Bitcoin appeared as a sustained effort to create and offer control over finances for the regular people. At first, it came as a great innovation in terms of security and privacy. But as time passed, more and more issues came to light.
Therefore an increasing number of members of the crypto community addressed the debate of privacy vs security in an attempt to create the most private cryptocurrency.
Table of Contents
Privacy vs security
Although the concepts of security and privacy are sometimes considered to be in a false separation, when it comes to online data and information management, there is a difference. In fact, inside an online ecosystem, a system can function with complete security but no privacy but no system can offer privacy without security.
What is security?
The simplest way of understanding security is about the safeguarding of data. Through security, the system and its administrators prevent malicious parties from extracting, altering, and erasing information.
Taking a Facebook account for example, you may input all your personal information, from birthdate to what city you live in or who your parents and relatives are.
Even though this information can be seen by anyone, Facebook makes sure nobody can just go on your profile page and edit it.
Also, they are pretty keen on improving authentication by continuously developing login alerts systems, even tying them to physical devices and locations.
We can assume that Facebook is rather secure. However, the discussion about privacy is more of a sensitive topic in this case.
Because it’s a social media platform, all the information you share on Facebook is shared with everyone. And even more, from the day you sign up on Facebook, the platform will store all the information that can be potentially used for showing you targeted ads based on interests.
Furthermore, Facebook reads your conversations. They scan the links and images that you send or receive in conversations with friends on Facebook Messenger and also reads chats when they’re flagged to moderators
However, they do offer a few privacy settings to give you control over the ways other Facebook members can interact with you. But those options only go to the extent of your own activity, timeline, tags, and how can you be found and contacted.
But when it comes to advertising, Facebook is a safe haven for spammy ads, and there isn’t much you can do about it as a common user. Believe it or not, a tourism agency is able to target you with ads for a trip taking into consideration the fact that you had a vacation last summer.
What is privacy?
While security is all about the safeguarding of data, privacy is about protecting the identity and the activity of users.
Facebook illustrates an impeccable example of security with little to no privacy, so we should look further into how this matter is thought out for cryptocurrency.
“When there is a central authority that has control over a financial system, do users really have privacy?” This is one of the fundamental dilemmas cryptocurrencies try to solve through decentralization.
Using a regular banking account subjects your finances to a bank’s administration. Therefore, all your transactions are seen, approved, and managed by the bank.
Most of the time, we all ignore the fact that we pay ginormous fees for international transactions (which may take several days to complete), can use our funds in limited amounts, and only with vendors approved by the bank.
But through cryptocurrency, all data about funds attributions and transactions are recorded in blocks as hashed information which are digitally signed to prevent double spendings.
Thus, through cryptocurrency, anyone should be allowed to buy from anyone, with no limits to the amount they transact, and even have international transactions taking place in a matter of minutes.
By eliminating the use of most of the personal information, while implementing a public and a private key system, cryptocurrencies managed to create highly secure ecosystems with an extensive degree of privacy.
And in the beginning, Bitcoin was considered the most private cryptocurrency and a method to send money anonymously. But the community discovered that Bitcoin is not as anonymous as thought. But will talk more on that later.
The problems with cryptocurrency
Cryptocurrency is a fairly new domain, and with every new project that innovates the market, the developers discover new issues and opportunities for improvement.
But in tackling the matter in a pragmatic sense, we do have to admit that most cryptocurrencies are risky and rather difficult to use. It may not be the first time you heard it, but the crypto market is in its “wild west” phase.
Of course, there are hackers and scammers. There are also usability issues that keep the general public from using cryptocurrencies. And of course, the highly volatile prices don’t help.
In terms of security and privacy, cryptocurrencies are evaluated in relation with how strong their distributed networks are and how anonymous can a person keep their identity and transactions.
A blockchain built with a Proof-of-Work protocol can be extremely sturdy in terms of security as long as it has a sufficient number of nodes to keep the computational power high enough to avoid 51% attacks.
Many altcoins post-Bitcoin failed here. Two of the most recent 51% attacks reported by Cointelegraph happened to Bitcoin Gold’s blockchain on January 23 and 24, at a 6 hours difference. The first one removed 14 blocks and then added 13 blocks, double spending approximately $19,000. The second one removed 15 blocks and added 16, double spending almost $53,000.
If in terms of security some cryptocurrencies may fail, at least they’re anonymous, right?
Well, not so much. Indeed, cryptocurrencies offer a great degree of control and privacy, but they are not 100% anonymous.
Keep in mind that every transaction is forever recorded in a public ledger that contains public addresses.
