Bitcoin appeared as a sustained effort to create and offer control over finances for the regular people. At first, it came as a great innovation in terms of security and privacy. But as time passed, more and more issues came to light.
Therefore, an increasing number of members of the crypto community addressed the debate of privacy vs. security in an attempt to create the most private cryptocurrency.
Privacy vs security
Although the concepts of security and privacy are sometimes considered a false separation, there is a difference when it comes to online data and information management. In fact, inside an online ecosystem, a system can function with complete security but no privacy, but no system can offer privacy without security.
What is security?
The simplest way of understanding security is about the safeguarding of data. Through security, the system and its administrators prevent malicious parties from extracting, altering, and erasing information.
For example, taking a Facebook account, you may input all your personal information, from birthdate to what city you live in or who your parents and relatives are.
Even though anyone can see this information, Facebook makes sure nobody can just go on your profile page and edit it.
Also, they are pretty keen on improving authentication by continuously developing login alerts systems, even tying them to physical devices and locations.
We can assume that Facebook is rather secure. However, the discussion about privacy is more of a sensitive topic in this case.
Because it’s a social media platform, all the information you share on Facebook is shared with everyone. And even more, from the day you sign up on Facebook, the platform will store all the information that can be potentially used for showing you targeted ads based on interests.
Furthermore, Facebook reads your conversations. They scan the links and images you send or receive in conversations with friends on Facebook Messenger and read chats when they’re flagged to moderators.
However, they offer a few privacy settings to give you control over the ways other Facebook members can interact with you. But those options only go to the extent of your own activity, timeline, tags, and how you can be found and contacted.
But when it comes to advertising, Facebook is a safe haven for spammy ads, and there isn’t much you can do about it as a common user. Believe it or not, a tourism agency can target you with ads for a trip, taking into consideration the fact that you had a vacation last summer.
What is privacy?
While security is all about safeguarding data, privacy is about protecting users’ identities and activities.
Facebook illustrates an impeccable example of security with little to no privacy, so we should look further into how this matter is thought out for cryptocurrency.
“When a central authority has control over a financial system, do users really have privacy?” This is one of the fundamental dilemmas cryptocurrencies try to solve through decentralization.
Using a regular banking account subjects your finances to a bank’s administration. Therefore, all your transactions are seen, approved, and managed by the bank.
Most of the time, we all ignore the fact that we pay ginormous fees for international transactions (which may take several days to complete), can use our funds in limited amounts, and only with vendors approved by the bank.
But through cryptocurrency, all data about funds attributions and transactions are recorded in blocks as hashed information which are digitally signed to prevent double-spending.
Thus, through cryptocurrency, anyone should be allowed to buy from anyone, with no limits to the amount they transact, and even have international transactions taking place in a matter of minutes.
By eliminating the use of most personal information while implementing public and private key systems, cryptocurrencies managed to create highly secure ecosystems with an extensive degree of privacy.
And in the beginning, Bitcoin was considered the most private cryptocurrency and a method to send money anonymously. But the community discovered that Bitcoin is not as anonymous as thought. But will talk more about that later.
The problems with cryptocurrency
Cryptocurrency is a relatively new domain, and with every new project that innovates the market, the developers discover new issues and opportunities for improvement.
But in tackling the matter in a pragmatic sense, we have to admit that most cryptocurrencies are risky and rather difficult to use. It may not be the first time you heard it, but the crypto market is in its “wild west” phase.
Of course, there are hackers and scammers. There are also usability issues that keep the general public from using cryptocurrencies. And, of course, the highly volatile prices don’t help.
In terms of security and privacy, cryptocurrencies are evaluated in relation to how strong their distributed networks are and how anonymous a person can keep their identity and transactions.
A blockchain built with a Proof-of-Work protocol can be extremely sturdy in terms of security as long as it has a sufficient number of nodes to keep the computational power high enough to avoid 51% attacks.
Many altcoins post-Bitcoin failed here.
Recently, there have been several 51% attacks that have been fairly successful. The most recent was completed in August 2021, when Bitcoin SV encountered this issue. According to some members, the first reorg was around 100 blocks deep, with 570,000 transactions wiped out. After an attack, the value that has been stolen can be appraised at around 5% of its original worth.
In 2019, Bitcoin Gold (BTG) was hacked on two separate days, January 23 and 24, with a 6-hour time gap between them. The first one cost $19,000 and involved removing 14 blocks and then adding 13 more. The second one cost over $53,000 and deleted 15 blocks while adding 16.
If in terms of security, some cryptocurrencies may fail, at least they’re anonymous, right?
Well, not so much. Indeed, cryptocurrencies offer a great degree of control and privacy, but they are not 100% anonymous.
Keep in mind that every transaction is forever recorded in a public ledger that contains public addresses.
Also, governments are rather suspicious of cryptocurrencies because of reported usage in illicit activities. Thus, they started collaborating with cybersecurity companies to track and monitor cryptocurrency transactions.
