The most important part of privacy when using cryptocurrencies is on-chain privacy. Without on-chain privacy, linking a single transaction or address to your identity can reveal up to all of your historical activity on the blockchain. That said, privacy is about information leakage, and a secondary element after on-chain privacy is decoupling your IP address from your identity when using cryptocurrencies. IP privacy is important in situations where being identified as a user of a cryptocurrency could put you at risk, like living under an autocratic regime. This post speaks to an adversary snooping the network looking to gather information on users.

Situation 1: Your country will not target you for participating in the network but you are concerned about information being collected regarding your activity

One option is to run a full-node. When transactions are first broadcast to the network, every node which receives it and hasn’t seen it before will broadcast it to its peers, and so on. There is no simple way to differentiate between a node being the originator of a transaction and relaying a transaction it received from somewhere else. Nodes are constantly broadcasting new transactions. With Bitcoin blocks being full and capable of processing 3–7 transactions per second, that is a lower bound on how many transactions will be broadcast by your full-node, and your transactions will easily blend into the crowd. Being able to distinguish between transactions originating from a node and transactions re-broadcast by a node would require an adversary be able to monitor all network traffic between all nodes across the Bitcoin network which is constantly in a flux of nodes coming online and going offline. This seems implausible.

Another option is to run your communications over a VPN. In that case the IP address visible to the network is that of your VPN service provider. The service provider will know of your activity and may even sell that data if there is a business case for it, but it won’t be directly accessible to observers of the network.

Situation 2: Your country will target you if you use the network

You probably want to use Tor or I2P for your inbound and outbound connections. Tor is an anonymous proxy overlay network that allows you to interact with the clearnet without any participant knowing both your IP address and the details of your activity on the network at the same time. The latency is much higher than a VPN but provides anonymity. I2P is a specification for a private overlay network which allows participants to form a true darknet — an internet within an internet.

The easiest way to run Tor is through Tails or Whonix where all connections are run over Tor by default. No special configuration is required and you have to go out of your way to make a mistake. Most users do not have a great understanding of computer security and a default configuration which is hard to misconfigure is a good thing.

There are nuances for using Tor. If certain uses of the internet are prohibited by your government, then the tools which would allow you to hide this are likely to be prohibited, too. To hide that you are using Tor from your ISP, you can connect to the Tor network through Tor bridges. Tor bridges are entry nodes which are not publicly listed, making it difficult to identify every entry node IP associated with the Tor network (see: https://www.torproject.org/docs/bridges.html.en).

It is still possible to be deanonymized even when using Tor correctly and employing reasonable operational security. Cookies on your browser form a fingerprint that can be used to track your activity online (see: https://arxiv.org/pdf/1708.04748.pdf). The dimensions of your browser, the plugins you have installed, your operating system, the dimensions of your screen, etc. can also form a unique fingerprint (see: https://panopticlick.eff.org). Supercookies are persistent cookies that cannot be easily deleted, and are more similar to malware than regular cookies (see: https://samy.pl/evercookie/). Private browsing is so complicated that entire research papers are written on the subject (see: http://crypto.stanford.edu/~dabo/pubs/papers/privatebrowsing.pdf). If your identity can be tied to some data kept on your browser, your IP is no longer private.

Things that you shouldn’t do:

Don’t ignore on-chain privacy measures. If your on-chain activity is public, there is no point hiding your IP address. Avoid crytocurrencies which lack adequate on-chain privacy measures like Bitcoin. Preferably avoid cryptocurrencies with private features (optional privacy) in lieu of private cryptocurrencies (mandatory privacy).

Reconsider running connections over VPN if you live in an autocratic country. Governments can subpoena these VPN providers for data on their users and those VPN providers will comply. Nobody is going to prison for you, especially not for your $50/year subscription.

Don’t use a cryptocurrency whose primary feature is IP privacy, with the team suggesting on-chain privacy is not necessary. (For an example of a cryptocurrency project that makes similar claims, see https://vergecurrency.com/.) Off-chain technologies do not require an entirely new blockchain to interface with it. It is a simple google search to figure out which settings to change to route Bitcoin connections over Tor. Having a separate cryptocurrency for this purpose is either from self-serving developers capitalizing on naive users or from extremely questionable judgment. Both are problematic because the developers either do not have your best interest in mind or are making a poorly designed tool that could easily fail to work as intended. Privacy is extremely hard to implement appropriately and the worst kind of tool is one which gives you a false sense of security.

Final Remarks

There is little reason to hide your IP if your government does not prohibit using cryptocurrencies. There are many other more productive routes for tying your identity to specific addresses/transactions that law enforcement will use. They include but are not limited to: blockchain analysis, requesting data from companies whose customers transact with cryptocurrencies, cookies, browser fingerprinting, and more. By running your own full-node your transactions can blend in as full-nodes are constantly relaying transactions sent to them by other nodes. In the average case it will be extremely difficult to determine which transactions were not relayed, in the worst case you have plausible deniability

If your government is unfriendly to cryptocurrency use, you will probably be using Tor with Tor bridges. On-chain privacy and other privacy preserving measures are still extremely important.