Also, governments are rather suspicious of cryptocurrencies because of reported usages in illicit activities. Thus, they started collaborating with cybersecurity companies to track and monitor cryptocurrency transactions.
For example, CiperTrace, a USA cybersecurity company, announced on October 19, 2019, that its extended platform allows clients to trace more than 87% of the transactional volume of the top 100 cryptos such as Ether, Tether, Bitcoin Cash and Litecoin. This means that authorities can use monitoring methods not only against criminals but also against ordinary people.
Also, due to AML and KYC regulations, most cryptocurrency exchanges and wallets will require their users to go through personal identification processes. Meaning that a public address can be associated with a wallet and a wallet with a person’s identity.
But isn’t Bitcoin anonymous?
Bitcoin was thought to be a pseudonymous cryptocurrency that maintained privacy through using Bitcoin addresses that couldn’t be linked to real-world identities. But being a public blockchain, it was easy to observe usage patterns for public addresses and transactions, and identify connections to individuals.
Furthermore, when nodes were publishing transactions inside the blockchain, they were leaking their own IP addresses.
Bitcoin’s security and privacy
Bitcoin’s security is set on the fact that it’s based on blockchain, in a distributed ledger. Every block contains information about every previous block, so when a user makes a transaction, the node that writes in the transaction will automatically see where the funds come from.
After checking provenience, the transaction will be written in the new block. The miners will always add new blocks on the blockchain that has the most blocks. And, if a malicious user tries to create a new chain, deriving from the legit blockchain, he has to complete the PoW algorithm puzzles to add new blocks on his fork.
In order to have his fork become the main blockchain, he needs to complete algorithms faster than the whole community to obtain the longest chain.
Although a resourceful hacker may get lucky enough to add a few blocks, the amount of computing power he would need to surpass the legit nodes is virtually impossible to create.
What happens when your transaction gets written into a fork?
Well, nothing! Due to the possibility of an accidental or malicious fork taking place, to avoid double spendings, once a transaction is added to the blockchain, it has to receive more confirmations until it’s considered permanent and irreversible.
The first confirmation comes from the miner that broadcasts the transaction to the network. The next confirmations will come inside the following blocks that will include this transaction as taking place in the blockchain’s history. Therefore, if a transaction gets trapped into a fork, it will not be included inside the main blockchain.
When it comes to privacy, Bitcoin can be considered a pseudonymous currency in which you are given a public address that replaces a person’s identity. The blockchain is public, containing the transaction history of a coin from the moment it was minted.
But the degree of privacy the pseudonyms provided is quite eroded by the KYC and AML regulations. Even more, nowadays, services such as Chainalysis, CiperTrace, and Elliptic deanonymize blockchains to detect money laundering, fraud, and compliance violations.
And, in response to the erosion of Bitcoin’s privacy, tumbler/mixer services such as CoinJoin were created to improve anonymity in Bitcoin.
In CoinJoin, users create different transactions with smaller amounts at different times shifting ownership of their coins and making each transaction harder to track. This process is then repeated among different users to grow the difficulty.
However, coin mixing has its flaws as well. As research conducted in 2017 shows, 67% of the CoinJoin transactions could be traced by researchers, and mainly because there were only 2–4 participants on average per transaction.
Welcome to privacy coins
With Bitcoin’s privacy as a work in progress, other developers took the initiative to create cryptocurrencies to support private transactions and called them privacy coins.
Some notable examples of established privacy coins are:
Top privacy coins
Monero (XMR) is an anonymous digital medium of exchange that is resistant to blockchain analyses. It is considered by many to be the leading cryptocurrency in terms of privacy.
The goal of Monero is the creation of a fully decentralized digital currency where funds are fungible and cannot be associated with public addresses.
The coin uses a variation of PoW called the Crypto Night hashing algorithm which exploits a system of stealth addresses, ring signatures, and transaction data mixing. Through this protocol, the data about amounts and destinations are hidden inside the transactions.
Another thing about Monero is that it doesn’t have a fixed block size limit, so, in theory, it supports 1,000 TPS.
Also, Monero has no option for transparent transactions, therefore, nobody really knows what is the actual circulating supply, and the $949 M market cap is only an estimation.
A major downside of Monero is that if someone manages to break the privacy protocol, all the data about the transaction will become public. This situation actually happened between 2014-2016.
Furthermore, in 2018, researchers took on the challenge of analyzing Monero’s blockchain and managed to deanonymize 62% of all Monero transactions.
Verge is a private digital currency that does not rely on cryptographic techniques but uses multiple anonymity-centric networks such as TOR and I2P. It uses TOR to send communication across an anonymous distributed network of nodes formed of a global team of volunteers and encrypts data through I2P before sending it through the global network.
