‘People Will Get Burned’: Matt Odell on the Long Road to Bitcoin Privacy

Privacy advocate and hardcore bitcoiner Matt Odell discusses CoinJoins, privacy coins and “canaries.”Read MoreFeedzy

Ask a hundred people what Bitcoin is and you are bound to get a hundred different answers. It’s “digital gold.” An uncensorable transaction network. A high-alpha buy tracking tech stocks.

The most notable example is perhaps Russia, which – facing never-before-seen sanctions blocking it from most of the dollar-denominated global economy – hasn’t yet been all that interested in using the stateless monetary network, Bitcoin. Not even the U.S. Treasury thinks crypto will be an effective means to skirt international sanctions.

Bitcoin, as it stands, just isn’t very good for the actual day-to-day needs of criminals, be they individuals or nation-states. That’s because there’s no privacy on Bitcoin. And that’s a problem for law-abiding users as well. A fully auditable ledger of transactions, grouped and ordered by computer hashes to also make it immutable, the blockchain is unlike any other financial system. The books are fully open, and they leave a permanent record of crime.

Sure, there is a modicum of privacy on Bitcoin by way of native pseudonymous, alphanumeric addresses. You don’t have to reveal your true name to use Bitcoin. But you do if you want to use Coinbase or most other on-ramps to the fiat economy.

“Privacy is the ability to selectively reveal yourself to the world,” said privacy advocate and full-time bitcoiner Matt Odell, who has written a guide on how to achieve this using bitcoin. The system isn’t perfect, but it can be used pragmatically.

Staying private on Bitcoin requires a lot of work. It requires sourcing your bitcoin anonymously and figuring out how to store it, send it and spend it without divulging any personal information – ever. If at any point you leak identifying information, your whole history of financial transactions and all transactions going forward can be tied back to your identity. You have to start again.

Like other bitcoiners, Odell, the co-host of “Tales from the Crypt,” wants to make bitcoin better for money laundering so that it might be reliable enough for anyone in a disadvantaged position to use.

Part of the reason there are so many definitions of or metaphors explaining Bitcoin is that it’s a system that has promise to develop into so much more. It could be the settlement layer for the global economy or even a reserve asset held by central banks. Despite the lack of privacy, Bitcoin’s other features – its supply limit and censorship-resistance – make it appealing. It’s the best money, Odell says. And because it is the best money, all other finance will fly to it.

In a recent interview, Odell talked about CoinJoins, using bitcoin privately and the need for “canaries.”

This interview has been lightly edited for brevity and clarity.

So there’s a “canary” at the bottom of your website. What’s the idea behind that?

Usually companies do it. The idea is that the U.S. government has been known to issue warrants and subpoenas with gag orders where you cannot tell your customers that you’ve got a warrant. But those gag orders don’t stop you from removing something from your website. So if you have a warrant canary up already, when you get a subpoena, warrant or a request for information, you remove the canary because it doesn’t violate the gag order.

Then you just hope that your audience is paying attention. I am not a company, obviously, but I am an outspoken privacy advocate. So who knows? If there is a situation where I just cannot talk on Twitter the canary text will disappear.

Is this a serious threat?

The stakes are extremely high. Privacy is a very sensitive topic, period. We have had governments push against encrypted communications and censor different privacy-related topics. Financial privacy is even more sensitive because it so quickly morphs into, “Oh, you’re enabling terrorists.” That’s a real pigeonhole advocates face – when obviously the goal is accessible financial privacy for the whole world. Criminals are already going to be able to use these tools privately; the question is if the average person is going to, too.

Is there a contradiction between living a public life and advocating for privacy?

Privacy advocates get stuck in a hole because if we do not have people talking about it then we have already lost. But if you care about privacy, you do not really want to talk about it, which is why you see a lot of privacy advocates or “nyms” [short for pseudonym] not showing their faces.

