Condering privacy in Bitcoin often happens in three steps. Unfortunately, most people stagnate after the second steps. They fail to see the big picture - and real reason why the powers to be are afraid of Bitcoin.

I. Anonymous Magic Money

At first, you discover Bitcoin. Most people think: „Wow, anonymous magical internet money, cool.“ They like it, because they are concerned about mass surveillance and strive for privacy – and justifiably so: Information technology is about to create the worst surveillance society of history.

When you learn a bit about crypto anarchy, you maybe worry about the bad things, like untracability for kidnappers or murderers. Tim May‘s Cyphernomicron puts it in immortal words:

„And several Cypherpunks who've thought about the issues of crypto anarchy have been disturbed by the conclusions that seem inevitable“

But that‘s the price to take for a world of the free. Freedom is a basic right for everybody. It would be nice if there was a tradeoff, but there is none. Bitcoin must be equal for everybody. You are only free when the bad guys are too.

To settle on this conclusion is the first step. You need to invest some mental proof of work to get there. Unfortunately, all this work gets orphaned with the second step.

II. Bitcoin is not private enough

When you learn more about Bitcoin, you realize this: Bitcoin is not anonymous. It is pseudonymous. Every transaction is pinned to an address and linked with it‘s predecessor and successor. It‘s perfectly transparent and traceable. There are algorithm‘s for wallet clustering, which allow to identify which addresses belong to your wallet. It‘s not just transparent – it‘s immutable. All of your footprints are stored for eternity.

Bitcoin is a very bad tool for criminals. They leave an unwipeable fingerprint. No matter how good you are – you can never be secure the police will not catch you. Take Alexander Vinnik, a professional money launderer for hackers. He mixed a lot of coins stolen in 2011 to 2014. But finally, he was arrested in Greece, after blockchain analysts have found his wallets through extensive analytics.

Now you realize: When it‘s not even private for a professional money launderer – it can‘t be private for you. It‘s not a tool for privacy – it‘s a tool for surveillance. The ring is not made to make people free – but to enslave them. You are disappointed.

Most people arrive here. Bitcoin is not private enough. Two directions are left to go: You cheer for another, more private coin – like Monero or Grin – or you decide that Bitcoin must be changed for more privacy. Than you discover Lightning. It does not just scale Bitcoin – it also makes transactions untraceable. When a payment doesn‘t hit the blockchain – it is not just pseudonymous, but anonymous. So, you get ready to embrace Lightning with full force.

Here‘s not the place to discuss Lightning. It‘s a complex topic, and I could fill sides why it is a step back from the original Bitcoin in many areas. But here we go back to privacy and take the third step. The one most people miss.

III. A perfect tradeoff

Basically, this step is the most simple. At the same time, it is the most hard to master, because you need to reshape assumptions the first steps have been based upon.

You need to leave the „zero“ or „one“ mentality behind. Until now, „anonymity“ and „transparency“ have been absolute concepts. It‘s either anonymous, or it‘s transparent. As an historian I often wondered if this rigid perspective is the result of a „coder‘s mentality“: Computers are always 0 or 1. A software works, or doesn‘t. A cryptographic algorithm is secure – or broken. This is always true with computers. But it is never true with humans.

As an example, take the Enigma, the cryptographic machines of the Nazis. The Allies broke it and detected the route of German and Japanese boats and airplanes. Enigma was not good enough to hold in a war with the technologically most advanced states. But as breaking it required a lot of manpower, it would have been perfectly secure to protect citizens against mass surveillance.

It‘s not either – or. It‘s both. Things can be broken but still useful, as things can be perfect but useless. To fully understand this, you need categories which don‘t stick to the rigidity of mathematics but are more compatible with sociological processes. We need words that enable us to talk about what happens in the real world.

The difference between surveillance and observation

An important and common cut is between „mass surveillance“ and „observation“. I first learned of it in a book of Bruce Schneier, but I can‘t find the quote.

