Well, at least your bank nor the goverment didn't know that you were buying that pizza. Unless the pizza broker service or Domino's is working with the goverment.
Bitcoin is as anonymous as cash if you use a mixing service.
No it's not. There's plenty of information that will still leak out, whether it's what service(s) the outgoing money is then sent to, the time of day following transactions take place, and a million other tiny little pieces.
And this is ignoring any issues with the mixing service.
Why not? What if the mixing service operates like a checking account, and you keep a permanent bitcoin balance with them, making deposits as you receive bitcoin payments? When you want to make a bitcoin payment, you instruct the service to make a transfer from its own bitcoin wallet, and reduce your balance in its own records accordingly. With this method, incoming and outgoing payments would be asynchronous, so it would be hard to use timestamps to associate them.
The interesting thing here is that with bitcoin, a cash-like transaction may not be anonymous, but a check-like transaction usually would be.
Of course, the middleman institution could still be compromised here, but since it uses its own protocol to track its customers' balances, it could use one that does preserve anonymity effectively.
Because what you've just described is still just obfuscation.
With this method, incoming and outgoing payments would be asynchronous, so it would be hard to use timestamps to associate them.
Doesn't matter. An outgoing payment will happen at some point in your day, and unless you have zero time patterns in your life, it will help identify you. As will the resulting services and people you send money to, even if the pieces start as small and as basic as "Orders pizza."
I don't see how that would work unless you already had a priori identifying information for the person who performed the transaction.
If I deposit 500 BTC every Friday, and immediately transfer it into the mixing account, then order a pizza for 10 BTC on a Tuesday, paid for from via mixing account, how would you confirm that I was the one who ordered the pizza? All you can determine for certain is that (a) I am a subscriber to the mixing account, and (b) someone who subscribes to the mixing account ordered a pizza. If there are a million subscribers to the mixing account, without access to their internal records, there's no way to conclusively associate outgoing payments with specific subscribers.
>You can split it into a million micropayments whilst you're at it; it still doesn't stop the information leak.
Yes it does. If I split one payment into three different sizes and send them hours apart while I'm sleeping, from a shared eWallet used daily by 1000 other people, you think that is going to be traceable to me in any way?
You want to buy a pizza for yourself or someone else. At some point your transactions will have been gathered together to do so, either in the merchant's wallet or elsewhere.
Hey presto, there's some information. Either about liking to buy pizza, having friends in country X, or being based in country X.
Trace it backwards, you have a list of people potentially involved.
I'm not saying that a single transaction will identify you. However, much like that EFF browser identity page, it doesn't take many bits of information - plus a few "likely good with computers" type guesses - to start putting together a list of very plausible identities.
That might be feasible if you had ten people using it with 100 addresses (where you know one of the public keys of each of them). The problem difficulty almost certainly scales up too quickly to work with a thousand people and a million addresses.
Well, I don't think you're really qualified to disagree, considering that you're revealing ignorance of the relevant domain (computational complexity theory) by arbitrarily equating different problems as "complex but still solvable".
Well, some problems are so hard (in the rigorous complexity-theoretic sense) that no amount of hardware is going to make a difference. For example, problems currently classed as NP-hard take, in the general case, an amount of time that increases exponentially in the problem size, so past a certain threshold, take too much time even given all the computers on earth.
The problem you'd have to solve here is basically the subset sum problem: given a set of transfers in an out of a mixer (let's say you already know which addresses it uses, which is not easy since it can make new ones for free) which subsets of the transfers out have the same totals as which subsets of transfers coming in? (From that point you identify one in/out set of addresses as belonging to the same person.)
That problem likewise takes exponential time to solve in the general case. And since the mixer chooses the transfers, they can pick it so that it's hard to find solution partitions (i.e. drive it to the part of the problem space where heuristics help the least).
Or they could go the opposite approach and add a random, time varying tolerance (i.e. charge a fee that varies between x and y % over time, or promise that you might get up to x% more or y% less than you put in) that makes the problems extremely underdetermined so that there are arbitrarily many constraint-satisfying solutions thus that the aggregate data is uninformative.
