Tag: digital identity

3 Rules for Healthy Pseudonymous Hygiene with Ethereum

Anonymity with Ethereum is hard. It’s a public blockchain, after all.

Sure, you can create your seed phrase offline or with a hardware wallet, but as soon as it comes to moving funds to your fresh accounts you should expect that eyes will see that transaction – even years later.

Even with all the proper steps taken to create a cold wallet, the currencies you put into those accounts still come from somewhere. And somewhere wasn’t in your control.

Typical Transactions

Let’s take the classic example of where that money comes from: an exchange.

When you sign up for an exchange like Coinbase, you go through KYC. They know who you are, how much you buy, and where you send it.

So, when you send funds from the exchange to your secure cold wallet, they have access to this transaction. They could deduce that wallet as yours (and share that info with the IRS or NSA, etc). Even if you use a mixer, the exchange will still see this and flag or even block your address.

It’s all connected, forever.

Now, in this pure example, nobody else could deduce that this cold wallet is yours. Randos on Twitter wouldn’t be the wiser. On-chain it’s just another transaction.

This is basic pseudo-anonymity: the public doesn’t know that this account is yours, but there is some trail that could identify you to someone. In essence: you are not guaranteed anonymity. 

The risk of exposing your addresses and losing that pseudo-anonymity is exacerbated by participation in the network:

  • Transferring funds
  • Registering ENS
  • Buying NFTs
  • Using DeFi
  • Transacting with platforms like God’s Unchained

So it’s good to arm yourself with some principles & rules for using Ethereum so you can guard yourself from exposure.

Principle #1: Be Public AND Private

Use specific public & private addresses and keep them completely separate.

With this one principle, you’ll be able to maintain pseudo-anonymity with one reason: intention.

When you commit to using a public address, you acknowledge and understand the public nature of the chain itself. This inherently will train you to think between public and private transactions.

Always think: “Should I use my public address for this transaction?”

For example, I use my public address for:

  • Registering ENS & mapping it to my Twitter
  • Connecting to God’s Unchained
  • Building example transactions for education
  • Kicking the tires on DeFi platforms before diving in
  • Linking with 3box and Satellite

Not everything can be private; rather than deprive yourself of using various protocols, use a public address with them instead.

With that, you can expand into a few simple rules (and a handy flowchart).

Rule #1: Use multiple addresses

Not only should you split between public and private addresses, but you should use multiple of each to diversify your pseudo-anonymity.

Maybe you don’t want two public protocols to know that you’re using the other. Consider using a public address for each.

If you want to guard your private address against the risk of exposure, split it into multiple. Use one for DeFi and one for hodling – this way no one can determine your full net worth by uncovering one account.

Use one for a public pseudonymous Twitter account.

With multiple addresses, you limit your exposure to connecting them all.

Unfortunately, as you expand your address collection, your fees for moving those funds around grows. Be sure to consider transaction fees into your privacy plan.

Rule #2: Never cross streams

Never transact directly between your public and private addresses.

Only send assets to your addresses from a centralized exchange (or a mixer).

Due to the way centralized exchanges are set up, they essentially act as a mixer with the way their receive/send currency. So, if you need to send money from your private address to your public one, send it to your exchange first and disperse it to your public address in two transactions to ensure you leverage the mix properly.

Obviously this does still leave you exposed to exchange deduction, but it will keep the public out of the know. You’re not trying to hide from big brother, are you?

Rule #3: Use Brave, a VPN, and Tor

Looking to supercharge your privacy?

Use Brave browser and always clear cookies & local storage when switching between public and private accounts. This prevents individual applications from tracking that two addresses could be linked to the same user.

Use a VPN or Tor to totally obfuscate your internet browsing history from your ISPs.

When you actively commit to dividing transactions between multiple public and private addresses, you’ll be well on your way to concealing your true net worth & activity; limiting your exposure to being a target for crypto theft and questions from your mother-in-law.

What tips do you have?

How to create a pseudonomous identity on the internet

Image credit

A short guide to creating a pseudonymous identity on the internet that probably can’t be traced to your real identity (for fun).

Maybe you want to launch a DeFi product without attaching it to your identity? I don’t know you.

Prerequisites:

Step 1: Use VPN or Tor

Obfuscate your IP address with a VPN or Tor when interacting with these applications to maximize cloak. Or don’t. At least use Brave browser.

Step 2: Fund a new Ethereum address with a Mixer

Properly transfer some ether through a mixer like Tornado to a brand new address (probably MetaMask). This kills off any connection to your central exchange (CEX) funded address.

Remember, don’t dox your new address with direct transactions or other touches.

Step 3: Create an Ethmail address

Legacy internet is built with email. Claim your ethmail.cc email address using your new Ethereum address. Don’t add an email forwarder.

Step 4: Signup for Twitter, Github, etc.

Use your new email to signup for new accounts.

Don’t reuse a password – always use VPN. Be careful when you set up 2FA to not use a linked phone number – maybe no 2FA at all.

Make sure you’re using incognito so Twitter can’t link your old sessions to the new account – clear browser cookies/local data first.

