8 hours ago |
By Kai Sedgwick – |
Most Privacy Coins Aren’t That Private
Privacy coins are meant to be private. That’s their raison d’être. Strip away the privacy, and they simply become altcoins, and dangerous ones at that, with the potential to deanonymize their users and expose their secrets. A number of recent reports have cast doubt on the privacy features offered by coins such as zcash and monero.
There’s Safety in Numbers
Zcash is a controversial coin for a number of reasons such as its “founders reward” that sees 20% of all coins mined in the first four years go to stakeholders. The technology that enables zcash private transactions, zk-Snarks, is widely used by privacy coins within the same family such as zclassic, zencash, and bitcoin private. The trouble with zcash, as far as privacy advocates are concerned, is that shielded (i.e private) transactions aren’t enabled by default. In fact, 85% of all zcash transactions are public, and some zcash wallets don’t even support private transactions.
The fewer people who opt for anonymity, the easier it becomes to deanonymize the ones who are. That’s why a network such as Tor becomes more effective the more people who use it. There’s safety in numbers, and without shielded transactions enabled by default in zcash, it makes those who voluntarily select this function automatically look suspicious to anyone monitoring web traffic, such as the three-letter agencies.
The Snowden leaks revealed that the NSA targets and stores encrypted web traffic, reasoning that if someone’s gone to the bother of encrypting their email, they must have something to hide. If Google were to encrypt Gmail by default, it would automatically fill the sub-sea cables tapped by the NSA with so much indecipherable data as to remove all suspicion associated with using encryption, rendering attempts at studying its metadata meaningless. The zcash team has spoken of its desire to have all transactions shielded by default eventually, though the words “which we hope will someday become the norm” suggest they’re in no hurry to make it happen.
Optional Anonymity Is No Anonymity
Data consistently shows that when privacy must be enabled, most people will go with the default setting. In addition to 85% of all zcash transactions being public, 69% of all zclassic transactions are also unshielded. It’s the same with verge, a privacy coin whose privacy features have been repeatedly called into question, and which is rarely used for private transactions.
zk-Snarks, the technology which provides anonymity for the z-family of coins, is reliant on a trusted setup which requires that the coin’s creator has not retained a master private key. While there is no reason to suspect the development teams of doing so, the whole point of cryptocurrency is that it’s trustless, removing the need to rely on the goodwill of others. The obvious solution for anyone wishing to transact anonymously is to use a coin such as monero that enforces privacy by default, but even that’s not without its problems.
Monero Is Not Immune From Privacy Concerns
Concerns about the ease with which zcash users could theoretically be deanonymized have persisted for some time. Monero has largely been immune from similar criticism, but a new research paper takes aim at the deep web’s favored privacy coin. In An Empirical Analysis of Traceability in the Monero Blockchain, researchers from institutes that include MIT expose the vulnerability in transactions made before the coin’s privacy tech was upgraded to add Ring Confidential Transactions. Even with its new privacy features, researchers were still able to spot the real coin from the spoof coins used to mask the transaction 45% of the time.
Peeling Away the Privacy
“Privacy is a Prerequisite for Human Rights” reads the title for Chapter 6 of Wendy McElroy’s book The Satoshi Revolution, being serialized on news.Bitcoin.com. In it, she writes:
For Satoshi, the transparency of the blockchain was not only salutary but it also allowed for genuine privacy—a privacy that rested on keeping the public key anonymous and never linking it to a true identity. In other words, protecting a True Name was the privacy. And the first line of protection for a True Name was the use of anonymity, pseudonymity, or polynymity (multiple personas).
In the same chapter, McElroy quotes from Satoshi, who explained that with bitcoin “The public can see that someone is sending an amount to someone else, but without information linking the transaction to anyone. This is similar to the level of information released by stock exchanges, where the time and size of individual trades, the “tape”, is made public, but without telling who the parties were.”
For a while this system worked well, with those who desired bitcoin’s pseudonymity able to do so separating their public persona from their wallet address. In time, bitcoin started to become more regulated, meaning that the only way to purchase coins was through an exchange which required submitting an email address and name, and eventually full KYC. At the same time, blockchain mapping tools were being developed that made it easier for law enforcement to assign virtual identities to real world ones, which was one of the factors attributed to the arrest of Ross Ulbricht.
As monero’s Riccardo Spagni conceded to Wired, “Privacy isn’t a thing you achieve, it’s a constant cat-and-mouse battle.” Pretty good privacy is the most that can be expected for now: enough to provide anonymity in the here and now, but perhaps not enough to thwart a three-letter agency with the tools and determination to identify a specific user. Using privacy coins such as monero and zcash is still preferable to having no privacy at all. But they should not be relied on to completely anonymize transactions. The blockchain lives forever, and should exploits or vulnerabilities for these coins be discovered, every transaction ever conducted could be at risk.