Participants in Bitcoin transactions are identified by public addresses – those are the long strings of around 30 characters you see in a person’s Bitcoin address, usually starting with the numerals ‘1’ or ‘3’. For every transaction, the sending and receiving addresses are publicly-viewable.
Since these numbers are virtually incomprehensible, difficult to remember without a computer and don’t contain a person’s name or identifying information, it is often claimed that Bitcoin is an “anonymous currency”. This is also often used as an argument to attack Bitcoin as a currency for illegal transactions and tax evasion.
But it’s not as simple as that. If you publish your address anywhere, it can be linked to your real-life identity. Even if you don’t publish it, simply re-using the same address many times can show a pattern that an analyst with basic skills could link to your identity by looking at transaction times, amounts, location and regularity – and connecting it to other data sources like receipts, exchanges, and shipped items.
It’s recommended for privacy and security that you use a new address for every single transaction, and most modern wallet software is designed to do just that. But even though this increases the amount of effort and skill required to uncover your identity, it doesn’t make you 100% anonymous. Freely available blockchain explorers and analytical tools have been used to link addresses with only single transactions to other addresses, forming a chain or pattern that eventually reveals its owner. These have been useful in investigating cases of theft at companies like Mt. Gox and Bitcoinica, but can potentially be used to identify anyone.
Due to all of this, it’s more accurate to say Bitcoin is “pseudonymous” and not anonymous. Think of it as a less memorable email address or online handle. Even if it’s not your real name, someone out there can potentially find out who the real person behind the pseudonym is.
There are ways to make Bitcoin more private, but they come with risks. One is to use a “mixer” or “tumbler” which effectively takes your bitcoins and moves them around between a confusing array of addresses until it’s virtually impossible to trace. But do you trust the mixing service to spit your money out the other end, especially since most of them are run by anonymous entities themselves? Usually, they do, sometimes they don’t.
Another way is to trade Bitcoin for a digital currency designed to have greater anonymity, like Monero or DASH – effectively making your own mixer. Trade Bitcoin for the other currency, perform one or more transactions to break the link and trade back into Bitcoin. These transactions increase the complexity, though, and probably require an online exchange, which increases the potential to identify users. Price volatility of all digital currencies may affect how much comes out the other end. And finally – like mixers – if the destination Bitcoin address is one that can be linked to you somehow, the entire process has been pointless.
“Blockchain forensics” is a growing industry with increasing levels of expertise and tool technology. The Bitcoin blockchain is a public and permanent record. Your current OPSEC (Operational Security) may beat all methods of investigation available now, but will it stand up to scrutiny in 30 years’ time? How likely is anyone to look? If private transactions are something you care strongly about your operational security should stay as ahead of the curve as possible.