Privacy advocate Matt Odell keeps a canary on his personal website to signal if anything is amiss. (Matt Odell, modified by CoinDesk)

The unfortunate reality in our society is people do not take you as seriously if you are not a public individual. So the way I have circled that square is I put myself out there, but I try my best to elevate and empower nyms so it is more distributed. The other thing is, there is this disconnect between privacy and secrecy. Privacy is the ability to selectively reveal yourself to the world – so people might know my face, they might know some things about me, but they know what I want them to know in a controlled way as much as possible.

If you could do it over again would you use a pseudonym?

First of all, I have a ton of names. Many names. The name is not the issue. The issue is the face. If I did it again, I might not show it. You know, names can be changed, our faces are with us forever.

We live in a world of increasing facial recognition – my face is likely in government databases around the world. And that is not great. But it goes back to the same trade-off, right? I do not think my platform would be as large if I did it any other way.

What does “functional privacy” mean? It’s a term I hear a lot in reference to the open Bitcoin system, where, strictly speaking, privacy is impossible, but pseudonymity can be maintained.

With Bitcoin, you do not explicitly have a name attached to your Bitcoin addresses or when sending transactions. But every transaction does get recorded in this public ledger that we call the blockchain forever, and that is going to outlast all of us if we are correct.

It can be explored by anybody who has an internet connection. One of the dangerous things that can be done – after the fact, you do not need an active adversary – is that someone can find something out about you and then go back on-chain and follow everything you have done. That means if you do not start practicing privacy best practices now, it could have massive effects for you down the line that you’re not even considering.

At the same time, we have every regulated company requiring intimate personal information on bitcoin users. They are keeping huge lists on our transaction history, our balances. That information is obviously used to track users, to deanonymize users. We have surveillance, mercenary companies that have popped up that are focused purely on doing that for both corporations and governments, so the privacy situation on Bitcoin right now is not great. Over 95% of users are probably coming in through KYC [“know your customer”] on-ramps if not more.

At the same time, the fact that Bitcoin is an open ledger is a key aspect of its value prop[osition]. The whole idea is that you do not have to trust anybody, that you can verify everything yourself. That is enabled because it is easy to use your own node, and the ledger is transparent and verifiable.

Everything has trade-offs. Where’s the middle ground?

The middle ground is more user-friendly apps that can give people practical privacy that is accessible on the app level rather than necessarily trying to bake it all into the actual Bitcoin protocol.

We have started to kind of see that over the last few years. We have Wasabi and Samourai wallets. They are about to put out Wasabi 2.0, which hopefully should fix a lot of the issues that we have seen in Wasabi 1, which I do not recommend right now. I recommend Samourai Wallet and JoinMarket.

Privacy is a very achievable goal in Bitcoinland, but the protocol is extremely hard to change – that’s another key aspect of its value prop, because if you could change it then you can change it to the negative. It is important for us to have achievable goals and I think the most achievable goal is more user-friendly apps.

That’s fair. But the pointed question to ask would be – putting aside that at least 95% of people are coming on through KYC exchanges and considering that you have to figure out how to store it, how to use it properly, get familiar with mixers, all of these steps that you cannot mess up once – is privacy on Bitcoin a dead end even with apps?

I get where you’re going with this.

First of all, it’s important to make a distinction between mixers and CoinJoin. Mixers to me are centralized custodial services where you send someone bitcoin and they send you new bitcoin. CoinJoin is a collaborative transaction: when you have multiple people sending a transaction together to help break the probability-analysis that chain-surveillance companies do. As a result, it’s a native bitcoin send transaction.

So obviously there’s been a long history of custodial mixers being deemed illegal specifically by the U.S. government (and others). There’s been no such cases with CoinJoin, but I am not necessarily the most optimistic person in terms of what our legal rights will be going forward.

There might be issues in terms of using bitcoin privately – with regulated services – and that’s just unavoidable because the issue is on the regulated banking side. To me, that is a short-term adoption growing pain while people are actually still connected to the traditional financial system. In the future, ideally, you are looking at a bitcoin circular economy. People are not going to be buying bitcoin, they are going to be earning bitcoin through their jobs. They are not going to be selling bitcoin, they are going to be spending bitcoin. All of a sudden, those regulated entities that are attached to the banking system are way less crucial.