Verge uses the open ledger to verify transactions without linking them to any IP addresses or other identifying information. It has some unique features such as atomic swaps or fast transactions, is able to support 100 TPS, and has a market cap of more than $53 M.
Zcash is an open-source cryptocurrency that uses Bitcoin’s core code and a variation of the PoW algorithm, the Zero-Knowledge Succinct Non-Interactive Argument of Knowledge.
Zk–SNARK refers to a proof of construction where one can prove possession of certain information, like a secret key, without revealing that information, and without any interaction between the prover and verifier. However, its decentralization is debatable because of the voting system that can allow even the exclusion of some nodes.
The goal of Zcash was to create a fungible altcoin that wouldn’t lose value because of its usage history and also provide a high degree of privacy.
By making the coins fungible, a coin could easily replace another to limit a tracker’s ability to tell them apart and identify their owners.
Zcash supports 56 TPS and has a market cap of $381 M.
However, Zcash is not private by default, which weakens the concept of a privacy coin. Even more, in 2018 researchers were able to associate 69% of Zcash shielded transactions with founders and miners.
Dash is an open-source decentralized cryptocurrency that forked from Litecoin and uses the PoW algorithm.
The main goal of Dash’s developers is to reach mass adoption. By now, it is already accepted by some legit merchants. And through a third party, it can even be exchanged directly to FIAT and have the funds transferred inside Mastercard or Visa credit cards.
It supports 56 TPS and has a market cap of $672 M
Dash offers an option for transparent transactions together with an option for private transactions.
The high degree of transparency that Dash says it offers is however questionable. Its PirvateSend feature consists only of the simplest form of a coin-mixing service performed by its master nodes. Also, there were several complaints about the mixing process being too slow.
Komodo (KMD) is a less known private cryptocurrency that forked from Zcash and uses zk-SNARK. It is said its developers have implemented a better proof of construction algorithm for security reasons, but Komodo still has similar limitations like Zcash in terms of private transactions.
Some of the privacy improvements Komodo brings in terms of anonymity regard to purchasing new currencies via the Komodo blockchain and decentralized exchange while remaining anonymous.
Komodo achieved 20,000 TPS in 2018 and its developers are aiming for 1 million TPS. Currently, it reached a market cap of $62 M.
How to be totally anonymous online in the cryptocurrency world?
Although they bring a higher degree of privacy, even privacy coins may fail in keeping your identity anonymous.
And the pseudo argument that nobody needs anonymity if they don’t have something to hide is fundamentally wrong. Even the United Nations Declaration of Human Rights recognizes financial privacy as a basic human right.
Furthermore, according to Amplify’s CEO, Justin Tabb, “Too much focus on anonymity’s negative usage on any platform can run the risk of restricting privacy for all users. In other words, a healthy degree of anonymity is required to ensure freedom for all.”
Therefore, to protect your privacy online while using cryptocurrencies, you should keep in mind the following tips, even when you are making use of privacy coins:
- Browse the internet in incognito. The most basic level of anonymity is to make sure your browser doesn’t save cookies, temporary internet files or your browsing history. Either search the internet in incognito mode, or make sure to set your browser to never allow cookies or cache files.
- Use TOR and VPNs. TOR hides its users’ identities and their online activity from surveillance and traffic analysis by separating identification and routing. And a VPN encrypts the traffic from your machine to the exit point of the VPN network. However, just because you hide your IP it doesn’t mean you’re totally untraceable. Therefore an additional layer of protection formed by anti-virus, anti-malware, and firewall will increase your security.
- Avoid revealing identifiable information of any kind. KYC and other user identification processes from centralized exchanges and web wallets can also add a vulnerability to your privacy. The most ideal way to keep your privacy intact in the cryptocurrency world is to be paid in cryptocurrency or buy P2P. Furthermore, keeping a low profile is contradictory to being a cryptocurrency influencer. So, never post about your holdings on social media.
- Avoid address reuse. Use wallets that generate new public addresses for each incoming transaction and make sure the functionality is activated. By never using an address from a previous transaction and always generating a new one, when someone tries to track your activity, he will have a harder time establishing a pattern.
- Use Trustless CoinJoins. Trustless CoinJoins provide a greater degree of security than regular centralized mixers. You should avoid using random centralized mixing services because they require putting your trust in a 3rd party that can steal, be hacked, or be cracked down by the government, thus resulting in you losing your funds. However, in trustless CoinJoins, even though pools are hosted on coordinating servers, cryptography prevents the stealing of funds. They also have pool transactions with many users and do several rounds of mixing.