January 2021

Welcome to the eighth issue of ‘This Month in Bitcoin Privacy’ newsletter. Enjoy!

"American Moon Moth" by Lisa Zins is licensed under CC BY 2.0

Table of Contents

1. Chainalysis Lobbying
2. ShapeShifting Back
3. Digital Privacy 101: The Ultimate Lopp-Sec
4. Tor Consensus Issue
5. Ledger Data Dump Update
6. Bitcoin Core V0.21 Released
7. Tracking PayJoin Adoption
8. FinCEN Proposed Rulemaking Suspended
9. Empirical Analysis of Lightning Privacy
10. Building Your Privacy Foundation
11. Chimeras of Central Bank Digital Currency

January 5th - CHAINALYSIS LOBBYING

The revolving door spins ‘round and ‘round! Two former deputy assistant secretaries of the Treasury have filed to register themselves as lobbyists acting on behalf of their client, blockchain surveillance firm Chainalysis. Michael DiRoma and Andrew Eck are co-founders of DiRoma Eck & Co. LLP, “a Washington advisory firm” focused on:

the fields of banking and financial services, domestic and international tax policy, national security, financial technology, economic sanctions, international trade and finance, anti-money laundering (AML) and combating the financing of terrorism (CFT), Bank Secrecy Act (BSA) issues, beneficial ownership, Committee on Foreign Investment in the United States (CFIUS) matters, export controls, appropriations, and economic diplomatic relations including issues related to the World Bank and the International Monetary Fund.

The disclosure, shared by The Block managing editor Michael McSweeney, states that their specific issue will be to “advocate for increased use of blockchain analysis technology to pursue illicit financial activity through the exploitation of cryptocurrencies.”

January 6th - SHAPESHIFTING BACK

In TMIBP03, I mentioned that ShapeShift was once one of the most popular portals for swapping between bitcoin and Monero, before they dropped their account-less model in 2018. After more than two years, ShapeShift and CEO Erik Voorhees announced that “it has integrated decentralized exchange protocols” and “users no longer need to provide personally identifying information to us.”

From ShapeShift’s beginning, our business model has been simple: we trade crypto assets with our users. We hold an inventory of Bitcoin, Ethereum, etc., and when a user wishes to sell a digital asset, we receive it from them and send them a different one. We’ve been the counterparty to each trade.

It is this model of trading with our customers — this specific commercial activity — that arguably places us under the purview of the Bank Secrecy Act and requires us to KYC our users. It is this model that we are now ending.

They plan for “native, non-wrapped Bitcoin and several other leading chains to be supported for decentralized trading in Q1 2021.”

January 7th - DIGITAL PRIVACY 101: THE ULTIMATE LOPP-SEC

Keyfest, a three-day virtual event hosted by Casa, focused on “celebrating the past, present, and future of personal keys” where “everyone owns their wealth, identity, and data.” The last presentation in the schedule featured Jameson Lopp, Matt Odell, and Michael Haley discussing privacy, especially in the context of self-defense as someone who owns bitcoin.

Our second principle is that bitcoiners are at greater risk. This should be obvious to most people on the call, but because Bitcoin is pseudonymous and also censorship resistant, there’s a higher payoff for motivated attackers.

January 10th - TOR CONSENSUS ISSUE

In TMIBP05 and TMIBP07, I have been following the Tor Project’s v3 onion service upgrade, which is now supported in Bitcoin Core v0.21. Recently, they have been experiencing reachability issues related to consensus disruption among the ten directory authorites (dirauths).

This bug got exposed today because the network went several rounds without a consensus due to the ongoing issues of #33018 (closed) and #33072, and thus Tor clients and Tor onion services ended up with a consensus that still worked (it was made within the past 24 hours), but was no longer considered “live”. So normal Tor circuits (using exit relays) still worked, and v2 onion services still worked, but v3 onion services stopped working for that time period – services wouldn’t publish descriptors, and clients wouldn’t fetch them.

Developer David Goulet issued a fix requiring “a reasonably live consensus” instead, which is the standard for v2 services. However, reachability dropped again later in the month. Security researcher Matt Traudt, who has been tracking and contextualising the outages, believes at this time “there is no evidence that the traffic overload is actively trying to hurt v3 onions.”

It’s happening again, but this time the large amount of directory traffic is coming from exits. We’ve missed three consensuses, so v3 onions will be going down. Dirauths are already discussing and trading patches to mitigate the issue in the short term. The long-term solution for not allowing people to use exits to do this is tracked here.