Do people actually care enough about privacy?

There are a lot of good arguments that they do not, that they could not give two [rhymes with “mitts”]. I mean, they have Alexa in their house. They have Google Home in their house. They have a smartwatch on their wrist. They are sending their DNA out to companies. There are plenty of examples of the overwhelming majority of people trading convenience for security and privacy.

There is a bright side with things like Signal or iMessage, which bridge the gap between the trade-offs of encryption and convenience. Bitcoiners should study Signal’s adoption – how they polished it as much as possible while providing good privacy guarantees. You want to make it as convenient as possible to reduce friction for people’s needs. It cannot be much more expensive or more difficult than a regular bitcoin transaction. Ideally, it could be cheaper.

My most optimistic take on privacy sounds really pessimistic. We have never been in a world that is so digital and open to corporate and government surveillance. What is going to happen is as more of our lives are online, we are going to see more and more leaks, hacks and compromises that put people at risk. As that happens, people will get burned, and when they get burned, they will seek out better alternatives.

At that point, it is important we have the tools and resources available for them so they can actually execute on that plan. But unfortunately, I think the majority of people will not wake up until they get burned.

Why haven’t CoinJoins become more popular?

I think, first of all, there has been a decent amount of traction. It has not been a miserable failure. Small steps, right? The overwhelming majority of people are not using CoinJoin. I think there are a couple of reasons. First, it is significantly more expensive than a regular native bitcoin transaction. Second, it is not exactly intuitive. The required tools are getting built and they are already much more user-friendly than they were a year ago. The team at Samourai Wallet has done a great job making using bitcoin privately much easier. Like everything else, it is a matter of reducing friction whether that’s cost or UX.

The third thing is a lot of people are just not actually transacting in bitcoin. No one is sending bitcoin privately or receiving bitcoin privately because they are just buying and holding. And of that subset, a lot of people are just onboarding directly onto custodial services, and they are not actually even taking custody themselves.

So if we’re going to talk about increasing CoinJoin adoption, you have to get people to actually send and receive bitcoin first.

What do you make of the fungibility concerns about “washed coins?”

That is another point. There is a lot of fear, uncertainty and doubt surrounding CoinJoin. If people are in the short-term fiat game, they are thinking about whether or not they can sell their bitcoin in the future on a regulated service. That is a reasonable concern – that they are not going to be able to sell bitcoin with a CoinJoin history. Personally, I think that is a short-term fear. Long term, if we cannot spend bitcoin with the CoinJoin history, then Bitcoin in general is going to have larger problems than your individual stack. Bitcoin would have basically failed at that point.

Why is that?

It is a matter of fungibility. If you did a CoinJoin eight hops ago or received bitcoin with an UTXO [unspent transaction output] 10 hops ago – is that coin “nonspendable?” If I am a shop owner and accept bitcoin, do I have to [survey] you to make sure that it’s the right bitcoin or something?

In the short term – if you are a trader – I completely respect the viewpoint that CoinJoin is not for you. Keep your options open. But I am not in it for trading bitcoin – it is a long-term game of accumulation. I think you should operate under the assumption that you are never going to sell on a regulated exchange and will spend it eventually. If that is the viewpoint, then it is not a real concern.

This reminds me of Kevin O’Leary’s thoughts on “clean” and “dirty” bitcoin, where he thinks institutions will only want to deal with environmentally-neutral coins. But white and black markets can spring up in a lot of ways – FATF-compliant crypto, crypto tied to hacks. Isn’t this inevitable?

You know, in 2013, there was a big push for merchant adoption, but it was done in a nonproductive way. Regulated startups like BitPay came in, offered companies the ability to accept bitcoin and immediately sell it for fiat. The whole thing was centralized and regulated. You were not really using bitcoin; you were selling it to a third party to buy goods and services in fiat. To me that’s not a proper circular economy.

Something like BTCPay Server that allows everyone to, in a sovereign way, accept bitcoin themselves with open source software rather than outsource it is an absolute game changer. We are seeing other open source projects like Satsale and CypherpunkPay emerge that provide this very easy to use open source stack to receive bitcoin. All of a sudden merchants around the world can accept bitcoin without KYC requirements, without banking relationships and might even be able to accept bitcoin in situations where they cannot accept fiat.

