Bitcoin Privacy and Security Basics
Using Bitcoin privately and securely is not "on by default". There are active steps that a user must undertake to improve their privacy and security. In this article, you will learn some of the basic pointers with privacy, such as network privacy and transaction graph privacy.
Security in Bitcoin is dependent on getting sufficient randomness in the generation of your seed and private keys, protecting those keys from the outside world, while still making suitable trade-offs for you to still be able to use Bitcoin. What kinds of tools should you use to secure your Bitcoin? What single points of failure exist in your setup, and how could they be removed? What other ways can you mitigate these risks?
Privacy in Bitcoin is a complicated subject since it is not entirely public or private – it depends on how you use Bitcoin. There are two main components to consider:
- Network: how you interact with Bitcoin may be surveilled via the internet or your network connections
- Transaction graph: how you acquire or spend your Bitcoins may reveal your overall holding amount, prior transactions, or even future transactions
There are countermeasures and defensive steps that a Bitcoin user may take, but they require careful study and execution. It's possible to use techniques that provide some level of pseudonymity at a network level (such as Tor, "The Onion Router"). Some techniques can obfuscate the transaction graph, such as using CoinJoin wallets like Samourai or JoinMarket.
Your transaction graph privacy relies on certain heuristics used by surveillance companies or individuals to track your Bitcoin spending "on the blockchain". CoinJoin and other techniques can help break these heuristics and provide additional privacy.
- Acquire Bitcoin without using a KYC (Know Your Customer) service. This may mean using a peer-to-peer exchange such as Bisq or Hodl Hodl, purchasing from a local Bitcoin meetup, or earning Bitcoin.
- Use a new address each time when receiving a payment. You do this by using your Bitcoin wallet to generate a new address, rather than re-using an old address to take payment.
- Do not publicly post your Bitcoin addresses online or talk about how many Bitcoins you have.
- Use your own Bitcoin node to prevent giving your transaction history information to a third party - this will require some learning and study. Look into the Ronin Dojo project for more information on using your own node with Samourai Wallet, a privacy-focused Bitcoin wallet for Android.
- The Lightning Network can provide some more privacy than a standard Bitcoin transaction, but there are trade-offs, and this will arguably not be as private as a well-executed CoinJoin transaction flow.
For optional further research, see:
Security in Bitcoin is also complicated, so it is best to use professional products and services that help with best practices. If you want to take a more active role in self-custody and verifying your Bitcoin use, consider:
- Ensuring sufficient randomness in the generation of the underlying Bitcoin seed (this is often done at the start when you create a new wallet or initialize a hardware wallet).
- Using well-tested and reviewed open-source software and, ideally, open-source secure hardware devices. If there were bugs or malicious code, they would be identified by community members and code reviewers. If the software is not open-source, its function cannot be easily verified by other users.
- Removing SPOF (single points of failure) where possible. For example, multi-signature setups can provide some additional protection against one single error or hardware device/key being compromised or stolen. Also, keeping backups of your seed can help protect you against the loss or malfunctioning of your hardware wallet. However, this backup would now be another thing to protect against theft.
- When paying a Bitcoin invoice using a hardware wallet, always confirm the address and amount on the hardware wallet against the address and amount you intended to pay. There have been cases where malware meant that the address was swapped, but a hardware device can better detect and show the correct address that is being paid to.
- It's generally a good practice to keep your hardware wallet firmware or software Bitcoin wallet updated, but be wary that this is a common malware or hacker vector. Ideally, you should learn to PGP-verify that the update is from the correct vendor/creator of the product. Generally speaking, though, updates can help protect against bugs and vulnerabilities.
- Using your own Bitcoin node with your wallet will provide a higher level of confidence to you that your incoming Bitcoin transactions are valid.
For optional further research, see:
Source: Saylor Academy
This work is licensed under a Creative Commons Attribution 4.0 License.