During the initial outtage, Wasabi contributor Riccardo Masutti wrote about their mitigations:

As we said before, all Internet traffic goes through Tor, and by default all this traffic stays inside the onion network. This means that, in Wasabi coordinator’s case, as v3 services are used to coordinate the CoinJoin transactions, there may have been (or there may be) connection and communication problems.

To ensure service availability, Wasabi Wallet is equipped to offer a fallback scenario where exit nodes are involved. For example, if the Tor onion service of the backend becomes unavailable for the user, the wallet falls back to communicating with the backend’s clearnet endpoint, still over Tor. Wasabi also frequently utilizes multiple Tor streams where applicable.

January 13th - LEDGER DATA DUMP UPDATE

In TMIBP02 and TMIBP07, I covered the data breach of customer information from e-commerce and marketing database(s) used by hardware wallet company Ledger. Over one million email addresses and 272,853 shipping orders were dumped on RaidForums last month. They have since been informed of further leaks through Shopify.

Now, we have new information to share: on December 23rd, 2020 we received a notification from our e-commerce service provider, Shopify, regarding an incident involving merchant data in which rogue member(s) of their support team obtained customer transactional records, including Ledger’s. The agent(s) illegally exported customer transactional records in April and June 2020. According to Shopify, this is related to the incident reported September 2020, which concerns more than 200 merchants, but until December 21st, 2020, Shopify had not discovered that Ledger was also targeted in this attack. Shopify tells us they engaged digital forensics experts and counsel to continue their investigation on the matter and have reported the matter to law enforcement in both Canada and the USA.

Along with forensic firm Orange Cyberdefense we were able to establish that it affects approximately 292,000 customers. While the database is 93% similar to those exposed in the previous attack there were approximately 20,000 new customer records including, email, name, postal address, product(s) ordered and phone number included in this breach.

Ledger claims that they plan to “put your e-commerce order information such as name, address, phone number in a segregated environment three months after the shipping of your product,” and then delete it “as soon as possible.” They are offering “a bounty fund of 10 BTC for information leading to successful arrest and prosecution.”

If you were impacted by this breach, I recommend Kraken’s “Security Advisory: Mobile Phones,” Jameson Lopp’s “A Home Defense Primer,” “A Modest Privacy Protection Proposal,” and Michael Bazzell’s “Privacy, Security, & OSINT Show.”

January 14th - BITCOIN CORE V0.21 RELEASED

In TMIBP05 and TMIBP07, I covered privacy-related changes coming with the release of Bitcoin Core v0.21. Lead maintainer Wladimir van der Laan has since published the final candidate.

This release adds support for Tor version 3 hidden services, and rumoring them over the network to other peers using BIP155. Version 2 hidden services are still fully supported by Bitcoin Core, but the Tor network will start deprecating them in the coming months. (#19954)

The Tor onion service that is automatically created by setting the -listenonion configuration parameter will now be created as a Tor v3 service instead of Tor v2. The private key that was used for Tor v2 (if any) will be left untouched in the onion_private_key file in the data directory (see -datadir) and can be removed if not needed. Bitcoin Core will no longer attempt to read it. The private key for the Tor v3 service will be saved in a file named onion_v3_private_key. To use the deprecated Tor v2 service (not recommended), the onion_private_key can be copied over onion_v3_private_key, e.g. cp -f onion_private_key onion_v3_private_key. (#19954)

In nearly every issue of this newsletter so far (TMIBP02, TMIBP03, TMIBP04, TMIBP05, TMIBP06, and TMIBP07), I have followed discussions and review of the upcoming Schnorr / Taproot soft fork. As expected, this release “implements the proposed Taproot consensus rules (BIP341 and BIP342), without activation on mainnet” yet.

On January 22nd, Michael Folkson wrote that an IRC meeting was being organised “to make progress towards consensus on an activation method for the proposed Taproot soft fork.” He also published a video addressing “Taproot misconceptions.” On January 30th, core developer Luke Dashjr emphasized that “the quicker the community upgrades to 0.21 (or the upcoming 0.20.2 backport), the clearer it will be that a shorter timeframe can be used for activation!”

On January 31st, Ádám “Nopara” Ficsór and others discussed the feasability of cross-input signature aggregation — which would be useful for CoinJoins — being included with the Schnorr / Taproot soft fork. In October 2020, Blockstream research director Andrew Poelstra had discussed why it would be difficult. In March 2018, Anthony Towns had also explained that “interactive signature aggregation is going to take a lot of time and work.”

Check out What Bitcoin Did #284, Bitcoin Optech Newsletter #132, #133, and the Schnorr Taproot Workshop for summaries on new releases, Taproot activation, and other recent technical developments beyond Bitcoin privacy.

