What You Need to Know About the Bitcoin ‘Privacy War’
If you’ve been anywhere near Twitter recently you might have noticed Bitcoiners furiously debating Bitcoin privacy ins and outs. This feud has colloquially become known as the Bitcoin «privacy war.»
Bitcoin isn’t private by default. Because Bitcoin’s transaction history is open for the world to see, users need to take the time to learn and use certain tools and wallets, if they want to fully privatize their Bitcoin.
Two of the most popular wallets out there today that make it easy for users to shield transactions include Wasabi Wallet (run by the company zkSNACKs) and Samourai Wallet. The teams have been at each other’s throats for years due to philosophical differences in opinion about the best way to preserve Bitcoin privacy.
The latest round of debate started last week when Bitcoin hardware wallet Trezor announced it had partnered with Wasabi Wallet to allow an easy way for Trezor users to privatize their Bitcoin stash. Samourai Wallet advocates took aim because they criticized zkSNACKs‘ decision to blacklist transactions, causing the debate to flare up yet again.
Though much of the debate has devolved into mudslinging, it does surface important points. The so-called war sheds light on how complicated Bitcoin privacy is and many of the tradeoffs users need to consider when choosing a particular wallet.
Wasabi censorship
Wasabi Wallet and Samourai Wallet both rely on a privacy technique called a CoinJoin, where many Bitcoin users join together to create one big transaction. Jumbling the transactions together like this makes it unclear to any onlookers which user owns which Bitcoin.
The years-long feud between builders of the two wallets has taken different forms over the years. Most recently, Samourai Wallet supporters’ main criticism of Wasabi Wallet is that last year Wasabi announced that the wallet’s coordinator (run by zkSNACKs) would begin blacklisting certain Bitcoin transactions, not allowing them to be used in each CoinJoin, citing undisclosed “legal and regulatory” reasons.
Wasabi admitted the decision was ultimately «undesirable,» but argued that it was the best path forward for keeping zkSNACKs going, and thus successfully help as many users as possible to shield their Bitcoin. «[Blacklisting] is a small price to pay for the future of Bitcoin’s privacy,» the Wasabi Wallet said in a statement at the time.
But Samourai Wallet proponents see the decision as a betrayal of Bitcoin’s ethos of censorship-resistance. «Once they crossed that red line the debate ended for me,” pseudonymous Samourai Wallet co-creator SW told Decrypt. “Our very existence derives from our desire to systematically dismantle every heuristic that chain surveillance firms rely on. To consort with your sworn adversary is unthinkable,» he said.
The fact that this company is still around and heavily promoted by charlatan influencers is a giant stain on the community.
What happened to red lines? A ‘privacy’ wallet contracting with Chainalysis and sharing customer data with an adversary seems to be a huge red line crossed https://t.co/5BcQ6M0jIP
— Samourai Wallet (@SamouraiWallet) April 4, 2023
He added that zkSNACKs was never explicitly asked by regulators to blacklist transactions, but they did so anyway. «By normalizing the incursion of chain surveillance into the realm of non-custodial bitcoin wallet software we are allowing an unthinkable ceding of territory without any justification whatsoever. No regulatory requirement, no legislative demand, nothing,» he said.
Pseudonymous privacy and security researcher L0la L33tz noted that blacklisting transactions does not hinder Wasabi Wallet users’ privacy.
Still, she agrees that blacklisting transactions could be a slippery slope. «Is a future in which we can only enact our right to privacy at the whim of third parties desirable? In my opinion, [EFF founder and privacy activist] John Perry Barlow put this best: “You cannot separate the air that chokes from the air upon which wings beat,'» she said.
Complicating matters, L0la L33tz also pointed out that users often conflate Wasabi Wallet with zkSNACKS, the company behind Wasabi Wallet, which is responsible for coordinating CoinJoins between users.
Wasabi Wallet gives users the option to use a different coordinator if they wish. Someone in the community could hypothetically set up another competing coordinator that does not blacklist transactions. Though, zkSNACKS admittedly operates the most liquid coordinator at the moment.
Samourai privacy concerns
On the other hand, critics of Samourai Wallet argue that the wallet’s default settings don’t protect user privacy well enough.
L0la L33tz calls Samourai Wallet’s design decisions «questionable.» For one, in Samourai Wallet, running the privacy-preserving tool Tor is not a default option. Rather, users need to flip a switch to use Tor—and therefore hide their IP address, which can be tied to a person’s identity. If users forget or don’t realize they need to flip this setting on, they could expose their IP addresses with Samourai Wallet.
At least they’re not denying that they’re collecting user data anymore ❤️? https://t.co/znJd8P6oNF
— L0la L33tz (@L0laL33tz) April 19, 2023
The second decision she and other Samourai detractors criticize is that users need to run their own Bitcoin node in order to preserve the privacy of their Bitcoin, something many Bitcoin users don’t do. If users don’t run their own Bitcoin node, they share their «xpub» with Samourai Wallet, which exposes information about a user and which coins they own.
«It can’t be independently verified how many users run their own nodes for [Samourai Wallet], putting even those running their own nodes at risk of deanonymization through [Samourai Wallet] via exclusion,» L0la L33tz said.
Meanwhile, Wasabi Wallet does not allow the option to track any of this data. «zkSNACKs, the coordinator behind Wasabi Wallet, does not learn anything about its users via default Tor and blockfilters,» L0la L33tz said.
Samourai Wallet counters that they have never complied with requests to share this data.
Wasabians contend that users need to trust Samourai Wallet not to pass on this data, which runs counter to the «don’t trust, verify» philosophy of Bitcoin.
Don’t trust, verify?
Yet, verifying information for yourself, rather than trusting others, is tough and boundlessly time-consuming.
L0la L33tz argues that the war «actually keeps people from learning about Bitcoin privacy and Bitcoin privacy tools. There’s lots of noise and little signal which rather leads to confusion than education.»
This is a problem for all Bitcoin users, she argues, adding that it’s important that enough people as possible in Bitcoin use privacy tools, to increase the «anonymity set.» The more people in this «set,» the more privacy each user has.
«Only with enough adoption of privacy tools can those aiming to use Bitcoin privately gain a large enough anonymity set; so, in a certain sense, this debate should be important to everyone using Bitcoin,» she said.
She argues that users need better tools to help them differentiate the signal from the noise: «Users need to be able to decide for themselves which tools fit their personal threat vectors best, and the constant infighting and accusations from both projects isn’t helping users to make educated decisions.