Many people are fond of the movie "Let the Bullets Fly". The film is rife with metaphors, one of which suggests "letting the bullets fly a bit longer". Over the years, various elements of this movie have been discussed in depth. While I haven't extensively researched this movie, one particular scene left a profound impression on me. In the scene, Zhang Mazi's adopted son, Lao Liu, is framed by Hu Wan. He's accused of consuming two bowls of jelly but only paying for one. In his indignation and to prove his innocence, Lao Liu cuts open his stomach, revealing he indeed only consumed one bowl. Tragically, this act leads to his death.
Whether audiences ridicule Lao Liu for his foolishness or feel his actions were unwarranted, I believe no one would agree with his drastic measure to prove his innocence. Ironically, in real life, many who see themselves as upright and transparent, believing they have nothing to hide, might willingly expose their personal details.
"Cryptocurrency" is not encrypted
There are numerous misconceptions surrounding blockchain, with one of the most common being that transactions on the blockchain are anonymous and private.
It's essential to understand that, apart from a few specific coins like Zcash and Monero, transactions of "cryptocurrencies" are not encrypted. In other words, when Wallet A sends assets to Wallet B, anyone can view the details of this transaction, including the sender, receiver, amount, time, etc. They can further trace all historical transactions of Wallet A and Wallet B. The transparent and open nature of the blockchain has no relation to privacy. In Chinese, I often use the term "密碼貨幣" (currency of cryptography nature) instead of "加密貨幣" (encrypted currency) to prevent people from falling into this misleading belief, as the consequences might be disastrous.
I suspect this misconception arises from the translation of "cryptocurrency" in Chinese. "Crypto" refers to cryptography, which is the foundation of blockchain. But for most coins, such as Bitcoin and Ethereum, the role of cryptography is like a seal, used only to verify the identity of transactors through private and public keys. The transaction details themselves are stored in plain text, without encryption.
Another source of confusion is the conflation between encryption and pseudonymity. Blockchain wallet addresses, like 0xCBD6832Ebc203e49E2B771897067fce3c58575ac, appear complex and random, resembling a password. With just the wallet address, outsiders can't associate it with its user. It's akin to using pseudonyms on forums, online games, or even Instagram. If you choose a username unrelated to your legal identity, others can't recognize you, but everyone can see your actions and interactions. As for encryption, the identities of transactors are usually public, but the content or details of the interaction remain confidential. For example, when Carol sends a message to Dave on WhatsApp, Facebook knows a conversation took place between them but can't see its content.
In reality, all transactions on the blockchain are transparent. If you obtain an individual's wallet address, perhaps by transacting with them once, you can trace all the wallets that have interacted with them. Although these addresses seem like random codes, with enough data, one can potentially identify the person behind each wallet.
Speaking of misconceptions, another one about cryptocurrency is its alleged predominant use for "money laundering". When one understands the above logic, it becomes clear that such a belief is far from the truth.
OTC exchange boutiques are practical and localized
Even in today's era of widespread digital currency, many small and especially older shops still only accept cash. Besides the transaction fees from various platforms, it goes without saying that traditional wisdom informs the public that cash is the most privacy-ensuring transaction tool.
Tracing the vine to find the fruit, where the "fruit" represents people and the "vine" signifies transactions, to use cryptocurrency while maintaining privacy, the key is to sever the "vine". When we talk about blockchain, everyone knows that the solution to ensure privacy is to use cash.
As mentioned earlier, resourceful Hongkongers have set up numerous cryptocurrency exchange shops across the city. Although they might seem small-scale, these stores operate on a cash-for-coin basis, making the transaction risk very low. Such cash transactions are not only convenient but also effective in ensuring privacy, cutting off the metaphorical vine of tracing.
Returning to the JPEX deposit example: even if we create an account using a "Outlaw Doppelgänger Technique" technique so that JPEX cannot link to our legal identity, once we transfer in cryptocurrency, all wallet transactions are exposed not only to JPEX but also accessible to the public. To circumvent this, not only do we need to create a new wallet, but the funds in the new wallet should not come from an existing wallet. Otherwise, for anyone trying to track us, the new wallet is just another point to trace. Of course, the JPEX example is purely for academic discussion. After depositing, it's likely impossible to withdraw without verifying identity, and even after verification, successful withdrawal isn't guaranteed I’d say.
When creating a new wallet, don't forget to turn on VPN. Yet the best method is simply to go offline and generate locally. Once you have the new wallet address, bring cash to the cryptocurrency exchange store. Remember to give cash and receive coins simultaneously: provide your new wallet address for the store to transfer the cryptocurrency immediately, and only leave once you've confirmed receipt.
It's essential to note that for transferring stable coins and conducting other transactions, Ethereum or equivalent native coins are needed. Using this method, you shouldn't only "buy U" (i.e., exchange for USDT or other stable coins) because the U inside would be frozen. Instead, either purchase a small amount of ETH for gas fees while buying U or buy ETH entirely and then use decentralized exchanges like Uniswap to convert ETH into other currencies. Unless planning to empty and discard the wallet, always retain a small amount of ETH for future transactions.
