Three Things #28: July 31, 2022
On cryptocurrency privacy best practices (and privacy and security more generally)
Last weekend, some friends and I hosted a workshop at the A New HOPE conference on cryptocurrency privacy. The motivation for hosting this conversation is the fact that lots of people mistakenly imagine that cryptocurrency networks like Bitcoin and Ethereum offer privacy out of the box (and lots of introductory articles on these topics don’t help). This couldn’t be further from the truth. In the workshop we offered a much more nuanced analysis of this important and really interesting topic.
Thing #1: Privacy is Important
We began by asking the questions, “What does privacy mean to you? Why do you care so much about it? And why is this topic especially important today?” I think this is the right place to start since, even in 2022, even in an era of surveillance capitalism and dystopian, authoritarian, China-style techno-repression, privacy is still a hard sell to many people. When discussing privacy, it’s still common to hear people respond, “Why do I care? I have nothing to hide.” (I said this myself for years before I really understood privacy and why it matters.)
There are many possible definitions of privacy, but my favorite is selective disclosure. In other words, privacy isn’t black or white: it doesn’t mean that your content and data are either visible to the world or hidden from everyone. On the contrary: good privacy means that you can selectively share the things you want, and only the things you want, with precisely the people you want to share them with, and no one else. In other words, framed this way privacy is actually about sharing and community, which is much more prosocial than thinking about privacy in terms of back alleys and dark rooms. Think about it: how often do you actually want to keep something totally private from everyone? Life is much more interesting when we share.
As for why privacy matters—here, too, there are several answers and different people will feel differently about it, but I’ll offer two that resonate for me. Firstly, social innovation requires privacy. Why? Because so many of the things we take for granted today—ideas as diverse as religious freedom, same-sex marriage, democracy, labor unions, and Bitcoin—all started out as dangerous, subversive ideas first discussed privately among a small group of trusted contacts. Social innovation, and making progress as a society, by definition requires going against the status quo. Society requires safe, private spaces to have these conversations.
Secondly, even if you have nothing to hide today, you might in the future: you can’t forecast when you might need privacy, and if you don’t prepare now it might be too late later. The most salient example today? Who knew a few months ago that searching for an abortion clinic could get you in legal trouble in the contemporary United States? A closely related concept is the fact that privacy only works when everyone, not just criminals and subversives, use it.
As for why today—this should be fairly self-evident if you haven’t been living under a rock. Authoritarianism is on the rise globally, aided by more and more powerful surveillance tech. And it’s not just countries and societies we typically think of as authoritarian that are rapidly moving in a dystopian direction. Consider the recent EU regulation on traceability of cryptocurrency transactions, or Canada freezing the funds (including multiple cryptocurrencies!) of truckers in the recent “Freedom Convoy” protest. Even here in the United States, the Biden Administration proposed tracking every transaction over $600. And then there’s the overall global decline of cash. Privacy is getting harder and harder in our modern, tech-enabled, high-surveillance society, which means that strong privacy tools and awareness about why it matters are more important now than ever before.
For more: Reflect on the above framing questions: What does privacy mean to you? Why does it matter to you? Why is it important today?
Thing #2: Privacy is Hard
Going into last weekend’s workshop, I was feeling pretty confident. I thought I had a pretty good handle on privacy, and I thought I had a pretty good handle on cryptocurrency. So, naively, I thought I could manage to teach cryptocurrency privacy best practices without too much preparation.
But the more I thought about it the more I realized that privacy is complicated and nuanced. Like security, it involves many tradeoffs and perfection is impossible. The right question to ask is not, How do I make everything private? A better question is, What do I want to keep private and what am I willing to sacrifice to achieve that privacy? I realized that, even having studied this topic previously and despite thinking about it all the time, I was missing a lot of details and important information. (Which goes to show that one of the best reasons to teach a thing is that it forces you to really learn it yourself first.)
Ideally, the networks and the tools we use with them, like wallet applications, would do everything for us and we’d get good privacy out of the box. Someday that might actually be true, as privacy technology like zero knowledge proofs and MPC are getting easier, faster, and cheaper every day. But we’re very far from having such tools today. It’s possible to use privacy coins like Zcash and Monero, as well as layer two privacy tools built on top of networks like Ethereum without strong base layer privacy. The tools to do this are even starting to feel usable for the first time. But they all still have a lot of issues including governance, usability, and liquidity. Moreover, even these networks aren’t perfect and attacks against them have been demonstrated. Most privacy failures are due in part or in whole to user error, and the harder it is to understand and use these tools, the more common errors will be.
Privacy is hard for many reasons but one of the most important is the inherent tensions it entails. The tradeoff between privacy and usability is a very old one; experts were writing about it decades ago in the context of PGP, and I’m sure it goes back even further. Adding privacy inherently adds friction, and the most frictionless possible experience is for everything to be absolutely in the open. Encrypting things requires managing keys and passwords, which can be lost—and no one can help you if they are lost. Hiding your cryptocurrency transactions requires paying higher fees, using more complicated tools, generating expensive zero knowledge proofs, waiting longer for your transactions to confirm, etc. Buying a home without using your name is possible but it requires some very complex, arcane steps. So we all need to consider how much privacy matters to us, just how much privacy we need, and what we’re willing to trade for it.