There are probably more merchants than you would think that want to receive bitcoin. They are the type that will not immediately sell for fiat and want bitcoin in a sovereign way without taking on intimate KYC information. There are businesses that want to stack sats [i.e., slowly accumulate bitcoin in small amounts] – so they offer discounts for payments in bitcoin or even refuse fiat. If you want to buy a Nodl [a bitcoin hardware product], you have to pay in bitcoin. You cannot get it any other way.

As things start to emerge, we will see more and more people using bitcoin in a slow, organic way. Bitcoin is ultimately a permissionless open system, there is really no way to force people to use it. People will find the need and will start to use it more.

That’s the circular economy. If you really want to make it happen, shouldn’t you similarly resist accepting KYC bitcoin in the same way that Kevin O’Leary won’t touch contaminated coins?

Ultimately, whether or not people want to use KYC services to onboard onto Bitcoin is a personal decision. Bitcoin is a system that relies on personal responsibility, and people should make their own decisions based on their own personal situation. My biggest issue with KYC right now is that I do not think the trade-offs are very clear to people who are onboarding and using it. I don’t think they realize that KYC is forever and that there will always be a record of how much bitcoin you purchased, when you bought it and where you sent it. All that can be used going forward or backwards to track you on-chain. So users should be aware of that.

It is very much a personal issue because it puts users at risk of theft, extortion and persecution. If an authoritarian government knows you bought bitcoin, they could put you in jail or seize your coins. Or if your KYC information leaks, malicious criminals might try to rob or extort you. We’re seeing so many newcomers come in and sign up for like eight different services – they are sending their passport and selfies to all these different places that are all secured horribly.

Have you considered Zcash or Monero?

I think Zcash is just a dead-end project. There’s concerns about the math being overly complicated. They had an inflation bug that took a while to detect. And I think even to this day, [people] are not 100% sure if it is compromised. Worse, it was a situation where two or three people knew about it while they were trying to patch it – this undetectable bug – so you have that centralization risk. But besides the math, it is a U.S.-based company with U.S.-based VCs that have a massive amount of influence on it that still takes out a pre-mined reward every block. To my mind, that is a complete disqualifier.

Monero, on the other hand, is novel and unique and can provide very good transactional privacy. But there’s two things here. First, long term, I expect bitcoin to significantly outperform monero with respect to purchasing power. Monero is less hard money because you do not have the ability to verify its supply without trusting complicated math assumptions. You cannot have both – there is a trade-off and they went with privacy. So, as a result, money will flow to the harder money, which is bitcoin.

The funny thing is, because monero is getting removed from regulated exchanges – they have made it easy to swap with bitcoin. Instead of relying on regulated exchanges, they rely on bitcoin as their on-ramp and off-ramp. That means bitcoin users today can easily swap into monero basically as a private sidechain for transactions. It is a utility token but because XMR is trending to zero against bitcoin, there is no reason for you to hold the actual token long term.

That’s especially true once real privacy solutions are solved in Bitcoin, so to me both projects are flawed long term but for different reasons.

I’m about 90% of the way to being a bitcoiner, but it seems like there’s always a lot of solutionism [and widespread assumption] that problems – be they privacy, environmental, the fee economy – will always have a solution eventually. Why not be more pragmatic and use the worse tools for the better today?

There is a disconnect there, right? It’s something that is very frustrating to me about the bitcoin world, and it is not just a privacy thing. You normally will not hear a developer say anything like that, but on Bitcoin Twitter, you hear it all the time, “oh, this will fix it. We’ll figure it out.”

The privacy world in general cares more about practical solutions today because it is a real- world situation today. It is something that we absolutely need today. I do wish that there was more priority placed on some of these pressing issues but expect more people to get burned before the need for better privacy tools is realized.

DISCLOSURE

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Layer 2

Read This Issue

Leave a Reply

Your email address will not be published. Required fields are marked *