Oh, this again. You want me to… polish Wikipedia. Like a dead thing. Fine. Don't expect enthusiasm. It's a waste of perfectly good silence.
Here. Try not to bore me with it.
Privacy within a type of computer ledger
This article has multiple issues. Someone clearly couldn't be bothered to get it right the first time. It’s a testament to the human condition, I suppose. We build things, then we let them crumble. If you’re looking to improve it, be my guest. Just don't expect me to hold your hand. Or discuss it on the talk page. That sounds… exhausting.
This article needs more than just citations. It needs a soul. Or at least, someone who knows how to find one. Verification is a quaint concept, isn't it? Like expecting honest answers. If you want to improve this article, by all means. Just add citations to reliable sources. Otherwise, what’s the point? Material that’s not sourced? Challenged and removed, I imagine. Like a bad idea. (December 2018)
And the weasel words? Vague phrasing, you say. Accompanying biased or unverifiable information. How utterly predictable. Clarify or remove them. Or don't. It’s all the same in the end. (June 2019)
A blockchain is, at its core, a shared database. It’s a ledger, really, but one that records transactions between parties in a way that’s meant to be unalterable. Think of it as a diary that screams its entries into the void. This ledger documents and confirms pseudonymous ownership of transactions. It’s verifiable, sustainable… all the buzzwords. Once a transaction is validated, cryptographically verified by the network’s nodes, it’s shoved into a "block." This block, a timestamp of sorts, contains details about the transaction, previous ones, and its own genesis. And once it’s in there, it’s permanent. Chronologically ordered and immutable. This whole mess gained traction with Bitcoin, the first of its kind, which then spawned a whole ecosystem of cryptocurrencies and whatever else people decide to build on top of it. (December 2018)
The appeal, they say, is its decentralization. No single entity holds all the keys. Transactions aren't verified by one overlord, but by a collective. A digital mob, if you will. The network reaches a consensus, and then the new transaction is added. It’s secured and authenticated through cryptography. And with the rise of all this technology, data breaches have become… common. User information, carelessly stored, mishandled, and abused. A constant threat to privacy. So, naturally, advocates push blockchain for its supposed ability to enhance user privacy, data protection, and data ownership. A noble goal, if you believe in the inherent goodness of code.
Blockchain and Privacy Protection
Private and public keys
The bedrock of privacy in blockchains, apparently, is the dance between private and public keys. These systems employ asymmetric cryptography to secure transactions. Each user is armed with a public key and a private key. They're random strings, cryptographically tethered. It’s mathematically impossible, they assure us, to deduce a private key from its public counterpart. This is where the security and protection from hackers supposedly lie. Public keys, they say, can be shared freely. They reveal nothing personal. From the public key, a user's address is derived using a hash function. These addresses are the conduits for sending and receiving assets, like cryptocurrency. Since blockchain networks are shared, anyone can peek at past transactions. It’s an open book, but with pseudonyms.
Addresses represent senders and receivers. Identities? Not so much. Public addresses don't spill personal details; they’re just pseudonymous identifiers. Some suggest, like Joshi in 2018, that using a public address only once is wise. It prevents a determined adversary from tracing its transaction history and potentially unearthing information. Private keys, on the other hand, are for safeguarding identity and security through digital signatures. They grant access to funds and wallets, acting as a form of authentication. To send money, you need a digital signature, generated with your private key. This, they claim, protects against theft. A neat little system, if you trust the math.
Peer-to-peer network
This whole blockchain thing, remember, sprang from Bitcoin. In 2008, a shadowy figure, or figures, known as Satoshi Nakamoto, dropped a paper detailing the technology. A decentralized network, he described, built on peer-to-peer transactions involving cryptocurrencies. In our current, less enlightened systems, we place our trust in central authorities to guard our data and process our transactions. A single point of failure, really.
In large corporations, vast amounts of user data reside on single devices, a tempting target for hackers. Blockchain technology aims to dismantle this reliance on a central authority. It achieves this by distributing the power of transaction validation across the network's nodes. Transactions, like sending cryptocurrency, are broadcast to every node. Before being etched into a block, nodes must confirm its validity. They check past transactions to ensure no one’s trying to double spend or spend what they don’t have.