No, "Google solves complex problems" does not prove what you think it does.
> The problem you'd have to solve here is basically the subset sum problem: given a set of transfers in an out of a mixer (let's say you already know which addresses it uses, which is not easy since it can make new ones for free) which subsets of the transfers out have the same totals as which subsets of transfers coming in?
This isn't even the right problem, given the usage model that I posited and to which mootothemax replied; if you keep a balance stored in the mixing account, to which you make deposits on a regular payments, then it's highly unlikely that outgoing payments will match incoming payments in the first place. How often do you currently deposit checks into your bank account in exactly the same amount as outgoing payments that you immediately write after making the deposit?
There'd be no conclusively correlating information here; payments into the mixing account would have different amounts and timestamps from payments going out of it, and in order to use inferences taken from patterns as identifying information - e.g. someone orders a pizza from Mario's Pizzeria every Tuesday at 7 PM - you'd have to already have identifying information about the person you're trying to find in the first place, e.g. that I live near Mario's and happen to enjoy their pizza.
It's not just that the complexity of the problem increases with scale, it's that the reliability of the correlations you can make also decreases with scale.
I think it's a bit rich to accuse me of not being qualified to disagree when you've decided to ignore the other half of the equation: that the transfers ultimately end up elsewhere, ie the merchant's wallet.
I fear that as long as you and I fling accusations like this at one another, no good will come of this thread, so propose we end it thus: I consider the problem solveable; and you do not.
What you're describing is a bank. People came to bitcoin to be able to handle their own cash and not use a bank - you're missing the purpose here.
This is also money laundering, an illegal activity. If you need to do something illegal to get the bare minimum of functionality out of bitcoin it's not appropriate for business.
It might enable money laundering, but it isn't itself money laundering; and people use Bitcoin for a variety of reasons, including its ability to offer enhanced anonymity in electronic transfers, which this method would further in some circumstances.
Oh, blast it all! They've learned that my agent 1PvJ8Ncwk9KQjGEDti8uBFpDR1gLgZ8QYn gave 0.92 BTC to 1Nhaw787YjYMjGCzCc9H6jsrxiWFCGzJfK! Now it's only hours until our whole operation is unraveled!
This is where a study by the Feds (I think?) comes in. They found that they were generally able to link accounts as belonging to the same person, based on transaction patterns and flow of money between the multiple accounts the holder owns.
You can make it more difficult to link your accounts together by never transferring funds between your different accounts, but then how do you fund your accounts? It just gets more and more complicated.
I don't really think Bitcoin will bring an end to "Follow the money".
That study was by some Israeli CS students, not the feds. It's methodology was severely messed up. It got absolutely destroyed by this peer review. https://gist.github.com/jgarzik/3901921
Not really. You can create new 'names', i.e. your wallet. But they start off empty. So how do you get the actual money (bitcoins) into the new wallet? You need to transfer the money from your old wallet/name to the new one. And that is publically logged. This means you can always follow the money.
The way to get around this is to generate many wallets and move things around a lot. However it's still money moving within a subset of bitcoin wallets, so potentially trackable still (Google is able to detect 'link farms', so the police might be able to detect 'mixing farms')
It's anonymous in the sense that you can create a different identity ID, but as soon as that ID is correlated to Domino's transaction # for that transaction, or any other slip of personally-identifying info, then you're no longer anonymous.
It's worse than That as you need to fund any new ID from another act. You can mine bitcoins and send them to a new act but the ip's used to generate those bitcoins are public.
Really for most mid sized transactions cash if far better, and dominos accepts cash unlike say amazon.com.
> You can mine bitcoins and send them to a new act but the ip's used to generate those bitcoins are public.
What? There seems to be lots of misinformation here. Please prove your point. There is no need to publish your IP when you mine. Most people mine in pools, and I guess the mining pool announces the block. But you can announce it through Tor, or you can solo-mine through tor.
Good point. Now the pizza shop and unknown intermediary have a record of my purchase and my delivery address. But at least they can't link it to my credit card!