Step 5: Claim an ENS name and link your social profiles [optional]

Add Twitter to your ENS record and ENS to your Twitter profile. This ties and proves your address to your profiles. Don’t want to prove it? Do you.

Step 6: Use

Launch smart contracts and tweet tweets, you’re free! 

Congressman Bill Foster: the US Central Bank Digital Currency

On Thursday, January 23, 2019, I listened to Congressman Bill Foster (IL – 11) present his thoughts on a US Central Bank Digital Currency (CBDC) and its relationship with a centralized Digital Identity.

Before getting into the weeds, I’d like to restate that these are his expert thoughts (blended with some personal perspective), not a polished proposal ready for votes.

Overview

Principally, Foster’s US CBDC would rely on three foundational elements.

  1. Account-based balance transfers through Fed-owned accounts.
  2. Judicial safety nets for “reversing” transactions through courts
  3. Biometrically-signed Digital Identity tied to both ends of transactions

Notably, what it does not explicitly include is establishing this CBDC on a blockchain or as a cryptocurrency. Rather, the nature of the judicial safety net to allow transactions to be frozen or reversed would fall directly opposed to the immutable nature of the typical blockchain.

Before we explore each of these, let’s add some context to his point of view.

Why they want to do it

Fundamentally, the US government is not acting from a forward-thinking mentality. Rather, they are playing defense against China.

The threat of a Chinese CBDC is the strongest impetus the US government has for pushing for a US CBDC. They worry, among many, that the dawn of a Chinese CBDC will dethrone the USD as the world’s reserve currency. Without this, the US would not act.

Further, they worry that if the Chinese CBDC gains adoption, the world would be under the thumb of Chinese law – your assets could be frozen or confiscated without warning or reason, and the recourse would be through Chinese courts.

Now, as much as I distrust the US system to get it right, I’d choose them over the Chinese system every time. And, despite it all, many people would agree with that choice as well.

In summary, the US government wants to protect their power over the global monetary supply against a growing Chinese alternative; reasonable, I suppose.

Why it needs to be built this way

The dream of truly anonymous, immutable, and trustless peer to peer payments cannot be fulfilled through a CBDC (just use crypto instead).

Firstly, KYC/AML fundamentally opposes anonymity. Though any libertarian would argue against it, the reality of the world and its use of money for nefarious purposes is apparent. We can’t have a CBDC that is built to easily comply with washing illegal money into the primary monetary system. Say what you will about cash, but digital currency moves at the speed of light and needs to be held to a higher standard. So, we need a reliable digital identity.

A CBDC can only be built within the confines of its ability to enforce compliance with the law. Therefore, it can only exist with a layer of verified, biometrically-signed digital identity (thumbprint, iris scan). The curious piece of this is how identity would be enforced outside of the US; ie. how would a French banker use a US CBDC; a Russian?

Interestingly, Foster posits that the CBDC can be built in a pseudo anonymous way to prevent counterparties from knowing each other’s identity, while still revealing both to the central authority. This could fundamentally change the data collection strategies of payments companies like PayPal in that they would not have a credit card name on the transaction to relate to any other transactions. Businesses would only know that $29.99 entered the system for an item, not that it came from Joe Smith.

Secondly, like any contractual agreement, the ability to raise issues to a higher, impartial power to settle disputes is foundational to trust, recourse, and plain usability. If I have a contract with someone and there is a dispute, I can take them to court for action. A CBDC must be built with a layer to leverage this pattern; on-chain or off-chain. If you accidentally send funds to a dead-end account, you’ll want a way to escalate the issue to reverse the transaction. If someone steals your money or defrauds you, you’ll want the justice system to provide an option.

While I am against providing a small subset of individuals the keys to a “backdoor” to the CBDC (since it becomes a single point of failure that every enemy nation state will likely make their primary target), the pattern must be implemented to some degree. Personally, I would prefer an off-chain option rather than open a backdoor to the entire monetary system, regardless of how well trained and secure the operators are.

Lastly, instead of using the cryptocurrency pattern of keys owning tokens and transactions transferring ownership, Foster prefers to use account balance transfers within the confines of the Federal Reserve. He believes account balance transfers instead of blockchain would be a superior solution to scale; at present he’s not wrong.

I can’t speak to the strategy of holding these accounts within the Federal Reserve or how this system would play into monetary policy and interest rates. Foster did not have any comments on this perspective, but it’s hard to imagine that they wouldn’t mess with your account somehow.

Final Thoughts

Though many libertarian ideals will die on the table for the CBDC, did we really expect anything else?

I’m actually very excited to see the use cases of a solid, biometrically-signed digital identity. From preventing spam calls to online voting, a trusted, government-backed digital identity would fundamentally transform the internet.

As far as the US CBDC goes, I wouldn’t hold my breath. Acting defensively and without a clear proposal, we’re a long way off from POC and adoption. And I don’t see myself using the Chinese CBDC to pay my bills anytime soon…

Meanwhile, if you want to use USD on the internet, pick up some DAI or any other stablecoins.