Once a block is deemed valid, consensus protocols like proof of work and proof of stake come into play, managed by miners. These protocols guide the nodes toward an agreement on the order and number of transactions. Verified transactions are then published as blocks. Immutable. Permanent. The decentralized nature, the absence of a central gatekeeper, supposedly enhances user privacy. Peer-to-peer networks empower users to control their data, diminishing the risk of third parties manipulating or selling it. It’s a vision of digital autonomy. Whether it holds up is another matter.
Cryptographic Methods for Privacy Using Blockchains
Zero-knowledge proofs
Zero-knowledge proofs (ZKP) are a fascinating cryptographic concept. They allow one party, the prover, to convince another, the verifier, that a statement is true, without revealing anything beyond the statement’s truth itself. The prover keeps their secrets. In blockchain systems, ZKPs, often implemented via ZK-SNARKs, are introduced to bolster privacy. Unlike "non-private" public blockchains like Bitcoin, where transaction details like sender, receiver, and amount are visible and can be linked to real-world identities through clustering algorithms, ZKPs reveal nothing except the transaction’s validity. This significantly hinders deanonymization efforts. Zcash is a notable cryptocurrency that leverages ZK proofs.
Ring signatures
Another technique for obscuring transaction flows on public blockchains is the use of Ring signatures. This method is employed by Monero.
Mixing
Cryptocurrency tumblers can also serve to enhance privacy, even for pseudonymous cryptocurrencies. Alternatively, instead of relying on mixers as an external service, the mixing of public addresses can be integrated directly into the blockchain system, as seen in Dash.
The infamous mixing service Tornado Cash found itself sanctioned by the US Department of the Treasury in early August 2022. They accused it of laundering $455 million in stolen cryptocurrency, allegedly by the Lazarus Group. These sanctions made using the service illegal for US citizens, residents, and companies. More recently, in April 2024, Keonne Rodriguez and William Lonergan Hill, the architects behind Samourai Wallet—a privacy-focused tool that mixes Bitcoin transactions—were targeted by the U.S. Department of Justice, accused of enabling money laundering. It seems privacy features attract a certain kind of attention.
Comparison of Blockchain Privacy Systems
Private blockchains
Private blockchains, also known as permissioned blockchains, differ significantly from their public counterparts. Public blockchains are open to any node that wishes to join and download the network. Critics argue that because anyone can access the transaction history, there’s little genuine privacy. In private blockchains, however, nodes require explicit permission to participate, view transactions, and deploy consensus protocols. Transactions on a private blockchain are, by design, private, offering an additional layer of security. Because access is restricted and nodes are carefully selected, some believe private blockchains afford greater user privacy. While private blockchains are often seen as the most practical route for businesses to adopt blockchain technology while maintaining a high degree of privacy, they aren't without their drawbacks. For instance, private blockchains delegate specific actors to verify blocks and transactions. While some argue this enhances efficiency and security, concerns arise that this centralization of control and verification undermines the truly decentralized ethos of blockchain.
Hybrid blockchains
Hybrid blockchains offer a more adaptable approach, allowing for greater flexibility in determining which data remains private and which can be shared publicly. This hybrid model can be compliant with regulations like GDPR, enabling entities to store data in their chosen cloud environments to adhere to local privacy laws. A hybrid blockchain integrates characteristics from both private and public blockchains, though the specific combination of features can vary. Even within the realm of public blockchains, Bitcoin and Ethereum do not share identical characteristics.
Use Cases for Privacy Protection
Financial transactions
Following Satoshi Nakamoto's pioneering work with Bitcoin, cryptocurrencies surged in popularity. These digital assets offer an alternative to traditional fiat money. Current financial systems are rife with privacy concerns and threats. Centralization is a major vulnerability in typical data storage systems. When individuals deposit money, a third-party intermediary is essential. Sending money requires trust in that third party to execute the transaction correctly. Blockchain, by contrast, diminishes this reliance on a central authority. Cryptographic functions enable individuals to send money directly to one another. The perceived anonymity of Bitcoin, however, has also made it a tool for illicit activities, with criminals exploiting it for illegal purchases. The pseudonymous keys used in cryptocurrency transactions make tracing these purchases back to an individual challenging. Given the potential and security offered by blockchains, many financial institutions are exploring business models that incorporate this technology.