The tradeoff between privacy and security may seem less obvious, since we tend to talk about the two in the same breath, but it’s also fundamental and important: more privacy means less security and vice versa. Security means putting trust in an authority—the government, the police, the developer, a protocol—to detect and deal with cases of bad behavior. The more information you reveal to that authority, the more effectively it can do its job. You see this tension constantly when a lawmaker proposes legislation that would severely infringe upon privacy in order to catch bad guys, or when the DOJ claims it needs the ability to backdoor consumer devices to prevent children from dying. The cryptocurrency version of this tradeoff is the fact that it’s difficult to audit the ledgers of protocols that obscure information like sender, recipient, and amount to make sure there hasn’t been any funny business, which is a problem when bugs do arise. Security and privacy are obviously both important, and different people and communities will be comfortable with different levels of both. It’s important that we always strive to keep them in balance.
For more: Make a list of the things that you most want to keep private. This could be your emails or chat conversations, your medical or financial records, your photographs, or something else entirely. Next consider what you’re willing to sacrifice to keep them private. Would you be willing to pay for it? Would you be willing to do more work or trade convenience for privacy?
Thing #3: Where to Start
With that important background out of the way—given how important privacy is, and how hard it is—where should you start if you want to maintain good privacy while using blockchain and cryptocurrency? Last weekend’s workshop was mainly focused on best practices. I want to attempt to summarize and synthesize the content we shared. There’s no way to boil down 4+ hours of content to a few short paragraphs, but I’ll do my best.
First things first: keeping your transactions private and private keys secure doesn’t mean very much if you don’t maintain good privacy in other areas of your life that have nothing to do with cryptocurrency.
Let’s start with operational security, a.k.a. OPSEC. Try to adopt a mindset where you’re at least cognizant of the times, places, and ways in which you leak information: e.g., when giving out your phone number to a stranger (this is more and more common, and can largely be solved by using burner numbers), when revealing your IP address and geography (browsing without a VPN, including on mobile), and, obviously, when revealing any other personally identifying information, financial information, etc. All of these information can be cross-referenced against your cryptocurrency transactions.
You must also make sure your device is secure to begin with. This is also a big topic and your approach should depend upon your environment (operating system, hardware, physical security, etc.) and your needs and preferences. Some basic rules of thumb include not reusing passwords and having a good strategy for managing them, whether that’s a password manager, a formula, a paper notebook, or some hybrid strategy; turning on multi-factor authentication; using a search engine that doesn’t track you; running a secure, modern operating system (no OS is perfectly secure but macOS, Linux, and ChromeOS are all reasonable choices; modern Android and iOS devices are both reasonably secure out of the box); keeping your devices and applications up to date; running only applications you trust, whether because you trust the developer or you’ve seen the code yourself; never downloading and never, ever running things from people you don’t know or trust; and using a VPN. Of course there’s much more you can do and the security and privacy rabbit hole is very deep; how far you go is limited only by your time, familiarity, and comfort with the concepts.
Moving back to cryptocurrency, once you’re confident that your devices, hardware, and operating system are reasonably secure, and once you have reasonable OPSEC in place, the most important thing you can do is get a hardware wallet, such as those by Ledger and Trezor. There are many varieties of hardware wallets and each has tradeoffs, but a hardware wallet from any mainstream vendor, purchased from a trusted source, is better than not having one. This is because of the risk of your private keys or mnemonic being compromised if it’s ever used on a “hot” or online device, including a laptop or a smartphone. Anything other than small, daily transaction amounts should be kept on a hardware wallet, and you should carefully back up the device mnemonic or seed phrase. Note that using a hardware wallet doesn’t by itself give you better privacy, but it does go a long way towards keeping your keys secure.
With all of these basic steps in place, it’s time to practice good account hygiene. As a rule of thumb, you should never reuse the same Bitcoin address twice (unless you’re transacting multiple times with the same counterparty); most wallet applications make it pretty easy to generate lots of new wallet addresses. This is a bit harder in account-based systems like Ethereum, but the same rule of thumb applies: generate many addresses, and restrict your usage of each one to a particular context (e.g., a particular counterparty or set of counterparties, or a particular application). Compartmentalize your usage of these accounts as much as possible. Make sure to clearly label each account so that you don’t mix them up. Also, don’t send funds directly from one account to another; instead, fund each account directly from an exchange account or a mixer such as Tornado cash.
I strongly recommend the use of a privacy-focused Bitcoin wallet such as Wasabi. The Wasabi documentation is a fantastic resource for additional cryptocurrency privacy best practice (with the caveat that they apply to Bitcoin, not Ethereum), and Wasabi has great features like automatically mixing your coins for you to maintain strong privacy. Mixers are not perfect and in some cases (usually due to user error) it’s possible for an adversary to de-mix transactions, but they provide the strongest possible guarantees at layer one (tools like zk.money, a private rollup, do something similar at layer two). You should also be aware that centralized cryptocurrency exchanges may ban deposits of coins that passed through mixers. I’m not aware of this having happened in practice—yet—but it could happen at any point and once a coin has passed through a mixer it may be considered tainted forever.
This barely scratches the surface, but hopefully it provides a setting off point for exploring this important topic further!
For more: Read this excellent, comprehensive article from Jameson Lopp on personal privacy best practices. Lopp also has a helpful list of additional Bitcoin-related security resources.