this by preventing merchants or service providers from seeing any blemishes that might prevent them from honoring a unit of currency. Reducing the opportunity for external judgment is pretty much the goal of privacy protection in general. Ideally, so little information is revealed that everyone, and every valid transaction, is treated equally.

Decentralised currencies arose because people wanted to transact in a digital world without having to ask permission. The extent to which this facilitates criminal activity depends entirely on the prevalence of criminal activity in the real world. Maybe that's a problem that needs to be addressed outside the monetary system.

Bloomberg:               After A $65m Hack, Is Bitcoin Really Safe & Secure?:     

 

« US launches Code.gov Software Code-sharing Website
Cybercrime in Canada »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

4ARMED

4ARMED

4ARMED specializes in penetration testing, information security consultancy and security training

Cleo

Cleo

Cleo is a leader in secure information integration, enabling both ease and excellence in business data movement and orchestration.

CERT-PA

CERT-PA

CERT-PA is the national Computer Emergency Response Team for Italian government institutions.

International Federation of Robotics (IFR)

International Federation of Robotics (IFR)

The International Federation of Robotics connects the world of robotics around the globe. Our members come from the robotics industry, industry associations and research & development institutes.

CSIRT GOV - Poland

CSIRT GOV - Poland

Computer Security Incident Response Team CSIRT GOV, run by the Head of the Internal Security Agency, acts as the national CSIRT responsible for coordinating the response to computer incidents.

AlAnsari Technical Solutions (ATS)

AlAnsari Technical Solutions (ATS)

ATS is a Kuwait based company specialised in delivering hardware/software, Virtualisation, IP Telephony / Unified Communication, Networking and professional IT services and solutions.

NETAS

NETAS

Netas offers solutions in information and communication technologies including end-to-end value added solutions, system integration and technology services to providers and corporations.

Glilot Capital Partners

Glilot Capital Partners

Glilot Capital Partners is an Israeli seed and early-stage VC. We specialize in businesses which disrupt enterprise technology, mainly in the fields of AI, big data and cybersecurity.

ZEBOX

ZEBOX

ZEBOX is an international incubator & accelerator of innovative startups. Focus is on Transport/Logistics and Industry X.0 including technologies such as AI, Blockchain and Cybersecurity.

BigPanda

BigPanda

BigPanda is the first provider of Autonomous Operations solutions that empower IT Operations at large, complex enterprises.

Bigbee Technology

Bigbee Technology

Bigbee Technology are an IT solutions company based in Dar es Salaam founded by a group of professionals from around the globe.

Ostendio

Ostendio

Ostendio is a cybersecurity and information management solutions provider that develops affordable compliance solutions for digital health companies and other regulated entities.

VulnCheck

VulnCheck

VulnCheck helps organizations outpace adversaries with vulnerability intelligence that predicts avenues of attack with speed and accuracy.

Sidcon International Consulting Company

Sidcon International Consulting Company

SIDCON International Consulting Company has been providing consulting services since 2002 for private and public organizations in Ukraine and other countries.

Silent Circle

Silent Circle

Silent Circle is the leader in end-to-end enterprise solutions for secure mobile communications.

Beround

Beround

Beround is an IT consultancy firm specialized in software testing.