To comply with regulations and prevent money laundering, exchange stores have set reasonable limits on the amount that can be exchanged without providing legal identification. Generally, these limits are adequate for everyday needs for ordinary people like myself.
Stealth Transaction Tool: Umbra
If currency exchange shops are the low-tech solution for protecting the privacy of cryptocurrency transactions, then Tornado Cash is the high-tech solution at the other extreme.
Tornado Cash is a "coin mixer" operating on Ethereum. It works by depositing a specific amount from your usual wallet, for instance, 0.1 ETH, and then withdrawing from a newly created wallet. Due to the "zero-knowledge proofs" used in the withdrawal receipt, it's nearly impossible to trace back to the original wallet. If many users adopt this and all transact with similar amounts, then it becomes challenging to correlate funds entering and exiting Tornado Cash, achieving the effect of cutting off the "vine".
Unfortunately, Tornado Cash's power disturbed the establishment. Last year, it was sanctioned by the U.S. Department of the Treasury, and one of its developers, Roman Storm, was arrested. After a violent incident without apprehending the culprit, the U.S. simply arrested the "knife maker."
In reality, decentralized applications (Dapps) like Tornado Cash can't be easily shut down. Despite U.S. government sanctions, there are still ways to use Tornado Cash, but the barrier to usage has risen, and associated risks have increased. I cannot bear such risks and thus hesitate to recommend readers to use it. On the other hand, I introduce another simpler, legal privacy tool called Umbra, which facilitates stealth transactions known only to the involved parties, making them hard for outsiders to trace.
Suppose Alice is Bob's employer, paying him a salary of 2 ETH monthly. Given blockchain's transparent nature, every monthly salary transfer is publicly visible, allowing anyone to easily access historical records. In theory, Bob could continuously generate new wallets to receive his salary to maintain privacy, but managing this becomes burdensome for both Alice and Bob. Umbra simplifies this process and makes tracing more challenging.
First, Bob needs to set up an interface in Umbra, generating a pair of public and private keys exclusively for stealth transactions. He can also apply for an ENS like bob.eth to facilitate the payer, but it's optional. Afterward, Alice can use Umbra to pay the 2 ETH salary to bob.eth, and the assets will automatically be sent to a brand-new wallet that only Bob can access through Umbra. Bob can then decide where to withdraw the 2 ETH (minus the gas fee), whether to a completely new wallet, directly to an exchange wallet, or even to a currency exchange shop as previously discussed for further protection.
Note that once Bob transfers the 2 ETH to a third party, they can trace the funds back to Alice. And if Bob moves assets to a wallet linked to his identity, the stealth transaction's benefits are negated with his identity exposed. Another thing to consider is that if Alice's transfer is not in ETH but in stable coins or other ERC-20 tokens, and Bob accepts it in a new wallet instead of an exchange or currency shop, he will need to transfer a small amount of ETH for gas fee, leading to another potential privacy concern.
Another typical use case for Umbra is accepting donations. Suppose an organization uses an ENS address like carol.eth to accept donations. By checking carol.eth on etherscan, all donation amounts are publicly visible. Using Umbra for donations significantly improves donors' privacy.
The primary method of ensuring privacy is good usage habits, followed by supplementary tools. Even the most powerful tools can't protect users without cybersecurity awareness. While Umbra is a potent tool for stealth transactions, proper usage is crucial. Especially since stealth transactions involve various logical considerations about where to withdraw, which clues will be revealed, and how to trace the origin. To understand the intricacies, the best approach is hands-on experimentation, supported by reading documentation.
1984 Isn't That Terrifying
Even if one is upright and transparent, privacy remains crucial.
Just as a small shop accepting only cash doesn't imply tax evasion, valuing privacy doesn't mean having "something to hide"; rather, it's to prevent opportunistic thieves. Privacy concerns one's personal data, and the right to privacy allows an individual to decide whether to disclose personal information, including financial transactions. In any advanced or even developing country, it's a fundamental human right. As long as the scope is reasonable, it's perfectly logical and legal for citizens to keep their daily transactions private.
I pessimistically believe that a CBDC (central bank digital currency) where all transactions are transparent with zero privacy will emerge in authoritarian states, a future that even "1984" did not foresee.
"1984" isn't that terrifying. What's truly frightening is if we don't mind living in a 1984 scenario and even enjoy it. With the advent of CBDCs, by offering little incentives like transportation subsidies, people lacking privacy awareness will quickly become accustomed to its convenience and accept the full phase-out of physical cash. To prevent such a future, I am making my utmost efforts in "web3 civic education". Whether it is seized upon depends on individual fate and choice.
Extended Reading
web3dom - of web3 and freedom is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.
