Bitcoin Privacy Tool aims to “confuse” surveillance companies
Bitcoin Developer and privacy veteran Dan Gould has released a new privacy tool that aims to make it harder for Bitcoin analytics companies to track who owns which Bitcoin.
Bitcoin transactions are not very private; Viewing every Bitcoin transaction ever made is as easy as withdrawing any Bitcoin block explorer. Bitcoin analytics companies like Chainalysis (which some call “surveillance companies”) use patterns they see among transactions to inform authorities and companies about where Bitcoins are being sent and who is sending them.
Gould released a software development kit (SDK) at the end of March which aims to make it easier to add support for “PayJoin” – a privacy technique invented back in 2018– to any Bitcoin wallet or service, providing an easy way to adopt private Bitcoin payments. In addition, the website he created, payjoin.orgaims to educate about PayJoin so that website or exchange builders can be more informed about it as an opportunity.
PayJoin is not yet widely supported, despite not being terribly difficult to implement, Gould explained Decrypt. The developer said he wants to educate and make the privacy method better known. Since the release of the SDK, the Bitcoin wallet and the browser extension BitMask have used it to adopt PayJoins. Foundation and BDK considering using it as well.
Gould is focused on Bitcoin’s privacy because he believes it goes hand in hand with Bitcoin’s core goal: censorship resistance. “I don’t think you can have it [censorship resistance] without privacy. If someone can predict how you will behave, they can censor you. If they can control how you behave in any way, they can censor you,” Gould said Decrypt.
To break an assumption
One of the most popular privacy techniques used today in Bitcoin is known as a CoinJoin, where a number of Bitcoin users pool their money into a transaction, scrambling it so that it is difficult to see which Bitcoin came from where. Wallets like Wasabi and Samurai help organize CoinJoins between a group of users.
But there are a couple of important drawbacks. First, this coordination takes some time. Second, it is obvious by scanning the Bitcoin blockchain when a CoinJoin takes place, because it has far more inputs than the typical transaction has, and they are all strikingly similar.
PayJoins are different. They are a CoinJoin between only two users – the buyer and the seller – at the time of sale. As such, PayJoins can be baked into the process of buying anything with Bitcoin.
This negates one of the main patterns that chain analyst companies look at: if a payment has two inputs, those inputs must both be from the same owner. “Surveillance companies use the assumption to creep on Bitcoin users,” as the site payjoin.org puts it.
PayJoins potentially destroy this assumption, thereby “confounding” blockchain tracking services, because each input in a PayJoin comes from a different user – the buyer and the seller.
If PayJoins become more widespread, blockchain analyst companies will no longer be able to make this assumption safely.
Gould also argues that PayJoins are simpler than CoinJoins. “The biggest reason [to use PayJoin over CoinJoin] it’s a lot less complicated,” Gould said, “since PayJoin is just two parties, it’s a lot easier to set up the interaction.”
Also, unlike CoinJoins, Gould claims there is also a financial incentive for companies to use PayJoin. “Because a PayJoin combines a consolidation for fee savings with privacy benefits, I think people are more inclined to incorporate it,” Gould said. Plus companies “don’t have to be nervous about doing a blending step. Really, they’re just doing their consolidation at the same time they’re doing a transfer, and it doesn’t change their view of the ledger or their view of what their users are doing,” he said.
Future goals
That doesn’t mean PayJoins are all unicorns and rainbows. It’s easier to set up a PayJoin interaction because it only requires two parties. But here’s the problem: the PayJoin receiver needs to set up a server endpoint, which is not something your typical merchant has time to deal with.
In January, Gould proposed a “serverless” implementation on the Bitcoin developer mailing list, where users can forward this claim to a third party, without revealing anything about their Bitcoin. This is still a work in progress, although Gould has coded up a proof-of-concept.
Another point to keep in mind is that the PayJoin SDK is written in the Rust programming language, which not all developers know how to use. But he sees it potentially as a core tool that people can plug other programming languages into in the future. Gould said other developers are exploring writing “bindings” in other programming languages to expand the scope.
But whether or not this specific SDK is used, Gould says he hopes to encourage more people to consider privatizing their Bitcoin transactions.
