Buying Bitcoin

Preserving privacy begins with how you buy Bitcoin. Using a Know Your Customer (KYC) exchange that requires you to provide personally identifiable information will connect your Bitcoin addresses with your identity. If that association is ever leaked from a hack or other act of negligence, at the very least it will indicate how much Bitcoin you have purchased potentially making you a target for bad actors, and at the very worst it could associate all future transactions out of your wallet with your identity unless additional privacy preserving actions are taken.

Address Reuse

Bitcoin addresses were designed to be single-use. Reusing addresses across transactions links transactions together allowing blockchain analysis to reveal the full balance at that address and draw connections back from future transactions. Using separate addresses per transaction also introduces plausible deniability that the addresses don't belong to the same wallet. Fortunately, any credible wallet today will generate new receive addresses whenever you make a request to receive Bitcoin.

Accounts and XPubs

Bitcoin wallets allow you to create separate accounts to segregate balances and addresses for different purposes. Each account has an Extended Public Key (XPub) which can be used to derive all the addresses for the account. Exchanges will often provide the option to input an XPub so that future withdrawals will be made to new addresses. While this is a convenient way to avoid address reuse without needing to manually enter new addresses for every transaction, providing an XPub means the exchange can derive future addresses as well even after you're done using the exchange. If the XPub is ever leaked, then anyone with access to the XPub can also see your balances and monitor transactions on the blockchain. Whenever considering sharing an XPub, consider the privacy implications of doing so and consider creating a separate account per service to minimize the scope of shared information.

UTXO Management

Unspent Transaction Outputs (UTXOs), also known as coins, are the individual denominations of Bitcoin received during a transaction to a particular address. If you withdraw 1.5 Bitcoin from an exchange to a single address, your wallet will contain a 1.5 Bitcoin UTXO for that address. If a friend sends you a gift of 0.25 Bitcoin privately to another address, your wallet will now also contain a 0.25 Bitcoin UTXO at the second address.

When sending Bitcoin, UTXOs serve as the inputs to the transaction. The receiver will see the value of the UTXOs, so if larger UTXOs are spent, that can reveal information about your savings. Imagine paying for coffee with a hundred dollar bill. The barista will need to return change for the hundred dollar bill, and you just revealed to anyone nearby that you are carrying a hundred dollars. Spending with large UTXOs can reveal similar information on the blockchain. For a 0.24 Bitcoin transaction, it's better to use the 0.25 Bitcoin UTXO than the 1.5 Bitcoin UTXO. Not only is the value of the UTXO leaked, but any change will be sent to a new UTXO in your wallet, and the receiver will be able to track future transactions with those funds unless additional privacy protecting measures are taken.

When multiple UTXOs are combined to deliver a larger amount, those UTXOs are connected on the blockchain by a heuristic known as the common input ownership heuristic. Since whoever sent the transaction needed the keys to sign for the UTXOs, it can be assumed that they owned both. If one UTXO was acquired on a KYC exchange and another was acquired privately without KYC, combining them in a single transaction will link the private Bitcoin to the identity used with the KYC exchange. Bitcoin wallets provide the ability to label UTXOs and keep track of who knows about them. A full featured wallet will also provide Coin Control functionality which enables you to select specific UTXOs for a transaction. When constructing transactions, it's best not to combine UTXOs from different sources if it can be avoided. Many Bitcoin wallets will warn when combining UTXOs from different sources.

UTXOs are also an important factor in calculating transaction fees. Since fees are calculated by the size of the transaction data and not by the monetary value of the transaction, each additional UTXO used in a transaction adds to the fees. If you have accumulated a large amount of small UTXOs, you may need to frequently combine UTXOs when making transactions for higher amounts. A common practice to reduce future transaction fees is called UTXO consolidation. During low fee environments, sending multiple small UTXOs together in a single transaction to another address in your wallet will consolidate them into a single UTXO. While this will save on fees during high fee environments, the act of UTXO consolidation triggers the common input ownership heuristic and links ownership together on the blockchain. When considering UTXO consolidation, be mindful of which UTXOs you merge together to avoid compromising privacy.

Layer 2

Layer 2 networks like Lightning and Liquid move transaction activity into channels and sidechains that minimize the digital footprint on the Bitcoin Layer 1 chain. The Liquid network even supports Confidential Transactions (CTs) where the type and amount of assets being traded is blinded to everyone but the sender and receiver unless they selectively reveal that information. Consider using Layer 2 networks to reduce fees and preserve privacy at the same time.

Bitcoin Nodes

Running your own node or at least connecting to servers that you trust can prevent your wallets from leaking information to untrusted parties.

Network Privacy

Whenever connecting to a Bitcoin server or blockchain explorer, it's best to connect over Tor. Tor routes network connections through multiple network nodes to prevent the IP address and location of the source and destination from being revealed. Connecting directly from your IP address to any server will link your IP address with the Bitcoin addresses, balances, and transactions that you query. Preserve privacy by connecting over Tor when possible or via a VPN.

Taproot Addresses

Taproot is the latest Bitcoin address type which enables multiple spending conditions and also improves privacy by hiding spending conditions on the blockchain and making singlesig and multisig wallets indistinguishable. While Taproot addresses have not yet been widely adopted, they will offer additional privacy once more wallets and services support them.

Conclusion

There are many factors to consider when trying to preserve privacy with Bitcoin.

If you'd like a trusted partner that can tailor guidance to your specific needs and guide you on your Bitcoin journey, schedule a call with us.