Mass surveillance is bad. A state (or a company) puts up cameras, creates a system of civil spying, intercepts internet traffic and uses machine learning algorithms to analyse the data. Just look at China, where a joint-partnership of the state and startups creates a nightmare of omnipresent mass surveillance. Mass surveillance is the dystopia of the electronic age.

Observation is different: A state (or a company) invests work to learn about a certain individual. Policemen monitor a house, interrogates neighbours or business partners and so on. Observation is an instrument to catch criminals. It is basically a requirement to allow a society to make its members responsible for their actions.

Observation is the oposite of mass surveillance. Mass surveillance happens automatically, in real-time and scales to the whole society. Observation requires human work, a lot of time and does only scale to small parts of the society. Nobody wants mass surveillance, but nearly everybody agrees that observation is good: Society should be able to use it to prosecute criminals, like murderers, slave trafickers or kidnappers.

With this new set of categories, we smell a tradeoff which the rigid differentiation between anonymity and transparency can‘t enable. What we considered to be impossible in the first step – that something can be private for everybody, but not for criminals – becomes possible. Now let‘s apply this on the privacy of Bitcoin.

Blockchain analyses is a bad foundation for mass surveillance

The Blockchain is not anonymous, yes. But it is still pseudonymous. It doesn‘t store your name. This, by itself, is bad for mass surveillance and good for everybody.

Facebook, Google, the NSA, PayPal and so on – all this surveillance platforms store your name in their database. That‘s what makes mass surveillance so terrible: The physical identity is connected to the virtual footprints.

Bitcoin doesn‘t store your name. The Blockchain doesn‘t even understand it. It can‘t validate real world identity data. It just reliably knows public keys and addresses. To get anything useful for surveillance and observation, you need to link it with other data, like the records of exchanges and ISPs.

If there are intact laws preventing an automated data sharing of exchanges and ISPs, Bitcoin is quite save against any kind of surveillance, as long as users don‘t handle their identity to an address and post it on the internet. In nearly most cases, the tracer needs external data to get any meaningful result, for example user data from exchanges and ISPs.

But even if the surveillance system has access to external, valid data – mass surveillance would still be hard. It must always base on blockchain data. The most common technology to redact blockchain data for further analyses is called „wallet clustering“. It allows you to find entities behind addresses by linking different addresses of a wallet and thus determine they belong to the same entity.

However, this technique has tight limits:

If you change your addresses with each transactions – it usually can‘t track your full wallet.

The blockchain data of a transaction of me sending a Bitcoin to someone else is identical to me sending the Bitcoin to myself.

It is not possible to absolutely determine which output is the payment and which is the change.

You can easily improve your privacy with coin selection or using differnet wallet files.

The severity of these limits depends on how Wallets manage inputs and how educated the users are. In this regards, there is, without doubts, a lot that could and should be made to protect user‘s privacy better. But nevertheless: These limits already exist.

Given tthis, wallet clustering will always produce a lot of unreliable data: false positives and missing real positives. Observers are used to work with unreliable data: They check the data and investigate: Policemen interrogate people, write letters to companies and so on. For them, Bitcoin is a very good source. It tracks immutable and validated monetary footprints.

For mass surveillance however it has very limited use. The blockchain does not only contain no valid link to the human world – it also contains not very reliable links to clusters of its own native data. Without further investigation the data is barely useful. It might tell something about what people do – but it is hardly enough to precisely track everything, as you can do in non-pseudonymous systems like the Internet Protocol.

Now let‘s look back on the way we have come from: In the first step we welcomed privacy and worried a bit that it might allow bad criminals to hide. But we accepted this as we thought there could ne no tradeoff between anonymity for everybody and privacy for individuals. In the second step we realized that Bitcoin doesn‘t give anonymity for bad criminals and thus can‘t give us what we strived for. So we decided to change or leave it.

The third step makes such a tradeoff possible – and we realize that Bitcoin is already there: It enables both privacy and transparency.

Bonus: The real deal - on the merits of transparency