Author: Gregory Maxwell 2016-03-01 00:57:58
Published on: 2016-03-01T00:57:58+00:00
In this conversation, Kristov Atlas asks about privacy features in Bitcoin Core. One notable feature is the cryptographic randomization of transaction ordering, which provides the greatest possible privacy. However, the BIP 69 recommendation, if universally used, would be equally as private. The joinmarket module can also be used with Bitcoin Core to include coinjoins. Currently, there are no decentralized mixing tools available that do not harm the user's privacy. Bitcoin Core does not implement anti-features like donations and always has the highest possible FP rate. To obtain balance information, the software makes remote queries, but these can be directed to use Tor for all communications before starting. All network connections are independent via Tor by default. Separate "identities" require separate wallets.The article discusses various aspects of privacy in Bitcoin Core, noting that an attacker could observe transactions signed by private keys from multiple wallets and deduce that they come from the same client. However, all private wallet state is stored within the wallet, so changing the wallet means the node no longer knows any of them. Bitcoin Core normally relays transactions for third parties, making it merely potentially suggestive of origination. Reliable deletion of private data is not very feasible on current hardware/OSes, so users are advised to use OS-level encryption to protect their privacy locally. Backups are local, and no email or SMS is linked. The application does not perform any external lookup related to identifying transaction senders or recipients. The application connects to known p2p full nodes to bootstrap the connection to the Bitcoin p2p network. Users are recommended to run Tor, which should prevent identifiable traffic except for timing/volume analysis.The application allows the user to encrypt the wallet file with a password, preventing decryption of private keys until the password is entered. Each wallet file can have its own single password protecting spending, and there is no custodianship. There is no obvious telemetry data being sent, and the application supports a deterministic build process that is actively audited by multiple parties who post cryptographic signatures of their duplicated builds.
Updated on: 2023-05-19T23:14:32.688018+00:00