For example, CipherTrace, a USA cybersecurity company, announced on October 19, 2019, that its extended platform allows clients to trace more than 87% of the transactional volume of the top 100 cryptos such as Ether, Tether, Bitcoin Cash, and Litecoin. This means that authorities can use monitoring methods not only against criminals but also against ordinary people.
Also, due to AML and KYC regulations, most cryptocurrency exchanges and wallets will require their users to go through personal identification processes. That means a public address can be associated with a wallet and a wallet with a person’s identity.
But isn’t Bitcoin anonymous?
Bitcoin was thought to be a pseudonymous cryptocurrency that maintained privacy by using Bitcoin addresses that couldn’t be linked to real-world identities. But being a public blockchain, it was easy to observe usage patterns for public addresses and transactions and identify connections to individuals.
Furthermore, when nodes were publishing transactions inside the blockchain, they were leaking their own IP addresses.
Bitcoin’s security and privacy
Bitcoin’s security is set on the fact that it’s based on a blockchain in a distributed ledger. Every block contains information about every previous block, so when a user makes a transaction, the node that writes in the transaction will automatically see where the funds come from.
After checking provenience, the transaction will be written in the new block. The miners will always add new blocks to the blockchain that has the most blocks. And, if a malicious user tries to create a new chain deriving from the legit blockchain, he has to complete the PoW algorithm puzzles to add new blocks on his fork.
In order to have his fork become the main blockchain, he needs to complete algorithms faster than the whole community to obtain the longest chain.
Although a resourceful hacker may get lucky enough to add a few blocks, the amount of computing power he would need to surpass the legit nodes is virtually impossible to create.
What happens when your transaction gets written into a fork?
Well, nothing! Due to the possibility of an accidental or malicious fork taking place, to avoid double-spending, once a transaction is added to the blockchain, it has to receive more confirmations until it’s considered permanent and irreversible.
The first confirmation comes from the miner that broadcasts the transaction to the network. The next confirmations will come inside the following blocks that will include this transaction as taking place in the blockchain’s history. Therefore, if a transaction gets trapped in a fork, it will not be included inside the main blockchain.
When it comes to privacy, Bitcoin can be considered a pseudonymous currency in which you are given a public address that replaces a person’s identity. The blockchain is public, containing the transaction history of a coin from the moment it was minted.
But the degree of privacy the pseudonyms provided is quite eroded by the KYC and AML regulations. Even more, nowadays, services such as Chainalysis, CipherTrace, and Elliptic deanonymize blockchains to detect money laundering, fraud, and compliance violations.
And in response to the erosion of Bitcoin’s privacy, tumbler/mixer services such as CoinJoin were created to improve anonymity in Bitcoin.
In CoinJoin, users create different transactions with smaller amounts at different times, shifting ownership of their coins and making each transaction harder to track. This process is then repeated among different users to grow the difficulty.
However, coin mixing has its flaws as well. As research conducted in 2017 shows, 67% of the CoinJoin transactions could be traced by researchers, mainly because there were only 2–4 participants on average per transaction.
Welcome to privacy coins
With Bitcoin’s privacy as a work in progress, other developers took the initiative to create cryptocurrencies to support private transactions and called them privacy coins.
Some notable examples of established privacy coins are:
Top privacy coins
Monero (XMR) is an anonymous digital medium of exchange that is resistant to blockchain analyses. It is considered by many to be the leading cryptocurrency in terms of privacy.
The goal of Monero is to create a fully decentralized digital currency where funds are fungible and cannot be associated with public addresses.
The coin uses a variation of PoW called the Crypto Night hashing algorithm, which exploits a system of stealth addresses, ring signatures, and transaction data mixing. Through this protocol, the data about amounts and destinations are hidden inside the transactions.
Another thing about Monero is that it doesn’t have a fixed block size limit, so, in theory, it supports 1,700 TPS.
Also, Monero has no option for transparent transactions; therefore, nobody really knows what the actual circulating supply is, and the $4.61B market cap is only an estimation.
A major downside of Monero is that if someone manages to break the privacy protocol, all the data about the transaction will become public. This situation actually happened between 2014 and 2016.
Furthermore, in 2018, researchers took on the challenge of analyzing Monero’s blockchain and managed to deanonymize 62% of all Monero transactions. And in 2020, the IRS gave $500,000 contracts to Chainalysis and Integra to build a tracing tool for Monero, with $125,000 available if each business succeeds.
Monero, on the other hand, has been a cryptocurrency of choice for darknet marketplaces in recent years due to its main purpose of safeguarding users’ privacy and popularity.
Some crypto exchanges have delisted privacy coins to ensure compliance with anti-money laundering regulations due to this sort of privacy and regulatory pressure in recent years. However, the regulations governing privacy control differ from one region to another.
Verge is a private digital currency that does not rely on cryptographic techniques but uses multiple anonymity-centric networks such as TOR and I2P. It uses TOR to send communication across an anonymous distributed network of nodes formed by a global team of volunteers and encrypts data through I2P before sending it through the global network.