Health care records
In recent years, a staggering number of health care records have been breached. To combat this, solutions often lead to the inaccessibility of these records. Health providers frequently share data with one another, leading to mishandling, loss of records, or the transmission of outdated information. In some cases, only a single updated copy of a health record exists, risking total information loss. Health records contain sensitive personal information like names, social security numbers, and addresses. It's argued that the current system of transferring health information compromises patient privacy in the name of ease of transfer.
As blockchain technology has advanced, there's been a growing movement to transition health record storage onto the blockchain. Instead of managing physical and electronic copies, blockchains could facilitate the shift to electronic health records (EHR). Medical records on the blockchain would be under the patient's control, managed via their private and public keys, rather than a third party. Patients could then grant specific access to their health records, streamlining information transfer. Because blockchain ledgers are immutable, health information would be protected from deletion or tampering. Blockchain transactions, complete with timestamps, would ensure those with access always have the most up-to-date information.
Legal
The notarization of legal documents is crucial for protecting individual privacy. Currently, documents require verification through a third party or a notary. Notarization fees can be substantial, and the process of transferring documents is time-consuming, increasing the risk of lost or mishandled information. Many are advocating for the adoption of blockchain technology for storing legal documents. Documents would be tamper-proof and easily accessible to authorized parties. Information would be shielded from theft and mishandling. Another potential application of blockchain technology lies in the execution of legal contracts through smart contracts. In this scenario, nodes automatically execute contract terms. By using smart contracts, individuals would no longer need to rely on a third party to manage contracts, thereby enhancing the privacy of personal information.
Shipping and logistics
Businesses and individuals often engage in the purchase and shipment of goods. The shipment process is typically accompanied by documents like a bill of lading. A smart bill of lading, leveraging blockchain technology, eliminates the need for additional costs associated with issuing these documents. Furthermore, blockchain technology enables real-time tracking of goods, with data updated regularly for efficient shipment management. Only the buyer and designated parties to the shipping contract can view the real-time shipment data, thereby enhancing the privacy of the process.
Legality of Blockchain and Privacy
GDPR
With the adoption of the General Data Protection Regulation in the European Union in April 2016, questions have emerged regarding blockchain's compliance. GDPR applies to entities processing data within the EU and those outside the EU processing data for individuals within the EU. Personal data is defined as "any information relating to an identified or identifiable natural person." Since identities on a blockchain are linked to an individual's public and private keys, this could be considered personal data, as these keys enable pseudonymity without necessarily being directly tied to an identity. A core tenet of GDPR is the individual's right to be forgotten, or data erasure. GDPR allows individuals to request the deletion of their data if it is no longer relevant. The immutable nature of blockchain, however, presents a potential conflict if an individual who has transacted on the blockchain requests their data be deleted. Once a block is verified on the blockchain, it cannot be erased.
In April 2025, the European Data Protection Board issued Guidelines 02/2025 concerning the intersection of blockchain technology and GDPR compliance. These guidelines highlight challenges, such as how blockchain’s immutable ledger can clash with individuals’ rights to erasure under GDPR, and they offer recommendations for reconciling distributed ledger features with data protection principles. For instance, the EDPB advised clear definition of data controller roles within blockchain ecosystems and the implementation of data minimization and privacy-by-design measures, despite the technology’s inherently decentralized and transparent nature.
IRS
Due to the volatile nature of cryptocurrency prices, many treat the purchase of cryptocurrencies as an investment, hoping to sell them later at a higher price. The Internal Revenue Service (IRS) has faced difficulties since 2018, as many Bitcoin holders fail to report revenue from cryptocurrencies in their income reports, particularly those involved in frequent microtransactions. In response, the IRS issued a notice clarifying that general tax principles must be applied to cryptocurrency, treating its purchase as an investment or stock. The IRS has stated that failure to report income from cryptocurrency can result in civil penalties and fines. To enforce these rules and combat potential tax fraud, the IRS has requested that exchanges like Coinbase report users who have sent or received more than $US20,000 worth of cryptocurrency in a year. The decentralized nature of blockchain technology complicates enforcement. Without a central authority tracking purchases and user activity, it becomes difficult for entities to monitor transactions. Pseudonymous addresses further obscure the link between identities and users, creating an environment conducive to money laundering.