January 15th - TRACKING PAYJOIN ADOPTION

In TMIBP03, TMIBP05, and TMIBP06, I have been tracking adoption of PayJoin, a type of collaborative CoinJoin. Chris Belcher has since created a PayJoin adoption and compatibility page on the Bitcoin Wiki. In sharing the page to the mailing list, he cited the closure of the U.K.-based marketplace BitBargain last month.

If we want bitcoin to fulfill its dream of a permissionless money for the internet then we’ll have to work on this. What can we do to increase adoption of PayJoin?

Following beta testing, Coinkite has finished version 3.2.1 with “signing Payjoin PSBT files based on BIP-78.”

Check out Bitcoin Optech Newsletter #132 for summaries on PayJoin adoption and other recent technical developments beyond Bitcoin privacy.

January 20th - FINCEN PROPOSED RULEMAKING SUSPENDED

In TMIBP07, I detailed the reaction to a notice of proposed rulemaking from the Financial Crimes Enforcement Network (FinCEN) director Kenneth Blanco. It would require banks and money service businesses to identify and file currency transaction reports (CTRs) on customers – and potentially non-customers – who transfer cryptocurrency to / from non-custodial wallets. This is part of a broader push to implement inter-VASP customer data sharing practices under the Bank Secrecy Act (BSA).

On January 4th, Electronic Frontier Foundation legislative activist Hayley Tsukayama and special counsel Marta Belcher wrote that they had sent comments opposing the proposal on grounds of protecting “privacy, speech and innovation.” U.S. senator Cynthia Lummis of Wyoming also sent a letter to then Secretary Mnuchin with her concerns regarding the proposed changes. She cited the recent breach of Department of Justice, Treasury, Energy, and Commerce systems as a reason to reconsider increasing data collection requirements:

The rule fails to adopt a more appropriate risk-based approach for digital asset transactions. To this point, the BSA has heavily focused on transaction data collection from largely law-abiding account holders, instead of focusing more appropriately on illicit activity. Moreover, significant data collection can be a target for intrusion.¹³

On January 7th, the supposed final day of the comment period, Coin Center filed another comment arguing that “the Treasury Department does not have the statutory authority to promulgate this regulation.” A week later FinCEN announced that they would be “reopening” the comment period. Blanco noted that they had “reviewed and considered 7,506 comments” so far. Jerry Brito and Peter van Valkenburgh talked about this update on episode #24 of their Tangents podcast. On January 20th, a further extension was enabled by the incoming Biden administration, which issued a “regulatory freeze” to “ensure that the President’s appointees or designees have the opportunity to review any new or pending rules.”

In TMIBP06, I included comments from former Department of Justice chief Jaikumar Ramaswamy against applying a ‘know your customer’s customer / counterparty’ (KYCC) policy to non-custodial wallets. On February 1st, he will be speaking with FinCEN deputy director Michael Mosier about “Unhosted Wallets and the Future of Crypto Regulation.”

January 21st - EMPIRICAL ANALYSIS OF LIGHTNING PRIVACY

In TMIBP01, TMIBP03, TMIBP04, and TMIBP07, I have followed critical examinations of privacy on the Lightning Network. This month, another research paper on this topic was published by George Kappos, Haaroon Yousaf, Nym Technologies co-founder Ania Piotrowska, Sanket Kanjalkar, Sergi Delgado-Segura, Zcash Foundation board member Andrew Miller, and Sarah Meiklejohn (whose work also appeared in TMIBP04). Along with another paper highlighted last month in TMIBP07, the work will be presented at the 25th annual Financial Cryptography and Data Security (FC21) conference in March.

This paper presents a thorough analysis of the privacy offered by the Lightning Network, by presenting several attacks that exploit publicly available information about the network in order to learn information that is designed to be kept secret, such as how many coins a node has available or who the sender and recipient are in a payment routed through the network.

As ‘ZmnSCPxj’ has explained, so-called “private channels” may not afford much privacy in practice. The researchers here claim they found “77,245 pairs of transactions that were potentially involved in opening and closing private channels,” narrowed down by the presence of peeling chain behaviour. They were able to identify (as in, heuristically cluster) one or both channel participants in 86.8% of cases.

Our LN dataset included the hash of the Bitcoin transaction used to open each channel. By combining this with our blockchain data, we were thus able to identify when channels closed and how their funds were distributed.