Verge uses the open ledger to verify transactions without linking them to any IP addresses or other identifying information. It has some unique features such as atomic swaps or fast transactions, is able to support 100 TPS, and has a market cap of more than $170.75 M.
Zcash is an open-source cryptocurrency that uses Bitcoin’s core code and a variation of the PoW algorithm, the Zero-Knowledge Succinct Non-Interactive Argument of Knowledge.
Zk–SNARK refers to a proof of construction where one can prove possession of certain information, like a secret key, without revealing that information and without any interaction between the prover and verifier. However, its decentralization is debatable because of the voting system that can allow even the exclusion of some nodes.
The goal of Zcash was to create a fungible altcoin that wouldn’t lose value because of its usage history and also provide a high degree of privacy.
By making the coins fungible, a coin could easily replace another to limit a tracker’s ability to tell them apart and identify their owners.
Zcash supports 75 TPS and has a market cap of $2.223B.
However, Zcash is not private by default, which weakens the concept of a privacy coin. Even more, in 2018, researchers were able to associate 69% of Zcash shielded transactions with founders and miners.
Dash is an open-source, decentralized cryptocurrency that forked from Litecoin and used the PoW algorithm.
The main goal of Dash’s developers is to reach mass adoption. By now, it is already accepted by some legit merchants. And through a third party, it can even be exchanged directly to FIAT and have the funds transferred inside Mastercard or Visa credit cards.
It supports 35 TPS and has a market cap of $1.14 B.
Dash offers an option for transparent transactions together with an option for private transactions.
However, the high degree of transparency that Dash says it offers is questionable. Its PirvateSend feature consists only of the simplest form of a coin-mixing service performed by its master nodes. Also, there were several complaints about the mixing process being too slow.
Komodo is a less-known private cryptocurrency that forked from Zcash and used zk-SNARK. It is said its developers have implemented a better proof of construction algorithm for security reasons, but Komodo still has similar limitations to Zcash in terms of private transactions.
Some of the privacy improvements Komodo brings in terms of anonymity regard purchasing new currencies via the Komodo blockchain and decentralized exchange while remaining anonymous.
Komodo achieved 20,000 TPS in 2018, and its developers are aiming for 1 million TPS. Currently, it reached a market cap of $54.3 M.
How legal are they?
Recently, regulations have begun to shift, and it appears that these types of cryptocurrencies may be outlawed in some regions. They are still available and legal in the United States, though.
Countries like South Korea and Japan, on the other hand, have outlawed the trade or possession of privacy coins entirely, removing a possible conduit for financial crime or terrorist financing.
For example, Bittrex, one of the top leading cryptocurrency exchanges, removed Monero and Zcash from its platform in 2021.
Following instructions from the UK financial markets regulator, Kraken did the same thing in November 2021.
How to be totally anonymous online in the cryptocurrency world?
Although they bring a higher degree of privacy, even privacy coins may fail in keeping your identity anonymous.
And the pseudo argument that nobody needs anonymity if they don’t have something to hide is fundamentally wrong. Even the United Nations Declaration of Human Rights recognizes financial privacy as a basic human right.
Furthermore, according to Amplify’s CEO, Justin Tabb, “Too much focus on anonymity’s negative usage on any platform can run the risk of restricting privacy for all users. In other words, a healthy degree of anonymity is required to ensure freedom for all.”
Therefore, to protect your privacy online while using cryptocurrencies, you should keep in mind the following tips, even when you are making use of privacy coins:
- Browse the internet in incognito. The most basic level of anonymity is to make sure your browser doesn’t save cookies, temporary internet files, or your browsing history. Either search the internet in incognito mode or make sure to set your browser to never allow cookies or cache files.
- Use TOR and VPNs. TOR hides its users’ identities and their online activity from surveillance and traffic analysis by separating identification and routing. And a VPN encrypts the traffic from your machine to the exit point of the VPN network. However, hiding your IP doesn’t mean you’re totally untraceable. Therefore, an additional layer of protection formed by anti-virus, anti-malware, and the firewall will increase your security.
- Avoid revealing identifiable information of any kind. KYC and other user identification processes from centralized exchanges and web wallets can also add a vulnerability to your privacy. The ideal way to keep your privacy intact in the cryptocurrency world is to be paid in cryptocurrency or buy P2P. Furthermore, keeping a low profile is contradictory to being a cryptocurrency influencer. So, never post about your holdings on social media.
- Avoid address reuse. Use wallets that generate new public addresses for each incoming transaction and make sure the functionality is activated. By never using an address from a previous transaction and always generating a new one, when someone tries to track your activity, he will have a harder time establishing a pattern.
- Use Trustless CoinJoins. Trustless CoinJoins provide a greater degree of security than regular centralized mixers. You should avoid using random centralized mixing services because they require putting your trust in a 3rd party that can steal, be hacked, or be cracked down by the government, thus resulting in you losing your funds. However, in trustless CoinJoins, even though pools are hosted on coordinating servers, cryptography prevents the stealing of funds. They also have pool transactions with many users and do several mixing rounds.