BS3:1-Your personal data is nuclear waste ☢️

Your online personal data is like nuclear waste. Once it’s created, it is going to be around for a very long time, and for all that time it’s going to be dangerous.

This means you’re always better off not creating this information in the first place.

Unfortunately, most things that we do online require us to surrender personal data. Sometimes it’s just your name and email, or maybe it’s a phone number and a birthdate. Some services require a picture of government issued ID, a selfie, or even biometrics like face scans and fingerprints.

You don’t have any control about how this information is stored, or who it is shared with. Even if you are the kind of person who reads every line of the privacy policy, your information will likely be shared with other entities, and there’s no guarantee what they might do with it.

If you can avoid entering personal information—you should.

The companies we give our personal information to are not very good at keeping it safe. And, clearly, the problem is growing. At first, tens of millions of accounts were getting stolen (Playstation), then it was hundreds of millions (Equifax), and then billions (Facebook), and at this point, I don’t think many of us even flinch when we hear that our data has been stolen from some service we use.

Every company will eventually get hacked.

When you learn about these breaches and leaks (usually months after the fact), the company might offer you a free year of identity-theft monitoring, and claim that they are increasing their security standards or whatever. They’ll probably get hacked again in a year or two. What they never do is admit that they aren’t able to keep your information safe and decide to collect less of it.

Makes you wonder: shouldn’t there be laws preventing companies from collecting such information in the first place?

Toxic KYC

As it turns out, laws and regulations are increasingly requiring companies to collect even more of this information—especially in the world of cryptocurrencies.

Know-your-customer (KYC) laws are enacted to prevent money-laundering and terrorist-funding. Unfortunately, a side-effect of these laws is to create massive troves of sensitive personal information. Every business that offers services covered by KYC laws requests and stores extensive information about your identity.

These large collections of identity information are targets for hackers. When laws are enacted that increase the quantity and quality of identifying information that companies hold, the potential profit hackers may gain increases. The prizes get bigger. Yet businesses do not seem to be better at protecting the data the are required to collect from us.

While the collection of such information may be useful to governments and businesses, it comes at a great cost to customers—you are the one who bears the consequences when your identity is stolen, not the entity it was stolen from.

It’s a PUBLIC ledger

When it comes to bitcoin, preserving your privacy is essential. As we explained in BS2:1-Don’t buy from big exchanges 🏦, the bitcoin blockchain is a public ledger. It is a record of every bitcoin transaction that has ever occurred. Each transaction has unique addresses, inputs, and outputs tied to it. This means transactions in bitcoin are very easy to track.

Luckily, bitcoin was designed so that you never have to tie your identity to the bitcoin you own. The bitcoin protocol does not require your name, email, phone number, or anything else about your identity.

If you are careful, it is possible to use bitcoin in a safe manner that doesn’t reveal your identity.

Unfortunately, many of the companies that offer bitcoin services require the same kinds of personal information that we are used to providing in so many other circumstances. The problem is that this information becomes even more dangerous when it is paired with information on the bitcoin blockchain.

Let’s pretend you bought some bitcoin from Coinbase. When you create an account with them, they require a lot of information about you, including your name and email, and a picture of your government ID. Coinbase has this information about your identity and they have a record of your bitcoin purchases. Even if you withdraw your bitcoin, Coinbase has a record of the address you withdrew to.

If Coinbase gets hacked, or has a vulnerability, it is possible that information about your identity (even your physical address) and how much bitcoin you own could be available publicly. This is a bad outcome.

Data leaks and breaches are not the only risks posed by your personal identifying information. It has economic value, and any business you give it to has an incentive to profit from it.

This means they might choose to sell your information to governments or other businesses, some of whom might be even less careful with how they store it.

Chain analysis

Some people analyze the blockchain and make guesses about who owns which bitcoin. This is called chain analysis. Chain analysis companies sell the information they gather to governments, companies, and whoever will pay. You will not be surprised to learn that many of the large commercial exchanges also run chain analysis businesses. Since they have access to your personal information that is not included on the blockchain and can connect your information with bitcoin addresses you use, they are uniquely suited to perform chain analysis.

Perhaps you remember how the Golden State Killer was identified by DNA samples people related to him had submitted to ancestry websites. The information you provide to exchanges is a lot like this; in conjunction with chain analysis it can be used to strip away the privacy of even those people who have not directly interacted with the exchanges.

You need privacy to use bitcoin.

Luckily there is something you can do about it. BS3:2-How to use coin control 🪙, and BS3:3-How to use CoinJoin and coin mixing 🌀 tell you all about it.