Multi-platform blockchain explorer Blockchair has added a “privacy-o-meter” for every Bitcoin (BTC) transaction that identifies which part is the change.
This is the key to tracing a chain of transactions on the blockchain. While the Bitcoin blockchain is theoretically transparent, in practice it can be hard to identify the true flow of funds. Unless the wallet is drained completely, every transaction includes at least two unspent transaction outputs (UTXO), where one of them is returned to the sender as change.
Blockchair uses several basic and advanced heuristics to assign a privacy score. For example, in a low privacy transaction one of the recipient addresses is also a sender, which makes it trivial to understand which is the change. If one of the outputs is a round number, it is also likely to be the recipient of the transaction.
The system also analyzes technical clues like the type of the multi-sig that was used, the differences in script between inputs and outputs, as well as their ordering.
Identifying these factors is the basis behind blockchain monitoring systems provided by companies like Chainalysis, Elliptic, CipherTrace, Coinfirm and others.
The company thus hopes to educate users on how to send Bitcoi without exposing themselves too easily.
Privacy on Bitcoin
Analysis techniques have grown in sophistication over time. This led to the creation of the CoinJoin protocol, which mixes Bitcoin by aggregating outputs from different users and redistributing them to fresh wallets.
This privacy protocol has been steadily gaining usage since 2019 and reached new peaks in 2020. This is largely attributed to two wallets, Samourai and Wasabi, that provided a valid alternative to centralized mixing services.
But while this approach can improve privacy, using it incorrectly can also leave clues for researchers to deanonymize transactions. PlusToken, one of the biggest crypto Ponzi schemes, saw more than 50% of its proceeds tracked to Chinese over-the-counter markets, despite using the most advanced obfuscation techniques available.
While the large amounts involved made tracking easier, researchers demonstrated a set of heuristics that could compromise mixing on Ethereum. Though they noted that UTXO-based currencies can be more private, they believe the difference is not so significant to make tracking CoinJoin impossible.
Even privacy-by-default coins like Monero (XMR) can have instances where extra attention is needed to guarantee privacy — for example through the practice of “churning,” or sending transactions to oneself.
It appears that improper usage can make or break a privacy tool, making user education key.