As mentioned in TMIBP06, this is something that Belcher has referenced in relation to the privacy benefits of Schnorr and Taproot. “Right now these transactions publish a visible contract on-chain.” In TMIBP05, I also quoted Elliptic co-founder Tom Robinson saying that “Schnorr and Taproot are actually going to make [tracing Lightning payments] very difficult to do.”

For a more in-depth review of the paper, see Block Digest episode #253.

January 23rd - BUILDING YOUR PRIVACY FOUNDATION

I gave a presentation on “Building Your Privacy Foundation” to the Chicago Bitcoin and Open Blockchain (BOB) meetup. The material covers beginner issues and tools like requesting / deleting data from services, webcam slide covers, browsers and extensions.

The presentation will address why privacy matters, introduce threat modeling, highlight useful tools, and share some of her experiences preserving her own privacy. While it will be tailored for a Bitcoin and cryptocurrency-focused audience, the topics can apply to anyone interested in protecting their privacy.

January 27th - CHIMERAS OF CENTRAL BANK DIGITAL CURRENCY

In TMIBP05, I included excerpts from a European Central Bank (ECB) report about central bank digital currencies (CBDCs). It remarked that “a digital euro should allow citizens to continue to make their payments much as they do today with cash,” which includes “the capacity to ensure privacy in payment transactions.” However it is quite clear that the perspective of most regulators and financial institutions is not as pro-privacy.

On January 27th, economist and Bank of International Settlements (BIS) general manager Agustín Carstens spoke at a virtual seminar hosted by Stanford’s Hoover Institution, a public policy think-tank directed by Condoleezza Rice. During his presentation on CBDC design considerations within “the future of the monetary system,” Carstens initially also pays some lip-service to concerns about the loss of privacy in the transition away from cash:

Of course, the danger of data breaches or abuse by public authorities warrants a careful approach. But there are designs where some level of individual privacy can be preserved – a CBDC does not have to entail an Orwellian Big Brother, where the central bank sees each and every transaction.

Private sector intermediaries have a role to play in this, too, as settlement agents in a competitive payment system. In particular, private intermediaries could (temporarily) record and guard users’ data. Yet decisions on data privacy are very important. This is not just a technical issue, but an important policy issue that transcends the financial sphere.

Then he asserts the “need to establish both proper identification and privacy in the payment system,” and that “the idea of complete anonymity is hence a chimera” because “the vast majority of users would accept for basic information to be kept with a trusted institution.”

Above all, the discussion of identification in CBDC needs to be considered in the wider context of digital ID. The use of personal data is necessary to improve the provision of financial services. Financial inclusion is about overcoming inequality, in particular by reducing information asymmetries. CBDCs can be the entry point for financial services, but they need to be linked to an ID. By offering the unbanked access to a digital ID, authentication can help to support inclusion in the long term and to formalise the informal economy. While this appears to create trade-offs, as citizens also value their privacy and enjoy the anonymity of cash, there can be long-term gains from overcoming this.

The argument that identification requirements improve financial inclusion directly contradicts a previous BIS paper (which he cites) that states CBDCs tied to an identity scheme would be “good” for “law enforcement,” but not necessarily for the unbanked.

Yet access is likely to be difficult for one core target group: the unbanked and individuals who rely on cash. There may be challenges to match the qualities of cash as an inclusive, crisis-proof and anonymous means of payment (Pichler et al (2019)).

Despite citing anti-cash economist Kenneth Rogoff (mentioned in TMIBP05), supporting “anti-money laundering and combating the financing of terrorism (AML/CFT)” as reasons to fear true financial privacy, he offered no supporting evidence that identification or financial surveillance systems are actually effective towards these objectives. In the same section of TMIBP05, I had also highlighted a study which estimated that “anti-money laundering policy intervention has less than 0.1 percent impact on criminal finances.” It should be common sense by now that vastly more people will be personally affected by data breaches and identity fraud than terrorism, and this will only get worse if private forms of value exchange are eliminated.

Human Rights Foundation (HRF) director Alex Gladstein criticised the speech, having recently authored an article that countered dismissing or “demonizing identity-guarding tools like Signal and Bitcoin.” I have previously included his privacy advocacy against blockchain surveillance in TMIBP01, TMIBP02, TMIBP03, and TMIBP06.

The culture war over encrypted messaging might finally be ending. But the fight for privacy isn’t finished, it’s just moving to the next medium: money.

Most Americans may not yet grasp that financial privacy is just as important as communications privacy for our democracy — that your spending habits say more about you than your words. In an open society, the ability to buy political books, have discreet medical procedures, and build communities without government surveillance is essential.

Thanks for reading! Feel free to bookmark or subscribe to catch the next edition of ‘This Month in Bitcoin Privacy.’