It’s a recurring narrative in stories about Bitcoin and other digital crypto-currencies. Terrorists are out there waiting, ready to descend on the promise of limitless and untraceable financing for attacks.

In a fit of panic, governments institute strict regulations on the nascent currencies. In other words, it’s a Bitcoin enthusiast’s worst nightmare.

There’s a grain of truth in this story. It’s certainly true that terrorists—like those affiliated with Islamic State—are looking at crypto-currencies as a means to move money without spies and law enforcement agencies tracking them.

But as a widespread way to circumvent currency controls, it’s not really taking off. That’s according to a new report by CTC Sentinel, West Point’s counter-terror journal.

Even as terror groups like Islamic State become more sophisticated—and even as they begin to use crypto-currencies more often—it’s still likely to be a marginal source of financing, at best.

“While these tools have gained in popularity, in recent years their expansion into various terrorist organizations has been slow and deliberate and has not matched pace with transnational criminal uses of these same technologies,” states Aaron Brantly, the report’s author and a professor of cybersecurity at the United States Military Academy at West Point.

The crux of the problem for Islamic State is that these currencies are really not as anonymous as popularly assumed. They’re the opposite of anonymous, in at least one important respect.

Currencies like Bitcoin rely on openly sharing all transaction information across the entire network. Everyone can see the entire history of transactions involving the currency.

This has several advantages. For one, this builds trust by showing that currency flowing from one place to another is in fact doing just that. Also, the history makes it harder to pull off a scam, like simultaneously paying for two different things—from two owners—with the same Bitcoin and stiffing one or both.

What’s anonymous is where the money is coming from and where it’s going, except for an address—tied to one or more private keys—which the sender can reconfigure after every transaction. That’s just enough for sleuths to potentially pinpoint your identity.

Even better is that spies have the entire transaction history at their fingertips.