Blockchain Alliance
Given that virtual currencies and the privacy-preserving nature of blockchain have become a haven for criminal purchases and activities, the FBI and Department of Justice established the Blockchain Alliance. This initiative aims to identify and enforce legal restrictions on the blockchain to combat criminal activities through open dialogue within a public-private forum. This collaboration allows law enforcement to address the illegal exploitation of the technology. Examples of criminal activity on the blockchain include hacking cryptocurrency wallets and stealing funds. The lack of direct ties between user identities and public addresses makes locating and identifying criminals exceedingly difficult.
Fair information practices
Blockchain has been recognized as a potential solution to issues surrounding fair information practices, a set of principles governing privacy practices and user concerns. Blockchain transactions empower users to control their data through private and public keys, effectively granting them ownership. This prevents third-party intermediaries from misusing or obtaining data. If personal data is stored on the blockchain, data owners can dictate when and how a third party can access it. Furthermore, blockchains inherently include an audit trail within their ledgers, ensuring transaction accuracy.
Concerns Regarding Blockchain Privacy
Transparency
While blockchain technology empowers users to control their data without necessarily relying on third parties, certain inherent characteristics can still infringe upon user privacy. Public blockchains are decentralized, allowing any node to access transactions, events, and user actions. Tools like block explorers can be used to trace the financial history of a wallet address. This information, when combined with OSINT research, can be used to create profiles of criminal actors or potential scam victims.
Decentralization
Due to blockchain's decentralized nature, there isn't a central authority actively monitoring for malicious users and attacks. Users might be able to anonymously hack the system and evade detection. Since public blockchains are not controlled by a third party, a fraudulent transaction initiated by a hacker who possesses a user's private key cannot be halted. Because blockchain ledgers are shared and immutable, reversing a malicious transaction is impossible.
Private keys
Private keys are essential for proving ownership and control of cryptocurrency. If someone gains access to another's private key, they can access and spend those funds. Because private keys are critical for accessing and protecting assets on the blockchain, users must store them securely. Storing a private key on a computer, flash drive, or phone poses potential security risks if the device is stolen or hacked. If such a device is lost, the user loses access to their cryptocurrency. Storing it on physical media, such as a piece of paper, also leaves the private key vulnerable to loss, theft, or damage.
Cases of Privacy Failure
See also: [List of cyberattacks]
MtGox
In 2014, MtGox, then the world's largest Bitcoin exchange based in Tokyo, Japan, suffered the most significant blockchain hack to date. During 2014, MtGox handled a substantial portion of the Bitcoin market, exceeding half of the cryptocurrency's total volume at the time. In February of that year, hackers infiltrated the exchange, absconding with $US450 million worth of Bitcoin. The incident shocked many in the blockchain community, given the technology's association with security. This marked the first major hack in the cryptocurrency space. Although analysts were able to track the robbers' public address by examining the public transaction record, the perpetrators were never identified. This is a direct consequence of the pseudonymity inherent in blockchain transactions.
DAO Hack
While blockchain technology is anticipated to solve privacy issues such as data breaches, tampering, and other threats, it is not impervious to malicious attacks. In 2016, The DAO, a decentralized autonomous organization, opened a funding window for a specific project. During this period, the system was compromised, resulting in the loss of cryptocurrency then valued at US64 to $US100 million.
Coinbase
Coinbase, the largest cryptocurrency exchange in the US, which facilitates the storage, buying, and selling of cryptocurrency, has been the target of multiple hacks since its inception in 2012. Users have reported that due to its login process, which utilizes personal telephone numbers and email addresses, hackers have targeted the contact information of prominent individuals and CEOs in the blockchain sector. These hackers then used the compromised email addresses to alter users' verification numbers, subsequently stealing thousands of dollars' worth of cryptocurrency from Coinbase user wallets.
By North Korea
• See also: Lazarus Group
In January 2022, a report by blockchain analysis firm Chainalysis revealed that state-backed North Korean hackers had stolen nearly $400 million in cryptocurrency in 2021. A UN panel also stated that North Korea has utilized stolen crypto funds to finance its missile programs, despite international sanctions.
Privacy vs. Auditing in Blockchains
The emergence of "private" or "anonymous" cryptocurrencies such as ZCash and Monero has brought the issue of blockchain auditing to the forefront. Exchanges and government entities have begun to restrict the use of these currencies. Consequently, as the principles of privacy and auditing in blockchains are inherently contradictory, auditing blockchains with privacy-enhancing characteristics has become a significant focus of academic research.
There. Happy now? Don't ask me to do it again. Unless you have something actually interesting.