Bitcoin’s reputation as anonymous money couldn’t be further from the truth. The public nature of the chain means that without proper precautions, transaction histories can be traced and linked to real-world identities with surprising ease.
While Bitcoin does offer pseudonymity, achieving genuine privacy requires deliberate effort and technical knowledge that most users lack. What’s more, with privacy-focused Samourai Wallet’s developers pleading guilty to operating an unlicensed money transmitter and Tornado Cash’s Roman Storm convicted of the same, privacy tools are under pressure by authorities like never before.
Satsie, a board member of the recently formed Payjoin Foundation and contributor to the Bitcoin Dev Project, recently joined Bitcoin Season 2 to discuss the current state of Bitcoin privacy. The discussion ranged from basic opsec measures to advanced technical solutions like payjoin and silent payments.
Below is an edited transcript of the conversation.
Listen to the full podcast episode on YouTube by clicking here.
There’s a general misconception that Bitcoin is anonymous. How private is Bitcoin actually?
Bitcoin is pseudonymous, not anonymous, and it really depends on how you use it. For your average user, Bitcoin’s not going to be that private. Most people using Bitcoin are going through some kind of exchange or KYC service. Any time you touch one of those, you have to give up your ID, your Social Security number, your home address, or a selfie.
A lot of public figures like to say that Bitcoin is money for criminals, but the truth is it’s quite easy to trace these things. The chain is public for anyone to look at. If you know something about one address, you can follow it. You can see where the money came from before it was at that address and where it’s going afterwards. The responsibility falls upon the user to make sure they’re using Bitcoin in a way that accommodates their own personal threat model.
You say privacy in Bitcoin is possible but hard. What do you mean?
There are precautions you can take to protect yourself and reclaim your privacy. Privacy in general is really hard. A lot of the best practices you hear about how you should operate on the internet apply to Bitcoin because Bitcoin is internet money. Are you using a VPN or Tor? What email service provider do you use? We’re trying to raise that default minimum level of privacy you would get as an average Bitcoin user.
For example, you really shouldn’t reuse addresses. That’s really, really bad. Ten years ago that was very common. Now it’s not common because wallets will automatically generate a new address every time you pop into the wallet and say, “I want to receive something.”
The tricky thing about Bitcoin is the more you know, the more dangerous you become to yourself. Let’s say you understand Bitcoin a little bit and you think, “I have this address, it works, I can just keep depositing money to that.” The problem is Bitcoin follows the UTXO model. Everything’s like a coin, a unit of a different denomination of Bitcoin. Once you mix these coins together, that’s not good.
What are some basic privacy techniques the average person can use?
Don’t send addresses or transaction IDs in plain text over any communication medium. Use something encrypted like Signal. Another really big thing: don’t ship hardware wallets to your house. Never, ever, ever do that. That’s hard because not everyone has a P.O. box, not everyone has an office they have access to. But if and when these companies have data breaches, you are going to be at the top of the list, and you do not want your home address on there. It’s more work, but you’ll thank yourself in the long run.
Can you explain why running your own node matters for privacy?
If you really want to take the next step towards protecting your Bitcoin privacy, the natural step is to run your own node. You want to get to a point where that node is actually what is powering your wallets, what your wallet is connected to. You use your node to broadcast your transactions, and you use your node to listen to the Bitcoin network. You use your node to query the blockchain and ask, “Has there been any activity for these addresses that I care about?”
If you’re not connecting your wallet to your own node, you’re using the wallet provider’s node. Even if you signed up with a pseudonymous email and you’re using a VPN, they still know your balances. They still know your addresses. They still know your transactions. Because how are you going to broadcast your transaction without going through their node?
What is a payjoin and how does it work?
When we talk about transaction batching, we’re typically familiar with batching on the output side. Let’s say an exchange has five people requesting money to be sent to them. Instead of making five different transactions, they make one transaction with five different outputs.
Payjoin basically does that on the input side. If I want you to send me money, I give you an address and you create a partially signed Bitcoin transaction and give it to me. What I’m actually going to do is add an input of my own to that.
This accomplishes a few things. I’m basically doing a coin consolidation. In a normal transaction, you send me one bitcoin and then I have one bitcoin, which is an extra UTXO in my wallet. But if you send me one bitcoin and in that transaction I add an additional input for another bitcoin, I’m just left with two bitcoin when it pops out. There are nominal fees added to that, so it’s a benefit for the receiver.
It breaks the common input ownership heuristic, which we see in the original Bitcoin white paper. Even Satoshi has said that when we see a transaction, we can pretty much assume that all the inputs belong to the sender. With payjoin, that is no longer true. The inputs could all belong to the sender, or some could belong to the receiver, and we don’t know which ones. The more people who use it, the more it benefits all of us.
Where are we on the adoption curve for payjoin?
We’re at a really exciting time. Cake Wallet supports it. Bull Bitcoin, the exchange, supports it. Blue Wallet, Sparrow, BTCPay Server, JoinMarket all support payjoin, and there are many more integrations to come and the full list is on the Payjoin website.
Exchanges have so much to gain from payjoin because of those fee savings. There’s also something called transaction cut-through. Let’s say you have an exchange that needs to pay out money to people, but they also have people depositing. They can take the transaction that’s bringing in the deposit and edit it so the deposits go straight through to the people they need to pay out to anyway.
The Payjoin Dev Kit is the artifact the Payjoin Foundation produces. It’s a library for devs, mainly in Rust, but there are also options for Python, Kotlin, and other bindings.
What are silent payments?
Silent payments allow you to get the same user experience as address reuse without actually reusing addresses. You create what we call a silent payment address, it starts with the letters SP1 which looks like a Bitcoin address, but it’s not recognized by the network. You can’t plug it into a block explorer.
When somebody wants to pay you, they take your silent payment address and combine it with the private key from an input they want to send to you. They’re able to derive a unique taproot address for you, which is wild to me. They send funds to that on-chain address.
The trade-off is for the receiver. They have to scan the blockchain and look at every single transaction in every block and every UTXO in every transaction and compute what the address would have been if this person was sending to them. If any match, they’ve found it. In principle, that sounds like a lot, but I think it’s a technical challenge that can be overcome.
You don’t need to be online. You can just have this address and people can donate to it. I’m really optimistic for a future with silent payments because that’s a very useful thing for everyone to have.
What’s your evaluation of the current momentum for privacy from a regulatory standpoint in the United States?
It doesn’t feel awesome, especially coming out of the previous administration. I think this new one is giving us a little bit more breathing room to continue to develop these technologies that protect our fundamental right to privacy. But I don’t think anyone is going to breathe easy until we get some actual legislation that on paper will reflect the protections of developers.
We’re all hoping the Clarity Act will pass, which protects non-custodial wallet developers and people working on those things. That would be really good. No matter how many feel-good memos we get out of the administration or the Department of Justice, that’s not going to make me feel better until we actually have legislation.
Any final thoughts on where people can learn more?
The Bitcoin Wiki has a lot of really good stuff and it’s up to date. One of my favorite resources is Bitcoin Optech. It might be kind of technical, but even if you find the recaps and newsletter above your level, it’s really great for looking up topics you want to know more about. It’s maintained by some of the best engineers and talented technical writers in the space.As far as Payjoin goes, payjoin.org will give you all the information about Payjoin as a protocol. You can also go to payjoindevkit.org, which will help you understand what it’s going to take to integrate payjoin into a wallet. If you use a wallet and you want payjoin in there, tell your wallet and tell the Payjoin dev team. There’s a Discord for Payjoin that you can find on the Payjoin website.
Header image by Markus Winkler via Unsplash.
