 Privacy and Coin Selection Algorithms Fungibility isn't optimal at the moment, with all addresses and transactions publicly visible in the rise of blockchain analytics firms. One area that seems to be of interest while we wait for confidential transactions and other privacy-enhancing implementations is improved coin selection algorithms. Could you explain how Samurai Wallet and other privacy-focused services choose their coin selection algorithms? What UTXO selection and change address creation best preserves privacy? Is there anything you can do yourself to obfuscate your transaction or mixing services the easiest and best way to go? This is a great question. At the moment, there aren't that many privacy-focused wallets. I think Samurai deserves credit for being the most privacy-focused wallet. It is one that I use quite regularly, because I really do like some of the features. Up to now, Samurai was using a technique called BIP 126, which had to do with how you organize change addresses and coin selection in order to maximize privacy. As of maybe two days ago, they announced a change in that strategy, which is a new protocol or method for organizing transactions called Stonewall, which is something they've introduced. Stonewall is a mechanism for evaluating the entropy of every transaction, and looking for potential information leak within that transaction. Every wallet leaves behind a signature in some way. The way that a wallet selects coins can leave behind various signatures that coin analytics firms can use, very effectively, to do correlation between different transactions. As far as I can tell, the Samurai team has been working on this problem, evaluating the randomness of each transaction in order to see if the wallet is inadvertently creating a signature that can lead to identifying the source of these transactions. Together with that, they've implemented some techniques that make a regular payment that you make with your wallet look like a coin join transaction, which means that your wallet will use a number of inputs and a number of outputs by creating effectively fake change. Now, if you add a number of outputs to a transaction that pay change back to other addresses that you control, from the outside, that transaction with lots of inputs and lots of outputs looks like a coin join transaction. By varying the values in the inputs and outputs and carefully selecting the coins, the wallet can make this transaction look like it's a mixture of multiple transactions from different people. That better preserves your privacy. I do know that even in the past, Samurai was one of the wallets that was very careful about how it selects change and receive addresses from your UTXO set in order to make sure that it doesn't associate things that should not be associated with each other. So, associate one UTXO with another by putting them together in a transaction where previously they came from two different transactions. Obviously, if you receive two payments to two different UTXO with two different addresses, then your wallet takes those two payments and uses them in the same transaction as inputs, that's advertising to the entire world that those two addresses belong or are controlled by the same person, which then allows people to correlate the previous two transactions to each other. Samurai does some of that. Another technology used within privacy-focused wallets, including Samurai, is a technology called Ricochet. This is a specific term that Samurai uses, but the concept is really simple. Most analysis firms do something called tainting, where they track coins that they believe are involved in bad transactions. For example, they may track coins that have been used in a gambling site, or coins that have been used in a sex-related site, or whatever else the morality police is currently considering evil. Obviously, if your coins come from a wholesome source like selling weapons to the Saudi government, not a problem whatsoever. But if it comes from an unwholesome source like you purchase the sex toy in Texas, oh dear me, that's going to get blacklisted. What these services do is track these evil coins. If you do a transaction that previously came from someone who did something naughty, then you might find that your exchange account gets blocked or locked, or even worse, completely shut down. Your funds are seized in some cases. This is a dangerous practice of blacklisting. The way some privacy-focused wallets get around that is by ensuring that if the analysis firms are checking four or five transactions back, you add extra hops by making transactions between your own controlled addresses. Instead of sending from you to, let's say, an exchange, you send from you to you to you to you to you to you to the exchange, chaining these transactions together so that when the exchange checks five addresses back, or six addresses back, they find an address that is not blacklisted because it's yours, and it's clean. It's one that's never been used before. The funny thing about this cat-and-mouse game is that if the chain analysis firms go six hops, the privacy wallets can go seven. If the chain analysis firms go seven hops, the wallets can go eight. We continue like this, but the problem is that this is asymmetric for the chain analysis firms, because if they start looking eight hops back, they start pulling in all addresses in the Bitcoin space, and then ten hops back, everything's related. I don't know if you remember the old meme of six degrees of separation from Kevin Bacon. The same concept at work here, which is that if you go far enough back, if you check enough hops back, every coin has touched almost every other coin, unless it comes directly from a coinbase transaction, meaning part of the mining process. If you keep pushing the chain analysis firms to incorporate more and more hops eventually, their data becomes horribly polluted because every transaction is tainted, and they can't simply advise the exchanges to stop accepting all coins, because all of them touched something naughty at some point. This is a strategy that the analysis firms are going to lose. Those are some of the things you need to consider when you're doing a coin selection in your wallet. This is not something the user can do. Preferably what you should be doing is picking a wallet that incorporates the privacy principles that you really care about, and then configuring that wallet by going into the settings and saying, yes, I want to use ricochet, yes, I want to use stonewall, yes, I want to mix up my change addresses, yes, I want to route everything over a tour. Not many wallets offer that today, so you have an opportunity to make choices that encourage wallet developers who follow these practices, perhaps even contribute to their projects with documentation and bug reports, or even by giving them a donation if you really appreciate the wallet that they're building. Resolving inconsistencies in your stance on privacy. Peter says, sometimes you say that Bitcoin is good because it achieves privacy, or at least future implementations will achieve full financial privacy. I've also heard you dismiss the Pito Nazi's argument against