In Part One of this treatise, we examined the fundamental relationship between Bitcoin and privacy by going back to the beginning with the whitepaper. In spite of some excellent privacy preserving options that have been available to users since those early days, we seem to have taken a few wrong turns. But to fix it, in order to make Bitcoin’s privacy “great again,” we must be able to distinguish between real privacy and red herrings that can only lead us further off the path.
Fiat Gateways Lead to Privacy Graveyards
Bitcoin is an effective system to transfer and store wealth, but that wealth has first to “enter” the system somehow, very often coming from fiat money. (Of course, you can also earn satoshis directly in exchange for goods and services you provide, instead of buying them with fiat.)
Fiat-enabled Bitcoin on-ramps (often known as “cryptocurrency exchanges”), acting as liquidity bridges, created huge privacy problems in Bitcoin. In order to manage fiat, exchanges will have to use traditional bank accounts. In order to get those, they have to meekly accept all the rules, conditions and limitations banks require. Traditional fiat banks, in turn, will pass over the extremely complex and heavy “compliance” burden they received from governments and regulatory agencies, including that concentration of economic illiteracy called “KYC/AML regulation.”
So, fiat-to-Bitcoin bridges will almost always end up demanding a scary amount of personal information from their user, linking that information to a few deposit and withdrawal addresses (often incentivizing continuous reuse) and then even hiring “chain-analysis” companies in order to follow, trace, tail and stalk all the previous and following economic activity on-chain.
Why Chain Analysis?
The first and most important reason for doing so is because these on-ramps are scared to lose the privilege of having a fiat bank account. Bitcoin was, is and will always be considered a “borderline” reality by governments and government-sanctioned legal cartels like modern fiat banks. Thus, it’s realistic to assume they would close down operative accounts to any exchange which couldn’t guarantee the same level of financial surveillance that fiat banks routinely enact.
For this reason, fiat-enabled gateways not only keep promoting wrong and dangerous uses of the Bitcoin protocol, discouraging security best practices and hiring “chain-analysis” spy companies: They often even go to great lengths to publicly praise “KYC/AML” nonsense regulations and to push the narrative that “Bitcoin is completely traceable,” marketing some probabilistic assumptions as “legal proofs” and ignoring even the existence of the fundamental privacy features of the protocol.
For a while now, these businesses have been freezing or confiscating users’ accounts because of what theoretical “chain-analysis” heuristics (dishonestly promoted as “facts”) suggest these users may have been doing way before or way after their interaction with the exchange, basically trying to break fungibility in Bitcoin.
We often see this happening for activities that aren’t even explicitly considered illegal in the specific jurisdiction under which they happened: online gaming, adult services, political campaigns, etc. Anything considered even remotely controversial has been depicted as forbidden, and any statistical guess about “on-chain” activity, based on common patterns and typical tools, has been depicted as “proven.”
Of course, there’s nothing really proven in “chain-analysis” heuristics, so the spy companies arbitrarily decide how many “on-chain hops” to look for, arbitrarily assuming who is doing what. Even assuming that such heuristics are correct (they have never been 100 percent reliable, and they are less and less so each day, while Bitcoin developers build better tools and Bitcoin users start employing best practices), this behavior is unacceptable. It is the digital equivalent of your physical bank sending private investigators to follow your every move for days after you withdraw cash at the ATM, and then freezing or confiscating your bank account entirely if that PI comes back with a report that says that “you may have,” with some probability, engaged in controversial actions with that cash.
More recently, this shady behavior has extended beyond some generically controversial activities engaged by “somebody somehow connected with customers” to encompass even the very act of trying to use Bitcoin’s security and privacy best practices!
Closing the Blinds
In January 2020, a company that operates a regulated exchange froze a customer’s account once they discovered possible hints that somebody, possibly the customer himself (but after some “hops” following the withdrawal transaction, that is, not even directly), was using a wallet enabling privacy best practices. Again, imagine your physical bank…