In the conventional financial system, privacy depends on keeping transactions known only by the parties involved, but Satoshi Nakamoto’s design for Bitcoin depends on public transactions to prove the validity of the blockchain.  In the original Bitcoin white paper, Satoshi writes,

The traditional banking model achieves a level of privacy by limiting access to information to the parties involved and the trusted third party. The necessity to announce all transactions publicly precludes this method, but privacy can still be maintained by breaking the flow of information in another place: by keeping public keys anonymous. The public can see that someone is sending an amount to someone else, but without information linking the transaction to anyone. This is similar to the level of information released by stock exchanges, where the time and size of individual trades, the ‘tape’, is made public, but without telling who the parties were.

In other words, Bitcoin transactions are publicly viewable to prove that no one is creating or double-spending coins, but the random nature of wallet addresses divorces transactions from users’ real-world identities.

In theory, Satoshi’s privacy model should work.  However, linking an address to a real-world identity can permanently break privacy.  Any coins remaining in the unmasked wallet could be traced if moved.  Furthermore, applying data analytics and some psychology to the blockchain can reveal personal details of users.

As an example, consider a form of statistical analysis known as energy disaggregation.  Every electrical device in your home has its own pattern of electricity usage over time, and people tend to fall into predictable patterns of device usage.  A high-current draw for a few minutes in the morning may suggest that someone is toasting bread.  The particular power spikes of a television might show up more frequently in the evening on days that certain sporting events air, suggesting that someone in the house follows a particular team.  With enough granular data on electricity usage and a few behavioral assumptions, a surprising amount of information can be extrapolated from seemingly irrelevant information.

Similarly, by applying data analytics and behavioral analysis to Bitcoin transactions, blockchain analysts can start guessing personal details of users and perhaps even link the pseudonymous wallet addresses with real-world identities.  Some companies already exist that focus on unmasking cryptocurrency users through blockchain analysis, and that kind of information would be a boon to repressive regimes and other governments that are hostile to privacy.  The Department of Homeland Security is already seeking ways to track Zcash, Monero, and other confidential alternative cryptocurrencies (altcoins)

However, privacy in cryptocurrencies is a solvable problem.  Coin mixing is one of the earliest anonymizing ideas to be tried with Bitcoin.  A trusted third party would mix bitcoins from multiple users to break the chain of ownership of particular coins.  In 2013, Gregory Maxwell proposed CoinJoin, a trustless implementation of coin mixing that uses smart contracts to prevent the theft of the tumbled coins, solving the critical issue of trust in coin mixing.  Various altcoins have built CoinJoin into their protocals (for example, Dash).  Other privacy technologies in the cryptocurrency space include confidential transactions, ring signatures (Monero), and zero-knowledge proofs (Zcash).  Monero is generally regarded as the gold standard of privacy coins because it is not only private by default but also employs numerous anonymity technologies.

New ideas are still entering the space.  In my opinion, the most exciting new privacy technology right now is MimbleWimble, which essentially applies the cryptography of confidential transactions to an entire blockchain, increasing both privacy and scalability simultaneously.  Beam is the first MimbleWimble altcoin to launch, with its genesis blocked mined on January 3, while Grin plans to launch on January 15.

Privacy in the information age is a moving target.  Yet despite ten years of developments, cryptocurrency technology is still at an early stage.  In the beginning days of the Internet, few considered the privacy implications of unencrypted HTTP, but today, most Internet traffic is encrypted for safety.  I expect that cryptocurrencies will follow a similar path toward confidentiality by default.  Even Bitcoin, with its understandably conservative development community, will likely become an increasingly private blockchain.