Bitcoin by pointing out that blockchains actually help trace back transactions once you have a suspect's IP address or Bitcoin address. These propositions are not really compatible. Could you be more specific about the level of privacy you would like to see in Bitcoin? Thank you, Peter, for this opportunity. First of all, let me disclaim this fanciful idea that all of my thoughts, opinions, and ideas are 100% internally consistent and provable true. I will use the good old defense and say that either my statements are incomplete or they're inconsistent, but they can never be both complete and consistent because I would violate Gato's theory. So let me try and be more specific. I think the fundamental difference here is a matter of scale. You see, I believe that we should have privacy in Bitcoin that allows every individual to maintain their financial privacy against broad-based, blanket, indiscriminate surveillance by central parties. So broad-based, blanket, warrantless, unconstitutional, in violation of the human rights charter and broadly accepted human rights. That kind of unconstitutional, illegal, immoral surveillance that violates human rights should be impossible to do in Bitcoin. On the other hand, if someone is doing something that involves criminal activity, it's not going to be broad-based surveillance that catches them. That's a fallacy, and it's a fallacy that's being sold to us primarily to persuade us that as long as we give a little more power and give up a little more privacy, crime will finally be beaten, terrorism will end, pedophiles will no longer exist, abuse of children will stop, all of the bad things will go away. All you have to do is trust a few people in power to have ultimate control over your privacy, your life, your human rights, and everything else, and everything will be okay. That authoritarian lie is basically designed to give more and more and more power. And in the end, it doesn't make the world a better place. Arguably it makes the world a terrifying fascist autocracy. So, what do you do about crime? The truth is that the vast majority of crime is solved by investigation and primarily by human factors. So, the person who's committing these crimes, who's abusing children, or committing fraud, or stealing money, or extorting people, or holding people to ransom, or whatever else you might be thinking of as one of the horrible things that will be committed on blockchains with money, just like they're committed with every other currency in the world, most of the time there's going to be a trail of evidence, it's going to be on their computer, it's going to be evidence that their co-conspirators know about. And I think law enforcement has traditional tools that they can use in the case of a crime where there is probable cause, where you can get a magistrate to sign a probable cause warrant, and a person can be investigated and their privacy stripped under due process of law, then that evidence will be sitting right there on their computer. And not only will they leave a trail, and their co-conspirators will know about this and can be flipped, and all of the other traditional law enforcement techniques, but also, once you have their computer, their private keys, and various other things that you got through due process and a properly signed warrant, well, now you have forensic evidence on the blockchain that they committed a crime. So, my stance of privacy is simple. I am against blanket, indiscriminate, warrantless, unconstitutional surveillance that violates human rights, and gives enormous power to centralized actors who will abuse that power, and ultimately erode and then destroy democracy. I don't believe that criminals should have privacy, but in order to strip someone of privacy and declare them a criminal, you need due process of law and you need a warrant. And the idea of stripping everyone of privacy in order to protect against crime means that in the end only criminals will have privacy, because they'll simply break the law that requires them to use the currency that's under surveillance. None of us will have privacy, except the criminals, and crime will never go away, because crime has nothing to do with the currency you use, or the computer technology, or the tool. It's a fundamental part of human nature. So, claim your privacy. There's a difference between indiscriminate, broad-based, warrantless surveillance, and the appropriate application of justice through due process and properly signed warrants, and the protections we have under all of the human rights charters in every civilized place on Earth. Pachelek. I believe I'm pronouncing this name correctly. Pachelek asks, Bitcoin will never add default privacy or fungibility within quotes. Ari Paul believes that it's highly unlikely that Bitcoin adds default privacy or fungibility, and again within quotes, because this would likely tank the price, since it means that all institutional and regulation-conscious money will have to dump it. So, apparently this is a quote from Ari Paul, and I don't know if this is an accurate quote, or if it's a paraphrase, so please take that with a pinch of salt. The question continues, there are many other reasons why people might not support a default privacy update as well. Realistically, do you think it's in any way plausible for the main chain to add default privacy, or would there almost inevitably be a separate cryptocurrency that provides the fungibility use case, whether it be the result of a contentious hard fork or a separate crypto such as Monero? Honestly, I disagree. To me, Bitcoin has never been about the investment and use of institutional and regulation-conscious money. Institutional regulation-conscious money already has plenty of investment avenues and plenty of currencies to choose from. So, if the addition of privacy and fungibility features actually did reduce the price of Bitcoin, I'm okay with that. To me, it's more important that this is a currency that is usable by the vast majority of human beings, who do not have access to stable, reliable, and private currencies, because they don't have access to stable, reliable, and democratic institutions, or stable, reliable, and non-mafioso-run bankers. So, quite honestly, I don't give a damn what institutional and regulation-conscious money does. I certainly don't think the developers who are involved in implementing features, the cypherpunks of Bitcoin, really give a damn about what investment-conscious money does. So, there will be additions of privacy and fungibility. They are very much on the roadmap. And if that causes regulation-conscious money and investment-conscious money to leave Bitcoin, well, that's a very good indication that those privacy and fungibility technologies are effective and working correctly, they're going to have to find some other kind of surveillance coin that they can pump and dump for a get-rich-quick scheme. Ripple sounds like a good idea. Maybe they could go to that one and let Bitcoin do the privacy things that it needs to do. To serve the other 6 billion people who are not interested in playing this game of crony surveillance capitalism, thank you very much. Bye-bye.