As of last week, Bitpay no longer shows you a Bitcoin address as part of your invoice. Instead, you receive a url that you can scan with compatible wallets. Bitpay is using this url to fetch your private IP address, and if they think they cannot get it, they will refuse to process your payment.

What is the Bitcoin Payment Protocol?

The Bitcoin Payment Protocol — proposed by Gavin Andresen and Mike Hearn in July 2013 as BIP 70 — was designed to mitigate man-in-the-middle attacks, make the payment experience less prone to human error and create indisputable and handy invoices.

A Bitcoin invoice. Instead of a Bitcoin address you receive a URL pointing to the Bitpay server.

In short, the compatible wallet will use a URL to fetch a Bitcoin address and amount from the Bitpay server, together with meta-data such as expiration date of the invoice, invoice number and merchant information. The user cannot edit this and accidentally or intentionally under- or overpay an invoice, or at a later date send money to a Bitpay address in error.

Format of a Bitpay Payment Protocol URL:

bitcoin:?r=https://bitpay.com/i/ChSd8QW6QWf56nUXf7PAPL

Successful Payment Protocol invoice in Electrum. [redacted]

You can find Bitpay’s explanation in this blog post. Bitcoin.org also has useful information in their developer guide.

Payment Protocol compatible Bitcoin wallets according to Bitpay.

How is Bitpay violating my privacy?

Your wallet makes a direct call to the merchant’s server. This allows the payment processor or merchant to see your device’s IP address, easily identifying you. On some ISPs it can be used to easily identify your phone number, address and possibly location.

Theoretically, you can hide your IP address behind a proxy service such as a Virtual Private Network (VPN) or Tor. Many wallets, including the Payment Protocol compatible Electrum and Core make this easy for you.

If Bitpay detects you are making a connection through a VPN or Tor, they will not call back and make it impossible for you to pay your invoice until you reveal your IP.

Error shown by Bitcoin Core when using Tor as a proxy. [redacted]

Error shown by Electrum when using Tor as a proxy. [redacted]

Why is this bad?

Bitpay is able to use this information to deny Bitcoin payments and collect personal information from users who need Bitcoin the most. If you care about Bitcoin as a tool of empowerment for those disenfranchised by banks, governments and the corporate surveillance apparatus, you have to reject any attempt to deanonymize Bitcoin transactions.

It is the most vulnerable people that need privacy the most to escape violence and prosecution, no matter if this is state violence or domestic violence.

Repressive countries such as China have tight censorship regimes. Additionally, these regimes tend to block access to Bitcoin services. While Bitpay to my knowledge is not yet blocked from inside the Great Firewall, people in China rely on proxy services such as VPNs to maintain contact with the outside world. Denying them Bitcoin payments is unnecessary and stupid.

What can I do?

Use an anonymity proxy at all times. A VPN is a good start, but some applications can easily be routed through Tor. You can find easy guides on how to do that on the website of the Tor Project.

Route all communications between Electrum or Core and the internet through a Tor proxy.

2. When you are unable to pay an invoice to Bitpay, complain both to Bitpay and the merchant. It sounds silly, but complaining does work.

3. Use a payment processor that respects your and your users’ privacy.